FFFTPのソースコードです。
Revision | eef4ae2ad7b2cdb7ecc41cef07749a89c50e6bb2 (tree) |
---|---|
Time | 2014-04-09 01:17:59 |
Author | s_kawamoto <s_kawamoto@user...> |
Commiter | s_kawamoto |
Update OpenSSL to 1.0.1g.
@@ -2,6 +2,35 @@ | ||
2 | 2 | OpenSSL CHANGES |
3 | 3 | _______________ |
4 | 4 | |
5 | + Changes between 1.0.1f and 1.0.1g [7 Apr 2014] | |
6 | + | |
7 | + *) A missing bounds check in the handling of the TLS heartbeat extension | |
8 | + can be used to reveal up to 64k of memory to a connected client or | |
9 | + server. | |
10 | + | |
11 | + Thanks for Neel Mehta of Google Security for discovering this bug and to | |
12 | + Adam Langley <agl@chromium.org> and Bodo Moeller <bmoeller@acm.org> for | |
13 | + preparing the fix (CVE-2014-0160) | |
14 | + [Adam Langley, Bodo Moeller] | |
15 | + | |
16 | + *) Fix for the attack described in the paper "Recovering OpenSSL | |
17 | + ECDSA Nonces Using the FLUSH+RELOAD Cache Side-channel Attack" | |
18 | + by Yuval Yarom and Naomi Benger. Details can be obtained from: | |
19 | + http://eprint.iacr.org/2014/140 | |
20 | + | |
21 | + Thanks to Yuval Yarom and Naomi Benger for discovering this | |
22 | + flaw and to Yuval Yarom for supplying a fix (CVE-2014-0076) | |
23 | + [Yuval Yarom and Naomi Benger] | |
24 | + | |
25 | + *) TLS pad extension: draft-agl-tls-padding-03 | |
26 | + | |
27 | + Workaround for the "TLS hang bug" (see FAQ and PR#2771): if the | |
28 | + TLS client Hello record length value would otherwise be > 255 and | |
29 | + less that 512 pad with a dummy extension containing zeroes so it | |
30 | + is at least 512 bytes long. | |
31 | + | |
32 | + [Adam Langley, Steve Henson] | |
33 | + | |
5 | 34 | Changes between 1.0.1e and 1.0.1f [6 Jan 2014] |
6 | 35 | |
7 | 36 | *) Fix for TLS record tampering bug. A carefully crafted invalid |
@@ -768,6 +768,9 @@ openssl-security@openssl.org if you don't get a prompt reply at least | ||
768 | 768 | acknowledging receipt then resend or mail it directly to one of the |
769 | 769 | more active team members (e.g. Steve). |
770 | 770 | |
771 | +Note that bugs only present in the openssl utility are not in general | |
772 | +considered to be security issues. | |
773 | + | |
771 | 774 | [PROG] ======================================================================== |
772 | 775 | |
773 | 776 | * Is OpenSSL thread-safe? |
@@ -538,6 +538,8 @@ BIGNUM *BN_mod_inverse(BIGNUM *ret, | ||
538 | 538 | BIGNUM *BN_mod_sqrt(BIGNUM *ret, |
539 | 539 | const BIGNUM *a, const BIGNUM *n,BN_CTX *ctx); |
540 | 540 | |
541 | +void BN_consttime_swap(BN_ULONG swap, BIGNUM *a, BIGNUM *b, int nwords); | |
542 | + | |
541 | 543 | /* Deprecated versions */ |
542 | 544 | #ifndef OPENSSL_NO_DEPRECATED |
543 | 545 | BIGNUM *BN_generate_prime(BIGNUM *ret,int bits,int safe, |
@@ -774,11 +776,20 @@ int RAND_pseudo_bytes(unsigned char *buf,int num); | ||
774 | 776 | |
775 | 777 | #define bn_fix_top(a) bn_check_top(a) |
776 | 778 | |
779 | +#define bn_check_size(bn, bits) bn_wcheck_size(bn, ((bits+BN_BITS2-1))/BN_BITS2) | |
780 | +#define bn_wcheck_size(bn, words) \ | |
781 | + do { \ | |
782 | + const BIGNUM *_bnum2 = (bn); \ | |
783 | + assert(words <= (_bnum2)->dmax && words >= (_bnum2)->top); \ | |
784 | + } while(0) | |
785 | + | |
777 | 786 | #else /* !BN_DEBUG */ |
778 | 787 | |
779 | 788 | #define bn_pollute(a) |
780 | 789 | #define bn_check_top(a) |
781 | 790 | #define bn_fix_top(a) bn_correct_top(a) |
791 | +#define bn_check_size(bn, bits) | |
792 | +#define bn_wcheck_size(bn, words) | |
782 | 793 | |
783 | 794 | #endif |
784 | 795 |
@@ -70,6 +70,15 @@ | ||
70 | 70 | #include <stdio.h> |
71 | 71 | #include <ctype.h> |
72 | 72 | #include <krb5.h> |
73 | +#ifdef OPENSSL_SYS_WIN32 | |
74 | +/* These can sometimes get redefined indirectly by krb5 header files | |
75 | + * after they get undefed in ossl_typ.h | |
76 | + */ | |
77 | +#undef X509_NAME | |
78 | +#undef X509_EXTENSIONS | |
79 | +#undef OCSP_REQUEST | |
80 | +#undef OCSP_RESPONSE | |
81 | +#endif | |
73 | 82 | |
74 | 83 | #ifdef __cplusplus |
75 | 84 | extern "C" { |
@@ -25,11 +25,11 @@ | ||
25 | 25 | * (Prior to 0.9.5a beta1, a different scheme was used: MMNNFFRBB for |
26 | 26 | * major minor fix final patch/beta) |
27 | 27 | */ |
28 | -#define OPENSSL_VERSION_NUMBER 0x1000106fL | |
28 | +#define OPENSSL_VERSION_NUMBER 0x1000107fL | |
29 | 29 | #ifdef OPENSSL_FIPS |
30 | -#define OPENSSL_VERSION_TEXT "OpenSSL 1.0.1f-fips 6 Jan 2014" | |
30 | +#define OPENSSL_VERSION_TEXT "OpenSSL 1.0.1g-fips 7 Apr 2014" | |
31 | 31 | #else |
32 | -#define OPENSSL_VERSION_TEXT "OpenSSL 1.0.1f 6 Jan 2014" | |
32 | +#define OPENSSL_VERSION_TEXT "OpenSSL 1.0.1g 7 Apr 2014" | |
33 | 33 | #endif |
34 | 34 | #define OPENSSL_VERSION_PTEXT " part of " OPENSSL_VERSION_TEXT |
35 | 35 |
@@ -915,7 +915,7 @@ struct ssl_ctx_st | ||
915 | 915 | */ |
916 | 916 | unsigned int max_send_fragment; |
917 | 917 | |
918 | -#ifndef OPENSSL_ENGINE | |
918 | +#ifndef OPENSSL_NO_ENGINE | |
919 | 919 | /* Engine to pass requests for client certs to |
920 | 920 | */ |
921 | 921 | ENGINE *client_cert_engine; |
@@ -204,6 +204,12 @@ | ||
204 | 204 | #define SSL_CTX_set_next_protos_advertised_cb SSL_CTX_set_next_protos_adv_cb |
205 | 205 | #undef SSL_CTX_set_next_proto_select_cb |
206 | 206 | #define SSL_CTX_set_next_proto_select_cb SSL_CTX_set_next_proto_sel_cb |
207 | +#undef ssl3_cbc_record_digest_supported | |
208 | +#define ssl3_cbc_record_digest_supported ssl3_cbc_record_digest_support | |
209 | +#undef ssl_check_clienthello_tlsext_late | |
210 | +#define ssl_check_clienthello_tlsext_late ssl_check_clihello_tlsext_late | |
211 | +#undef ssl_check_clienthello_tlsext_early | |
212 | +#define ssl_check_clienthello_tlsext_early ssl_check_clihello_tlsext_early | |
207 | 213 | |
208 | 214 | /* Hack some long ENGINE names */ |
209 | 215 | #undef ENGINE_get_default_BN_mod_exp_crt |
@@ -230,6 +230,12 @@ extern "C" { | ||
230 | 230 | /* ExtensionType value from RFC5620 */ |
231 | 231 | #define TLSEXT_TYPE_heartbeat 15 |
232 | 232 | |
233 | +/* ExtensionType value for TLS padding extension. | |
234 | + * http://www.iana.org/assignments/tls-extensiontype-values/tls-extensiontype-values.xhtml | |
235 | + * http://tools.ietf.org/html/draft-agl-tls-padding-03 | |
236 | + */ | |
237 | +#define TLSEXT_TYPE_padding 21 | |
238 | + | |
233 | 239 | /* ExtensionType value from RFC4507 */ |
234 | 240 | #define TLSEXT_TYPE_session_ticket 35 |
235 | 241 |
@@ -5,8 +5,15 @@ | ||
5 | 5 | This file gives a brief overview of the major changes between each OpenSSL |
6 | 6 | release. For more details please read the CHANGES file. |
7 | 7 | |
8 | + Major changes between OpenSSL 1.0.1f and OpenSSL 1.0.1g [7 Apr 2014] | |
9 | + | |
10 | + o Fix for CVE-2014-0160 | |
11 | + o Add TLS padding extension workaround for broken servers. | |
12 | + o Fix for CVE-2014-0076 | |
13 | + | |
8 | 14 | Major changes between OpenSSL 1.0.1e and OpenSSL 1.0.1f [6 Jan 2014] |
9 | 15 | |
16 | + o Don't include gmt_unix_time in TLS server and client random values | |
10 | 17 | o Fix for TLS record tampering bug CVE-2013-4353 |
11 | 18 | o Fix for TLS version checking bug CVE-2013-6449 |
12 | 19 | o Fix for DTLS retransmission bug CVE-2013-6450 |
@@ -1,5 +1,5 @@ | ||
1 | 1 | |
2 | - OpenSSL 1.0.1f 6 Jan 2014 | |
2 | + OpenSSL 1.0.1g 7 Apr 2014 | |
3 | 3 | |
4 | 4 | Copyright (c) 1998-2011 The OpenSSL Project |
5 | 5 | Copyright (c) 1995-1998 Eric A. Young, Tim J. Hudson |
@@ -116,10 +116,10 @@ BOOL LoadOpenSSL() | ||
116 | 116 | return FALSE; |
117 | 117 | #ifdef ENABLE_PROCESS_PROTECTION |
118 | 118 | // 同梱するOpenSSLのバージョンに合わせてSHA1ハッシュ値を変更すること |
119 | - // ssleay32.dll 1.0.1f | |
120 | - RegisterTrustedModuleSHA1Hash("\x16\xFA\xD2\x39\x74\x27\xE4\x07\xCB\xF5\x1A\xF1\xC3\xCD\x1C\xBB\xFC\xD0\xFC\x40"); | |
121 | - // libeay32.dll 1.0.1f | |
122 | - RegisterTrustedModuleSHA1Hash("\xA6\x2D\x10\xF8\x2A\xB9\xEF\x95\xC3\xF7\x0B\xE0\xD1\xCB\x1C\x9B\x0A\x99\x42\x1F"); | |
119 | + // ssleay32.dll 1.0.1g | |
120 | + RegisterTrustedModuleSHA1Hash("\xCB\xBA\x62\x61\x3C\x44\x1E\x94\xD2\xF4\xAD\xD5\x03\x43\x6F\x26\xD2\xAF\x2F\x21"); | |
121 | + // libeay32.dll 1.0.1g | |
122 | + RegisterTrustedModuleSHA1Hash("\x4E\x53\x29\xC4\x32\x1B\x17\xA5\x4D\x40\xDF\x6F\xF6\xD2\x53\x7E\xBC\x54\x69\x1B"); | |
123 | 123 | #endif |
124 | 124 | g_hOpenSSL = LoadLibrary("ssleay32.dll"); |
125 | 125 | // バージョン固定のためlibssl32.dllの読み込みは脆弱性の原因になり得るので廃止 |