FFFTPのソースコードです。
| Révision | 4e1b717fd5a0a0a5462642aa3443fbab5265b28d (tree) |
|---|---|
| l'heure | 2016-03-05 20:17:14 |
| Auteur | s_kawamoto <s_kawamoto@user...> |
| Commiter | s_kawamoto |
Update OpenSSL to 1.0.2g.
FFFTP_Eng_Release/FFFTP.exe (diff) FFFTP_Eng_Release_64/FFFTP.exe (diff) Release/FFFTP.exe (diff) Release_64/FFFTP.exe (diff)
common.h (diff)
contrib/openssl/CHANGES (diff) contrib/openssl/NEWS (diff) contrib/openssl/README (diff) contrib/openssl/include/openssl/bio.h (diff) contrib/openssl/include/openssl/bn.h (diff) contrib/openssl/include/openssl/crypto.h (diff) contrib/openssl/include/openssl/dh.h (diff) contrib/openssl/include/openssl/opensslconf.h (diff) contrib/openssl/include/openssl/opensslv.h (diff) contrib/openssl/include/openssl/srp.h (diff) contrib/openssl/include/openssl/ssl.h (diff) dist/amd64/libeay32.dll (diff) dist/amd64/ssleay32.dll (diff) dist/libeay32.dll (diff) dist/ssleay32.dll (diff)
socketwrapper.c (diff)| @@ -81,7 +81,7 @@ | ||
| 81 | 81 | // ソフトウェア自動更新 |
| 82 | 82 | // リリースバージョンはリリース予定年(10進数4桁)+月(2桁)+日(2桁)+通し番号(0スタート2桁)とする |
| 83 | 83 | // 2014年7月31日中の30個目のリリースは2014073129 |
| 84 | -#define RELEASE_VERSION_NUM 2016022000 /* リリースバージョン */ | |
| 84 | +#define RELEASE_VERSION_NUM 2016030500 /* リリースバージョン */ | |
| 85 | 85 | |
| 86 | 86 | |
| 87 | 87 | // SourceForge.JPによるフォーク |
| @@ -2,6 +2,138 @@ | ||
| 2 | 2 | OpenSSL CHANGES |
| 3 | 3 | _______________ |
| 4 | 4 | |
| 5 | + Changes between 1.0.2f and 1.0.2g [1 Mar 2016] | |
| 6 | + | |
| 7 | + * Disable weak ciphers in SSLv3 and up in default builds of OpenSSL. | |
| 8 | + Builds that are not configured with "enable-weak-ssl-ciphers" will not | |
| 9 | + provide any "EXPORT" or "LOW" strength ciphers. | |
| 10 | + [Viktor Dukhovni] | |
| 11 | + | |
| 12 | + * Disable SSLv2 default build, default negotiation and weak ciphers. SSLv2 | |
| 13 | + is by default disabled at build-time. Builds that are not configured with | |
| 14 | + "enable-ssl2" will not support SSLv2. Even if "enable-ssl2" is used, | |
| 15 | + users who want to negotiate SSLv2 via the version-flexible SSLv23_method() | |
| 16 | + will need to explicitly call either of: | |
| 17 | + | |
| 18 | + SSL_CTX_clear_options(ctx, SSL_OP_NO_SSLv2); | |
| 19 | + or | |
| 20 | + SSL_clear_options(ssl, SSL_OP_NO_SSLv2); | |
| 21 | + | |
| 22 | + as appropriate. Even if either of those is used, or the application | |
| 23 | + explicitly uses the version-specific SSLv2_method() or its client and | |
| 24 | + server variants, SSLv2 ciphers vulnerable to exhaustive search key | |
| 25 | + recovery have been removed. Specifically, the SSLv2 40-bit EXPORT | |
| 26 | + ciphers, and SSLv2 56-bit DES are no longer available. | |
| 27 | + (CVE-2016-0800) | |
| 28 | + [Viktor Dukhovni] | |
| 29 | + | |
| 30 | + *) Fix a double-free in DSA code | |
| 31 | + | |
| 32 | + A double free bug was discovered when OpenSSL parses malformed DSA private | |
| 33 | + keys and could lead to a DoS attack or memory corruption for applications | |
| 34 | + that receive DSA private keys from untrusted sources. This scenario is | |
| 35 | + considered rare. | |
| 36 | + | |
| 37 | + This issue was reported to OpenSSL by Adam Langley(Google/BoringSSL) using | |
| 38 | + libFuzzer. | |
| 39 | + (CVE-2016-0705) | |
| 40 | + [Stephen Henson] | |
| 41 | + | |
| 42 | + *) Disable SRP fake user seed to address a server memory leak. | |
| 43 | + | |
| 44 | + Add a new method SRP_VBASE_get1_by_user that handles the seed properly. | |
| 45 | + | |
| 46 | + SRP_VBASE_get_by_user had inconsistent memory management behaviour. | |
| 47 | + In order to fix an unavoidable memory leak, SRP_VBASE_get_by_user | |
| 48 | + was changed to ignore the "fake user" SRP seed, even if the seed | |
| 49 | + is configured. | |
| 50 | + | |
| 51 | + Users should use SRP_VBASE_get1_by_user instead. Note that in | |
| 52 | + SRP_VBASE_get1_by_user, caller must free the returned value. Note | |
| 53 | + also that even though configuring the SRP seed attempts to hide | |
| 54 | + invalid usernames by continuing the handshake with fake | |
| 55 | + credentials, this behaviour is not constant time and no strong | |
| 56 | + guarantees are made that the handshake is indistinguishable from | |
| 57 | + that of a valid user. | |
| 58 | + (CVE-2016-0798) | |
| 59 | + [Emilia Käsper] | |
| 60 | + | |
| 61 | + *) Fix BN_hex2bn/BN_dec2bn NULL pointer deref/heap corruption | |
| 62 | + | |
| 63 | + In the BN_hex2bn function the number of hex digits is calculated using an | |
| 64 | + int value |i|. Later |bn_expand| is called with a value of |i * 4|. For | |
| 65 | + large values of |i| this can result in |bn_expand| not allocating any | |
| 66 | + memory because |i * 4| is negative. This can leave the internal BIGNUM data | |
| 67 | + field as NULL leading to a subsequent NULL ptr deref. For very large values | |
| 68 | + of |i|, the calculation |i * 4| could be a positive value smaller than |i|. | |
| 69 | + In this case memory is allocated to the internal BIGNUM data field, but it | |
| 70 | + is insufficiently sized leading to heap corruption. A similar issue exists | |
| 71 | + in BN_dec2bn. This could have security consequences if BN_hex2bn/BN_dec2bn | |
| 72 | + is ever called by user applications with very large untrusted hex/dec data. | |
| 73 | + This is anticipated to be a rare occurrence. | |
| 74 | + | |
| 75 | + All OpenSSL internal usage of these functions use data that is not expected | |
| 76 | + to be untrusted, e.g. config file data or application command line | |
| 77 | + arguments. If user developed applications generate config file data based | |
| 78 | + on untrusted data then it is possible that this could also lead to security | |
| 79 | + consequences. This is also anticipated to be rare. | |
| 80 | + | |
| 81 | + This issue was reported to OpenSSL by Guido Vranken. | |
| 82 | + (CVE-2016-0797) | |
| 83 | + [Matt Caswell] | |
| 84 | + | |
| 85 | + *) Fix memory issues in BIO_*printf functions | |
| 86 | + | |
| 87 | + The internal |fmtstr| function used in processing a "%s" format string in | |
| 88 | + the BIO_*printf functions could overflow while calculating the length of a | |
| 89 | + string and cause an OOB read when printing very long strings. | |
| 90 | + | |
| 91 | + Additionally the internal |doapr_outch| function can attempt to write to an | |
| 92 | + OOB memory location (at an offset from the NULL pointer) in the event of a | |
| 93 | + memory allocation failure. In 1.0.2 and below this could be caused where | |
| 94 | + the size of a buffer to be allocated is greater than INT_MAX. E.g. this | |
| 95 | + could be in processing a very long "%s" format string. Memory leaks can | |
| 96 | + also occur. | |
| 97 | + | |
| 98 | + The first issue may mask the second issue dependent on compiler behaviour. | |
| 99 | + These problems could enable attacks where large amounts of untrusted data | |
| 100 | + is passed to the BIO_*printf functions. If applications use these functions | |
| 101 | + in this way then they could be vulnerable. OpenSSL itself uses these | |
| 102 | + functions when printing out human-readable dumps of ASN.1 data. Therefore | |
| 103 | + applications that print this data could be vulnerable if the data is from | |
| 104 | + untrusted sources. OpenSSL command line applications could also be | |
| 105 | + vulnerable where they print out ASN.1 data, or if untrusted data is passed | |
| 106 | + as command line arguments. | |
| 107 | + | |
| 108 | + Libssl is not considered directly vulnerable. Additionally certificates etc | |
| 109 | + received via remote connections via libssl are also unlikely to be able to | |
| 110 | + trigger these issues because of message size limits enforced within libssl. | |
| 111 | + | |
| 112 | + This issue was reported to OpenSSL Guido Vranken. | |
| 113 | + (CVE-2016-0799) | |
| 114 | + [Matt Caswell] | |
| 115 | + | |
| 116 | + *) Side channel attack on modular exponentiation | |
| 117 | + | |
| 118 | + A side-channel attack was found which makes use of cache-bank conflicts on | |
| 119 | + the Intel Sandy-Bridge microarchitecture which could lead to the recovery | |
| 120 | + of RSA keys. The ability to exploit this issue is limited as it relies on | |
| 121 | + an attacker who has control of code in a thread running on the same | |
| 122 | + hyper-threaded core as the victim thread which is performing decryptions. | |
| 123 | + | |
| 124 | + This issue was reported to OpenSSL by Yuval Yarom, The University of | |
| 125 | + Adelaide and NICTA, Daniel Genkin, Technion and Tel Aviv University, and | |
| 126 | + Nadia Heninger, University of Pennsylvania with more information at | |
| 127 | + http://cachebleed.info. | |
| 128 | + (CVE-2016-0702) | |
| 129 | + [Andy Polyakov] | |
| 130 | + | |
| 131 | + *) Change the req app to generate a 2048-bit RSA/DSA key by default, | |
| 132 | + if no keysize is specified with default_bits. This fixes an | |
| 133 | + omission in an earlier change that changed all RSA/DSA key generation | |
| 134 | + apps to use 2048 bits by default. | |
| 135 | + [Emilia Käsper] | |
| 136 | + | |
| 5 | 137 | Changes between 1.0.2e and 1.0.2f [28 Jan 2016] |
| 6 | 138 | |
| 7 | 139 | *) DH small subgroups |
| @@ -105,7 +237,7 @@ | ||
| 105 | 237 | [Emilia Käsper] |
| 106 | 238 | |
| 107 | 239 | *) In DSA_generate_parameters_ex, if the provided seed is too short, |
| 108 | - return an error | |
| 240 | + use a random seed, as already documented. | |
| 109 | 241 | [Rich Salz and Ismo Puustinen <ismo.puustinen@intel.com>] |
| 110 | 242 | |
| 111 | 243 | Changes between 1.0.2c and 1.0.2d [9 Jul 2015] |
| @@ -5,6 +5,19 @@ | ||
| 5 | 5 | This file gives a brief overview of the major changes between each OpenSSL |
| 6 | 6 | release. For more details please read the CHANGES file. |
| 7 | 7 | |
| 8 | + Major changes between OpenSSL 1.0.2f and OpenSSL 1.0.2g [1 Mar 2016] | |
| 9 | + | |
| 10 | + o Disable weak ciphers in SSLv3 and up in default builds of OpenSSL. | |
| 11 | + o Disable SSLv2 default build, default negotiation and weak ciphers | |
| 12 | + (CVE-2016-0800) | |
| 13 | + o Fix a double-free in DSA code (CVE-2016-0705) | |
| 14 | + o Disable SRP fake user seed to address a server memory leak | |
| 15 | + (CVE-2016-0798) | |
| 16 | + o Fix BN_hex2bn/BN_dec2bn NULL pointer deref/heap corruption | |
| 17 | + (CVE-2016-0797) | |
| 18 | + o Fix memory issues in BIO_*printf functions (CVE-2016-0799) | |
| 19 | + o Fix side channel attack on modular exponentiation (CVE-2016-0702) | |
| 20 | + | |
| 8 | 21 | Major changes between OpenSSL 1.0.2e and OpenSSL 1.0.2f [28 Jan 2016] |
| 9 | 22 | |
| 10 | 23 | o DH small subgroups (CVE-2016-0701) |
| @@ -1,5 +1,5 @@ | ||
| 1 | 1 | |
| 2 | - OpenSSL 1.0.2f 28 Jan 2016 | |
| 2 | + OpenSSL 1.0.2g 1 Mar 2016 | |
| 3 | 3 | |
| 4 | 4 | Copyright (c) 1998-2015 The OpenSSL Project |
| 5 | 5 | Copyright (c) 1995-1998 Eric A. Young, Tim J. Hudson |
| @@ -479,7 +479,7 @@ struct bio_dgram_sctp_prinfo { | ||
| 479 | 479 | # define BIO_get_conn_hostname(b) BIO_ptr_ctrl(b,BIO_C_GET_CONNECT,0) |
| 480 | 480 | # define BIO_get_conn_port(b) BIO_ptr_ctrl(b,BIO_C_GET_CONNECT,1) |
| 481 | 481 | # define BIO_get_conn_ip(b) BIO_ptr_ctrl(b,BIO_C_GET_CONNECT,2) |
| 482 | -# define BIO_get_conn_int_port(b) BIO_ctrl(b,BIO_C_GET_CONNECT,3,0,NULL) | |
| 482 | +# define BIO_get_conn_int_port(b) BIO_ctrl(b,BIO_C_GET_CONNECT,3,NULL) | |
| 483 | 483 | |
| 484 | 484 | # define BIO_set_nbio(b,n) BIO_ctrl(b,BIO_C_SET_NBIO,(n),NULL) |
| 485 | 485 |
| @@ -689,7 +689,7 @@ long BIO_debug_callback(BIO *bio, int cmd, const char *argp, int argi, | ||
| 689 | 689 | long argl, long ret); |
| 690 | 690 | |
| 691 | 691 | BIO_METHOD *BIO_s_mem(void); |
| 692 | -BIO *BIO_new_mem_buf(void *buf, int len); | |
| 692 | +BIO *BIO_new_mem_buf(const void *buf, int len); | |
| 693 | 693 | BIO_METHOD *BIO_s_socket(void); |
| 694 | 694 | BIO_METHOD *BIO_s_connect(void); |
| 695 | 695 | BIO_METHOD *BIO_s_accept(void); |
| @@ -125,6 +125,7 @@ | ||
| 125 | 125 | #ifndef HEADER_BN_H |
| 126 | 126 | # define HEADER_BN_H |
| 127 | 127 | |
| 128 | +# include <limits.h> | |
| 128 | 129 | # include <openssl/e_os2.h> |
| 129 | 130 | # ifndef OPENSSL_NO_FP_API |
| 130 | 131 | # include <stdio.h> /* FILE */ |
| @@ -721,8 +722,17 @@ const BIGNUM *BN_get0_nist_prime_521(void); | ||
| 721 | 722 | |
| 722 | 723 | /* library internal functions */ |
| 723 | 724 | |
| 724 | -# define bn_expand(a,bits) ((((((bits+BN_BITS2-1))/BN_BITS2)) <= (a)->dmax)?\ | |
| 725 | - (a):bn_expand2((a),(bits+BN_BITS2-1)/BN_BITS2)) | |
| 725 | +# define bn_expand(a,bits) \ | |
| 726 | + ( \ | |
| 727 | + bits > (INT_MAX - BN_BITS2 + 1) ? \ | |
| 728 | + NULL \ | |
| 729 | + : \ | |
| 730 | + (((bits+BN_BITS2-1)/BN_BITS2) <= (a)->dmax) ? \ | |
| 731 | + (a) \ | |
| 732 | + : \ | |
| 733 | + bn_expand2((a),(bits+BN_BITS2-1)/BN_BITS2) \ | |
| 734 | + ) | |
| 735 | + | |
| 726 | 736 | # define bn_wexpand(a,words) (((words) <= (a)->dmax)?(a):bn_expand2((a),(words))) |
| 727 | 737 | BIGNUM *bn_expand2(BIGNUM *a, int words); |
| 728 | 738 | # ifndef OPENSSL_NO_DEPRECATED |
| @@ -628,7 +628,7 @@ void OPENSSL_init(void); | ||
| 628 | 628 | * into a defined order as the return value when a != b is undefined, other |
| 629 | 629 | * than to be non-zero. |
| 630 | 630 | */ |
| 631 | -int CRYPTO_memcmp(const void *a, const void *b, size_t len); | |
| 631 | +int CRYPTO_memcmp(const volatile void *a, const volatile void *b, size_t len); | |
| 632 | 632 | |
| 633 | 633 | /* BEGIN ERROR CODES */ |
| 634 | 634 | /* |
| @@ -174,7 +174,7 @@ struct dh_st { | ||
| 174 | 174 | /* DH_check_pub_key error codes */ |
| 175 | 175 | # define DH_CHECK_PUBKEY_TOO_SMALL 0x01 |
| 176 | 176 | # define DH_CHECK_PUBKEY_TOO_LARGE 0x02 |
| 177 | -# define DH_CHECK_PUBKEY_INVALID 0x03 | |
| 177 | +# define DH_CHECK_PUBKEY_INVALID 0x04 | |
| 178 | 178 | |
| 179 | 179 | /* |
| 180 | 180 | * primes p where (p-1)/2 is prime too are called "safe"; we define this for |
| @@ -41,12 +41,18 @@ extern "C" { | ||
| 41 | 41 | #ifndef OPENSSL_NO_SSL_TRACE |
| 42 | 42 | # define OPENSSL_NO_SSL_TRACE |
| 43 | 43 | #endif |
| 44 | +#ifndef OPENSSL_NO_SSL2 | |
| 45 | +# define OPENSSL_NO_SSL2 | |
| 46 | +#endif | |
| 44 | 47 | #ifndef OPENSSL_NO_STORE |
| 45 | 48 | # define OPENSSL_NO_STORE |
| 46 | 49 | #endif |
| 47 | 50 | #ifndef OPENSSL_NO_UNIT_TEST |
| 48 | 51 | # define OPENSSL_NO_UNIT_TEST |
| 49 | 52 | #endif |
| 53 | +#ifndef OPENSSL_NO_WEAK_SSL_CIPHERS | |
| 54 | +# define OPENSSL_NO_WEAK_SSL_CIPHERS | |
| 55 | +#endif | |
| 50 | 56 | |
| 51 | 57 | #endif /* OPENSSL_DOING_MAKEDEPEND */ |
| 52 | 58 |
| @@ -92,12 +98,18 @@ extern "C" { | ||
| 92 | 98 | # if defined(OPENSSL_NO_SSL_TRACE) && !defined(NO_SSL_TRACE) |
| 93 | 99 | # define NO_SSL_TRACE |
| 94 | 100 | # endif |
| 101 | +# if defined(OPENSSL_NO_SSL2) && !defined(NO_SSL2) | |
| 102 | +# define NO_SSL2 | |
| 103 | +# endif | |
| 95 | 104 | # if defined(OPENSSL_NO_STORE) && !defined(NO_STORE) |
| 96 | 105 | # define NO_STORE |
| 97 | 106 | # endif |
| 98 | 107 | # if defined(OPENSSL_NO_UNIT_TEST) && !defined(NO_UNIT_TEST) |
| 99 | 108 | # define NO_UNIT_TEST |
| 100 | 109 | # endif |
| 110 | +# if defined(OPENSSL_NO_WEAK_SSL_CIPHERS) && !defined(NO_WEAK_SSL_CIPHERS) | |
| 111 | +# define NO_WEAK_SSL_CIPHERS | |
| 112 | +# endif | |
| 101 | 113 | #endif |
| 102 | 114 | |
| 103 | 115 | /* crypto/opensslconf.h.in */ |
| @@ -30,11 +30,11 @@ extern "C" { | ||
| 30 | 30 | * (Prior to 0.9.5a beta1, a different scheme was used: MMNNFFRBB for |
| 31 | 31 | * major minor fix final patch/beta) |
| 32 | 32 | */ |
| 33 | -# define OPENSSL_VERSION_NUMBER 0x1000206fL | |
| 33 | +# define OPENSSL_VERSION_NUMBER 0x1000207fL | |
| 34 | 34 | # ifdef OPENSSL_FIPS |
| 35 | -# define OPENSSL_VERSION_TEXT "OpenSSL 1.0.2f-fips 28 Jan 2016" | |
| 35 | +# define OPENSSL_VERSION_TEXT "OpenSSL 1.0.2g-fips 1 Mar 2016" | |
| 36 | 36 | # else |
| 37 | -# define OPENSSL_VERSION_TEXT "OpenSSL 1.0.2f 28 Jan 2016" | |
| 37 | +# define OPENSSL_VERSION_TEXT "OpenSSL 1.0.2g 1 Mar 2016" | |
| 38 | 38 | # endif |
| 39 | 39 | # define OPENSSL_VERSION_PTEXT " part of " OPENSSL_VERSION_TEXT |
| 40 | 40 |
| @@ -82,16 +82,21 @@ typedef struct SRP_gN_cache_st { | ||
| 82 | 82 | DECLARE_STACK_OF(SRP_gN_cache) |
| 83 | 83 | |
| 84 | 84 | typedef struct SRP_user_pwd_st { |
| 85 | + /* Owned by us. */ | |
| 85 | 86 | char *id; |
| 86 | 87 | BIGNUM *s; |
| 87 | 88 | BIGNUM *v; |
| 89 | + /* Not owned by us. */ | |
| 88 | 90 | const BIGNUM *g; |
| 89 | 91 | const BIGNUM *N; |
| 92 | + /* Owned by us. */ | |
| 90 | 93 | char *info; |
| 91 | 94 | } SRP_user_pwd; |
| 92 | 95 | |
| 93 | 96 | DECLARE_STACK_OF(SRP_user_pwd) |
| 94 | 97 | |
| 98 | +void SRP_user_pwd_free(SRP_user_pwd *user_pwd); | |
| 99 | + | |
| 95 | 100 | typedef struct SRP_VBASE_st { |
| 96 | 101 | STACK_OF(SRP_user_pwd) *users_pwd; |
| 97 | 102 | STACK_OF(SRP_gN_cache) *gN_cache; |
| @@ -115,7 +120,12 @@ DECLARE_STACK_OF(SRP_gN) | ||
| 115 | 120 | SRP_VBASE *SRP_VBASE_new(char *seed_key); |
| 116 | 121 | int SRP_VBASE_free(SRP_VBASE *vb); |
| 117 | 122 | int SRP_VBASE_init(SRP_VBASE *vb, char *verifier_file); |
| 123 | + | |
| 124 | +/* This method ignores the configured seed and fails for an unknown user. */ | |
| 118 | 125 | SRP_user_pwd *SRP_VBASE_get_by_user(SRP_VBASE *vb, char *username); |
| 126 | +/* NOTE: unlike in SRP_VBASE_get_by_user, caller owns the returned pointer.*/ | |
| 127 | +SRP_user_pwd *SRP_VBASE_get1_by_user(SRP_VBASE *vb, char *username); | |
| 128 | + | |
| 119 | 129 | char *SRP_create_verifier(const char *user, const char *pass, char **salt, |
| 120 | 130 | char **verifier, const char *N, const char *g); |
| 121 | 131 | int SRP_create_verifier_BN(const char *user, const char *pass, BIGNUM **salt, |
| @@ -2713,7 +2713,6 @@ void ERR_load_SSL_strings(void); | ||
| 2713 | 2713 | # define SSL_F_SSL3_SETUP_KEY_BLOCK 157 |
| 2714 | 2714 | # define SSL_F_SSL3_SETUP_READ_BUFFER 156 |
| 2715 | 2715 | # define SSL_F_SSL3_SETUP_WRITE_BUFFER 291 |
| 2716 | -# define SSL_F_SSL3_SHUTDOWN 396 | |
| 2717 | 2716 | # define SSL_F_SSL3_WRITE_BYTES 158 |
| 2718 | 2717 | # define SSL_F_SSL3_WRITE_PENDING 159 |
| 2719 | 2718 | # define SSL_F_SSL_ADD_CERT_CHAIN 318 |
| @@ -153,15 +153,15 @@ BOOL LoadOpenSSL() | ||
| 153 | 153 | #ifdef ENABLE_PROCESS_PROTECTION |
| 154 | 154 | // 同梱するOpenSSLのバージョンに合わせてSHA1ハッシュ値を変更すること |
| 155 | 155 | #if defined(_M_IX86) |
| 156 | - // ssleay32.dll 1.0.2f | |
| 157 | - RegisterTrustedModuleSHA1Hash("\xB7\xA4\x25\x22\x73\x62\xC9\x0D\xAA\xBD\x1F\x11\x61\x16\x02\x8A\x5C\x23\xDE\x38"); | |
| 158 | - // libeay32.dll 1.0.2f | |
| 159 | - RegisterTrustedModuleSHA1Hash("\x89\xE8\x42\x0E\xDE\x75\x31\x94\xF3\xD0\x54\x02\xD1\x29\x89\x28\x89\x41\xDF\x19"); | |
| 156 | + // ssleay32.dll 1.0.2g | |
| 157 | + RegisterTrustedModuleSHA1Hash("\x96\x60\x94\xD8\x35\xB8\xAC\x1B\xEC\xCB\x45\xAD\x1B\x3E\x4C\x9F\xDC\x78\xA9\xDC"); | |
| 158 | + // libeay32.dll 1.0.2g | |
| 159 | + RegisterTrustedModuleSHA1Hash("\xBD\x91\xB9\x36\xC1\xC5\x65\x6D\x8F\xAA\xCF\x6F\x84\x8B\xC7\x77\x23\x8D\xE6\x2B"); | |
| 160 | 160 | #elif defined(_M_AMD64) |
| 161 | - // ssleay32.dll 1.0.2f | |
| 162 | - RegisterTrustedModuleSHA1Hash("\xB0\x89\xBB\x7C\x7A\xC1\x4E\x00\xC6\x9B\xEC\x36\xDE\x6C\xB6\x1F\xBE\x46\x55\x0E"); | |
| 163 | - // libeay32.dll 1.0.2f | |
| 164 | - RegisterTrustedModuleSHA1Hash("\xC5\x59\x7B\x0C\x3C\xF6\x8E\xF8\x10\x18\x3D\x59\x8C\x47\x14\xCA\xB6\xD2\x58\x75"); | |
| 161 | + // ssleay32.dll 1.0.2g | |
| 162 | + RegisterTrustedModuleSHA1Hash("\xF8\x88\xEB\xC1\x2B\xE6\xE4\xFD\xFA\xCA\x9F\xAB\x2F\x46\x47\xC4\x56\x11\xF8\x21"); | |
| 163 | + // libeay32.dll 1.0.2g | |
| 164 | + RegisterTrustedModuleSHA1Hash("\x70\xAD\x36\x15\xB1\x2C\x82\xAF\xD4\x93\x17\xD4\x82\xC7\x15\x4B\x89\x86\xE3\xE6"); | |
| 165 | 165 | #endif |
| 166 | 166 | #endif |
| 167 | 167 | g_hOpenSSL = LoadLibrary("ssleay32.dll"); |
Fork