openssl/openssl
Lore
A timeline of how the OpenSSL codebase got to where it is. Dates derived from git history and release tags. Speculative attributions use natural hedging.
Eras
The SSLeay import (Dec 1998)
The repository's first commit, ec96f926b9 from 1998-12-21, is "Import of old SSLeay release: SSLeay 0.8.1b". OpenSSL's lineage runs through SSLeay, written by Eric A. Young and Tim J. Hudson in 1995–1998 (the README still notes "OpenSSL is descended from the SSLeay library developed by Eric A. Young and Tim J. Hudson"). For the next decade most of the codebase carried SSLeay function names with SSLeay_ prefixes; many _meth.c files still bear that ancestry.
The 1.0 era (2000–2010)
Six 1.0.x release branches landed across this decade. By 2010 OpenSSL was the de-facto crypto library on Unix. Andy Polyakov contributed the bulk of the assembly cores for AES, SHA, ChaCha20, and modular arithmetic across x86, x86_64, ARM, PowerPC, MIPS, SPARC, and IA64 — the crypto/*/asm/ and crypto/*cpuid.pl files all date to this period. The codebase grew to ~600k LOC.
Heartbleed and the 1.0.2/1.1.0 cleanup (Apr 2014 – Aug 2016)
April 2014's Heartbleed disclosure precipitated a cleanup that eventually shipped as 1.1.0 (Aug 2016). The 2016 commit count (3,924 — the highest ever) reflects this push: opaque structures, an OPENSSL_init_* API, removal of dozens of long-deprecated cipher modes, formal coding style, and the make update / libcrypto.num ABI ordinal scheme that is still in use. Matt Caswell, Richard Levitte, and Dr. Stephen Henson did the bulk of the work.
The 3.0 rewrite: providers (Mar 2019 – Sep 2021)
The most consequential architectural change in OpenSSL's history. The first FIPS provider commit is 9efa0ae0b6 ("Create a FIPS provider and put SHA256 in it") from 2019-04-04, and the default provider skeleton (8a73348be0) lands two weeks earlier. Over the next 30 months almost every algorithm in crypto/ was carved out of libcrypto and reimplemented inside providers/implementations/. The old EVP_PKEY_METHOD machinery, the EVP_PKEY_ASN1_METHOD machinery, and the ENGINE plug-in mechanism were all simultaneously deprecated in favor of OSSL_PROVIDER, OSSL_DISPATCH, and OSSL_PARAM. Highlights from this era:
- Mar 2019: provider scaffolding, namemap, dispatch tables, fetch.
- 2020: keymgmt/signature/keyexch/asymcipher provider operations;
EVP_PKEYbecomes a thin wrapper around provider keys. - 2020–2021: the FIPS provider becomes a separately-built shared module with its own integrity check and self-tests.
- Sep 2021: OpenSSL 3.0.0 ships.
OSSL_LIB_CTX("library contexts") is now public API and most non-_excalls have an_exvariant that takes one.
The 2020 (2,668), 2021 (2,901) commit counts reflect this — both well above the long-run mean.
For the technical "why" see background/migration-3x.
QUIC (Jun 2022 – May 2025)
The first QUIC commit is 99e1cc7bca ("Add empty implementations of quic method functions") from 2022-06-03. The QUIC client shipped in OpenSSL 3.2 (Nov 2023). Server-side QUIC followed in 3.5 (Apr 2025). The implementation is large — ssl/quic/ is ~1.2 MB of C — and uses its own internal "RIO" event-driven I/O model in ssl/rio/. Hugo Landau is the main author of the QUIC core. See features/quic and doc/designs/quic-design/.
Post-quantum (2024–2026)
ML-KEM (FIPS 203), ML-DSA (FIPS 204), and SLH-DSA (FIPS 205) all landed during the 4.x development cycle. The earliest ML-KEM commit (d2136d9e73) is from 2025-02-14; the crypto/ml_kem/, crypto/ml_dsa/, and crypto/slh_dsa/ subtrees are each a few thousand lines. ML-KEM has its own perlasm acceleration on x86_64 (AVX-512), AArch64, and PowerPC.
ECH and 4.x stabilization (Feb 2026 – present)
The Encrypted Client Hello implementation (ssl/ech/) is the latest large new feature; the earliest ECH commit is from 2026-02-20. Recent activity (the 281 last-90-days commits to doc/man3/, the 227 to crypto/x509/) is dominated by polishing — error code consolidation, doc-nits, CMP API additions, FIPS indicator work, and clang-format adoption (you can see the *-PRE-CLANG-FORMAT-WEBKIT and *-POST-CLANG-FORMAT-WEBKIT tags marking the global reformat pass for each of 3.0, 3.3, 3.4, 3.5, 3.6, and 4.0).
Longest-standing features
- The
BIOabstraction (crypto/bio/) has been load-bearing since the SSLeay days and is still in active use as the waylibsslconnects to its transport. TheBIO_*types listed ininclude/openssl/bio.h.inhave changed only in additive ways for a quarter century. - Asn.1 templates (the
*.h.inIMPLEMENT_*ASN1_*macros) date to SSLeay; the original parser/serializer incrypto/asn1/is still the primary path for X.509 and PKCS encoding/decoding. - The
EVP_*API surface ininclude/openssl/evp.hhas been the recommended way to do crypto since 1.0.0 and has weathered both the 1.1 opacity cleanup and the 3.0 provider rewrite without a major rename. - The
opensslcommand-line tool has had a stable sub-command list for over two decades. Evenopenssl ca(apps/ca.c, 85 KB) is essentially the same workflow it was in the 1990s, just with newer crypto plumbing.
Deprecated features
- ENGINE (
crypto/engine/,include/openssl/engine.h). The pre-3.0 plug-in mechanism for hardware accelerators and HSMs. Still present and functional but officially deprecated in 3.0; new integrators should use providers. The header is still ~50 KB because the API surface was vast. EVP_PKEY_ASN1_METHODandEVP_PKEY_METHOD. The pre-3.0 way of attaching ASN.1 codecs and operations to an asymmetric algorithm. Replaced byEVP_KEYMGMT,EVP_SIGNATURE,EVP_KEYEXCH,EVP_ASYM_CIPHER,EVP_KEM, plus the encoder/decoder framework. The legacy headers remain for source compatibility.- DSA, low-level RSA / DH / EC functions.
RSA *,DSA *,DH *,EC_KEY *direct-access APIs are deprecated; the recommended path isEVP_PKEY+OSSL_PARAM.include/openssl/dsa.h,dh.h,rsa.hstill expose them underOPENSSL_NO_DEPRECATED_3_0. - MD2, MD4, MDC2, RMD160, CAST5, Blowfish, IDEA, SEED, RC2, RC4, RC5, DES (single). Moved to the legacy provider in 3.0. Available only when
legacyis explicitly loaded. - SSLv2, SSLv3, TLSv1.0, TLSv1.1. SSLv2/3 removed years ago. TLSv1.0/1.1 still compile but are off by default starting with 3.0 unless the application opts in.
- Compatibility shims.
include/openssl/cryptoerr_legacy.h,sslerr_legacy.h,ssl/ssl_rsa_legacy.c,ssl/ssl_err_legacy.c,ssl/tls_depr.c,crypto/evp/legacy_*.c— these files exist purely to keep oldERR_*codes and old function names linkable.
Major rewrites
| Rewrite | When | Result |
|---|---|---|
| Opaque structures (1.1.0) | 2014–2016 | All SSL, SSL_CTX, EVP_CIPHER_CTX, etc. became opaque. Accessor functions added. |
| Provider model (3.0) | 2019–2021 | Algorithms left libcrypto; providers became the only sanctioned path. Two competing systems coexisted during this transition. |
| Library contexts (3.0) | 2020–2021 | Almost every API gained an _ex variant taking OSSL_LIB_CTX *. |
| Pluggable record layer (3.2) | 2023 | ssl/record/methods/ enables alternative record implementations (e.g. the QUIC record layer). |
| QUIC client (3.2) and server (3.5) | 2022–2025 | First protocol added since DTLS. |
| clang-format adoption | 2024–2025 | Whole tree reformatted to WebKit style; .clang-format and .pre-commit-config.yaml enforce it. The *-PRE-CLANG-FORMAT-WEBKIT / *-POST-CLANG-FORMAT-WEBKIT tags mark the cutover for each release branch. |
Growth trajectory
xychart-beta
title "Cumulative commits"
x-axis [2000, 2005, 2010, 2015, 2020, 2025]
y-axis "Commits (thousands)" 0 --> 40
line [4, 11, 16, 21, 31, 38]OpenSSL's contributor base widened sharply after Heartbleed: pre-2014 the bulk of commits came from a small group (Levitte, Henson, Polyakov, Caswell, Möller); post-2014 the git log shows a steady stream of new contributors per year, with sustained 2,000+ commits/year reaching far beyond the original committer set. The all-time top-15 list still leans toward the founders (Levitte, Henson, Caswell, Polyakov, Möller, Salz) but the recent-year top-15 (Pauli, Syromiatnikov, Horman, Beck, von Oheimb, Caswell, Mraz, Pocs, Broz, Rogers, Dukhovni, Sorce, Lontis, Nedvedicky, Levitte) is a much broader set.
Release lineage on master
The newest tags visible from master (sorted by tag date):
openssl-4.0.0
openssl-4.0.0-beta1
openssl-4.0.0-alpha1
openssl-3.0.20 3.3.7 3.4.5 3.5.6 3.6.2
openssl-3.0.19 3.3.6 3.4.4 3.5.5 3.6.1Five LTS / non-LTS branches are simultaneously maintained (3.0, 3.3, 3.4, 3.5, 3.6) plus 4.0. master is currently 4.1-dev (VERSION.dat).
Built by Factory AutoWiki from public repository content. It is a generated preview for codebase exploration, not source-maintained documentation.