• R/O
  • HTTP
  • SSH
  • HTTPS

Commit

Frequently used words (click to add to your profile)

javac++androidlinuxc#windowsobjective-ccocoa誰得qtpythonphprubygameguibathyscaphec計画中(planning stage)翻訳omegatframeworktwitterdomtestvb.netdirectxゲームエンジンbtronarduinopreviewer

Loweynet


Commit MetaInfo

Revisão94a0d48d39b620364702622b2a79eb999bdbebc4 (tree)
Hora2012-01-25 23:24:59
Autors_kawamoto <s_kawamoto@user...>
Commiters_kawamoto

Mensagem de Log

Update OpenSSL to 1.0.0g.

Mudança Sumário

Diff

Binary files a/FFFTP_Eng_Release/FFFTP.exe and b/FFFTP_Eng_Release/FFFTP.exe differ
Binary files a/Release/FFFTP.exe and b/Release/FFFTP.exe differ
Binary files a/contrib/openssl/bin/libeay32.dll and b/contrib/openssl/bin/libeay32.dll differ
Binary files a/contrib/openssl/bin/libssl32.dll and b/contrib/openssl/bin/libssl32.dll differ
Binary files a/contrib/openssl/bin/ssleay32.dll and b/contrib/openssl/bin/ssleay32.dll differ
--- a/contrib/openssl/changes.txt
+++ b/contrib/openssl/changes.txt
@@ -2,6 +2,73 @@
22 OpenSSL CHANGES
33 _______________
44
5+ Changes between 1.0.0f and 1.0.0g [18 Jan 2012]
6+
7+ *) Fix for DTLS DoS issue introduced by fix for CVE-2011-4109.
8+ Thanks to Antonio Martin, Enterprise Secure Access Research and
9+ Development, Cisco Systems, Inc. for discovering this bug and
10+ preparing a fix. (CVE-2012-0050)
11+ [Antonio Martin]
12+
13+ Changes between 1.0.0e and 1.0.0f [4 Jan 2012]
14+
15+ *) Nadhem Alfardan and Kenny Paterson have discovered an extension
16+ of the Vaudenay padding oracle attack on CBC mode encryption
17+ which enables an efficient plaintext recovery attack against
18+ the OpenSSL implementation of DTLS. Their attack exploits timing
19+ differences arising during decryption processing. A research
20+ paper describing this attack can be found at:
21+ http://www.isg.rhul.ac.uk/~kp/dtls.pdf
22+ Thanks go to Nadhem Alfardan and Kenny Paterson of the Information
23+ Security Group at Royal Holloway, University of London
24+ (www.isg.rhul.ac.uk) for discovering this flaw and to Robin Seggelmann
25+ <seggelmann@fh-muenster.de> and Michael Tuexen <tuexen@fh-muenster.de>
26+ for preparing the fix. (CVE-2011-4108)
27+ [Robin Seggelmann, Michael Tuexen]
28+
29+ *) Clear bytes used for block padding of SSL 3.0 records.
30+ (CVE-2011-4576)
31+ [Adam Langley (Google)]
32+
33+ *) Only allow one SGC handshake restart for SSL/TLS. Thanks to George
34+ Kadianakis <desnacked@gmail.com> for discovering this issue and
35+ Adam Langley for preparing the fix. (CVE-2011-4619)
36+ [Adam Langley (Google)]
37+
38+ *) Check parameters are not NULL in GOST ENGINE. (CVE-2012-0027)
39+ [Andrey Kulikov <amdeich@gmail.com>]
40+
41+ *) Prevent malformed RFC3779 data triggering an assertion failure.
42+ Thanks to Andrew Chi, BBN Technologies, for discovering the flaw
43+ and Rob Austein <sra@hactrn.net> for fixing it. (CVE-2011-4577)
44+ [Rob Austein <sra@hactrn.net>]
45+
46+ *) Improved PRNG seeding for VOS.
47+ [Paul Green <Paul.Green@stratus.com>]
48+
49+ *) Fix ssl_ciph.c set-up race.
50+ [Adam Langley (Google)]
51+
52+ *) Fix spurious failures in ecdsatest.c.
53+ [Emilia Käsper (Google)]
54+
55+ *) Fix the BIO_f_buffer() implementation (which was mixing different
56+ interpretations of the '..._len' fields).
57+ [Adam Langley (Google)]
58+
59+ *) Fix handling of BN_BLINDING: now BN_BLINDING_invert_ex (rather than
60+ BN_BLINDING_invert_ex) calls BN_BLINDING_update, ensuring that concurrent
61+ threads won't reuse the same blinding coefficients.
62+
63+ This also avoids the need to obtain the CRYPTO_LOCK_RSA_BLINDING
64+ lock to call BN_BLINDING_invert_ex, and avoids one use of
65+ BN_BLINDING_update for each BN_BLINDING structure (previously,
66+ the last update always remained unused).
67+ [Emilia Käsper (Google)]
68+
69+ *) In ssl3_clear, preserve s3->init_extra along with s3->rbuf.
70+ [Bob Buckholz (Google)]
71+
572 Changes between 1.0.0d and 1.0.0e [6 Sep 2011]
673
774 *) Fix bug where CRLs with nextUpdate in the past are sometimes accepted
@@ -906,8 +973,67 @@
906973
907974 *) Change 'Configure' script to enable Camellia by default.
908975 [NTT]
976+
977+ Changes between 0.9.8s and 0.9.8t [18 Jan 2012]
978+
979+ *) Fix for DTLS DoS issue introduced by fix for CVE-2011-4109.
980+ Thanks to Antonio Martin, Enterprise Secure Access Research and
981+ Development, Cisco Systems, Inc. for discovering this bug and
982+ preparing a fix. (CVE-2012-0050)
983+ [Antonio Martin]
909984
910- Changes between 0.9.8r and 0.9.8s [xx XXX xxxx]
985+ Changes between 0.9.8r and 0.9.8s [4 Jan 2012]
986+
987+ *) Nadhem Alfardan and Kenny Paterson have discovered an extension
988+ of the Vaudenay padding oracle attack on CBC mode encryption
989+ which enables an efficient plaintext recovery attack against
990+ the OpenSSL implementation of DTLS. Their attack exploits timing
991+ differences arising during decryption processing. A research
992+ paper describing this attack can be found at:
993+ http://www.isg.rhul.ac.uk/~kp/dtls.pdf
994+ Thanks go to Nadhem Alfardan and Kenny Paterson of the Information
995+ Security Group at Royal Holloway, University of London
996+ (www.isg.rhul.ac.uk) for discovering this flaw and to Robin Seggelmann
997+ <seggelmann@fh-muenster.de> and Michael Tuexen <tuexen@fh-muenster.de>
998+ for preparing the fix. (CVE-2011-4108)
999+ [Robin Seggelmann, Michael Tuexen]
1000+
1001+ *) Stop policy check failure freeing same buffer twice. (CVE-2011-4109)
1002+ [Ben Laurie, Kasper <ekasper@google.com>]
1003+
1004+ *) Clear bytes used for block padding of SSL 3.0 records.
1005+ (CVE-2011-4576)
1006+ [Adam Langley (Google)]
1007+
1008+ *) Only allow one SGC handshake restart for SSL/TLS. Thanks to George
1009+ Kadianakis <desnacked@gmail.com> for discovering this issue and
1010+ Adam Langley for preparing the fix. (CVE-2011-4619)
1011+ [Adam Langley (Google)]
1012+
1013+ *) Prevent malformed RFC3779 data triggering an assertion failure.
1014+ Thanks to Andrew Chi, BBN Technologies, for discovering the flaw
1015+ and Rob Austein <sra@hactrn.net> for fixing it. (CVE-2011-4577)
1016+ [Rob Austein <sra@hactrn.net>]
1017+
1018+ *) Fix ssl_ciph.c set-up race.
1019+ [Adam Langley (Google)]
1020+
1021+ *) Fix spurious failures in ecdsatest.c.
1022+ [Emilia Käsper (Google)]
1023+
1024+ *) Fix the BIO_f_buffer() implementation (which was mixing different
1025+ interpretations of the '..._len' fields).
1026+ [Adam Langley (Google)]
1027+
1028+ *) Fix handling of BN_BLINDING: now BN_BLINDING_invert_ex (rather than
1029+ BN_BLINDING_invert_ex) calls BN_BLINDING_update, ensuring that concurrent
1030+ threads won't reuse the same blinding coefficients.
1031+
1032+ This also avoids the need to obtain the CRYPTO_LOCK_RSA_BLINDING
1033+ lock to call BN_BLINDING_invert_ex, and avoids one use of
1034+ BN_BLINDING_update for each BN_BLINDING structure (previously,
1035+ the last update always remained unused).
1036+ [Emilia Käsper (Google)]
9111037
9121038 *) Fix SSL memory handling for (EC)DH ciphersuites, in particular
9131039 for multi-threaded use of ECDH.
--- a/contrib/openssl/faq.txt
+++ b/contrib/openssl/faq.txt
@@ -82,7 +82,7 @@ OpenSSL - Frequently Asked Questions
8282 * Which is the current version of OpenSSL?
8383
8484 The current version is available from <URL: http://www.openssl.org>.
85-OpenSSL 1.0.0e was released on Sep 6th, 2011.
85+OpenSSL 1.0.0g was released on Jan 18th, 2012.
8686
8787 In addition to the current stable release, you can also access daily
8888 snapshots of the OpenSSL development version at <URL:
--- a/contrib/openssl/include/openssl/bio.h
+++ b/contrib/openssl/include/openssl/bio.h
@@ -306,6 +306,15 @@ DECLARE_STACK_OF(BIO)
306306
307307 typedef struct bio_f_buffer_ctx_struct
308308 {
309+ /* Buffers are setup like this:
310+ *
311+ * <---------------------- size ----------------------->
312+ * +---------------------------------------------------+
313+ * | consumed | remaining | free space |
314+ * +---------------------------------------------------+
315+ * <-- off --><------- len ------->
316+ */
317+
309318 /* BIO *bio; */ /* this is now in the BIO struct */
310319 int ibuf_size; /* how big is the input buffer */
311320 int obuf_size; /* how big is the output buffer */
--- a/contrib/openssl/include/openssl/e_os2.h
+++ b/contrib/openssl/include/openssl/e_os2.h
@@ -193,8 +193,14 @@ extern "C" {
193193 #endif
194194
195195 /* --------------------------------- VOS ----------------------------------- */
196-#ifdef OPENSSL_SYSNAME_VOS
196+#if defined(__VOS__) || defined(OPENSSL_SYSNAME_VOS)
197197 # define OPENSSL_SYS_VOS
198+#ifdef __HPPA__
199+# define OPENSSL_SYS_VOS_HPPA
200+#endif
201+#ifdef __IA32__
202+# define OPENSSL_SYS_VOS_IA32
203+#endif
198204 #endif
199205
200206 /* ------------------------------- VxWorks --------------------------------- */
--- a/contrib/openssl/include/openssl/opensslv.h
+++ b/contrib/openssl/include/openssl/opensslv.h
@@ -25,11 +25,11 @@
2525 * (Prior to 0.9.5a beta1, a different scheme was used: MMNNFFRBB for
2626 * major minor fix final patch/beta)
2727 */
28-#define OPENSSL_VERSION_NUMBER 0x1000005fL
28+#define OPENSSL_VERSION_NUMBER 0x1000007fL
2929 #ifdef OPENSSL_FIPS
30-#define OPENSSL_VERSION_TEXT "OpenSSL 1.0.0e-fips 6 Sep 2011"
30+#define OPENSSL_VERSION_TEXT "OpenSSL 1.0.0g-fips 18 Jan 2012"
3131 #else
32-#define OPENSSL_VERSION_TEXT "OpenSSL 1.0.0e 6 Sep 2011"
32+#define OPENSSL_VERSION_TEXT "OpenSSL 1.0.0g 18 Jan 2012"
3333 #endif
3434 #define OPENSSL_VERSION_PTEXT " part of " OPENSSL_VERSION_TEXT
3535
--- a/contrib/openssl/include/openssl/ssl.h
+++ b/contrib/openssl/include/openssl/ssl.h
@@ -1882,6 +1882,7 @@ void ERR_load_SSL_strings(void);
18821882 #define SSL_F_SSL3_CALLBACK_CTRL 233
18831883 #define SSL_F_SSL3_CHANGE_CIPHER_STATE 129
18841884 #define SSL_F_SSL3_CHECK_CERT_AND_ALGORITHM 130
1885+#define SSL_F_SSL3_CHECK_CLIENT_HELLO 304
18851886 #define SSL_F_SSL3_CLIENT_HELLO 131
18861887 #define SSL_F_SSL3_CONNECT 132
18871888 #define SSL_F_SSL3_CTRL 213
@@ -2139,6 +2140,7 @@ void ERR_load_SSL_strings(void);
21392140 #define SSL_R_MISSING_TMP_RSA_KEY 172
21402141 #define SSL_R_MISSING_TMP_RSA_PKEY 173
21412142 #define SSL_R_MISSING_VERIFY_MESSAGE 174
2143+#define SSL_R_MULTIPLE_SGC_RESTARTS 346
21422144 #define SSL_R_NON_SSLV2_INITIAL_PACKET 175
21432145 #define SSL_R_NO_CERTIFICATES_RETURNED 176
21442146 #define SSL_R_NO_CERTIFICATE_ASSIGNED 177
--- a/contrib/openssl/include/openssl/ssl3.h
+++ b/contrib/openssl/include/openssl/ssl3.h
@@ -380,6 +380,17 @@ typedef struct ssl3_buffer_st
380380 #define TLS1_FLAGS_TLS_PADDING_BUG 0x0008
381381 #define TLS1_FLAGS_SKIP_CERT_VERIFY 0x0010
382382
383+/* SSL3_FLAGS_SGC_RESTART_DONE is set when we
384+ * restart a handshake because of MS SGC and so prevents us
385+ * from restarting the handshake in a loop. It's reset on a
386+ * renegotiation, so effectively limits the client to one restart
387+ * per negotiation. This limits the possibility of a DDoS
388+ * attack where the client handshakes in a loop using SGC to
389+ * restart. Servers which permit renegotiation can still be
390+ * effected, but we can't prevent that.
391+ */
392+#define SSL3_FLAGS_SGC_RESTART_DONE 0x0040
393+
383394 typedef struct ssl3_state_st
384395 {
385396 long flags;
--- a/contrib/openssl/news.txt
+++ b/contrib/openssl/news.txt
@@ -5,6 +5,18 @@
55 This file gives a brief overview of the major changes between each OpenSSL
66 release. For more details please read the CHANGES file.
77
8+ Major changes between OpenSSL 1.0.0f and OpenSSL 1.0.0g:
9+
10+ o Fix for DTLS DoS issue CVE-2012-0050
11+
12+ Major changes between OpenSSL 1.0.0e and OpenSSL 1.0.0f:
13+
14+ o Fix for DTLS plaintext recovery attack CVE-2011-4108
15+ o Clear block padding bytes of SSL 3.0 records CVE-2011-4576
16+ o Only allow one SGC handshake restart for SSL/TLS CVE-2011-4619
17+ o Check parameters are not NULL in GOST ENGINE CVE-2012-0027
18+ o Check for malformed RFC3779 data CVE-2011-4577
19+
820 Major changes between OpenSSL 1.0.0d and OpenSSL 1.0.0e:
921
1022 o Fix for CRL vulnerability issue CVE-2011-3207
--- a/contrib/openssl/readme.txt
+++ b/contrib/openssl/readme.txt
@@ -1,5 +1,5 @@
11
2- OpenSSL 1.0.0e 6 Sep 2011
2+ OpenSSL 1.0.0g 18 Jan 2012
33
44 Copyright (c) 1998-2011 The OpenSSL Project
55 Copyright (c) 1995-1998 Eric A. Young, Tim J. Hudson
Binary files a/dist/libeay32.dll and b/dist/libeay32.dll differ
Binary files a/dist/ssleay32.dll and b/dist/ssleay32.dll differ
--- a/socketwrapper.c
+++ b/socketwrapper.c
@@ -114,11 +114,11 @@ BOOL LoadOpenSSL()
114114 return FALSE;
115115 #ifdef ENABLE_PROCESS_PROTECTION
116116 // 同梱するOpenSSLのバージョンに合わせてSHA1ハッシュ値を変更すること
117- // ssleay32.dll 1.0.0e
118- // libssl32.dll 1.0.0e
119- RegisterTrustedModuleSHA1Hash("\x4E\xB7\xA0\x22\x14\x4B\x58\x6D\xBC\xF5\x21\x0D\x96\x78\x0D\x79\x7D\x66\xB2\xB0");
120- // libeay32.dll 1.0.0e
121- RegisterTrustedModuleSHA1Hash("\x01\x32\x7A\xAE\x69\x26\xE6\x58\xC7\x63\x22\x1E\x53\x5A\x78\xBC\x61\xC7\xB5\xC1");
117+ // ssleay32.dll 1.0.0g
118+ // libssl32.dll 1.0.0g
119+ RegisterTrustedModuleSHA1Hash("\x42\x32\x3E\x44\x35\xBC\x98\x6C\x45\xC9\xA2\xB8\x41\xE7\xDA\x7B\x6A\x98\xB2\x28");
120+ // libeay32.dll 1.0.0g
121+ RegisterTrustedModuleSHA1Hash("\x3F\xC8\x07\x84\xB3\xF0\x71\x4A\x18\x59\x52\x1F\x99\x09\x65\xB9\x49\xA7\x15\x36");
122122 #endif
123123 g_hOpenSSL = LoadLibrary("ssleay32.dll");
124124 // バージョン固定のためlibssl32.dllの読み込みは脆弱性の原因になり得るので廃止