FFFTPのソースコードです。
| 修訂 | 94a0d48d39b620364702622b2a79eb999bdbebc4 (tree) |
|---|---|
| 時間 | 2012-01-25 23:24:59 |
| 作者 | s_kawamoto <s_kawamoto@user...> |
| Commiter | s_kawamoto |
Update OpenSSL to 1.0.0g.
FFFTP_Eng_Release/FFFTP.exe (diff) Release/FFFTP.exe (diff) contrib/openssl/bin/libeay32.dll (diff) contrib/openssl/bin/libssl32.dll (diff) contrib/openssl/bin/ssleay32.dll (diff)
contrib/openssl/changes.txt (diff) contrib/openssl/faq.txt (diff)
contrib/openssl/include/openssl/bio.h (diff) contrib/openssl/include/openssl/e_os2.h (diff) contrib/openssl/include/openssl/opensslv.h (diff) contrib/openssl/include/openssl/ssl.h (diff) contrib/openssl/include/openssl/ssl3.h (diff) contrib/openssl/news.txt (diff) contrib/openssl/readme.txt (diff) dist/libeay32.dll (diff) dist/ssleay32.dll (diff)
socketwrapper.c (diff)| @@ -2,6 +2,73 @@ | ||
| 2 | 2 | OpenSSL CHANGES |
| 3 | 3 | _______________ |
| 4 | 4 | |
| 5 | + Changes between 1.0.0f and 1.0.0g [18 Jan 2012] | |
| 6 | + | |
| 7 | + *) Fix for DTLS DoS issue introduced by fix for CVE-2011-4109. | |
| 8 | + Thanks to Antonio Martin, Enterprise Secure Access Research and | |
| 9 | + Development, Cisco Systems, Inc. for discovering this bug and | |
| 10 | + preparing a fix. (CVE-2012-0050) | |
| 11 | + [Antonio Martin] | |
| 12 | + | |
| 13 | + Changes between 1.0.0e and 1.0.0f [4 Jan 2012] | |
| 14 | + | |
| 15 | + *) Nadhem Alfardan and Kenny Paterson have discovered an extension | |
| 16 | + of the Vaudenay padding oracle attack on CBC mode encryption | |
| 17 | + which enables an efficient plaintext recovery attack against | |
| 18 | + the OpenSSL implementation of DTLS. Their attack exploits timing | |
| 19 | + differences arising during decryption processing. A research | |
| 20 | + paper describing this attack can be found at: | |
| 21 | + http://www.isg.rhul.ac.uk/~kp/dtls.pdf | |
| 22 | + Thanks go to Nadhem Alfardan and Kenny Paterson of the Information | |
| 23 | + Security Group at Royal Holloway, University of London | |
| 24 | + (www.isg.rhul.ac.uk) for discovering this flaw and to Robin Seggelmann | |
| 25 | + <seggelmann@fh-muenster.de> and Michael Tuexen <tuexen@fh-muenster.de> | |
| 26 | + for preparing the fix. (CVE-2011-4108) | |
| 27 | + [Robin Seggelmann, Michael Tuexen] | |
| 28 | + | |
| 29 | + *) Clear bytes used for block padding of SSL 3.0 records. | |
| 30 | + (CVE-2011-4576) | |
| 31 | + [Adam Langley (Google)] | |
| 32 | + | |
| 33 | + *) Only allow one SGC handshake restart for SSL/TLS. Thanks to George | |
| 34 | + Kadianakis <desnacked@gmail.com> for discovering this issue and | |
| 35 | + Adam Langley for preparing the fix. (CVE-2011-4619) | |
| 36 | + [Adam Langley (Google)] | |
| 37 | + | |
| 38 | + *) Check parameters are not NULL in GOST ENGINE. (CVE-2012-0027) | |
| 39 | + [Andrey Kulikov <amdeich@gmail.com>] | |
| 40 | + | |
| 41 | + *) Prevent malformed RFC3779 data triggering an assertion failure. | |
| 42 | + Thanks to Andrew Chi, BBN Technologies, for discovering the flaw | |
| 43 | + and Rob Austein <sra@hactrn.net> for fixing it. (CVE-2011-4577) | |
| 44 | + [Rob Austein <sra@hactrn.net>] | |
| 45 | + | |
| 46 | + *) Improved PRNG seeding for VOS. | |
| 47 | + [Paul Green <Paul.Green@stratus.com>] | |
| 48 | + | |
| 49 | + *) Fix ssl_ciph.c set-up race. | |
| 50 | + [Adam Langley (Google)] | |
| 51 | + | |
| 52 | + *) Fix spurious failures in ecdsatest.c. | |
| 53 | + [Emilia K舖per (Google)] | |
| 54 | + | |
| 55 | + *) Fix the BIO_f_buffer() implementation (which was mixing different | |
| 56 | + interpretations of the '..._len' fields). | |
| 57 | + [Adam Langley (Google)] | |
| 58 | + | |
| 59 | + *) Fix handling of BN_BLINDING: now BN_BLINDING_invert_ex (rather than | |
| 60 | + BN_BLINDING_invert_ex) calls BN_BLINDING_update, ensuring that concurrent | |
| 61 | + threads won't reuse the same blinding coefficients. | |
| 62 | + | |
| 63 | + This also avoids the need to obtain the CRYPTO_LOCK_RSA_BLINDING | |
| 64 | + lock to call BN_BLINDING_invert_ex, and avoids one use of | |
| 65 | + BN_BLINDING_update for each BN_BLINDING structure (previously, | |
| 66 | + the last update always remained unused). | |
| 67 | + [Emilia K舖per (Google)] | |
| 68 | + | |
| 69 | + *) In ssl3_clear, preserve s3->init_extra along with s3->rbuf. | |
| 70 | + [Bob Buckholz (Google)] | |
| 71 | + | |
| 5 | 72 | Changes between 1.0.0d and 1.0.0e [6 Sep 2011] |
| 6 | 73 | |
| 7 | 74 | *) Fix bug where CRLs with nextUpdate in the past are sometimes accepted |
| @@ -906,8 +973,67 @@ | ||
| 906 | 973 | |
| 907 | 974 | *) Change 'Configure' script to enable Camellia by default. |
| 908 | 975 | [NTT] |
| 976 | + | |
| 977 | + Changes between 0.9.8s and 0.9.8t [18 Jan 2012] | |
| 978 | + | |
| 979 | + *) Fix for DTLS DoS issue introduced by fix for CVE-2011-4109. | |
| 980 | + Thanks to Antonio Martin, Enterprise Secure Access Research and | |
| 981 | + Development, Cisco Systems, Inc. for discovering this bug and | |
| 982 | + preparing a fix. (CVE-2012-0050) | |
| 983 | + [Antonio Martin] | |
| 909 | 984 | |
| 910 | - Changes between 0.9.8r and 0.9.8s [xx XXX xxxx] | |
| 985 | + Changes between 0.9.8r and 0.9.8s [4 Jan 2012] | |
| 986 | + | |
| 987 | + *) Nadhem Alfardan and Kenny Paterson have discovered an extension | |
| 988 | + of the Vaudenay padding oracle attack on CBC mode encryption | |
| 989 | + which enables an efficient plaintext recovery attack against | |
| 990 | + the OpenSSL implementation of DTLS. Their attack exploits timing | |
| 991 | + differences arising during decryption processing. A research | |
| 992 | + paper describing this attack can be found at: | |
| 993 | + http://www.isg.rhul.ac.uk/~kp/dtls.pdf | |
| 994 | + Thanks go to Nadhem Alfardan and Kenny Paterson of the Information | |
| 995 | + Security Group at Royal Holloway, University of London | |
| 996 | + (www.isg.rhul.ac.uk) for discovering this flaw and to Robin Seggelmann | |
| 997 | + <seggelmann@fh-muenster.de> and Michael Tuexen <tuexen@fh-muenster.de> | |
| 998 | + for preparing the fix. (CVE-2011-4108) | |
| 999 | + [Robin Seggelmann, Michael Tuexen] | |
| 1000 | + | |
| 1001 | + *) Stop policy check failure freeing same buffer twice. (CVE-2011-4109) | |
| 1002 | + [Ben Laurie, Kasper <ekasper@google.com>] | |
| 1003 | + | |
| 1004 | + *) Clear bytes used for block padding of SSL 3.0 records. | |
| 1005 | + (CVE-2011-4576) | |
| 1006 | + [Adam Langley (Google)] | |
| 1007 | + | |
| 1008 | + *) Only allow one SGC handshake restart for SSL/TLS. Thanks to George | |
| 1009 | + Kadianakis <desnacked@gmail.com> for discovering this issue and | |
| 1010 | + Adam Langley for preparing the fix. (CVE-2011-4619) | |
| 1011 | + [Adam Langley (Google)] | |
| 1012 | + | |
| 1013 | + *) Prevent malformed RFC3779 data triggering an assertion failure. | |
| 1014 | + Thanks to Andrew Chi, BBN Technologies, for discovering the flaw | |
| 1015 | + and Rob Austein <sra@hactrn.net> for fixing it. (CVE-2011-4577) | |
| 1016 | + [Rob Austein <sra@hactrn.net>] | |
| 1017 | + | |
| 1018 | + *) Fix ssl_ciph.c set-up race. | |
| 1019 | + [Adam Langley (Google)] | |
| 1020 | + | |
| 1021 | + *) Fix spurious failures in ecdsatest.c. | |
| 1022 | + [Emilia K舖per (Google)] | |
| 1023 | + | |
| 1024 | + *) Fix the BIO_f_buffer() implementation (which was mixing different | |
| 1025 | + interpretations of the '..._len' fields). | |
| 1026 | + [Adam Langley (Google)] | |
| 1027 | + | |
| 1028 | + *) Fix handling of BN_BLINDING: now BN_BLINDING_invert_ex (rather than | |
| 1029 | + BN_BLINDING_invert_ex) calls BN_BLINDING_update, ensuring that concurrent | |
| 1030 | + threads won't reuse the same blinding coefficients. | |
| 1031 | + | |
| 1032 | + This also avoids the need to obtain the CRYPTO_LOCK_RSA_BLINDING | |
| 1033 | + lock to call BN_BLINDING_invert_ex, and avoids one use of | |
| 1034 | + BN_BLINDING_update for each BN_BLINDING structure (previously, | |
| 1035 | + the last update always remained unused). | |
| 1036 | + [Emilia K舖per (Google)] | |
| 911 | 1037 | |
| 912 | 1038 | *) Fix SSL memory handling for (EC)DH ciphersuites, in particular |
| 913 | 1039 | for multi-threaded use of ECDH. |
| @@ -82,7 +82,7 @@ OpenSSL - Frequently Asked Questions | ||
| 82 | 82 | * Which is the current version of OpenSSL? |
| 83 | 83 | |
| 84 | 84 | The current version is available from <URL: http://www.openssl.org>. |
| 85 | -OpenSSL 1.0.0e was released on Sep 6th, 2011. | |
| 85 | +OpenSSL 1.0.0g was released on Jan 18th, 2012. | |
| 86 | 86 | |
| 87 | 87 | In addition to the current stable release, you can also access daily |
| 88 | 88 | snapshots of the OpenSSL development version at <URL: |
| @@ -306,6 +306,15 @@ DECLARE_STACK_OF(BIO) | ||
| 306 | 306 | |
| 307 | 307 | typedef struct bio_f_buffer_ctx_struct |
| 308 | 308 | { |
| 309 | + /* Buffers are setup like this: | |
| 310 | + * | |
| 311 | + * <---------------------- size -----------------------> | |
| 312 | + * +---------------------------------------------------+ | |
| 313 | + * | consumed | remaining | free space | | |
| 314 | + * +---------------------------------------------------+ | |
| 315 | + * <-- off --><------- len -------> | |
| 316 | + */ | |
| 317 | + | |
| 309 | 318 | /* BIO *bio; */ /* this is now in the BIO struct */ |
| 310 | 319 | int ibuf_size; /* how big is the input buffer */ |
| 311 | 320 | int obuf_size; /* how big is the output buffer */ |
| @@ -193,8 +193,14 @@ extern "C" { | ||
| 193 | 193 | #endif |
| 194 | 194 | |
| 195 | 195 | /* --------------------------------- VOS ----------------------------------- */ |
| 196 | -#ifdef OPENSSL_SYSNAME_VOS | |
| 196 | +#if defined(__VOS__) || defined(OPENSSL_SYSNAME_VOS) | |
| 197 | 197 | # define OPENSSL_SYS_VOS |
| 198 | +#ifdef __HPPA__ | |
| 199 | +# define OPENSSL_SYS_VOS_HPPA | |
| 200 | +#endif | |
| 201 | +#ifdef __IA32__ | |
| 202 | +# define OPENSSL_SYS_VOS_IA32 | |
| 203 | +#endif | |
| 198 | 204 | #endif |
| 199 | 205 | |
| 200 | 206 | /* ------------------------------- VxWorks --------------------------------- */ |
| @@ -25,11 +25,11 @@ | ||
| 25 | 25 | * (Prior to 0.9.5a beta1, a different scheme was used: MMNNFFRBB for |
| 26 | 26 | * major minor fix final patch/beta) |
| 27 | 27 | */ |
| 28 | -#define OPENSSL_VERSION_NUMBER 0x1000005fL | |
| 28 | +#define OPENSSL_VERSION_NUMBER 0x1000007fL | |
| 29 | 29 | #ifdef OPENSSL_FIPS |
| 30 | -#define OPENSSL_VERSION_TEXT "OpenSSL 1.0.0e-fips 6 Sep 2011" | |
| 30 | +#define OPENSSL_VERSION_TEXT "OpenSSL 1.0.0g-fips 18 Jan 2012" | |
| 31 | 31 | #else |
| 32 | -#define OPENSSL_VERSION_TEXT "OpenSSL 1.0.0e 6 Sep 2011" | |
| 32 | +#define OPENSSL_VERSION_TEXT "OpenSSL 1.0.0g 18 Jan 2012" | |
| 33 | 33 | #endif |
| 34 | 34 | #define OPENSSL_VERSION_PTEXT " part of " OPENSSL_VERSION_TEXT |
| 35 | 35 |
| @@ -1882,6 +1882,7 @@ void ERR_load_SSL_strings(void); | ||
| 1882 | 1882 | #define SSL_F_SSL3_CALLBACK_CTRL 233 |
| 1883 | 1883 | #define SSL_F_SSL3_CHANGE_CIPHER_STATE 129 |
| 1884 | 1884 | #define SSL_F_SSL3_CHECK_CERT_AND_ALGORITHM 130 |
| 1885 | +#define SSL_F_SSL3_CHECK_CLIENT_HELLO 304 | |
| 1885 | 1886 | #define SSL_F_SSL3_CLIENT_HELLO 131 |
| 1886 | 1887 | #define SSL_F_SSL3_CONNECT 132 |
| 1887 | 1888 | #define SSL_F_SSL3_CTRL 213 |
| @@ -2139,6 +2140,7 @@ void ERR_load_SSL_strings(void); | ||
| 2139 | 2140 | #define SSL_R_MISSING_TMP_RSA_KEY 172 |
| 2140 | 2141 | #define SSL_R_MISSING_TMP_RSA_PKEY 173 |
| 2141 | 2142 | #define SSL_R_MISSING_VERIFY_MESSAGE 174 |
| 2143 | +#define SSL_R_MULTIPLE_SGC_RESTARTS 346 | |
| 2142 | 2144 | #define SSL_R_NON_SSLV2_INITIAL_PACKET 175 |
| 2143 | 2145 | #define SSL_R_NO_CERTIFICATES_RETURNED 176 |
| 2144 | 2146 | #define SSL_R_NO_CERTIFICATE_ASSIGNED 177 |
| @@ -380,6 +380,17 @@ typedef struct ssl3_buffer_st | ||
| 380 | 380 | #define TLS1_FLAGS_TLS_PADDING_BUG 0x0008 |
| 381 | 381 | #define TLS1_FLAGS_SKIP_CERT_VERIFY 0x0010 |
| 382 | 382 | |
| 383 | +/* SSL3_FLAGS_SGC_RESTART_DONE is set when we | |
| 384 | + * restart a handshake because of MS SGC and so prevents us | |
| 385 | + * from restarting the handshake in a loop. It's reset on a | |
| 386 | + * renegotiation, so effectively limits the client to one restart | |
| 387 | + * per negotiation. This limits the possibility of a DDoS | |
| 388 | + * attack where the client handshakes in a loop using SGC to | |
| 389 | + * restart. Servers which permit renegotiation can still be | |
| 390 | + * effected, but we can't prevent that. | |
| 391 | + */ | |
| 392 | +#define SSL3_FLAGS_SGC_RESTART_DONE 0x0040 | |
| 393 | + | |
| 383 | 394 | typedef struct ssl3_state_st |
| 384 | 395 | { |
| 385 | 396 | long flags; |
| @@ -5,6 +5,18 @@ | ||
| 5 | 5 | This file gives a brief overview of the major changes between each OpenSSL |
| 6 | 6 | release. For more details please read the CHANGES file. |
| 7 | 7 | |
| 8 | + Major changes between OpenSSL 1.0.0f and OpenSSL 1.0.0g: | |
| 9 | + | |
| 10 | + o Fix for DTLS DoS issue CVE-2012-0050 | |
| 11 | + | |
| 12 | + Major changes between OpenSSL 1.0.0e and OpenSSL 1.0.0f: | |
| 13 | + | |
| 14 | + o Fix for DTLS plaintext recovery attack CVE-2011-4108 | |
| 15 | + o Clear block padding bytes of SSL 3.0 records CVE-2011-4576 | |
| 16 | + o Only allow one SGC handshake restart for SSL/TLS CVE-2011-4619 | |
| 17 | + o Check parameters are not NULL in GOST ENGINE CVE-2012-0027 | |
| 18 | + o Check for malformed RFC3779 data CVE-2011-4577 | |
| 19 | + | |
| 8 | 20 | Major changes between OpenSSL 1.0.0d and OpenSSL 1.0.0e: |
| 9 | 21 | |
| 10 | 22 | o Fix for CRL vulnerability issue CVE-2011-3207 |
| @@ -1,5 +1,5 @@ | ||
| 1 | 1 | |
| 2 | - OpenSSL 1.0.0e 6 Sep 2011 | |
| 2 | + OpenSSL 1.0.0g 18 Jan 2012 | |
| 3 | 3 | |
| 4 | 4 | Copyright (c) 1998-2011 The OpenSSL Project |
| 5 | 5 | Copyright (c) 1995-1998 Eric A. Young, Tim J. Hudson |
| @@ -114,11 +114,11 @@ BOOL LoadOpenSSL() | ||
| 114 | 114 | return FALSE; |
| 115 | 115 | #ifdef ENABLE_PROCESS_PROTECTION |
| 116 | 116 | // 同梱するOpenSSLのバージョンに合わせてSHA1ハッシュ値を変更すること |
| 117 | - // ssleay32.dll 1.0.0e | |
| 118 | - // libssl32.dll 1.0.0e | |
| 119 | - RegisterTrustedModuleSHA1Hash("\x4E\xB7\xA0\x22\x14\x4B\x58\x6D\xBC\xF5\x21\x0D\x96\x78\x0D\x79\x7D\x66\xB2\xB0"); | |
| 120 | - // libeay32.dll 1.0.0e | |
| 121 | - RegisterTrustedModuleSHA1Hash("\x01\x32\x7A\xAE\x69\x26\xE6\x58\xC7\x63\x22\x1E\x53\x5A\x78\xBC\x61\xC7\xB5\xC1"); | |
| 117 | + // ssleay32.dll 1.0.0g | |
| 118 | + // libssl32.dll 1.0.0g | |
| 119 | + RegisterTrustedModuleSHA1Hash("\x42\x32\x3E\x44\x35\xBC\x98\x6C\x45\xC9\xA2\xB8\x41\xE7\xDA\x7B\x6A\x98\xB2\x28"); | |
| 120 | + // libeay32.dll 1.0.0g | |
| 121 | + RegisterTrustedModuleSHA1Hash("\x3F\xC8\x07\x84\xB3\xF0\x71\x4A\x18\x59\x52\x1F\x99\x09\x65\xB9\x49\xA7\x15\x36"); | |
| 122 | 122 | #endif |
| 123 | 123 | g_hOpenSSL = LoadLibrary("ssleay32.dll"); |
| 124 | 124 | // バージョン固定のためlibssl32.dllの読み込みは脆弱性の原因になり得るので廃止 |
Fork