The major changes and known issues for the 1.1.0 branch of the OpenSSL toolkit are summarised below. The contents reflect the current state of the NEWS file inside the git repository.
More details can be found in the ChangeLog.
Major changes between OpenSSL 1.1.0k and OpenSSL 1.1.0l [10 Sep 2019]
- Fixed a padding oracle in PKCS7_dataDecode and CMS_decrypt_set1_pkey (CVE-2019-1563)
- For built-in EC curves, ensure an EC_GROUP built from the curve name is used even when parsing explicit parameters
- Compute ECC cofactors if not provided during EC_GROUP construction (CVE-2019-1547)
- Use Windows installation paths in the mingw builds (CVE-2019-1552)
Major changes between OpenSSL 1.1.0j and OpenSSL 1.1.0k [28 May 2019]
- Prevent over long nonces in ChaCha20-Poly1305 (CVE-2019-1543)
Major changes between OpenSSL 1.1.0i and OpenSSL 1.1.0j [20 Nov 2018]
- Timing vulnerability in DSA signature generation (CVE-2018-0734)
- Timing vulnerability in ECDSA signature generation (CVE-2018-0735)
Major changes between OpenSSL 1.1.0h and OpenSSL 1.1.0i [14 Aug 2018]
- Client DoS due to large DH parameter (CVE-2018-0732)
- Cache timing vulnerability in RSA Key Generation (CVE-2018-0737)
Major changes between OpenSSL 1.1.0g and OpenSSL 1.1.0h [27 Mar 2018]
- Constructed ASN.1 types with a recursive definition could exceed the stack (CVE-2018-0739)
- Incorrect CRYPTO_memcmp on HP-UX PA-RISC (CVE-2018-0733)
- rsaz_1024_mul_avx2 overflow bug on x86_64 (CVE-2017-3738)
Major changes between OpenSSL 1.1.0f and OpenSSL 1.1.0g [2 Nov 2017]
- bn_sqrx8x_internal carry bug on x86_64 (CVE-2017-3736)
- Malformed X.509 IPAddressFamily could cause OOB read (CVE-2017-3735)
Major changes between OpenSSL 1.1.0e and OpenSSL 1.1.0f [25 May 2017]
- config now recognises 64-bit mingw and chooses mingw64 instead of mingw
Major changes between OpenSSL 1.1.0d and OpenSSL 1.1.0e [16 Feb 2017]
- Encrypt-Then-Mac renegotiation crash (CVE-2017-3733)
Major changes between OpenSSL 1.1.0c and OpenSSL 1.1.0d [26 Jan 2017]
- Truncated packet could crash via OOB read (CVE-2017-3731)
- Bad (EC)DHE parameters cause a client crash (CVE-2017-3730)
- BN_mod_exp may produce incorrect results on x86_64 (CVE-2017-3732)
Major changes between OpenSSL 1.1.0b and OpenSSL 1.1.0c [10 Nov 2016]
- ChaCha20/Poly1305 heap-buffer-overflow (CVE-2016-7054)
- CMS Null dereference (CVE-2016-7053)
- Montgomery multiplication may produce incorrect results (CVE-2016-7055)
Major changes between OpenSSL 1.1.0a and OpenSSL 1.1.0b [26 Sep 2016]
- Fix Use After Free for large message sizes (CVE-2016-6309)
Major changes between OpenSSL 1.1.0 and OpenSSL 1.1.0a [22 Sep 2016]
- OCSP Status Request extension unbounded memory growth (CVE-2016-6304)
- SSL_peek() hang on empty record (CVE-2016-6305)
- Excessive allocation of memory in tls_get_message_header() (CVE-2016-6307)
- Excessive allocation of memory in dtls1_preprocess_fragment() (CVE-2016-6308)
Major changes between OpenSSL 1.0.2h and OpenSSL 1.1.0 [25 Aug 2016]
- Copyright text was shrunk to a boilerplate that points to the license
- "shared" builds are now the default when possible
- Added support for "pipelining"
- Added the AFALG engine
- New threading API implemented
- Support for ChaCha20 and Poly1305 added to libcrypto and libssl
- Support for extended master secret
- CCM ciphersuites
- Reworked test suite, now based on perl, Test::Harness and Test::More
- *Most* libcrypto and libssl public structures were made opaque, including: BIGNUM and associated types, EC_KEY and EC_KEY_METHOD, DH and DH_METHOD, DSA and DSA_METHOD, RSA and RSA_METHOD, BIO and BIO_METHOD, EVP_MD_CTX, EVP_MD, EVP_CIPHER_CTX, EVP_CIPHER, EVP_PKEY and associated types, HMAC_CTX, X509, X509_CRL, X509_OBJECT, X509_STORE_CTX, X509_STORE, X509_LOOKUP, X509_LOOKUP_METHOD
- libssl internal structures made opaque
- SSLv2 support removed
- Kerberos ciphersuite support removed
- RC4 removed from DEFAULT ciphersuites in libssl
- 40 and 56 bit cipher support removed from libssl
- All public header files moved to include/openssl, no more symlinking
- SSL/TLS state machine, version negotiation and record layer rewritten
- EC revision: now operations use new EC_KEY_METHOD.
- Support for OCB mode added to libcrypto
- Support for asynchronous crypto operations added to libcrypto and libssl
- Deprecated interfaces can now be disabled at build time either relative to the latest release via the "no-deprecated" Configure argument, or via the "--api=1.1.0|1.0.0|0.9.8" option.
- Application software can be compiled with -DOPENSSL_API_COMPAT=version to ensure that features deprecated in that version are not exposed.
- Support for RFC6698/RFC7671 DANE TLSA peer authentication
- Change of Configure to use --prefix as the main installation directory location rather than --openssldir. The latter becomes the directory for certs, private key and openssl.cnf exclusively.
- Reworked BIO networking library, with full support for IPv6.
- New "unified" build system
- New security levels
- Support for scrypt algorithm
- Support for X25519
- Extended SSL_CONF support using configuration files
- KDF algorithm support. Implement TLS PRF as a KDF.
- Support for Certificate Transparency
- HKDF support.