[openssl-commits] [openssl] OpenSSL_1_0_1-stable update

2016-10-25 Thread Matt Caswell 
The branch OpenSSL_1_0_1-stable has been updated
   via  a100602d58b0a2cfba1c0419470e637bb5fd227d (commit)
  from  9d9e0535366b4e5cfb2eb4d74be6b3d546b98fe8 (commit)


- Log -
commit a100602d58b0a2cfba1c0419470e637bb5fd227d
Author: Dr. Matthias St. Pierre 
Date:   Sun Oct 16 00:53:33 2016 +0200

Fix leak of secrecy in ecdh_compute_key()

A temporary buffer containing g^xy was not cleared in ecdh_compute_key()
before freeing it, so the shared secret was leaked in memory.

Reviewed-by: Kurt Roeckx 
Reviewed-by: Matt Caswell 
(cherry picked from commit 0e4690165b4beb6777b747b0aeb1646a301f41d9)

---

Summary of changes:
 crypto/ecdh/ech_ossl.c | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/crypto/ecdh/ech_ossl.c b/crypto/ecdh/ech_ossl.c
index d448b19..2d14252 100644
--- a/crypto/ecdh/ech_ossl.c
+++ b/crypto/ecdh/ech_ossl.c
@@ -202,7 +202,9 @@ static int ecdh_compute_key(void *out, size_t outlen, const 
EC_POINT *pub_key,
 BN_CTX_end(ctx);
 if (ctx)
 BN_CTX_free(ctx);
-if (buf)
+if (buf) {
+OPENSSL_cleanse(buf, buflen);
 OPENSSL_free(buf);
+}
 return (ret);
 }
_
openssl-commits mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits

[openssl-commits] [openssl] OpenSSL_1_0_2-stable update

2016-10-25 Thread Matt Caswell 
The branch OpenSSL_1_0_2-stable has been updated
   via  0e4690165b4beb6777b747b0aeb1646a301f41d9 (commit)
  from  3ade92e785bb3777c92332f88e23f6ce906ee260 (commit)


- Log -
commit 0e4690165b4beb6777b747b0aeb1646a301f41d9
Author: Dr. Matthias St. Pierre 
Date:   Sun Oct 16 00:53:33 2016 +0200

Fix leak of secrecy in ecdh_compute_key()

A temporary buffer containing g^xy was not cleared in ecdh_compute_key()
before freeing it, so the shared secret was leaked in memory.

Reviewed-by: Kurt Roeckx 
Reviewed-by: Matt Caswell 

---

Summary of changes:
 crypto/ecdh/ech_ossl.c | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/crypto/ecdh/ech_ossl.c b/crypto/ecdh/ech_ossl.c
index df115cc..d3b0524 100644
--- a/crypto/ecdh/ech_ossl.c
+++ b/crypto/ecdh/ech_ossl.c
@@ -212,7 +212,9 @@ static int ecdh_compute_key(void *out, size_t outlen, const 
EC_POINT *pub_key,
 BN_CTX_end(ctx);
 if (ctx)
 BN_CTX_free(ctx);
-if (buf)
+if (buf) {
+OPENSSL_cleanse(buf, buflen);
 OPENSSL_free(buf);
+}
 return (ret);
 }
_
openssl-commits mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits

[openssl-commits] Errored: openssl/openssl#6624 (OpenSSL_1_1_0-stable - 2aec609)

2016-10-25 Thread Travis CI 
Build Update for openssl/openssl
-

Build: #6624
Status: Errored

Duration: 23 minutes and 4 seconds
Commit: 2aec609 (OpenSSL_1_1_0-stable)
Author: Richard Levitte
Message: Backdated note in CHANGES about shared library names

Reviewed-by: Rich Salz 
(Merged from https://github.com/openssl/openssl/pull/1767)
(cherry picked from commit 78ce90cb1adb95eae094481e01f7a7d408ec78b7)

View the changeset: 
https://github.com/openssl/openssl/compare/87148d30c9df...2aec6095d309

View the full build log and details: 
https://travis-ci.org/openssl/openssl/builds/170547031

--

You can configure recipients for build notifications in your .travis.yml file. 
See https://docs.travis-ci.com/user/notifications

_
openssl-commits mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits

[openssl-commits] Errored: openssl/openssl#6623 (master - 78ce90c)

2016-10-25 Thread Travis CI 
Build Update for openssl/openssl
-

Build: #6623
Status: Errored

Duration: 55 minutes and 12 seconds
Commit: 78ce90c (master)
Author: Richard Levitte
Message: Backdated note in CHANGES about shared library names

Reviewed-by: Rich Salz 
(Merged from https://github.com/openssl/openssl/pull/1767)

View the changeset: 
https://github.com/openssl/openssl/compare/80d27cdb8498...78ce90cb1adb

View the full build log and details: 
https://travis-ci.org/openssl/openssl/builds/170546815

--

You can configure recipients for build notifications in your .travis.yml file. 
See https://docs.travis-ci.com/user/notifications

_
openssl-commits mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits

[openssl-commits] [openssl] OpenSSL_1_1_0-stable update

2016-10-25 Thread Richard Levitte 
The branch OpenSSL_1_1_0-stable has been updated
   via  2aec6095d309b101457645c9309a155af5b22d44 (commit)
   via  ea897a0aa84a57db5ea191e87cf21df2a7a2038d (commit)
  from  87148d30c9df95e355bb7076f3d69b2697bf6eb8 (commit)


- Log -
commit 2aec6095d309b101457645c9309a155af5b22d44
Author: Richard Levitte 
Date:   Sat Oct 22 00:50:25 2016 +0200

Backdated note in CHANGES about shared library names

Reviewed-by: Rich Salz 
(Merged from https://github.com/openssl/openssl/pull/1767)
(cherry picked from commit 78ce90cb1adb95eae094481e01f7a7d408ec78b7)

commit ea897a0aa84a57db5ea191e87cf21df2a7a2038d
Author: Richard Levitte 
Date:   Sat Oct 22 00:49:27 2016 +0200

Add some notes on shared library names on different platforms

This is overdue since the addition of the unified build system

Reviewed-by: Rich Salz 
(Merged from https://github.com/openssl/openssl/pull/1767)
(cherry picked from commit 4fa3f08fee253020ea152e11ff1f6fdcab79424f)

---

Summary of changes:
 CHANGES |  6 ++
 INSTALL | 29 +++--
 2 files changed, 33 insertions(+), 2 deletions(-)

diff --git a/CHANGES b/CHANGES
index 1ca9e45..9fc2b99 100644
--- a/CHANGES
+++ b/CHANGES
@@ -399,6 +399,12 @@
  template in Configurations, like unix-Makefile.tmpl or
  descrip.mms.tmpl.
 
+ With this change, the library names were also renamed on Windows
+ and on VMS.  They now have names that are closer to the standard
+ on Unix, and include the major version number, and in certain
+ cases, the architecture they are built for.  See "Notes on shared
+ libraries" in INSTALL.
+
  We rely heavily on the perl module Text::Template.
  [Richard Levitte]
 
diff --git a/INSTALL b/INSTALL
index 8107623..463e1ee 100644
--- a/INSTALL
+++ b/INSTALL
@@ -899,8 +899,8 @@
  supported. If your platform does not provide pthreads or Windows threads then
  you should Configure with the "no-threads" option.
 
- Note on shared libraries
- 
+ Notes on shared libraries
+ -
 
  For most systems the OpenSSL Configure script knows what is needed to
  build shared libraries for libcrypto and libssl. On these systems
@@ -909,6 +909,31 @@
  where OpenSSL does not know how to build shared libraries the "no-shared"
  option will be forced and only static libraries will be created.
 
+ Shared libraries are named a little differently on different platforms.
+ One way or another, they all have the major OpenSSL version number as
+ part of the file name, i.e. for OpenSSL 1.1.x, 1.1 is somehow part of
+ the name.
+
+ On most POSIXly platforms, shared libraries are named libcrypto.so.1.1
+ and libssl.so.1.1.
+
+ on Cygwin, shared libraries are named cygcrypto-1.1.dll and cygssl-1.1.dll
+ with import libraries libcrypto.dll.a and libssl.dll.a.
+
+ On Windows build with MSVC or using MingW, shared libraries are named
+ libcrypto-1_1.dll and libssl-1_1.dll for 32-bit Windows, libcrypto-1_1-x64.dll
+ and libssl-1_1-x64.dll for 64-bit x86_64 Windows, and libcrypto-1_1-ia64.dll
+ and libssl-1_1-ia64.dll for IA64 Windows.  With MSVC, the import libraries
+ are named libcrypto.lib and libssl.lib, while with MingW, they are named
+ libcrypto.dll.a and libddl.dll.a.
+
+ On VMS, shareable images (VMS speak for shared libraries) are named
+ ossl$libcrypto0101_shr.exe and ossl$libssl0101_shr.exe.  However, when
+ OpenSSL is specifically built for 32-bit pointers, the shareable images
+ are named ossl$libcrypto0101_shr32.exe and ossl$libssl0101_shr32.exe
+ instead, and when built for 64-bit pointers, they are named
+ ossl$libcrypto0101_shr64.exe and ossl$libssl0101_shr64.exe.
+
  Note on random number generation
  
 
_
openssl-commits mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits

[openssl-commits] [openssl] master update

2016-10-25 Thread Richard Levitte 
The branch master has been updated
   via  78ce90cb1adb95eae094481e01f7a7d408ec78b7 (commit)
   via  4fa3f08fee253020ea152e11ff1f6fdcab79424f (commit)
  from  80d27cdb84985c697f8fabb7649abf1f54714d13 (commit)


- Log -
commit 78ce90cb1adb95eae094481e01f7a7d408ec78b7
Author: Richard Levitte 
Date:   Sat Oct 22 00:50:25 2016 +0200

Backdated note in CHANGES about shared library names

Reviewed-by: Rich Salz 
(Merged from https://github.com/openssl/openssl/pull/1767)

commit 4fa3f08fee253020ea152e11ff1f6fdcab79424f
Author: Richard Levitte 
Date:   Sat Oct 22 00:49:27 2016 +0200

Add some notes on shared library names on different platforms

This is overdue since the addition of the unified build system

Reviewed-by: Rich Salz 
(Merged from https://github.com/openssl/openssl/pull/1767)

---

Summary of changes:
 CHANGES |  6 ++
 INSTALL | 29 +++--
 2 files changed, 33 insertions(+), 2 deletions(-)

diff --git a/CHANGES b/CHANGES
index d1e772d..dfff36f 100644
--- a/CHANGES
+++ b/CHANGES
@@ -406,6 +406,12 @@
  template in Configurations, like unix-Makefile.tmpl or
  descrip.mms.tmpl.
 
+ With this change, the library names were also renamed on Windows
+ and on VMS.  They now have names that are closer to the standard
+ on Unix, and include the major version number, and in certain
+ cases, the architecture they are built for.  See "Notes on shared
+ libraries" in INSTALL.
+
  We rely heavily on the perl module Text::Template.
  [Richard Levitte]
 
diff --git a/INSTALL b/INSTALL
index a6e8ea6..de127df 100644
--- a/INSTALL
+++ b/INSTALL
@@ -937,8 +937,8 @@
  supported. If your platform does not provide pthreads or Windows threads then
  you should Configure with the "no-threads" option.
 
- Note on shared libraries
- 
+ Notes on shared libraries
+ -
 
  For most systems the OpenSSL Configure script knows what is needed to
  build shared libraries for libcrypto and libssl. On these systems
@@ -947,6 +947,31 @@
  where OpenSSL does not know how to build shared libraries the "no-shared"
  option will be forced and only static libraries will be created.
 
+ Shared libraries are named a little differently on different platforms.
+ One way or another, they all have the major OpenSSL version number as
+ part of the file name, i.e. for OpenSSL 1.1.x, 1.1 is somehow part of
+ the name.
+
+ On most POSIXly platforms, shared libraries are named libcrypto.so.1.1
+ and libssl.so.1.1.
+
+ on Cygwin, shared libraries are named cygcrypto-1.1.dll and cygssl-1.1.dll
+ with import libraries libcrypto.dll.a and libssl.dll.a.
+
+ On Windows build with MSVC or using MingW, shared libraries are named
+ libcrypto-1_1.dll and libssl-1_1.dll for 32-bit Windows, libcrypto-1_1-x64.dll
+ and libssl-1_1-x64.dll for 64-bit x86_64 Windows, and libcrypto-1_1-ia64.dll
+ and libssl-1_1-ia64.dll for IA64 Windows.  With MSVC, the import libraries
+ are named libcrypto.lib and libssl.lib, while with MingW, they are named
+ libcrypto.dll.a and libddl.dll.a.
+
+ On VMS, shareable images (VMS speak for shared libraries) are named
+ ossl$libcrypto0101_shr.exe and ossl$libssl0101_shr.exe.  However, when
+ OpenSSL is specifically built for 32-bit pointers, the shareable images
+ are named ossl$libcrypto0101_shr32.exe and ossl$libssl0101_shr32.exe
+ instead, and when built for 64-bit pointers, they are named
+ ossl$libcrypto0101_shr64.exe and ossl$libssl0101_shr64.exe.
+
  Note on random number generation
  
 
_
openssl-commits mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits

[openssl-commits] [web] master update

2016-10-25 Thread Richard Levitte 
The branch master has been updated
   via  3e72a62c4a0bd69e5f2b4380dd070e5587e2c201 (commit)
   via  f490f29fd1fe31a0ffd360e818794e9c50a50db7 (commit)
  from  1bb9590bf583f21dc71b0adf83062f38e589644e (commit)


- Log -
commit 3e72a62c4a0bd69e5f2b4380dd070e5587e2c201
Author: Richard Levitte 
Date:   Fri Oct 7 13:59:43 2016 +0200

Install the new roadmap, saving away the old

commit f490f29fd1fe31a0ffd360e818794e9c50a50db7
Author: Richard Levitte 
Date:   Fri Oct 7 07:25:03 2016 +0200

New roadmap and platform policy

---

Summary of changes:
 policies/roadmap_2015-2016.html | 421 
 1 file changed, 421 insertions(+)
 create mode 100644 policies/roadmap_2015-2016.html

diff --git a/policies/roadmap_2015-2016.html b/policies/roadmap_2015-2016.html
new file mode 100644
index 000..133584a
--- /dev/null
+++ b/policies/roadmap_2015-2016.html
@@ -0,0 +1,421 @@
+
+
+
+
+
+
+
+
+  
+
+  
+   
+ Project Roadmap
+ 
+   First issued 30th June 2014
+   Last modified 8th August 2015
+ 
+   
+
+   
+ 
+ This document is intended to outline the OpenSSL project
+ roadmap. It is a living document and is expected to change
+ over time. Objectives and dates should be considered
+ aspirational.
+ 
+ The OpenSSL project is increasingly perceived as slow-moving
+ and insular. This roadmap will attempt to address this by
+ setting out some objectives for improvement, along with
+ defined timescales.
+
+ Table of Contents:
+
+ 
+   Current Issues
+   Objectives
+   Forthcoming Features
+   Roadmap Update History
+ 
+ 
+
+
+ Current Issues 
+ 
+ The OpenSSL project is currently experiencing a number of issues.
+ These are:
+ 
+   RT Backlog
+   Over a period of some considerable time open tickets have
+   been building up in RT (our bug tracking system) to the
+   point that now there are a very significant number of
+   them. A large proportion of these issues have been open
+   for years. Some of these have in fact been dealt with and
+   should be closed, but this has not been recorded in the
+   system. Most however have not been looked at.
+   
+   Incomplete/incorrect documentation
+   Documentation of OpenSSL is patchy at best. Some areas are
+   well documented, while many others suffer from incomplete
+   or incorrect documentation. There are also many areas
+   which have no documentation at all.
+   
+   Library complexity
+   The OpenSSL libraries and applications are complex,
+   both from a maintainer's perspective and from a user's
+   perspective. The public API contains many things which
+   should probably be internal. The code has been ported
+   to a large number of platforms, many of which are no
+   longer relevant to us today, and this complicates the
+   codebase. Some parts of the code have been in place for
+   a very long time, and are in need of a refresh. It is
+   further complicated by the support for FIPS.
+   This complexity causes maintenance problems, and
+   can also be the source of obscure and difficult to spot
+   security vulnerabilities. It can also make users' lives
+   much more difficult especially when combined with (2)
+   above.
+   The current memory management code has
+   also been a source of problems and vulnerabilities.
+   
+   Inconsistent coding style
+   There have been numerous developers working on the codebase
+   over many years. There are many different styles used within
+   the code, which is confusing and makes maintenance more
+   difficult than it should be. Even if strictly consistent,
+   the current code layout is unusual and idiosyncratic and
+   unlike any other open source software.
+   
+   Lack of code review
+   We don't have a code review system and we don't mandate code
+   reviews.
+   
+   No clear release plan
+   Historically OpenSSL has made new feature releases on
+   an infrequent basis and no forward plan of releases has
+   been published. It is difficult for users to plan for new
+   releases, and understand when new features might become
+   available, or when support will end for a release. In
+   addition a large number of stable releases are maintained
+

[openssl-commits] [web] master update

2016-10-25 Thread Rich Salz 
The branch master has been updated
   via  1bb9590bf583f21dc71b0adf83062f38e589644e (commit)
  from  5ff0a065c650485a0f19a70ff3597f91ba25b6b1 (commit)


- Log -
commit 1bb9590bf583f21dc71b0adf83062f38e589644e
Author: Rich Salz 
Date:   Mon Oct 24 18:03:32 2016 -0400

Add policy docs from 2016 F2F, per vote.

---

Summary of changes:
 policies/platformpolicy.html |  64 ++
 policies/roadmap.html| 520 ++-
 policies/sidebar.shtml   |   3 +
 3 files changed, 186 insertions(+), 401 deletions(-)
 create mode 100644 policies/platformpolicy.html

diff --git a/policies/platformpolicy.html b/policies/platformpolicy.html
new file mode 100644
index 000..5d59af8
--- /dev/null
+++ b/policies/platformpolicy.html
@@ -0,0 +1,64 @@
+
+
+  
+
+  
+
+
+
+  
+   
+ 
+   
+ Platform Policy
+   
+
+   
+
+ NOTE: Work In Progress
+
+ Each platform is classified as:
+ 
+   Primary
+   
+ Target(s) on which the majority of OpenSSL
+ development occurs
+
+ The current primary development platform is
+   Linux.
+   
+   Secondary
+   
+ Targets which at least one team member actively
+ supports.
+
+ The current secondary development platforms
+   are: FreeBSD, Windows (Visual Studio, MinGW), MacOS
+   X and VMS
+   
+   Community
+   Targets that one or more members of the OpenSSL
+ community supports
+   Unknown
+   Targets that the team doesn't know the status of
+   Deprecated
+   Targets that the team plans to remove from the OpenSSL
+ code base
+ 
+
+   
+   
+ You are here: Home
+ :  Policies
+ : Platform Policy.
+ Sitemap
+   
+ 
+   
+   
+  
+
+
+
+  
+
diff --git a/policies/roadmap.html b/policies/roadmap.html
index 9000419..121f004 100644
--- a/policies/roadmap.html
+++ b/policies/roadmap.html
@@ -1,409 +1,127 @@
 
 
-
-
-
-
-
-
-  
-
-  
-   
- Project Roadmap
- 
-   First issued 30th June 2014
-   Last modified 8th August 2015
- 
-   
-
-   
- 
- This document is intended to outline the OpenSSL project
- roadmap. It is a living document and is expected to change
- over time. Objectives and dates should be considered
- aspirational.
- 
- The OpenSSL project is increasingly perceived as slow-moving
- and insular. This roadmap will attempt to address this by
- setting out some objectives for improvement, along with
- defined timescales.
-
- Table of Contents:
-
- 
-   Current Issues
-   Objectives
-   Forthcoming Features
-   Roadmap Update History
- 
- 
-
-
- Current Issues 
- 
- The OpenSSL project is currently experiencing a number of issues.
- These are:
- 
-   RT Backlog
-   Over a period of some considerable time open tickets have
-   been building up in RT (our bug tracking system) to the
-   point that now there are a very significant number of
-   them. A large proportion of these issues have been open
-   for years. Some of these have in fact been dealt with and
-   should be closed, but this has not been recorded in the
-   system. Most however have not been looked at.
-   
-   Incomplete/incorrect documentation
-   Documentation of OpenSSL is patchy at best. Some areas are
-   well documented, while many others suffer from incomplete
-   or incorrect documentation. There are also many areas
-   which have no documentation at all.
-   
-   Library complexity
-   The OpenSSL libraries and applications are complex,
-   both from a maintainer's perspective and from a user's
-   perspective. The public API contains many things which
-   should probably be internal. The code has been ported
-   to a large number of platforms, many of which are no
-   longer relevant to us today, and this complicates the
-   codebase. Some parts of the code have been in place for
-   a very long time, and are in need of a refresh. It is
-   further complicated by the support for FIPS.
-   This complexity causes maintenance problems, and
-   can