OpenSSL 3.0 (or 4.0) API goals

Hubert Kario hkario at redhat.com
Mon Mar 4 12:57:56 UTC 2019


On Monday, 4 March 2019 12:59:26 CET Matt Caswell wrote:
> On 01/03/2019 22:26, Paul Smith wrote:
> > Hi all.
> > 
> > I'm reading with interest the details coming out with respect to the
> > next release of OpenSSL.
> > 
> > I'm curious if there's any consideration being given to updating the
> > API for existing interfaces, and/or checking the APIs of any new
> > interfaces for issues that are seen in the current API.
> > 
> > I'm talking about things like:
> >  * Const-correctness for arguments
> 
> const correctness is an ongoing thing. I'd welcome PRs that address this.
> 
> >  * Signed vs. unsigned values for integer values
> 
> We did do quite a bit of work internally in libssl to implement more
> consistent use of size_t where appropriate. We need to do something similar
> in libcrypto although that's probably a much bigger job. Dealing with
> things internally is much easier than changing the API - because that is
> obviously a breaking change which we try to avoid where possible.

In the past 9 years OpenSSL broke ABI/API 2 times (0.9.x to 1.0.0 and 1.0.2 to 
1.1.0) and announced a third. I think it's far too often for such a critical 
and integral part of operating systems.

IMNSHO such API cleanup should be mandatory part of the OpenSSL 3.0 (4.0) 
deliverable.

-- 
Regards,
Hubert Kario
Senior Quality Engineer, QE BaseOS Security team
Web: www.cz.redhat.com
Red Hat Czech s.r.o., Purkyňova 115, 612 00  Brno, Czech Republic
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 833 bytes
Desc: This is a digitally signed message part.
URL: <http://mta.openssl.org/pipermail/openssl-users/attachments/20190304/33af58cc/attachment.sig>


More information about the openssl-users mailing list