Skip to content

v4.0.0

Latest
Compare
Choose a tag to compare
@github-actions github-actions released this 15 Oct 05:39
· 93 commits to master since this release

Portable changes

  • Added initial Emscripten support in CMake builds.
  • Removed timegm() compatibility layer since all uses were replaced
    with OPENSSL_timegm(). Cleaned up the corresponding test harness.
  • The mips32 platform is no longer actively supported.
  • Fixed Windows support for dates beyond 2038.

Internal improvements

  • Cleaned up parts of the conf directory. Simplified some logic,
    fixed memory leaks.
  • Simplified X509_check_trust() internals to be somewhat readable.
  • Removed last internal uses of gmtime() and timegm() and replaced
    them with BoringSSL's posix time conversion API.
  • Removed unnecessary stat calls in by_dir.
  • Split parsing and processing of TLS extensions to ensure that
    extension callbacks are called in a predefined order.
  • Cleaned up the MD4 and MD5 implementations.
  • Assembly functions are no longer exposed in the public API, they
    are all wrapped by C functions.
  • Removed assembly implementations of legacy ciphers on legacy
    architectures.
  • Merged most multi-file implementations of ciphers into one or two
    C files.
  • Removed the cache of certificate validity. This was added for
    performance reasons which no longer apply since BoringSSL's time
    conversion API isn't slow. Also, a recently added error check led
    to obscure, undesirable validation failures.
  • Stopped calling OPENSSL_cpuid_setup() from the .init section on
    amd64 and i386.
  • Rewrote various BN conversion functions.
  • Improved certification request internals.
  • Removed unused DSA methods.
  • Improved X.509v3 extension internals. Fixed various bugs and leaks
    in X509V3_add1_i2d() and X509V3_get_d2i(). Their implementations
    now vaguely resemble code.
  • Rewrote BN_bn2mpi() using CBB.
  • Made most error string tables const.
  • Removed handling for SSLv2 client hello messages.
  • Improvements in the openssl(1) speed app's signal handler.
  • Cleaned up various X509v3_* extension API.
  • Unified the X.509v3 extension methods.
  • Cleaned up cipher handling in SSL_SESSION.
  • Removed get_cipher from SSL_METHOD.
  • Rewrote CRYPTO_EX_DATA from scratch. The only intentional change of
    behavior is that there is now a hard limit on the number of indexes
    that can be allocated.
  • Removed bogus connect() call from netcat.
  • Uses of atoi() and strtol() in libcrypto were replaced with
    strtonum().
  • Introduced crypto_arch.h which will contain the architecture
    dependent code and defines rather than the public opensslconf.h.
  • OPENSSL_cpu_caps() is now architecture independent.
  • Reorganized the DES implementation to use fewer files and removed
    optimizations for ancient processors and compilers.

New features

  • Added CRLfile option to the cms command of openssl(1) to specify
    additional CRLs for use during verification.

Documentation improvements

  • Removed documentation of no longer existing API.
  • Unified the description of the obsolete ENGINE parameter that
    needs to remain in many functions and should always be NULL.

Testing and proactive security

  • Switched the remaining tests to new certs.

Compatibility changes

  • Protocol parsing in libtls was changed. The unsupported TLSv1.1
    and TLSv1.0 protocols are ignored and no longer enable or disable
    TLSv1.2 in surprising ways.
  • The dangerous EVP_PKEY*_check(3) family of functions was removed.
    The openssl(1) pkey and pkeyparam commands no longer support the
    -check and -pubcheck flags.
  • The one-step hashing functions, MD4(), MD5(), RIPEMD160(), SHA1(),
    all SHA-2, and HMAC() no longer support returning a static buffer.
    Callers must pass in a correctly sized buffer.
  • Support for Whirlpool was removed. Applications still using this
    should honor OPENSSL_NO_WHIRLPOOL.
  • Removed workaround for F5 middle boxes.
  • Removed the useless pem2.h, a public header that was added since
    it was too hard to add a single prototype to one file.
  • Removed conf_api.h and the public API therein.
  • Removed ssl2.h, ssl23.h and ui_compat.h.
  • Numerous conf and attribute functions were removed. Some unused
    types were removed, others were made opaque.
  • Removed the deprecated HMAC_Init() function.
  • Removed OPENSSL_load_builtin_modules().
  • Removed X509_REQ_{get,set}_extension_nids().
  • X509_check_trust() and was removed, X509_VAL was made opaque.
  • Only specified versions can be set on certs, CRLs and CSRs.
  • Removed unused PEM_USER and PEM_CTX types from pem.h.
  • Removed typdefs for COMP_CTX, COMP_METHOD, X509_CRL_METHOD, STORE,
    STORE_METHOD, and SSL_AEAD_CTX.
  • i2d_ASN1_OBJECT() now returns -1 on error like most other i2d_*.
  • SPKAC support was removed from openssl(1).
  • Added TLS1-PRF support to the EVP interface.
  • Support for attributes in EVP_PKEYs was removed.
  • The X509at_* API is no longer public.
  • SSL_CTX_set1_cert_store() and SSL_CIPHER_get_handshake_digest()
    were added to libssl.
  • The completely broken UI_UTIL password API was removed.
  • The OpenSSL pkcs12 command and PKCS12_create() no longer support
    setting the Microsoft-specific Local Key Set and Cryptographic
    Service Provider attributes.

Bug fixes

  • Made ASN1_TIME_set_string() and ASN1_TIME_set_string_X509() match
    their documentation. They always set an RFC 5280 conformant time.
  • Improved standards compliance for supported groups and key shares
    extensions:
    • Duplicate key shares are disallowed.
    • Duplicate supported groups are disallowed.
    • Key shares must be sent in the order of supported groups.
    • Key shares will only be selected if they match the most
      preferred supported group by client preference order.
  • Fixed signed integer overflow in bnrand().
  • Prevent negative zero from being created via BN_clear_bit() and
    BN_mask_bits(). Avoids a one byte overread in BN_bn2mpi().
  • Add guard to avoid contracting the number linear hash buckets
    to zero, which could lead to a crash due to accessing a zero
    sized allocation.
  • Fixed i2d_ASN1_OBJECT() with an output buffer pointing to NULL.
  • Implemented RSA key exchange in constant time. This is done by
    decrypting with RSA_NO_PADDING and checking the padding in libssl
    in constant time. This is possible because the pre-master secret
    is of known length based on the size of the RSA key.
  • Rewrote SSL_select_next_proto() using CBS, also fixing a buffer
    overread that wasn't reachable when used as intended from an
    ALPN callback.
  • Avoid pushing a spurious error onto the error stack in
    ssl_sigalg_select().
  • Made fatal alerts fatal in QUIC.

Full changelog: https://github.com/libressl/portable/blob/master/ChangeLog