• R/O
  • HTTP
  • SSH
  • HTTPS

Commit

Frequently used words (click to add to your profile)

javac++androidlinuxc#windowsobjective-ccocoa誰得qtpythonphprubygameguibathyscaphec計画中(planning stage)翻訳omegatframeworktwitterdomtestvb.netdirectxゲームエンジンbtronarduinopreviewer

Loweynet


Commit MetaInfo

Révision252948a5235856e93a1035c3f74a68442c8ea0ff (tree)
l'heure2013-02-07 23:13:56
Auteurs_kawamoto <s_kawamoto@user...>
Commiters_kawamoto

Message de Log

Update OpenSSL to 1.0.1d.

Change Summary

Modification

Binary files a/FFFTP_Eng_Release/FFFTP.exe and b/FFFTP_Eng_Release/FFFTP.exe differ
Binary files a/Release/FFFTP.exe and b/Release/FFFTP.exe differ
Binary files a/contrib/openssl/bin/libeay32.dll and b/contrib/openssl/bin/libeay32.dll differ
Binary files a/contrib/openssl/bin/libssl32.dll and b/contrib/openssl/bin/libssl32.dll differ
Binary files a/contrib/openssl/bin/ssleay32.dll and b/contrib/openssl/bin/ssleay32.dll differ
--- a/contrib/openssl/changes.txt
+++ b/contrib/openssl/changes.txt
@@ -2,6 +2,49 @@
22 OpenSSL CHANGES
33 _______________
44
5+ Changes between 1.0.1c and 1.0.1d [5 Feb 2013]
6+
7+ *) Make the decoding of SSLv3, TLS and DTLS CBC records constant time.
8+
9+ This addresses the flaw in CBC record processing discovered by
10+ Nadhem Alfardan and Kenny Paterson. Details of this attack can be found
11+ at: http://www.isg.rhul.ac.uk/tls/
12+
13+ Thanks go to Nadhem Alfardan and Kenny Paterson of the Information
14+ Security Group at Royal Holloway, University of London
15+ (www.isg.rhul.ac.uk) for discovering this flaw and Adam Langley and
16+ Emilia Käsper for the initial patch.
17+ (CVE-2013-0169)
18+ [Emilia Käsper, Adam Langley, Ben Laurie, Andy Polyakov, Steve Henson]
19+
20+ *) Fix flaw in AESNI handling of TLS 1.2 and 1.1 records for CBC mode
21+ ciphersuites which can be exploited in a denial of service attack.
22+ Thanks go to and to Adam Langley <agl@chromium.org> for discovering
23+ and detecting this bug and to Wolfgang Ettlinger
24+ <wolfgang.ettlinger@gmail.com> for independently discovering this issue.
25+ (CVE-2012-2686)
26+ [Adam Langley]
27+
28+ *) Return an error when checking OCSP signatures when key is NULL.
29+ This fixes a DoS attack. (CVE-2013-0166)
30+ [Steve Henson]
31+
32+ *) Make openssl verify return errors.
33+ [Chris Palmer <palmer@google.com> and Ben Laurie]
34+
35+ *) Call OCSP Stapling callback after ciphersuite has been chosen, so
36+ the right response is stapled. Also change SSL_get_certificate()
37+ so it returns the certificate actually sent.
38+ See http://rt.openssl.org/Ticket/Display.html?id=2836.
39+ [Rob Stradling <rob.stradling@comodo.com>]
40+
41+ *) Fix possible deadlock when decoding public keys.
42+ [Steve Henson]
43+
44+ *) Don't use TLS 1.0 record version number in initial client hello
45+ if renegotiating.
46+ [Steve Henson]
47+
548 Changes between 1.0.1b and 1.0.1c [10 May 2012]
649
750 *) Sanity check record length before skipping explicit IV in TLS
--- a/contrib/openssl/faq.txt
+++ b/contrib/openssl/faq.txt
@@ -83,7 +83,7 @@ OpenSSL - Frequently Asked Questions
8383 * Which is the current version of OpenSSL?
8484
8585 The current version is available from <URL: http://www.openssl.org>.
86-OpenSSL 1.0.1c was released on May 10th, 2012.
86+OpenSSL 1.0.1d was released on Feb 5th, 2013.
8787
8888 In addition to the current stable release, you can also access daily
8989 snapshots of the OpenSSL development version at <URL:
--- a/contrib/openssl/include/openssl/crypto.h
+++ b/contrib/openssl/include/openssl/crypto.h
@@ -488,10 +488,10 @@ void CRYPTO_get_mem_debug_functions(void (**m)(void *,int,const char *,int,int),
488488 long (**go)(void));
489489
490490 void *CRYPTO_malloc_locked(int num, const char *file, int line);
491-void CRYPTO_free_locked(void *);
491+void CRYPTO_free_locked(void *ptr);
492492 void *CRYPTO_malloc(int num, const char *file, int line);
493493 char *CRYPTO_strdup(const char *str, const char *file, int line);
494-void CRYPTO_free(void *);
494+void CRYPTO_free(void *ptr);
495495 void *CRYPTO_realloc(void *addr,int num, const char *file, int line);
496496 void *CRYPTO_realloc_clean(void *addr,int old_num,int num,const char *file,
497497 int line);
@@ -574,6 +574,13 @@ void OPENSSL_init(void);
574574 #define fips_cipher_abort(alg) while(0)
575575 #endif
576576
577+/* CRYPTO_memcmp returns zero iff the |len| bytes at |a| and |b| are equal. It
578+ * takes an amount of time dependent on |len|, but independent of the contents
579+ * of |a| and |b|. Unlike memcmp, it cannot be used to put elements into a
580+ * defined order as the return value when a != b is undefined, other than to be
581+ * non-zero. */
582+int CRYPTO_memcmp(const void *a, const void *b, size_t len);
583+
577584 /* BEGIN ERROR CODES */
578585 /* The following lines are auto generated by the script mkerr.pl. Any changes
579586 * made after this point may be overwritten when the script is next run.
--- a/contrib/openssl/include/openssl/dtls1.h
+++ b/contrib/openssl/include/openssl/dtls1.h
@@ -72,8 +72,12 @@
7272 #elif defined(OPENSSL_SYS_NETWARE) && !defined(_WINSOCK2API_)
7373 #include <sys/timeval.h>
7474 #else
75+#if defined(OPENSSL_SYS_VXWORKS)
76+#include <sys/times.h>
77+#else
7578 #include <sys/time.h>
7679 #endif
80+#endif
7781
7882 #ifdef __cplusplus
7983 extern "C" {
--- a/contrib/openssl/include/openssl/ec.h
+++ b/contrib/openssl/include/openssl/ec.h
@@ -274,10 +274,10 @@ int EC_GROUP_get_curve_name(const EC_GROUP *group);
274274 void EC_GROUP_set_asn1_flag(EC_GROUP *group, int flag);
275275 int EC_GROUP_get_asn1_flag(const EC_GROUP *group);
276276
277-void EC_GROUP_set_point_conversion_form(EC_GROUP *, point_conversion_form_t);
277+void EC_GROUP_set_point_conversion_form(EC_GROUP *group, point_conversion_form_t form);
278278 point_conversion_form_t EC_GROUP_get_point_conversion_form(const EC_GROUP *);
279279
280-unsigned char *EC_GROUP_get0_seed(const EC_GROUP *);
280+unsigned char *EC_GROUP_get0_seed(const EC_GROUP *x);
281281 size_t EC_GROUP_get_seed_len(const EC_GROUP *);
282282 size_t EC_GROUP_set_seed(EC_GROUP *, const unsigned char *, size_t len);
283283
@@ -626,8 +626,8 @@ int EC_POINT_is_on_curve(const EC_GROUP *group, const EC_POINT *point, BN_CTX *c
626626 */
627627 int EC_POINT_cmp(const EC_GROUP *group, const EC_POINT *a, const EC_POINT *b, BN_CTX *ctx);
628628
629-int EC_POINT_make_affine(const EC_GROUP *, EC_POINT *, BN_CTX *);
630-int EC_POINTs_make_affine(const EC_GROUP *, size_t num, EC_POINT *[], BN_CTX *);
629+int EC_POINT_make_affine(const EC_GROUP *group, EC_POINT *point, BN_CTX *ctx);
630+int EC_POINTs_make_affine(const EC_GROUP *group, size_t num, EC_POINT *points[], BN_CTX *ctx);
631631
632632 /** Computes r = generator * n sum_{i=0}^num p[i] * m[i]
633633 * \param group underlying EC_GROUP object
@@ -800,16 +800,24 @@ const EC_POINT *EC_KEY_get0_public_key(const EC_KEY *key);
800800 int EC_KEY_set_public_key(EC_KEY *key, const EC_POINT *pub);
801801
802802 unsigned EC_KEY_get_enc_flags(const EC_KEY *key);
803-void EC_KEY_set_enc_flags(EC_KEY *, unsigned int);
804-point_conversion_form_t EC_KEY_get_conv_form(const EC_KEY *);
805-void EC_KEY_set_conv_form(EC_KEY *, point_conversion_form_t);
803+void EC_KEY_set_enc_flags(EC_KEY *eckey, unsigned int flags);
804+point_conversion_form_t EC_KEY_get_conv_form(const EC_KEY *key);
805+void EC_KEY_set_conv_form(EC_KEY *eckey, point_conversion_form_t cform);
806806 /* functions to set/get method specific data */
807-void *EC_KEY_get_key_method_data(EC_KEY *,
807+void *EC_KEY_get_key_method_data(EC_KEY *key,
808808 void *(*dup_func)(void *), void (*free_func)(void *), void (*clear_free_func)(void *));
809-void EC_KEY_insert_key_method_data(EC_KEY *, void *data,
809+/** Sets the key method data of an EC_KEY object, if none has yet been set.
810+ * \param key EC_KEY object
811+ * \param data opaque data to install.
812+ * \param dup_func a function that duplicates |data|.
813+ * \param free_func a function that frees |data|.
814+ * \param clear_free_func a function that wipes and frees |data|.
815+ * \return the previously set data pointer, or NULL if |data| was inserted.
816+ */
817+void *EC_KEY_insert_key_method_data(EC_KEY *key, void *data,
810818 void *(*dup_func)(void *), void (*free_func)(void *), void (*clear_free_func)(void *));
811819 /* wrapper functions for the underlying EC_GROUP object */
812-void EC_KEY_set_asn1_flag(EC_KEY *, int);
820+void EC_KEY_set_asn1_flag(EC_KEY *eckey, int asn1_flag);
813821
814822 /** Creates a table of pre-computed multiples of the generator to
815823 * accelerate further EC_KEY operations.
--- a/contrib/openssl/include/openssl/evp.h
+++ b/contrib/openssl/include/openssl/evp.h
@@ -402,7 +402,6 @@ struct evp_cipher_st
402402 /* Length of tag for TLS */
403403 #define EVP_GCM_TLS_TAG_LEN 16
404404
405-
406405 typedef struct evp_cipher_info_st
407406 {
408407 const EVP_CIPHER *cipher;
@@ -789,8 +788,8 @@ const EVP_CIPHER *EVP_aes_128_cfb128(void);
789788 # define EVP_aes_128_cfb EVP_aes_128_cfb128
790789 const EVP_CIPHER *EVP_aes_128_ofb(void);
791790 const EVP_CIPHER *EVP_aes_128_ctr(void);
792-const EVP_CIPHER *EVP_aes_128_gcm(void);
793791 const EVP_CIPHER *EVP_aes_128_ccm(void);
792+const EVP_CIPHER *EVP_aes_128_gcm(void);
794793 const EVP_CIPHER *EVP_aes_128_xts(void);
795794 const EVP_CIPHER *EVP_aes_192_ecb(void);
796795 const EVP_CIPHER *EVP_aes_192_cbc(void);
@@ -800,8 +799,8 @@ const EVP_CIPHER *EVP_aes_192_cfb128(void);
800799 # define EVP_aes_192_cfb EVP_aes_192_cfb128
801800 const EVP_CIPHER *EVP_aes_192_ofb(void);
802801 const EVP_CIPHER *EVP_aes_192_ctr(void);
803-const EVP_CIPHER *EVP_aes_192_gcm(void);
804802 const EVP_CIPHER *EVP_aes_192_ccm(void);
803+const EVP_CIPHER *EVP_aes_192_gcm(void);
805804 const EVP_CIPHER *EVP_aes_256_ecb(void);
806805 const EVP_CIPHER *EVP_aes_256_cbc(void);
807806 const EVP_CIPHER *EVP_aes_256_cfb1(void);
@@ -810,8 +809,8 @@ const EVP_CIPHER *EVP_aes_256_cfb128(void);
810809 # define EVP_aes_256_cfb EVP_aes_256_cfb128
811810 const EVP_CIPHER *EVP_aes_256_ofb(void);
812811 const EVP_CIPHER *EVP_aes_256_ctr(void);
813-const EVP_CIPHER *EVP_aes_256_gcm(void);
814812 const EVP_CIPHER *EVP_aes_256_ccm(void);
813+const EVP_CIPHER *EVP_aes_256_gcm(void);
815814 const EVP_CIPHER *EVP_aes_256_xts(void);
816815 #if !defined(OPENSSL_NO_SHA) && !defined(OPENSSL_NO_SHA1)
817816 const EVP_CIPHER *EVP_aes_128_cbc_hmac_sha1(void);
@@ -1243,6 +1242,8 @@ void EVP_PKEY_meth_set_ctrl(EVP_PKEY_METHOD *pmeth,
12431242 int (*ctrl_str)(EVP_PKEY_CTX *ctx,
12441243 const char *type, const char *value));
12451244
1245+void EVP_add_alg_module(void);
1246+
12461247 /* BEGIN ERROR CODES */
12471248 /* The following lines are auto generated by the script mkerr.pl. Any changes
12481249 * made after this point may be overwritten when the script is next run.
@@ -1257,6 +1258,7 @@ void ERR_load_EVP_strings(void);
12571258 #define EVP_F_AES_INIT_KEY 133
12581259 #define EVP_F_AES_XTS 172
12591260 #define EVP_F_AES_XTS_CIPHER 175
1261+#define EVP_F_ALG_MODULE_INIT 177
12601262 #define EVP_F_CAMELLIA_INIT_KEY 159
12611263 #define EVP_F_CMAC_INIT 173
12621264 #define EVP_F_D2I_PKEY 100
@@ -1350,15 +1352,19 @@ void ERR_load_EVP_strings(void);
13501352 #define EVP_R_DIFFERENT_PARAMETERS 153
13511353 #define EVP_R_DISABLED_FOR_FIPS 163
13521354 #define EVP_R_ENCODE_ERROR 115
1355+#define EVP_R_ERROR_LOADING_SECTION 165
1356+#define EVP_R_ERROR_SETTING_FIPS_MODE 166
13531357 #define EVP_R_EVP_PBE_CIPHERINIT_ERROR 119
13541358 #define EVP_R_EXPECTING_AN_RSA_KEY 127
13551359 #define EVP_R_EXPECTING_A_DH_KEY 128
13561360 #define EVP_R_EXPECTING_A_DSA_KEY 129
13571361 #define EVP_R_EXPECTING_A_ECDSA_KEY 141
13581362 #define EVP_R_EXPECTING_A_EC_KEY 142
1363+#define EVP_R_FIPS_MODE_NOT_SUPPORTED 167
13591364 #define EVP_R_INITIALIZATION_ERROR 134
13601365 #define EVP_R_INPUT_NOT_INITIALIZED 111
13611366 #define EVP_R_INVALID_DIGEST 152
1367+#define EVP_R_INVALID_FIPS_MODE 168
13621368 #define EVP_R_INVALID_KEY_LENGTH 130
13631369 #define EVP_R_INVALID_OPERATION 148
13641370 #define EVP_R_IV_TOO_LARGE 102
@@ -1383,6 +1389,7 @@ void ERR_load_EVP_strings(void);
13831389 #define EVP_R_TOO_LARGE 164
13841390 #define EVP_R_UNKNOWN_CIPHER 160
13851391 #define EVP_R_UNKNOWN_DIGEST 161
1392+#define EVP_R_UNKNOWN_OPTION 169
13861393 #define EVP_R_UNKNOWN_PBE_ALGORITHM 121
13871394 #define EVP_R_UNSUPORTED_NUMBER_OF_ROUNDS 135
13881395 #define EVP_R_UNSUPPORTED_ALGORITHM 156
--- a/contrib/openssl/include/openssl/opensslv.h
+++ b/contrib/openssl/include/openssl/opensslv.h
@@ -25,11 +25,11 @@
2525 * (Prior to 0.9.5a beta1, a different scheme was used: MMNNFFRBB for
2626 * major minor fix final patch/beta)
2727 */
28-#define OPENSSL_VERSION_NUMBER 0x1000103fL
28+#define OPENSSL_VERSION_NUMBER 0x1000104fL
2929 #ifdef OPENSSL_FIPS
30-#define OPENSSL_VERSION_TEXT "OpenSSL 1.0.1c-fips 10 May 2012"
30+#define OPENSSL_VERSION_TEXT "OpenSSL 1.0.1d-fips 5 Feb 2013"
3131 #else
32-#define OPENSSL_VERSION_TEXT "OpenSSL 1.0.1c 10 May 2012"
32+#define OPENSSL_VERSION_TEXT "OpenSSL 1.0.1d 5 Feb 2013"
3333 #endif
3434 #define OPENSSL_VERSION_PTEXT " part of " OPENSSL_VERSION_TEXT
3535
--- a/contrib/openssl/include/openssl/rsa.h
+++ b/contrib/openssl/include/openssl/rsa.h
@@ -280,7 +280,7 @@ struct rsa_st
280280
281281 RSA * RSA_new(void);
282282 RSA * RSA_new_method(ENGINE *engine);
283-int RSA_size(const RSA *);
283+int RSA_size(const RSA *rsa);
284284
285285 /* Deprecated version */
286286 #ifndef OPENSSL_NO_DEPRECATED
--- a/contrib/openssl/include/openssl/ssl.h
+++ b/contrib/openssl/include/openssl/ssl.h
@@ -493,6 +493,9 @@ struct ssl_session_st
493493 char *psk_identity_hint;
494494 char *psk_identity;
495495 #endif
496+ /* Used to indicate that session resumption is not allowed.
497+ * Applications can also set this bit for a new session via
498+ * not_resumable_session_cb to disable session caching and tickets. */
496499 int not_resumable;
497500
498501 /* The cert is the certificate used to establish this connection */
@@ -535,7 +538,7 @@ struct ssl_session_st
535538 #endif /* OPENSSL_NO_EC */
536539 /* RFC4507 info */
537540 unsigned char *tlsext_tick; /* Session ticket */
538- size_t tlsext_ticklen; /* Session ticket length */
541+ size_t tlsext_ticklen; /* Session ticket length */
539542 long tlsext_tick_lifetime_hint; /* Session lifetime hint in seconds */
540543 #endif
541544 #ifndef OPENSSL_NO_SRP
@@ -927,6 +930,7 @@ struct ssl_ctx_st
927930 /* Callback for status request */
928931 int (*tlsext_status_cb)(SSL *ssl, void *arg);
929932 void *tlsext_status_arg;
933+
930934 /* draft-rescorla-tls-opaque-prf-input-00.txt information */
931935 int (*tlsext_opaque_prf_input_callback)(SSL *, void *peerinput, size_t len, void *arg);
932936 void *tlsext_opaque_prf_input_callback_arg;
@@ -952,6 +956,7 @@ struct ssl_ctx_st
952956 #endif
953957
954958 #ifndef OPENSSL_NO_TLSEXT
959+
955960 # ifndef OPENSSL_NO_NEXTPROTONEG
956961 /* Next protocol negotiation information */
957962 /* (for experimental NPN extension). */
@@ -2206,6 +2211,7 @@ void ERR_load_SSL_strings(void);
22062211 #define SSL_F_SSL_GET_NEW_SESSION 181
22072212 #define SSL_F_SSL_GET_PREV_SESSION 217
22082213 #define SSL_F_SSL_GET_SERVER_SEND_CERT 182
2214+#define SSL_F_SSL_GET_SERVER_SEND_PKEY 317
22092215 #define SSL_F_SSL_GET_SIGN_PKEY 183
22102216 #define SSL_F_SSL_INIT_WBIO_BUFFER 184
22112217 #define SSL_F_SSL_LOAD_CLIENT_CA_FILE 185
--- a/contrib/openssl/include/openssl/ssl3.h
+++ b/contrib/openssl/include/openssl/ssl3.h
@@ -578,8 +578,10 @@ typedef struct ssl3_state_st
578578 #define SSL3_ST_CW_CERT_VRFY_B (0x191|SSL_ST_CONNECT)
579579 #define SSL3_ST_CW_CHANGE_A (0x1A0|SSL_ST_CONNECT)
580580 #define SSL3_ST_CW_CHANGE_B (0x1A1|SSL_ST_CONNECT)
581+#ifndef OPENSSL_NO_NEXTPROTONEG
581582 #define SSL3_ST_CW_NEXT_PROTO_A (0x200|SSL_ST_CONNECT)
582583 #define SSL3_ST_CW_NEXT_PROTO_B (0x201|SSL_ST_CONNECT)
584+#endif
583585 #define SSL3_ST_CW_FINISHED_A (0x1B0|SSL_ST_CONNECT)
584586 #define SSL3_ST_CW_FINISHED_B (0x1B1|SSL_ST_CONNECT)
585587 /* read from server */
@@ -629,8 +631,10 @@ typedef struct ssl3_state_st
629631 #define SSL3_ST_SR_CERT_VRFY_B (0x1A1|SSL_ST_ACCEPT)
630632 #define SSL3_ST_SR_CHANGE_A (0x1B0|SSL_ST_ACCEPT)
631633 #define SSL3_ST_SR_CHANGE_B (0x1B1|SSL_ST_ACCEPT)
634+#ifndef OPENSSL_NO_NEXTPROTONEG
632635 #define SSL3_ST_SR_NEXT_PROTO_A (0x210|SSL_ST_ACCEPT)
633636 #define SSL3_ST_SR_NEXT_PROTO_B (0x211|SSL_ST_ACCEPT)
637+#endif
634638 #define SSL3_ST_SR_FINISHED_A (0x1C0|SSL_ST_ACCEPT)
635639 #define SSL3_ST_SR_FINISHED_B (0x1C1|SSL_ST_ACCEPT)
636640 /* write to client */
@@ -655,7 +659,9 @@ typedef struct ssl3_state_st
655659 #define SSL3_MT_CLIENT_KEY_EXCHANGE 16
656660 #define SSL3_MT_FINISHED 20
657661 #define SSL3_MT_CERTIFICATE_STATUS 22
662+#ifndef OPENSSL_NO_NEXTPROTONEG
658663 #define SSL3_MT_NEXT_PROTO 67
664+#endif
659665 #define DTLS1_MT_HELLO_VERIFY_REQUEST 3
660666
661667
--- a/contrib/openssl/include/openssl/symhacks.h
+++ b/contrib/openssl/include/openssl/symhacks.h
@@ -193,17 +193,17 @@
193193 #undef SSL_CTX_set_srp_username_callback
194194 #define SSL_CTX_set_srp_username_callback SSL_CTX_set_srp_un_cb
195195 #undef ssl_add_clienthello_use_srtp_ext
196-#define ssl_add_clienthello_use_srtp_ext ssl_add_clihello_use_srtp_ext
196+#define ssl_add_clienthello_use_srtp_ext ssl_add_clihello_use_srtp_ext
197197 #undef ssl_add_serverhello_use_srtp_ext
198-#define ssl_add_serverhello_use_srtp_ext ssl_add_serhello_use_srtp_ext
198+#define ssl_add_serverhello_use_srtp_ext ssl_add_serhello_use_srtp_ext
199199 #undef ssl_parse_clienthello_use_srtp_ext
200-#define ssl_parse_clienthello_use_srtp_ext ssl_parse_clihello_use_srtp_ext
200+#define ssl_parse_clienthello_use_srtp_ext ssl_parse_clihello_use_srtp_ext
201201 #undef ssl_parse_serverhello_use_srtp_ext
202-#define ssl_parse_serverhello_use_srtp_ext ssl_parse_serhello_use_srtp_ext
202+#define ssl_parse_serverhello_use_srtp_ext ssl_parse_serhello_use_srtp_ext
203203 #undef SSL_CTX_set_next_protos_advertised_cb
204-#define SSL_CTX_set_next_protos_advertised_cb SSL_CTX_set_next_protos_adv_cb
204+#define SSL_CTX_set_next_protos_advertised_cb SSL_CTX_set_next_protos_adv_cb
205205 #undef SSL_CTX_set_next_proto_select_cb
206-#define SSL_CTX_set_next_proto_select_cb SSL_CTX_set_next_proto_sel_cb
206+#define SSL_CTX_set_next_proto_select_cb SSL_CTX_set_next_proto_sel_cb
207207
208208 /* Hack some long ENGINE names */
209209 #undef ENGINE_get_default_BN_mod_exp_crt
@@ -316,8 +316,6 @@
316316 #define ec_GFp_simple_point_set_to_infinity ec_GFp_simple_pt_set_to_inf
317317 #undef ec_GFp_simple_points_make_affine
318318 #define ec_GFp_simple_points_make_affine ec_GFp_simple_pts_make_affine
319-#undef ec_GFp_simple_group_get_curve_GFp
320-#define ec_GFp_simple_group_get_curve_GFp ec_GFp_simple_grp_get_curve_GFp
321319 #undef ec_GFp_simple_set_Jprojective_coordinates_GFp
322320 #define ec_GFp_simple_set_Jprojective_coordinates_GFp \
323321 ec_GFp_smp_set_Jproj_coords_GFp
--- a/contrib/openssl/news.txt
+++ b/contrib/openssl/news.txt
@@ -5,6 +5,14 @@
55 This file gives a brief overview of the major changes between each OpenSSL
66 release. For more details please read the CHANGES file.
77
8+ Major changes between OpenSSL 1.0.1c and OpenSSL 1.0.1d:
9+
10+ o Fix renegotiation in TLS 1.1, 1.2 by using the correct TLS version.
11+ o Include the fips configuration module.
12+ o Fix OCSP bad key DoS attack CVE-2013-0166
13+ o Fix for SSL/TLS/DTLS CBC plaintext recovery attack CVE-2013-0169
14+ o Fix for TLS AESNI record handling flaw CVE-2012-2686
15+
816 Major changes between OpenSSL 1.0.1b and OpenSSL 1.0.1c:
917
1018 o Fix TLS/DTLS record length checking bug CVE-2012-2333
--- a/contrib/openssl/readme.txt
+++ b/contrib/openssl/readme.txt
@@ -1,5 +1,5 @@
11
2- OpenSSL 1.0.1c 10 May 2012
2+ OpenSSL 1.0.1d 5 Feb 2013
33
44 Copyright (c) 1998-2011 The OpenSSL Project
55 Copyright (c) 1995-1998 Eric A. Young, Tim J. Hudson
Binary files a/dist/libeay32.dll and b/dist/libeay32.dll differ
Binary files a/dist/ssleay32.dll and b/dist/ssleay32.dll differ
--- a/socketwrapper.c
+++ b/socketwrapper.c
@@ -116,10 +116,10 @@ BOOL LoadOpenSSL()
116116 return FALSE;
117117 #ifdef ENABLE_PROCESS_PROTECTION
118118 // 同梱するOpenSSLのバージョンに合わせてSHA1ハッシュ値を変更すること
119- // ssleay32.dll 1.0.1c
120- RegisterTrustedModuleSHA1Hash("\x8A\xB5\x6D\x5E\x0B\x31\x80\x5E\x21\x55\x2D\x6E\x4F\xAF\xB1\x47\x7B\xD3\xB5\x23");
121- // libeay32.dll 1.0.1c
122- RegisterTrustedModuleSHA1Hash("\xB4\x88\x17\x2E\x5C\x26\x9D\x62\x83\x65\x3A\xC1\x1B\xC9\x6E\x70\x1A\x8D\x6E\x76");
119+ // ssleay32.dll 1.0.1d
120+ RegisterTrustedModuleSHA1Hash("\x52\x2F\xA2\x9D\xDC\x20\x73\x1D\xDF\x08\xEF\x79\x63\xA8\xB7\xC7\x68\xAC\x9F\xF4");
121+ // libeay32.dll 1.0.1d
122+ RegisterTrustedModuleSHA1Hash("\x16\x46\x92\xB4\x55\x67\xA4\x0B\x25\x0B\xBF\x05\xA7\xC7\x9E\xB7\x0F\x6E\xBE\x0D");
123123 #endif
124124 g_hOpenSSL = LoadLibrary("ssleay32.dll");
125125 // バージョン固定のためlibssl32.dllの読み込みは脆弱性の原因になり得るので廃止