FFFTPのソースコードです。
| Revision | 6797149e0f2d76c8902ca7a10d5fa903fdae5745 (tree) |
|---|---|
| Zeit | 2014-10-17 00:03:38 |
| Autor | s_kawamoto <s_kawamoto@user...> |
| Commiter | s_kawamoto |
Update OpenSSL to 1.0.1j.
FFFTP_Eng_Release/FFFTP.exe (diff) Release/FFFTP.exe (diff) contrib/openssl/bin/libeay32.dll (diff) contrib/openssl/bin/ssleay32.dll (diff)
contrib/openssl/changes.txt (diff)
contrib/openssl/include/openssl/dtls1.h (diff) contrib/openssl/include/openssl/ebcdic.h (diff) contrib/openssl/include/openssl/ec.h (diff) contrib/openssl/include/openssl/modes.h (diff) contrib/openssl/include/openssl/opensslconf.h (diff) contrib/openssl/include/openssl/opensslv.h (diff) contrib/openssl/include/openssl/ossl_typ.h (diff) contrib/openssl/include/openssl/pkcs7.h (diff) contrib/openssl/include/openssl/pqueue.h (diff) contrib/openssl/include/openssl/rsa.h (diff) contrib/openssl/include/openssl/safestack.h (diff) contrib/openssl/include/openssl/srtp.h (diff) contrib/openssl/include/openssl/ssl.h (diff) contrib/openssl/include/openssl/ssl3.h (diff) contrib/openssl/include/openssl/tls1.h (diff) contrib/openssl/news.txt (diff) contrib/openssl/readme.txt (diff) dist/amd64/libeay32.dll (diff) dist/amd64/ssleay32.dll (diff) dist/libeay32.dll (diff) dist/ssleay32.dll (diff)
socketwrapper.c (diff)| @@ -2,6 +2,57 @@ | ||
| 2 | 2 | OpenSSL CHANGES |
| 3 | 3 | _______________ |
| 4 | 4 | |
| 5 | + Changes between 1.0.1i and 1.0.1j [15 Oct 2014] | |
| 6 | + | |
| 7 | + *) SRTP Memory Leak. | |
| 8 | + | |
| 9 | + A flaw in the DTLS SRTP extension parsing code allows an attacker, who | |
| 10 | + sends a carefully crafted handshake message, to cause OpenSSL to fail | |
| 11 | + to free up to 64k of memory causing a memory leak. This could be | |
| 12 | + exploited in a Denial Of Service attack. This issue affects OpenSSL | |
| 13 | + 1.0.1 server implementations for both SSL/TLS and DTLS regardless of | |
| 14 | + whether SRTP is used or configured. Implementations of OpenSSL that | |
| 15 | + have been compiled with OPENSSL_NO_SRTP defined are not affected. | |
| 16 | + | |
| 17 | + The fix was developed by the OpenSSL team. | |
| 18 | + (CVE-2014-3513) | |
| 19 | + [OpenSSL team] | |
| 20 | + | |
| 21 | + *) Session Ticket Memory Leak. | |
| 22 | + | |
| 23 | + When an OpenSSL SSL/TLS/DTLS server receives a session ticket the | |
| 24 | + integrity of that ticket is first verified. In the event of a session | |
| 25 | + ticket integrity check failing, OpenSSL will fail to free memory | |
| 26 | + causing a memory leak. By sending a large number of invalid session | |
| 27 | + tickets an attacker could exploit this issue in a Denial Of Service | |
| 28 | + attack. | |
| 29 | + (CVE-2014-3567) | |
| 30 | + [Steve Henson] | |
| 31 | + | |
| 32 | + *) Build option no-ssl3 is incomplete. | |
| 33 | + | |
| 34 | + When OpenSSL is configured with "no-ssl3" as a build option, servers | |
| 35 | + could accept and complete a SSL 3.0 handshake, and clients could be | |
| 36 | + configured to send them. | |
| 37 | + (CVE-2014-3568) | |
| 38 | + [Akamai and the OpenSSL team] | |
| 39 | + | |
| 40 | + *) Add support for TLS_FALLBACK_SCSV. | |
| 41 | + Client applications doing fallback retries should call | |
| 42 | + SSL_set_mode(s, SSL_MODE_SEND_FALLBACK_SCSV). | |
| 43 | + (CVE-2014-3566) | |
| 44 | + [Adam Langley, Bodo Moeller] | |
| 45 | + | |
| 46 | + *) Add additional DigestInfo checks. | |
| 47 | + | |
| 48 | + Reencode DigestInto in DER and check against the original when | |
| 49 | + verifying RSA signature: this will reject any improperly encoded | |
| 50 | + DigestInfo structures. | |
| 51 | + | |
| 52 | + Note: this is a precautionary measure and no attacks are currently known. | |
| 53 | + | |
| 54 | + [Steve Henson] | |
| 55 | + | |
| 5 | 56 | Changes between 1.0.1h and 1.0.1i [6 Aug 2014] |
| 6 | 57 | |
| 7 | 58 | *) Fix SRP buffer overrun vulnerability. Invalid parameters passed to the |
| @@ -84,6 +84,8 @@ extern "C" { | ||
| 84 | 84 | #endif |
| 85 | 85 | |
| 86 | 86 | #define DTLS1_VERSION 0xFEFF |
| 87 | +#define DTLS_MAX_VERSION DTLS1_VERSION | |
| 88 | + | |
| 87 | 89 | #define DTLS1_BAD_VER 0x0100 |
| 88 | 90 | |
| 89 | 91 | #if 0 |
| @@ -284,4 +286,3 @@ typedef struct dtls1_record_data_st | ||
| 284 | 286 | } |
| 285 | 287 | #endif |
| 286 | 288 | #endif |
| 287 | - |
| @@ -5,6 +5,10 @@ | ||
| 5 | 5 | |
| 6 | 6 | #include <sys/types.h> |
| 7 | 7 | |
| 8 | +#ifdef __cplusplus | |
| 9 | +extern "C" { | |
| 10 | +#endif | |
| 11 | + | |
| 8 | 12 | /* Avoid name clashes with other applications */ |
| 9 | 13 | #define os_toascii _openssl_os_toascii |
| 10 | 14 | #define os_toebcdic _openssl_os_toebcdic |
| @@ -16,4 +20,7 @@ extern const unsigned char os_toebcdic[256]; | ||
| 16 | 20 | void *ebcdic2ascii(void *dest, const void *srce, size_t count); |
| 17 | 21 | void *ascii2ebcdic(void *dest, const void *srce, size_t count); |
| 18 | 22 | |
| 23 | +#ifdef __cplusplus | |
| 24 | +} | |
| 25 | +#endif | |
| 19 | 26 | #endif |
| @@ -629,7 +629,7 @@ int EC_POINT_cmp(const EC_GROUP *group, const EC_POINT *a, const EC_POINT *b, BN | ||
| 629 | 629 | int EC_POINT_make_affine(const EC_GROUP *group, EC_POINT *point, BN_CTX *ctx); |
| 630 | 630 | int EC_POINTs_make_affine(const EC_GROUP *group, size_t num, EC_POINT *points[], BN_CTX *ctx); |
| 631 | 631 | |
| 632 | -/** Computes r = generator * n sum_{i=0}^num p[i] * m[i] | |
| 632 | +/** Computes r = generator * n sum_{i=0}^{num-1} p[i] * m[i] | |
| 633 | 633 | * \param group underlying EC_GROUP object |
| 634 | 634 | * \param r EC_POINT object for the result |
| 635 | 635 | * \param n BIGNUM with the multiplier for the group generator (optional) |
| @@ -7,6 +7,9 @@ | ||
| 7 | 7 | |
| 8 | 8 | #include <stddef.h> |
| 9 | 9 | |
| 10 | +#ifdef __cplusplus | |
| 11 | +extern "C" { | |
| 12 | +#endif | |
| 10 | 13 | typedef void (*block128_f)(const unsigned char in[16], |
| 11 | 14 | unsigned char out[16], |
| 12 | 15 | const void *key); |
| @@ -133,3 +136,6 @@ typedef struct xts128_context XTS128_CONTEXT; | ||
| 133 | 136 | |
| 134 | 137 | int CRYPTO_xts128_encrypt(const XTS128_CONTEXT *ctx, const unsigned char iv[16], |
| 135 | 138 | const unsigned char *inp, unsigned char *out, size_t len, int enc); |
| 139 | +#ifdef __cplusplus | |
| 140 | +} | |
| 141 | +#endif |
| @@ -1,6 +1,9 @@ | ||
| 1 | 1 | /* opensslconf.h */ |
| 2 | 2 | /* WARNING: Generated automatically from opensslconf.h.in by Configure. */ |
| 3 | 3 | |
| 4 | +#ifdef __cplusplus | |
| 5 | +extern "C" { | |
| 6 | +#endif | |
| 4 | 7 | /* OpenSSL was configured with the following options: */ |
| 5 | 8 | #ifndef OPENSSL_SYSNAME_WIN32 |
| 6 | 9 | # define OPENSSL_SYSNAME_WIN32 |
| @@ -239,3 +242,6 @@ YOU SHOULD NOT HAVE BOTH DES_RISC1 AND DES_RISC2 DEFINED!!!!! | ||
| 239 | 242 | |
| 240 | 243 | #endif /* DES_DEFAULT_OPTIONS */ |
| 241 | 244 | #endif /* HEADER_DES_LOCL_H */ |
| 245 | +#ifdef __cplusplus | |
| 246 | +} | |
| 247 | +#endif |
| @@ -1,6 +1,10 @@ | ||
| 1 | 1 | #ifndef HEADER_OPENSSLV_H |
| 2 | 2 | #define HEADER_OPENSSLV_H |
| 3 | 3 | |
| 4 | +#ifdef __cplusplus | |
| 5 | +extern "C" { | |
| 6 | +#endif | |
| 7 | + | |
| 4 | 8 | /* Numeric release version identifier: |
| 5 | 9 | * MNNFFPPS: major minor fix patch status |
| 6 | 10 | * The status nibble has one of the values 0 for development, 1 to e for betas |
| @@ -25,11 +29,11 @@ | ||
| 25 | 29 | * (Prior to 0.9.5a beta1, a different scheme was used: MMNNFFRBB for |
| 26 | 30 | * major minor fix final patch/beta) |
| 27 | 31 | */ |
| 28 | -#define OPENSSL_VERSION_NUMBER 0x1000109fL | |
| 32 | +#define OPENSSL_VERSION_NUMBER 0x100010afL | |
| 29 | 33 | #ifdef OPENSSL_FIPS |
| 30 | -#define OPENSSL_VERSION_TEXT "OpenSSL 1.0.1i-fips 6 Aug 2014" | |
| 34 | +#define OPENSSL_VERSION_TEXT "OpenSSL 1.0.1j-fips 15 Oct 2014" | |
| 31 | 35 | #else |
| 32 | -#define OPENSSL_VERSION_TEXT "OpenSSL 1.0.1i 6 Aug 2014" | |
| 36 | +#define OPENSSL_VERSION_TEXT "OpenSSL 1.0.1j 15 Oct 2014" | |
| 33 | 37 | #endif |
| 34 | 38 | #define OPENSSL_VERSION_PTEXT " part of " OPENSSL_VERSION_TEXT |
| 35 | 39 |
| @@ -86,4 +90,7 @@ | ||
| 86 | 90 | #define SHLIB_VERSION_NUMBER "1.0.0" |
| 87 | 91 | |
| 88 | 92 | |
| 93 | +#ifdef __cplusplus | |
| 94 | +} | |
| 95 | +#endif | |
| 89 | 96 | #endif /* HEADER_OPENSSLV_H */ |
| @@ -55,6 +55,10 @@ | ||
| 55 | 55 | #ifndef HEADER_OPENSSL_TYPES_H |
| 56 | 56 | #define HEADER_OPENSSL_TYPES_H |
| 57 | 57 | |
| 58 | +#ifdef __cplusplus | |
| 59 | +extern "C" { | |
| 60 | +#endif | |
| 61 | + | |
| 58 | 62 | #include <openssl/e_os2.h> |
| 59 | 63 | |
| 60 | 64 | #ifdef NO_ASN1_TYPEDEFS |
| @@ -199,4 +203,7 @@ typedef struct ocsp_req_ctx_st OCSP_REQ_CTX; | ||
| 199 | 203 | typedef struct ocsp_response_st OCSP_RESPONSE; |
| 200 | 204 | typedef struct ocsp_responder_id_st OCSP_RESPID; |
| 201 | 205 | |
| 206 | +#ifdef __cplusplus | |
| 207 | +} | |
| 208 | +#endif | |
| 202 | 209 | #endif /* def HEADER_OPENSSL_TYPES_H */ |
| @@ -233,10 +233,6 @@ DECLARE_PKCS12_STACK_OF(PKCS7) | ||
| 233 | 233 | (OBJ_obj2nid((a)->type) == NID_pkcs7_signedAndEnveloped) |
| 234 | 234 | #define PKCS7_type_is_data(a) (OBJ_obj2nid((a)->type) == NID_pkcs7_data) |
| 235 | 235 | #define PKCS7_type_is_digest(a) (OBJ_obj2nid((a)->type) == NID_pkcs7_digest) |
| 236 | -#define PKCS7_type_is_encrypted(a) \ | |
| 237 | - (OBJ_obj2nid((a)->type) == NID_pkcs7_encrypted) | |
| 238 | - | |
| 239 | -#define PKCS7_type_is_digest(a) (OBJ_obj2nid((a)->type) == NID_pkcs7_digest) | |
| 240 | 236 | |
| 241 | 237 | #define PKCS7_set_detached(p,v) \ |
| 242 | 238 | PKCS7_ctrl(p,PKCS7_OP_SET_DETACHED_SIGNATURE,v,NULL) |
| @@ -64,6 +64,9 @@ | ||
| 64 | 64 | #include <stdlib.h> |
| 65 | 65 | #include <string.h> |
| 66 | 66 | |
| 67 | +#ifdef __cplusplus | |
| 68 | +extern "C" { | |
| 69 | +#endif | |
| 67 | 70 | typedef struct _pqueue *pqueue; |
| 68 | 71 | |
| 69 | 72 | typedef struct _pitem |
| @@ -91,4 +94,7 @@ pitem *pqueue_next(piterator *iter); | ||
| 91 | 94 | void pqueue_print(pqueue pq); |
| 92 | 95 | int pqueue_size(pqueue pq); |
| 93 | 96 | |
| 97 | +#ifdef __cplusplus | |
| 98 | +} | |
| 99 | +#endif | |
| 94 | 100 | #endif /* ! HEADER_PQUEUE_H */ |
| @@ -559,6 +559,7 @@ void ERR_load_RSA_strings(void); | ||
| 559 | 559 | #define RSA_R_OPERATION_NOT_ALLOWED_IN_FIPS_MODE 158 |
| 560 | 560 | #define RSA_R_OPERATION_NOT_SUPPORTED_FOR_THIS_KEYTYPE 148 |
| 561 | 561 | #define RSA_R_PADDING_CHECK_FAILED 114 |
| 562 | +#define RSA_R_PKCS_DECODING_ERROR 159 | |
| 562 | 563 | #define RSA_R_P_NOT_PRIME 128 |
| 563 | 564 | #define RSA_R_Q_NOT_PRIME 129 |
| 564 | 565 | #define RSA_R_RSA_OPERATIONS_NOT_SUPPORTED 130 |
| @@ -57,6 +57,10 @@ | ||
| 57 | 57 | |
| 58 | 58 | #include <openssl/stack.h> |
| 59 | 59 | |
| 60 | +#ifdef __cplusplus | |
| 61 | +extern "C" { | |
| 62 | +#endif | |
| 63 | + | |
| 60 | 64 | #ifndef CHECKED_PTR_OF |
| 61 | 65 | #define CHECKED_PTR_OF(type, p) \ |
| 62 | 66 | ((void*) (1 ? p : (type*)0)) |
| @@ -2660,4 +2664,8 @@ DECLARE_SPECIAL_STACK_OF(OPENSSL_BLOCK, void) | ||
| 2660 | 2664 | #define lh_SSL_SESSION_free(lh) LHM_lh_free(SSL_SESSION,lh) |
| 2661 | 2665 | /* End of util/mkstack.pl block, you may now edit :-) */ |
| 2662 | 2666 | |
| 2667 | + | |
| 2668 | +#ifdef __cplusplus | |
| 2669 | +} | |
| 2670 | +#endif | |
| 2663 | 2671 | #endif /* !defined HEADER_SAFESTACK_H */ |
| @@ -130,6 +130,8 @@ extern "C" { | ||
| 130 | 130 | #define SRTP_NULL_SHA1_80 0x0005 |
| 131 | 131 | #define SRTP_NULL_SHA1_32 0x0006 |
| 132 | 132 | |
| 133 | +#ifndef OPENSSL_NO_SRTP | |
| 134 | + | |
| 133 | 135 | int SSL_CTX_set_tlsext_use_srtp(SSL_CTX *ctx, const char *profiles); |
| 134 | 136 | int SSL_set_tlsext_use_srtp(SSL *ctx, const char *profiles); |
| 135 | 137 | SRTP_PROTECTION_PROFILE *SSL_get_selected_srtp_profile(SSL *s); |
| @@ -137,6 +139,8 @@ SRTP_PROTECTION_PROFILE *SSL_get_selected_srtp_profile(SSL *s); | ||
| 137 | 139 | STACK_OF(SRTP_PROTECTION_PROFILE) *SSL_get_srtp_profiles(SSL *ssl); |
| 138 | 140 | SRTP_PROTECTION_PROFILE *SSL_get_selected_srtp_profile(SSL *s); |
| 139 | 141 | |
| 142 | +#endif | |
| 143 | + | |
| 140 | 144 | #ifdef __cplusplus |
| 141 | 145 | } |
| 142 | 146 | #endif |
| @@ -653,6 +653,10 @@ struct ssl_session_st | ||
| 653 | 653 | */ |
| 654 | 654 | #define SSL_MODE_SEND_CLIENTHELLO_TIME 0x00000020L |
| 655 | 655 | #define SSL_MODE_SEND_SERVERHELLO_TIME 0x00000040L |
| 656 | +/* Send TLS_FALLBACK_SCSV in the ClientHello. | |
| 657 | + * To be set by applications that reconnect with a downgraded protocol | |
| 658 | + * version; see draft-ietf-tls-downgrade-scsv-00 for details. */ | |
| 659 | +#define SSL_MODE_SEND_FALLBACK_SCSV 0x00000080L | |
| 656 | 660 | |
| 657 | 661 | /* Note: SSL[_CTX]_set_{options,mode} use |= op on the previous value, |
| 658 | 662 | * they cannot be used to clear bits. */ |
| @@ -1511,6 +1515,7 @@ DECLARE_PEM_rw(SSL_SESSION, SSL_SESSION) | ||
| 1511 | 1515 | #define SSL_AD_BAD_CERTIFICATE_STATUS_RESPONSE TLS1_AD_BAD_CERTIFICATE_STATUS_RESPONSE |
| 1512 | 1516 | #define SSL_AD_BAD_CERTIFICATE_HASH_VALUE TLS1_AD_BAD_CERTIFICATE_HASH_VALUE |
| 1513 | 1517 | #define SSL_AD_UNKNOWN_PSK_IDENTITY TLS1_AD_UNKNOWN_PSK_IDENTITY /* fatal */ |
| 1518 | +#define SSL_AD_INAPPROPRIATE_FALLBACK TLS1_AD_INAPPROPRIATE_FALLBACK /* fatal */ | |
| 1514 | 1519 | |
| 1515 | 1520 | #define SSL_ERROR_NONE 0 |
| 1516 | 1521 | #define SSL_ERROR_SSL 1 |
| @@ -1621,6 +1626,8 @@ DECLARE_PEM_rw(SSL_SESSION, SSL_SESSION) | ||
| 1621 | 1626 | #define SSL_CTRL_GET_EXTRA_CHAIN_CERTS 82 |
| 1622 | 1627 | #define SSL_CTRL_CLEAR_EXTRA_CHAIN_CERTS 83 |
| 1623 | 1628 | |
| 1629 | +#define SSL_CTRL_CHECK_PROTO_VERSION 119 | |
| 1630 | + | |
| 1624 | 1631 | #define DTLSv1_get_timeout(ssl, arg) \ |
| 1625 | 1632 | SSL_ctrl(ssl,DTLS_CTRL_GET_TIMEOUT,0, (void *)arg) |
| 1626 | 1633 | #define DTLSv1_handle_timeout(ssl) \ |
| @@ -2379,6 +2386,7 @@ void ERR_load_SSL_strings(void); | ||
| 2379 | 2386 | #define SSL_R_HTTPS_PROXY_REQUEST 155 |
| 2380 | 2387 | #define SSL_R_HTTP_REQUEST 156 |
| 2381 | 2388 | #define SSL_R_ILLEGAL_PADDING 283 |
| 2389 | +#define SSL_R_INAPPROPRIATE_FALLBACK 373 | |
| 2382 | 2390 | #define SSL_R_INCONSISTENT_COMPRESSION 340 |
| 2383 | 2391 | #define SSL_R_INVALID_CHALLENGE_LENGTH 158 |
| 2384 | 2392 | #define SSL_R_INVALID_COMMAND 280 |
| @@ -2525,6 +2533,7 @@ void ERR_load_SSL_strings(void); | ||
| 2525 | 2533 | #define SSL_R_TLSV1_ALERT_DECRYPTION_FAILED 1021 |
| 2526 | 2534 | #define SSL_R_TLSV1_ALERT_DECRYPT_ERROR 1051 |
| 2527 | 2535 | #define SSL_R_TLSV1_ALERT_EXPORT_RESTRICTION 1060 |
| 2536 | +#define SSL_R_TLSV1_ALERT_INAPPROPRIATE_FALLBACK 1086 | |
| 2528 | 2537 | #define SSL_R_TLSV1_ALERT_INSUFFICIENT_SECURITY 1071 |
| 2529 | 2538 | #define SSL_R_TLSV1_ALERT_INTERNAL_ERROR 1080 |
| 2530 | 2539 | #define SSL_R_TLSV1_ALERT_NO_RENEGOTIATION 1100 |
| @@ -128,9 +128,14 @@ | ||
| 128 | 128 | extern "C" { |
| 129 | 129 | #endif |
| 130 | 130 | |
| 131 | -/* Signalling cipher suite value: from draft-ietf-tls-renegotiation-03.txt */ | |
| 131 | +/* Signalling cipher suite value from RFC 5746 | |
| 132 | + * (TLS_EMPTY_RENEGOTIATION_INFO_SCSV) */ | |
| 132 | 133 | #define SSL3_CK_SCSV 0x030000FF |
| 133 | 134 | |
| 135 | +/* Signalling cipher suite value from draft-ietf-tls-downgrade-scsv-00 | |
| 136 | + * (TLS_FALLBACK_SCSV) */ | |
| 137 | +#define SSL3_CK_FALLBACK_SCSV 0x03005600 | |
| 138 | + | |
| 134 | 139 | #define SSL3_CK_RSA_NULL_MD5 0x03000001 |
| 135 | 140 | #define SSL3_CK_RSA_NULL_SHA 0x03000002 |
| 136 | 141 | #define SSL3_CK_RSA_RC4_40_MD5 0x03000003 |
| @@ -159,17 +159,19 @@ extern "C" { | ||
| 159 | 159 | |
| 160 | 160 | #define TLS1_ALLOW_EXPERIMENTAL_CIPHERSUITES 0 |
| 161 | 161 | |
| 162 | +#define TLS1_VERSION 0x0301 | |
| 163 | +#define TLS1_1_VERSION 0x0302 | |
| 162 | 164 | #define TLS1_2_VERSION 0x0303 |
| 163 | -#define TLS1_2_VERSION_MAJOR 0x03 | |
| 164 | -#define TLS1_2_VERSION_MINOR 0x03 | |
| 165 | +#define TLS_MAX_VERSION TLS1_2_VERSION | |
| 166 | + | |
| 167 | +#define TLS1_VERSION_MAJOR 0x03 | |
| 168 | +#define TLS1_VERSION_MINOR 0x01 | |
| 165 | 169 | |
| 166 | -#define TLS1_1_VERSION 0x0302 | |
| 167 | 170 | #define TLS1_1_VERSION_MAJOR 0x03 |
| 168 | 171 | #define TLS1_1_VERSION_MINOR 0x02 |
| 169 | 172 | |
| 170 | -#define TLS1_VERSION 0x0301 | |
| 171 | -#define TLS1_VERSION_MAJOR 0x03 | |
| 172 | -#define TLS1_VERSION_MINOR 0x01 | |
| 173 | +#define TLS1_2_VERSION_MAJOR 0x03 | |
| 174 | +#define TLS1_2_VERSION_MINOR 0x03 | |
| 173 | 175 | |
| 174 | 176 | #define TLS1_get_version(s) \ |
| 175 | 177 | ((s->version >> 8) == TLS1_VERSION_MAJOR ? s->version : 0) |
| @@ -187,6 +189,7 @@ extern "C" { | ||
| 187 | 189 | #define TLS1_AD_PROTOCOL_VERSION 70 /* fatal */ |
| 188 | 190 | #define TLS1_AD_INSUFFICIENT_SECURITY 71 /* fatal */ |
| 189 | 191 | #define TLS1_AD_INTERNAL_ERROR 80 /* fatal */ |
| 192 | +#define TLS1_AD_INAPPROPRIATE_FALLBACK 86 /* fatal */ | |
| 190 | 193 | #define TLS1_AD_USER_CANCELLED 90 |
| 191 | 194 | #define TLS1_AD_NO_RENEGOTIATION 100 |
| 192 | 195 | /* codes 110-114 are from RFC3546 */ |
| @@ -5,6 +5,13 @@ | ||
| 5 | 5 | This file gives a brief overview of the major changes between each OpenSSL |
| 6 | 6 | release. For more details please read the CHANGES file. |
| 7 | 7 | |
| 8 | + Major changes between OpenSSL 1.0.1i and OpenSSL 1.0.1j [15 Oct 2014] | |
| 9 | + | |
| 10 | + o Fix for CVE-2014-3513 | |
| 11 | + o Fix for CVE-2014-3567 | |
| 12 | + o Mitigation for CVE-2014-3566 (SSL protocol vulnerability) | |
| 13 | + o Fix for CVE-2014-3568 | |
| 14 | + | |
| 8 | 15 | Major changes between OpenSSL 1.0.1h and OpenSSL 1.0.1i [6 Aug 2014] |
| 9 | 16 | |
| 10 | 17 | o Fix for CVE-2014-3512 |
| @@ -1,5 +1,5 @@ | ||
| 1 | 1 | |
| 2 | - OpenSSL 1.0.1i 6 Aug 2014 | |
| 2 | + OpenSSL 1.0.1j 15 Oct 2014 | |
| 3 | 3 | |
| 4 | 4 | Copyright (c) 1998-2011 The OpenSSL Project |
| 5 | 5 | Copyright (c) 1995-1998 Eric A. Young, Tim J. Hudson |
| @@ -153,15 +153,15 @@ BOOL LoadOpenSSL() | ||
| 153 | 153 | #ifdef ENABLE_PROCESS_PROTECTION |
| 154 | 154 | // 同梱するOpenSSLのバージョンに合わせてSHA1ハッシュ値を変更すること |
| 155 | 155 | #if defined(_M_IX86) |
| 156 | - // ssleay32.dll 1.0.1i | |
| 157 | - RegisterTrustedModuleSHA1Hash("\xA0\x76\x7F\x44\x19\x91\x72\xFB\xF5\x0E\x03\xC7\x79\xE9\x4B\x4D\x72\x95\xED\x5C"); | |
| 158 | - // libeay32.dll 1.0.1i | |
| 159 | - RegisterTrustedModuleSHA1Hash("\x79\xDC\x7A\x43\x8D\x4B\x57\x60\xE6\xBE\x18\x98\xD4\x9A\x36\x99\x74\x6C\x16\x06"); | |
| 156 | + // ssleay32.dll 1.0.1j | |
| 157 | + RegisterTrustedModuleSHA1Hash("\x57\x83\x70\x2D\x44\x8F\x1F\xB3\x83\xC2\xC1\x93\xB5\x92\xC8\x14\xFE\x2B\x31\x59"); | |
| 158 | + // libeay32.dll 1.0.1j | |
| 159 | + RegisterTrustedModuleSHA1Hash("\x66\x15\x03\xCA\xFB\x5C\x08\x96\x4B\x80\x9A\x55\x14\xDB\x1F\x12\x4A\x9C\x53\x52"); | |
| 160 | 160 | #elif defined(_M_AMD64) |
| 161 | - // ssleay32.dll 1.0.1i | |
| 162 | - RegisterTrustedModuleSHA1Hash("\x1E\x93\xF0\x23\xBB\x19\x62\x0C\x8A\x82\x1C\xE6\x4B\x68\x62\xE9\xB0\x7D\x37\x5C"); | |
| 163 | - // libeay32.dll 1.0.1i | |
| 164 | - RegisterTrustedModuleSHA1Hash("\xF1\x77\xF4\x51\x23\xDF\x0F\x71\x33\xC5\x8C\xCF\xCF\x64\x09\xEF\xF9\x23\x1B\x30"); | |
| 161 | + // ssleay32.dll 1.0.1j | |
| 162 | + RegisterTrustedModuleSHA1Hash("\x4C\xBD\xC5\x05\xB5\xB2\x48\xA8\xC2\x0B\xE4\xB3\x17\x02\x9C\x32\xE2\x84\x87\xA9"); | |
| 163 | + // libeay32.dll 1.0.1j | |
| 164 | + RegisterTrustedModuleSHA1Hash("\xF7\x31\xBF\xF6\x2C\x51\xBA\x00\x38\x7E\x76\x2F\x8B\xB3\xF9\x52\x5D\xED\xA4\xE6"); | |
| 165 | 165 | #endif |
| 166 | 166 | #endif |
| 167 | 167 | g_hOpenSSL = LoadLibrary("ssleay32.dll"); |
Fork