Commit MetaInfo
Log Message
Update OpenSSL to 1.0.1g.
Change Summary
Incremental Difference
| | @@ -2,6 +2,35 @@ | | 2 | 2 | OpenSSL CHANGES | | 3 | 3 | _______________ | | 4 | 4 | | | 5 | + Changes between 1.0.1f and 1.0.1g [7 Apr 2014] | | 6 | + | | 7 | + *) A missing bounds check in the handling of the TLS heartbeat extension | | 8 | + can be used to reveal up to 64k of memory to a connected client or | | 9 | + server. | | 10 | + | | 11 | + Thanks for Neel Mehta of Google Security for discovering this bug and to | | 12 | + Adam Langley <agl@chromium.org> and Bodo Moeller <bmoeller@acm.org> for | | 13 | + preparing the fix (CVE-2014-0160) | | 14 | + [Adam Langley, Bodo Moeller] | | 15 | + | | 16 | + *) Fix for the attack described in the paper "Recovering OpenSSL | | 17 | + ECDSA Nonces Using the FLUSH+RELOAD Cache Side-channel Attack" | | 18 | + by Yuval Yarom and Naomi Benger. Details can be obtained from: | | 19 | + http://eprint.iacr.org/2014/140 | | 20 | + | | 21 | + Thanks to Yuval Yarom and Naomi Benger for discovering this | | 22 | + flaw and to Yuval Yarom for supplying a fix (CVE-2014-0076) | | 23 | + [Yuval Yarom and Naomi Benger] | | 24 | + | | 25 | + *) TLS pad extension: draft-agl-tls-padding-03 | | 26 | + | | 27 | + Workaround for the "TLS hang bug" (see FAQ and PR#2771): if the | | 28 | + TLS client Hello record length value would otherwise be > 255 and | | 29 | + less that 512 pad with a dummy extension containing zeroes so it | | 30 | + is at least 512 bytes long. | | 31 | + | | 32 | + [Adam Langley, Steve Henson] | | 33 | + | | 5 | 34 | Changes between 1.0.1e and 1.0.1f [6 Jan 2014] | | 6 | 35 | | | 7 | 36 | *) Fix for TLS record tampering bug. A carefully crafted invalid |
| | @@ -768,6 +768,9 @@ openssl-security@openssl.org if you don't get a prompt reply at least | | 768 | 768 | acknowledging receipt then resend or mail it directly to one of the | | 769 | 769 | more active team members (e.g. Steve). | | 770 | 770 | | | 771 | +Note that bugs only present in the openssl utility are not in general | | 772 | +considered to be security issues. | | 773 | + | | 771 | 774 | [PROG] ======================================================================== | | 772 | 775 | | | 773 | 776 | * Is OpenSSL thread-safe? |
| | @@ -538,6 +538,8 @@ BIGNUM *BN_mod_inverse(BIGNUM *ret, | | 538 | 538 | BIGNUM *BN_mod_sqrt(BIGNUM *ret,
| | 539 | 539 | const BIGNUM *a, const BIGNUM *n,BN_CTX *ctx);
| | 540 | 540 |
| | 541 | +void BN_consttime_swap(BN_ULONG swap, BIGNUM *a, BIGNUM *b, int nwords);
| | 542 | +
| | 541 | 543 | /* Deprecated versions */
| | 542 | 544 | #ifndef OPENSSL_NO_DEPRECATED
| | 543 | 545 | BIGNUM *BN_generate_prime(BIGNUM *ret,int bits,int safe,
|
| | @@ -774,11 +776,20 @@ int RAND_pseudo_bytes(unsigned char *buf,int num); | | 774 | 776 |
| | 775 | 777 | #define bn_fix_top(a) bn_check_top(a)
| | 776 | 778 |
| | 779 | +#define bn_check_size(bn, bits) bn_wcheck_size(bn, ((bits+BN_BITS2-1))/BN_BITS2)
| | 780 | +#define bn_wcheck_size(bn, words) \
| | 781 | + do { \
| | 782 | + const BIGNUM *_bnum2 = (bn); \
| | 783 | + assert(words <= (_bnum2)->dmax && words >= (_bnum2)->top); \
| | 784 | + } while(0)
| | 785 | +
| | 777 | 786 | #else /* !BN_DEBUG */
| | 778 | 787 |
| | 779 | 788 | #define bn_pollute(a)
| | 780 | 789 | #define bn_check_top(a)
| | 781 | 790 | #define bn_fix_top(a) bn_correct_top(a)
| | 791 | +#define bn_check_size(bn, bits)
| | 792 | +#define bn_wcheck_size(bn, words)
| | 782 | 793 |
| | 783 | 794 | #endif
| | 784 | 795 |
|
| | @@ -70,6 +70,15 @@ | | 70 | 70 | #include <stdio.h>
| | 71 | 71 | #include <ctype.h>
| | 72 | 72 | #include <krb5.h>
| | 73 | +#ifdef OPENSSL_SYS_WIN32
| | 74 | +/* These can sometimes get redefined indirectly by krb5 header files
| | 75 | + * after they get undefed in ossl_typ.h
| | 76 | + */
| | 77 | +#undef X509_NAME
| | 78 | +#undef X509_EXTENSIONS
| | 79 | +#undef OCSP_REQUEST
| | 80 | +#undef OCSP_RESPONSE
| | 81 | +#endif
| | 73 | 82 |
| | 74 | 83 | #ifdef __cplusplus
| | 75 | 84 | extern "C" {
|
| | @@ -25,11 +25,11 @@ | | 25 | 25 | * (Prior to 0.9.5a beta1, a different scheme was used: MMNNFFRBB for
| | 26 | 26 | * major minor fix final patch/beta)
| | 27 | 27 | */
| | 28 | | -#define OPENSSL_VERSION_NUMBER 0x1000106fL
| | 28 | +#define OPENSSL_VERSION_NUMBER 0x1000107fL
| | 29 | 29 | #ifdef OPENSSL_FIPS
| | 30 | | -#define OPENSSL_VERSION_TEXT "OpenSSL 1.0.1f-fips 6 Jan 2014"
| | 30 | +#define OPENSSL_VERSION_TEXT "OpenSSL 1.0.1g-fips 7 Apr 2014"
| | 31 | 31 | #else
| | 32 | | -#define OPENSSL_VERSION_TEXT "OpenSSL 1.0.1f 6 Jan 2014"
| | 32 | +#define OPENSSL_VERSION_TEXT "OpenSSL 1.0.1g 7 Apr 2014"
| | 33 | 33 | #endif
| | 34 | 34 | #define OPENSSL_VERSION_PTEXT " part of " OPENSSL_VERSION_TEXT
| | 35 | 35 |
|
| | @@ -915,7 +915,7 @@ struct ssl_ctx_st | | 915 | 915 | */
| | 916 | 916 | unsigned int max_send_fragment;
| | 917 | 917 |
| | 918 | | -#ifndef OPENSSL_ENGINE
| | 918 | +#ifndef OPENSSL_NO_ENGINE
| | 919 | 919 | /* Engine to pass requests for client certs to
| | 920 | 920 | */
| | 921 | 921 | ENGINE *client_cert_engine;
|
| | @@ -204,6 +204,12 @@ | | 204 | 204 | #define SSL_CTX_set_next_protos_advertised_cb SSL_CTX_set_next_protos_adv_cb
| | 205 | 205 | #undef SSL_CTX_set_next_proto_select_cb
| | 206 | 206 | #define SSL_CTX_set_next_proto_select_cb SSL_CTX_set_next_proto_sel_cb
| | 207 | +#undef ssl3_cbc_record_digest_supported
| | 208 | +#define ssl3_cbc_record_digest_supported ssl3_cbc_record_digest_support
| | 209 | +#undef ssl_check_clienthello_tlsext_late
| | 210 | +#define ssl_check_clienthello_tlsext_late ssl_check_clihello_tlsext_late
| | 211 | +#undef ssl_check_clienthello_tlsext_early
| | 212 | +#define ssl_check_clienthello_tlsext_early ssl_check_clihello_tlsext_early
| | 207 | 213 |
| | 208 | 214 | /* Hack some long ENGINE names */
| | 209 | 215 | #undef ENGINE_get_default_BN_mod_exp_crt
|
| | @@ -230,6 +230,12 @@ extern "C" { | | 230 | 230 | /* ExtensionType value from RFC5620 */
| | 231 | 231 | #define TLSEXT_TYPE_heartbeat 15
| | 232 | 232 |
| | 233 | +/* ExtensionType value for TLS padding extension.
| | 234 | + * http://www.iana.org/assignments/tls-extensiontype-values/tls-extensiontype-values.xhtml
| | 235 | + * http://tools.ietf.org/html/draft-agl-tls-padding-03
| | 236 | + */
| | 237 | +#define TLSEXT_TYPE_padding 21
| | 238 | +
| | 233 | 239 | /* ExtensionType value from RFC4507 */
| | 234 | 240 | #define TLSEXT_TYPE_session_ticket 35
| | 235 | 241 |
|
| | @@ -5,8 +5,15 @@ | | 5 | 5 | This file gives a brief overview of the major changes between each OpenSSL | | 6 | 6 | release. For more details please read the CHANGES file. | | 7 | 7 | | | 8 | + Major changes between OpenSSL 1.0.1f and OpenSSL 1.0.1g [7 Apr 2014] | | 9 | + | | 10 | + o Fix for CVE-2014-0160 | | 11 | + o Add TLS padding extension workaround for broken servers. | | 12 | + o Fix for CVE-2014-0076 | | 13 | + | | 8 | 14 | Major changes between OpenSSL 1.0.1e and OpenSSL 1.0.1f [6 Jan 2014] | | 9 | 15 | | | 16 | + o Don't include gmt_unix_time in TLS server and client random values | | 10 | 17 | o Fix for TLS record tampering bug CVE-2013-4353 | | 11 | 18 | o Fix for TLS version checking bug CVE-2013-6449 | | 12 | 19 | o Fix for DTLS retransmission bug CVE-2013-6450 |
| | @@ -1,5 +1,5 @@ | | 1 | 1 | | | 2 | | - OpenSSL 1.0.1f 6 Jan 2014 | | 2 | + OpenSSL 1.0.1g 7 Apr 2014 | | 3 | 3 | | | 4 | 4 | Copyright (c) 1998-2011 The OpenSSL Project | | 5 | 5 | Copyright (c) 1995-1998 Eric A. Young, Tim J. Hudson |
| | @@ -116,10 +116,10 @@ BOOL LoadOpenSSL() | | 116 | 116 | return FALSE;
| | 117 | 117 | #ifdef ENABLE_PROCESS_PROTECTION
| | 118 | 118 | // 同梱するOpenSSLのバージョンに合わせてSHA1ハッシュ値を変更すること
| | 119 | | - // ssleay32.dll 1.0.1f
| | 120 | | - RegisterTrustedModuleSHA1Hash("\x16\xFA\xD2\x39\x74\x27\xE4\x07\xCB\xF5\x1A\xF1\xC3\xCD\x1C\xBB\xFC\xD0\xFC\x40");
| | 121 | | - // libeay32.dll 1.0.1f
| | 122 | | - RegisterTrustedModuleSHA1Hash("\xA6\x2D\x10\xF8\x2A\xB9\xEF\x95\xC3\xF7\x0B\xE0\xD1\xCB\x1C\x9B\x0A\x99\x42\x1F");
| | 119 | + // ssleay32.dll 1.0.1g
| | 120 | + RegisterTrustedModuleSHA1Hash("\xCB\xBA\x62\x61\x3C\x44\x1E\x94\xD2\xF4\xAD\xD5\x03\x43\x6F\x26\xD2\xAF\x2F\x21");
| | 121 | + // libeay32.dll 1.0.1g
| | 122 | + RegisterTrustedModuleSHA1Hash("\x4E\x53\x29\xC4\x32\x1B\x17\xA5\x4D\x40\xDF\x6F\xF6\xD2\x53\x7E\xBC\x54\x69\x1B");
| | 123 | 123 | #endif
| | 124 | 124 | g_hOpenSSL = LoadLibrary("ssleay32.dll");
| | 125 | 125 | // バージョン固定のためlibssl32.dllの読み込みは脆弱性の原因になり得るので廃止
|
Show on old repository browser
|
FFFTP
Fork
FFFTP_Eng_Release/FFFTP.exe
contrib/openssl/changes.txt
contrib/openssl/include/openssl/bn.h
socketwrapper.c