OpenSSL Releases
----------------
+ - [OpenSSL 3.1](#openssl-31)
- [OpenSSL 3.0](#openssl-30)
- [OpenSSL 1.1.1](#openssl-111)
- [OpenSSL 1.1.0](#openssl-110)
- [OpenSSL 1.0.0](#openssl-100)
- [OpenSSL 0.9.x](#openssl-09x)
+OpenSSL 3.1
+-----------
+
+### Major changes between OpenSSL 3.1.5 and OpenSSL 3.1.6 [under development]
+
+ * none
+
+### Major changes between OpenSSL 3.1.4 and OpenSSL 3.1.5 [30 Jan 2024]
+
+ * Fixed PKCS12 Decoding crashes
+ ([CVE-2024-0727])
+ * Fixed Excessive time spent checking invalid RSA public keys
+ ([CVE-2023-6237])
+ * Fixed POLY1305 MAC implementation corrupting vector registers on PowerPC
+ CPUs which support PowerISA 2.07
+ ([CVE-2023-6129])
+ * Fix excessive time spent in DH check / generation with large Q parameter
+ value ([CVE-2023-5678])
+
+### Major changes between OpenSSL 3.1.3 and OpenSSL 3.1.4 [24 Oct 2023]
+
+ * Mitigate incorrect resize handling for symmetric cipher keys and IVs.
+ ([CVE-2023-5363])
+
+### Major changes between OpenSSL 3.1.2 and OpenSSL 3.1.3 [19 Sep 2023]
+
+ * Fix POLY1305 MAC implementation corrupting XMM registers on Windows
+ ([CVE-2023-4807])
+
+### Major changes between OpenSSL 3.1.1 and OpenSSL 3.1.2 [1 Aug 2023]
+
+ * Fix excessive time spent checking DH q parameter value ([CVE-2023-3817])
+ * Fix DH_check() excessive time with over sized modulus ([CVE-2023-3446])
+ * Do not ignore empty associated data entries with AES-SIV ([CVE-2023-2975])
+ * When building with the `enable-fips` option and using the resulting
+ FIPS provider, TLS 1.2 will, by default, mandate the use of an
+ extended master secret and the Hash and HMAC DRBGs will not operate
+ with truncated digests.
+
+### Major changes between OpenSSL 3.1.0 and OpenSSL 3.1.1 [30 May 2023]
+
+ * Mitigate for very slow `OBJ_obj2txt()` performance with gigantic OBJECT
+ IDENTIFIER sub-identities. ([CVE-2023-2650])
+ * Fixed buffer overread in AES-XTS decryption on ARM 64 bit platforms
+ ([CVE-2023-1255])
+ * Fixed documentation of X509_VERIFY_PARAM_add0_policy() ([CVE-2023-0466])
+ * Fixed handling of invalid certificate policies in leaf certificates
+ ([CVE-2023-0465])
+ * Limited the number of nodes created in a policy tree ([CVE-2023-0464])
+
+### Major changes between OpenSSL 3.0 and OpenSSL 3.1.0 [14 Mar 2023]
+
+ * SSL 3, TLS 1.0, TLS 1.1, and DTLS 1.0 only work at security level 0.
+ * Performance enhancements and new platform support including new
+ assembler code algorithm implementations.
+ * Deprecated LHASH statistics functions.
+ * FIPS 140-3 compliance changes.
+
OpenSSL 3.0
-----------
-### Major changes between OpenSSL 1.1.1 and OpenSSL 3.0 [under development]
+### Major changes between OpenSSL 3.0.7 and OpenSSL 3.0.8 [7 Feb 2023]
+
+ * Fixed NULL dereference during PKCS7 data verification ([CVE-2023-0401])
+ * Fixed X.400 address type confusion in X.509 GeneralName ([CVE-2023-0286])
+ * Fixed NULL dereference validating DSA public key ([CVE-2023-0217])
+ * Fixed Invalid pointer dereference in d2i_PKCS7 functions ([CVE-2023-0216])
+ * Fixed Use-after-free following BIO_new_NDEF ([CVE-2023-0215])
+ * Fixed Double free after calling PEM_read_bio_ex ([CVE-2022-4450])
+ * Fixed Timing Oracle in RSA Decryption ([CVE-2022-4304])
+ * Fixed X.509 Name Constraints Read Buffer Overflow ([CVE-2022-4203])
+ * Fixed X.509 Policy Constraints Double Locking ([CVE-2022-3996])
+
+### Major changes between OpenSSL 3.0.6 and OpenSSL 3.0.7 [1 Nov 2022]
+
+ * Added RIPEMD160 to the default provider.
+ * Fixed regressions introduced in 3.0.6 version.
+ * Fixed two buffer overflows in punycode decoding functions.
+ ([CVE-2022-3786]) and ([CVE-2022-3602])
+
+### Major changes between OpenSSL 3.0.5 and OpenSSL 3.0.6 [11 Oct 2022]
+
+ * Fix for custom ciphers to prevent accidental use of NULL encryption
+ ([CVE-2022-3358])
+
+### Major changes between OpenSSL 3.0.4 and OpenSSL 3.0.5 [5 Jul 2022]
+
+ * Fixed heap memory corruption with RSA private key operation
+ ([CVE-2022-2274])
+ * Fixed AES OCB failure to encrypt some bytes on 32-bit x86 platforms
+ ([CVE-2022-2097])
+
+### Major changes between OpenSSL 3.0.3 and OpenSSL 3.0.4 [21 Jun 2022]
+
+ * Fixed additional bugs in the c_rehash script which was not properly
+ sanitising shell metacharacters to prevent command injection
+ ([CVE-2022-2068])
+
+### Major changes between OpenSSL 3.0.2 and OpenSSL 3.0.3 [3 May 2022]
+
+ * Fixed a bug in the c_rehash script which was not properly sanitising shell
+ metacharacters to prevent command injection ([CVE-2022-1292])
+ * Fixed a bug in the function `OCSP_basic_verify` that verifies the signer
+ certificate on an OCSP response ([CVE-2022-1343])
+ * Fixed a bug where the RC4-MD5 ciphersuite incorrectly used the
+ AAD data as the MAC key ([CVE-2022-1434])
+ * Fix a bug in the OPENSSL_LH_flush() function that breaks reuse of the memory
+ occuppied by the removed hash table entries ([CVE-2022-1473])
+
+### Major changes between OpenSSL 3.0.1 and OpenSSL 3.0.2 [15 Mar 2022]
+
+ * Fixed a bug in the BN_mod_sqrt() function that can cause it to loop forever
+ for non-prime moduli ([CVE-2022-0778])
+
+### Major changes between OpenSSL 3.0.0 and OpenSSL 3.0.1 [14 Dec 2021]
+
+ * Fixed invalid handling of X509_verify_cert() internal errors in libssl
+ ([CVE-2021-4044])
+ * Allow fetching an operation from the provider that owns an unexportable key
+ as a fallback if that is still allowed by the property query.
+
+### Major changes between OpenSSL 1.1.1 and OpenSSL 3.0.0 [7 sep 2021]
* Enhanced 'openssl list' with many new options.
- * Added migration guide to man7
- * Implemented support for fully "pluggable" TLSv1.3 groups
- * Added suport for Kernel TLS (KTLS)
+ * Added migration guide to man7.
+ * Implemented support for fully "pluggable" TLSv1.3 groups.
+ * Added support for Kernel TLS (KTLS).
* Changed the license to the Apache License v2.0.
* Moved all variations of the EVP ciphers CAST5, BF, IDEA, SEED, RC2,
RC4, RC5, and DES to the legacy provider.
* Remove the `RAND_DRBG` API.
* Deprecated the `ENGINE` API.
* Added `OSSL_LIB_CTX`, a libcrypto library context.
+ * Added various `_ex` functions to the OpenSSL API that support using
+ a non-default `OSSL_LIB_CTX`.
* Interactive mode is removed from the 'openssl' program.
* The X25519, X448, Ed25519, Ed448, SHAKE128 and SHAKE256 algorithms are
included in the FIPS provider.
* Deprecated ERR_put_error(), ERR_get_error_line(), ERR_get_error_line_data(),
ERR_peek_error_line_data(), ERR_peek_last_error_line_data() and
ERR_func_error_string().
- * Added OSSL_PROVIDER_available(), to check provider availibility.
+ * Added OSSL_PROVIDER_available(), to check provider availability.
* Added 'openssl mac' that uses the EVP_MAC API.
* Added 'openssl kdf' that uses the EVP_KDF API.
* Add OPENSSL_info() and 'openssl info' to get built-in data.
RC4, RC5 and SEED cipher functions have been deprecated.
* All of the low-level DH, DSA, ECDH, ECDSA and RSA public key functions
have been deprecated.
- * SSL 3, TLS 1.0, TLS 1.1, and DTLS 1.0 only work at security level 0.
+ * SSL 3, TLS 1.0, TLS 1.1, and DTLS 1.0 only work at security level 0,
+ except when RSA key exchange without SHA1 is used.
+ * Added providers, a new pluggability concept that will replace the
+ ENGINE API and ENGINE implementations.
OpenSSL 1.1.1
-------------
<!-- Links -->
+[CVE-2024-0727]: https://www.openssl.org/news/vulnerabilities.html#CVE-2024-0727
+[CVE-2023-6237]: https://www.openssl.org/news/vulnerabilities.html#CVE-2023-6237
+[CVE-2023-6129]: https://www.openssl.org/news/vulnerabilities.html#CVE-2023-6129
+[CVE-2023-5678]: https://www.openssl.org/news/vulnerabilities.html#CVE-2023-5678
+[CVE-2023-5363]: https://www.openssl.org/news/vulnerabilities.html#CVE-2023-5363
+[CVE-2023-4807]: https://www.openssl.org/news/vulnerabilities.html#CVE-2023-4807
+[CVE-2023-3817]: https://www.openssl.org/news/vulnerabilities.html#CVE-2023-3817
+[CVE-2023-3446]: https://www.openssl.org/news/vulnerabilities.html#CVE-2023-3446
+[CVE-2023-2975]: https://www.openssl.org/news/vulnerabilities.html#CVE-2023-2975
+[CVE-2023-2650]: https://www.openssl.org/news/vulnerabilities.html#CVE-2023-2650
+[CVE-2023-1255]: https://www.openssl.org/news/vulnerabilities.html#CVE-2023-1255
+[CVE-2023-0466]: https://www.openssl.org/news/vulnerabilities.html#CVE-2023-0466
+[CVE-2023-0465]: https://www.openssl.org/news/vulnerabilities.html#CVE-2023-0465
+[CVE-2023-0464]: https://www.openssl.org/news/vulnerabilities.html#CVE-2023-0464
+[CVE-2023-0401]: https://www.openssl.org/news/vulnerabilities.html#CVE-2023-0401
+[CVE-2023-0286]: https://www.openssl.org/news/vulnerabilities.html#CVE-2023-0286
+[CVE-2023-0217]: https://www.openssl.org/news/vulnerabilities.html#CVE-2023-0217
+[CVE-2023-0216]: https://www.openssl.org/news/vulnerabilities.html#CVE-2023-0216
+[CVE-2023-0215]: https://www.openssl.org/news/vulnerabilities.html#CVE-2023-0215
+[CVE-2022-4450]: https://www.openssl.org/news/vulnerabilities.html#CVE-2022-4450
+[CVE-2022-4304]: https://www.openssl.org/news/vulnerabilities.html#CVE-2022-4304
+[CVE-2022-4203]: https://www.openssl.org/news/vulnerabilities.html#CVE-2022-4203
+[CVE-2022-3996]: https://www.openssl.org/news/vulnerabilities.html#CVE-2022-3996
+[CVE-2022-2274]: https://www.openssl.org/news/vulnerabilities.html#CVE-2022-2274
+[CVE-2022-2097]: https://www.openssl.org/news/vulnerabilities.html#CVE-2022-2097
[CVE-2020-1971]: https://www.openssl.org/news/vulnerabilities.html#CVE-2020-1971
[CVE-2020-1967]: https://www.openssl.org/news/vulnerabilities.html#CVE-2020-1967
[CVE-2019-1563]: https://www.openssl.org/news/vulnerabilities.html#CVE-2019-1563