FFFTPのソースコードです。
| Révision | 9654fc918ed7f659ccfdfa39a2e620397db96c60 (tree) |
|---|---|
| l'heure | 2016-09-24 13:57:06 |
| Auteur | s_kawamoto <s_kawamoto@user...> |
| Commiter | s_kawamoto |
Update OpenSSL to 1.1.0a.
Update PEM file.
FFFTP_Eng_Release/FFFTP.exe (diff) FFFTP_Eng_Release_64/FFFTP.exe (diff) OpenSSL/buildx64.bat (diff) OpenSSL/buildx86.bat (diff) OpenSSL/compat50.bat (diff)
OpenSSL/compat50.pl (diff) OpenSSL/compat51.bat (diff) OpenSSL/nodebug.pl (diff) Release/FFFTP.exe (diff) Release_64/FFFTP.exe (diff)
Resource/FFFTP.rc (diff) Resource_eng/ffftp.rc (diff)
common.h (diff) contrib/openssl/CHANGES (diff) contrib/openssl/NEWS (diff) contrib/openssl/README (diff) contrib/openssl/include/openssl/bio.h (diff) contrib/openssl/include/openssl/ocsp.h (diff) contrib/openssl/include/openssl/opensslconf.h (diff) contrib/openssl/include/openssl/opensslv.h (diff) contrib/openssl/include/openssl/ssl.h (diff) dist/amd64/libeay32.dll (diff) dist/amd64/ssleay32.dll (diff) dist/libeay32.dll (diff) dist/ssl.pem (diff) dist/ssleay32.dll (diff)
main.c (diff) socketwrapper.c (diff)| @@ -2,8 +2,9 @@ | ||
| 2 | 2 | pushd %~dp0 |
| 3 | 3 | set var0=VC-WIN64A |
| 4 | 4 | set var1=..\dist\amd64 |
| 5 | -perl Configure %var0% no-asm enable-ssl3 enable-ssl3-method enable-weak-ssl-ciphers | |
| 6 | -md %var1% | |
| 5 | +rem Use compat51.bat to support Windows XP or later. | |
| 6 | +rem Use compat50.bat to support Windows 2000. | |
| 7 | +call compat50.bat | |
| 7 | 8 | perl nodebug.pl |
| 8 | 9 | nmake /f makefile |
| 9 | 10 | copy /y libeay32.dll %var1%\libeay32.dll |
| @@ -2,8 +2,9 @@ | ||
| 2 | 2 | pushd %~dp0 |
| 3 | 3 | set var0=VC-WIN32 |
| 4 | 4 | set var1=..\dist |
| 5 | -perl Configure %var0% no-asm enable-ssl3 enable-ssl3-method enable-weak-ssl-ciphers | |
| 6 | -md %var1% | |
| 5 | +rem Use compat51.bat to support Windows XP or later. | |
| 6 | +rem Use compat50.bat to support Windows 2000. | |
| 7 | +call compat50.bat | |
| 7 | 8 | perl nodebug.pl |
| 8 | 9 | nmake /f makefile |
| 9 | 10 | copy /y libeay32.dll %var1%\libeay32.dll |
| @@ -0,0 +1,3 @@ | ||
| 1 | +perl Configure %var0% no-asm no-async enable-ssl3 enable-ssl3-method enable-weak-ssl-ciphers | |
| 2 | +perl compat50.pl | |
| 3 | +exit /b |
| @@ -0,0 +1,11 @@ | ||
| 1 | +open(FILE, '<e_os.h'); | |
| 2 | +@data = <FILE>; | |
| 3 | +close(FILE); | |
| 4 | +open(FILE, '>e_os.h'); | |
| 5 | +for(@data) | |
| 6 | +{ | |
| 7 | + print FILE $_; | |
| 8 | +} | |
| 9 | +print FILE "#undef AI_PASSIVE\n"; | |
| 10 | +close(FILE); | |
| 11 | +exit(0); |
| @@ -0,0 +1,2 @@ | ||
| 1 | +perl Configure %var0% no-asm enable-ssl3 enable-ssl3-method enable-weak-ssl-ciphers | |
| 2 | +exit /b |
| @@ -16,4 +16,3 @@ for(@data) | ||
| 16 | 16 | print FILE $_; |
| 17 | 17 | } |
| 18 | 18 | close(FILE); |
| 19 | -exit(0); |
| @@ -242,7 +242,7 @@ FONT 9, "MS Shell Dlg", 0, 0, 0x0 | ||
| 242 | 242 | BEGIN |
| 243 | 243 | DEFPUSHBUTTON "OK",IDOK,133,294,50,14 |
| 244 | 244 | ICON ffftp,-1,7,4,20,20 |
| 245 | - CTEXT "FFFTP Ver 1.99a-20160911",-1,113,11,90,8 | |
| 245 | + CTEXT "FFFTP Ver 1.99a-20160924",-1,113,11,90,8 | |
| 246 | 246 | CTEXT "FFFTPはfreewareです",-1,7,279,305,8 |
| 247 | 247 | CTEXT "Copyright(C) 1997-2010 Sota & ご協力いただいた方々\nCopyright (C) 2011-2016 FFFTP Project (Hiromichi Matsushima, Suguru Kawamoto, IWAMOTO Kouichi, vitamin0x, うなー, Asami, fortran90, tomo1192, Yuji Tanaka, Moriguchi Hirokazu, ふうせん)",-1,7,25,305,44,SS_NOPREFIX |
| 248 | 248 | CTEXT "",ABOUT_JRE,7,96,305,8 |
| @@ -2213,8 +2213,8 @@ nodrop_csr CURSOR "nodrop_c.cur" | ||
| 2213 | 2213 | // |
| 2214 | 2214 | |
| 2215 | 2215 | VS_VERSION_INFO VERSIONINFO |
| 2216 | - FILEVERSION 1,99,1,5 | |
| 2217 | - PRODUCTVERSION 1,99,1,5 | |
| 2216 | + FILEVERSION 1,99,1,6 | |
| 2217 | + PRODUCTVERSION 1,99,1,6 | |
| 2218 | 2218 | FILEFLAGSMASK 0x3fL |
| 2219 | 2219 | #ifdef _DEBUG |
| 2220 | 2220 | FILEFLAGS 0x1L |
| @@ -2232,12 +2232,12 @@ BEGIN | ||
| 2232 | 2232 | VALUE "Comments", "これはフリーソフトウエアです。" |
| 2233 | 2233 | VALUE "CompanyName", "Sota, FFFTP Project" |
| 2234 | 2234 | VALUE "FileDescription", "FFFTP" |
| 2235 | - VALUE "FileVersion", "1, 99, 1, 5" | |
| 2235 | + VALUE "FileVersion", "1, 99, 1, 6" | |
| 2236 | 2236 | VALUE "InternalName", "FFFTP" |
| 2237 | 2237 | VALUE "LegalCopyright", "Copyright (C) 1997-2010 Sota & ご協力いただいた方々\nCopyright (C) 2011-2016 FFFTP Project (Hiromichi Matsushima, Suguru Kawamoto, IWAMOTO Kouichi, vitamin0x, うなー, Asami, fortran90, tomo1192, Yuji Tanaka, Moriguchi Hirokazu, ふうせん)." |
| 2238 | 2238 | VALUE "OriginalFilename", "FFFTP.exe" |
| 2239 | 2239 | VALUE "ProductName", "FFFTP" |
| 2240 | - VALUE "ProductVersion", "1, 99, 1, 5" | |
| 2240 | + VALUE "ProductVersion", "1, 99, 1, 6" | |
| 2241 | 2241 | END |
| 2242 | 2242 | END |
| 2243 | 2243 | BLOCK "VarFileInfo" |
| @@ -242,7 +242,7 @@ FONT 9, "MS Shell Dlg", 0, 0, 0x0 | ||
| 242 | 242 | BEGIN |
| 243 | 243 | DEFPUSHBUTTON "OK",IDOK,132,296,50,14 |
| 244 | 244 | ICON ffftp,-1,7,4,20,20 |
| 245 | - CTEXT "FFFTP Ver 1.99a-20160911",-1,110,11,90,8 | |
| 245 | + CTEXT "FFFTP Ver 1.99a-20160924",-1,110,11,90,8 | |
| 246 | 246 | CTEXT "FFFTP is freeware",-1,7,281,301,8 |
| 247 | 247 | CTEXT "Copyright(C) 1997-2010 Sota && cooperators\nCopyright (C) 2011-2016 FFFTP Project (Hiromichi Matsushima, Suguru Kawamoto, IWAMOTO Kouichi, vitamin0x, unarist, Asami, fortran90, tomo1192, Yuji Tanaka, Moriguchi Hirokazu, Fu-sen)",-1,7,25,301,44 |
| 248 | 248 | CTEXT "",ABOUT_JRE,7,93,301,8 |
| @@ -2253,8 +2253,8 @@ nodrop_csr CURSOR "nodrop_c.cur" | ||
| 2253 | 2253 | // |
| 2254 | 2254 | |
| 2255 | 2255 | VS_VERSION_INFO VERSIONINFO |
| 2256 | - FILEVERSION 1,99,1,5 | |
| 2257 | - PRODUCTVERSION 1,99,1,5 | |
| 2256 | + FILEVERSION 1,99,1,6 | |
| 2257 | + PRODUCTVERSION 1,99,1,6 | |
| 2258 | 2258 | FILEFLAGSMASK 0x3fL |
| 2259 | 2259 | #ifdef _DEBUG |
| 2260 | 2260 | FILEFLAGS 0x1L |
| @@ -2272,12 +2272,12 @@ BEGIN | ||
| 2272 | 2272 | VALUE "Comments", "This software is Free Software" |
| 2273 | 2273 | VALUE "CompanyName", "Sota, FFFTP Project" |
| 2274 | 2274 | VALUE "FileDescription", "FFFTP" |
| 2275 | - VALUE "FileVersion", "1, 99, 1, 5" | |
| 2275 | + VALUE "FileVersion", "1, 99, 1, 6" | |
| 2276 | 2276 | VALUE "InternalName", "FFFTP" |
| 2277 | 2277 | VALUE "LegalCopyright", "Copyright (C) 1997-2010 Sota & cooperators\nCopyright (C) 2011-2016 FFFTP Project (Hiromichi Matsushima, Suguru Kawamoto, IWAMOTO Kouichi, vitamin0x, unarist, Asami, fortran90, tomo1192, Yuji Tanaka, Moriguchi Hirokazu, Fu-sen)." |
| 2278 | 2278 | VALUE "OriginalFilename", "FFFTP.exe" |
| 2279 | 2279 | VALUE "ProductName", "FFFTP" |
| 2280 | - VALUE "ProductVersion", "1, 99, 1, 5" | |
| 2280 | + VALUE "ProductVersion", "1, 99, 1, 6" | |
| 2281 | 2281 | END |
| 2282 | 2282 | END |
| 2283 | 2283 | BLOCK "VarFileInfo" |
| @@ -72,16 +72,16 @@ | ||
| 72 | 72 | //#define PROGRAM_VERSION_NUM 1972 /* バージョン */ |
| 73 | 73 | // 64ビット対応 |
| 74 | 74 | #ifdef _WIN64 |
| 75 | -#define VER_STR "1.99a-20160911 64bit" | |
| 75 | +#define VER_STR "1.99a-20160924 64bit" | |
| 76 | 76 | #else |
| 77 | -#define VER_STR "1.99a-20160911" | |
| 77 | +#define VER_STR "1.99a-20160924" | |
| 78 | 78 | #endif |
| 79 | 79 | #define VER_NUM 1990 /* 設定バージョン */ |
| 80 | 80 | #define PROGRAM_VERSION_NUM 1990 /* バージョン */ |
| 81 | 81 | // ソフトウェア自動更新 |
| 82 | 82 | // リリースバージョンはリリース予定年(10進数4桁)+月(2桁)+日(2桁)+通し番号(0スタート2桁)とする |
| 83 | 83 | // 2014年7月31日中の30個目のリリースは2014073129 |
| 84 | -#define RELEASE_VERSION_NUM 2016091100 /* リリースバージョン */ | |
| 84 | +#define RELEASE_VERSION_NUM 2016092400 /* リリースバージョン */ | |
| 85 | 85 | |
| 86 | 86 | |
| 87 | 87 | // SourceForge.JPによるフォーク |
| @@ -2,6 +2,81 @@ | ||
| 2 | 2 | OpenSSL CHANGES |
| 3 | 3 | _______________ |
| 4 | 4 | |
| 5 | + Changes between 1.1.0 and 1.1.0a [22 Sep 2016] | |
| 6 | + | |
| 7 | + *) OCSP Status Request extension unbounded memory growth | |
| 8 | + | |
| 9 | + A malicious client can send an excessively large OCSP Status Request | |
| 10 | + extension. If that client continually requests renegotiation, sending a | |
| 11 | + large OCSP Status Request extension each time, then there will be unbounded | |
| 12 | + memory growth on the server. This will eventually lead to a Denial Of | |
| 13 | + Service attack through memory exhaustion. Servers with a default | |
| 14 | + configuration are vulnerable even if they do not support OCSP. Builds using | |
| 15 | + the "no-ocsp" build time option are not affected. | |
| 16 | + | |
| 17 | + This issue was reported to OpenSSL by Shi Lei (Gear Team, Qihoo 360 Inc.) | |
| 18 | + (CVE-2016-6304) | |
| 19 | + [Matt Caswell] | |
| 20 | + | |
| 21 | + *) SSL_peek() hang on empty record | |
| 22 | + | |
| 23 | + OpenSSL 1.1.0 SSL/TLS will hang during a call to SSL_peek() if the peer | |
| 24 | + sends an empty record. This could be exploited by a malicious peer in a | |
| 25 | + Denial Of Service attack. | |
| 26 | + | |
| 27 | + This issue was reported to OpenSSL by Alex Gaynor. | |
| 28 | + (CVE-2016-6305) | |
| 29 | + [Matt Caswell] | |
| 30 | + | |
| 31 | + *) Excessive allocation of memory in tls_get_message_header() and | |
| 32 | + dtls1_preprocess_fragment() | |
| 33 | + | |
| 34 | + A (D)TLS message includes 3 bytes for its length in the header for the | |
| 35 | + message. This would allow for messages up to 16Mb in length. Messages of | |
| 36 | + this length are excessive and OpenSSL includes a check to ensure that a | |
| 37 | + peer is sending reasonably sized messages in order to avoid too much memory | |
| 38 | + being consumed to service a connection. A flaw in the logic of version | |
| 39 | + 1.1.0 means that memory for the message is allocated too early, prior to | |
| 40 | + the excessive message length check. Due to way memory is allocated in | |
| 41 | + OpenSSL this could mean an attacker could force up to 21Mb to be allocated | |
| 42 | + to service a connection. This could lead to a Denial of Service through | |
| 43 | + memory exhaustion. However, the excessive message length check still takes | |
| 44 | + place, and this would cause the connection to immediately fail. Assuming | |
| 45 | + that the application calls SSL_free() on the failed conneciton in a timely | |
| 46 | + manner then the 21Mb of allocated memory will then be immediately freed | |
| 47 | + again. Therefore the excessive memory allocation will be transitory in | |
| 48 | + nature. This then means that there is only a security impact if: | |
| 49 | + | |
| 50 | + 1) The application does not call SSL_free() in a timely manner in the event | |
| 51 | + that the connection fails | |
| 52 | + or | |
| 53 | + 2) The application is working in a constrained environment where there is | |
| 54 | + very little free memory | |
| 55 | + or | |
| 56 | + 3) The attacker initiates multiple connection attempts such that there are | |
| 57 | + multiple connections in a state where memory has been allocated for the | |
| 58 | + connection; SSL_free() has not yet been called; and there is insufficient | |
| 59 | + memory to service the multiple requests. | |
| 60 | + | |
| 61 | + Except in the instance of (1) above any Denial Of Service is likely to be | |
| 62 | + transitory because as soon as the connection fails the memory is | |
| 63 | + subsequently freed again in the SSL_free() call. However there is an | |
| 64 | + increased risk during this period of application crashes due to the lack of | |
| 65 | + memory - which would then mean a more serious Denial of Service. | |
| 66 | + | |
| 67 | + This issue was reported to OpenSSL by Shi Lei (Gear Team, Qihoo 360 Inc.) | |
| 68 | + (CVE-2016-6307 and CVE-2016-6308) | |
| 69 | + [Matt Caswell] | |
| 70 | + | |
| 71 | + *) solaris-x86-cc, i.e. 32-bit configuration with vendor compiler, | |
| 72 | + had to be removed. Primary reason is that vendor assembler can't | |
| 73 | + assemble our modules with -KPIC flag. As result it, assembly | |
| 74 | + support, was not even available as option. But its lack means | |
| 75 | + lack of side-channel resistant code, which is incompatible with | |
| 76 | + security by todays standards. Fortunately gcc is readily available | |
| 77 | + prepackaged option, which we firmly point at... | |
| 78 | + [Andy Polyakov] | |
| 79 | + | |
| 5 | 80 | Changes between 1.0.2h and 1.1.0 [25 Aug 2016] |
| 6 | 81 | |
| 7 | 82 | *) Windows command-line tool supports UTF-8 opt-in option for arguments |
| @@ -874,10 +949,6 @@ | ||
| 874 | 949 | combination: call this in fips_test_suite. |
| 875 | 950 | [Steve Henson] |
| 876 | 951 | |
| 877 | - *) Add support for Dual EC DRBG from SP800-90. Update DRBG algorithm test | |
| 878 | - and POST to handle Dual EC cases. | |
| 879 | - [Steve Henson] | |
| 880 | - | |
| 881 | 952 | *) Add support for canonical generation of DSA parameter 'g'. See |
| 882 | 953 | FIPS 186-3 A.2.3. |
| 883 | 954 |
| @@ -5,6 +5,15 @@ | ||
| 5 | 5 | This file gives a brief overview of the major changes between each OpenSSL |
| 6 | 6 | release. For more details please read the CHANGES file. |
| 7 | 7 | |
| 8 | + Major changes between OpenSSL 1.1.0 and OpenSSL 1.1.0a [22 Sep 2016] | |
| 9 | + | |
| 10 | + o OCSP Status Request extension unbounded memory growth (CVE-2016-6304) | |
| 11 | + o SSL_peek() hang on empty record (CVE-2016-6305) | |
| 12 | + o Excessive allocation of memory in tls_get_message_header() | |
| 13 | + (CVE-2016-6307) | |
| 14 | + o Excessive allocation of memory in dtls1_preprocess_fragment() | |
| 15 | + (CVE-2016-6308) | |
| 16 | + | |
| 8 | 17 | Major changes between OpenSSL 1.0.2h and OpenSSL 1.1.0 [25 Aug 2016] |
| 9 | 18 | |
| 10 | 19 | o Copyright text was shrunk to a boilerplate that points to the license |
| @@ -1,5 +1,5 @@ | ||
| 1 | 1 | |
| 2 | - OpenSSL 1.1.0 25 Aug 2016 | |
| 2 | + OpenSSL 1.1.0a 22 Sep 2016 | |
| 3 | 3 | |
| 4 | 4 | Copyright (c) 1998-2016 The OpenSSL Project |
| 5 | 5 | Copyright (c) 1995-1998 Eric A. Young, Tim J. Hudson |
| @@ -365,9 +365,9 @@ struct bio_dgram_sctp_prinfo { | ||
| 365 | 365 | # define BIO_set_conn_port(b,port) BIO_ctrl(b,BIO_C_SET_CONNECT,1,(char *)port) |
| 366 | 366 | # define BIO_set_conn_address(b,addr) BIO_ctrl(b,BIO_C_SET_CONNECT,2,(char *)addr) |
| 367 | 367 | # define BIO_set_conn_ip_family(b,f) BIO_int_ctrl(b,BIO_C_SET_CONNECT,3,f) |
| 368 | -# define BIO_get_conn_hostname(b) ((const char *)BIO_ptr_ctrl(b,BIO_C_GET_CONNECT,0,NULL)) | |
| 369 | -# define BIO_get_conn_port(b) ((const char *)BIO_ptr_ctrl(b,BIO_C_GET_CONNECT,1,NULL)) | |
| 370 | -# define BIO_get_conn_address(b) ((const BIO_ADDR *)BIO_ptr_ctrl(b,BIO_C_GET_CONNECT,2,NULL)) | |
| 368 | +# define BIO_get_conn_hostname(b) ((const char *)BIO_ptr_ctrl(b,BIO_C_GET_CONNECT,0)) | |
| 369 | +# define BIO_get_conn_port(b) ((const char *)BIO_ptr_ctrl(b,BIO_C_GET_CONNECT,1)) | |
| 370 | +# define BIO_get_conn_address(b) ((const BIO_ADDR *)BIO_ptr_ctrl(b,BIO_C_GET_CONNECT,2)) | |
| 371 | 371 | # define BIO_get_conn_ip_family(b) BIO_ctrl(b,BIO_C_GET_CONNECT,3,NULL) |
| 372 | 372 | # define BIO_set_conn_mode(b,n) BIO_ctrl(b,BIO_C_SET_CONNECT_MODE,(n),NULL) |
| 373 | 373 |
| @@ -259,6 +259,9 @@ int OCSP_basic_add1_cert(OCSP_BASICRESP *resp, X509 *cert); | ||
| 259 | 259 | int OCSP_basic_sign(OCSP_BASICRESP *brsp, |
| 260 | 260 | X509 *signer, EVP_PKEY *key, const EVP_MD *dgst, |
| 261 | 261 | STACK_OF(X509) *certs, unsigned long flags); |
| 262 | +int OCSP_RESPID_set_by_name(OCSP_RESPID *respid, X509 *cert); | |
| 263 | +int OCSP_RESPID_set_by_key(OCSP_RESPID *respid, X509 *cert); | |
| 264 | +int OCSP_RESPID_match(OCSP_RESPID *respid, X509 *cert); | |
| 262 | 265 | |
| 263 | 266 | X509_EXTENSION *OCSP_crlID_new(const char *url, long *n, char *tim); |
| 264 | 267 |
| @@ -25,9 +25,24 @@ extern "C" { | ||
| 25 | 25 | #ifndef OPENSSL_SYS_WIN32 |
| 26 | 26 | # define OPENSSL_SYS_WIN32 1 |
| 27 | 27 | #endif |
| 28 | +#ifndef OPENSSL_NO_MD2 | |
| 29 | +# define OPENSSL_NO_MD2 | |
| 30 | +#endif | |
| 31 | +#ifndef OPENSSL_NO_RC5 | |
| 32 | +# define OPENSSL_NO_RC5 | |
| 33 | +#endif | |
| 34 | +#ifndef OPENSSL_THREADS | |
| 35 | +# define OPENSSL_THREADS | |
| 36 | +#endif | |
| 28 | 37 | #ifndef OPENSSL_NO_ASAN |
| 29 | 38 | # define OPENSSL_NO_ASAN |
| 30 | 39 | #endif |
| 40 | +#ifndef OPENSSL_NO_ASM | |
| 41 | +# define OPENSSL_NO_ASM | |
| 42 | +#endif | |
| 43 | +#ifndef OPENSSL_NO_ASYNC | |
| 44 | +# define OPENSSL_NO_ASYNC | |
| 45 | +#endif | |
| 31 | 46 | #ifndef OPENSSL_NO_CRYPTO_MDEBUG |
| 32 | 47 | # define OPENSSL_NO_CRYPTO_MDEBUG |
| 33 | 48 | #endif |
| @@ -49,15 +64,9 @@ extern "C" { | ||
| 49 | 64 | #ifndef OPENSSL_NO_HEARTBEATS |
| 50 | 65 | # define OPENSSL_NO_HEARTBEATS |
| 51 | 66 | #endif |
| 52 | -#ifndef OPENSSL_NO_MD2 | |
| 53 | -# define OPENSSL_NO_MD2 | |
| 54 | -#endif | |
| 55 | 67 | #ifndef OPENSSL_NO_MSAN |
| 56 | 68 | # define OPENSSL_NO_MSAN |
| 57 | 69 | #endif |
| 58 | -#ifndef OPENSSL_NO_RC5 | |
| 59 | -# define OPENSSL_NO_RC5 | |
| 60 | -#endif | |
| 61 | 70 | #ifndef OPENSSL_NO_SCTP |
| 62 | 71 | # define OPENSSL_NO_SCTP |
| 63 | 72 | #endif |
| @@ -70,12 +79,6 @@ extern "C" { | ||
| 70 | 79 | #ifndef OPENSSL_NO_UNIT_TEST |
| 71 | 80 | # define OPENSSL_NO_UNIT_TEST |
| 72 | 81 | #endif |
| 73 | -#ifndef OPENSSL_THREADS | |
| 74 | -# define OPENSSL_THREADS | |
| 75 | -#endif | |
| 76 | -#ifndef OPENSSL_NO_ASM | |
| 77 | -# define OPENSSL_NO_ASM | |
| 78 | -#endif | |
| 79 | 82 | #ifndef OPENSSL_NO_AFALGENG |
| 80 | 83 | # define OPENSSL_NO_AFALGENG |
| 81 | 84 | #endif |
| @@ -39,11 +39,11 @@ extern "C" { | ||
| 39 | 39 | * (Prior to 0.9.5a beta1, a different scheme was used: MMNNFFRBB for |
| 40 | 40 | * major minor fix final patch/beta) |
| 41 | 41 | */ |
| 42 | -# define OPENSSL_VERSION_NUMBER 0x1010000fL | |
| 42 | +# define OPENSSL_VERSION_NUMBER 0x1010001fL | |
| 43 | 43 | # ifdef OPENSSL_FIPS |
| 44 | -# define OPENSSL_VERSION_TEXT "OpenSSL 1.1.0-fips 25 Aug 2016" | |
| 44 | +# define OPENSSL_VERSION_TEXT "OpenSSL 1.1.0a-fips 22 Sep 2016" | |
| 45 | 45 | # else |
| 46 | -# define OPENSSL_VERSION_TEXT "OpenSSL 1.1.0 25 Aug 2016" | |
| 46 | +# define OPENSSL_VERSION_TEXT "OpenSSL 1.1.0a 22 Sep 2016" | |
| 47 | 47 | # endif |
| 48 | 48 | |
| 49 | 49 | /*- |
| @@ -2482,6 +2482,7 @@ int ERR_load_SSL_strings(void); | ||
| 2482 | 2482 | # define SSL_R_TLS_HEARTBEAT_PENDING 366 |
| 2483 | 2483 | # define SSL_R_TLS_ILLEGAL_EXPORTER_LABEL 367 |
| 2484 | 2484 | # define SSL_R_TLS_INVALID_ECPOINTFORMAT_LIST 157 |
| 2485 | +# define SSL_R_TOO_MANY_WARN_ALERTS 409 | |
| 2485 | 2486 | # define SSL_R_UNABLE_TO_FIND_ECDH_PARAMETERS 314 |
| 2486 | 2487 | # define SSL_R_UNABLE_TO_FIND_PUBLIC_KEY_PARAMETERS 239 |
| 2487 | 2488 | # define SSL_R_UNABLE_TO_LOAD_SSL3_MD5_ROUTINES 242 |
| @@ -1,7 +1,7 @@ | ||
| 1 | 1 | ## |
| 2 | 2 | ## Bundle of CA Root Certificates |
| 3 | 3 | ## |
| 4 | -## Certificate data from Mozilla as of: Wed Sep 7 03:12:05 2016 | |
| 4 | +## Certificate data from Mozilla as of: Wed Sep 14 03:12:05 2016 | |
| 5 | 5 | ## |
| 6 | 6 | ## This is a bundle of X.509 certificates of public Certificate Authorities |
| 7 | 7 | ## (CA). These were automatically extracted from Mozilla's root certificates |
| @@ -14,7 +14,7 @@ | ||
| 14 | 14 | ## Just configure this file as the SSLCACertificateFile. |
| 15 | 15 | ## |
| 16 | 16 | ## Conversion done with mk-ca-bundle.pl version 1.26. |
| 17 | -## SHA1: 36aebbcc910dcab8838e6e721523d84f0ed20589 | |
| 17 | +## SHA256: 01bbf1ecdd693f554ff4dcbe15880b3e6c33188a956c15ff845d313ca69cfeb8 | |
| 18 | 18 | ## |
| 19 | 19 | |
| 20 | 20 |
| @@ -3596,7 +3596,7 @@ BOOL LoadSSLRootCAFile() | ||
| 3596 | 3596 | for(i = 0; i < 5; i++) |
| 3597 | 3597 | Hash[i] = _byteswap_ulong(Hash[i]); |
| 3598 | 3598 | // 同梱する"ssl.pem"に合わせてSHA1ハッシュ値を変更すること |
| 3599 | - if(memcmp(&Hash, &SSLRootCAFileHash, 20) == 0 || memcmp(&Hash, "\xDF\x8E\xE2\x5A\xC7\x01\x03\x1C\x3A\x61\x00\xA2\x53\xCA\xF8\xDC\xA0\xC1\xA6\x3B", 20) == 0 | |
| 3599 | + if(memcmp(&Hash, &SSLRootCAFileHash, 20) == 0 || memcmp(&Hash, "\x73\xB7\x54\x80\xEE\x1C\x4C\x66\x1C\x57\xD2\x0B\xDF\x85\xAD\x11\x69\xAF\x14\x8B", 20) == 0 | |
| 3600 | 3600 | || DialogBox(GetFtpInst(), MAKEINTRESOURCE(updatesslroot_dlg), GetMainHwnd(), ExeEscDialogProc) == YES) |
| 3601 | 3601 | { |
| 3602 | 3602 | memcpy(&SSLRootCAFileHash, &Hash, 20); |
| @@ -161,15 +161,15 @@ BOOL LoadOpenSSL() | ||
| 161 | 161 | #ifdef ENABLE_PROCESS_PROTECTION |
| 162 | 162 | // 同梱するOpenSSLのバージョンに合わせてSHA1ハッシュ値を変更すること |
| 163 | 163 | #if defined(_M_IX86) |
| 164 | - // ssleay32.dll 1.1.0 | |
| 165 | - RegisterTrustedModuleSHA1Hash("\x91\x4D\xEC\xE1\x30\x6C\xCB\x62\x89\xA6\xC1\x55\xC5\x94\x05\xF6\xA1\x58\x60\x7F"); | |
| 166 | - // libeay32.dll 1.1.0 | |
| 167 | - RegisterTrustedModuleSHA1Hash("\xAF\xE4\xFF\x1D\xC6\xCE\x4F\x76\xE9\x84\x16\x4F\xA3\xC4\x75\x72\xAF\xE0\x83\x07"); | |
| 164 | + // ssleay32.dll 1.1.0a | |
| 165 | + RegisterTrustedModuleSHA1Hash("\xBF\x25\x75\x85\x71\x67\x5D\x3E\x07\x11\x40\xE2\x47\xC0\xE0\x5C\xB2\xCD\xC3\x12"); | |
| 166 | + // libeay32.dll 1.1.0a | |
| 167 | + RegisterTrustedModuleSHA1Hash("\x0A\x29\x8D\xAC\x2C\xA2\xB1\x43\x2B\x9F\xA4\xD8\x14\x80\x9B\x04\xD9\x23\x73\x41"); | |
| 168 | 168 | #elif defined(_M_AMD64) |
| 169 | - // ssleay32.dll 1.1.0 | |
| 170 | - RegisterTrustedModuleSHA1Hash("\xD6\x21\xD0\xF5\xDA\x9D\xD5\x3F\x92\xD3\x63\xD5\xDC\x5D\xBB\xE6\x49\xE2\x7E\x72"); | |
| 171 | - // libeay32.dll 1.1.0 | |
| 172 | - RegisterTrustedModuleSHA1Hash("\xFA\xFA\xB7\x06\x58\x46\x5A\x5F\x41\x05\x28\x9F\x65\x57\xD2\x4B\xC6\x1B\xE6\x02"); | |
| 169 | + // ssleay32.dll 1.1.0a | |
| 170 | + RegisterTrustedModuleSHA1Hash("\xCE\x74\x3E\x3D\x88\x2C\xC4\xAC\x33\x53\xD4\x5A\xAE\x17\x4F\x59\x01\x8A\x6E\xAB"); | |
| 171 | + // libeay32.dll 1.1.0a | |
| 172 | + RegisterTrustedModuleSHA1Hash("\xA1\x40\x78\xD1\xD5\x47\xCA\x47\x8A\x03\x93\xBC\x9E\xAD\xFA\xCA\x65\x1F\x36\x78"); | |
| 173 | 173 | #endif |
| 174 | 174 | #endif |
| 175 | 175 | g_hOpenSSL = LoadLibrary("ssleay32.dll"); |
Fork