FFFTPのソースコードです。
| Révision | 4ccd6046ccc44a5028b04a9ae8c4b341c4e49cda (tree) |
|---|---|
| l'heure | 2014-06-06 23:55:59 |
| Auteur | s_kawamoto <s_kawamoto@user...> |
| Commiter | s_kawamoto |
Update OpenSSL to 1.0.1h.
FFFTP_Eng_Release/FFFTP.exe (diff) Release/FFFTP.exe (diff) contrib/openssl/bin/libeay32.dll (diff) contrib/openssl/bin/ssleay32.dll (diff)
contrib/openssl/changes.txt (diff)
contrib/openssl/include/openssl/opensslv.h (diff) contrib/openssl/include/openssl/pkcs7.h (diff) contrib/openssl/include/openssl/ssl.h (diff) contrib/openssl/include/openssl/ssl3.h (diff) contrib/openssl/news.txt (diff) contrib/openssl/readme.txt (diff) dist/amd64/libeay32.dll (diff) dist/amd64/ssleay32.dll (diff) dist/libeay32.dll (diff) dist/ssleay32.dll (diff)
socketwrapper.c (diff)| @@ -2,6 +2,50 @@ | ||
| 2 | 2 | OpenSSL CHANGES |
| 3 | 3 | _______________ |
| 4 | 4 | |
| 5 | + Changes between 1.0.1g and 1.0.1h [5 Jun 2014] | |
| 6 | + | |
| 7 | + *) Fix for SSL/TLS MITM flaw. An attacker using a carefully crafted | |
| 8 | + handshake can force the use of weak keying material in OpenSSL | |
| 9 | + SSL/TLS clients and servers. | |
| 10 | + | |
| 11 | + Thanks to KIKUCHI Masashi (Lepidum Co. Ltd.) for discovering and | |
| 12 | + researching this issue. (CVE-2014-0224) | |
| 13 | + [KIKUCHI Masashi, Steve Henson] | |
| 14 | + | |
| 15 | + *) Fix DTLS recursion flaw. By sending an invalid DTLS handshake to an | |
| 16 | + OpenSSL DTLS client the code can be made to recurse eventually crashing | |
| 17 | + in a DoS attack. | |
| 18 | + | |
| 19 | + Thanks to Imre Rad (Search-Lab Ltd.) for discovering this issue. | |
| 20 | + (CVE-2014-0221) | |
| 21 | + [Imre Rad, Steve Henson] | |
| 22 | + | |
| 23 | + *) Fix DTLS invalid fragment vulnerability. A buffer overrun attack can | |
| 24 | + be triggered by sending invalid DTLS fragments to an OpenSSL DTLS | |
| 25 | + client or server. This is potentially exploitable to run arbitrary | |
| 26 | + code on a vulnerable client or server. | |
| 27 | + | |
| 28 | + Thanks to J?i Aedla for reporting this issue. (CVE-2014-0195) | |
| 29 | + [J?i Aedla, Steve Henson] | |
| 30 | + | |
| 31 | + *) Fix bug in TLS code where clients enable anonymous ECDH ciphersuites | |
| 32 | + are subject to a denial of service attack. | |
| 33 | + | |
| 34 | + Thanks to Felix Gr?ert and Ivan Fratric at Google for discovering | |
| 35 | + this issue. (CVE-2014-3470) | |
| 36 | + [Felix Gr?ert, Ivan Fratric, Steve Henson] | |
| 37 | + | |
| 38 | + *) Harmonize version and its documentation. -f flag is used to display | |
| 39 | + compilation flags. | |
| 40 | + [mancha <mancha1@zoho.com>] | |
| 41 | + | |
| 42 | + *) Fix eckey_priv_encode so it immediately returns an error upon a failure | |
| 43 | + in i2d_ECPrivateKey. | |
| 44 | + [mancha <mancha1@zoho.com>] | |
| 45 | + | |
| 46 | + *) Fix some double frees. These are not thought to be exploitable. | |
| 47 | + [mancha <mancha1@zoho.com>] | |
| 48 | + | |
| 5 | 49 | Changes between 1.0.1f and 1.0.1g [7 Apr 2014] |
| 6 | 50 | |
| 7 | 51 | *) A missing bounds check in the handling of the TLS heartbeat extension |
| @@ -25,11 +25,11 @@ | ||
| 25 | 25 | * (Prior to 0.9.5a beta1, a different scheme was used: MMNNFFRBB for |
| 26 | 26 | * major minor fix final patch/beta) |
| 27 | 27 | */ |
| 28 | -#define OPENSSL_VERSION_NUMBER 0x1000107fL | |
| 28 | +#define OPENSSL_VERSION_NUMBER 0x1000108fL | |
| 29 | 29 | #ifdef OPENSSL_FIPS |
| 30 | -#define OPENSSL_VERSION_TEXT "OpenSSL 1.0.1g-fips 7 Apr 2014" | |
| 30 | +#define OPENSSL_VERSION_TEXT "OpenSSL 1.0.1h-fips 5 Jun 2014" | |
| 31 | 31 | #else |
| 32 | -#define OPENSSL_VERSION_TEXT "OpenSSL 1.0.1g 7 Apr 2014" | |
| 32 | +#define OPENSSL_VERSION_TEXT "OpenSSL 1.0.1h 5 Jun 2014" | |
| 33 | 33 | #endif |
| 34 | 34 | #define OPENSSL_VERSION_PTEXT " part of " OPENSSL_VERSION_TEXT |
| 35 | 35 |
| @@ -453,6 +453,7 @@ void ERR_load_PKCS7_strings(void); | ||
| 453 | 453 | #define PKCS7_R_ERROR_SETTING_CIPHER 121 |
| 454 | 454 | #define PKCS7_R_INVALID_MIME_TYPE 131 |
| 455 | 455 | #define PKCS7_R_INVALID_NULL_POINTER 143 |
| 456 | +#define PKCS7_R_INVALID_SIGNED_DATA_TYPE 155 | |
| 456 | 457 | #define PKCS7_R_MIME_NO_CONTENT_TYPE 132 |
| 457 | 458 | #define PKCS7_R_MIME_PARSE_ERROR 133 |
| 458 | 459 | #define PKCS7_R_MIME_SIG_PARSE_ERROR 134 |
| @@ -553,7 +553,7 @@ struct ssl_session_st | ||
| 553 | 553 | /* Allow initial connection to servers that don't support RI */ |
| 554 | 554 | #define SSL_OP_LEGACY_SERVER_CONNECT 0x00000004L |
| 555 | 555 | #define SSL_OP_NETSCAPE_REUSE_CIPHER_CHANGE_BUG 0x00000008L |
| 556 | -#define SSL_OP_SSLREF2_REUSE_CERT_TYPE_BUG 0x00000010L | |
| 556 | +#define SSL_OP_TLSEXT_PADDING 0x00000010L | |
| 557 | 557 | #define SSL_OP_MICROSOFT_BIG_SSLV3_BUFFER 0x00000020L |
| 558 | 558 | #define SSL_OP_SAFARI_ECDHE_ECDSA_BUG 0x00000040L |
| 559 | 559 | #define SSL_OP_SSLEAY_080_CLIENT_DH_BUG 0x00000080L |
| @@ -562,6 +562,8 @@ struct ssl_session_st | ||
| 562 | 562 | |
| 563 | 563 | /* Hasn't done anything since OpenSSL 0.9.7h, retained for compatibility */ |
| 564 | 564 | #define SSL_OP_MSIE_SSLV2_RSA_PADDING 0x0 |
| 565 | +/* Refers to ancient SSLREF and SSLv2, retained for compatibility */ | |
| 566 | +#define SSL_OP_SSLREF2_REUSE_CERT_TYPE_BUG 0x0 | |
| 565 | 567 | |
| 566 | 568 | /* Disable SSL 3.0/TLS 1.0 CBC vulnerability workaround that was added |
| 567 | 569 | * in OpenSSL 0.9.6d. Usually (depending on the application protocol) |
| @@ -388,6 +388,7 @@ typedef struct ssl3_buffer_st | ||
| 388 | 388 | #define TLS1_FLAGS_TLS_PADDING_BUG 0x0008 |
| 389 | 389 | #define TLS1_FLAGS_SKIP_CERT_VERIFY 0x0010 |
| 390 | 390 | #define TLS1_FLAGS_KEEP_HANDSHAKE 0x0020 |
| 391 | +#define SSL3_FLAGS_CCS_OK 0x0080 | |
| 391 | 392 | |
| 392 | 393 | /* SSL3_FLAGS_SGC_RESTART_DONE is set when we |
| 393 | 394 | * restart a handshake because of MS SGC and so prevents us |
| @@ -5,6 +5,14 @@ | ||
| 5 | 5 | This file gives a brief overview of the major changes between each OpenSSL |
| 6 | 6 | release. For more details please read the CHANGES file. |
| 7 | 7 | |
| 8 | + Major changes between OpenSSL 1.0.1g and OpenSSL 1.0.1h [5 Jun 2014] | |
| 9 | + | |
| 10 | + o Fix for CVE-2014-0224 | |
| 11 | + o Fix for CVE-2014-0221 | |
| 12 | + o Fix for CVE-2014-0195 | |
| 13 | + o Fix for CVE-2014-3470 | |
| 14 | + o Fix for CVE-2010-5298 | |
| 15 | + | |
| 8 | 16 | Major changes between OpenSSL 1.0.1f and OpenSSL 1.0.1g [7 Apr 2014] |
| 9 | 17 | |
| 10 | 18 | o Fix for CVE-2014-0160 |
| @@ -1,5 +1,5 @@ | ||
| 1 | 1 | |
| 2 | - OpenSSL 1.0.1g 7 Apr 2014 | |
| 2 | + OpenSSL 1.0.1h 5 Jun 2014 | |
| 3 | 3 | |
| 4 | 4 | Copyright (c) 1998-2011 The OpenSSL Project |
| 5 | 5 | Copyright (c) 1995-1998 Eric A. Young, Tim J. Hudson |
| @@ -145,15 +145,15 @@ BOOL LoadOpenSSL() | ||
| 145 | 145 | #ifdef ENABLE_PROCESS_PROTECTION |
| 146 | 146 | // 同梱するOpenSSLのバージョンに合わせてSHA1ハッシュ値を変更すること |
| 147 | 147 | #if defined(_M_IX86) |
| 148 | - // ssleay32.dll 1.0.1g | |
| 149 | - RegisterTrustedModuleSHA1Hash("\xCB\xBA\x62\x61\x3C\x44\x1E\x94\xD2\xF4\xAD\xD5\x03\x43\x6F\x26\xD2\xAF\x2F\x21"); | |
| 150 | - // libeay32.dll 1.0.1g | |
| 151 | - RegisterTrustedModuleSHA1Hash("\x4E\x53\x29\xC4\x32\x1B\x17\xA5\x4D\x40\xDF\x6F\xF6\xD2\x53\x7E\xBC\x54\x69\x1B"); | |
| 148 | + // ssleay32.dll 1.0.1h | |
| 149 | + RegisterTrustedModuleSHA1Hash("\x1B\x27\x4E\x29\x14\x78\x72\x0D\x33\x73\xD5\x98\xCF\xEA\x32\x07\x2B\x35\x69\x66"); | |
| 150 | + // libeay32.dll 1.0.1h | |
| 151 | + RegisterTrustedModuleSHA1Hash("\x1D\x2E\x70\x49\x84\x2C\xE9\x1F\x64\xE8\x84\xD4\x62\x5B\xF4\x34\x9A\x0F\x82\xFC"); | |
| 152 | 152 | #elif defined(_M_AMD64) |
| 153 | - // ssleay32.dll 1.0.1g | |
| 154 | - RegisterTrustedModuleSHA1Hash("\x10\x08\xFE\x10\x3A\xB2\xEC\x9E\x13\xAF\x29\xD7\xF4\xFC\x90\xE3\x9B\x8D\xAF\x12"); | |
| 155 | - // libeay32.dll 1.0.1g | |
| 156 | - RegisterTrustedModuleSHA1Hash("\x30\x42\xCF\x84\x2B\x3F\x17\x3B\xF7\x97\xA5\x2B\x5F\x1A\x5A\xA2\x04\x02\x92\x92"); | |
| 153 | + // ssleay32.dll 1.0.1h | |
| 154 | + RegisterTrustedModuleSHA1Hash("\xB7\x5C\x31\xF3\x28\x73\xA0\x3C\x33\xDD\xBC\xB5\x8F\xD1\x38\xB6\xCE\x67\x4C\x40"); | |
| 155 | + // libeay32.dll 1.0.1h | |
| 156 | + RegisterTrustedModuleSHA1Hash("\x5E\xBF\x56\x8C\xED\x06\xE8\x90\xE3\xC0\x3B\x6C\x51\x66\x4F\xC9\x9F\x1F\xF5\x89"); | |
| 157 | 157 | #endif |
| 158 | 158 | #endif |
| 159 | 159 | g_hOpenSSL = LoadLibrary("ssleay32.dll"); |
Fork