This file gives a brief overview of the major changes between each OpenSSL
release. For more details please read the CHANGES file.
- Major changes between OpenSSL 1.1.0 and OpenSSL 1.1.1 [under development]
+ Major changes between OpenSSL 1.1.0f and OpenSSL 1.1.1 [under development]
- o
+ o
+ o Add a STORE module (OSSL_STORE)
+ o Claim the namespaces OSSL and OPENSSL, represented as symbol prefixes
+
+ Major changes between OpenSSL 1.1.0g and OpenSSL 1.1.0h [under development]
+
+ o rsaz_1024_mul_avx2 overflow bug on x86_64 (CVE-2017-3738)
+
+ Major changes between OpenSSL 1.1.0f and OpenSSL 1.1.0g [2 Nov 2017]
+
+ o bn_sqrx8x_internal carry bug on x86_64 (CVE-2017-3736)
+ o Malformed X.509 IPAddressFamily could cause OOB read (CVE-2017-3735)
+
+ Major changes between OpenSSL 1.1.0e and OpenSSL 1.1.0f [25 May 2017]
+
+ o config now recognises 64-bit mingw and chooses mingw64 instead of mingw
+
+ Major changes between OpenSSL 1.1.0d and OpenSSL 1.1.0e [16 Feb 2017]
+
+ o Encrypt-Then-Mac renegotiation crash (CVE-2017-3733)
+
+ Major changes between OpenSSL 1.1.0c and OpenSSL 1.1.0d [26 Jan 2017]
+
+ o Truncated packet could crash via OOB read (CVE-2017-3731)
+ o Bad (EC)DHE parameters cause a client crash (CVE-2017-3730)
+ o BN_mod_exp may produce incorrect results on x86_64 (CVE-2017-3732)
+
+ Major changes between OpenSSL 1.1.0b and OpenSSL 1.1.0c [10 Nov 2016]
+
+ o ChaCha20/Poly1305 heap-buffer-overflow (CVE-2016-7054)
+ o CMS Null dereference (CVE-2016-7053)
+ o Montgomery multiplication may produce incorrect results (CVE-2016-7055)
+
+ Major changes between OpenSSL 1.1.0a and OpenSSL 1.1.0b [26 Sep 2016]
+
+ o Fix Use After Free for large message sizes (CVE-2016-6309)
+
+ Major changes between OpenSSL 1.1.0 and OpenSSL 1.1.0a [22 Sep 2016]
+
+ o OCSP Status Request extension unbounded memory growth (CVE-2016-6304)
+ o SSL_peek() hang on empty record (CVE-2016-6305)
+ o Excessive allocation of memory in tls_get_message_header()
+ (CVE-2016-6307)
+ o Excessive allocation of memory in dtls1_preprocess_fragment()
+ (CVE-2016-6308)
Major changes between OpenSSL 1.0.2h and OpenSSL 1.1.0 [25 Aug 2016]
affected functions.
o Improved platform support for PowerPC.
o New FIPS 180-2 algorithms (SHA-224, -256, -384 and -512).
- o New X509_VERIFY_PARAM structure to support parametrisation
+ o New X509_VERIFY_PARAM structure to support parameterisation
of X.509 path validation.
o Major overhaul of RC4 performance on Intel P4, IA-64 and
AMD64.
o Automation of 'req' application
o Fixes to make s_client, s_server work under Windows
o Support for multiple fieldnames in SPKACs
- o New SPKAC command line utilty and associated library functions
+ o New SPKAC command line utility and associated library functions
o Options to allow passwords to be obtained from various sources
o New public key PEM format and options to handle it
o Many other fixes and enhancements to command line utilities
o Added BIO proxy and filtering functionality
o Extended Big Number (BN) library
o Added RIPE MD160 message digest
- o Addeed support for RC2/64bit cipher
+ o Added support for RC2/64bit cipher
o Extended ASN.1 parser routines
- o Adjustations of the source tree for CVS
+ o Adjustments of the source tree for CVS
o Support for various new platforms
projects / openssl.git / blobdiff