Loweynet
| 修订版 | c2a19504b12b0366c91446defa590dd407869cbb (tree) |
|---|---|
| 时间 | 2015-01-17 00:36:38 |
| 作者 | s_kawamoto <s_kawamoto@user...> |
| Commiter | s_kawamoto |
Update OpenSSL to 1.0.1l.
FFFTP_Eng_Release/FFFTP.exe (diff) FFFTP_Eng_Release_64/FFFTP.exe (diff) Release/FFFTP.exe (diff) Release_64/FFFTP.exe (diff) contrib/openssl/bin/libeay32.dll (diff) contrib/openssl/bin/ssleay32.dll (diff)
contrib/openssl/changes.txt (diff)
contrib/openssl/include/openssl/asn1.h (diff) contrib/openssl/include/openssl/bio.h (diff) contrib/openssl/include/openssl/bn.h (diff) contrib/openssl/include/openssl/dtls1.h (diff) contrib/openssl/include/openssl/opensslv.h (diff) contrib/openssl/include/openssl/srtp.h (diff) contrib/openssl/include/openssl/ssl.h (diff) contrib/openssl/include/openssl/ssl3.h (diff) contrib/openssl/include/openssl/x509.h (diff) contrib/openssl/news.txt (diff) contrib/openssl/readme.txt (diff) dist/amd64/libeay32.dll (diff) dist/amd64/ssleay32.dll (diff) dist/libeay32.dll (diff) dist/ssleay32.dll (diff)
socketwrapper.c (diff)| @@ -2,6 +2,141 @@ | ||
| 2 | 2 | OpenSSL CHANGES |
| 3 | 3 | _______________ |
| 4 | 4 | |
| 5 | + Changes between 1.0.1k and 1.0.1l [15 Jan 2015] | |
| 6 | + | |
| 7 | + *) Build fixes for the Windows and OpenVMS platforms | |
| 8 | + [Matt Caswell and Richard Levitte] | |
| 9 | + | |
| 10 | + Changes between 1.0.1j and 1.0.1k [8 Jan 2015] | |
| 11 | + | |
| 12 | + *) Fix DTLS segmentation fault in dtls1_get_record. A carefully crafted DTLS | |
| 13 | + message can cause a segmentation fault in OpenSSL due to a NULL pointer | |
| 14 | + dereference. This could lead to a Denial Of Service attack. Thanks to | |
| 15 | + Markus Stenberg of Cisco Systems, Inc. for reporting this issue. | |
| 16 | + (CVE-2014-3571) | |
| 17 | + [Steve Henson] | |
| 18 | + | |
| 19 | + *) Fix DTLS memory leak in dtls1_buffer_record. A memory leak can occur in the | |
| 20 | + dtls1_buffer_record function under certain conditions. In particular this | |
| 21 | + could occur if an attacker sent repeated DTLS records with the same | |
| 22 | + sequence number but for the next epoch. The memory leak could be exploited | |
| 23 | + by an attacker in a Denial of Service attack through memory exhaustion. | |
| 24 | + Thanks to Chris Mueller for reporting this issue. | |
| 25 | + (CVE-2015-0206) | |
| 26 | + [Matt Caswell] | |
| 27 | + | |
| 28 | + *) Fix issue where no-ssl3 configuration sets method to NULL. When openssl is | |
| 29 | + built with the no-ssl3 option and a SSL v3 ClientHello is received the ssl | |
| 30 | + method would be set to NULL which could later result in a NULL pointer | |
| 31 | + dereference. Thanks to Frank Schmirler for reporting this issue. | |
| 32 | + (CVE-2014-3569) | |
| 33 | + [Kurt Roeckx] | |
| 34 | + | |
| 35 | + *) Abort handshake if server key exchange message is omitted for ephemeral | |
| 36 | + ECDH ciphersuites. | |
| 37 | + | |
| 38 | + Thanks to Karthikeyan Bhargavan of the PROSECCO team at INRIA for | |
| 39 | + reporting this issue. | |
| 40 | + (CVE-2014-3572) | |
| 41 | + [Steve Henson] | |
| 42 | + | |
| 43 | + *) Remove non-export ephemeral RSA code on client and server. This code | |
| 44 | + violated the TLS standard by allowing the use of temporary RSA keys in | |
| 45 | + non-export ciphersuites and could be used by a server to effectively | |
| 46 | + downgrade the RSA key length used to a value smaller than the server | |
| 47 | + certificate. Thanks for Karthikeyan Bhargavan of the PROSECCO team at | |
| 48 | + INRIA or reporting this issue. | |
| 49 | + (CVE-2015-0204) | |
| 50 | + [Steve Henson] | |
| 51 | + | |
| 52 | + *) Fixed issue where DH client certificates are accepted without verification. | |
| 53 | + An OpenSSL server will accept a DH certificate for client authentication | |
| 54 | + without the certificate verify message. This effectively allows a client to | |
| 55 | + authenticate without the use of a private key. This only affects servers | |
| 56 | + which trust a client certificate authority which issues certificates | |
| 57 | + containing DH keys: these are extremely rare and hardly ever encountered. | |
| 58 | + Thanks for Karthikeyan Bhargavan of the PROSECCO team at INRIA or reporting | |
| 59 | + this issue. | |
| 60 | + (CVE-2015-0205) | |
| 61 | + [Steve Henson] | |
| 62 | + | |
| 63 | + *) Ensure that the session ID context of an SSL is updated when its | |
| 64 | + SSL_CTX is updated via SSL_set_SSL_CTX. | |
| 65 | + | |
| 66 | + The session ID context is typically set from the parent SSL_CTX, | |
| 67 | + and can vary with the CTX. | |
| 68 | + [Adam Langley] | |
| 69 | + | |
| 70 | + *) Fix various certificate fingerprint issues. | |
| 71 | + | |
| 72 | + By using non-DER or invalid encodings outside the signed portion of a | |
| 73 | + certificate the fingerprint can be changed without breaking the signature. | |
| 74 | + Although no details of the signed portion of the certificate can be changed | |
| 75 | + this can cause problems with some applications: e.g. those using the | |
| 76 | + certificate fingerprint for blacklists. | |
| 77 | + | |
| 78 | + 1. Reject signatures with non zero unused bits. | |
| 79 | + | |
| 80 | + If the BIT STRING containing the signature has non zero unused bits reject | |
| 81 | + the signature. All current signature algorithms require zero unused bits. | |
| 82 | + | |
| 83 | + 2. Check certificate algorithm consistency. | |
| 84 | + | |
| 85 | + Check the AlgorithmIdentifier inside TBS matches the one in the | |
| 86 | + certificate signature. NB: this will result in signature failure | |
| 87 | + errors for some broken certificates. | |
| 88 | + | |
| 89 | + Thanks to Konrad Kraszewski from Google for reporting this issue. | |
| 90 | + | |
| 91 | + 3. Check DSA/ECDSA signatures use DER. | |
| 92 | + | |
| 93 | + Reencode DSA/ECDSA signatures and compare with the original received | |
| 94 | + signature. Return an error if there is a mismatch. | |
| 95 | + | |
| 96 | + This will reject various cases including garbage after signature | |
| 97 | + (thanks to Antti Karjalainen and Tuomo Untinen from the Codenomicon CROSS | |
| 98 | + program for discovering this case) and use of BER or invalid ASN.1 INTEGERs | |
| 99 | + (negative or with leading zeroes). | |
| 100 | + | |
| 101 | + Further analysis was conducted and fixes were developed by Stephen Henson | |
| 102 | + of the OpenSSL core team. | |
| 103 | + | |
| 104 | + (CVE-2014-8275) | |
| 105 | + [Steve Henson] | |
| 106 | + | |
| 107 | + *) Correct Bignum squaring. Bignum squaring (BN_sqr) may produce incorrect | |
| 108 | + results on some platforms, including x86_64. This bug occurs at random | |
| 109 | + with a very low probability, and is not known to be exploitable in any | |
| 110 | + way, though its exact impact is difficult to determine. Thanks to Pieter | |
| 111 | + Wuille (Blockstream) who reported this issue and also suggested an initial | |
| 112 | + fix. Further analysis was conducted by the OpenSSL development team and | |
| 113 | + Adam Langley of Google. The final fix was developed by Andy Polyakov of | |
| 114 | + the OpenSSL core team. | |
| 115 | + (CVE-2014-3570) | |
| 116 | + [Andy Polyakov] | |
| 117 | + | |
| 118 | + *) Do not resume sessions on the server if the negotiated protocol | |
| 119 | + version does not match the session's version. Resuming with a different | |
| 120 | + version, while not strictly forbidden by the RFC, is of questionable | |
| 121 | + sanity and breaks all known clients. | |
| 122 | + [David Benjamin, Emilia Käsper] | |
| 123 | + | |
| 124 | + *) Tighten handling of the ChangeCipherSpec (CCS) message: reject | |
| 125 | + early CCS messages during renegotiation. (Note that because | |
| 126 | + renegotiation is encrypted, this early CCS was not exploitable.) | |
| 127 | + [Emilia Käsper] | |
| 128 | + | |
| 129 | + *) Tighten client-side session ticket handling during renegotiation: | |
| 130 | + ensure that the client only accepts a session ticket if the server sends | |
| 131 | + the extension anew in the ServerHello. Previously, a TLS client would | |
| 132 | + reuse the old extension state and thus accept a session ticket if one was | |
| 133 | + announced in the initial ServerHello. | |
| 134 | + | |
| 135 | + Similarly, ensure that the client requires a session ticket if one | |
| 136 | + was advertised in the ServerHello. Previously, a TLS client would | |
| 137 | + ignore a missing NewSessionTicket message. | |
| 138 | + [Emilia Käsper] | |
| 139 | + | |
| 5 | 140 | Changes between 1.0.1i and 1.0.1j [15 Oct 2014] |
| 6 | 141 | |
| 7 | 142 | *) SRTP Memory Leak. |
| @@ -776,7 +776,7 @@ DECLARE_ASN1_FUNCTIONS_fname(ASN1_TYPE, ASN1_ANY, ASN1_TYPE) | ||
| 776 | 776 | int ASN1_TYPE_get(ASN1_TYPE *a); |
| 777 | 777 | void ASN1_TYPE_set(ASN1_TYPE *a, int type, void *value); |
| 778 | 778 | int ASN1_TYPE_set1(ASN1_TYPE *a, int type, const void *value); |
| 779 | -int ASN1_TYPE_cmp(ASN1_TYPE *a, ASN1_TYPE *b); | |
| 779 | +int ASN1_TYPE_cmp(const ASN1_TYPE *a, const ASN1_TYPE *b); | |
| 780 | 780 | |
| 781 | 781 | ASN1_OBJECT * ASN1_OBJECT_new(void ); |
| 782 | 782 | void ASN1_OBJECT_free(ASN1_OBJECT *a); |
| @@ -1329,6 +1329,7 @@ void ERR_load_ASN1_strings(void); | ||
| 1329 | 1329 | #define ASN1_R_ILLEGAL_TIME_VALUE 184 |
| 1330 | 1330 | #define ASN1_R_INTEGER_NOT_ASCII_FORMAT 185 |
| 1331 | 1331 | #define ASN1_R_INTEGER_TOO_LARGE_FOR_LONG 128 |
| 1332 | +#define ASN1_R_INVALID_BIT_STRING_BITS_LEFT 220 | |
| 1332 | 1333 | #define ASN1_R_INVALID_BMPSTRING_LENGTH 129 |
| 1333 | 1334 | #define ASN1_R_INVALID_DIGIT 130 |
| 1334 | 1335 | #define ASN1_R_INVALID_MIME_TYPE 205 |
| @@ -1378,6 +1379,7 @@ void ERR_load_ASN1_strings(void); | ||
| 1378 | 1379 | #define ASN1_R_TIME_NOT_ASCII_FORMAT 193 |
| 1379 | 1380 | #define ASN1_R_TOO_LONG 155 |
| 1380 | 1381 | #define ASN1_R_TYPE_NOT_CONSTRUCTED 156 |
| 1382 | +#define ASN1_R_TYPE_NOT_PRIMITIVE 218 | |
| 1381 | 1383 | #define ASN1_R_UNABLE_TO_DECODE_RSA_KEY 157 |
| 1382 | 1384 | #define ASN1_R_UNABLE_TO_DECODE_RSA_PRIVATE_KEY 158 |
| 1383 | 1385 | #define ASN1_R_UNEXPECTED_EOC 159 |
| @@ -175,6 +175,8 @@ extern "C" { | ||
| 175 | 175 | #define BIO_CTRL_DGRAM_SET_NEXT_TIMEOUT 45 /* Next DTLS handshake timeout to |
| 176 | 176 | * adjust socket timeouts */ |
| 177 | 177 | |
| 178 | +#define BIO_CTRL_DGRAM_GET_MTU_OVERHEAD 49 | |
| 179 | + | |
| 178 | 180 | #ifndef OPENSSL_NO_SCTP |
| 179 | 181 | /* SCTP stuff */ |
| 180 | 182 | #define BIO_CTRL_DGRAM_SCTP_SET_IN_HANDSHAKE 50 |
| @@ -607,6 +609,8 @@ int BIO_ctrl_reset_read_request(BIO *b); | ||
| 607 | 609 | (int)BIO_ctrl(b, BIO_CTRL_DGRAM_GET_PEER, 0, (char *)peer) |
| 608 | 610 | #define BIO_dgram_set_peer(b,peer) \ |
| 609 | 611 | (int)BIO_ctrl(b, BIO_CTRL_DGRAM_SET_PEER, 0, (char *)peer) |
| 612 | +#define BIO_dgram_get_mtu_overhead(b) \ | |
| 613 | + (unsigned int)BIO_ctrl((b), BIO_CTRL_DGRAM_GET_MTU_OVERHEAD, 0, NULL) | |
| 610 | 614 | |
| 611 | 615 | /* These two aren't currently implemented */ |
| 612 | 616 | /* int BIO_get_ex_num(BIO *bio); */ |
| @@ -780,7 +780,9 @@ int RAND_pseudo_bytes(unsigned char *buf,int num); | ||
| 780 | 780 | #define bn_wcheck_size(bn, words) \ |
| 781 | 781 | do { \ |
| 782 | 782 | const BIGNUM *_bnum2 = (bn); \ |
| 783 | - assert(words <= (_bnum2)->dmax && words >= (_bnum2)->top); \ | |
| 783 | + assert((words) <= (_bnum2)->dmax && (words) >= (_bnum2)->top); \ | |
| 784 | + /* avoid unused variable warning with NDEBUG */ \ | |
| 785 | + (void)(_bnum2); \ | |
| 784 | 786 | } while(0) |
| 785 | 787 | |
| 786 | 788 | #else /* !BN_DEBUG */ |
| @@ -117,6 +117,9 @@ extern "C" { | ||
| 117 | 117 | #define DTLS1_SCTP_AUTH_LABEL "EXPORTER_DTLS_OVER_SCTP" |
| 118 | 118 | #endif |
| 119 | 119 | |
| 120 | +/* Max MTU overhead we know about so far is 40 for IPv6 + 8 for UDP */ | |
| 121 | +#define DTLS1_MAX_MTU_OVERHEAD 48 | |
| 122 | + | |
| 120 | 123 | typedef struct dtls1_bitmap_st |
| 121 | 124 | { |
| 122 | 125 | unsigned long map; /* track 32 packets on 32-bit systems |
| @@ -231,6 +234,7 @@ typedef struct dtls1_state_st | ||
| 231 | 234 | /* Is set when listening for new connections with dtls1_listen() */ |
| 232 | 235 | unsigned int listen; |
| 233 | 236 | |
| 237 | + unsigned int link_mtu; /* max on-the-wire DTLS packet size */ | |
| 234 | 238 | unsigned int mtu; /* max DTLS packet size */ |
| 235 | 239 | |
| 236 | 240 | struct hm_header_st w_msg_hdr; |
| @@ -252,6 +256,10 @@ typedef struct dtls1_state_st | ||
| 252 | 256 | unsigned int handshake_fragment_len; |
| 253 | 257 | |
| 254 | 258 | unsigned int retransmitting; |
| 259 | + /* | |
| 260 | + * Set when the handshake is ready to process peer's ChangeCipherSpec message. | |
| 261 | + * Cleared after the message has been processed. | |
| 262 | + */ | |
| 255 | 263 | unsigned int change_cipher_spec_ok; |
| 256 | 264 | |
| 257 | 265 | #ifndef OPENSSL_NO_SCTP |
| @@ -29,11 +29,11 @@ extern "C" { | ||
| 29 | 29 | * (Prior to 0.9.5a beta1, a different scheme was used: MMNNFFRBB for |
| 30 | 30 | * major minor fix final patch/beta) |
| 31 | 31 | */ |
| 32 | -#define OPENSSL_VERSION_NUMBER 0x100010afL | |
| 32 | +#define OPENSSL_VERSION_NUMBER 0x100010cfL | |
| 33 | 33 | #ifdef OPENSSL_FIPS |
| 34 | -#define OPENSSL_VERSION_TEXT "OpenSSL 1.0.1j-fips 15 Oct 2014" | |
| 34 | +#define OPENSSL_VERSION_TEXT "OpenSSL 1.0.1l-fips 15 Jan 2015" | |
| 35 | 35 | #else |
| 36 | -#define OPENSSL_VERSION_TEXT "OpenSSL 1.0.1j 15 Oct 2014" | |
| 36 | +#define OPENSSL_VERSION_TEXT "OpenSSL 1.0.1l 15 Jan 2015" | |
| 37 | 37 | #endif |
| 38 | 38 | #define OPENSSL_VERSION_PTEXT " part of " OPENSSL_VERSION_TEXT |
| 39 | 39 |
| @@ -1,4 +1,4 @@ | ||
| 1 | -/* ssl/tls1.h */ | |
| 1 | +/* ssl/srtp.h */ | |
| 2 | 2 | /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) |
| 3 | 3 | * All rights reserved. |
| 4 | 4 | * |
| @@ -118,6 +118,8 @@ | ||
| 118 | 118 | #ifndef HEADER_D1_SRTP_H |
| 119 | 119 | #define HEADER_D1_SRTP_H |
| 120 | 120 | |
| 121 | +#include <openssl/ssl.h> | |
| 122 | + | |
| 121 | 123 | #ifdef __cplusplus |
| 122 | 124 | extern "C" { |
| 123 | 125 | #endif |
| @@ -596,9 +596,8 @@ struct ssl_session_st | ||
| 596 | 596 | #define SSL_OP_SINGLE_ECDH_USE 0x00080000L |
| 597 | 597 | /* If set, always create a new key when using tmp_dh parameters */ |
| 598 | 598 | #define SSL_OP_SINGLE_DH_USE 0x00100000L |
| 599 | -/* Set to always use the tmp_rsa key when doing RSA operations, | |
| 600 | - * even when this violates protocol specs */ | |
| 601 | -#define SSL_OP_EPHEMERAL_RSA 0x00200000L | |
| 599 | +/* Does nothing: retained for compatibiity */ | |
| 600 | +#define SSL_OP_EPHEMERAL_RSA 0x0 | |
| 602 | 601 | /* Set on servers to choose the cipher according to the server's |
| 603 | 602 | * preferences */ |
| 604 | 603 | #define SSL_OP_CIPHER_SERVER_PREFERENCE 0x00400000L |
| @@ -654,8 +653,13 @@ struct ssl_session_st | ||
| 654 | 653 | #define SSL_MODE_SEND_CLIENTHELLO_TIME 0x00000020L |
| 655 | 654 | #define SSL_MODE_SEND_SERVERHELLO_TIME 0x00000040L |
| 656 | 655 | /* Send TLS_FALLBACK_SCSV in the ClientHello. |
| 657 | - * To be set by applications that reconnect with a downgraded protocol | |
| 658 | - * version; see draft-ietf-tls-downgrade-scsv-00 for details. */ | |
| 656 | + * To be set only by applications that reconnect with a downgraded protocol | |
| 657 | + * version; see draft-ietf-tls-downgrade-scsv-00 for details. | |
| 658 | + * | |
| 659 | + * DO NOT ENABLE THIS if your application attempts a normal handshake. | |
| 660 | + * Only use this in explicit fallback retries, following the guidance | |
| 661 | + * in draft-ietf-tls-downgrade-scsv-00. | |
| 662 | + */ | |
| 659 | 663 | #define SSL_MODE_SEND_FALLBACK_SCSV 0x00000080L |
| 660 | 664 | |
| 661 | 665 | /* Note: SSL[_CTX]_set_{options,mode} use |= op on the previous value, |
| @@ -688,6 +692,10 @@ struct ssl_session_st | ||
| 688 | 692 | SSL_ctrl((ssl),SSL_CTRL_MODE,0,NULL) |
| 689 | 693 | #define SSL_set_mtu(ssl, mtu) \ |
| 690 | 694 | SSL_ctrl((ssl),SSL_CTRL_SET_MTU,(mtu),NULL) |
| 695 | +#define DTLS_set_link_mtu(ssl, mtu) \ | |
| 696 | + SSL_ctrl((ssl),DTLS_CTRL_SET_LINK_MTU,(mtu),NULL) | |
| 697 | +#define DTLS_get_link_min_mtu(ssl) \ | |
| 698 | + SSL_ctrl((ssl),DTLS_CTRL_GET_LINK_MIN_MTU,0,NULL) | |
| 691 | 699 | |
| 692 | 700 | #define SSL_get_secure_renegotiation_support(ssl) \ |
| 693 | 701 | SSL_ctrl((ssl), SSL_CTRL_GET_RI_SUPPORT, 0, NULL) |
| @@ -1627,6 +1635,8 @@ DECLARE_PEM_rw(SSL_SESSION, SSL_SESSION) | ||
| 1627 | 1635 | #define SSL_CTRL_CLEAR_EXTRA_CHAIN_CERTS 83 |
| 1628 | 1636 | |
| 1629 | 1637 | #define SSL_CTRL_CHECK_PROTO_VERSION 119 |
| 1638 | +#define DTLS_CTRL_SET_LINK_MTU 120 | |
| 1639 | +#define DTLS_CTRL_GET_LINK_MIN_MTU 121 | |
| 1630 | 1640 | |
| 1631 | 1641 | #define DTLSv1_get_timeout(ssl, arg) \ |
| 1632 | 1642 | SSL_ctrl(ssl,DTLS_CTRL_GET_TIMEOUT,0, (void *)arg) |
| @@ -1878,13 +1888,15 @@ const SSL_METHOD *SSLv2_server_method(void); /* SSLv2 */ | ||
| 1878 | 1888 | const SSL_METHOD *SSLv2_client_method(void); /* SSLv2 */ |
| 1879 | 1889 | #endif |
| 1880 | 1890 | |
| 1891 | +#ifndef OPENSSL_NO_SSL3_METHOD | |
| 1881 | 1892 | const SSL_METHOD *SSLv3_method(void); /* SSLv3 */ |
| 1882 | 1893 | const SSL_METHOD *SSLv3_server_method(void); /* SSLv3 */ |
| 1883 | 1894 | const SSL_METHOD *SSLv3_client_method(void); /* SSLv3 */ |
| 1895 | +#endif | |
| 1884 | 1896 | |
| 1885 | -const SSL_METHOD *SSLv23_method(void); /* SSLv3 but can rollback to v2 */ | |
| 1886 | -const SSL_METHOD *SSLv23_server_method(void); /* SSLv3 but can rollback to v2 */ | |
| 1887 | -const SSL_METHOD *SSLv23_client_method(void); /* SSLv3 but can rollback to v2 */ | |
| 1897 | +const SSL_METHOD *SSLv23_method(void); /* Negotiate highest available SSL/TLS version */ | |
| 1898 | +const SSL_METHOD *SSLv23_server_method(void); /* Negotiate highest available SSL/TLS version */ | |
| 1899 | +const SSL_METHOD *SSLv23_client_method(void); /* Negotiate highest available SSL/TLS version */ | |
| 1888 | 1900 | |
| 1889 | 1901 | const SSL_METHOD *TLSv1_method(void); /* TLSv1.0 */ |
| 1890 | 1902 | const SSL_METHOD *TLSv1_server_method(void); /* TLSv1.0 */ |
| @@ -393,6 +393,10 @@ typedef struct ssl3_buffer_st | ||
| 393 | 393 | #define TLS1_FLAGS_TLS_PADDING_BUG 0x0008 |
| 394 | 394 | #define TLS1_FLAGS_SKIP_CERT_VERIFY 0x0010 |
| 395 | 395 | #define TLS1_FLAGS_KEEP_HANDSHAKE 0x0020 |
| 396 | +/* | |
| 397 | + * Set when the handshake is ready to process peer's ChangeCipherSpec message. | |
| 398 | + * Cleared after the message has been processed. | |
| 399 | + */ | |
| 396 | 400 | #define SSL3_FLAGS_CCS_OK 0x0080 |
| 397 | 401 | |
| 398 | 402 | /* SSL3_FLAGS_SGC_RESTART_DONE is set when we |
| @@ -456,8 +460,11 @@ typedef struct ssl3_state_st | ||
| 456 | 460 | * and freed and MD_CTX-es for all required digests are stored in |
| 457 | 461 | * this array */ |
| 458 | 462 | EVP_MD_CTX **handshake_dgst; |
| 459 | - /* this is set whenerver we see a change_cipher_spec message | |
| 460 | - * come in when we are not looking for one */ | |
| 463 | + /* | |
| 464 | + * Set whenever an expected ChangeCipherSpec message is processed. | |
| 465 | + * Unset when the peer's Finished message is received. | |
| 466 | + * Unexpected ChangeCipherSpec messages trigger a fatal alert. | |
| 467 | + */ | |
| 461 | 468 | int change_cipher_spec; |
| 462 | 469 | |
| 463 | 470 | int warn_alert; |
| @@ -768,6 +768,7 @@ int X509_ALGOR_set0(X509_ALGOR *alg, ASN1_OBJECT *aobj, int ptype, void *pval); | ||
| 768 | 768 | void X509_ALGOR_get0(ASN1_OBJECT **paobj, int *pptype, void **ppval, |
| 769 | 769 | X509_ALGOR *algor); |
| 770 | 770 | void X509_ALGOR_set_md(X509_ALGOR *alg, const EVP_MD *md); |
| 771 | +int X509_ALGOR_cmp(const X509_ALGOR *a, const X509_ALGOR *b); | |
| 771 | 772 | |
| 772 | 773 | X509_NAME *X509_NAME_dup(X509_NAME *xn); |
| 773 | 774 | X509_NAME_ENTRY *X509_NAME_ENTRY_dup(X509_NAME_ENTRY *ne); |
| @@ -5,6 +5,21 @@ | ||
| 5 | 5 | This file gives a brief overview of the major changes between each OpenSSL |
| 6 | 6 | release. For more details please read the CHANGES file. |
| 7 | 7 | |
| 8 | + Major changes between OpenSSL 1.0.1k and OpenSSL 1.0.1l [15 Jan 2015] | |
| 9 | + | |
| 10 | + o Build fixes for the Windows and OpenVMS platforms | |
| 11 | + | |
| 12 | + Major changes between OpenSSL 1.0.1j and OpenSSL 1.0.1k [8 Jan 2015] | |
| 13 | + | |
| 14 | + o Fix for CVE-2014-3571 | |
| 15 | + o Fix for CVE-2015-0206 | |
| 16 | + o Fix for CVE-2014-3569 | |
| 17 | + o Fix for CVE-2014-3572 | |
| 18 | + o Fix for CVE-2015-0204 | |
| 19 | + o Fix for CVE-2015-0205 | |
| 20 | + o Fix for CVE-2014-8275 | |
| 21 | + o Fix for CVE-2014-3570 | |
| 22 | + | |
| 8 | 23 | Major changes between OpenSSL 1.0.1i and OpenSSL 1.0.1j [15 Oct 2014] |
| 9 | 24 | |
| 10 | 25 | o Fix for CVE-2014-3513 |
| @@ -1,5 +1,5 @@ | ||
| 1 | 1 | |
| 2 | - OpenSSL 1.0.1j 15 Oct 2014 | |
| 2 | + OpenSSL 1.0.1l 15 Jan 2015 | |
| 3 | 3 | |
| 4 | 4 | Copyright (c) 1998-2011 The OpenSSL Project |
| 5 | 5 | Copyright (c) 1995-1998 Eric A. Young, Tim J. Hudson |
| @@ -153,15 +153,15 @@ BOOL LoadOpenSSL() | ||
| 153 | 153 | #ifdef ENABLE_PROCESS_PROTECTION |
| 154 | 154 | // 同梱するOpenSSLのバージョンに合わせてSHA1ハッシュ値を変更すること |
| 155 | 155 | #if defined(_M_IX86) |
| 156 | - // ssleay32.dll 1.0.1j | |
| 157 | - RegisterTrustedModuleSHA1Hash("\x57\x83\x70\x2D\x44\x8F\x1F\xB3\x83\xC2\xC1\x93\xB5\x92\xC8\x14\xFE\x2B\x31\x59"); | |
| 158 | - // libeay32.dll 1.0.1j | |
| 159 | - RegisterTrustedModuleSHA1Hash("\x66\x15\x03\xCA\xFB\x5C\x08\x96\x4B\x80\x9A\x55\x14\xDB\x1F\x12\x4A\x9C\x53\x52"); | |
| 156 | + // ssleay32.dll 1.0.1l | |
| 157 | + RegisterTrustedModuleSHA1Hash("\xC1\xBC\x62\xEA\xE8\xC5\x97\xC1\x3A\xD4\x58\x55\x14\x14\x35\x2E\xA0\x3A\xF2\x17"); | |
| 158 | + // libeay32.dll 1.0.1l | |
| 159 | + RegisterTrustedModuleSHA1Hash("\x3B\x8D\xCB\x6F\xDC\x48\xDB\xFD\xEC\x78\x9B\xF8\xA7\x18\x24\x87\x18\x1D\x3A\xED"); | |
| 160 | 160 | #elif defined(_M_AMD64) |
| 161 | - // ssleay32.dll 1.0.1j | |
| 162 | - RegisterTrustedModuleSHA1Hash("\x4C\xBD\xC5\x05\xB5\xB2\x48\xA8\xC2\x0B\xE4\xB3\x17\x02\x9C\x32\xE2\x84\x87\xA9"); | |
| 163 | - // libeay32.dll 1.0.1j | |
| 164 | - RegisterTrustedModuleSHA1Hash("\xF7\x31\xBF\xF6\x2C\x51\xBA\x00\x38\x7E\x76\x2F\x8B\xB3\xF9\x52\x5D\xED\xA4\xE6"); | |
| 161 | + // ssleay32.dll 1.0.1l | |
| 162 | + RegisterTrustedModuleSHA1Hash("\x8E\x0C\x3E\xEA\x5A\x30\xBD\xAF\xB5\x04\xAF\xD4\xB9\x6E\xE2\x16\x1B\x30\x49\x24"); | |
| 163 | + // libeay32.dll 1.0.1l | |
| 164 | + RegisterTrustedModuleSHA1Hash("\x87\x8A\xC2\x2E\x34\x85\xAC\x89\xE9\x44\x30\xB1\xE9\x11\x8B\x46\x72\x19\xAD\x22"); | |
| 165 | 165 | #endif |
| 166 | 166 | #endif |
| 167 | 167 | g_hOpenSSL = LoadLibrary("ssleay32.dll"); |
amalsyah1
Fork