[openssl-commits] [openssl] OpenSSL_1_0_1-stable update
The branch OpenSSL_1_0_1-stable has been updated via a100602d58b0a2cfba1c0419470e637bb5fd227d (commit) from 9d9e0535366b4e5cfb2eb4d74be6b3d546b98fe8 (commit) - Log - commit a100602d58b0a2cfba1c0419470e637bb5fd227d Author: Dr. Matthias St. PierreDate: Sun Oct 16 00:53:33 2016 +0200 Fix leak of secrecy in ecdh_compute_key() A temporary buffer containing g^xy was not cleared in ecdh_compute_key() before freeing it, so the shared secret was leaked in memory. Reviewed-by: Kurt Roeckx Reviewed-by: Matt Caswell (cherry picked from commit 0e4690165b4beb6777b747b0aeb1646a301f41d9) --- Summary of changes: crypto/ecdh/ech_ossl.c | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/crypto/ecdh/ech_ossl.c b/crypto/ecdh/ech_ossl.c index d448b19..2d14252 100644 --- a/crypto/ecdh/ech_ossl.c +++ b/crypto/ecdh/ech_ossl.c @@ -202,7 +202,9 @@ static int ecdh_compute_key(void *out, size_t outlen, const EC_POINT *pub_key, BN_CTX_end(ctx); if (ctx) BN_CTX_free(ctx); -if (buf) +if (buf) { +OPENSSL_cleanse(buf, buflen); OPENSSL_free(buf); +} return (ret); } _ openssl-commits mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits
[openssl-commits] [openssl] OpenSSL_1_0_2-stable update
The branch OpenSSL_1_0_2-stable has been updated via 0e4690165b4beb6777b747b0aeb1646a301f41d9 (commit) from 3ade92e785bb3777c92332f88e23f6ce906ee260 (commit) - Log - commit 0e4690165b4beb6777b747b0aeb1646a301f41d9 Author: Dr. Matthias St. PierreDate: Sun Oct 16 00:53:33 2016 +0200 Fix leak of secrecy in ecdh_compute_key() A temporary buffer containing g^xy was not cleared in ecdh_compute_key() before freeing it, so the shared secret was leaked in memory. Reviewed-by: Kurt Roeckx Reviewed-by: Matt Caswell --- Summary of changes: crypto/ecdh/ech_ossl.c | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/crypto/ecdh/ech_ossl.c b/crypto/ecdh/ech_ossl.c index df115cc..d3b0524 100644 --- a/crypto/ecdh/ech_ossl.c +++ b/crypto/ecdh/ech_ossl.c @@ -212,7 +212,9 @@ static int ecdh_compute_key(void *out, size_t outlen, const EC_POINT *pub_key, BN_CTX_end(ctx); if (ctx) BN_CTX_free(ctx); -if (buf) +if (buf) { +OPENSSL_cleanse(buf, buflen); OPENSSL_free(buf); +} return (ret); } _ openssl-commits mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits
[openssl-commits] Errored: openssl/openssl#6624 (OpenSSL_1_1_0-stable - 2aec609)
Build Update for openssl/openssl - Build: #6624 Status: Errored Duration: 23 minutes and 4 seconds Commit: 2aec609 (OpenSSL_1_1_0-stable) Author: Richard Levitte Message: Backdated note in CHANGES about shared library names Reviewed-by: Rich Salz(Merged from https://github.com/openssl/openssl/pull/1767) (cherry picked from commit 78ce90cb1adb95eae094481e01f7a7d408ec78b7) View the changeset: https://github.com/openssl/openssl/compare/87148d30c9df...2aec6095d309 View the full build log and details: https://travis-ci.org/openssl/openssl/builds/170547031 -- You can configure recipients for build notifications in your .travis.yml file. See https://docs.travis-ci.com/user/notifications _ openssl-commits mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits
[openssl-commits] Errored: openssl/openssl#6623 (master - 78ce90c)
Build Update for openssl/openssl - Build: #6623 Status: Errored Duration: 55 minutes and 12 seconds Commit: 78ce90c (master) Author: Richard Levitte Message: Backdated note in CHANGES about shared library names Reviewed-by: Rich Salz(Merged from https://github.com/openssl/openssl/pull/1767) View the changeset: https://github.com/openssl/openssl/compare/80d27cdb8498...78ce90cb1adb View the full build log and details: https://travis-ci.org/openssl/openssl/builds/170546815 -- You can configure recipients for build notifications in your .travis.yml file. See https://docs.travis-ci.com/user/notifications _ openssl-commits mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits
[openssl-commits] [openssl] OpenSSL_1_1_0-stable update
The branch OpenSSL_1_1_0-stable has been updated via 2aec6095d309b101457645c9309a155af5b22d44 (commit) via ea897a0aa84a57db5ea191e87cf21df2a7a2038d (commit) from 87148d30c9df95e355bb7076f3d69b2697bf6eb8 (commit) - Log - commit 2aec6095d309b101457645c9309a155af5b22d44 Author: Richard LevitteDate: Sat Oct 22 00:50:25 2016 +0200 Backdated note in CHANGES about shared library names Reviewed-by: Rich Salz (Merged from https://github.com/openssl/openssl/pull/1767) (cherry picked from commit 78ce90cb1adb95eae094481e01f7a7d408ec78b7) commit ea897a0aa84a57db5ea191e87cf21df2a7a2038d Author: Richard Levitte Date: Sat Oct 22 00:49:27 2016 +0200 Add some notes on shared library names on different platforms This is overdue since the addition of the unified build system Reviewed-by: Rich Salz (Merged from https://github.com/openssl/openssl/pull/1767) (cherry picked from commit 4fa3f08fee253020ea152e11ff1f6fdcab79424f) --- Summary of changes: CHANGES | 6 ++ INSTALL | 29 +++-- 2 files changed, 33 insertions(+), 2 deletions(-) diff --git a/CHANGES b/CHANGES index 1ca9e45..9fc2b99 100644 --- a/CHANGES +++ b/CHANGES @@ -399,6 +399,12 @@ template in Configurations, like unix-Makefile.tmpl or descrip.mms.tmpl. + With this change, the library names were also renamed on Windows + and on VMS. They now have names that are closer to the standard + on Unix, and include the major version number, and in certain + cases, the architecture they are built for. See "Notes on shared + libraries" in INSTALL. + We rely heavily on the perl module Text::Template. [Richard Levitte] diff --git a/INSTALL b/INSTALL index 8107623..463e1ee 100644 --- a/INSTALL +++ b/INSTALL @@ -899,8 +899,8 @@ supported. If your platform does not provide pthreads or Windows threads then you should Configure with the "no-threads" option. - Note on shared libraries - + Notes on shared libraries + - For most systems the OpenSSL Configure script knows what is needed to build shared libraries for libcrypto and libssl. On these systems @@ -909,6 +909,31 @@ where OpenSSL does not know how to build shared libraries the "no-shared" option will be forced and only static libraries will be created. + Shared libraries are named a little differently on different platforms. + One way or another, they all have the major OpenSSL version number as + part of the file name, i.e. for OpenSSL 1.1.x, 1.1 is somehow part of + the name. + + On most POSIXly platforms, shared libraries are named libcrypto.so.1.1 + and libssl.so.1.1. + + on Cygwin, shared libraries are named cygcrypto-1.1.dll and cygssl-1.1.dll + with import libraries libcrypto.dll.a and libssl.dll.a. + + On Windows build with MSVC or using MingW, shared libraries are named + libcrypto-1_1.dll and libssl-1_1.dll for 32-bit Windows, libcrypto-1_1-x64.dll + and libssl-1_1-x64.dll for 64-bit x86_64 Windows, and libcrypto-1_1-ia64.dll + and libssl-1_1-ia64.dll for IA64 Windows. With MSVC, the import libraries + are named libcrypto.lib and libssl.lib, while with MingW, they are named + libcrypto.dll.a and libddl.dll.a. + + On VMS, shareable images (VMS speak for shared libraries) are named + ossl$libcrypto0101_shr.exe and ossl$libssl0101_shr.exe. However, when + OpenSSL is specifically built for 32-bit pointers, the shareable images + are named ossl$libcrypto0101_shr32.exe and ossl$libssl0101_shr32.exe + instead, and when built for 64-bit pointers, they are named + ossl$libcrypto0101_shr64.exe and ossl$libssl0101_shr64.exe. + Note on random number generation _ openssl-commits mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits
[openssl-commits] [openssl] master update
The branch master has been updated via 78ce90cb1adb95eae094481e01f7a7d408ec78b7 (commit) via 4fa3f08fee253020ea152e11ff1f6fdcab79424f (commit) from 80d27cdb84985c697f8fabb7649abf1f54714d13 (commit) - Log - commit 78ce90cb1adb95eae094481e01f7a7d408ec78b7 Author: Richard LevitteDate: Sat Oct 22 00:50:25 2016 +0200 Backdated note in CHANGES about shared library names Reviewed-by: Rich Salz (Merged from https://github.com/openssl/openssl/pull/1767) commit 4fa3f08fee253020ea152e11ff1f6fdcab79424f Author: Richard Levitte Date: Sat Oct 22 00:49:27 2016 +0200 Add some notes on shared library names on different platforms This is overdue since the addition of the unified build system Reviewed-by: Rich Salz (Merged from https://github.com/openssl/openssl/pull/1767) --- Summary of changes: CHANGES | 6 ++ INSTALL | 29 +++-- 2 files changed, 33 insertions(+), 2 deletions(-) diff --git a/CHANGES b/CHANGES index d1e772d..dfff36f 100644 --- a/CHANGES +++ b/CHANGES @@ -406,6 +406,12 @@ template in Configurations, like unix-Makefile.tmpl or descrip.mms.tmpl. + With this change, the library names were also renamed on Windows + and on VMS. They now have names that are closer to the standard + on Unix, and include the major version number, and in certain + cases, the architecture they are built for. See "Notes on shared + libraries" in INSTALL. + We rely heavily on the perl module Text::Template. [Richard Levitte] diff --git a/INSTALL b/INSTALL index a6e8ea6..de127df 100644 --- a/INSTALL +++ b/INSTALL @@ -937,8 +937,8 @@ supported. If your platform does not provide pthreads or Windows threads then you should Configure with the "no-threads" option. - Note on shared libraries - + Notes on shared libraries + - For most systems the OpenSSL Configure script knows what is needed to build shared libraries for libcrypto and libssl. On these systems @@ -947,6 +947,31 @@ where OpenSSL does not know how to build shared libraries the "no-shared" option will be forced and only static libraries will be created. + Shared libraries are named a little differently on different platforms. + One way or another, they all have the major OpenSSL version number as + part of the file name, i.e. for OpenSSL 1.1.x, 1.1 is somehow part of + the name. + + On most POSIXly platforms, shared libraries are named libcrypto.so.1.1 + and libssl.so.1.1. + + on Cygwin, shared libraries are named cygcrypto-1.1.dll and cygssl-1.1.dll + with import libraries libcrypto.dll.a and libssl.dll.a. + + On Windows build with MSVC or using MingW, shared libraries are named + libcrypto-1_1.dll and libssl-1_1.dll for 32-bit Windows, libcrypto-1_1-x64.dll + and libssl-1_1-x64.dll for 64-bit x86_64 Windows, and libcrypto-1_1-ia64.dll + and libssl-1_1-ia64.dll for IA64 Windows. With MSVC, the import libraries + are named libcrypto.lib and libssl.lib, while with MingW, they are named + libcrypto.dll.a and libddl.dll.a. + + On VMS, shareable images (VMS speak for shared libraries) are named + ossl$libcrypto0101_shr.exe and ossl$libssl0101_shr.exe. However, when + OpenSSL is specifically built for 32-bit pointers, the shareable images + are named ossl$libcrypto0101_shr32.exe and ossl$libssl0101_shr32.exe + instead, and when built for 64-bit pointers, they are named + ossl$libcrypto0101_shr64.exe and ossl$libssl0101_shr64.exe. + Note on random number generation _ openssl-commits mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits
[openssl-commits] [web] master update
The branch master has been updated via 3e72a62c4a0bd69e5f2b4380dd070e5587e2c201 (commit) via f490f29fd1fe31a0ffd360e818794e9c50a50db7 (commit) from 1bb9590bf583f21dc71b0adf83062f38e589644e (commit) - Log - commit 3e72a62c4a0bd69e5f2b4380dd070e5587e2c201 Author: Richard LevitteDate: Fri Oct 7 13:59:43 2016 +0200 Install the new roadmap, saving away the old commit f490f29fd1fe31a0ffd360e818794e9c50a50db7 Author: Richard Levitte Date: Fri Oct 7 07:25:03 2016 +0200 New roadmap and platform policy --- Summary of changes: policies/roadmap_2015-2016.html | 421 1 file changed, 421 insertions(+) create mode 100644 policies/roadmap_2015-2016.html diff --git a/policies/roadmap_2015-2016.html b/policies/roadmap_2015-2016.html new file mode 100644 index 000..133584a --- /dev/null +++ b/policies/roadmap_2015-2016.html @@ -0,0 +1,421 @@ + + + + + + + + + + + + + Project Roadmap + + First issued 30th June 2014 + Last modified 8th August 2015 + + + + + + This document is intended to outline the OpenSSL project + roadmap. It is a living document and is expected to change + over time. Objectives and dates should be considered + aspirational. + + The OpenSSL project is increasingly perceived as slow-moving + and insular. This roadmap will attempt to address this by + setting out some objectives for improvement, along with + defined timescales. + + Table of Contents: + + + Current Issues + Objectives + Forthcoming Features + Roadmap Update History + + + + + Current Issues + + The OpenSSL project is currently experiencing a number of issues. + These are: + + RT Backlog + Over a period of some considerable time open tickets have + been building up in RT (our bug tracking system) to the + point that now there are a very significant number of + them. A large proportion of these issues have been open + for years. Some of these have in fact been dealt with and + should be closed, but this has not been recorded in the + system. Most however have not been looked at. + + Incomplete/incorrect documentation + Documentation of OpenSSL is patchy at best. Some areas are + well documented, while many others suffer from incomplete + or incorrect documentation. There are also many areas + which have no documentation at all. + + Library complexity + The OpenSSL libraries and applications are complex, + both from a maintainer's perspective and from a user's + perspective. The public API contains many things which + should probably be internal. The code has been ported + to a large number of platforms, many of which are no + longer relevant to us today, and this complicates the + codebase. Some parts of the code have been in place for + a very long time, and are in need of a refresh. It is + further complicated by the support for FIPS. + This complexity causes maintenance problems, and + can also be the source of obscure and difficult to spot + security vulnerabilities. It can also make users' lives + much more difficult especially when combined with (2) + above. + The current memory management code has + also been a source of problems and vulnerabilities. + + Inconsistent coding style + There have been numerous developers working on the codebase + over many years. There are many different styles used within + the code, which is confusing and makes maintenance more + difficult than it should be. Even if strictly consistent, + the current code layout is unusual and idiosyncratic and + unlike any other open source software. + + Lack of code review + We don't have a code review system and we don't mandate code + reviews. + + No clear release plan + Historically OpenSSL has made new feature releases on + an infrequent basis and no forward plan of releases has + been published. It is difficult for users to plan for new + releases, and understand when new features might become + available, or when support will end for a release. In + addition a large number of stable releases are maintained +
[openssl-commits] [web] master update
The branch master has been updated via 1bb9590bf583f21dc71b0adf83062f38e589644e (commit) from 5ff0a065c650485a0f19a70ff3597f91ba25b6b1 (commit) - Log - commit 1bb9590bf583f21dc71b0adf83062f38e589644e Author: Rich SalzDate: Mon Oct 24 18:03:32 2016 -0400 Add policy docs from 2016 F2F, per vote. --- Summary of changes: policies/platformpolicy.html | 64 ++ policies/roadmap.html| 520 ++- policies/sidebar.shtml | 3 + 3 files changed, 186 insertions(+), 401 deletions(-) create mode 100644 policies/platformpolicy.html diff --git a/policies/platformpolicy.html b/policies/platformpolicy.html new file mode 100644 index 000..5d59af8 --- /dev/null +++ b/policies/platformpolicy.html @@ -0,0 +1,64 @@ + + + + + + + + + + + + + Platform Policy + + + + + NOTE: Work In Progress + + Each platform is classified as: + + Primary + + Target(s) on which the majority of OpenSSL + development occurs + + The current primary development platform is + Linux. + + Secondary + + Targets which at least one team member actively + supports. + + The current secondary development platforms + are: FreeBSD, Windows (Visual Studio, MinGW), MacOS + X and VMS + + Community + Targets that one or more members of the OpenSSL + community supports + Unknown + Targets that the team doesn't know the status of + Deprecated + Targets that the team plans to remove from the OpenSSL + code base + + + + + You are here: Home + : Policies + : Platform Policy. + Sitemap + + + + + + + + + + diff --git a/policies/roadmap.html b/policies/roadmap.html index 9000419..121f004 100644 --- a/policies/roadmap.html +++ b/policies/roadmap.html @@ -1,409 +1,127 @@ - - - - - - - - - - - Project Roadmap - - First issued 30th June 2014 - Last modified 8th August 2015 - - - - - - This document is intended to outline the OpenSSL project - roadmap. It is a living document and is expected to change - over time. Objectives and dates should be considered - aspirational. - - The OpenSSL project is increasingly perceived as slow-moving - and insular. This roadmap will attempt to address this by - setting out some objectives for improvement, along with - defined timescales. - - Table of Contents: - - - Current Issues - Objectives - Forthcoming Features - Roadmap Update History - - - - - Current Issues - - The OpenSSL project is currently experiencing a number of issues. - These are: - - RT Backlog - Over a period of some considerable time open tickets have - been building up in RT (our bug tracking system) to the - point that now there are a very significant number of - them. A large proportion of these issues have been open - for years. Some of these have in fact been dealt with and - should be closed, but this has not been recorded in the - system. Most however have not been looked at. - - Incomplete/incorrect documentation - Documentation of OpenSSL is patchy at best. Some areas are - well documented, while many others suffer from incomplete - or incorrect documentation. There are also many areas - which have no documentation at all. - - Library complexity - The OpenSSL libraries and applications are complex, - both from a maintainer's perspective and from a user's - perspective. The public API contains many things which - should probably be internal. The code has been ported - to a large number of platforms, many of which are no - longer relevant to us today, and this complicates the - codebase. Some parts of the code have been in place for - a very long time, and are in need of a refresh. It is - further complicated by the support for FIPS. - This complexity causes maintenance problems, and - can