# This file is obsolete as of 2021-11-09 as we use the new voting process # according to # https://github.com/openssl/technical-policies/blob/master/policies/voting-procedure.md # # A record of formal votes in reverse chronological order. # # To vote, add one of the following entries next to your name: # # [+1] I vote in favour of the proposal # [ 0] I abstain from the vote # [-1] I vote against the proposal # # If you are abstaining, you can indicate a tendency as follows: # # [+0] I abstain but with a slight lean towards a vote in favour # [ 0] I abstain with no stated preference # [-0] I abstain but with a slight lean towards a vote against # # A template for voting (alphabetical by surname) follows. ---------------- topic: . Proposed by . Public: yes opened: 2021-mm-dd closed: 2021-mm-dd accepted: yes/no (for: X, against: Y, abstained: Z, not voted: T) Dmitry [ ] Matt [ ] Pauli [ ] Tim [ ] Hugo [ ] Richard [ ] Shane [ ] Tomas [ ] Kurt [ ] Matthias [ ] Nicola [ ] ---------------- topic: Accept PR #16705 into 3.0 subject to the normal review process Proposed by Matt Caswell Public: yes opened: 2021-12-07 closed: 2021-12-07 accepted: yes (for: 4, against: 1, abstained: 3, not voted: 2) Dmitry [+0] Matt [+1] Pauli [-0] Tim [-1] Richard [+1] Shane [+1] Tomas [+1] Kurt [-1] # 2021-12-07 Matthias [+0] Nicola [ ] ---------------- topic: Accept openssl/technical-policies PR#2 - the policy change process proposal as of commit 5740178. This will become an official OTC policy. comment: This changes the voting procedure for public OTC votes to use the pull requests and issues on the openssl/technical-policies repository instead of the openssl-project mailing list. Proposed by Tomáš Mráz Public: yes opened: 2021-11-09 closed: 2021-11-09 accepted: yes (for: 8, against: 0, abstained: 0, not voted: 2) Dmitry [+1] Matt [+1] Pauli [+1] Tim [+1] Richard [+1] Shane [ ] Tomas [+1] Kurt [+1] # 2021-11-09 Matthias [+1] Nicola [+1] ---------------- topic: Accept openssl/technical-policies PR#1 - the policy change process proposal as of commit 3bccdf6. This will become an official OTC policy. comment: This will implement the formal policy change process so we can introduce and amend further policies as set by OTC via a public process. Proposed by Tomáš Mráz Public: yes opened: 2021-11-01 closed: 2021-11-03 accepted: yes (for: 9, against: 0, abstained: 0, not voted: 1) Dmitry [+1] Matt [+1] Pauli [+1] Tim [+1] Richard [+1] Shane [+1] Tomas [+1] Kurt [+1] # 2021-11-09 Matthias [+1] Nicola [+1] ---------------- topic: Accept PR#16725 as a bug fix for backport into 3.0 subject to the normal review process Proposed by Matt Caswell Public: yes opened: 2021-10-19 closed: 2021-10-20 accepted: yes (for: 4, against: 2, abstained: 4, not voted: 0) Dmitry [+0] Matt [+1] Pauli [ 0] Tim [ 0] # Vote changed 2021-10-20 Richard [+0] Shane [+1] Tomas [+1] Kurt [+1] Matthias [-1] Nicola [-1] ---------------- topic: Increase the default security level from 1 to 2 in master Proposed by Matt Caswell Public: yes opened: 2021-09-21 closed: 2021-09-21 accepted: yes (for: 7, against: 1, abstained: 1, not voted: 1) Dmitry [+1] Matt [+1] Pauli [+1] Tim [+0] Richard [+1] Shane [-1] Tomas [+1] Kurt [+1] # 2021-09-22 Matthias [+1] Nicola [+1] ---------------- topic: Accept PR#16594 into master subject to the normal review process comment: this doesn't meet the requirement of being a standard but is in use and we have the implementation but it isn't exposed. Proposed by Pauli. Public: yes opened: 2021-09-21 closed: 2021-09-21 accepted: yes (for: 5, against: 0, abstained: 3, not voted: 2) Dmitry [+1] Matt [ 0] Pauli [+1] Tim [+0] Richard [+1] Shane [+1] Tomas [+1] Kurt [+1] # 2021-09-22 Matthias [+1] # 2021-09-22 Nicola [+0] ---------------- topic: Allow the restart of merging of non-breaking small features to the master branch Proposed by Matt Caswell Public: yes opened: 2021-09-14 closed: 2021-09-14 accepted: yes (for: 5, against: 1, abstained: 1, not voted: 2) Dmitry [+1] Matt [+1] Pauli [+1] # 2021-09-14 Tim [-1] Richard [+1] Shane [ 0] Tomas [+1] Kurt [+1] # 2021-09-15 Matthias [+1] Nicola [+1] ---------------- topic: Create `openssl-3.0' git branch today. comment: This cascades to other names/version information on GitHub. For example, change the release version information in the master branch to 3.1.0-dev Proposed by Pauli. Public: yes opened: 2021-08-31 closed: 2021-08-31 accepted: yes (for: 7, against: 0, abstained: 0, not voted: 3) Dmitry [+1] Matt [+1] # 2021-09-01 Pauli [+1] Tim [+1] Richard [+1] Shane [+1] Tomas [+1] Kurt [ ] Matthias [+1] Nicola [ ] ---------------- topic: Release 3.0.0 final on Tuesday the 7th of September 2021 if run-checker and CI builds have been clean for two days. Proposed by Pauli. Public: yes opened: 2021-08-31 closed: 2021-08-31 accepted: yes (for: 8, against: 0, abstained: 0, not voted: 2) Dmitry [+1] Matt [+1] # 2021-09-01 Pauli [+1] Tim [+1] Richard [+1] Shane [+1] Tomas [+1] Kurt [ ] Matthias [+1] Nicola [+1] ---------------- topic: Accept PR#16286 into 3.0 subject to the normal review process Proposed by Shane Lontis Public: yes opened: 2021-08-17 closed: 2021-08-18 accepted: yes (for: 5, against: 1, abstained: 1, not voted: 3) Dmitry [+1] Matt [-1] Pauli [+1] Tim [ 0] Richard [+1] Shane [+1] Tomas [-1] # 2021-08-23 Kurt [-1] # 2021-08-29 Matthias [ 0] # 2021-08-23 Nicola [+1] ---------------- topic: RSA public exponent validation in 3.0 for the default provider should be consistent with 1.1.1 Comment: See issue #16255 for background Proposed by Matt Caswell Public: yes opened: 2021-08-10 closed: 2021-08-11 accepted: yes (for: 4, against: 2, abstained: 3, not voted: 1) Dmitry [ 0] Matt [+1] Pauli [ 0] Tim [+1] Richard [ 0] # 2021-08-15 Shane [+1] Tomas [+1] Kurt [-1] Matthias [-1] Nicola [-0] ---------------- topic: Revert the commits merged from PR #16027 in 1.1.1 Comment: Refer to issue #16266 for background Proposed by Tomas Mraz Public: yes opened: 2021-08-10 closed: 2021-08-13 accepted: yes (for: 5, against: 3, abstained: 1, not voted: 1) Dmitry [+1] Matt [+1] Pauli [+0] Tim [-1] Richard [-1] # 2021-08-15 Shane [-1] Tomas [+1] Kurt [+1] Matthias [+1] Nicola [-1] ---------------- topic: Accept PR 16171 in 3.0 subject to our normal review process. Proposed by Pauli. Public: yes opened: 2021-08-03 closed: 2021-08-04 accepted: yes (for: 6, against: 1, abstained:1, not voted: 2) ONE WEEK VOTE Dmitry [+1] Matt [+1] # 2021-08-10 Pauli [+1] Tim [+1] Richard [ ] Shane [+1] Tomas [+1] Kurt [-1] Matthias [ 0] Nicola [+1] ---------------- topic: Accept PR 16203 in 3.0 subject to our normal review process. Proposed by Pauli. Public: yes opened: 2021-08-03 closed: 2021-08-05 accepted: yes (for: 4, against: 1, abstained: 4, not voted: 1) ONE WEEK VOTE Dmitry [+1] Matt [+1] Pauli [+1] Tim [ 0] Richard [ ] Shane [ 0] Tomas [+1] Kurt [-1] Matthias [ 0] Nicola [+0] ---------------- topic: OTC approve the release of 3.0 beta2 on Thursday 29th July Proposed by Matt Caswell Public: yes opened: 2021-07-27 closed: 2021-07-27 accepted: yes (for: 7, against: 0, abstained: 0, not voted: 2) Matt [+1] Pauli [+1] Tim [+1] Richard [+1] Shane [+1] Tomas [ ] Kurt [+1] # 2021-07-27 Matthias [+1] Nicola [+1] ---------------- topic: Accept PR 16128 in 3.0 subject to our normal review process Proposed by Matt Caswell Public: yes opened: 2021-07-22 closed: 2021-07-27 accepted: yes (for: 8, against: 0, abstained: 0, not voted:1) Matt [+1] Pauli [+1] Tim [+1] Richard [+1] Shane [+1] Tomas [+1] Kurt [+1] # 2021-07-27 Matthias [+1] Nicola [+1] ---------------- topic: We should accept PR #16118 into 3.0 when completed and subject to the normal review process Proposed by Matt Caswell Public: yes opened: 2021-07-21 closed: 2021-07-21 accepted: yes (for: 5, against: 0, abstained: 3, not voted: 1) Matt [+1] Pauli [+1] Tim [ 0] Richard [ 0] Shane [ 0] Tomas [+1] Kurt [ 0] # 2021-07-27 Matthias [+1] Nicola [+1] ---------------- topic: We should fix the issue described in #16088 for 3.0 Proposed by Matt Caswell Public: yes opened: 2021-07-21 closed: 2021-07-21 accepted: yes (for: 6, against: 0, abstained: 2, not voted: 1) Matt [+1] Pauli [+1] Tim [ 0] Richard [ 0] Shane [+1] Tomas [+1] Kurt [-1] # 2021-07-27 Matthias [+1] Nicola [+1] ---------------- topic: Accept PR 16050 in 3.0 subject to our normal review process Proposed by Tim Hudson Public: yes opened: 2021-07-20 closed: 2021-07-27 accepted: no (for: 1, against: 3, abstained: 4, not voted: 1) Matt [-1] Pauli [+0] Tim [-1] Richard [+1] Shane [-1] Tomas [ 0] Kurt [-1] # 2021-07-27 Matthias [ 0] Nicola [ 0] ---------------- topic: Allow the addition of EVP_PKEY_get0_provider() and EVP_PKEY_CTX_get0_provider() calls in 3.0 Proposed by Paul Dale Public: yes opened: 2021-07-13 closed: 2021-07-13 accepted: yes (for: 5, against: 1, abstained: 2, not voted: 1) Matt [ 0] Pauli [+1] Tim [-1] Richard [+1] Shane [+1] Tomas [+1] Kurt [-1] # 2021-07-13 Matthias [ 0] Nicola [+1] ---------------- topic: Remove ERR_GET_FUNC in 3.0 Proposed by Nicola Tuveri Public: yes opened: 2021-07-06 closed: 2021-07-06 accepted: yes (for: 6, against: 1, abstained: 0, not voted: 2) Matt [+1] Pauli [+1] Tim [+1] Richard [-1] Shane [+1] Tomas [+1] # 2021-07-08 Kurt [ 0] # 2021-07-08 Matthias [+1] Nicola [+1] ---------------- topic: Accept #15955 in 3.0 Proposed by Pauli. Public: yes opened: 2021-06-30 closed: 2021-07-08 accepted: vote withdraw becuase the vote above invalidates it Matt [-1] # 2021-07-12 Pauli [+1] Tim [ ] Richard [ ] Shane [+1] Tomas [+1] Kurt [-1] Matthias [ ] Nicola [ ] ---------------- topic: Accept PR #15763 for 1.1.1 subject to the normal review process Proposed by Matt Caswell Public: yes opened: 2021-06-29 closed: 2021-06-29 accepted: yes (for: 7, against: 0, abstained: 0, not voted: 2) Matt [+1] Pauli [+1] Tim [+1] Richard [+1] Shane [+1] # 2021-06-30 Tomas [+1] Kurt [+1] # 2021-06-30 Matthias [+1] Nicola [+1] ---------------- topic: Accept the API additions from pull request #15790 subject to the normal review process Proposed by Tomas Mraz Public: yes opened: 2021-06-29 closed: 2021-06-29 accepted: yes (for: 6, against: 1, abstained: 0, not voted: 2) Matt [+1] Pauli [+1] Tim [-1] Richard [+1] Shane [+1] # 2021-06-30 Tomas [+1] Kurt [ 0] # 2021-06-30 Matthias [+1] Nicola [+1] ---------------- topic: We will allow enabling of __owur specifiers for functions for 3.0 as a safe API-change exception. comment: See issue #15902 Proposed by Paul Dale Public: yes opened: 2021-06-29 closed: 2021-06-30 accepted: no (for: 1, against: 3, abstained: 4, not voted: 1) Matt [-1] Pauli [-0] Tim [-1] Richard [ 0] Shane [-1] Tomas [ 0] Kurt [-1] # 2021-06-30 Matthias [+0] Nicola [+1] ---------------- topic: Accept the concept of the refactor proposed in PR 15854 for 3.0 Proposed by Matt Caswell Public: yes opened: 2021-06-22 closed: 2021-06-22 accepted: yes (for: 5, against: 1, abstained: 2, not voted: 1) Matt [+1] Pauli [+1] Tim [-1] Richard [ 0] Shane [+1] Tomas [+1] Kurt [+1] Matthias [ ] Nicola [+0] ---------------- topic: Change the outlen paramter from unsigned int * to size_t * for EVP_Q_mac and size from unsigned int * to size_t * for EVP_Q_digest. Proposed by Nicola Tuveri Public: yes opened: 2021-06-22 closed: 2021-06-22 accepted: yes (for: 5, against: 3, abstained: 0, not voted: 1) Matt [-1] Pauli [+1] Tim [-1] Richard [+1] Shane [-1] Tomas [+1] Kurt [+1] Matthias [ ] Nicola [+1] ---------------- topic: OTC approve the release of 3.0 beta1 on Thursday 17th June on the basis that: 1) all current approved PRs with the beta1 milestone are merged 2) issues #15755 and #15756 are resolved 3) We accept that VMS does not currently pass tests but expect it to do so before 3.0 final (issue #15757) Proposed by Matt Caswell Public: yes opened: 2021-06-15 closed: 2021-06-15 accepted: yes (for: 7, against: 0, abstained: 0, not voted: 2) Matt [+1] Pauli [+1] Tim [+1] Richard [+1] Shane [+1] Tomas [+1] Kurt [ 0] # 2021-06-15 Matthias [+1] # 2021-06-15 Nicola [+1] ---------------- topic: Reject PR#14759 Proposed by Nicola Tuveri Public: yes opened: 2021-04-20 closed: 2021-05-04 accepted: yes (for: 3, against: 2, abstained: 4, not voted: 2) Matt [ 0] Mark [ ] Pauli [-0] Viktor [ ] Tim [-1] Richard [ 0] Shane [+1] Tomas [-1] Kurt [+1] Matthias [ 0] Nicola [+1] ---------------- topic: Set PR 13817 milestone to Post 3.0 Proposed by Tim Hudson Public: yes opened: 2021-04-20 closed: 2021-05-21 accepted: yes (for: 2, against: 0, abstained: 7, not voted: 2) Matt [ 0] Mark [ ] Pauli [+0] Viktor [ ] Tim [+1] Richard [ 0] Shane [+1] Tomas [ 0] Kurt [ 0] Matthias [ 0] Nicola [ 0] ---------------- topic: Set issue 11164 milestone to Post 3.0 Proposed by Tim Hudson Public: yes opened: 2021-04-20 closed: 2021-04-20 accepted: yes (for: 6, against: 1, abstained: 0, not voted: 4) Matt [+1] Mark [ ] Pauli [+1] # 2021-04-21 Viktor [ ] Tim [+1] Richard [+1] Shane [+1] Tomas [+1] Kurt [-1] # 2021-04-22 Matthias [+1] Nicola [-1] ---------------- topic: EVP_PKEY types are immutable once set. Types cannot be changed once set. To move from one type to another compatible type will require export/import. Comment: This will result in breaking changes compared to previous releases. Proposed by Tim Public: yes opened: 2021-03-23 closed: 2021-03-23 accepted: yes (for: 6, against: 0, abstained: 0, not voted: 5) Matt [+1] Mark [ ] Pauli [+1] Viktor [ ] Tim [+1] Richard [+1] Shane [+1] Tomas [+1] Kurt [+1] # 2021-03-30 Matthias [+1] # 2021-03-23 Nicola [+1] # 2021-03-30 ---------------- topic: Add a description field to the OSSL_ALGORITHM structure Comment: See Issue #14514 for background Proposed by Matt Caswell Public: yes opened: 2021-03-16 closed: 2021-03-23 accepted: yes (for: 6, against: 2, abstained: 1, not voted: 2) Matt [+1] Mark [ ] Pauli [-1] Viktor [ ] Tim [+1] Richard [+1] Shane [ 0] Tomas [+1] Kurt [-1] Matthias [+1] Nicola [+1] ---------------- topic: EVP init functions take an OSSL_PARAM array to set parameters and this should be reflected in the equivalent provider interface. Proposed by Matt Caswell Public: yes opened: 2021-03-09 closed: 2021-03-09 accepted: yes (for: 5, against: 0, abstained: 2, not voted: 4) Matt [+1] Mark [ ] Pauli [+1] Viktor [ ] Tim [+1] Richard [ 0] Shane [+1] Tomas [+1] Kurt [+1] # 2021-03-09 Matthias [+0] # 2021-03-09 Nicola [+0] ---------------- topic: In 3.0 it will not be possible to use SM2 with a non-SM2 curve. This should be documented. Proposed by Matt Caswell Public: yes opened: 2021-03-09 closed: 2021-03-16 accepted: yes (for: 7, against: 1, abstained: 1, not voted: 2) Matt [+1] Mark [ ] Pauli [+1] Viktor [ ] Tim [+1] Richard [+1] Shane [+1] Tomas [ 0] Kurt [+1] Matthias [+1] Nicola [-1] ---------------- topic: EVP_PKEY_get0 functions will return a cached copy of the legacy key, and will be changed to return const. EVP_PKEY_get1 functions work as per EVP_PKEY_get0 but are not const returns and up the reference count Comment: See PR #14319 for background Proposed by Matt Caswell Public: yes opened: 2021-03-02 closed: 2021-03-02 accepted: yes (for: 7, against: 0, abstained: 0, not voted: 4) Matt [+1] Mark [ ] Pauli [+1] Viktor [ ] Tim [+1] Richard [+1] Shane [+1] Tomas [+1] Kurt [ 0] # 2021-03-03 Matthias [+0] # 2021-03-09 Nicola [+1] ---------------- topic: The RSA_SSLV23_PADDING and related functions should be completely removed from OpenSSL 3.0 code. Proposed by Tomas Mraz Public: yes opened: 2021-02-23 closed: 2021-02-28 accepted: yes (for: 6, against: 0, abstained: 5, not voted: 0) Matt [ 0] Mark [ 0] Pauli [+1] Viktor [+1] Tim [ 0] Richard [ 0] Shane [ 0] Tomas [+1] Kurt [+1] Matthias [+1] Nicola [+1] ---------------- topic: We allow calling a free function on an algorithm method for methods that were not fetched. The free function does nothing in that case. EVP_MD_CTX_md will be deprecated and documented as having "get0" semantics. We will replace it with EVP_MD_CTX_get0_md and EVP_MD_CTX_get1_md. We should do the same for other similar functions Proposed by Matt Caswell Public: yes opened: 2021-02-23 closed: 2021-02-23 accepted: yes (for: 4, against: 0, abstained: 5, not voted: 2) Matt [+1] Mark [ ] Pauli [ 0] Viktor [ ] Tim [+1] Richard [ 0] Shane [+0] Tomas [+0] Kurt [ 0] Matthias [+1] Nicola [+1] ---------------- topic: Change PKCS#12 creation to use AES-256-CBC and SHA-256 by default. comment: Both app and API, inlcude CHANGES entry. Proposed by Pauli. Public: yes opened: 2021-02-09 closed: 2021-02-09 accepted: yes (for: 8, against: 0, abstained: 0, not voted: 3) Matt [+1] Mark [ ] Pauli [+1] Viktor [ ] Tim [+1] Richard [+1] Shane [+1] Tomas [+1] Kurt [+1] Matthias [+1] # 2021-02-13 Nicola [+1] ---------------- topic: The EVP_xxx_CTX types should support an EVP_xxx_CTX_dup call but not an EVP_xxx_CTX_copy call. comments: Existing EVP_xxx_copy() functions not to be removed in the 3.0 timeframe. Proposed by pauli. Public: yes opened: 2021-02-02 closed: 2021-02-02 accepted: yes (for: 8, against: 0, abstained: 0, not voted: 3) Matt [+1] Mark [ ] Pauli [+1] Viktor [ ] Tim [+1] Richard [+1] Shane [+1] Tomas [+1] Kurt [+1] Matthias [ ] Nicola [+1] ---------------- topic: We should not support EVP_xxx_reset() operations. comment: The existing EVP_xxx_dup() function supports this functionality. Existing EVP_xxx_reset() functions not to be removed in the 3.0 timeframe. Proposed by pauli. Public: yes opened: 2021-02-02 closed: 2021-02-02 accepted: yes (for: 7, against: 0, abstained: 1, not voted: 3) Matt [+1] Mark [ ] Pauli [+1] Viktor [ ] Tim [ 0] Richard [+1] Shane [+1] Tomas [+1] Kurt [+1] Matthias [ ] Nicola [+1] ---------------- topic: EVP_MAC_init should accept key and key length arguments. Proposed by pauli. Public: yes opened: 2021-02-02 closed: 2021-02-02 accepted: yes (for: 4, against: 1, abstained: 4, not voted: 2) Matt [ 0] Mark [ ] Pauli [+1] Viktor [ ] Tim [+1] Richard [+1] Shane [ 0] Tomas [+1] Kurt [-1] Matthias [-0] Nicola [ 0] ---------------- topic: EVP init functions should accept an OSSL_PARAM array to set parameters. comment: This will mostly avoid calling the equivalent set_param call. Proposed by pauli. Public: yes opened: 2021-02-02 closed: 2021-02-02 accepted: yes (for: 8, against: 0, abstained: 1, not voted: 2) Matt [+1] Mark [ ] Pauli [+1] Viktor [ ] Tim [+1] Richard [+1] Shane [+1] Tomas [+1] Kurt [+1] Matthias [+1] Nicola [ 0] ---------------- topic: Where a function does not use the TYPE_NAME_action_name naming scheme, it is considered to be a defect. comment: These are not considered blockers for 3.0 if the function existed in 1.1.1. New functions that do not conform must be fixed before release. Proposed by pauli. Public: yes opened: 2021-02-02 closed: 2021-02-02 accepted: yes (for: 6, against: 0, abstained: 3, not voted: 2) Matt [ 0] Mark [ ] Pauli [+1] Viktor [ ] Tim [+1] Richard [+1] Shane [+1] Tomas [+1] Kurt [ 0] Matthias [+1] Nicola [ 0] ---------------- topic: Moving forwards we will use TYPE_NAME_action_name for function names. comment: Not camel case, underscores separating words. I.e. EVP_MAC_update not EVP_MACUpdate or EVP_MAC_Update. Proposed by pauli. Public: yes opened: 2021-02-02 closed: 2021-02-02 accepted: yes (for: 8, against: 0, abstained: 1, not voted: 2) Matt [+1] Mark [ ] Pauli [+1] Viktor [ ] Tim [+1] Richard [+1] Shane [+1] Tomas [+1] Kurt [ 0] Matthias [+1] Nicola [+1] ---------------- topic: Include NULL cipher in the FIPS provider. Proposed by Matthias. Public: yes opened: 2020-12-08 closed: 2020-12-08 accepted: no (for: 0, against: 7, abstained: 2, not voted: 2) Matt [-1] Mark [ ] Pauli [-1] Viktor [ ] Tim [-1] Richard [-1] Shane [-1] Tomas [-1] Kurt [-1] Matthias [-0] Nicola [-0] ---------------- topic: For 3.0 EVP_PKEY keys all algorithm implementations that were usable with 1.1.1 EVP_PKEY API or low level APIs without public component must stay usable. This overrules the * all implementations apart from EC require the public component to be present; part of the vote closed on 2020-11-17. Proposed by Tomas Mraz Public: yes opened: 2020-12-04 closed: 2021-01-12 accepted: yes (for: 8, against: 0, abstained: 0, not voted: 3) Matt [+1] Mark [ ] Pauli [+1] Viktor [ ] Tim [+1] Richard [+1] Shane [+1] Tomas [+1] Kurt [+1] Matthias [+1] Nicola [ ] ---------------- topic: In the context of the OpenSSL apps, the OTC qualifies as bug fixes the changes to return a failure exit status when a called function fails with an unhandled return value. Even when these bug fixes change the apps behavior triggering early exits (compared to previous versions of the apps), as bug fixes, they do not qualify as behavior changes that require an explicit OMC approval. Proposed by Nicola Tuveri Public: yes opened: 2020-11-30 closed: 2020-12-21 accepted: yes (for: 9, against: 0, abstained: 0, not voted: 2) Matt [+1] Mark [ ] Pauli [+1] Viktor [ ] Tim [+1] Richard [+1] Shane [+1] Tomas [+1] Kurt [+1] Matthias [+1] Nicola [+1] ---------------- topic: For 3.0 EVP_PKEY keys, the OTC accepts the following resolution: * relax the conceptual model to allow private keys to exist without public components; * all implementations apart from EC require the public component to be present; * relax implementation for EC key management to allow private keys that do not contain public keys and * our decoders unconditionally generate the public key (where possible). Proposed by Matt Caswell Public: yes opened: 2020-11-03 closed: 2020-11-17 accepted: yes (for: 5, against: 4, abstained: 1, not voted: 1) Matt [+1] Mark [ ] Pauli [+1] Viktor [-1] Tim [-1] Richard [+1] Shane [+1] Tomas [+1] Kurt [-1] Matthias [ 0] Nicola [-1] ---------------- topic: For DH Generation, the OTC accepts the following resolution: * Quad-state generation: - PKCS #3; - named groups only; - FIPS 186-2 generation or - FIPS 186-4 generation. * For default provider: - change back to PKCS #3 generation as the default and - allow changing to FIPS 186-2, FIPS 186-4 or named groups. * For FIPS provider: - choose a known safe prime group as default (rejecting non-standard lengths) and - allow a change to FIPS 186-4 generation. * For parameter validation in FIPS: - accept if a named group; - run FIPS 186-4 validation if DHX key, otherwise reject. * For key validation: if a named group, do just partial key validation. * For validation more generally, allow a validation mode to be set. Proposed by Matt Caswell Public: yes opened: 2020-11-03 closed: 2020-11-17 accepted: yes (for: 7, against: 0, abstained: 2, not voted: 2) Matt [+1] Mark [ ] Pauli [+1] Viktor [ ] Tim [+1] Richard [ 0] Shane [+1] Tomas [+1] Kurt [+1] Matthias [ 0] Nicola [+1] ---------------- topic: Hold online weekly OTC meetings starting on Tuesday 2020-10-13 and until 3.0 beta1 is released, in lieu of the weekly "developer meetings". Proposed by Nicola Tuveri Public: yes opened: 2020-10-09 closed: 2020-10-11 accepted: yes (for: 9, against: 0, abstained: 0, not voted: 2) Matt [+1] Mark [+1] Pauli [+1] Viktor [ ] Tim [+1] Richard [+1] # 2020-10-13 Shane [+1] Tomas [+1] Kurt [+1] Matthias [+1] Nicola [+1] ---------------- topic: The PR #11359 (Allow to continue with further checks on UNABLE_TO_VERIFY_LEAF_SIGNATURE) is acceptable for 1.1.1 branch As the change is borderline on bug fix/behaviour change OTC needs to decide whether it is acceptable for 1.1.1 branch. Proposed by Tomas Mraz Public: yes opened: 2020-10-09 closed: 2020-10-26 accepted: yes (for: 3, against: 2, abstained: 5, not voted: 1) Matt [-1] Mark [ 0] Pauli [+1] Viktor [ ] Tim [-1] Richard [ 0] Shane [ 0] Tomas [+1] Kurt [ 0] Matthias [ 0] Nicola [+1] ---------------- topic: The following items are required prerequisites for the first beta release: 1) EVP is the recommended API, it must be feature-complete compared with the functionality available using lower-level APIs. - Anything that isn’t available must be put to an OTC vote to exclude. - The apps are the minimum bar for this, subject to exceptions noted below. 2) Deprecation List Proposal: DH_, DSA_, ECDH_, ECDSA_, EC_KEY_, RSA_, RAND_METHOD_. - Does not include macros defining useful constants (e.g. SHA512_DIGEST_LENGTH). - Excluded from Deprecation: `EC_`, `DSA_SIG_`, `ECDSA_SIG_`. - There might be some others. - Review for exceptions. - The apps are the minimum bar to measure feature completeness for the EVP interface: rewrite them so they do not use internal nor deprecated functions (except speed, engine, list, passwd -crypt and the code to handle the -engine CLI option). That is, remove the suppression of deprecated define. - Proposal: drop passwd -crypt (OMC vote required) - Compile and link 1.1.1 command line app against the master headers and library. Run 1.1.1 app test cases against the chimera. Treat this as an external test using a special 1.1.1 branch. - Deprecated functions used by libssl should be moved to independent file(s), to limit the suppression of deprecated defines to the absolute minimum scope. 3) Draft documentation (contents but not pretty) - Need a list of things we know are not present - including things we have removed. - We need to have mapping tables for various d2i/i2d functions. - We need to have a mapping table from “old names” for things into the OSSL_PARAMS names. - Documentation addition to old APIs to refer to new ones (man7). - Documentation needs to reference name mapping. - All the legacy interfaces need to have their documentation pointing to the replacement interfaces. 4) Review (and maybe clean up) legacy bridge code. 5) Review TODO(3.0) items #12224. 6) Source checksum script. 7) Review of functions previously named _with_libctx. 8) Encoder fixes (PKCS#8, PKCS#1, etc). 9) Encoder DER to PEM refactor. 10) Builds and passes tests on all primary, secondary and FIPS platforms. 11) Query provider parameters (name, version, ...) from the command line. 12) Setup buildbot infrastructure and associated instructions. 13) Complete make fipsinstall. 14) More specific decoding selection (e.g. params or keys). 15) Example code covering replacements for deprecated APIs. 16) Drop C code output options from the apps (OMC approval required). 17) Address issues and PRs in the 3.0beta1 milestone. Proposed by . Public: yes opened: 2020-10-08 closed: 2020-10-13 accepted: yes (for: 8, against: 0, abstained: 0, not voted: 3) Matt [+1] Mark [+1] # 2020-10-13 Pauli [+1] Viktor [ ] Tim [+1] Richard [+1] Shane [+1] Tomas [+1] Kurt [-1] # 2020-10-14 Matthias [+1] Nicola [+1] ---------------- topic: We should accept the Fully Pluggable TLSv1.3 KEM functionality as shown in PR #13018 into the 3.0 release Proposed by Matt Caswell Public: yes opened: 2020-10-08 closed: 2020-10-13 accepted: yes (for: 8, against: 1, abstained: 1, not voted: 1) Matt [+1] Mark [ 0] Pauli [+1] Viktor [ ] Tim [+1] Richard [+1] Shane [-1] Tomas [+1] Kurt [+1] Matthias [+1] Nicola [+1] ---------------- topic: OTC meeting will be called for next Tuesday (2020-10-06) Proposed by Matthias St. Pierre Public: yes opened: 2020-09-30 closed: 2020-09-30 accepted: yes (for: 7, against: 0, abstained: 0, not voted: 4) Matt [+1] Mark [+1] # 2020-09-30 Pauli [+1] Viktor [ ] Tim [+1] Richard [+1] Shane [+1] Tomas [+1] # 2020-09-30 Kurt [+1] # 2020-09-30 Matthias [+1] Nicola [+1] ---------------- topic: Accept the OTC voting policy as defined: The proposer of a vote is ultimately responsible for updating the votes.txt file in the repository. Outside of a face to face meeting, voters MUST reply to the vote email indicating their preference and optionally their reasoning. Voters MAY update the votes.txt file in addition. The proposed vote text SHOULD be raised for discussion before calling the vote. Public votes MUST be called on the project list, not the OTC list and the subject MUST begin with “VOTE:”. Private votes MUST be called on the OTC list with “PRIVATE VOTE:” beginning subject. Proposed by Matthias St. Pierre (on behalf of the OTC) Public: yes opened: 2020-09-28 closed: 2020-09-29 accepted: yes (for: 9, against: 0, abstained: 0, not voted: 2) Matt [+1] Mark [+1] Pauli [+1] Viktor [ ] Tim [+1] Richard [+1] Shane [+1] Tomas [+1] Kurt [ ] Matthias [+1] Nicola [+1] ---------------- topic: Adopt the coding style policy on function arguments as shown in chapter 6.1 of web PR 194 (commit f37f8a9000) Proposed by Matt Caswell Public: yes opened: 2020-09-16 closed: 2020-09-21 accepted: no (for: 2, against: 5, abstained: 2, not voted: 2) Matt [+1] Mark [ 0] Pauli [-1] Viktor [ ] Tim [-1] Richard [-1] Shane [-1] Tomas [+1] Kurt [-1] Matthias [+0] Nicola [ ] ---------------- topic: Adopt the coding style policy on extending existing functions as shown in chapter 6.2 of web PR 194 (commit f37f8a9000) Proposed by Matt Caswell Public: yes opened: 2020-09-16 closed: 2020-09-21 accepted: yes (for: 5, against: 3, abstained: 2, not voted: 1) Matt [+1] Mark [ 0] Pauli [+1] # Vote changed 2020-09-21 Viktor [ ] Tim [-1] Richard [+1] Shane [+1] Tomas [+1] Kurt [-1] Matthias [+0] Nicola [-1] ---------------- topic: The performance improvements provided in PR11188 should be considered a bug fix and therefore acceptable for backport to 1.1.1 Proposed by Matt Caswell Public: yes opened: 2020-08-27 closed: 2020-09-10 accepted: no (for: 0, against: 8, abstained: 3, not voted: 0) Matt [-1] Mark [ 0] Pauli [-0] Viktor [-1] Tim [-1] Richard [-1] Shane [-1] Tomas [-1] Kurt [-1] Matthias [-0] Nicola [-1] ---------------- topic: Rename OSSL_SERIALIZER / OSSL_DESERIALIZER to OSSL_ENCODER / OSSL_DECODER The rationale is that it makes things easier on programmers (encode / decode is easier to write than serialize / deserialize), and also avoids disputes on what is and isn't serialization. Associated issues and PRs: #12455, #12659 and #12660 Proposed by Richard Public: yes opened: 2020-08-18 closed: 2020-08-20 accepted: yes (for: 5, against: 1, abstained: 4, not voted: 1) Matt [ 0] Mark [ 0] Pauli [+1] Viktor [ ] Tim [-1] Richard [+1] Shane [-0] # Shane's vote was actually --0 Tomas [+1] Kurt [ 0] Matthias [+1] Nicola [+1] ---------------- topic: Rename OPENSSL_CTX to OSSL_LIB_CTX (as proposed by pull request #12621) The main rationale behind this change is consistency, because many of the new OpenSSL 3.0 types have an OSSL_ prefix, and OPENSSL_CTX is a notable exception. More details can be found in the description and thread of pull request #12621. There was a discussion on openssl-committers ('Rename OPENSSL_CTX to OSSL_WHAT?') and an initial poll on doodle about the favourite replacements for OPENSSL_CTX (https://doodle.com/poll/drku9ziwvkp6tw25). Proposed by Matthias St. Pierre Public: yes opened: 2020-08-18 closed: 2020-08-20 accepted: yes (for: 5, against: 0, abstained: 4, not voted: 2) Matt [ 0] Mark [ ] Pauli [+1] Viktor [ ] Tim [-0] Richard [-0] Shane [+1] Tomas [+1] Kurt [ 0] Matthias [+1] Nicola [+1] ---------------- topic: For change requests which target both the master and the OpenSSL_1_1_1-stable branch, the following procedure should be followed: - First, a pull request needs to be opened against the master branch for discussion. Only after that pull request has received the necessary amount of approvals, a separate pull request can be opened against the OpenSSL_1_1_1-stable branch. - A separate pull request against the OpenSSL_1_1_1-stable branch is required. This holds - contrary to common practice - even if the change can be cherry-picked without conflicts from the master branch. The only exception from this rule are changes which are considered 'CLA: trivial', like e.g. typographical fixes. Proposed by Matt Caswell Public: yes opened: 2020-06-02 closed: 2020-06-16 accepted: no (for: 4, against: 4, abstained: 3, not voted: 0) Matt [ 0] Mark [ 0] Pauli [-1] Viktor [+1] Tim [+1] Richard [-1] Shane [ 0] Tomas [-1] Kurt [-1] Matthias [+1] Nicola [+1] ---------------- topic: Accept and merge #11577. comment: #11577 reduces the maximum length of TLS labels. It also breaks standards compliance. Proposed by Paul. Public: yes opened: 2020-06-02 closed: 2020-06-03 accepted: no (for: 0, against: 9, abstained: 1, not voted: 1) Matt [-1] Mark [-1] Pauli [-1] Viktor [ ] Tim [-1] Richard [-1] Shane [-1] Tomas [-1] Kurt [-1] # 2020-06-09 Matthias [ 0] Nicola [-1] ---------------- topic: Keep FIPS_mode() as emulated by EVP_default_properties_is_fips_enabled(NULL) Proposed by Tomas Mraz Public: yes opened: 2020-04-09 closed: 2020-04-27 accepted: no (for: 2, against: 5, abstained: 3, not voted: 1) Matt [+1] Mark [ 0] Pauli [-1] Viktor [ ] Tim [-1] Richard [ 0] Shane [-1] Tomas [+1] Kurt [ 0] Matthias [-1] Nicola [-1] ---------------- topic: approve PR#8300 statem: fix the alert sent for too large messages Proposed by Tim Hudson Public: yes opened: 2020-01-16 closed: 2020-01-30 accepted: no (for: 1, against: 4, abstained: 6, not voted: 0) Matt [-1] Mark [ 0] Pauli [-1] Viktor [-1] Tim [+1] Richard [ 0] Shane [-0] Tomas [+0] Kurt [ 0] Matthias [-1] Nicola [ 0]