FFFTPのソースコードです。
| Révision | c353d7633a10cc5a49a4d59448304dde9b36de74 (tree) |
|---|---|
| l'heure | 2012-05-18 21:36:27 |
| Auteur | s_kawamoto <s_kawamoto@user...> |
| Commiter | s_kawamoto |
Update OpenSSL to 1.0.1c.
FFFTP_Eng_Release/FFFTP.exe (diff) Release/FFFTP.exe (diff) contrib/openssl/bin/libeay32.dll (diff) contrib/openssl/bin/libssl32.dll (diff) contrib/openssl/bin/ssleay32.dll (diff)
contrib/openssl/changes.txt (diff) contrib/openssl/faq.txt (diff)
contrib/openssl/include/openssl/opensslv.h (diff) contrib/openssl/news.txt (diff) contrib/openssl/readme.txt (diff) dist/libeay32.dll (diff) dist/ssleay32.dll (diff)
socketwrapper.c (diff)| @@ -2,6 +2,379 @@ | ||
| 2 | 2 | OpenSSL CHANGES |
| 3 | 3 | _______________ |
| 4 | 4 | |
| 5 | + Changes between 1.0.1b and 1.0.1c [10 May 2012] | |
| 6 | + | |
| 7 | + *) Sanity check record length before skipping explicit IV in TLS | |
| 8 | + 1.2, 1.1 and DTLS to fix DoS attack. | |
| 9 | + | |
| 10 | + Thanks to Codenomicon for discovering this issue using Fuzz-o-Matic | |
| 11 | + fuzzing as a service testing platform. | |
| 12 | + (CVE-2012-2333) | |
| 13 | + [Steve Henson] | |
| 14 | + | |
| 15 | + *) Initialise tkeylen properly when encrypting CMS messages. | |
| 16 | + Thanks to Solar Designer of Openwall for reporting this issue. | |
| 17 | + [Steve Henson] | |
| 18 | + | |
| 19 | + *) In FIPS mode don't try to use composite ciphers as they are not | |
| 20 | + approved. | |
| 21 | + [Steve Henson] | |
| 22 | + | |
| 23 | + Changes between 1.0.1a and 1.0.1b [26 Apr 2012] | |
| 24 | + | |
| 25 | + *) OpenSSL 1.0.0 sets SSL_OP_ALL to 0x80000FFFL and OpenSSL 1.0.1 and | |
| 26 | + 1.0.1a set SSL_OP_NO_TLSv1_1 to 0x00000400L which would unfortunately | |
| 27 | + mean any application compiled against OpenSSL 1.0.0 headers setting | |
| 28 | + SSL_OP_ALL would also set SSL_OP_NO_TLSv1_1, unintentionally disablng | |
| 29 | + TLS 1.1 also. Fix this by changing the value of SSL_OP_NO_TLSv1_1 to | |
| 30 | + 0x10000000L Any application which was previously compiled against | |
| 31 | + OpenSSL 1.0.1 or 1.0.1a headers and which cares about SSL_OP_NO_TLSv1_1 | |
| 32 | + will need to be recompiled as a result. Letting be results in | |
| 33 | + inability to disable specifically TLS 1.1 and in client context, | |
| 34 | + in unlike event, limit maximum offered version to TLS 1.0 [see below]. | |
| 35 | + [Steve Henson] | |
| 36 | + | |
| 37 | + *) In order to ensure interoperabilty SSL_OP_NO_protocolX does not | |
| 38 | + disable just protocol X, but all protocols above X *if* there are | |
| 39 | + protocols *below* X still enabled. In more practical terms it means | |
| 40 | + that if application wants to disable TLS1.0 in favor of TLS1.1 and | |
| 41 | + above, it's not sufficient to pass SSL_OP_NO_TLSv1, one has to pass | |
| 42 | + SSL_OP_NO_TLSv1|SSL_OP_NO_SSLv3|SSL_OP_NO_SSLv2. This applies to | |
| 43 | + client side. | |
| 44 | + [Andy Polyakov] | |
| 45 | + | |
| 46 | + Changes between 1.0.1 and 1.0.1a [19 Apr 2012] | |
| 47 | + | |
| 48 | + *) Check for potentially exploitable overflows in asn1_d2i_read_bio | |
| 49 | + BUF_mem_grow and BUF_mem_grow_clean. Refuse attempts to shrink buffer | |
| 50 | + in CRYPTO_realloc_clean. | |
| 51 | + | |
| 52 | + Thanks to Tavis Ormandy, Google Security Team, for discovering this | |
| 53 | + issue and to Adam Langley <agl@chromium.org> for fixing it. | |
| 54 | + (CVE-2012-2110) | |
| 55 | + [Adam Langley (Google), Tavis Ormandy, Google Security Team] | |
| 56 | + | |
| 57 | + *) Don't allow TLS 1.2 SHA-256 ciphersuites in TLS 1.0, 1.1 connections. | |
| 58 | + [Adam Langley] | |
| 59 | + | |
| 60 | + *) Workarounds for some broken servers that "hang" if a client hello | |
| 61 | + record length exceeds 255 bytes. | |
| 62 | + | |
| 63 | + 1. Do not use record version number > TLS 1.0 in initial client | |
| 64 | + hello: some (but not all) hanging servers will now work. | |
| 65 | + 2. If we set OPENSSL_MAX_TLS1_2_CIPHER_LENGTH this will truncate | |
| 66 | + the number of ciphers sent in the client hello. This should be | |
| 67 | + set to an even number, such as 50, for example by passing: | |
| 68 | + -DOPENSSL_MAX_TLS1_2_CIPHER_LENGTH=50 to config or Configure. | |
| 69 | + Most broken servers should now work. | |
| 70 | + 3. If all else fails setting OPENSSL_NO_TLS1_2_CLIENT will disable | |
| 71 | + TLS 1.2 client support entirely. | |
| 72 | + [Steve Henson] | |
| 73 | + | |
| 74 | + *) Fix SEGV in Vector Permutation AES module observed in OpenSSH. | |
| 75 | + [Andy Polyakov] | |
| 76 | + | |
| 77 | + Changes between 1.0.0h and 1.0.1 [14 Mar 2012] | |
| 78 | + | |
| 79 | + *) Add compatibility with old MDC2 signatures which use an ASN1 OCTET | |
| 80 | + STRING form instead of a DigestInfo. | |
| 81 | + [Steve Henson] | |
| 82 | + | |
| 83 | + *) The format used for MDC2 RSA signatures is inconsistent between EVP | |
| 84 | + and the RSA_sign/RSA_verify functions. This was made more apparent when | |
| 85 | + OpenSSL used RSA_sign/RSA_verify for some RSA signatures in particular | |
| 86 | + those which went through EVP_PKEY_METHOD in 1.0.0 and later. Detect | |
| 87 | + the correct format in RSA_verify so both forms transparently work. | |
| 88 | + [Steve Henson] | |
| 89 | + | |
| 90 | + *) Some servers which support TLS 1.0 can choke if we initially indicate | |
| 91 | + support for TLS 1.2 and later renegotiate using TLS 1.0 in the RSA | |
| 92 | + encrypted premaster secret. As a workaround use the maximum pemitted | |
| 93 | + client version in client hello, this should keep such servers happy | |
| 94 | + and still work with previous versions of OpenSSL. | |
| 95 | + [Steve Henson] | |
| 96 | + | |
| 97 | + *) Add support for TLS/DTLS heartbeats. | |
| 98 | + [Robin Seggelmann <seggelmann@fh-muenster.de>] | |
| 99 | + | |
| 100 | + *) Add support for SCTP. | |
| 101 | + [Robin Seggelmann <seggelmann@fh-muenster.de>] | |
| 102 | + | |
| 103 | + *) Improved PRNG seeding for VOS. | |
| 104 | + [Paul Green <Paul.Green@stratus.com>] | |
| 105 | + | |
| 106 | + *) Extensive assembler packs updates, most notably: | |
| 107 | + | |
| 108 | + - x86[_64]: AES-NI, PCLMULQDQ, RDRAND support; | |
| 109 | + - x86[_64]: SSSE3 support (SHA1, vector-permutation AES); | |
| 110 | + - x86_64: bit-sliced AES implementation; | |
| 111 | + - ARM: NEON support, contemporary platforms optimizations; | |
| 112 | + - s390x: z196 support; | |
| 113 | + - *: GHASH and GF(2^m) multiplication implementations; | |
| 114 | + | |
| 115 | + [Andy Polyakov] | |
| 116 | + | |
| 117 | + *) Make TLS-SRP code conformant with RFC 5054 API cleanup | |
| 118 | + (removal of unnecessary code) | |
| 119 | + [Peter Sylvester <peter.sylvester@edelweb.fr>] | |
| 120 | + | |
| 121 | + *) Add TLS key material exporter from RFC 5705. | |
| 122 | + [Eric Rescorla] | |
| 123 | + | |
| 124 | + *) Add DTLS-SRTP negotiation from RFC 5764. | |
| 125 | + [Eric Rescorla] | |
| 126 | + | |
| 127 | + *) Add Next Protocol Negotiation, | |
| 128 | + http://tools.ietf.org/html/draft-agl-tls-nextprotoneg-00. Can be | |
| 129 | + disabled with a no-npn flag to config or Configure. Code donated | |
| 130 | + by Google. | |
| 131 | + [Adam Langley <agl@google.com> and Ben Laurie] | |
| 132 | + | |
| 133 | + *) Add optional 64-bit optimized implementations of elliptic curves NIST-P224, | |
| 134 | + NIST-P256, NIST-P521, with constant-time single point multiplication on | |
| 135 | + typical inputs. Compiler support for the nonstandard type __uint128_t is | |
| 136 | + required to use this (present in gcc 4.4 and later, for 64-bit builds). | |
| 137 | + Code made available under Apache License version 2.0. | |
| 138 | + | |
| 139 | + Specify "enable-ec_nistp_64_gcc_128" on the Configure (or config) command | |
| 140 | + line to include this in your build of OpenSSL, and run "make depend" (or | |
| 141 | + "make update"). This enables the following EC_METHODs: | |
| 142 | + | |
| 143 | + EC_GFp_nistp224_method() | |
| 144 | + EC_GFp_nistp256_method() | |
| 145 | + EC_GFp_nistp521_method() | |
| 146 | + | |
| 147 | + EC_GROUP_new_by_curve_name() will automatically use these (while | |
| 148 | + EC_GROUP_new_curve_GFp() currently prefers the more flexible | |
| 149 | + implementations). | |
| 150 | + [Emilia K舖per, Adam Langley, Bodo Moeller (Google)] | |
| 151 | + | |
| 152 | + *) Use type ossl_ssize_t instad of ssize_t which isn't available on | |
| 153 | + all platforms. Move ssize_t definition from e_os.h to the public | |
| 154 | + header file e_os2.h as it now appears in public header file cms.h | |
| 155 | + [Steve Henson] | |
| 156 | + | |
| 157 | + *) New -sigopt option to the ca, req and x509 utilities. Additional | |
| 158 | + signature parameters can be passed using this option and in | |
| 159 | + particular PSS. | |
| 160 | + [Steve Henson] | |
| 161 | + | |
| 162 | + *) Add RSA PSS signing function. This will generate and set the | |
| 163 | + appropriate AlgorithmIdentifiers for PSS based on those in the | |
| 164 | + corresponding EVP_MD_CTX structure. No application support yet. | |
| 165 | + [Steve Henson] | |
| 166 | + | |
| 167 | + *) Support for companion algorithm specific ASN1 signing routines. | |
| 168 | + New function ASN1_item_sign_ctx() signs a pre-initialised | |
| 169 | + EVP_MD_CTX structure and sets AlgorithmIdentifiers based on | |
| 170 | + the appropriate parameters. | |
| 171 | + [Steve Henson] | |
| 172 | + | |
| 173 | + *) Add new algorithm specific ASN1 verification initialisation function | |
| 174 | + to EVP_PKEY_ASN1_METHOD: this is not in EVP_PKEY_METHOD since the ASN1 | |
| 175 | + handling will be the same no matter what EVP_PKEY_METHOD is used. | |
| 176 | + Add a PSS handler to support verification of PSS signatures: checked | |
| 177 | + against a number of sample certificates. | |
| 178 | + [Steve Henson] | |
| 179 | + | |
| 180 | + *) Add signature printing for PSS. Add PSS OIDs. | |
| 181 | + [Steve Henson, Martin Kaiser <lists@kaiser.cx>] | |
| 182 | + | |
| 183 | + *) Add algorithm specific signature printing. An individual ASN1 method | |
| 184 | + can now print out signatures instead of the standard hex dump. | |
| 185 | + | |
| 186 | + More complex signatures (e.g. PSS) can print out more meaningful | |
| 187 | + information. Include DSA version that prints out the signature | |
| 188 | + parameters r, s. | |
| 189 | + [Steve Henson] | |
| 190 | + | |
| 191 | + *) Password based recipient info support for CMS library: implementing | |
| 192 | + RFC3211. | |
| 193 | + [Steve Henson] | |
| 194 | + | |
| 195 | + *) Split password based encryption into PBES2 and PBKDF2 functions. This | |
| 196 | + neatly separates the code into cipher and PBE sections and is required | |
| 197 | + for some algorithms that split PBES2 into separate pieces (such as | |
| 198 | + password based CMS). | |
| 199 | + [Steve Henson] | |
| 200 | + | |
| 201 | + *) Session-handling fixes: | |
| 202 | + - Fix handling of connections that are resuming with a session ID, | |
| 203 | + but also support Session Tickets. | |
| 204 | + - Fix a bug that suppressed issuing of a new ticket if the client | |
| 205 | + presented a ticket with an expired session. | |
| 206 | + - Try to set the ticket lifetime hint to something reasonable. | |
| 207 | + - Make tickets shorter by excluding irrelevant information. | |
| 208 | + - On the client side, don't ignore renewed tickets. | |
| 209 | + [Adam Langley, Bodo Moeller (Google)] | |
| 210 | + | |
| 211 | + *) Fix PSK session representation. | |
| 212 | + [Bodo Moeller] | |
| 213 | + | |
| 214 | + *) Add RC4-MD5 and AESNI-SHA1 "stitched" implementations. | |
| 215 | + | |
| 216 | + This work was sponsored by Intel. | |
| 217 | + [Andy Polyakov] | |
| 218 | + | |
| 219 | + *) Add GCM support to TLS library. Some custom code is needed to split | |
| 220 | + the IV between the fixed (from PRF) and explicit (from TLS record) | |
| 221 | + portions. This adds all GCM ciphersuites supported by RFC5288 and | |
| 222 | + RFC5289. Generalise some AES* cipherstrings to inlclude GCM and | |
| 223 | + add a special AESGCM string for GCM only. | |
| 224 | + [Steve Henson] | |
| 225 | + | |
| 226 | + *) Expand range of ctrls for AES GCM. Permit setting invocation | |
| 227 | + field on decrypt and retrieval of invocation field only on encrypt. | |
| 228 | + [Steve Henson] | |
| 229 | + | |
| 230 | + *) Add HMAC ECC ciphersuites from RFC5289. Include SHA384 PRF support. | |
| 231 | + As required by RFC5289 these ciphersuites cannot be used if for | |
| 232 | + versions of TLS earlier than 1.2. | |
| 233 | + [Steve Henson] | |
| 234 | + | |
| 235 | + *) For FIPS capable OpenSSL interpret a NULL default public key method | |
| 236 | + as unset and return the appopriate default but do *not* set the default. | |
| 237 | + This means we can return the appopriate method in applications that | |
| 238 | + swicth between FIPS and non-FIPS modes. | |
| 239 | + [Steve Henson] | |
| 240 | + | |
| 241 | + *) Redirect HMAC and CMAC operations to FIPS module in FIPS mode. If an | |
| 242 | + ENGINE is used then we cannot handle that in the FIPS module so we | |
| 243 | + keep original code iff non-FIPS operations are allowed. | |
| 244 | + [Steve Henson] | |
| 245 | + | |
| 246 | + *) Add -attime option to openssl utilities. | |
| 247 | + [Peter Eckersley <pde@eff.org>, Ben Laurie and Steve Henson] | |
| 248 | + | |
| 249 | + *) Redirect DSA and DH operations to FIPS module in FIPS mode. | |
| 250 | + [Steve Henson] | |
| 251 | + | |
| 252 | + *) Redirect ECDSA and ECDH operations to FIPS module in FIPS mode. Also use | |
| 253 | + FIPS EC methods unconditionally for now. | |
| 254 | + [Steve Henson] | |
| 255 | + | |
| 256 | + *) New build option no-ec2m to disable characteristic 2 code. | |
| 257 | + [Steve Henson] | |
| 258 | + | |
| 259 | + *) Backport libcrypto audit of return value checking from 1.1.0-dev; not | |
| 260 | + all cases can be covered as some introduce binary incompatibilities. | |
| 261 | + [Steve Henson] | |
| 262 | + | |
| 263 | + *) Redirect RSA operations to FIPS module including keygen, | |
| 264 | + encrypt, decrypt, sign and verify. Block use of non FIPS RSA methods. | |
| 265 | + [Steve Henson] | |
| 266 | + | |
| 267 | + *) Add similar low level API blocking to ciphers. | |
| 268 | + [Steve Henson] | |
| 269 | + | |
| 270 | + *) Low level digest APIs are not approved in FIPS mode: any attempt | |
| 271 | + to use these will cause a fatal error. Applications that *really* want | |
| 272 | + to use them can use the private_* version instead. | |
| 273 | + [Steve Henson] | |
| 274 | + | |
| 275 | + *) Redirect cipher operations to FIPS module for FIPS builds. | |
| 276 | + [Steve Henson] | |
| 277 | + | |
| 278 | + *) Redirect digest operations to FIPS module for FIPS builds. | |
| 279 | + [Steve Henson] | |
| 280 | + | |
| 281 | + *) Update build system to add "fips" flag which will link in fipscanister.o | |
| 282 | + for static and shared library builds embedding a signature if needed. | |
| 283 | + [Steve Henson] | |
| 284 | + | |
| 285 | + *) Output TLS supported curves in preference order instead of numerical | |
| 286 | + order. This is currently hardcoded for the highest order curves first. | |
| 287 | + This should be configurable so applications can judge speed vs strength. | |
| 288 | + [Steve Henson] | |
| 289 | + | |
| 290 | + *) Add TLS v1.2 server support for client authentication. | |
| 291 | + [Steve Henson] | |
| 292 | + | |
| 293 | + *) Add support for FIPS mode in ssl library: disable SSLv3, non-FIPS ciphers | |
| 294 | + and enable MD5. | |
| 295 | + [Steve Henson] | |
| 296 | + | |
| 297 | + *) Functions FIPS_mode_set() and FIPS_mode() which call the underlying | |
| 298 | + FIPS modules versions. | |
| 299 | + [Steve Henson] | |
| 300 | + | |
| 301 | + *) Add TLS v1.2 client side support for client authentication. Keep cache | |
| 302 | + of handshake records longer as we don't know the hash algorithm to use | |
| 303 | + until after the certificate request message is received. | |
| 304 | + [Steve Henson] | |
| 305 | + | |
| 306 | + *) Initial TLS v1.2 client support. Add a default signature algorithms | |
| 307 | + extension including all the algorithms we support. Parse new signature | |
| 308 | + format in client key exchange. Relax some ECC signing restrictions for | |
| 309 | + TLS v1.2 as indicated in RFC5246. | |
| 310 | + [Steve Henson] | |
| 311 | + | |
| 312 | + *) Add server support for TLS v1.2 signature algorithms extension. Switch | |
| 313 | + to new signature format when needed using client digest preference. | |
| 314 | + All server ciphersuites should now work correctly in TLS v1.2. No client | |
| 315 | + support yet and no support for client certificates. | |
| 316 | + [Steve Henson] | |
| 317 | + | |
| 318 | + *) Initial TLS v1.2 support. Add new SHA256 digest to ssl code, switch | |
| 319 | + to SHA256 for PRF when using TLS v1.2 and later. Add new SHA256 based | |
| 320 | + ciphersuites. At present only RSA key exchange ciphersuites work with | |
| 321 | + TLS v1.2. Add new option for TLS v1.2 replacing the old and obsolete | |
| 322 | + SSL_OP_PKCS1_CHECK flags with SSL_OP_NO_TLSv1_2. New TLSv1.2 methods | |
| 323 | + and version checking. | |
| 324 | + [Steve Henson] | |
| 325 | + | |
| 326 | + *) New option OPENSSL_NO_SSL_INTERN. If an application can be compiled | |
| 327 | + with this defined it will not be affected by any changes to ssl internal | |
| 328 | + structures. Add several utility functions to allow openssl application | |
| 329 | + to work with OPENSSL_NO_SSL_INTERN defined. | |
| 330 | + [Steve Henson] | |
| 331 | + | |
| 332 | + *) Add SRP support. | |
| 333 | + [Tom Wu <tjw@cs.stanford.edu> and Ben Laurie] | |
| 334 | + | |
| 335 | + *) Add functions to copy EVP_PKEY_METHOD and retrieve flags and id. | |
| 336 | + [Steve Henson] | |
| 337 | + | |
| 338 | + *) Permit abbreviated handshakes when renegotiating using the function | |
| 339 | + SSL_renegotiate_abbreviated(). | |
| 340 | + [Robin Seggelmann <seggelmann@fh-muenster.de>] | |
| 341 | + | |
| 342 | + *) Add call to ENGINE_register_all_complete() to | |
| 343 | + ENGINE_load_builtin_engines(), so some implementations get used | |
| 344 | + automatically instead of needing explicit application support. | |
| 345 | + [Steve Henson] | |
| 346 | + | |
| 347 | + *) Add support for TLS key exporter as described in RFC5705. | |
| 348 | + [Robin Seggelmann <seggelmann@fh-muenster.de>, Steve Henson] | |
| 349 | + | |
| 350 | + *) Initial TLSv1.1 support. Since TLSv1.1 is very similar to TLS v1.0 only | |
| 351 | + a few changes are required: | |
| 352 | + | |
| 353 | + Add SSL_OP_NO_TLSv1_1 flag. | |
| 354 | + Add TLSv1_1 methods. | |
| 355 | + Update version checking logic to handle version 1.1. | |
| 356 | + Add explicit IV handling (ported from DTLS code). | |
| 357 | + Add command line options to s_client/s_server. | |
| 358 | + [Steve Henson] | |
| 359 | + | |
| 360 | + Changes between 1.0.0g and 1.0.0h [12 Mar 2012] | |
| 361 | + | |
| 362 | + *) Fix MMA (Bleichenbacher's attack on PKCS #1 v1.5 RSA padding) weakness | |
| 363 | + in CMS and PKCS7 code. When RSA decryption fails use a random key for | |
| 364 | + content decryption and always return the same error. Note: this attack | |
| 365 | + needs on average 2^20 messages so it only affects automated senders. The | |
| 366 | + old behaviour can be reenabled in the CMS code by setting the | |
| 367 | + CMS_DEBUG_DECRYPT flag: this is useful for debugging and testing where | |
| 368 | + an MMA defence is not necessary. | |
| 369 | + Thanks to Ivan Nestlerode <inestlerode@us.ibm.com> for discovering | |
| 370 | + this issue. (CVE-2012-0884) | |
| 371 | + [Steve Henson] | |
| 372 | + | |
| 373 | + *) Fix CVE-2011-4619: make sure we really are receiving a | |
| 374 | + client hello before rejecting multiple SGC restarts. Thanks to | |
| 375 | + Ivan Nestlerode <inestlerode@us.ibm.com> for discovering this bug. | |
| 376 | + [Steve Henson] | |
| 377 | + | |
| 5 | 378 | Changes between 1.0.0f and 1.0.0g [18 Jan 2012] |
| 6 | 379 | |
| 7 | 380 | *) Fix for DTLS DoS issue introduced by fix for CVE-2011-4109. |
| @@ -10,6 +10,7 @@ OpenSSL - Frequently Asked Questions | ||
| 10 | 10 | * Why aren't tools like 'autoconf' and 'libtool' used? |
| 11 | 11 | * What is an 'engine' version? |
| 12 | 12 | * How do I check the authenticity of the OpenSSL distribution? |
| 13 | +* How does the versioning scheme work? | |
| 13 | 14 | |
| 14 | 15 | [LEGAL] Legal questions |
| 15 | 16 |
| @@ -82,7 +83,7 @@ OpenSSL - Frequently Asked Questions | ||
| 82 | 83 | * Which is the current version of OpenSSL? |
| 83 | 84 | |
| 84 | 85 | The current version is available from <URL: http://www.openssl.org>. |
| 85 | -OpenSSL 1.0.0g was released on Jan 18th, 2012. | |
| 86 | +OpenSSL 1.0.1c was released on May 10th, 2012. | |
| 86 | 87 | |
| 87 | 88 | In addition to the current stable release, you can also access daily |
| 88 | 89 | snapshots of the OpenSSL development version at <URL: |
| @@ -108,7 +109,9 @@ In addition, you can read the most current versions at | ||
| 108 | 109 | <URL: http://www.openssl.org/docs/>. Note that the online documents refer |
| 109 | 110 | to the very latest development versions of OpenSSL and may include features |
| 110 | 111 | not present in released versions. If in doubt refer to the documentation |
| 111 | -that came with the version of OpenSSL you are using. | |
| 112 | +that came with the version of OpenSSL you are using. The pod format | |
| 113 | +documentation is included in each OpenSSL distribution under the docs | |
| 114 | +directory. | |
| 112 | 115 | |
| 113 | 116 | For information on parts of libcrypto that are not yet documented, you |
| 114 | 117 | might want to read Ariel Glenn's documentation on SSLeay 0.9, OpenSSL's |
| @@ -173,6 +176,19 @@ just do: | ||
| 173 | 176 | |
| 174 | 177 | pgp TARBALL.asc |
| 175 | 178 | |
| 179 | +* How does the versioning scheme work? | |
| 180 | + | |
| 181 | +After the release of OpenSSL 1.0.0 the versioning scheme changed. Letter | |
| 182 | +releases (e.g. 1.0.1a) can only contain bug and security fixes and no | |
| 183 | +new features. Minor releases change the last number (e.g. 1.0.2) and | |
| 184 | +can contain new features that retain binary compatibility. Changes to | |
| 185 | +the middle number are considered major releases and neither source nor | |
| 186 | +binary compatibility is guaranteed. | |
| 187 | + | |
| 188 | +Therefore the answer to the common question "when will feature X be | |
| 189 | +backported to OpenSSL 1.0.0/0.9.8?" is "never" but it could appear | |
| 190 | +in the next minor release. | |
| 191 | + | |
| 176 | 192 | [LEGAL] ======================================================================= |
| 177 | 193 | |
| 178 | 194 | * Do I need patent licenses to use OpenSSL? |
| @@ -284,7 +300,7 @@ current directory in this case, but this has changed with 0.9.6a.) | ||
| 284 | 300 | Check out the CA.pl(1) manual page. This provides a simple wrapper round |
| 285 | 301 | the 'req', 'verify', 'ca' and 'pkcs12' utilities. For finer control check |
| 286 | 302 | out the manual pages for the individual utilities and the certificate |
| 287 | -extensions documentation (currently in doc/openssl.txt). | |
| 303 | +extensions documentation (in ca(1), req(1), x509v3_config(5) ) | |
| 288 | 304 | |
| 289 | 305 | |
| 290 | 306 | * Why can't I create certificate requests? |
| @@ -25,11 +25,11 @@ | ||
| 25 | 25 | * (Prior to 0.9.5a beta1, a different scheme was used: MMNNFFRBB for |
| 26 | 26 | * major minor fix final patch/beta) |
| 27 | 27 | */ |
| 28 | -#define OPENSSL_VERSION_NUMBER 0x1000102fL | |
| 28 | +#define OPENSSL_VERSION_NUMBER 0x1000103fL | |
| 29 | 29 | #ifdef OPENSSL_FIPS |
| 30 | -#define OPENSSL_VERSION_TEXT "OpenSSL 1.0.1b-fips 26 Apr 2012" | |
| 30 | +#define OPENSSL_VERSION_TEXT "OpenSSL 1.0.1c-fips 10 May 2012" | |
| 31 | 31 | #else |
| 32 | -#define OPENSSL_VERSION_TEXT "OpenSSL 1.0.1b 26 Apr 2012" | |
| 32 | +#define OPENSSL_VERSION_TEXT "OpenSSL 1.0.1c 10 May 2012" | |
| 33 | 33 | #endif |
| 34 | 34 | #define OPENSSL_VERSION_PTEXT " part of " OPENSSL_VERSION_TEXT |
| 35 | 35 |
| @@ -5,6 +5,42 @@ | ||
| 5 | 5 | This file gives a brief overview of the major changes between each OpenSSL |
| 6 | 6 | release. For more details please read the CHANGES file. |
| 7 | 7 | |
| 8 | + Major changes between OpenSSL 1.0.1b and OpenSSL 1.0.1c: | |
| 9 | + | |
| 10 | + o Fix TLS/DTLS record length checking bug CVE-2012-2333 | |
| 11 | + o Don't attempt to use non-FIPS composite ciphers in FIPS mode. | |
| 12 | + | |
| 13 | + Major changes between OpenSSL 1.0.1a and OpenSSL 1.0.1b: | |
| 14 | + | |
| 15 | + o Fix compilation error on non-x86 platforms. | |
| 16 | + o Make FIPS capable OpenSSL ciphers work in non-FIPS mode. | |
| 17 | + o Fix SSL_OP_NO_TLSv1_1 clash with SSL_OP_ALL in OpenSSL 1.0.0 | |
| 18 | + | |
| 19 | + Major changes between OpenSSL 1.0.1 and OpenSSL 1.0.1a: | |
| 20 | + | |
| 21 | + o Fix for ASN1 overflow bug CVE-2012-2110 | |
| 22 | + o Workarounds for some servers that hang on long client hellos. | |
| 23 | + o Fix SEGV in AES code. | |
| 24 | + | |
| 25 | + Major changes between OpenSSL 1.0.0h and OpenSSL 1.0.1: | |
| 26 | + | |
| 27 | + o TLS/DTLS heartbeat support. | |
| 28 | + o SCTP support. | |
| 29 | + o RFC 5705 TLS key material exporter. | |
| 30 | + o RFC 5764 DTLS-SRTP negotiation. | |
| 31 | + o Next Protocol Negotiation. | |
| 32 | + o PSS signatures in certificates, requests and CRLs. | |
| 33 | + o Support for password based recipient info for CMS. | |
| 34 | + o Support TLS v1.2 and TLS v1.1. | |
| 35 | + o Preliminary FIPS capability for unvalidated 2.0 FIPS module. | |
| 36 | + o SRP support. | |
| 37 | + | |
| 38 | + Major changes between OpenSSL 1.0.0g and OpenSSL 1.0.0h: | |
| 39 | + | |
| 40 | + o Fix for CMS/PKCS#7 MMA CVE-2012-0884 | |
| 41 | + o Corrected fix for CVE-2011-4619 | |
| 42 | + o Various DTLS fixes. | |
| 43 | + | |
| 8 | 44 | Major changes between OpenSSL 1.0.0f and OpenSSL 1.0.0g: |
| 9 | 45 | |
| 10 | 46 | o Fix for DTLS DoS issue CVE-2012-0050 |
| @@ -1,5 +1,5 @@ | ||
| 1 | 1 | |
| 2 | - OpenSSL 1.0.0g 18 Jan 2012 | |
| 2 | + OpenSSL 1.0.1c 10 May 2012 | |
| 3 | 3 | |
| 4 | 4 | Copyright (c) 1998-2011 The OpenSSL Project |
| 5 | 5 | Copyright (c) 1995-1998 Eric A. Young, Tim J. Hudson |
| @@ -114,10 +114,10 @@ BOOL LoadOpenSSL() | ||
| 114 | 114 | return FALSE; |
| 115 | 115 | #ifdef ENABLE_PROCESS_PROTECTION |
| 116 | 116 | // 同梱するOpenSSLのバージョンに合わせてSHA1ハッシュ値を変更すること |
| 117 | - // ssleay32.dll 1.0.1b | |
| 118 | - RegisterTrustedModuleSHA1Hash("\x08\xF5\x8B\x24\x0A\xC0\xE9\x12\x80\x43\x46\xFF\xAE\x77\x30\xD9\xEB\x90\x9F\xB5"); | |
| 119 | - // libeay32.dll 1.0.1b | |
| 120 | - RegisterTrustedModuleSHA1Hash("\x8E\x4B\x7D\x8A\x11\xE4\xDB\xE7\xE8\xC8\x32\xBE\x20\xC9\xDF\x50\x94\x8D\x36\xDD"); | |
| 117 | + // ssleay32.dll 1.0.1c | |
| 118 | + RegisterTrustedModuleSHA1Hash("\x8A\xB5\x6D\x5E\x0B\x31\x80\x5E\x21\x55\x2D\x6E\x4F\xAF\xB1\x47\x7B\xD3\xB5\x23"); | |
| 119 | + // libeay32.dll 1.0.1c | |
| 120 | + RegisterTrustedModuleSHA1Hash("\xB4\x88\x17\x2E\x5C\x26\x9D\x62\x83\x65\x3A\xC1\x1B\xC9\x6E\x70\x1A\x8D\x6E\x76"); | |
| 121 | 121 | #endif |
| 122 | 122 | g_hOpenSSL = LoadLibrary("ssleay32.dll"); |
| 123 | 123 | // バージョン固定のためlibssl32.dllの読み込みは脆弱性の原因になり得るので廃止 |
Fork