FFFTPのソースコードです。
Révision | c353d7633a10cc5a49a4d59448304dde9b36de74 (tree) |
---|---|
l'heure | 2012-05-18 21:36:27 |
Auteur | s_kawamoto <s_kawamoto@user...> |
Commiter | s_kawamoto |
Update OpenSSL to 1.0.1c.
@@ -2,6 +2,379 @@ | ||
2 | 2 | OpenSSL CHANGES |
3 | 3 | _______________ |
4 | 4 | |
5 | + Changes between 1.0.1b and 1.0.1c [10 May 2012] | |
6 | + | |
7 | + *) Sanity check record length before skipping explicit IV in TLS | |
8 | + 1.2, 1.1 and DTLS to fix DoS attack. | |
9 | + | |
10 | + Thanks to Codenomicon for discovering this issue using Fuzz-o-Matic | |
11 | + fuzzing as a service testing platform. | |
12 | + (CVE-2012-2333) | |
13 | + [Steve Henson] | |
14 | + | |
15 | + *) Initialise tkeylen properly when encrypting CMS messages. | |
16 | + Thanks to Solar Designer of Openwall for reporting this issue. | |
17 | + [Steve Henson] | |
18 | + | |
19 | + *) In FIPS mode don't try to use composite ciphers as they are not | |
20 | + approved. | |
21 | + [Steve Henson] | |
22 | + | |
23 | + Changes between 1.0.1a and 1.0.1b [26 Apr 2012] | |
24 | + | |
25 | + *) OpenSSL 1.0.0 sets SSL_OP_ALL to 0x80000FFFL and OpenSSL 1.0.1 and | |
26 | + 1.0.1a set SSL_OP_NO_TLSv1_1 to 0x00000400L which would unfortunately | |
27 | + mean any application compiled against OpenSSL 1.0.0 headers setting | |
28 | + SSL_OP_ALL would also set SSL_OP_NO_TLSv1_1, unintentionally disablng | |
29 | + TLS 1.1 also. Fix this by changing the value of SSL_OP_NO_TLSv1_1 to | |
30 | + 0x10000000L Any application which was previously compiled against | |
31 | + OpenSSL 1.0.1 or 1.0.1a headers and which cares about SSL_OP_NO_TLSv1_1 | |
32 | + will need to be recompiled as a result. Letting be results in | |
33 | + inability to disable specifically TLS 1.1 and in client context, | |
34 | + in unlike event, limit maximum offered version to TLS 1.0 [see below]. | |
35 | + [Steve Henson] | |
36 | + | |
37 | + *) In order to ensure interoperabilty SSL_OP_NO_protocolX does not | |
38 | + disable just protocol X, but all protocols above X *if* there are | |
39 | + protocols *below* X still enabled. In more practical terms it means | |
40 | + that if application wants to disable TLS1.0 in favor of TLS1.1 and | |
41 | + above, it's not sufficient to pass SSL_OP_NO_TLSv1, one has to pass | |
42 | + SSL_OP_NO_TLSv1|SSL_OP_NO_SSLv3|SSL_OP_NO_SSLv2. This applies to | |
43 | + client side. | |
44 | + [Andy Polyakov] | |
45 | + | |
46 | + Changes between 1.0.1 and 1.0.1a [19 Apr 2012] | |
47 | + | |
48 | + *) Check for potentially exploitable overflows in asn1_d2i_read_bio | |
49 | + BUF_mem_grow and BUF_mem_grow_clean. Refuse attempts to shrink buffer | |
50 | + in CRYPTO_realloc_clean. | |
51 | + | |
52 | + Thanks to Tavis Ormandy, Google Security Team, for discovering this | |
53 | + issue and to Adam Langley <agl@chromium.org> for fixing it. | |
54 | + (CVE-2012-2110) | |
55 | + [Adam Langley (Google), Tavis Ormandy, Google Security Team] | |
56 | + | |
57 | + *) Don't allow TLS 1.2 SHA-256 ciphersuites in TLS 1.0, 1.1 connections. | |
58 | + [Adam Langley] | |
59 | + | |
60 | + *) Workarounds for some broken servers that "hang" if a client hello | |
61 | + record length exceeds 255 bytes. | |
62 | + | |
63 | + 1. Do not use record version number > TLS 1.0 in initial client | |
64 | + hello: some (but not all) hanging servers will now work. | |
65 | + 2. If we set OPENSSL_MAX_TLS1_2_CIPHER_LENGTH this will truncate | |
66 | + the number of ciphers sent in the client hello. This should be | |
67 | + set to an even number, such as 50, for example by passing: | |
68 | + -DOPENSSL_MAX_TLS1_2_CIPHER_LENGTH=50 to config or Configure. | |
69 | + Most broken servers should now work. | |
70 | + 3. If all else fails setting OPENSSL_NO_TLS1_2_CLIENT will disable | |
71 | + TLS 1.2 client support entirely. | |
72 | + [Steve Henson] | |
73 | + | |
74 | + *) Fix SEGV in Vector Permutation AES module observed in OpenSSH. | |
75 | + [Andy Polyakov] | |
76 | + | |
77 | + Changes between 1.0.0h and 1.0.1 [14 Mar 2012] | |
78 | + | |
79 | + *) Add compatibility with old MDC2 signatures which use an ASN1 OCTET | |
80 | + STRING form instead of a DigestInfo. | |
81 | + [Steve Henson] | |
82 | + | |
83 | + *) The format used for MDC2 RSA signatures is inconsistent between EVP | |
84 | + and the RSA_sign/RSA_verify functions. This was made more apparent when | |
85 | + OpenSSL used RSA_sign/RSA_verify for some RSA signatures in particular | |
86 | + those which went through EVP_PKEY_METHOD in 1.0.0 and later. Detect | |
87 | + the correct format in RSA_verify so both forms transparently work. | |
88 | + [Steve Henson] | |
89 | + | |
90 | + *) Some servers which support TLS 1.0 can choke if we initially indicate | |
91 | + support for TLS 1.2 and later renegotiate using TLS 1.0 in the RSA | |
92 | + encrypted premaster secret. As a workaround use the maximum pemitted | |
93 | + client version in client hello, this should keep such servers happy | |
94 | + and still work with previous versions of OpenSSL. | |
95 | + [Steve Henson] | |
96 | + | |
97 | + *) Add support for TLS/DTLS heartbeats. | |
98 | + [Robin Seggelmann <seggelmann@fh-muenster.de>] | |
99 | + | |
100 | + *) Add support for SCTP. | |
101 | + [Robin Seggelmann <seggelmann@fh-muenster.de>] | |
102 | + | |
103 | + *) Improved PRNG seeding for VOS. | |
104 | + [Paul Green <Paul.Green@stratus.com>] | |
105 | + | |
106 | + *) Extensive assembler packs updates, most notably: | |
107 | + | |
108 | + - x86[_64]: AES-NI, PCLMULQDQ, RDRAND support; | |
109 | + - x86[_64]: SSSE3 support (SHA1, vector-permutation AES); | |
110 | + - x86_64: bit-sliced AES implementation; | |
111 | + - ARM: NEON support, contemporary platforms optimizations; | |
112 | + - s390x: z196 support; | |
113 | + - *: GHASH and GF(2^m) multiplication implementations; | |
114 | + | |
115 | + [Andy Polyakov] | |
116 | + | |
117 | + *) Make TLS-SRP code conformant with RFC 5054 API cleanup | |
118 | + (removal of unnecessary code) | |
119 | + [Peter Sylvester <peter.sylvester@edelweb.fr>] | |
120 | + | |
121 | + *) Add TLS key material exporter from RFC 5705. | |
122 | + [Eric Rescorla] | |
123 | + | |
124 | + *) Add DTLS-SRTP negotiation from RFC 5764. | |
125 | + [Eric Rescorla] | |
126 | + | |
127 | + *) Add Next Protocol Negotiation, | |
128 | + http://tools.ietf.org/html/draft-agl-tls-nextprotoneg-00. Can be | |
129 | + disabled with a no-npn flag to config or Configure. Code donated | |
130 | + by Google. | |
131 | + [Adam Langley <agl@google.com> and Ben Laurie] | |
132 | + | |
133 | + *) Add optional 64-bit optimized implementations of elliptic curves NIST-P224, | |
134 | + NIST-P256, NIST-P521, with constant-time single point multiplication on | |
135 | + typical inputs. Compiler support for the nonstandard type __uint128_t is | |
136 | + required to use this (present in gcc 4.4 and later, for 64-bit builds). | |
137 | + Code made available under Apache License version 2.0. | |
138 | + | |
139 | + Specify "enable-ec_nistp_64_gcc_128" on the Configure (or config) command | |
140 | + line to include this in your build of OpenSSL, and run "make depend" (or | |
141 | + "make update"). This enables the following EC_METHODs: | |
142 | + | |
143 | + EC_GFp_nistp224_method() | |
144 | + EC_GFp_nistp256_method() | |
145 | + EC_GFp_nistp521_method() | |
146 | + | |
147 | + EC_GROUP_new_by_curve_name() will automatically use these (while | |
148 | + EC_GROUP_new_curve_GFp() currently prefers the more flexible | |
149 | + implementations). | |
150 | + [Emilia K舖per, Adam Langley, Bodo Moeller (Google)] | |
151 | + | |
152 | + *) Use type ossl_ssize_t instad of ssize_t which isn't available on | |
153 | + all platforms. Move ssize_t definition from e_os.h to the public | |
154 | + header file e_os2.h as it now appears in public header file cms.h | |
155 | + [Steve Henson] | |
156 | + | |
157 | + *) New -sigopt option to the ca, req and x509 utilities. Additional | |
158 | + signature parameters can be passed using this option and in | |
159 | + particular PSS. | |
160 | + [Steve Henson] | |
161 | + | |
162 | + *) Add RSA PSS signing function. This will generate and set the | |
163 | + appropriate AlgorithmIdentifiers for PSS based on those in the | |
164 | + corresponding EVP_MD_CTX structure. No application support yet. | |
165 | + [Steve Henson] | |
166 | + | |
167 | + *) Support for companion algorithm specific ASN1 signing routines. | |
168 | + New function ASN1_item_sign_ctx() signs a pre-initialised | |
169 | + EVP_MD_CTX structure and sets AlgorithmIdentifiers based on | |
170 | + the appropriate parameters. | |
171 | + [Steve Henson] | |
172 | + | |
173 | + *) Add new algorithm specific ASN1 verification initialisation function | |
174 | + to EVP_PKEY_ASN1_METHOD: this is not in EVP_PKEY_METHOD since the ASN1 | |
175 | + handling will be the same no matter what EVP_PKEY_METHOD is used. | |
176 | + Add a PSS handler to support verification of PSS signatures: checked | |
177 | + against a number of sample certificates. | |
178 | + [Steve Henson] | |
179 | + | |
180 | + *) Add signature printing for PSS. Add PSS OIDs. | |
181 | + [Steve Henson, Martin Kaiser <lists@kaiser.cx>] | |
182 | + | |
183 | + *) Add algorithm specific signature printing. An individual ASN1 method | |
184 | + can now print out signatures instead of the standard hex dump. | |
185 | + | |
186 | + More complex signatures (e.g. PSS) can print out more meaningful | |
187 | + information. Include DSA version that prints out the signature | |
188 | + parameters r, s. | |
189 | + [Steve Henson] | |
190 | + | |
191 | + *) Password based recipient info support for CMS library: implementing | |
192 | + RFC3211. | |
193 | + [Steve Henson] | |
194 | + | |
195 | + *) Split password based encryption into PBES2 and PBKDF2 functions. This | |
196 | + neatly separates the code into cipher and PBE sections and is required | |
197 | + for some algorithms that split PBES2 into separate pieces (such as | |
198 | + password based CMS). | |
199 | + [Steve Henson] | |
200 | + | |
201 | + *) Session-handling fixes: | |
202 | + - Fix handling of connections that are resuming with a session ID, | |
203 | + but also support Session Tickets. | |
204 | + - Fix a bug that suppressed issuing of a new ticket if the client | |
205 | + presented a ticket with an expired session. | |
206 | + - Try to set the ticket lifetime hint to something reasonable. | |
207 | + - Make tickets shorter by excluding irrelevant information. | |
208 | + - On the client side, don't ignore renewed tickets. | |
209 | + [Adam Langley, Bodo Moeller (Google)] | |
210 | + | |
211 | + *) Fix PSK session representation. | |
212 | + [Bodo Moeller] | |
213 | + | |
214 | + *) Add RC4-MD5 and AESNI-SHA1 "stitched" implementations. | |
215 | + | |
216 | + This work was sponsored by Intel. | |
217 | + [Andy Polyakov] | |
218 | + | |
219 | + *) Add GCM support to TLS library. Some custom code is needed to split | |
220 | + the IV between the fixed (from PRF) and explicit (from TLS record) | |
221 | + portions. This adds all GCM ciphersuites supported by RFC5288 and | |
222 | + RFC5289. Generalise some AES* cipherstrings to inlclude GCM and | |
223 | + add a special AESGCM string for GCM only. | |
224 | + [Steve Henson] | |
225 | + | |
226 | + *) Expand range of ctrls for AES GCM. Permit setting invocation | |
227 | + field on decrypt and retrieval of invocation field only on encrypt. | |
228 | + [Steve Henson] | |
229 | + | |
230 | + *) Add HMAC ECC ciphersuites from RFC5289. Include SHA384 PRF support. | |
231 | + As required by RFC5289 these ciphersuites cannot be used if for | |
232 | + versions of TLS earlier than 1.2. | |
233 | + [Steve Henson] | |
234 | + | |
235 | + *) For FIPS capable OpenSSL interpret a NULL default public key method | |
236 | + as unset and return the appopriate default but do *not* set the default. | |
237 | + This means we can return the appopriate method in applications that | |
238 | + swicth between FIPS and non-FIPS modes. | |
239 | + [Steve Henson] | |
240 | + | |
241 | + *) Redirect HMAC and CMAC operations to FIPS module in FIPS mode. If an | |
242 | + ENGINE is used then we cannot handle that in the FIPS module so we | |
243 | + keep original code iff non-FIPS operations are allowed. | |
244 | + [Steve Henson] | |
245 | + | |
246 | + *) Add -attime option to openssl utilities. | |
247 | + [Peter Eckersley <pde@eff.org>, Ben Laurie and Steve Henson] | |
248 | + | |
249 | + *) Redirect DSA and DH operations to FIPS module in FIPS mode. | |
250 | + [Steve Henson] | |
251 | + | |
252 | + *) Redirect ECDSA and ECDH operations to FIPS module in FIPS mode. Also use | |
253 | + FIPS EC methods unconditionally for now. | |
254 | + [Steve Henson] | |
255 | + | |
256 | + *) New build option no-ec2m to disable characteristic 2 code. | |
257 | + [Steve Henson] | |
258 | + | |
259 | + *) Backport libcrypto audit of return value checking from 1.1.0-dev; not | |
260 | + all cases can be covered as some introduce binary incompatibilities. | |
261 | + [Steve Henson] | |
262 | + | |
263 | + *) Redirect RSA operations to FIPS module including keygen, | |
264 | + encrypt, decrypt, sign and verify. Block use of non FIPS RSA methods. | |
265 | + [Steve Henson] | |
266 | + | |
267 | + *) Add similar low level API blocking to ciphers. | |
268 | + [Steve Henson] | |
269 | + | |
270 | + *) Low level digest APIs are not approved in FIPS mode: any attempt | |
271 | + to use these will cause a fatal error. Applications that *really* want | |
272 | + to use them can use the private_* version instead. | |
273 | + [Steve Henson] | |
274 | + | |
275 | + *) Redirect cipher operations to FIPS module for FIPS builds. | |
276 | + [Steve Henson] | |
277 | + | |
278 | + *) Redirect digest operations to FIPS module for FIPS builds. | |
279 | + [Steve Henson] | |
280 | + | |
281 | + *) Update build system to add "fips" flag which will link in fipscanister.o | |
282 | + for static and shared library builds embedding a signature if needed. | |
283 | + [Steve Henson] | |
284 | + | |
285 | + *) Output TLS supported curves in preference order instead of numerical | |
286 | + order. This is currently hardcoded for the highest order curves first. | |
287 | + This should be configurable so applications can judge speed vs strength. | |
288 | + [Steve Henson] | |
289 | + | |
290 | + *) Add TLS v1.2 server support for client authentication. | |
291 | + [Steve Henson] | |
292 | + | |
293 | + *) Add support for FIPS mode in ssl library: disable SSLv3, non-FIPS ciphers | |
294 | + and enable MD5. | |
295 | + [Steve Henson] | |
296 | + | |
297 | + *) Functions FIPS_mode_set() and FIPS_mode() which call the underlying | |
298 | + FIPS modules versions. | |
299 | + [Steve Henson] | |
300 | + | |
301 | + *) Add TLS v1.2 client side support for client authentication. Keep cache | |
302 | + of handshake records longer as we don't know the hash algorithm to use | |
303 | + until after the certificate request message is received. | |
304 | + [Steve Henson] | |
305 | + | |
306 | + *) Initial TLS v1.2 client support. Add a default signature algorithms | |
307 | + extension including all the algorithms we support. Parse new signature | |
308 | + format in client key exchange. Relax some ECC signing restrictions for | |
309 | + TLS v1.2 as indicated in RFC5246. | |
310 | + [Steve Henson] | |
311 | + | |
312 | + *) Add server support for TLS v1.2 signature algorithms extension. Switch | |
313 | + to new signature format when needed using client digest preference. | |
314 | + All server ciphersuites should now work correctly in TLS v1.2. No client | |
315 | + support yet and no support for client certificates. | |
316 | + [Steve Henson] | |
317 | + | |
318 | + *) Initial TLS v1.2 support. Add new SHA256 digest to ssl code, switch | |
319 | + to SHA256 for PRF when using TLS v1.2 and later. Add new SHA256 based | |
320 | + ciphersuites. At present only RSA key exchange ciphersuites work with | |
321 | + TLS v1.2. Add new option for TLS v1.2 replacing the old and obsolete | |
322 | + SSL_OP_PKCS1_CHECK flags with SSL_OP_NO_TLSv1_2. New TLSv1.2 methods | |
323 | + and version checking. | |
324 | + [Steve Henson] | |
325 | + | |
326 | + *) New option OPENSSL_NO_SSL_INTERN. If an application can be compiled | |
327 | + with this defined it will not be affected by any changes to ssl internal | |
328 | + structures. Add several utility functions to allow openssl application | |
329 | + to work with OPENSSL_NO_SSL_INTERN defined. | |
330 | + [Steve Henson] | |
331 | + | |
332 | + *) Add SRP support. | |
333 | + [Tom Wu <tjw@cs.stanford.edu> and Ben Laurie] | |
334 | + | |
335 | + *) Add functions to copy EVP_PKEY_METHOD and retrieve flags and id. | |
336 | + [Steve Henson] | |
337 | + | |
338 | + *) Permit abbreviated handshakes when renegotiating using the function | |
339 | + SSL_renegotiate_abbreviated(). | |
340 | + [Robin Seggelmann <seggelmann@fh-muenster.de>] | |
341 | + | |
342 | + *) Add call to ENGINE_register_all_complete() to | |
343 | + ENGINE_load_builtin_engines(), so some implementations get used | |
344 | + automatically instead of needing explicit application support. | |
345 | + [Steve Henson] | |
346 | + | |
347 | + *) Add support for TLS key exporter as described in RFC5705. | |
348 | + [Robin Seggelmann <seggelmann@fh-muenster.de>, Steve Henson] | |
349 | + | |
350 | + *) Initial TLSv1.1 support. Since TLSv1.1 is very similar to TLS v1.0 only | |
351 | + a few changes are required: | |
352 | + | |
353 | + Add SSL_OP_NO_TLSv1_1 flag. | |
354 | + Add TLSv1_1 methods. | |
355 | + Update version checking logic to handle version 1.1. | |
356 | + Add explicit IV handling (ported from DTLS code). | |
357 | + Add command line options to s_client/s_server. | |
358 | + [Steve Henson] | |
359 | + | |
360 | + Changes between 1.0.0g and 1.0.0h [12 Mar 2012] | |
361 | + | |
362 | + *) Fix MMA (Bleichenbacher's attack on PKCS #1 v1.5 RSA padding) weakness | |
363 | + in CMS and PKCS7 code. When RSA decryption fails use a random key for | |
364 | + content decryption and always return the same error. Note: this attack | |
365 | + needs on average 2^20 messages so it only affects automated senders. The | |
366 | + old behaviour can be reenabled in the CMS code by setting the | |
367 | + CMS_DEBUG_DECRYPT flag: this is useful for debugging and testing where | |
368 | + an MMA defence is not necessary. | |
369 | + Thanks to Ivan Nestlerode <inestlerode@us.ibm.com> for discovering | |
370 | + this issue. (CVE-2012-0884) | |
371 | + [Steve Henson] | |
372 | + | |
373 | + *) Fix CVE-2011-4619: make sure we really are receiving a | |
374 | + client hello before rejecting multiple SGC restarts. Thanks to | |
375 | + Ivan Nestlerode <inestlerode@us.ibm.com> for discovering this bug. | |
376 | + [Steve Henson] | |
377 | + | |
5 | 378 | Changes between 1.0.0f and 1.0.0g [18 Jan 2012] |
6 | 379 | |
7 | 380 | *) Fix for DTLS DoS issue introduced by fix for CVE-2011-4109. |
@@ -10,6 +10,7 @@ OpenSSL - Frequently Asked Questions | ||
10 | 10 | * Why aren't tools like 'autoconf' and 'libtool' used? |
11 | 11 | * What is an 'engine' version? |
12 | 12 | * How do I check the authenticity of the OpenSSL distribution? |
13 | +* How does the versioning scheme work? | |
13 | 14 | |
14 | 15 | [LEGAL] Legal questions |
15 | 16 |
@@ -82,7 +83,7 @@ OpenSSL - Frequently Asked Questions | ||
82 | 83 | * Which is the current version of OpenSSL? |
83 | 84 | |
84 | 85 | The current version is available from <URL: http://www.openssl.org>. |
85 | -OpenSSL 1.0.0g was released on Jan 18th, 2012. | |
86 | +OpenSSL 1.0.1c was released on May 10th, 2012. | |
86 | 87 | |
87 | 88 | In addition to the current stable release, you can also access daily |
88 | 89 | snapshots of the OpenSSL development version at <URL: |
@@ -108,7 +109,9 @@ In addition, you can read the most current versions at | ||
108 | 109 | <URL: http://www.openssl.org/docs/>. Note that the online documents refer |
109 | 110 | to the very latest development versions of OpenSSL and may include features |
110 | 111 | not present in released versions. If in doubt refer to the documentation |
111 | -that came with the version of OpenSSL you are using. | |
112 | +that came with the version of OpenSSL you are using. The pod format | |
113 | +documentation is included in each OpenSSL distribution under the docs | |
114 | +directory. | |
112 | 115 | |
113 | 116 | For information on parts of libcrypto that are not yet documented, you |
114 | 117 | might want to read Ariel Glenn's documentation on SSLeay 0.9, OpenSSL's |
@@ -173,6 +176,19 @@ just do: | ||
173 | 176 | |
174 | 177 | pgp TARBALL.asc |
175 | 178 | |
179 | +* How does the versioning scheme work? | |
180 | + | |
181 | +After the release of OpenSSL 1.0.0 the versioning scheme changed. Letter | |
182 | +releases (e.g. 1.0.1a) can only contain bug and security fixes and no | |
183 | +new features. Minor releases change the last number (e.g. 1.0.2) and | |
184 | +can contain new features that retain binary compatibility. Changes to | |
185 | +the middle number are considered major releases and neither source nor | |
186 | +binary compatibility is guaranteed. | |
187 | + | |
188 | +Therefore the answer to the common question "when will feature X be | |
189 | +backported to OpenSSL 1.0.0/0.9.8?" is "never" but it could appear | |
190 | +in the next minor release. | |
191 | + | |
176 | 192 | [LEGAL] ======================================================================= |
177 | 193 | |
178 | 194 | * Do I need patent licenses to use OpenSSL? |
@@ -284,7 +300,7 @@ current directory in this case, but this has changed with 0.9.6a.) | ||
284 | 300 | Check out the CA.pl(1) manual page. This provides a simple wrapper round |
285 | 301 | the 'req', 'verify', 'ca' and 'pkcs12' utilities. For finer control check |
286 | 302 | out the manual pages for the individual utilities and the certificate |
287 | -extensions documentation (currently in doc/openssl.txt). | |
303 | +extensions documentation (in ca(1), req(1), x509v3_config(5) ) | |
288 | 304 | |
289 | 305 | |
290 | 306 | * Why can't I create certificate requests? |
@@ -25,11 +25,11 @@ | ||
25 | 25 | * (Prior to 0.9.5a beta1, a different scheme was used: MMNNFFRBB for |
26 | 26 | * major minor fix final patch/beta) |
27 | 27 | */ |
28 | -#define OPENSSL_VERSION_NUMBER 0x1000102fL | |
28 | +#define OPENSSL_VERSION_NUMBER 0x1000103fL | |
29 | 29 | #ifdef OPENSSL_FIPS |
30 | -#define OPENSSL_VERSION_TEXT "OpenSSL 1.0.1b-fips 26 Apr 2012" | |
30 | +#define OPENSSL_VERSION_TEXT "OpenSSL 1.0.1c-fips 10 May 2012" | |
31 | 31 | #else |
32 | -#define OPENSSL_VERSION_TEXT "OpenSSL 1.0.1b 26 Apr 2012" | |
32 | +#define OPENSSL_VERSION_TEXT "OpenSSL 1.0.1c 10 May 2012" | |
33 | 33 | #endif |
34 | 34 | #define OPENSSL_VERSION_PTEXT " part of " OPENSSL_VERSION_TEXT |
35 | 35 |
@@ -5,6 +5,42 @@ | ||
5 | 5 | This file gives a brief overview of the major changes between each OpenSSL |
6 | 6 | release. For more details please read the CHANGES file. |
7 | 7 | |
8 | + Major changes between OpenSSL 1.0.1b and OpenSSL 1.0.1c: | |
9 | + | |
10 | + o Fix TLS/DTLS record length checking bug CVE-2012-2333 | |
11 | + o Don't attempt to use non-FIPS composite ciphers in FIPS mode. | |
12 | + | |
13 | + Major changes between OpenSSL 1.0.1a and OpenSSL 1.0.1b: | |
14 | + | |
15 | + o Fix compilation error on non-x86 platforms. | |
16 | + o Make FIPS capable OpenSSL ciphers work in non-FIPS mode. | |
17 | + o Fix SSL_OP_NO_TLSv1_1 clash with SSL_OP_ALL in OpenSSL 1.0.0 | |
18 | + | |
19 | + Major changes between OpenSSL 1.0.1 and OpenSSL 1.0.1a: | |
20 | + | |
21 | + o Fix for ASN1 overflow bug CVE-2012-2110 | |
22 | + o Workarounds for some servers that hang on long client hellos. | |
23 | + o Fix SEGV in AES code. | |
24 | + | |
25 | + Major changes between OpenSSL 1.0.0h and OpenSSL 1.0.1: | |
26 | + | |
27 | + o TLS/DTLS heartbeat support. | |
28 | + o SCTP support. | |
29 | + o RFC 5705 TLS key material exporter. | |
30 | + o RFC 5764 DTLS-SRTP negotiation. | |
31 | + o Next Protocol Negotiation. | |
32 | + o PSS signatures in certificates, requests and CRLs. | |
33 | + o Support for password based recipient info for CMS. | |
34 | + o Support TLS v1.2 and TLS v1.1. | |
35 | + o Preliminary FIPS capability for unvalidated 2.0 FIPS module. | |
36 | + o SRP support. | |
37 | + | |
38 | + Major changes between OpenSSL 1.0.0g and OpenSSL 1.0.0h: | |
39 | + | |
40 | + o Fix for CMS/PKCS#7 MMA CVE-2012-0884 | |
41 | + o Corrected fix for CVE-2011-4619 | |
42 | + o Various DTLS fixes. | |
43 | + | |
8 | 44 | Major changes between OpenSSL 1.0.0f and OpenSSL 1.0.0g: |
9 | 45 | |
10 | 46 | o Fix for DTLS DoS issue CVE-2012-0050 |
@@ -1,5 +1,5 @@ | ||
1 | 1 | |
2 | - OpenSSL 1.0.0g 18 Jan 2012 | |
2 | + OpenSSL 1.0.1c 10 May 2012 | |
3 | 3 | |
4 | 4 | Copyright (c) 1998-2011 The OpenSSL Project |
5 | 5 | Copyright (c) 1995-1998 Eric A. Young, Tim J. Hudson |
@@ -114,10 +114,10 @@ BOOL LoadOpenSSL() | ||
114 | 114 | return FALSE; |
115 | 115 | #ifdef ENABLE_PROCESS_PROTECTION |
116 | 116 | // 同梱するOpenSSLのバージョンに合わせてSHA1ハッシュ値を変更すること |
117 | - // ssleay32.dll 1.0.1b | |
118 | - RegisterTrustedModuleSHA1Hash("\x08\xF5\x8B\x24\x0A\xC0\xE9\x12\x80\x43\x46\xFF\xAE\x77\x30\xD9\xEB\x90\x9F\xB5"); | |
119 | - // libeay32.dll 1.0.1b | |
120 | - RegisterTrustedModuleSHA1Hash("\x8E\x4B\x7D\x8A\x11\xE4\xDB\xE7\xE8\xC8\x32\xBE\x20\xC9\xDF\x50\x94\x8D\x36\xDD"); | |
117 | + // ssleay32.dll 1.0.1c | |
118 | + RegisterTrustedModuleSHA1Hash("\x8A\xB5\x6D\x5E\x0B\x31\x80\x5E\x21\x55\x2D\x6E\x4F\xAF\xB1\x47\x7B\xD3\xB5\x23"); | |
119 | + // libeay32.dll 1.0.1c | |
120 | + RegisterTrustedModuleSHA1Hash("\xB4\x88\x17\x2E\x5C\x26\x9D\x62\x83\x65\x3A\xC1\x1B\xC9\x6E\x70\x1A\x8D\x6E\x76"); | |
121 | 121 | #endif |
122 | 122 | g_hOpenSSL = LoadLibrary("ssleay32.dll"); |
123 | 123 | // バージョン固定のためlibssl32.dllの読み込みは脆弱性の原因になり得るので廃止 |