OpenSSL 3.0 (or 4.0) API goals

Hubert Kario hkario at
Mon Mar 4 12:57:56 UTC 2019

On Monday, 4 March 2019 12:59:26 CET Matt Caswell wrote:
> On 01/03/2019 22:26, Paul Smith wrote:
> > Hi all.
> > 
> > I'm reading with interest the details coming out with respect to the
> > next release of OpenSSL.
> > 
> > I'm curious if there's any consideration being given to updating the
> > API for existing interfaces, and/or checking the APIs of any new
> > interfaces for issues that are seen in the current API.
> > 
> > I'm talking about things like:
> >  * Const-correctness for arguments
> const correctness is an ongoing thing. I'd welcome PRs that address this.
> >  * Signed vs. unsigned values for integer values
> We did do quite a bit of work internally in libssl to implement more
> consistent use of size_t where appropriate. We need to do something similar
> in libcrypto although that's probably a much bigger job. Dealing with
> things internally is much easier than changing the API - because that is
> obviously a breaking change which we try to avoid where possible.

In the past 9 years OpenSSL broke ABI/API 2 times (0.9.x to 1.0.0 and 1.0.2 to 
1.1.0) and announced a third. I think it's far too often for such a critical 
and integral part of operating systems.

IMNSHO such API cleanup should be mandatory part of the OpenSSL 3.0 (4.0) 

Hubert Kario
Senior Quality Engineer, QE BaseOS Security team
Red Hat Czech s.r.o., Purkyňova 115, 612 00  Brno, Czech Republic
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 833 bytes
Desc: This is a digitally signed message part.
URL: <>

More information about the openssl-users mailing list