From 18 Jan, 2021 0:00 UTC: All services will be temporary unavailable for
maintenance
| Revision | eef4ae2ad7b2cdb7ecc41cef07749a89c50e6bb2 (tree) |
|---|---|
| Time | 2014-04-09 01:17:59 |
| Author | s_kawamoto <s_kawamoto@user...> |
| Commiter | s_kawamoto |
Update OpenSSL to 1.0.1g.
FFFTP_Eng_Release/FFFTP.exe (diff) Release/FFFTP.exe (diff) contrib/openssl/bin/libeay32.dll (diff) contrib/openssl/bin/libssl32.dll (diff) contrib/openssl/bin/ssleay32.dll (diff)
contrib/openssl/changes.txt (diff) contrib/openssl/faq.txt (diff)
contrib/openssl/include/openssl/bn.h (diff) contrib/openssl/include/openssl/kssl.h (diff) contrib/openssl/include/openssl/opensslv.h (diff) contrib/openssl/include/openssl/ssl.h (diff) contrib/openssl/include/openssl/symhacks.h (diff) contrib/openssl/include/openssl/tls1.h (diff) contrib/openssl/news.txt (diff) contrib/openssl/readme.txt (diff) dist/libeay32.dll (diff) dist/ssleay32.dll (diff)
socketwrapper.c (diff)| @@ -2,6 +2,35 @@ | ||
| 2 | 2 | OpenSSL CHANGES |
| 3 | 3 | _______________ |
| 4 | 4 | |
| 5 | + Changes between 1.0.1f and 1.0.1g [7 Apr 2014] | |
| 6 | + | |
| 7 | + *) A missing bounds check in the handling of the TLS heartbeat extension | |
| 8 | + can be used to reveal up to 64k of memory to a connected client or | |
| 9 | + server. | |
| 10 | + | |
| 11 | + Thanks for Neel Mehta of Google Security for discovering this bug and to | |
| 12 | + Adam Langley <agl@chromium.org> and Bodo Moeller <bmoeller@acm.org> for | |
| 13 | + preparing the fix (CVE-2014-0160) | |
| 14 | + [Adam Langley, Bodo Moeller] | |
| 15 | + | |
| 16 | + *) Fix for the attack described in the paper "Recovering OpenSSL | |
| 17 | + ECDSA Nonces Using the FLUSH+RELOAD Cache Side-channel Attack" | |
| 18 | + by Yuval Yarom and Naomi Benger. Details can be obtained from: | |
| 19 | + http://eprint.iacr.org/2014/140 | |
| 20 | + | |
| 21 | + Thanks to Yuval Yarom and Naomi Benger for discovering this | |
| 22 | + flaw and to Yuval Yarom for supplying a fix (CVE-2014-0076) | |
| 23 | + [Yuval Yarom and Naomi Benger] | |
| 24 | + | |
| 25 | + *) TLS pad extension: draft-agl-tls-padding-03 | |
| 26 | + | |
| 27 | + Workaround for the "TLS hang bug" (see FAQ and PR#2771): if the | |
| 28 | + TLS client Hello record length value would otherwise be > 255 and | |
| 29 | + less that 512 pad with a dummy extension containing zeroes so it | |
| 30 | + is at least 512 bytes long. | |
| 31 | + | |
| 32 | + [Adam Langley, Steve Henson] | |
| 33 | + | |
| 5 | 34 | Changes between 1.0.1e and 1.0.1f [6 Jan 2014] |
| 6 | 35 | |
| 7 | 36 | *) Fix for TLS record tampering bug. A carefully crafted invalid |
| @@ -768,6 +768,9 @@ openssl-security@openssl.org if you don't get a prompt reply at least | ||
| 768 | 768 | acknowledging receipt then resend or mail it directly to one of the |
| 769 | 769 | more active team members (e.g. Steve). |
| 770 | 770 | |
| 771 | +Note that bugs only present in the openssl utility are not in general | |
| 772 | +considered to be security issues. | |
| 773 | + | |
| 771 | 774 | [PROG] ======================================================================== |
| 772 | 775 | |
| 773 | 776 | * Is OpenSSL thread-safe? |
| @@ -538,6 +538,8 @@ BIGNUM *BN_mod_inverse(BIGNUM *ret, | ||
| 538 | 538 | BIGNUM *BN_mod_sqrt(BIGNUM *ret, |
| 539 | 539 | const BIGNUM *a, const BIGNUM *n,BN_CTX *ctx); |
| 540 | 540 | |
| 541 | +void BN_consttime_swap(BN_ULONG swap, BIGNUM *a, BIGNUM *b, int nwords); | |
| 542 | + | |
| 541 | 543 | /* Deprecated versions */ |
| 542 | 544 | #ifndef OPENSSL_NO_DEPRECATED |
| 543 | 545 | BIGNUM *BN_generate_prime(BIGNUM *ret,int bits,int safe, |
| @@ -774,11 +776,20 @@ int RAND_pseudo_bytes(unsigned char *buf,int num); | ||
| 774 | 776 | |
| 775 | 777 | #define bn_fix_top(a) bn_check_top(a) |
| 776 | 778 | |
| 779 | +#define bn_check_size(bn, bits) bn_wcheck_size(bn, ((bits+BN_BITS2-1))/BN_BITS2) | |
| 780 | +#define bn_wcheck_size(bn, words) \ | |
| 781 | + do { \ | |
| 782 | + const BIGNUM *_bnum2 = (bn); \ | |
| 783 | + assert(words <= (_bnum2)->dmax && words >= (_bnum2)->top); \ | |
| 784 | + } while(0) | |
| 785 | + | |
| 777 | 786 | #else /* !BN_DEBUG */ |
| 778 | 787 | |
| 779 | 788 | #define bn_pollute(a) |
| 780 | 789 | #define bn_check_top(a) |
| 781 | 790 | #define bn_fix_top(a) bn_correct_top(a) |
| 791 | +#define bn_check_size(bn, bits) | |
| 792 | +#define bn_wcheck_size(bn, words) | |
| 782 | 793 | |
| 783 | 794 | #endif |
| 784 | 795 |
| @@ -70,6 +70,15 @@ | ||
| 70 | 70 | #include <stdio.h> |
| 71 | 71 | #include <ctype.h> |
| 72 | 72 | #include <krb5.h> |
| 73 | +#ifdef OPENSSL_SYS_WIN32 | |
| 74 | +/* These can sometimes get redefined indirectly by krb5 header files | |
| 75 | + * after they get undefed in ossl_typ.h | |
| 76 | + */ | |
| 77 | +#undef X509_NAME | |
| 78 | +#undef X509_EXTENSIONS | |
| 79 | +#undef OCSP_REQUEST | |
| 80 | +#undef OCSP_RESPONSE | |
| 81 | +#endif | |
| 73 | 82 | |
| 74 | 83 | #ifdef __cplusplus |
| 75 | 84 | extern "C" { |
| @@ -25,11 +25,11 @@ | ||
| 25 | 25 | * (Prior to 0.9.5a beta1, a different scheme was used: MMNNFFRBB for |
| 26 | 26 | * major minor fix final patch/beta) |
| 27 | 27 | */ |
| 28 | -#define OPENSSL_VERSION_NUMBER 0x1000106fL | |
| 28 | +#define OPENSSL_VERSION_NUMBER 0x1000107fL | |
| 29 | 29 | #ifdef OPENSSL_FIPS |
| 30 | -#define OPENSSL_VERSION_TEXT "OpenSSL 1.0.1f-fips 6 Jan 2014" | |
| 30 | +#define OPENSSL_VERSION_TEXT "OpenSSL 1.0.1g-fips 7 Apr 2014" | |
| 31 | 31 | #else |
| 32 | -#define OPENSSL_VERSION_TEXT "OpenSSL 1.0.1f 6 Jan 2014" | |
| 32 | +#define OPENSSL_VERSION_TEXT "OpenSSL 1.0.1g 7 Apr 2014" | |
| 33 | 33 | #endif |
| 34 | 34 | #define OPENSSL_VERSION_PTEXT " part of " OPENSSL_VERSION_TEXT |
| 35 | 35 |
| @@ -915,7 +915,7 @@ struct ssl_ctx_st | ||
| 915 | 915 | */ |
| 916 | 916 | unsigned int max_send_fragment; |
| 917 | 917 | |
| 918 | -#ifndef OPENSSL_ENGINE | |
| 918 | +#ifndef OPENSSL_NO_ENGINE | |
| 919 | 919 | /* Engine to pass requests for client certs to |
| 920 | 920 | */ |
| 921 | 921 | ENGINE *client_cert_engine; |
| @@ -204,6 +204,12 @@ | ||
| 204 | 204 | #define SSL_CTX_set_next_protos_advertised_cb SSL_CTX_set_next_protos_adv_cb |
| 205 | 205 | #undef SSL_CTX_set_next_proto_select_cb |
| 206 | 206 | #define SSL_CTX_set_next_proto_select_cb SSL_CTX_set_next_proto_sel_cb |
| 207 | +#undef ssl3_cbc_record_digest_supported | |
| 208 | +#define ssl3_cbc_record_digest_supported ssl3_cbc_record_digest_support | |
| 209 | +#undef ssl_check_clienthello_tlsext_late | |
| 210 | +#define ssl_check_clienthello_tlsext_late ssl_check_clihello_tlsext_late | |
| 211 | +#undef ssl_check_clienthello_tlsext_early | |
| 212 | +#define ssl_check_clienthello_tlsext_early ssl_check_clihello_tlsext_early | |
| 207 | 213 | |
| 208 | 214 | /* Hack some long ENGINE names */ |
| 209 | 215 | #undef ENGINE_get_default_BN_mod_exp_crt |
| @@ -230,6 +230,12 @@ extern "C" { | ||
| 230 | 230 | /* ExtensionType value from RFC5620 */ |
| 231 | 231 | #define TLSEXT_TYPE_heartbeat 15 |
| 232 | 232 | |
| 233 | +/* ExtensionType value for TLS padding extension. | |
| 234 | + * http://www.iana.org/assignments/tls-extensiontype-values/tls-extensiontype-values.xhtml | |
| 235 | + * http://tools.ietf.org/html/draft-agl-tls-padding-03 | |
| 236 | + */ | |
| 237 | +#define TLSEXT_TYPE_padding 21 | |
| 238 | + | |
| 233 | 239 | /* ExtensionType value from RFC4507 */ |
| 234 | 240 | #define TLSEXT_TYPE_session_ticket 35 |
| 235 | 241 |
| @@ -5,8 +5,15 @@ | ||
| 5 | 5 | This file gives a brief overview of the major changes between each OpenSSL |
| 6 | 6 | release. For more details please read the CHANGES file. |
| 7 | 7 | |
| 8 | + Major changes between OpenSSL 1.0.1f and OpenSSL 1.0.1g [7 Apr 2014] | |
| 9 | + | |
| 10 | + o Fix for CVE-2014-0160 | |
| 11 | + o Add TLS padding extension workaround for broken servers. | |
| 12 | + o Fix for CVE-2014-0076 | |
| 13 | + | |
| 8 | 14 | Major changes between OpenSSL 1.0.1e and OpenSSL 1.0.1f [6 Jan 2014] |
| 9 | 15 | |
| 16 | + o Don't include gmt_unix_time in TLS server and client random values | |
| 10 | 17 | o Fix for TLS record tampering bug CVE-2013-4353 |
| 11 | 18 | o Fix for TLS version checking bug CVE-2013-6449 |
| 12 | 19 | o Fix for DTLS retransmission bug CVE-2013-6450 |
| @@ -1,5 +1,5 @@ | ||
| 1 | 1 | |
| 2 | - OpenSSL 1.0.1f 6 Jan 2014 | |
| 2 | + OpenSSL 1.0.1g 7 Apr 2014 | |
| 3 | 3 | |
| 4 | 4 | Copyright (c) 1998-2011 The OpenSSL Project |
| 5 | 5 | Copyright (c) 1995-1998 Eric A. Young, Tim J. Hudson |
| @@ -116,10 +116,10 @@ BOOL LoadOpenSSL() | ||
| 116 | 116 | return FALSE; |
| 117 | 117 | #ifdef ENABLE_PROCESS_PROTECTION |
| 118 | 118 | // 同梱するOpenSSLのバージョンに合わせてSHA1ハッシュ値を変更すること |
| 119 | - // ssleay32.dll 1.0.1f | |
| 120 | - RegisterTrustedModuleSHA1Hash("\x16\xFA\xD2\x39\x74\x27\xE4\x07\xCB\xF5\x1A\xF1\xC3\xCD\x1C\xBB\xFC\xD0\xFC\x40"); | |
| 121 | - // libeay32.dll 1.0.1f | |
| 122 | - RegisterTrustedModuleSHA1Hash("\xA6\x2D\x10\xF8\x2A\xB9\xEF\x95\xC3\xF7\x0B\xE0\xD1\xCB\x1C\x9B\x0A\x99\x42\x1F"); | |
| 119 | + // ssleay32.dll 1.0.1g | |
| 120 | + RegisterTrustedModuleSHA1Hash("\xCB\xBA\x62\x61\x3C\x44\x1E\x94\xD2\xF4\xAD\xD5\x03\x43\x6F\x26\xD2\xAF\x2F\x21"); | |
| 121 | + // libeay32.dll 1.0.1g | |
| 122 | + RegisterTrustedModuleSHA1Hash("\x4E\x53\x29\xC4\x32\x1B\x17\xA5\x4D\x40\xDF\x6F\xF6\xD2\x53\x7E\xBC\x54\x69\x1B"); | |
| 123 | 123 | #endif |
| 124 | 124 | g_hOpenSSL = LoadLibrary("ssleay32.dll"); |
| 125 | 125 | // バージョン固定のためlibssl32.dllの読み込みは脆弱性の原因になり得るので廃止 |
FFFTP
Fork