• R/O
  • HTTP
  • SSH
  • HTTPS

Commit

Tags
Keine Tags

Frequently used words (click to add to your profile)

javaandroidc++linuxc#objective-ccocoa誰得qtrubypythongamewindowsbathyscaphephpguic翻訳omegattwitterframeworktestbtronarduinovb.net計画中(planning stage)directxpreviewerゲームエンジンdom

FFFTPのソースコードです。


Commit MetaInfo

Revision2da77525e96cf18d2fb43fca7acfa301a66bc541 (tree)
Zeit2016-01-30 17:07:29
Autors_kawamoto <s_kawamoto@user...>
Commiters_kawamoto

Log Message

Update OpenSSL to 1.0.2f.

Ändern Zusammenfassung

Diff

Binary files a/FFFTP_Eng_Release/FFFTP.exe and b/FFFTP_Eng_Release/FFFTP.exe differ
Binary files a/FFFTP_Eng_Release_64/FFFTP.exe and b/FFFTP_Eng_Release_64/FFFTP.exe differ
Binary files a/Release/FFFTP.exe and b/Release/FFFTP.exe differ
Binary files a/Release_64/FFFTP.exe and b/Release_64/FFFTP.exe differ
--- a/common.h
+++ b/common.h
@@ -81,7 +81,7 @@
8181 // ソフトウェア自動更新
8282 // リリースバージョンはリリース予定年(10進数4桁)+月(2桁)+日(2桁)+通し番号(0スタート2桁)とする
8383 // 2014年7月31日中の30個目のリリースは2014073129
84-#define RELEASE_VERSION_NUM 2016012300 /* リリースバージョン */
84+#define RELEASE_VERSION_NUM 2016013000 /* リリースバージョン */
8585
8686
8787 // SourceForge.JPによるフォーク
--- a/contrib/openssl/CHANGES
+++ b/contrib/openssl/CHANGES
@@ -2,6 +2,54 @@
22 OpenSSL CHANGES
33 _______________
44
5+ Changes between 1.0.2e and 1.0.2f [28 Jan 2016]
6+
7+ *) DH small subgroups
8+
9+ Historically OpenSSL only ever generated DH parameters based on "safe"
10+ primes. More recently (in version 1.0.2) support was provided for
11+ generating X9.42 style parameter files such as those required for RFC 5114
12+ support. The primes used in such files may not be "safe". Where an
13+ application is using DH configured with parameters based on primes that are
14+ not "safe" then an attacker could use this fact to find a peer's private
15+ DH exponent. This attack requires that the attacker complete multiple
16+ handshakes in which the peer uses the same private DH exponent. For example
17+ this could be used to discover a TLS server's private DH exponent if it's
18+ reusing the private DH exponent or it's using a static DH ciphersuite.
19+
20+ OpenSSL provides the option SSL_OP_SINGLE_DH_USE for ephemeral DH (DHE) in
21+ TLS. It is not on by default. If the option is not set then the server
22+ reuses the same private DH exponent for the life of the server process and
23+ would be vulnerable to this attack. It is believed that many popular
24+ applications do set this option and would therefore not be at risk.
25+
26+ The fix for this issue adds an additional check where a "q" parameter is
27+ available (as is the case in X9.42 based parameters). This detects the
28+ only known attack, and is the only possible defense for static DH
29+ ciphersuites. This could have some performance impact.
30+
31+ Additionally the SSL_OP_SINGLE_DH_USE option has been switched on by
32+ default and cannot be disabled. This could have some performance impact.
33+
34+ This issue was reported to OpenSSL by Antonio Sanso (Adobe).
35+ (CVE-2016-0701)
36+ [Matt Caswell]
37+
38+ *) SSLv2 doesn't block disabled ciphers
39+
40+ A malicious client can negotiate SSLv2 ciphers that have been disabled on
41+ the server and complete SSLv2 handshakes even if all SSLv2 ciphers have
42+ been disabled, provided that the SSLv2 protocol was not also disabled via
43+ SSL_OP_NO_SSLv2.
44+
45+ This issue was reported to OpenSSL on 26th December 2015 by Nimrod Aviram
46+ and Sebastian Schinzel.
47+ (CVE-2015-3197)
48+ [Viktor Dukhovni]
49+
50+ *) Reject DH handshakes with parameters shorter than 1024 bits.
51+ [Kurt Roeckx]
52+
553 Changes between 1.0.2d and 1.0.2e [3 Dec 2015]
654
755 *) BN_mod_exp may produce incorrect results on x86_64
--- a/contrib/openssl/LICENSE
+++ b/contrib/openssl/LICENSE
@@ -12,7 +12,7 @@
1212 ---------------
1313
1414 /* ====================================================================
15- * Copyright (c) 1998-2011 The OpenSSL Project. All rights reserved.
15+ * Copyright (c) 1998-2016 The OpenSSL Project. All rights reserved.
1616 *
1717 * Redistribution and use in source and binary forms, with or without
1818 * modification, are permitted provided that the following conditions
--- a/contrib/openssl/NEWS
+++ b/contrib/openssl/NEWS
@@ -5,6 +5,11 @@
55 This file gives a brief overview of the major changes between each OpenSSL
66 release. For more details please read the CHANGES file.
77
8+ Major changes between OpenSSL 1.0.2e and OpenSSL 1.0.2f [28 Jan 2016]
9+
10+ o DH small subgroups (CVE-2016-0701)
11+ o SSLv2 doesn't block disabled ciphers (CVE-2015-3197)
12+
813 Major changes between OpenSSL 1.0.2d and OpenSSL 1.0.2e [3 Dec 2015]
914
1015 o BN_mod_exp may produce incorrect results on x86_64 (CVE-2015-3193)
--- a/contrib/openssl/README
+++ b/contrib/openssl/README
@@ -1,5 +1,5 @@
11
2- OpenSSL 1.0.2e 3 Dec 2015
2+ OpenSSL 1.0.2f 28 Jan 2016
33
44 Copyright (c) 1998-2015 The OpenSSL Project
55 Copyright (c) 1995-1998 Eric A. Young, Tim J. Hudson
@@ -90,11 +90,12 @@
9090
9191 In order to avoid spam, this is a moderated mailing list, and it might
9292 take a day for the ticket to show up. (We also scan posts to make sure
93- that security disclosures aren't publically posted by mistake.) Mail to
94- this address is recorded in the public RT (request tracker) database (see
95- https://www.openssl.org/support/rt.html for details) and also forwarded
96- the public openssl-dev mailing list. Confidential mail may be sent to
97- openssl-security@openssl.org (PGP key available from the key servers).
93+ that security disclosures aren't publically posted by mistake.) Mail
94+ to this address is recorded in the public RT (request tracker) database
95+ (see https://www.openssl.org/community/index.html#bugs for details) and
96+ also forwarded the public openssl-dev mailing list. Confidential mail
97+ may be sent to openssl-security@openssl.org (PGP key available from the
98+ key servers).
9899
99100 Please do NOT use this for general assistance or support queries.
100101 Just because something doesn't work the way you expect does not mean it
--- a/contrib/openssl/include/openssl/aes.h
+++ b/contrib/openssl/include/openssl/aes.h
@@ -1,4 +1,4 @@
1-/* crypto/aes/aes.h -*- mode:C; c-file-style: "eay" -*- */
1+/* crypto/aes/aes.h */
22 /* ====================================================================
33 * Copyright (c) 1998-2002 The OpenSSL Project. All rights reserved.
44 *
--- a/contrib/openssl/include/openssl/bio.h
+++ b/contrib/openssl/include/openssl/bio.h
@@ -479,11 +479,11 @@ struct bio_dgram_sctp_prinfo {
479479 # define BIO_get_conn_hostname(b) BIO_ptr_ctrl(b,BIO_C_GET_CONNECT,0)
480480 # define BIO_get_conn_port(b) BIO_ptr_ctrl(b,BIO_C_GET_CONNECT,1)
481481 # define BIO_get_conn_ip(b) BIO_ptr_ctrl(b,BIO_C_GET_CONNECT,2)
482-# define BIO_get_conn_int_port(b) BIO_int_ctrl(b,BIO_C_GET_CONNECT,3,0)
482+# define BIO_get_conn_int_port(b) BIO_ctrl(b,BIO_C_GET_CONNECT,3,0,NULL)
483483
484484 # define BIO_set_nbio(b,n) BIO_ctrl(b,BIO_C_SET_NBIO,(n),NULL)
485485
486-/* BIO_s_accept_socket() */
486+/* BIO_s_accept() */
487487 # define BIO_set_accept_port(b,name) BIO_ctrl(b,BIO_C_SET_ACCEPT,0,(char *)name)
488488 # define BIO_get_accept_port(b) BIO_ptr_ctrl(b,BIO_C_GET_ACCEPT,0)
489489 /* #define BIO_set_nbio(b,n) BIO_ctrl(b,BIO_C_SET_NBIO,(n),NULL) */
@@ -496,6 +496,7 @@ struct bio_dgram_sctp_prinfo {
496496 # define BIO_set_bind_mode(b,mode) BIO_ctrl(b,BIO_C_SET_BIND_MODE,mode,NULL)
497497 # define BIO_get_bind_mode(b,mode) BIO_ctrl(b,BIO_C_GET_BIND_MODE,0,NULL)
498498
499+/* BIO_s_accept() and BIO_s_connect() */
499500 # define BIO_do_connect(b) BIO_do_handshake(b)
500501 # define BIO_do_accept(b) BIO_do_handshake(b)
501502 # define BIO_do_handshake(b) BIO_ctrl(b,BIO_C_DO_STATE_MACHINE,0,NULL)
@@ -515,12 +516,15 @@ struct bio_dgram_sctp_prinfo {
515516 # define BIO_get_url(b,url) BIO_ctrl(b,BIO_C_GET_PROXY_PARAM,2,(char *)(url))
516517 # define BIO_get_no_connect_return(b) BIO_ctrl(b,BIO_C_GET_PROXY_PARAM,5,NULL)
517518
519+/* BIO_s_datagram(), BIO_s_fd(), BIO_s_socket(), BIO_s_accept() and BIO_s_connect() */
518520 # define BIO_set_fd(b,fd,c) BIO_int_ctrl(b,BIO_C_SET_FD,c,fd)
519521 # define BIO_get_fd(b,c) BIO_ctrl(b,BIO_C_GET_FD,0,(char *)c)
520522
523+/* BIO_s_file() */
521524 # define BIO_set_fp(b,fp,c) BIO_ctrl(b,BIO_C_SET_FILE_PTR,c,(char *)fp)
522525 # define BIO_get_fp(b,fpp) BIO_ctrl(b,BIO_C_GET_FILE_PTR,0,(char *)fpp)
523526
527+/* BIO_s_fd() and BIO_s_file() */
524528 # define BIO_seek(b,ofs) (int)BIO_ctrl(b,BIO_C_FILE_SEEK,ofs,NULL)
525529 # define BIO_tell(b) (int)BIO_ctrl(b,BIO_C_FILE_TELL,0,NULL)
526530
--- a/contrib/openssl/include/openssl/camellia.h
+++ b/contrib/openssl/include/openssl/camellia.h
@@ -1,4 +1,4 @@
1-/* crypto/camellia/camellia.h -*- mode:C; c-file-style: "eay" -*- */
1+/* crypto/camellia/camellia.h */
22 /* ====================================================================
33 * Copyright (c) 2006 The OpenSSL Project. All rights reserved.
44 *
--- a/contrib/openssl/include/openssl/des_old.h
+++ b/contrib/openssl/include/openssl/des_old.h
@@ -1,4 +1,4 @@
1-/* crypto/des/des_old.h -*- mode:C; c-file-style: "eay" -*- */
1+/* crypto/des/des_old.h */
22
33 /*-
44 * WARNING WARNING WARNING WARNING WARNING WARNING WARNING WARNING
--- a/contrib/openssl/include/openssl/dh.h
+++ b/contrib/openssl/include/openssl/dh.h
@@ -174,6 +174,7 @@ struct dh_st {
174174 /* DH_check_pub_key error codes */
175175 # define DH_CHECK_PUBKEY_TOO_SMALL 0x01
176176 # define DH_CHECK_PUBKEY_TOO_LARGE 0x02
177+# define DH_CHECK_PUBKEY_INVALID 0x03
177178
178179 /*
179180 * primes p where (p-1)/2 is prime too are called "safe"; we define this for
--- a/contrib/openssl/include/openssl/dso.h
+++ b/contrib/openssl/include/openssl/dso.h
@@ -1,4 +1,4 @@
1-/* dso.h -*- mode:C; c-file-style: "eay" -*- */
1+/* dso.h */
22 /*
33 * Written by Geoff Thorpe (geoff@geoffthorpe.net) for the OpenSSL project
44 * 2000.
--- a/contrib/openssl/include/openssl/kssl.h
+++ b/contrib/openssl/include/openssl/kssl.h
@@ -1,4 +1,4 @@
1-/* ssl/kssl.h -*- mode: C; c-file-style: "eay" -*- */
1+/* ssl/kssl.h */
22 /*
33 * Written by Vern Staats <staatsvr@asc.hpc.mil> for the OpenSSL project
44 * 2000. project 2000.
--- a/contrib/openssl/include/openssl/opensslv.h
+++ b/contrib/openssl/include/openssl/opensslv.h
@@ -30,11 +30,11 @@ extern "C" {
3030 * (Prior to 0.9.5a beta1, a different scheme was used: MMNNFFRBB for
3131 * major minor fix final patch/beta)
3232 */
33-# define OPENSSL_VERSION_NUMBER 0x1000205fL
33+# define OPENSSL_VERSION_NUMBER 0x1000206fL
3434 # ifdef OPENSSL_FIPS
35-# define OPENSSL_VERSION_TEXT "OpenSSL 1.0.2e-fips 3 Dec 2015"
35+# define OPENSSL_VERSION_TEXT "OpenSSL 1.0.2f-fips 28 Jan 2016"
3636 # else
37-# define OPENSSL_VERSION_TEXT "OpenSSL 1.0.2e 3 Dec 2015"
37+# define OPENSSL_VERSION_TEXT "OpenSSL 1.0.2f 28 Jan 2016"
3838 # endif
3939 # define OPENSSL_VERSION_PTEXT " part of " OPENSSL_VERSION_TEXT
4040
--- a/contrib/openssl/include/openssl/ssl.h
+++ b/contrib/openssl/include/openssl/ssl.h
@@ -625,7 +625,7 @@ struct ssl_session_st {
625625 # define SSL_OP_ALLOW_UNSAFE_LEGACY_RENEGOTIATION 0x00040000L
626626 /* If set, always create a new key when using tmp_ecdh parameters */
627627 # define SSL_OP_SINGLE_ECDH_USE 0x00080000L
628-/* If set, always create a new key when using tmp_dh parameters */
628+/* Does nothing: retained for compatibility */
629629 # define SSL_OP_SINGLE_DH_USE 0x00100000L
630630 /* Does nothing: retained for compatibiity */
631631 # define SSL_OP_EPHEMERAL_RSA 0x0
@@ -2092,7 +2092,7 @@ DECLARE_PEM_rw(SSL_SESSION, SSL_SESSION)
20922092 # define SSL_CTX_set1_sigalgs_list(ctx, s) \
20932093 SSL_CTX_ctrl(ctx,SSL_CTRL_SET_SIGALGS_LIST,0,(char *)s)
20942094 # define SSL_set1_sigalgs(ctx, slist, slistlen) \
2095- SSL_ctrl(ctx,SSL_CTRL_SET_SIGALGS,clistlen,(int *)slist)
2095+ SSL_ctrl(ctx,SSL_CTRL_SET_SIGALGS,slistlen,(int *)slist)
20962096 # define SSL_set1_sigalgs_list(ctx, s) \
20972097 SSL_ctrl(ctx,SSL_CTRL_SET_SIGALGS_LIST,0,(char *)s)
20982098 # define SSL_CTX_set1_client_sigalgs(ctx, slist, slistlen) \
@@ -2713,6 +2713,7 @@ void ERR_load_SSL_strings(void);
27132713 # define SSL_F_SSL3_SETUP_KEY_BLOCK 157
27142714 # define SSL_F_SSL3_SETUP_READ_BUFFER 156
27152715 # define SSL_F_SSL3_SETUP_WRITE_BUFFER 291
2716+# define SSL_F_SSL3_SHUTDOWN 396
27162717 # define SSL_F_SSL3_WRITE_BYTES 158
27172718 # define SSL_F_SSL3_WRITE_PENDING 159
27182719 # define SSL_F_SSL_ADD_CERT_CHAIN 318
@@ -3056,6 +3057,7 @@ void ERR_load_SSL_strings(void);
30563057 # define SSL_R_SERVERHELLO_TLSEXT 275
30573058 # define SSL_R_SESSION_ID_CONTEXT_UNINITIALIZED 277
30583059 # define SSL_R_SHORT_READ 219
3060+# define SSL_R_SHUTDOWN_WHILE_IN_INIT 407
30593061 # define SSL_R_SIGNATURE_ALGORITHMS_ERROR 360
30603062 # define SSL_R_SIGNATURE_FOR_NON_SIGNING_CERTIFICATE 220
30613063 # define SSL_R_SRP_A_CALC 361
--- a/contrib/openssl/include/openssl/ui.h
+++ b/contrib/openssl/include/openssl/ui.h
@@ -1,4 +1,4 @@
1-/* crypto/ui/ui.h -*- mode:C; c-file-style: "eay" -*- */
1+/* crypto/ui/ui.h */
22 /*
33 * Written by Richard Levitte (richard@levitte.org) for the OpenSSL project
44 * 2001.
--- a/contrib/openssl/include/openssl/ui_compat.h
+++ b/contrib/openssl/include/openssl/ui_compat.h
@@ -1,4 +1,4 @@
1-/* crypto/ui/ui.h -*- mode:C; c-file-style: "eay" -*- */
1+/* crypto/ui/ui.h */
22 /*
33 * Written by Richard Levitte (richard@levitte.org) for the OpenSSL project
44 * 2001.
--- a/contrib/openssl/include/openssl/x509_vfy.h
+++ b/contrib/openssl/include/openssl/x509_vfy.h
@@ -313,7 +313,7 @@ void X509_STORE_CTX_set_depth(X509_STORE_CTX *ctx, int depth);
313313 X509_LOOKUP_ctrl((x),X509_L_ADD_DIR,(name),(long)(type),NULL)
314314
315315 # define X509_V_OK 0
316-/* illegal error (for uninitialized values, to avoid X509_V_OK): 1 */
316+# define X509_V_ERR_UNSPECIFIED 1
317317
318318 # define X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT 2
319319 # define X509_V_ERR_UNABLE_TO_GET_CRL 3
Binary files a/dist/amd64/libeay32.dll and b/dist/amd64/libeay32.dll differ
Binary files a/dist/amd64/ssleay32.dll and b/dist/amd64/ssleay32.dll differ
Binary files a/dist/libeay32.dll and b/dist/libeay32.dll differ
Binary files a/dist/ssleay32.dll and b/dist/ssleay32.dll differ
--- a/socketwrapper.c
+++ b/socketwrapper.c
@@ -153,15 +153,15 @@ BOOL LoadOpenSSL()
153153 #ifdef ENABLE_PROCESS_PROTECTION
154154 // 同梱するOpenSSLのバージョンに合わせてSHA1ハッシュ値を変更すること
155155 #if defined(_M_IX86)
156- // ssleay32.dll 1.0.2e
157- RegisterTrustedModuleSHA1Hash("\xE8\xD5\xBE\x7A\xD7\xAC\x17\x7E\x1E\x60\xA7\x6A\xD3\xE6\x14\xC9\x7A\x79\x87\x7C");
158- // libeay32.dll 1.0.2e
159- RegisterTrustedModuleSHA1Hash("\x45\xEC\x0B\xCC\x1E\x5F\xC9\xF4\xDA\x03\xF5\xEE\xAB\x6C\x85\x3A\xD8\x49\x23\xD4");
156+ // ssleay32.dll 1.0.2f
157+ RegisterTrustedModuleSHA1Hash("\xB7\xA4\x25\x22\x73\x62\xC9\x0D\xAA\xBD\x1F\x11\x61\x16\x02\x8A\x5C\x23\xDE\x38");
158+ // libeay32.dll 1.0.2f
159+ RegisterTrustedModuleSHA1Hash("\x89\xE8\x42\x0E\xDE\x75\x31\x94\xF3\xD0\x54\x02\xD1\x29\x89\x28\x89\x41\xDF\x19");
160160 #elif defined(_M_AMD64)
161- // ssleay32.dll 1.0.2e
162- RegisterTrustedModuleSHA1Hash("\xCB\x81\x60\x86\x1C\x27\xB8\x6D\x43\xA5\xBF\x34\x9F\x8E\xE0\x81\x2F\xFD\xC9\xA6");
163- // libeay32.dll 1.0.2e
164- RegisterTrustedModuleSHA1Hash("\x4A\xD3\x39\x10\x66\xA7\x89\x17\xCF\x5C\x65\x8C\xDE\x43\x9B\xF1\x64\xAE\x0E\x04");
161+ // ssleay32.dll 1.0.2f
162+ RegisterTrustedModuleSHA1Hash("\xB0\x89\xBB\x7C\x7A\xC1\x4E\x00\xC6\x9B\xEC\x36\xDE\x6C\xB6\x1F\xBE\x46\x55\x0E");
163+ // libeay32.dll 1.0.2f
164+ RegisterTrustedModuleSHA1Hash("\xC5\x59\x7B\x0C\x3C\xF6\x8E\xF8\x10\x18\x3D\x59\x8C\x47\x14\xCA\xB6\xD2\x58\x75");
165165 #endif
166166 #endif
167167 g_hOpenSSL = LoadLibrary("ssleay32.dll");