2 #use wml::openssl area=about page=roadmap
4 <title>About, Roadmap</title>
5 <h1><center>OpenSSL Project Roadmap</center></h1>
6 <h2><center>First issued 30th June 2014</center></h2>
7 <h2><center>Last modified 14th October 2014</center></h2>
12 This document is intended to outline the OpenSSL project roadmap. It
13 is a living document and is expected to change over time. Objectives
14 and dates should be considered aspirational.</p>
16 The OpenSSL project is increasingly perceived as slow-moving and
17 insular. This roadmap will attempt to address this by setting out
18 some objectives for improvement, along with defined timescales.</p>
19 <h1>Current Issues</h1>
21 The OpenSSL project is currently experiencing a number of issues.
25 <b>RT Backlog<br></b><br>Over a period of some considerable time
26 open tickets have been building up in RT (our bug tracking system) to
27 the point that now there are a very significant number of them. A large
28 proportion of these issues have been open for years. Some of these have
29 in fact been dealt with and should be closed, but this has not been
30 recorded in the system. Most however have not been looked at.<br><br>
33 <b>Incomplete/incorrect documentation<br><br></b>Documentation of
34 OpenSSL is patchy at best. Some areas are well documented, while
35 many others suffer from incomplete or incorrect documentation. There
36 are also many areas which have no documentation at all.<br><br>
39 <b>Library complexity<br><br></b>The OpenSSL libraries and
40 applications are complex, both from a maintainer's perspective and
41 from a user's perspective. The public API contains many things which
42 should probably be internal. The code has been ported to a large
43 number of platforms, many of which are no longer relevant to us
44 today, and this complicates the codebase. Some parts of the code
45 have been in place for a very long time, and are in need of a
46 refresh. It is further complicated by the support for FIPS.<br><br>This
47 complexity causes maintenance problems, and can also be the source
48 of obscure and difficult to spot security vulnerabilities. It can
49 also make users' lives much more difficult especially when
50 combined with (2) above.<br><br>The current memory management code has
51 also been a source of problems and vulnerabilities.<br><br>
54 <b>Inconsistent coding style<br><br></b>There have been numerous
55 developers working on the codebase over many years. There are many
56 different styles used within the code, which is confusing and makes
57 maintenance more difficult than it should be. Even if strictly
58 consistent, the current code layout is unusual and idiosyncratic and
59 unlike any other open source software.<br><br>
63 <b>Lack of code review<br><br></b>We don't have a code review system
64 and we don't mandate code reviews.<br><br>
68 <b>No clear release plan<br><br></b>Historically OpenSSL has made new
69 feature releases on an infrequent basis and no forward plan of releases
70 has been published. It is difficult for users to plan for new releases,
71 and understand when new features might become available, or when support
72 will end for a release. In addition a large number of stable releases
73 are maintained by the OpenSSL development team - diverting effort away
74 from the most up to date versions.<br><br>
77 <b>No clear platform strategy</b><br><br>Historically OpenSSL has
78 supported a very wide range of platforms. Typically platform support has
79 been added through "ifdef" conditional compilation on a per
80 platform basis. This approach has led to a number of problems:</p>
84 The code has become very cluttered and is difficult to effectively
87 There is support still in the code for a number of legacy platforms
88 which are unlikely to be widely deployed today - if the code even
89 still works on those platforms</p>
91 In practice the development team do not have access to many of the
92 platforms that the codebase supports and testing typically takes
93 place on a very limited set (usually Linux, FreeBSD and Windows)<br><br>
99 <b>No published security strategy</b><br><br>We do not have a well-known
100 and published approach for how we appropriately inform all interested
101 parties of security advisories.<br><br>
108 Each of the issues identified above can be translated into high level
109 objectives. Some of these objectives can be achieved more easily and
110 quickly than others.</p>
112 <b>An important principle is that the priority and focus of effort
113 will be on achieving these objectives over and above the delivery of
114 new features.</b></p>
118 Manage all newly submitted RT tickets in a timely manner such as an
119 initial response within four working days. (Timescale: Now)</p>
121 Reduce over time the existing RT backlog (Timescale: Ongoing). This
122 may include the mass closure of very old tickets, such as those
123 raised before the release of any currently supported version</p>
124 <a name="8-sep-2014"><p>Update (8th September 2014):</a>
125 we have made a great deal of progress on the backlog.
126 A <a href="ticket-activity.png">graph of ticket activity</a>
127 is available, as is the <a href="buglist.txt">raw data</a>
128 for every bug showing when it was open, and resolved. We will
129 update these files periodically.</a>
131 <h2>Incomplete/incorrect documentation</h2>
134 Provide complete documentation for all of the public API (excluding
135 deprecated APIs) (Timescale: Within one year)</p>
138 This may include introducing a new documentation system</p>
140 Some parts of the API have historically been public but were not
141 intended for public use, such as low level cipher and digest APIs.
142 These parts may not be documented, and if they are will be marked
143 as deprecated (Timescale: within nine months).</p>
146 <h2>Library complexity</h2>
149 Review and revise the public API with a view to reducing complexity
150 (Timescale: Within one year)</p>
152 Document a platform strategy: see below (Timescale: Within three
155 Review and refactor the FIPS code to make it far less intrusive
156 (Timescale: Within one year)</p>
158 Review and refactor the memory management code (Timescale: Within
161 <h2>Inconsistent coding style</h2>
164 Define a clear coding standard for the project. This will cover not
165 only code layout but also items such as how to handle platform
166 dependencies, unit testing and optional code. (Timescale: Within
170 Format the entire codebase according to the agreed standard.
171 (Timescale: Within three months of coding standard being defined)
174 Refactor code to follow other parts of the style guide. (Timescale:
181 Agree and implement a process such that all new commits should first
182 be reviewed by a team member conversant with the relevant code and
183 updated until the reviewer's issues are addressed. This is
184 contingent on recruiting sufficient team members that reviewers are
185 more-or-less always available. (Timescale: Within three months)</p>
188 Objective met (16th July 2014): All changes are first reviewed by
189 another team member prior to being committed to the public openssl
193 Agree on a code review system. (Timescale: Within six months)</p>
198 Externally audit the current code base. (Timescale: Dependent on
201 <p>Update (14th October 2014):
202 Auditors selected and funded; schedule being worked on.</p>
204 <h2>Static/Dynamic Analysis</h2>
207 Regularly audit the code using appropriate analysis tools.
208 (Timescale: Within six months)
211 <h2><a name="relstrat">Release Strategy</a></h2>
213 We intend to develop a release strategy which will set out our plans
214 for how frequently we plan to release, and when. It will also cover
215 how long releases will be supported for, and when their EOL (End Of
216 Life) will be. (Timescale: Within three months)</p>
218 There are a number of objectives that we would be seeking to address
219 within the release strategy. Some of these objectives compete with
220 each other, and so from necessity there will have to be compromises.
221 The objectives are:</p>
224 We need security fix releases with very low chance of breaking
225 anything. This is largely met by prohibiting new features in stable
226 branches (i.e. letter releases).</p>
228 If something is broken in a release a fixed version should be made
229 available shortly afterwards (i.e. more letter releases more often)</p>
231 We need a way to get new binary compatible features into OpenSSL
232 relatively quickly.</p>
234 We don't want to have to maintain too many branches. This is likely
235 to include a timescale for the EOL of version 0.9.8</p>
237 We need a way to refactor code and make necessary binary
238 incompatible changes, deprecating APIs etc.</p>
240 <h2><a name="platstrat">Platform Strategy</a></h2>
242 Moving forward OpenSSL will adopt the following policy:</p>
245 There will be a defined set of primary platforms. The primary
246 platforms will be Linux and FreeBSD. A primary platform is one where
247 most development occurs.</p>
249 In addition there will be a list of secondary platforms which are
250 supported by the development team.</p>
252 Platform specific code will be moved out of the main codebase
253 (removing overuse of "ifdef").</p>
255 Legacy platforms that are unlikely to have wide deployment will be
256 removed from the code.</p>
258 Non-supported platforms requiring regular maintenance activities
259 will eventually be removed from the code after first seeking
260 community owners to support the platforms in platform specific
261 repositories.<br><br></p>
264 Necessary criteria for a platform to be included in the secondary
265 platform list includes:</p>
268 Currency, i.e. a platform is widely deployed and in current use</p>
272 Available to the dev team, i.e. the dev team have access to a
273 suitable environment in which to test builds and deal with tickets
276 Dev team ownership, i.e. at least one person on the team is willing
277 to take some responsibility for a platform<br><br></p>
280 In addition the secondary list will be as small as possible so as not
281 to spread the development team too thinly.</p>
283 The secondary platforms are still to be defined but will be based on
284 the above criteria. For each primary/secondary platform, we should
285 have, at least, a continuous integration box and a dev machine we can
286 access for test/debug. We will seek support from the platform vendors
287 or the community to provide access to these platforms. The secondary
288 platform list will change over time, but an initial list will be
289 produced within three months.</p>
291 The Platform Strategy will be phased in over a period of time based
292 on how quickly we can refactor the code.</p>
293 <h2>Security Strategy</h2>
296 We will be documenting a security strategy which will define our
300 How we make security fixes</p>
302 What (if any) pre-notification of forthcoming security releases will
303 be provided (and to whom) (Timescale: Within two months)</p>
307 Objective met (7th September 2014): The OpenSSL security policy is available
308 <a href="secpolicy.html">here</a>
310 <h1>Forthcoming Features</h1>
312 The primary focus of effort will be on achieving the objectives
313 detailed above, however we are evaluating the following new features.</p>
318 AEAD updates (API review, Poly/ChaCha support, /dev/crypto
319 operations coalescing)</p>
324 Certificate Transparency support.
327 Support for new ciphersuites e.g. CCM.</p>
329 Extended SSL_CONF support.</p>
333 Security levels (currently experimental in master)</p>
337 FIPS code review and refactor</p>
339 Support for emerging platforms, e.g. ARMv8, POWER8</p>
341 Built-in MT support for two major threading "flavours", POSIX
342 threads and Win32.</p>
345 <h1>Roadmap Update History</h1>
347 The following changes have been made since the roadmap was first
352 <a name="14-oct-2014">14-October-2014.</a>
353 Updated audit; added TLS 1.3 and Certificate
354 Transparency to features.</p>
356 8-September-2014. Updated status on the RT backlog objective.</p>
358 7-September-2014. Updated security policy section.</p>
360 16-July-2014. Updated code review section.</p>
362 1-July-2014. Noted RT is our bug tracking system.</p>