Vote proposal: Technical items still to be done

Matt Caswell matt at openssl.org
Wed Oct 7 11:35:28 UTC 2020 

I had an action from the OTC meeting today to raise a vote on the OTC
list of technical items still to be done. Here is my proposed vote text.
There will be a subsequent vote on the "beta readiness checklist" which
is a separate list.

Feedback please on the proposed vote text below.

The following items are required prerequisites for the first beta release:
* EVP is the recommended API, it must be feature-complete compared with
the functionality available using lower-level APIs.
  - Anything that isn’t available must be put to an OTC vote to exclude.
  - The apps are the minimum bar for this, subject to exceptions noted
below.
* Deprecation List Proposal: DH_, DSA_, ECDH_, ECDSA_, EC_KEY_, RSA_,
RAND_METHOD_.
  - Does not include macros defining useful constants (e.g.
SHA512_DIGEST_LENGTH).
  - Excluded from Deprecation: `EC_`, `DSA_SIG_`, `ECDSA_SIG_`.
  - There might be some others.
  - Review for exceptions.
  - The apps are the minimum bar to measure feature completeness for the
EVP interface: rewrite them so they do not use internal nor deprecated
functions (except speed, engine, list, passwd -crypt and the code to
handle the -engine CLI option).  That is, remove the suppression of
deprecated define.
    - Proposal: drop passwd -crypt (OMC vote required)
  - Compile and link 1.1.1 command line app against the master headers
and library.  Run 1.1.1 app test cases against the chimera.  Treat this
as an external test using a special 1.1.1 branch.
Deprecated functions used by libssl should be moved to independent
file(s), to limit the suppression of deprecated defines to the absolute
minimum scope.
* Draft documentation (contents but not pretty)
  - Need a list of things we know are not present - including things we
have removed.
  - We need to have mapping tables for various d2i/i2d functions.
  - We need to have a mapping table from “old names” for things into the
OSSL_PARAMS names.
    - Documentation addition to old APIs to refer to new ones (man7).
    - Documentation needs to reference name mapping.
    - All the legacy interfaces need to have their documentation
pointing to the replacement interfaces.
* Review (and maybe clean up) legacy bridge code.
* Review TODO(3.0) items #12224.
* Source checksum script.
* Review of functions previously named _with_libctx.
* Encoder fixers (PKCS#8, PKCS#1, etc).
* Encoder DER to PEM refactor.
* Builds and passes tests on all primary, secondary and FIPS platforms.
* Query provider parameters (name, version, …) from the command line.
* Setup buildbot infrastructure and associated instructions.
* Complete make fipsinstall.
* More specific decoding selection (e.g. params or keys).
* Example code covering replacements for deprecated APIs.
* Drop C code output options from the apps (OMC approval required).
* Address 3.0beta1 milestones.


Matt

More information about the openssl-project mailing list