Vote proposal: Technical items still to be done
matt at openssl.org
Wed Oct 7 11:35:28 UTC 2020
I had an action from the OTC meeting today to raise a vote on the OTC
list of technical items still to be done. Here is my proposed vote text.
There will be a subsequent vote on the "beta readiness checklist" which
is a separate list.
Feedback please on the proposed vote text below.
The following items are required prerequisites for the first beta release:
* EVP is the recommended API, it must be feature-complete compared with
the functionality available using lower-level APIs.
- Anything that isn’t available must be put to an OTC vote to exclude.
- The apps are the minimum bar for this, subject to exceptions noted
* Deprecation List Proposal: DH_, DSA_, ECDH_, ECDSA_, EC_KEY_, RSA_,
- Does not include macros defining useful constants (e.g.
- Excluded from Deprecation: `EC_`, `DSA_SIG_`, `ECDSA_SIG_`.
- There might be some others.
- Review for exceptions.
- The apps are the minimum bar to measure feature completeness for the
EVP interface: rewrite them so they do not use internal nor deprecated
functions (except speed, engine, list, passwd -crypt and the code to
handle the -engine CLI option). That is, remove the suppression of
- Proposal: drop passwd -crypt (OMC vote required)
- Compile and link 1.1.1 command line app against the master headers
and library. Run 1.1.1 app test cases against the chimera. Treat this
as an external test using a special 1.1.1 branch.
Deprecated functions used by libssl should be moved to independent
file(s), to limit the suppression of deprecated defines to the absolute
* Draft documentation (contents but not pretty)
- Need a list of things we know are not present - including things we
- We need to have mapping tables for various d2i/i2d functions.
- We need to have a mapping table from “old names” for things into the
- Documentation addition to old APIs to refer to new ones (man7).
- Documentation needs to reference name mapping.
- All the legacy interfaces need to have their documentation
pointing to the replacement interfaces.
* Review (and maybe clean up) legacy bridge code.
* Review TODO(3.0) items #12224.
* Source checksum script.
* Review of functions previously named _with_libctx.
* Encoder fixers (PKCS#8, PKCS#1, etc).
* Encoder DER to PEM refactor.
* Builds and passes tests on all primary, secondary and FIPS platforms.
* Query provider parameters (name, version, …) from the command line.
* Setup buildbot infrastructure and associated instructions.
* Complete make fipsinstall.
* More specific decoding selection (e.g. params or keys).
* Example code covering replacements for deprecated APIs.
* Drop C code output options from the apps (OMC approval required).
* Address 3.0beta1 milestones.
More information about the openssl-project