Loweynet
Revisión | 84d4661a835d170169a608339b76899c9d8fae01 (tree) |
---|---|
Tiempo | 2015-07-11 19:41:50 |
Autor | s_kawamoto <s_kawamoto@user...> |
Commiter | s_kawamoto |
Update OpenSSL to 1.0.2d.
@@ -81,7 +81,7 @@ | ||
81 | 81 | // ソフトウェア自動更新 |
82 | 82 | // リリースバージョンはリリース予定年(10進数4桁)+月(2桁)+日(2桁)+通し番号(0スタート2桁)とする |
83 | 83 | // 2014年7月31日中の30個目のリリースは2014073129 |
84 | -#define RELEASE_VERSION_NUM 2015061300 /* リリースバージョン */ | |
84 | +#define RELEASE_VERSION_NUM 2015071100 /* リリースバージョン */ | |
85 | 85 | |
86 | 86 | |
87 | 87 | // SourceForge.JPによるフォーク |
@@ -2,6 +2,21 @@ | ||
2 | 2 | OpenSSL CHANGES |
3 | 3 | _______________ |
4 | 4 | |
5 | + Changes between 1.0.2c and 1.0.2d [9 Jul 2015] | |
6 | + | |
7 | + *) Alternate chains certificate forgery | |
8 | + | |
9 | + During certificate verfification, OpenSSL will attempt to find an | |
10 | + alternative certificate chain if the first attempt to build such a chain | |
11 | + fails. An error in the implementation of this logic can mean that an | |
12 | + attacker could cause certain checks on untrusted certificates to be | |
13 | + bypassed, such as the CA flag, enabling them to use a valid leaf | |
14 | + certificate to act as a CA and "issue" an invalid certificate. | |
15 | + | |
16 | + This issue was reported to OpenSSL by Adam Langley/David Benjamin | |
17 | + (Google/BoringSSL). | |
18 | + [Matt Caswell] | |
19 | + | |
5 | 20 | Changes between 1.0.2b and 1.0.2c [12 Jun 2015] |
6 | 21 | |
7 | 22 | *) Fix HMAC ABI incompatibility. The previous version introduced an ABI |
@@ -291,7 +291,7 @@ void BIO_clear_flags(BIO *b, int flags); | ||
291 | 291 | * BIO_CB_RETURN flag indicates if it is after the call |
292 | 292 | */ |
293 | 293 | # define BIO_CB_RETURN 0x80 |
294 | -# define BIO_CB_return(a) ((a)|BIO_CB_RETURN)) | |
294 | +# define BIO_CB_return(a) ((a)|BIO_CB_RETURN) | |
295 | 295 | # define BIO_cb_pre(a) (!((a)&BIO_CB_RETURN)) |
296 | 296 | # define BIO_cb_post(a) ((a)&BIO_CB_RETURN) |
297 | 297 |
@@ -203,7 +203,7 @@ extern "C" { | ||
203 | 203 | #endif |
204 | 204 | |
205 | 205 | #if defined(DES_RISC1) && defined(DES_RISC2) |
206 | -YOU SHOULD NOT HAVE BOTH DES_RISC1 AND DES_RISC2 DEFINED!!!!! | |
206 | +#error YOU SHOULD NOT HAVE BOTH DES_RISC1 AND DES_RISC2 DEFINED!!!!! | |
207 | 207 | #endif |
208 | 208 | |
209 | 209 | /* Unroll the inner loop, this sometimes helps, sometimes hinders. |
@@ -30,11 +30,11 @@ extern "C" { | ||
30 | 30 | * (Prior to 0.9.5a beta1, a different scheme was used: MMNNFFRBB for |
31 | 31 | * major minor fix final patch/beta) |
32 | 32 | */ |
33 | -# define OPENSSL_VERSION_NUMBER 0x1000203fL | |
33 | +# define OPENSSL_VERSION_NUMBER 0x1000204fL | |
34 | 34 | # ifdef OPENSSL_FIPS |
35 | -# define OPENSSL_VERSION_TEXT "OpenSSL 1.0.2c-fips 12 Jun 2015" | |
35 | +# define OPENSSL_VERSION_TEXT "OpenSSL 1.0.2d-fips 9 Jul 2015" | |
36 | 36 | # else |
37 | -# define OPENSSL_VERSION_TEXT "OpenSSL 1.0.2c 12 Jun 2015" | |
37 | +# define OPENSSL_VERSION_TEXT "OpenSSL 1.0.2d 9 Jul 2015" | |
38 | 38 | # endif |
39 | 39 | # define OPENSSL_VERSION_PTEXT " part of " OPENSSL_VERSION_TEXT |
40 | 40 |
@@ -5,6 +5,10 @@ | ||
5 | 5 | This file gives a brief overview of the major changes between each OpenSSL |
6 | 6 | release. For more details please read the CHANGES file. |
7 | 7 | |
8 | + Major changes between OpenSSL 1.0.2c and OpenSSL 1.0.2d [9 Jul 2015] | |
9 | + | |
10 | + o Alternate chains certificate forgery (CVE-2015-1793) | |
11 | + | |
8 | 12 | Major changes between OpenSSL 1.0.2b and OpenSSL 1.0.2c [12 Jun 2015] |
9 | 13 | |
10 | 14 | o Fix HMAC ABI incompatibility |
@@ -1,5 +1,5 @@ | ||
1 | 1 | |
2 | - OpenSSL 1.0.2c 12 Jun 2015 | |
2 | + OpenSSL 1.0.2d 9 Jul 2015 | |
3 | 3 | |
4 | 4 | Copyright (c) 1998-2011 The OpenSSL Project |
5 | 5 | Copyright (c) 1995-1998 Eric A. Young, Tim J. Hudson |
@@ -153,15 +153,15 @@ BOOL LoadOpenSSL() | ||
153 | 153 | #ifdef ENABLE_PROCESS_PROTECTION |
154 | 154 | // 同梱するOpenSSLのバージョンに合わせてSHA1ハッシュ値を変更すること |
155 | 155 | #if defined(_M_IX86) |
156 | - // ssleay32.dll 1.0.2c | |
157 | - RegisterTrustedModuleSHA1Hash("\x52\x8D\x30\xE5\xF5\x41\x8E\x16\x8A\x31\x8D\x36\xEA\xB7\xE0\x93\x4F\x13\x0B\x48"); | |
158 | - // libeay32.dll 1.0.2c | |
159 | - RegisterTrustedModuleSHA1Hash("\x22\x3A\xCE\x78\xAC\x4B\x02\x20\x05\x61\x1B\xC5\xBF\xE7\x37\x7D\xD9\xDF\xE6\x1B"); | |
156 | + // ssleay32.dll 1.0.2d | |
157 | + RegisterTrustedModuleSHA1Hash("\xBF\x93\x28\xBE\x43\x04\x2D\x18\xA4\x02\x1B\xF3\x63\x0A\xC7\x1A\x94\xCF\xA6\x05"); | |
158 | + // libeay32.dll 1.0.2d | |
159 | + RegisterTrustedModuleSHA1Hash("\xFA\xAE\x6D\x44\xC6\x91\xF3\xA1\x53\x4E\x3A\xFE\x0C\x3C\x8D\xF9\xF7\x2B\x87\xF9"); | |
160 | 160 | #elif defined(_M_AMD64) |
161 | - // ssleay32.dll 1.0.2c | |
162 | - RegisterTrustedModuleSHA1Hash("\x9E\xE1\xA7\x17\x2C\x78\xA7\x11\xEB\x11\x95\x95\x21\x18\x0F\x29\x6B\xDF\xE6\xDF"); | |
163 | - // libeay32.dll 1.0.2c | |
164 | - RegisterTrustedModuleSHA1Hash("\x86\x8B\x4B\x13\x3C\x51\x29\x91\x2D\xD3\x81\x8D\x03\x8E\x5E\x43\xEB\x1C\xA8\x5C"); | |
161 | + // ssleay32.dll 1.0.2d | |
162 | + RegisterTrustedModuleSHA1Hash("\xD8\x01\x0D\xBE\xEE\x6D\x73\x79\x57\x1A\xE8\xAC\x25\x1C\x96\xA1\x93\x9A\x90\x51"); | |
163 | + // libeay32.dll 1.0.2d | |
164 | + RegisterTrustedModuleSHA1Hash("\x82\xCD\x9F\x91\xB4\x48\x13\x93\x46\x1B\xC2\x83\xDF\xBC\xE2\x14\x6B\x0A\xB7\xF9"); | |
165 | 165 | #endif |
166 | 166 | #endif |
167 | 167 | g_hOpenSSL = LoadLibrary("ssleay32.dll"); |