OTC Vote: Remove the RSA_SSLV23_PADDING and related functions completely

Tomas Mraz tomas at openssl.org
Thu Feb 25 08:26:18 UTC 2021

On Wed, 2021-02-24 at 19:59 -0200, Viktor Dukhovni wrote:
> Is there an open pull request for this?

No there isn't yet, but Rich Salz was working on deprecation of this
and he is willing to change the PR to do removal instead.

> > On Feb 23, 2021, at 8:21 AM, Tomas Mraz <tomas at openssl.org> wrote:
> > 
> > topic: The RSA_SSLV23_PADDING and related functions should be
> > completely removed from OpenSSL 3.0 code.
> > 
> > comment: The padding mode and the related functions (which are
> > already
> > deprecated in the current master branch) is useless outside of
> > SSLv2
> > support. We do not support SSLv2 and we do not expect anybody using
> > OpenSSL 3.0 to try to support SSLv2 by calling those functions.
> I am inclined to vote yes on general grounds, but my concern is
> whether
> this might then cause some downstream consumers of OpenSSL to fail to
> compile (things like Python bindings to OpenSSL, Net::SSLeay, ...)
> It may be prudent to leave some stub functions in place that just
> return errors, if they're currently exposed in various tools, and
> likely unused, but would still cause some pain to the downstream
> API maintainers if entirely removed.
> Are there any such functions exposed by popular toolkits?

I did not do any serious research but I know that M2Crypto provides
such bindings. So there definitely are cases where the various bindings
implementations will have to be adjusted. I do not see that as a reason
to block the removal as the bindings really will have to be adjusted
for 3.0 for other reasons anyway. We do not promise 100% API
compatibility with 1.1.1.

Also in case of the M2Crypto bindings they will already fail with 1.1.1
because they tested for the incorrect behavior that was fixed by the
recent related CVE fix.


More information about the openssl-project mailing list