VOTE: Technical Items still to be done
matt at openssl.org
Thu Oct 8 14:47:18 UTC 2020
topic: The following items are required prerequisites for the first beta
1) EVP is the recommended API, it must be feature-complete compared with
the functionality available using lower-level APIs.
- Anything that isn’t available must be put to an OTC vote to exclude.
- The apps are the minimum bar for this, subject to exceptions noted
2) Deprecation List Proposal: DH_, DSA_, ECDH_, ECDSA_, EC_KEY_, RSA_,
- Does not include macros defining useful constants (e.g.
- Excluded from Deprecation: `EC_`, `DSA_SIG_`, `ECDSA_SIG_`.
- There might be some others.
- Review for exceptions.
- The apps are the minimum bar to measure feature completeness for
interface: rewrite them so they do not use internal nor deprecated
functions (except speed, engine, list, passwd -crypt and the code
the -engine CLI option). That is, remove the suppression of deprecated
- Proposal: drop passwd -crypt (OMC vote required)
- Compile and link 1.1.1 command line app against the master headers and
library. Run 1.1.1 app test cases against the chimera. Treat this
external test using a special 1.1.1 branch. Deprecated functions
libssl should be moved to independent file(s), to limit the
deprecated defines to the absolute minimum scope.
3) Draft documentation (contents but not pretty)
- Need a list of things we know are not present - including things we
- We need to have mapping tables for various d2i/i2d functions.
- We need to have a mapping table from “old names” for things into the
- Documentation addition to old APIs to refer to new ones (man7).
- Documentation needs to reference name mapping.
- All the legacy interfaces need to have their documentation
the replacement interfaces.
4) Review (and maybe clean up) legacy bridge code.
5) Review TODO(3.0) items #12224.
6) Source checksum script.
7) Review of functions previously named _with_libctx.
8) Encoder fixes (PKCS#8, PKCS#1, etc).
9) Encoder DER to PEM refactor.
10) Builds and passes tests on all primary, secondary and FIPS platforms.
11) Query provider parameters (name, version, ...) from the command line.
12) Setup buildbot infrastructure and associated instructions.
13) Complete make fipsinstall.
14) More specific decoding selection (e.g. params or keys).
15) Example code covering replacements for deprecated APIs.
16) Drop C code output options from the apps (OMC approval required).
17) Address issues and PRs in the 3.0beta1 milestone.
Proposed by .
accepted: yes/no (for: X, against: Y, abstained: Z, not voted: T)
Mark [ ]
Pauli [ ]
Viktor [ ]
Tim [ ]
Richard [ ]
Shane [ ]
Tomas [ ]
Kurt [ ]
Matthias [ ]
Nicola [ ]
More information about the openssl-project