Open-Source Wikis

/

OpenSSL

/

Lore

openssl/openssl

Lore

A timeline of how the OpenSSL codebase got to where it is. Dates derived from git history and release tags. Speculative attributions use natural hedging.

Eras

The SSLeay import (Dec 1998)

The repository's first commit, ec96f926b9 from 1998-12-21, is "Import of old SSLeay release: SSLeay 0.8.1b". OpenSSL's lineage runs through SSLeay, written by Eric A. Young and Tim J. Hudson in 1995–1998 (the README still notes "OpenSSL is descended from the SSLeay library developed by Eric A. Young and Tim J. Hudson"). For the next decade most of the codebase carried SSLeay function names with SSLeay_ prefixes; many _meth.c files still bear that ancestry.

The 1.0 era (2000–2010)

Six 1.0.x release branches landed across this decade. By 2010 OpenSSL was the de-facto crypto library on Unix. Andy Polyakov contributed the bulk of the assembly cores for AES, SHA, ChaCha20, and modular arithmetic across x86, x86_64, ARM, PowerPC, MIPS, SPARC, and IA64 — the crypto/*/asm/ and crypto/*cpuid.pl files all date to this period. The codebase grew to ~600k LOC.

Heartbleed and the 1.0.2/1.1.0 cleanup (Apr 2014 – Aug 2016)

April 2014's Heartbleed disclosure precipitated a cleanup that eventually shipped as 1.1.0 (Aug 2016). The 2016 commit count (3,924 — the highest ever) reflects this push: opaque structures, an OPENSSL_init_* API, removal of dozens of long-deprecated cipher modes, formal coding style, and the make update / libcrypto.num ABI ordinal scheme that is still in use. Matt Caswell, Richard Levitte, and Dr. Stephen Henson did the bulk of the work.

The 3.0 rewrite: providers (Mar 2019 – Sep 2021)

The most consequential architectural change in OpenSSL's history. The first FIPS provider commit is 9efa0ae0b6 ("Create a FIPS provider and put SHA256 in it") from 2019-04-04, and the default provider skeleton (8a73348be0) lands two weeks earlier. Over the next 30 months almost every algorithm in crypto/ was carved out of libcrypto and reimplemented inside providers/implementations/. The old EVP_PKEY_METHOD machinery, the EVP_PKEY_ASN1_METHOD machinery, and the ENGINE plug-in mechanism were all simultaneously deprecated in favor of OSSL_PROVIDER, OSSL_DISPATCH, and OSSL_PARAM. Highlights from this era:

  • Mar 2019: provider scaffolding, namemap, dispatch tables, fetch.
  • 2020: keymgmt/signature/keyexch/asymcipher provider operations; EVP_PKEY becomes a thin wrapper around provider keys.
  • 2020–2021: the FIPS provider becomes a separately-built shared module with its own integrity check and self-tests.
  • Sep 2021: OpenSSL 3.0.0 ships. OSSL_LIB_CTX ("library contexts") is now public API and most non-_ex calls have an _ex variant that takes one.

The 2020 (2,668), 2021 (2,901) commit counts reflect this — both well above the long-run mean.

For the technical "why" see background/migration-3x.

QUIC (Jun 2022 – May 2025)

The first QUIC commit is 99e1cc7bca ("Add empty implementations of quic method functions") from 2022-06-03. The QUIC client shipped in OpenSSL 3.2 (Nov 2023). Server-side QUIC followed in 3.5 (Apr 2025). The implementation is large — ssl/quic/ is ~1.2 MB of C — and uses its own internal "RIO" event-driven I/O model in ssl/rio/. Hugo Landau is the main author of the QUIC core. See features/quic and doc/designs/quic-design/.

Post-quantum (2024–2026)

ML-KEM (FIPS 203), ML-DSA (FIPS 204), and SLH-DSA (FIPS 205) all landed during the 4.x development cycle. The earliest ML-KEM commit (d2136d9e73) is from 2025-02-14; the crypto/ml_kem/, crypto/ml_dsa/, and crypto/slh_dsa/ subtrees are each a few thousand lines. ML-KEM has its own perlasm acceleration on x86_64 (AVX-512), AArch64, and PowerPC.

ECH and 4.x stabilization (Feb 2026 – present)

The Encrypted Client Hello implementation (ssl/ech/) is the latest large new feature; the earliest ECH commit is from 2026-02-20. Recent activity (the 281 last-90-days commits to doc/man3/, the 227 to crypto/x509/) is dominated by polishing — error code consolidation, doc-nits, CMP API additions, FIPS indicator work, and clang-format adoption (you can see the *-PRE-CLANG-FORMAT-WEBKIT and *-POST-CLANG-FORMAT-WEBKIT tags marking the global reformat pass for each of 3.0, 3.3, 3.4, 3.5, 3.6, and 4.0).

Longest-standing features

  • The BIO abstraction (crypto/bio/) has been load-bearing since the SSLeay days and is still in active use as the way libssl connects to its transport. The BIO_* types listed in include/openssl/bio.h.in have changed only in additive ways for a quarter century.
  • Asn.1 templates (the *.h.in IMPLEMENT_*ASN1_* macros) date to SSLeay; the original parser/serializer in crypto/asn1/ is still the primary path for X.509 and PKCS encoding/decoding.
  • The EVP_* API surface in include/openssl/evp.h has been the recommended way to do crypto since 1.0.0 and has weathered both the 1.1 opacity cleanup and the 3.0 provider rewrite without a major rename.
  • The openssl command-line tool has had a stable sub-command list for over two decades. Even openssl ca (apps/ca.c, 85 KB) is essentially the same workflow it was in the 1990s, just with newer crypto plumbing.

Deprecated features

  • ENGINE (crypto/engine/, include/openssl/engine.h). The pre-3.0 plug-in mechanism for hardware accelerators and HSMs. Still present and functional but officially deprecated in 3.0; new integrators should use providers. The header is still ~50 KB because the API surface was vast.
  • EVP_PKEY_ASN1_METHOD and EVP_PKEY_METHOD. The pre-3.0 way of attaching ASN.1 codecs and operations to an asymmetric algorithm. Replaced by EVP_KEYMGMT, EVP_SIGNATURE, EVP_KEYEXCH, EVP_ASYM_CIPHER, EVP_KEM, plus the encoder/decoder framework. The legacy headers remain for source compatibility.
  • DSA, low-level RSA / DH / EC functions. RSA *, DSA *, DH *, EC_KEY * direct-access APIs are deprecated; the recommended path is EVP_PKEY + OSSL_PARAM. include/openssl/dsa.h, dh.h, rsa.h still expose them under OPENSSL_NO_DEPRECATED_3_0.
  • MD2, MD4, MDC2, RMD160, CAST5, Blowfish, IDEA, SEED, RC2, RC4, RC5, DES (single). Moved to the legacy provider in 3.0. Available only when legacy is explicitly loaded.
  • SSLv2, SSLv3, TLSv1.0, TLSv1.1. SSLv2/3 removed years ago. TLSv1.0/1.1 still compile but are off by default starting with 3.0 unless the application opts in.
  • Compatibility shims. include/openssl/cryptoerr_legacy.h, sslerr_legacy.h, ssl/ssl_rsa_legacy.c, ssl/ssl_err_legacy.c, ssl/tls_depr.c, crypto/evp/legacy_*.c — these files exist purely to keep old ERR_* codes and old function names linkable.

Major rewrites

Rewrite When Result
Opaque structures (1.1.0) 2014–2016 All SSL, SSL_CTX, EVP_CIPHER_CTX, etc. became opaque. Accessor functions added.
Provider model (3.0) 2019–2021 Algorithms left libcrypto; providers became the only sanctioned path. Two competing systems coexisted during this transition.
Library contexts (3.0) 2020–2021 Almost every API gained an _ex variant taking OSSL_LIB_CTX *.
Pluggable record layer (3.2) 2023 ssl/record/methods/ enables alternative record implementations (e.g. the QUIC record layer).
QUIC client (3.2) and server (3.5) 2022–2025 First protocol added since DTLS.
clang-format adoption 2024–2025 Whole tree reformatted to WebKit style; .clang-format and .pre-commit-config.yaml enforce it. The *-PRE-CLANG-FORMAT-WEBKIT / *-POST-CLANG-FORMAT-WEBKIT tags mark the cutover for each release branch.

Growth trajectory

xychart-beta
    title "Cumulative commits"
    x-axis [2000, 2005, 2010, 2015, 2020, 2025]
    y-axis "Commits (thousands)" 0 --> 40
    line [4, 11, 16, 21, 31, 38]

OpenSSL's contributor base widened sharply after Heartbleed: pre-2014 the bulk of commits came from a small group (Levitte, Henson, Polyakov, Caswell, Möller); post-2014 the git log shows a steady stream of new contributors per year, with sustained 2,000+ commits/year reaching far beyond the original committer set. The all-time top-15 list still leans toward the founders (Levitte, Henson, Caswell, Polyakov, Möller, Salz) but the recent-year top-15 (Pauli, Syromiatnikov, Horman, Beck, von Oheimb, Caswell, Mraz, Pocs, Broz, Rogers, Dukhovni, Sorce, Lontis, Nedvedicky, Levitte) is a much broader set.

Release lineage on master

The newest tags visible from master (sorted by tag date):

openssl-4.0.0
openssl-4.0.0-beta1
openssl-4.0.0-alpha1
openssl-3.0.20  3.3.7  3.4.5  3.5.6  3.6.2
openssl-3.0.19  3.3.6  3.4.4  3.5.5  3.6.1

Five LTS / non-LTS branches are simultaneously maintained (3.0, 3.3, 3.4, 3.5, 3.6) plus 4.0. master is currently 4.1-dev (VERSION.dat).

Built by Factory AutoWiki from public repository content. It is a generated preview for codebase exploration, not source-maintained documentation.

Lore – OpenSSL wiki | Factory