• R/O
  • HTTP
  • SSH
  • HTTPS

Commit

Tags
Keine Tags

Frequently used words (click to add to your profile)

javaandroidc++linuxc#objective-ccocoa誰得qtrubybathyscaphegamephpguicwindows翻訳pythonomegattwitterframeworkbtronarduinovb.net計画中(planning stage)directxpreviewertestゲームエンジンdom

FFFTPのソースコードです。


Commit MetaInfo

Revision9654fc918ed7f659ccfdfa39a2e620397db96c60 (tree)
Zeit2016-09-24 13:57:06
Autors_kawamoto <s_kawamoto@user...>
Commiters_kawamoto

Log Message

Update OpenSSL to 1.1.0a.
Update PEM file.

Ändern Zusammenfassung

Diff

Binary files a/FFFTP_Eng_Release/FFFTP.exe and b/FFFTP_Eng_Release/FFFTP.exe differ
Binary files a/FFFTP_Eng_Release_64/FFFTP.exe and b/FFFTP_Eng_Release_64/FFFTP.exe differ
--- a/OpenSSL/buildx64.bat
+++ b/OpenSSL/buildx64.bat
@@ -2,8 +2,9 @@
22 pushd %~dp0
33 set var0=VC-WIN64A
44 set var1=..\dist\amd64
5-perl Configure %var0% no-asm enable-ssl3 enable-ssl3-method enable-weak-ssl-ciphers
6-md %var1%
5+rem Use compat51.bat to support Windows XP or later.
6+rem Use compat50.bat to support Windows 2000.
7+call compat50.bat
78 perl nodebug.pl
89 nmake /f makefile
910 copy /y libeay32.dll %var1%\libeay32.dll
--- a/OpenSSL/buildx86.bat
+++ b/OpenSSL/buildx86.bat
@@ -2,8 +2,9 @@
22 pushd %~dp0
33 set var0=VC-WIN32
44 set var1=..\dist
5-perl Configure %var0% no-asm enable-ssl3 enable-ssl3-method enable-weak-ssl-ciphers
6-md %var1%
5+rem Use compat51.bat to support Windows XP or later.
6+rem Use compat50.bat to support Windows 2000.
7+call compat50.bat
78 perl nodebug.pl
89 nmake /f makefile
910 copy /y libeay32.dll %var1%\libeay32.dll
--- /dev/null
+++ b/OpenSSL/compat50.bat
@@ -0,0 +1,3 @@
1+perl Configure %var0% no-asm no-async enable-ssl3 enable-ssl3-method enable-weak-ssl-ciphers
2+perl compat50.pl
3+exit /b
--- /dev/null
+++ b/OpenSSL/compat50.pl
@@ -0,0 +1,11 @@
1+open(FILE, '<e_os.h');
2+@data = <FILE>;
3+close(FILE);
4+open(FILE, '>e_os.h');
5+for(@data)
6+{
7+ print FILE $_;
8+}
9+print FILE "#undef AI_PASSIVE\n";
10+close(FILE);
11+exit(0);
--- /dev/null
+++ b/OpenSSL/compat51.bat
@@ -0,0 +1,2 @@
1+perl Configure %var0% no-asm enable-ssl3 enable-ssl3-method enable-weak-ssl-ciphers
2+exit /b
--- a/OpenSSL/nodebug.pl
+++ b/OpenSSL/nodebug.pl
@@ -16,4 +16,3 @@ for(@data)
1616 print FILE $_;
1717 }
1818 close(FILE);
19-exit(0);
Binary files a/Release/FFFTP.exe and b/Release/FFFTP.exe differ
Binary files a/Release_64/FFFTP.exe and b/Release_64/FFFTP.exe differ
--- a/Resource/FFFTP.rc
+++ b/Resource/FFFTP.rc
@@ -242,7 +242,7 @@ FONT 9, "MS Shell Dlg", 0, 0, 0x0
242242 BEGIN
243243 DEFPUSHBUTTON "OK",IDOK,133,294,50,14
244244 ICON ffftp,-1,7,4,20,20
245- CTEXT "FFFTP Ver 1.99a-20160911",-1,113,11,90,8
245+ CTEXT "FFFTP Ver 1.99a-20160924",-1,113,11,90,8
246246 CTEXT "FFFTP‚Ífreeware‚Å‚·",-1,7,279,305,8
247247 CTEXT "Copyright(C) 1997-2010 Sota & ‚²‹¦—Í‚¢‚½‚¾‚¢‚½•ûX\nCopyright (C) 2011-2016 FFFTP Project (Hiromichi Matsushima, Suguru Kawamoto, IWAMOTO Kouichi, vitamin0x, ‚¤‚ȁ[, Asami, fortran90, tomo1192, Yuji Tanaka, Moriguchi Hirokazu, ‚Ó‚¤‚¹‚ñ)",-1,7,25,305,44,SS_NOPREFIX
248248 CTEXT "",ABOUT_JRE,7,96,305,8
@@ -2213,8 +2213,8 @@ nodrop_csr CURSOR "nodrop_c.cur"
22132213 //
22142214
22152215 VS_VERSION_INFO VERSIONINFO
2216- FILEVERSION 1,99,1,5
2217- PRODUCTVERSION 1,99,1,5
2216+ FILEVERSION 1,99,1,6
2217+ PRODUCTVERSION 1,99,1,6
22182218 FILEFLAGSMASK 0x3fL
22192219 #ifdef _DEBUG
22202220 FILEFLAGS 0x1L
@@ -2232,12 +2232,12 @@ BEGIN
22322232 VALUE "Comments", "‚±‚ê‚̓tƒŠ[ƒ\ƒtƒgƒEƒGƒA‚Å‚·B"
22332233 VALUE "CompanyName", "Sota, FFFTP Project"
22342234 VALUE "FileDescription", "FFFTP"
2235- VALUE "FileVersion", "1, 99, 1, 5"
2235+ VALUE "FileVersion", "1, 99, 1, 6"
22362236 VALUE "InternalName", "FFFTP"
22372237 VALUE "LegalCopyright", "Copyright (C) 1997-2010 Sota & ‚²‹¦—Í‚¢‚½‚¾‚¢‚½•ûX\nCopyright (C) 2011-2016 FFFTP Project (Hiromichi Matsushima, Suguru Kawamoto, IWAMOTO Kouichi, vitamin0x, ‚¤‚ȁ[, Asami, fortran90, tomo1192, Yuji Tanaka, Moriguchi Hirokazu, ‚Ó‚¤‚¹‚ñ)."
22382238 VALUE "OriginalFilename", "FFFTP.exe"
22392239 VALUE "ProductName", "FFFTP"
2240- VALUE "ProductVersion", "1, 99, 1, 5"
2240+ VALUE "ProductVersion", "1, 99, 1, 6"
22412241 END
22422242 END
22432243 BLOCK "VarFileInfo"
--- a/Resource_eng/ffftp.rc
+++ b/Resource_eng/ffftp.rc
@@ -242,7 +242,7 @@ FONT 9, "MS Shell Dlg", 0, 0, 0x0
242242 BEGIN
243243 DEFPUSHBUTTON "OK",IDOK,132,296,50,14
244244 ICON ffftp,-1,7,4,20,20
245- CTEXT "FFFTP Ver 1.99a-20160911",-1,110,11,90,8
245+ CTEXT "FFFTP Ver 1.99a-20160924",-1,110,11,90,8
246246 CTEXT "FFFTP is freeware",-1,7,281,301,8
247247 CTEXT "Copyright(C) 1997-2010 Sota && cooperators\nCopyright (C) 2011-2016 FFFTP Project (Hiromichi Matsushima, Suguru Kawamoto, IWAMOTO Kouichi, vitamin0x, unarist, Asami, fortran90, tomo1192, Yuji Tanaka, Moriguchi Hirokazu, Fu-sen)",-1,7,25,301,44
248248 CTEXT "",ABOUT_JRE,7,93,301,8
@@ -2253,8 +2253,8 @@ nodrop_csr CURSOR "nodrop_c.cur"
22532253 //
22542254
22552255 VS_VERSION_INFO VERSIONINFO
2256- FILEVERSION 1,99,1,5
2257- PRODUCTVERSION 1,99,1,5
2256+ FILEVERSION 1,99,1,6
2257+ PRODUCTVERSION 1,99,1,6
22582258 FILEFLAGSMASK 0x3fL
22592259 #ifdef _DEBUG
22602260 FILEFLAGS 0x1L
@@ -2272,12 +2272,12 @@ BEGIN
22722272 VALUE "Comments", "This software is Free Software"
22732273 VALUE "CompanyName", "Sota, FFFTP Project"
22742274 VALUE "FileDescription", "FFFTP"
2275- VALUE "FileVersion", "1, 99, 1, 5"
2275+ VALUE "FileVersion", "1, 99, 1, 6"
22762276 VALUE "InternalName", "FFFTP"
22772277 VALUE "LegalCopyright", "Copyright (C) 1997-2010 Sota & cooperators\nCopyright (C) 2011-2016 FFFTP Project (Hiromichi Matsushima, Suguru Kawamoto, IWAMOTO Kouichi, vitamin0x, unarist, Asami, fortran90, tomo1192, Yuji Tanaka, Moriguchi Hirokazu, Fu-sen)."
22782278 VALUE "OriginalFilename", "FFFTP.exe"
22792279 VALUE "ProductName", "FFFTP"
2280- VALUE "ProductVersion", "1, 99, 1, 5"
2280+ VALUE "ProductVersion", "1, 99, 1, 6"
22812281 END
22822282 END
22832283 BLOCK "VarFileInfo"
--- a/common.h
+++ b/common.h
@@ -72,16 +72,16 @@
7272 //#define PROGRAM_VERSION_NUM 1972 /* バージョン */
7373 // 64ビット対応
7474 #ifdef _WIN64
75-#define VER_STR "1.99a-20160911 64bit"
75+#define VER_STR "1.99a-20160924 64bit"
7676 #else
77-#define VER_STR "1.99a-20160911"
77+#define VER_STR "1.99a-20160924"
7878 #endif
7979 #define VER_NUM 1990 /* 設定バージョン */
8080 #define PROGRAM_VERSION_NUM 1990 /* バージョン */
8181 // ソフトウェア自動更新
8282 // リリースバージョンはリリース予定年(10進数4桁)+月(2桁)+日(2桁)+通し番号(0スタート2桁)とする
8383 // 2014年7月31日中の30個目のリリースは2014073129
84-#define RELEASE_VERSION_NUM 2016091100 /* リリースバージョン */
84+#define RELEASE_VERSION_NUM 2016092400 /* リリースバージョン */
8585
8686
8787 // SourceForge.JPによるフォーク
--- a/contrib/openssl/CHANGES
+++ b/contrib/openssl/CHANGES
@@ -2,6 +2,81 @@
22 OpenSSL CHANGES
33 _______________
44
5+ Changes between 1.1.0 and 1.1.0a [22 Sep 2016]
6+
7+ *) OCSP Status Request extension unbounded memory growth
8+
9+ A malicious client can send an excessively large OCSP Status Request
10+ extension. If that client continually requests renegotiation, sending a
11+ large OCSP Status Request extension each time, then there will be unbounded
12+ memory growth on the server. This will eventually lead to a Denial Of
13+ Service attack through memory exhaustion. Servers with a default
14+ configuration are vulnerable even if they do not support OCSP. Builds using
15+ the "no-ocsp" build time option are not affected.
16+
17+ This issue was reported to OpenSSL by Shi Lei (Gear Team, Qihoo 360 Inc.)
18+ (CVE-2016-6304)
19+ [Matt Caswell]
20+
21+ *) SSL_peek() hang on empty record
22+
23+ OpenSSL 1.1.0 SSL/TLS will hang during a call to SSL_peek() if the peer
24+ sends an empty record. This could be exploited by a malicious peer in a
25+ Denial Of Service attack.
26+
27+ This issue was reported to OpenSSL by Alex Gaynor.
28+ (CVE-2016-6305)
29+ [Matt Caswell]
30+
31+ *) Excessive allocation of memory in tls_get_message_header() and
32+ dtls1_preprocess_fragment()
33+
34+ A (D)TLS message includes 3 bytes for its length in the header for the
35+ message. This would allow for messages up to 16Mb in length. Messages of
36+ this length are excessive and OpenSSL includes a check to ensure that a
37+ peer is sending reasonably sized messages in order to avoid too much memory
38+ being consumed to service a connection. A flaw in the logic of version
39+ 1.1.0 means that memory for the message is allocated too early, prior to
40+ the excessive message length check. Due to way memory is allocated in
41+ OpenSSL this could mean an attacker could force up to 21Mb to be allocated
42+ to service a connection. This could lead to a Denial of Service through
43+ memory exhaustion. However, the excessive message length check still takes
44+ place, and this would cause the connection to immediately fail. Assuming
45+ that the application calls SSL_free() on the failed conneciton in a timely
46+ manner then the 21Mb of allocated memory will then be immediately freed
47+ again. Therefore the excessive memory allocation will be transitory in
48+ nature. This then means that there is only a security impact if:
49+
50+ 1) The application does not call SSL_free() in a timely manner in the event
51+ that the connection fails
52+ or
53+ 2) The application is working in a constrained environment where there is
54+ very little free memory
55+ or
56+ 3) The attacker initiates multiple connection attempts such that there are
57+ multiple connections in a state where memory has been allocated for the
58+ connection; SSL_free() has not yet been called; and there is insufficient
59+ memory to service the multiple requests.
60+
61+ Except in the instance of (1) above any Denial Of Service is likely to be
62+ transitory because as soon as the connection fails the memory is
63+ subsequently freed again in the SSL_free() call. However there is an
64+ increased risk during this period of application crashes due to the lack of
65+ memory - which would then mean a more serious Denial of Service.
66+
67+ This issue was reported to OpenSSL by Shi Lei (Gear Team, Qihoo 360 Inc.)
68+ (CVE-2016-6307 and CVE-2016-6308)
69+ [Matt Caswell]
70+
71+ *) solaris-x86-cc, i.e. 32-bit configuration with vendor compiler,
72+ had to be removed. Primary reason is that vendor assembler can't
73+ assemble our modules with -KPIC flag. As result it, assembly
74+ support, was not even available as option. But its lack means
75+ lack of side-channel resistant code, which is incompatible with
76+ security by todays standards. Fortunately gcc is readily available
77+ prepackaged option, which we firmly point at...
78+ [Andy Polyakov]
79+
580 Changes between 1.0.2h and 1.1.0 [25 Aug 2016]
681
782 *) Windows command-line tool supports UTF-8 opt-in option for arguments
@@ -874,10 +949,6 @@
874949 combination: call this in fips_test_suite.
875950 [Steve Henson]
876951
877- *) Add support for Dual EC DRBG from SP800-90. Update DRBG algorithm test
878- and POST to handle Dual EC cases.
879- [Steve Henson]
880-
881952 *) Add support for canonical generation of DSA parameter 'g'. See
882953 FIPS 186-3 A.2.3.
883954
--- a/contrib/openssl/NEWS
+++ b/contrib/openssl/NEWS
@@ -5,6 +5,15 @@
55 This file gives a brief overview of the major changes between each OpenSSL
66 release. For more details please read the CHANGES file.
77
8+ Major changes between OpenSSL 1.1.0 and OpenSSL 1.1.0a [22 Sep 2016]
9+
10+ o OCSP Status Request extension unbounded memory growth (CVE-2016-6304)
11+ o SSL_peek() hang on empty record (CVE-2016-6305)
12+ o Excessive allocation of memory in tls_get_message_header()
13+ (CVE-2016-6307)
14+ o Excessive allocation of memory in dtls1_preprocess_fragment()
15+ (CVE-2016-6308)
16+
817 Major changes between OpenSSL 1.0.2h and OpenSSL 1.1.0 [25 Aug 2016]
918
1019 o Copyright text was shrunk to a boilerplate that points to the license
--- a/contrib/openssl/README
+++ b/contrib/openssl/README
@@ -1,5 +1,5 @@
11
2- OpenSSL 1.1.0 25 Aug 2016
2+ OpenSSL 1.1.0a 22 Sep 2016
33
44 Copyright (c) 1998-2016 The OpenSSL Project
55 Copyright (c) 1995-1998 Eric A. Young, Tim J. Hudson
--- a/contrib/openssl/include/openssl/bio.h
+++ b/contrib/openssl/include/openssl/bio.h
@@ -365,9 +365,9 @@ struct bio_dgram_sctp_prinfo {
365365 # define BIO_set_conn_port(b,port) BIO_ctrl(b,BIO_C_SET_CONNECT,1,(char *)port)
366366 # define BIO_set_conn_address(b,addr) BIO_ctrl(b,BIO_C_SET_CONNECT,2,(char *)addr)
367367 # define BIO_set_conn_ip_family(b,f) BIO_int_ctrl(b,BIO_C_SET_CONNECT,3,f)
368-# define BIO_get_conn_hostname(b) ((const char *)BIO_ptr_ctrl(b,BIO_C_GET_CONNECT,0,NULL))
369-# define BIO_get_conn_port(b) ((const char *)BIO_ptr_ctrl(b,BIO_C_GET_CONNECT,1,NULL))
370-# define BIO_get_conn_address(b) ((const BIO_ADDR *)BIO_ptr_ctrl(b,BIO_C_GET_CONNECT,2,NULL))
368+# define BIO_get_conn_hostname(b) ((const char *)BIO_ptr_ctrl(b,BIO_C_GET_CONNECT,0))
369+# define BIO_get_conn_port(b) ((const char *)BIO_ptr_ctrl(b,BIO_C_GET_CONNECT,1))
370+# define BIO_get_conn_address(b) ((const BIO_ADDR *)BIO_ptr_ctrl(b,BIO_C_GET_CONNECT,2))
371371 # define BIO_get_conn_ip_family(b) BIO_ctrl(b,BIO_C_GET_CONNECT,3,NULL)
372372 # define BIO_set_conn_mode(b,n) BIO_ctrl(b,BIO_C_SET_CONNECT_MODE,(n),NULL)
373373
--- a/contrib/openssl/include/openssl/ocsp.h
+++ b/contrib/openssl/include/openssl/ocsp.h
@@ -259,6 +259,9 @@ int OCSP_basic_add1_cert(OCSP_BASICRESP *resp, X509 *cert);
259259 int OCSP_basic_sign(OCSP_BASICRESP *brsp,
260260 X509 *signer, EVP_PKEY *key, const EVP_MD *dgst,
261261 STACK_OF(X509) *certs, unsigned long flags);
262+int OCSP_RESPID_set_by_name(OCSP_RESPID *respid, X509 *cert);
263+int OCSP_RESPID_set_by_key(OCSP_RESPID *respid, X509 *cert);
264+int OCSP_RESPID_match(OCSP_RESPID *respid, X509 *cert);
262265
263266 X509_EXTENSION *OCSP_crlID_new(const char *url, long *n, char *tim);
264267
--- a/contrib/openssl/include/openssl/opensslconf.h
+++ b/contrib/openssl/include/openssl/opensslconf.h
@@ -25,9 +25,24 @@ extern "C" {
2525 #ifndef OPENSSL_SYS_WIN32
2626 # define OPENSSL_SYS_WIN32 1
2727 #endif
28+#ifndef OPENSSL_NO_MD2
29+# define OPENSSL_NO_MD2
30+#endif
31+#ifndef OPENSSL_NO_RC5
32+# define OPENSSL_NO_RC5
33+#endif
34+#ifndef OPENSSL_THREADS
35+# define OPENSSL_THREADS
36+#endif
2837 #ifndef OPENSSL_NO_ASAN
2938 # define OPENSSL_NO_ASAN
3039 #endif
40+#ifndef OPENSSL_NO_ASM
41+# define OPENSSL_NO_ASM
42+#endif
43+#ifndef OPENSSL_NO_ASYNC
44+# define OPENSSL_NO_ASYNC
45+#endif
3146 #ifndef OPENSSL_NO_CRYPTO_MDEBUG
3247 # define OPENSSL_NO_CRYPTO_MDEBUG
3348 #endif
@@ -49,15 +64,9 @@ extern "C" {
4964 #ifndef OPENSSL_NO_HEARTBEATS
5065 # define OPENSSL_NO_HEARTBEATS
5166 #endif
52-#ifndef OPENSSL_NO_MD2
53-# define OPENSSL_NO_MD2
54-#endif
5567 #ifndef OPENSSL_NO_MSAN
5668 # define OPENSSL_NO_MSAN
5769 #endif
58-#ifndef OPENSSL_NO_RC5
59-# define OPENSSL_NO_RC5
60-#endif
6170 #ifndef OPENSSL_NO_SCTP
6271 # define OPENSSL_NO_SCTP
6372 #endif
@@ -70,12 +79,6 @@ extern "C" {
7079 #ifndef OPENSSL_NO_UNIT_TEST
7180 # define OPENSSL_NO_UNIT_TEST
7281 #endif
73-#ifndef OPENSSL_THREADS
74-# define OPENSSL_THREADS
75-#endif
76-#ifndef OPENSSL_NO_ASM
77-# define OPENSSL_NO_ASM
78-#endif
7982 #ifndef OPENSSL_NO_AFALGENG
8083 # define OPENSSL_NO_AFALGENG
8184 #endif
--- a/contrib/openssl/include/openssl/opensslv.h
+++ b/contrib/openssl/include/openssl/opensslv.h
@@ -39,11 +39,11 @@ extern "C" {
3939 * (Prior to 0.9.5a beta1, a different scheme was used: MMNNFFRBB for
4040 * major minor fix final patch/beta)
4141 */
42-# define OPENSSL_VERSION_NUMBER 0x1010000fL
42+# define OPENSSL_VERSION_NUMBER 0x1010001fL
4343 # ifdef OPENSSL_FIPS
44-# define OPENSSL_VERSION_TEXT "OpenSSL 1.1.0-fips 25 Aug 2016"
44+# define OPENSSL_VERSION_TEXT "OpenSSL 1.1.0a-fips 22 Sep 2016"
4545 # else
46-# define OPENSSL_VERSION_TEXT "OpenSSL 1.1.0 25 Aug 2016"
46+# define OPENSSL_VERSION_TEXT "OpenSSL 1.1.0a 22 Sep 2016"
4747 # endif
4848
4949 /*-
--- a/contrib/openssl/include/openssl/ssl.h
+++ b/contrib/openssl/include/openssl/ssl.h
@@ -2482,6 +2482,7 @@ int ERR_load_SSL_strings(void);
24822482 # define SSL_R_TLS_HEARTBEAT_PENDING 366
24832483 # define SSL_R_TLS_ILLEGAL_EXPORTER_LABEL 367
24842484 # define SSL_R_TLS_INVALID_ECPOINTFORMAT_LIST 157
2485+# define SSL_R_TOO_MANY_WARN_ALERTS 409
24852486 # define SSL_R_UNABLE_TO_FIND_ECDH_PARAMETERS 314
24862487 # define SSL_R_UNABLE_TO_FIND_PUBLIC_KEY_PARAMETERS 239
24872488 # define SSL_R_UNABLE_TO_LOAD_SSL3_MD5_ROUTINES 242
Binary files a/dist/amd64/libeay32.dll and b/dist/amd64/libeay32.dll differ
Binary files a/dist/amd64/ssleay32.dll and b/dist/amd64/ssleay32.dll differ
Binary files a/dist/libeay32.dll and b/dist/libeay32.dll differ
--- a/dist/ssl.pem
+++ b/dist/ssl.pem
@@ -1,7 +1,7 @@
11 ##
22 ## Bundle of CA Root Certificates
33 ##
4-## Certificate data from Mozilla as of: Wed Sep 7 03:12:05 2016
4+## Certificate data from Mozilla as of: Wed Sep 14 03:12:05 2016
55 ##
66 ## This is a bundle of X.509 certificates of public Certificate Authorities
77 ## (CA). These were automatically extracted from Mozilla's root certificates
@@ -14,7 +14,7 @@
1414 ## Just configure this file as the SSLCACertificateFile.
1515 ##
1616 ## Conversion done with mk-ca-bundle.pl version 1.26.
17-## SHA1: 36aebbcc910dcab8838e6e721523d84f0ed20589
17+## SHA256: 01bbf1ecdd693f554ff4dcbe15880b3e6c33188a956c15ff845d313ca69cfeb8
1818 ##
1919
2020
Binary files a/dist/ssleay32.dll and b/dist/ssleay32.dll differ
--- a/main.c
+++ b/main.c
@@ -3596,7 +3596,7 @@ BOOL LoadSSLRootCAFile()
35963596 for(i = 0; i < 5; i++)
35973597 Hash[i] = _byteswap_ulong(Hash[i]);
35983598 // 同梱する"ssl.pem"に合わせてSHA1ハッシュ値を変更すること
3599- if(memcmp(&Hash, &SSLRootCAFileHash, 20) == 0 || memcmp(&Hash, "\xDF\x8E\xE2\x5A\xC7\x01\x03\x1C\x3A\x61\x00\xA2\x53\xCA\xF8\xDC\xA0\xC1\xA6\x3B", 20) == 0
3599+ if(memcmp(&Hash, &SSLRootCAFileHash, 20) == 0 || memcmp(&Hash, "\x73\xB7\x54\x80\xEE\x1C\x4C\x66\x1C\x57\xD2\x0B\xDF\x85\xAD\x11\x69\xAF\x14\x8B", 20) == 0
36003600 || DialogBox(GetFtpInst(), MAKEINTRESOURCE(updatesslroot_dlg), GetMainHwnd(), ExeEscDialogProc) == YES)
36013601 {
36023602 memcpy(&SSLRootCAFileHash, &Hash, 20);
--- a/socketwrapper.c
+++ b/socketwrapper.c
@@ -161,15 +161,15 @@ BOOL LoadOpenSSL()
161161 #ifdef ENABLE_PROCESS_PROTECTION
162162 // 同梱するOpenSSLのバージョンに合わせてSHA1ハッシュ値を変更すること
163163 #if defined(_M_IX86)
164- // ssleay32.dll 1.1.0
165- RegisterTrustedModuleSHA1Hash("\x91\x4D\xEC\xE1\x30\x6C\xCB\x62\x89\xA6\xC1\x55\xC5\x94\x05\xF6\xA1\x58\x60\x7F");
166- // libeay32.dll 1.1.0
167- RegisterTrustedModuleSHA1Hash("\xAF\xE4\xFF\x1D\xC6\xCE\x4F\x76\xE9\x84\x16\x4F\xA3\xC4\x75\x72\xAF\xE0\x83\x07");
164+ // ssleay32.dll 1.1.0a
165+ RegisterTrustedModuleSHA1Hash("\xBF\x25\x75\x85\x71\x67\x5D\x3E\x07\x11\x40\xE2\x47\xC0\xE0\x5C\xB2\xCD\xC3\x12");
166+ // libeay32.dll 1.1.0a
167+ RegisterTrustedModuleSHA1Hash("\x0A\x29\x8D\xAC\x2C\xA2\xB1\x43\x2B\x9F\xA4\xD8\x14\x80\x9B\x04\xD9\x23\x73\x41");
168168 #elif defined(_M_AMD64)
169- // ssleay32.dll 1.1.0
170- RegisterTrustedModuleSHA1Hash("\xD6\x21\xD0\xF5\xDA\x9D\xD5\x3F\x92\xD3\x63\xD5\xDC\x5D\xBB\xE6\x49\xE2\x7E\x72");
171- // libeay32.dll 1.1.0
172- RegisterTrustedModuleSHA1Hash("\xFA\xFA\xB7\x06\x58\x46\x5A\x5F\x41\x05\x28\x9F\x65\x57\xD2\x4B\xC6\x1B\xE6\x02");
169+ // ssleay32.dll 1.1.0a
170+ RegisterTrustedModuleSHA1Hash("\xCE\x74\x3E\x3D\x88\x2C\xC4\xAC\x33\x53\xD4\x5A\xAE\x17\x4F\x59\x01\x8A\x6E\xAB");
171+ // libeay32.dll 1.1.0a
172+ RegisterTrustedModuleSHA1Hash("\xA1\x40\x78\xD1\xD5\x47\xCA\x47\x8A\x03\x93\xBC\x9E\xAD\xFA\xCA\x65\x1F\x36\x78");
173173 #endif
174174 #endif
175175 g_hOpenSSL = LoadLibrary("ssleay32.dll");