FFFTPのソースコードです。
Revision | 6797149e0f2d76c8902ca7a10d5fa903fdae5745 (tree) |
---|---|
Zeit | 2014-10-17 00:03:38 |
Autor | s_kawamoto <s_kawamoto@user...> |
Commiter | s_kawamoto |
Update OpenSSL to 1.0.1j.
@@ -2,6 +2,57 @@ | ||
2 | 2 | OpenSSL CHANGES |
3 | 3 | _______________ |
4 | 4 | |
5 | + Changes between 1.0.1i and 1.0.1j [15 Oct 2014] | |
6 | + | |
7 | + *) SRTP Memory Leak. | |
8 | + | |
9 | + A flaw in the DTLS SRTP extension parsing code allows an attacker, who | |
10 | + sends a carefully crafted handshake message, to cause OpenSSL to fail | |
11 | + to free up to 64k of memory causing a memory leak. This could be | |
12 | + exploited in a Denial Of Service attack. This issue affects OpenSSL | |
13 | + 1.0.1 server implementations for both SSL/TLS and DTLS regardless of | |
14 | + whether SRTP is used or configured. Implementations of OpenSSL that | |
15 | + have been compiled with OPENSSL_NO_SRTP defined are not affected. | |
16 | + | |
17 | + The fix was developed by the OpenSSL team. | |
18 | + (CVE-2014-3513) | |
19 | + [OpenSSL team] | |
20 | + | |
21 | + *) Session Ticket Memory Leak. | |
22 | + | |
23 | + When an OpenSSL SSL/TLS/DTLS server receives a session ticket the | |
24 | + integrity of that ticket is first verified. In the event of a session | |
25 | + ticket integrity check failing, OpenSSL will fail to free memory | |
26 | + causing a memory leak. By sending a large number of invalid session | |
27 | + tickets an attacker could exploit this issue in a Denial Of Service | |
28 | + attack. | |
29 | + (CVE-2014-3567) | |
30 | + [Steve Henson] | |
31 | + | |
32 | + *) Build option no-ssl3 is incomplete. | |
33 | + | |
34 | + When OpenSSL is configured with "no-ssl3" as a build option, servers | |
35 | + could accept and complete a SSL 3.0 handshake, and clients could be | |
36 | + configured to send them. | |
37 | + (CVE-2014-3568) | |
38 | + [Akamai and the OpenSSL team] | |
39 | + | |
40 | + *) Add support for TLS_FALLBACK_SCSV. | |
41 | + Client applications doing fallback retries should call | |
42 | + SSL_set_mode(s, SSL_MODE_SEND_FALLBACK_SCSV). | |
43 | + (CVE-2014-3566) | |
44 | + [Adam Langley, Bodo Moeller] | |
45 | + | |
46 | + *) Add additional DigestInfo checks. | |
47 | + | |
48 | + Reencode DigestInto in DER and check against the original when | |
49 | + verifying RSA signature: this will reject any improperly encoded | |
50 | + DigestInfo structures. | |
51 | + | |
52 | + Note: this is a precautionary measure and no attacks are currently known. | |
53 | + | |
54 | + [Steve Henson] | |
55 | + | |
5 | 56 | Changes between 1.0.1h and 1.0.1i [6 Aug 2014] |
6 | 57 | |
7 | 58 | *) Fix SRP buffer overrun vulnerability. Invalid parameters passed to the |
@@ -84,6 +84,8 @@ extern "C" { | ||
84 | 84 | #endif |
85 | 85 | |
86 | 86 | #define DTLS1_VERSION 0xFEFF |
87 | +#define DTLS_MAX_VERSION DTLS1_VERSION | |
88 | + | |
87 | 89 | #define DTLS1_BAD_VER 0x0100 |
88 | 90 | |
89 | 91 | #if 0 |
@@ -284,4 +286,3 @@ typedef struct dtls1_record_data_st | ||
284 | 286 | } |
285 | 287 | #endif |
286 | 288 | #endif |
287 | - |
@@ -5,6 +5,10 @@ | ||
5 | 5 | |
6 | 6 | #include <sys/types.h> |
7 | 7 | |
8 | +#ifdef __cplusplus | |
9 | +extern "C" { | |
10 | +#endif | |
11 | + | |
8 | 12 | /* Avoid name clashes with other applications */ |
9 | 13 | #define os_toascii _openssl_os_toascii |
10 | 14 | #define os_toebcdic _openssl_os_toebcdic |
@@ -16,4 +20,7 @@ extern const unsigned char os_toebcdic[256]; | ||
16 | 20 | void *ebcdic2ascii(void *dest, const void *srce, size_t count); |
17 | 21 | void *ascii2ebcdic(void *dest, const void *srce, size_t count); |
18 | 22 | |
23 | +#ifdef __cplusplus | |
24 | +} | |
25 | +#endif | |
19 | 26 | #endif |
@@ -629,7 +629,7 @@ int EC_POINT_cmp(const EC_GROUP *group, const EC_POINT *a, const EC_POINT *b, BN | ||
629 | 629 | int EC_POINT_make_affine(const EC_GROUP *group, EC_POINT *point, BN_CTX *ctx); |
630 | 630 | int EC_POINTs_make_affine(const EC_GROUP *group, size_t num, EC_POINT *points[], BN_CTX *ctx); |
631 | 631 | |
632 | -/** Computes r = generator * n sum_{i=0}^num p[i] * m[i] | |
632 | +/** Computes r = generator * n sum_{i=0}^{num-1} p[i] * m[i] | |
633 | 633 | * \param group underlying EC_GROUP object |
634 | 634 | * \param r EC_POINT object for the result |
635 | 635 | * \param n BIGNUM with the multiplier for the group generator (optional) |
@@ -7,6 +7,9 @@ | ||
7 | 7 | |
8 | 8 | #include <stddef.h> |
9 | 9 | |
10 | +#ifdef __cplusplus | |
11 | +extern "C" { | |
12 | +#endif | |
10 | 13 | typedef void (*block128_f)(const unsigned char in[16], |
11 | 14 | unsigned char out[16], |
12 | 15 | const void *key); |
@@ -133,3 +136,6 @@ typedef struct xts128_context XTS128_CONTEXT; | ||
133 | 136 | |
134 | 137 | int CRYPTO_xts128_encrypt(const XTS128_CONTEXT *ctx, const unsigned char iv[16], |
135 | 138 | const unsigned char *inp, unsigned char *out, size_t len, int enc); |
139 | +#ifdef __cplusplus | |
140 | +} | |
141 | +#endif |
@@ -1,6 +1,9 @@ | ||
1 | 1 | /* opensslconf.h */ |
2 | 2 | /* WARNING: Generated automatically from opensslconf.h.in by Configure. */ |
3 | 3 | |
4 | +#ifdef __cplusplus | |
5 | +extern "C" { | |
6 | +#endif | |
4 | 7 | /* OpenSSL was configured with the following options: */ |
5 | 8 | #ifndef OPENSSL_SYSNAME_WIN32 |
6 | 9 | # define OPENSSL_SYSNAME_WIN32 |
@@ -239,3 +242,6 @@ YOU SHOULD NOT HAVE BOTH DES_RISC1 AND DES_RISC2 DEFINED!!!!! | ||
239 | 242 | |
240 | 243 | #endif /* DES_DEFAULT_OPTIONS */ |
241 | 244 | #endif /* HEADER_DES_LOCL_H */ |
245 | +#ifdef __cplusplus | |
246 | +} | |
247 | +#endif |
@@ -1,6 +1,10 @@ | ||
1 | 1 | #ifndef HEADER_OPENSSLV_H |
2 | 2 | #define HEADER_OPENSSLV_H |
3 | 3 | |
4 | +#ifdef __cplusplus | |
5 | +extern "C" { | |
6 | +#endif | |
7 | + | |
4 | 8 | /* Numeric release version identifier: |
5 | 9 | * MNNFFPPS: major minor fix patch status |
6 | 10 | * The status nibble has one of the values 0 for development, 1 to e for betas |
@@ -25,11 +29,11 @@ | ||
25 | 29 | * (Prior to 0.9.5a beta1, a different scheme was used: MMNNFFRBB for |
26 | 30 | * major minor fix final patch/beta) |
27 | 31 | */ |
28 | -#define OPENSSL_VERSION_NUMBER 0x1000109fL | |
32 | +#define OPENSSL_VERSION_NUMBER 0x100010afL | |
29 | 33 | #ifdef OPENSSL_FIPS |
30 | -#define OPENSSL_VERSION_TEXT "OpenSSL 1.0.1i-fips 6 Aug 2014" | |
34 | +#define OPENSSL_VERSION_TEXT "OpenSSL 1.0.1j-fips 15 Oct 2014" | |
31 | 35 | #else |
32 | -#define OPENSSL_VERSION_TEXT "OpenSSL 1.0.1i 6 Aug 2014" | |
36 | +#define OPENSSL_VERSION_TEXT "OpenSSL 1.0.1j 15 Oct 2014" | |
33 | 37 | #endif |
34 | 38 | #define OPENSSL_VERSION_PTEXT " part of " OPENSSL_VERSION_TEXT |
35 | 39 |
@@ -86,4 +90,7 @@ | ||
86 | 90 | #define SHLIB_VERSION_NUMBER "1.0.0" |
87 | 91 | |
88 | 92 | |
93 | +#ifdef __cplusplus | |
94 | +} | |
95 | +#endif | |
89 | 96 | #endif /* HEADER_OPENSSLV_H */ |
@@ -55,6 +55,10 @@ | ||
55 | 55 | #ifndef HEADER_OPENSSL_TYPES_H |
56 | 56 | #define HEADER_OPENSSL_TYPES_H |
57 | 57 | |
58 | +#ifdef __cplusplus | |
59 | +extern "C" { | |
60 | +#endif | |
61 | + | |
58 | 62 | #include <openssl/e_os2.h> |
59 | 63 | |
60 | 64 | #ifdef NO_ASN1_TYPEDEFS |
@@ -199,4 +203,7 @@ typedef struct ocsp_req_ctx_st OCSP_REQ_CTX; | ||
199 | 203 | typedef struct ocsp_response_st OCSP_RESPONSE; |
200 | 204 | typedef struct ocsp_responder_id_st OCSP_RESPID; |
201 | 205 | |
206 | +#ifdef __cplusplus | |
207 | +} | |
208 | +#endif | |
202 | 209 | #endif /* def HEADER_OPENSSL_TYPES_H */ |
@@ -233,10 +233,6 @@ DECLARE_PKCS12_STACK_OF(PKCS7) | ||
233 | 233 | (OBJ_obj2nid((a)->type) == NID_pkcs7_signedAndEnveloped) |
234 | 234 | #define PKCS7_type_is_data(a) (OBJ_obj2nid((a)->type) == NID_pkcs7_data) |
235 | 235 | #define PKCS7_type_is_digest(a) (OBJ_obj2nid((a)->type) == NID_pkcs7_digest) |
236 | -#define PKCS7_type_is_encrypted(a) \ | |
237 | - (OBJ_obj2nid((a)->type) == NID_pkcs7_encrypted) | |
238 | - | |
239 | -#define PKCS7_type_is_digest(a) (OBJ_obj2nid((a)->type) == NID_pkcs7_digest) | |
240 | 236 | |
241 | 237 | #define PKCS7_set_detached(p,v) \ |
242 | 238 | PKCS7_ctrl(p,PKCS7_OP_SET_DETACHED_SIGNATURE,v,NULL) |
@@ -64,6 +64,9 @@ | ||
64 | 64 | #include <stdlib.h> |
65 | 65 | #include <string.h> |
66 | 66 | |
67 | +#ifdef __cplusplus | |
68 | +extern "C" { | |
69 | +#endif | |
67 | 70 | typedef struct _pqueue *pqueue; |
68 | 71 | |
69 | 72 | typedef struct _pitem |
@@ -91,4 +94,7 @@ pitem *pqueue_next(piterator *iter); | ||
91 | 94 | void pqueue_print(pqueue pq); |
92 | 95 | int pqueue_size(pqueue pq); |
93 | 96 | |
97 | +#ifdef __cplusplus | |
98 | +} | |
99 | +#endif | |
94 | 100 | #endif /* ! HEADER_PQUEUE_H */ |
@@ -559,6 +559,7 @@ void ERR_load_RSA_strings(void); | ||
559 | 559 | #define RSA_R_OPERATION_NOT_ALLOWED_IN_FIPS_MODE 158 |
560 | 560 | #define RSA_R_OPERATION_NOT_SUPPORTED_FOR_THIS_KEYTYPE 148 |
561 | 561 | #define RSA_R_PADDING_CHECK_FAILED 114 |
562 | +#define RSA_R_PKCS_DECODING_ERROR 159 | |
562 | 563 | #define RSA_R_P_NOT_PRIME 128 |
563 | 564 | #define RSA_R_Q_NOT_PRIME 129 |
564 | 565 | #define RSA_R_RSA_OPERATIONS_NOT_SUPPORTED 130 |
@@ -57,6 +57,10 @@ | ||
57 | 57 | |
58 | 58 | #include <openssl/stack.h> |
59 | 59 | |
60 | +#ifdef __cplusplus | |
61 | +extern "C" { | |
62 | +#endif | |
63 | + | |
60 | 64 | #ifndef CHECKED_PTR_OF |
61 | 65 | #define CHECKED_PTR_OF(type, p) \ |
62 | 66 | ((void*) (1 ? p : (type*)0)) |
@@ -2660,4 +2664,8 @@ DECLARE_SPECIAL_STACK_OF(OPENSSL_BLOCK, void) | ||
2660 | 2664 | #define lh_SSL_SESSION_free(lh) LHM_lh_free(SSL_SESSION,lh) |
2661 | 2665 | /* End of util/mkstack.pl block, you may now edit :-) */ |
2662 | 2666 | |
2667 | + | |
2668 | +#ifdef __cplusplus | |
2669 | +} | |
2670 | +#endif | |
2663 | 2671 | #endif /* !defined HEADER_SAFESTACK_H */ |
@@ -130,6 +130,8 @@ extern "C" { | ||
130 | 130 | #define SRTP_NULL_SHA1_80 0x0005 |
131 | 131 | #define SRTP_NULL_SHA1_32 0x0006 |
132 | 132 | |
133 | +#ifndef OPENSSL_NO_SRTP | |
134 | + | |
133 | 135 | int SSL_CTX_set_tlsext_use_srtp(SSL_CTX *ctx, const char *profiles); |
134 | 136 | int SSL_set_tlsext_use_srtp(SSL *ctx, const char *profiles); |
135 | 137 | SRTP_PROTECTION_PROFILE *SSL_get_selected_srtp_profile(SSL *s); |
@@ -137,6 +139,8 @@ SRTP_PROTECTION_PROFILE *SSL_get_selected_srtp_profile(SSL *s); | ||
137 | 139 | STACK_OF(SRTP_PROTECTION_PROFILE) *SSL_get_srtp_profiles(SSL *ssl); |
138 | 140 | SRTP_PROTECTION_PROFILE *SSL_get_selected_srtp_profile(SSL *s); |
139 | 141 | |
142 | +#endif | |
143 | + | |
140 | 144 | #ifdef __cplusplus |
141 | 145 | } |
142 | 146 | #endif |
@@ -653,6 +653,10 @@ struct ssl_session_st | ||
653 | 653 | */ |
654 | 654 | #define SSL_MODE_SEND_CLIENTHELLO_TIME 0x00000020L |
655 | 655 | #define SSL_MODE_SEND_SERVERHELLO_TIME 0x00000040L |
656 | +/* Send TLS_FALLBACK_SCSV in the ClientHello. | |
657 | + * To be set by applications that reconnect with a downgraded protocol | |
658 | + * version; see draft-ietf-tls-downgrade-scsv-00 for details. */ | |
659 | +#define SSL_MODE_SEND_FALLBACK_SCSV 0x00000080L | |
656 | 660 | |
657 | 661 | /* Note: SSL[_CTX]_set_{options,mode} use |= op on the previous value, |
658 | 662 | * they cannot be used to clear bits. */ |
@@ -1511,6 +1515,7 @@ DECLARE_PEM_rw(SSL_SESSION, SSL_SESSION) | ||
1511 | 1515 | #define SSL_AD_BAD_CERTIFICATE_STATUS_RESPONSE TLS1_AD_BAD_CERTIFICATE_STATUS_RESPONSE |
1512 | 1516 | #define SSL_AD_BAD_CERTIFICATE_HASH_VALUE TLS1_AD_BAD_CERTIFICATE_HASH_VALUE |
1513 | 1517 | #define SSL_AD_UNKNOWN_PSK_IDENTITY TLS1_AD_UNKNOWN_PSK_IDENTITY /* fatal */ |
1518 | +#define SSL_AD_INAPPROPRIATE_FALLBACK TLS1_AD_INAPPROPRIATE_FALLBACK /* fatal */ | |
1514 | 1519 | |
1515 | 1520 | #define SSL_ERROR_NONE 0 |
1516 | 1521 | #define SSL_ERROR_SSL 1 |
@@ -1621,6 +1626,8 @@ DECLARE_PEM_rw(SSL_SESSION, SSL_SESSION) | ||
1621 | 1626 | #define SSL_CTRL_GET_EXTRA_CHAIN_CERTS 82 |
1622 | 1627 | #define SSL_CTRL_CLEAR_EXTRA_CHAIN_CERTS 83 |
1623 | 1628 | |
1629 | +#define SSL_CTRL_CHECK_PROTO_VERSION 119 | |
1630 | + | |
1624 | 1631 | #define DTLSv1_get_timeout(ssl, arg) \ |
1625 | 1632 | SSL_ctrl(ssl,DTLS_CTRL_GET_TIMEOUT,0, (void *)arg) |
1626 | 1633 | #define DTLSv1_handle_timeout(ssl) \ |
@@ -2379,6 +2386,7 @@ void ERR_load_SSL_strings(void); | ||
2379 | 2386 | #define SSL_R_HTTPS_PROXY_REQUEST 155 |
2380 | 2387 | #define SSL_R_HTTP_REQUEST 156 |
2381 | 2388 | #define SSL_R_ILLEGAL_PADDING 283 |
2389 | +#define SSL_R_INAPPROPRIATE_FALLBACK 373 | |
2382 | 2390 | #define SSL_R_INCONSISTENT_COMPRESSION 340 |
2383 | 2391 | #define SSL_R_INVALID_CHALLENGE_LENGTH 158 |
2384 | 2392 | #define SSL_R_INVALID_COMMAND 280 |
@@ -2525,6 +2533,7 @@ void ERR_load_SSL_strings(void); | ||
2525 | 2533 | #define SSL_R_TLSV1_ALERT_DECRYPTION_FAILED 1021 |
2526 | 2534 | #define SSL_R_TLSV1_ALERT_DECRYPT_ERROR 1051 |
2527 | 2535 | #define SSL_R_TLSV1_ALERT_EXPORT_RESTRICTION 1060 |
2536 | +#define SSL_R_TLSV1_ALERT_INAPPROPRIATE_FALLBACK 1086 | |
2528 | 2537 | #define SSL_R_TLSV1_ALERT_INSUFFICIENT_SECURITY 1071 |
2529 | 2538 | #define SSL_R_TLSV1_ALERT_INTERNAL_ERROR 1080 |
2530 | 2539 | #define SSL_R_TLSV1_ALERT_NO_RENEGOTIATION 1100 |
@@ -128,9 +128,14 @@ | ||
128 | 128 | extern "C" { |
129 | 129 | #endif |
130 | 130 | |
131 | -/* Signalling cipher suite value: from draft-ietf-tls-renegotiation-03.txt */ | |
131 | +/* Signalling cipher suite value from RFC 5746 | |
132 | + * (TLS_EMPTY_RENEGOTIATION_INFO_SCSV) */ | |
132 | 133 | #define SSL3_CK_SCSV 0x030000FF |
133 | 134 | |
135 | +/* Signalling cipher suite value from draft-ietf-tls-downgrade-scsv-00 | |
136 | + * (TLS_FALLBACK_SCSV) */ | |
137 | +#define SSL3_CK_FALLBACK_SCSV 0x03005600 | |
138 | + | |
134 | 139 | #define SSL3_CK_RSA_NULL_MD5 0x03000001 |
135 | 140 | #define SSL3_CK_RSA_NULL_SHA 0x03000002 |
136 | 141 | #define SSL3_CK_RSA_RC4_40_MD5 0x03000003 |
@@ -159,17 +159,19 @@ extern "C" { | ||
159 | 159 | |
160 | 160 | #define TLS1_ALLOW_EXPERIMENTAL_CIPHERSUITES 0 |
161 | 161 | |
162 | +#define TLS1_VERSION 0x0301 | |
163 | +#define TLS1_1_VERSION 0x0302 | |
162 | 164 | #define TLS1_2_VERSION 0x0303 |
163 | -#define TLS1_2_VERSION_MAJOR 0x03 | |
164 | -#define TLS1_2_VERSION_MINOR 0x03 | |
165 | +#define TLS_MAX_VERSION TLS1_2_VERSION | |
166 | + | |
167 | +#define TLS1_VERSION_MAJOR 0x03 | |
168 | +#define TLS1_VERSION_MINOR 0x01 | |
165 | 169 | |
166 | -#define TLS1_1_VERSION 0x0302 | |
167 | 170 | #define TLS1_1_VERSION_MAJOR 0x03 |
168 | 171 | #define TLS1_1_VERSION_MINOR 0x02 |
169 | 172 | |
170 | -#define TLS1_VERSION 0x0301 | |
171 | -#define TLS1_VERSION_MAJOR 0x03 | |
172 | -#define TLS1_VERSION_MINOR 0x01 | |
173 | +#define TLS1_2_VERSION_MAJOR 0x03 | |
174 | +#define TLS1_2_VERSION_MINOR 0x03 | |
173 | 175 | |
174 | 176 | #define TLS1_get_version(s) \ |
175 | 177 | ((s->version >> 8) == TLS1_VERSION_MAJOR ? s->version : 0) |
@@ -187,6 +189,7 @@ extern "C" { | ||
187 | 189 | #define TLS1_AD_PROTOCOL_VERSION 70 /* fatal */ |
188 | 190 | #define TLS1_AD_INSUFFICIENT_SECURITY 71 /* fatal */ |
189 | 191 | #define TLS1_AD_INTERNAL_ERROR 80 /* fatal */ |
192 | +#define TLS1_AD_INAPPROPRIATE_FALLBACK 86 /* fatal */ | |
190 | 193 | #define TLS1_AD_USER_CANCELLED 90 |
191 | 194 | #define TLS1_AD_NO_RENEGOTIATION 100 |
192 | 195 | /* codes 110-114 are from RFC3546 */ |
@@ -5,6 +5,13 @@ | ||
5 | 5 | This file gives a brief overview of the major changes between each OpenSSL |
6 | 6 | release. For more details please read the CHANGES file. |
7 | 7 | |
8 | + Major changes between OpenSSL 1.0.1i and OpenSSL 1.0.1j [15 Oct 2014] | |
9 | + | |
10 | + o Fix for CVE-2014-3513 | |
11 | + o Fix for CVE-2014-3567 | |
12 | + o Mitigation for CVE-2014-3566 (SSL protocol vulnerability) | |
13 | + o Fix for CVE-2014-3568 | |
14 | + | |
8 | 15 | Major changes between OpenSSL 1.0.1h and OpenSSL 1.0.1i [6 Aug 2014] |
9 | 16 | |
10 | 17 | o Fix for CVE-2014-3512 |
@@ -1,5 +1,5 @@ | ||
1 | 1 | |
2 | - OpenSSL 1.0.1i 6 Aug 2014 | |
2 | + OpenSSL 1.0.1j 15 Oct 2014 | |
3 | 3 | |
4 | 4 | Copyright (c) 1998-2011 The OpenSSL Project |
5 | 5 | Copyright (c) 1995-1998 Eric A. Young, Tim J. Hudson |
@@ -153,15 +153,15 @@ BOOL LoadOpenSSL() | ||
153 | 153 | #ifdef ENABLE_PROCESS_PROTECTION |
154 | 154 | // 同梱するOpenSSLのバージョンに合わせてSHA1ハッシュ値を変更すること |
155 | 155 | #if defined(_M_IX86) |
156 | - // ssleay32.dll 1.0.1i | |
157 | - RegisterTrustedModuleSHA1Hash("\xA0\x76\x7F\x44\x19\x91\x72\xFB\xF5\x0E\x03\xC7\x79\xE9\x4B\x4D\x72\x95\xED\x5C"); | |
158 | - // libeay32.dll 1.0.1i | |
159 | - RegisterTrustedModuleSHA1Hash("\x79\xDC\x7A\x43\x8D\x4B\x57\x60\xE6\xBE\x18\x98\xD4\x9A\x36\x99\x74\x6C\x16\x06"); | |
156 | + // ssleay32.dll 1.0.1j | |
157 | + RegisterTrustedModuleSHA1Hash("\x57\x83\x70\x2D\x44\x8F\x1F\xB3\x83\xC2\xC1\x93\xB5\x92\xC8\x14\xFE\x2B\x31\x59"); | |
158 | + // libeay32.dll 1.0.1j | |
159 | + RegisterTrustedModuleSHA1Hash("\x66\x15\x03\xCA\xFB\x5C\x08\x96\x4B\x80\x9A\x55\x14\xDB\x1F\x12\x4A\x9C\x53\x52"); | |
160 | 160 | #elif defined(_M_AMD64) |
161 | - // ssleay32.dll 1.0.1i | |
162 | - RegisterTrustedModuleSHA1Hash("\x1E\x93\xF0\x23\xBB\x19\x62\x0C\x8A\x82\x1C\xE6\x4B\x68\x62\xE9\xB0\x7D\x37\x5C"); | |
163 | - // libeay32.dll 1.0.1i | |
164 | - RegisterTrustedModuleSHA1Hash("\xF1\x77\xF4\x51\x23\xDF\x0F\x71\x33\xC5\x8C\xCF\xCF\x64\x09\xEF\xF9\x23\x1B\x30"); | |
161 | + // ssleay32.dll 1.0.1j | |
162 | + RegisterTrustedModuleSHA1Hash("\x4C\xBD\xC5\x05\xB5\xB2\x48\xA8\xC2\x0B\xE4\xB3\x17\x02\x9C\x32\xE2\x84\x87\xA9"); | |
163 | + // libeay32.dll 1.0.1j | |
164 | + RegisterTrustedModuleSHA1Hash("\xF7\x31\xBF\xF6\x2C\x51\xBA\x00\x38\x7E\x76\x2F\x8B\xB3\xF9\x52\x5D\xED\xA4\xE6"); | |
165 | 165 | #endif |
166 | 166 | #endif |
167 | 167 | g_hOpenSSL = LoadLibrary("ssleay32.dll"); |