Update OpenSSL to 1.0.1j.

diff --git a/FFFTP_Eng_Release/FFFTP.exe b/FFFTP_Eng_Release/FFFTP.exe
index c67341e..2a46121 100644 (file)
Binary files a/FFFTP_Eng_Release/FFFTP.exe and b/FFFTP_Eng_Release/FFFTP.exe differ

diff --git a/Release/FFFTP.exe b/Release/FFFTP.exe
index af25e22..06f8558 100644 (file)
Binary files a/Release/FFFTP.exe and b/Release/FFFTP.exe differ

diff --git a/contrib/openssl/bin/libeay32.dll b/contrib/openssl/bin/libeay32.dll
index e9543bc..ab95481 100644 (file)
Binary files a/contrib/openssl/bin/libeay32.dll and b/contrib/openssl/bin/libeay32.dll differ

diff --git a/contrib/openssl/bin/ssleay32.dll b/contrib/openssl/bin/ssleay32.dll
index fde54ab..60912c3 100644 (file)
Binary files a/contrib/openssl/bin/ssleay32.dll and b/contrib/openssl/bin/ssleay32.dll differ

diff --git a/contrib/openssl/changes.txt b/contrib/openssl/changes.txt
index 064c1d9..277b46f 100644 (file)
--- a/contrib/openssl/changes.txt
+++ b/contrib/openssl/changes.txt
@@ -2,6 +2,57 @@
  OpenSSL CHANGES
  _______________
 
+ Changes between 1.0.1i and 1.0.1j [15 Oct 2014]
+
+  *) SRTP Memory Leak.
+
+     A flaw in the DTLS SRTP extension parsing code allows an attacker, who
+     sends a carefully crafted handshake message, to cause OpenSSL to fail
+     to free up to 64k of memory causing a memory leak. This could be
+     exploited in a Denial Of Service attack. This issue affects OpenSSL
+     1.0.1 server implementations for both SSL/TLS and DTLS regardless of
+     whether SRTP is used or configured. Implementations of OpenSSL that
+     have been compiled with OPENSSL_NO_SRTP defined are not affected.
+
+     The fix was developed by the OpenSSL team.
+     (CVE-2014-3513)
+     [OpenSSL team]
+
+  *) Session Ticket Memory Leak.
+
+     When an OpenSSL SSL/TLS/DTLS server receives a session ticket the
+     integrity of that ticket is first verified. In the event of a session
+     ticket integrity check failing, OpenSSL will fail to free memory
+     causing a memory leak. By sending a large number of invalid session
+     tickets an attacker could exploit this issue in a Denial Of Service
+     attack.
+     (CVE-2014-3567)
+     [Steve Henson]
+
+  *) Build option no-ssl3 is incomplete.
+
+     When OpenSSL is configured with "no-ssl3" as a build option, servers
+     could accept and complete a SSL 3.0 handshake, and clients could be
+     configured to send them.
+     (CVE-2014-3568)
+     [Akamai and the OpenSSL team]
+
+  *) Add support for TLS_FALLBACK_SCSV.
+     Client applications doing fallback retries should call
+     SSL_set_mode(s, SSL_MODE_SEND_FALLBACK_SCSV).
+     (CVE-2014-3566)
+     [Adam Langley, Bodo Moeller]
+
+  *) Add additional DigestInfo checks.
+ 
+     Reencode DigestInto in DER and check against the original when
+     verifying RSA signature: this will reject any improperly encoded
+     DigestInfo structures.
+
+     Note: this is a precautionary measure and no attacks are currently known.
+
+     [Steve Henson]
+
  Changes between 1.0.1h and 1.0.1i [6 Aug 2014]
 
   *) Fix SRP buffer overrun vulnerability. Invalid parameters passed to the

diff --git a/contrib/openssl/include/openssl/dtls1.h b/contrib/openssl/include/openssl/dtls1.h
index 7c59781..38069d4 100644 (file)
--- a/contrib/openssl/include/openssl/dtls1.h
+++ b/contrib/openssl/include/openssl/dtls1.h
@@ -84,6 +84,8 @@ extern "C" {
 #endif\r
 \r
 #define DTLS1_VERSION                  0xFEFF\r
+#define DTLS_MAX_VERSION               DTLS1_VERSION\r
+\r
 #define DTLS1_BAD_VER                  0x0100\r
 \r
 #if 0\r
@@ -284,4 +286,3 @@ typedef struct dtls1_record_data_st
 }\r
 #endif\r
 #endif\r
-\r

diff --git a/contrib/openssl/include/openssl/ebcdic.h b/contrib/openssl/include/openssl/ebcdic.h
index 0941c8b..6071b57 100644 (file)
--- a/contrib/openssl/include/openssl/ebcdic.h
+++ b/contrib/openssl/include/openssl/ebcdic.h
@@ -5,6 +5,10 @@
 \r
 #include <sys/types.h>\r
 \r
+#ifdef  __cplusplus\r
+extern "C" {\r
+#endif\r
+\r
 /* Avoid name clashes with other applications */\r
 #define os_toascii   _openssl_os_toascii\r
 #define os_toebcdic  _openssl_os_toebcdic\r
@@ -16,4 +20,7 @@ extern const unsigned char os_toebcdic[256];
 void *ebcdic2ascii(void *dest, const void *srce, size_t count);\r
 void *ascii2ebcdic(void *dest, const void *srce, size_t count);\r
 \r
+#ifdef  __cplusplus\r
+}\r
+#endif\r
 #endif\r

diff --git a/contrib/openssl/include/openssl/ec.h b/contrib/openssl/include/openssl/ec.h
index 83a19ed..99a4273 100644 (file)
--- a/contrib/openssl/include/openssl/ec.h
+++ b/contrib/openssl/include/openssl/ec.h
@@ -629,7 +629,7 @@ int EC_POINT_cmp(const EC_GROUP *group, const EC_POINT *a, const EC_POINT *b, BN
 int EC_POINT_make_affine(const EC_GROUP *group, EC_POINT *point, BN_CTX *ctx);\r
 int EC_POINTs_make_affine(const EC_GROUP *group, size_t num, EC_POINT *points[], BN_CTX *ctx);\r
 \r
-/** Computes r = generator * n sum_{i=0}^num p[i] * m[i]\r
+/** Computes r = generator * n sum_{i=0}^{num-1} p[i] * m[i]\r
  *  \param  group  underlying EC_GROUP object\r
  *  \param  r      EC_POINT object for the result\r
  *  \param  n      BIGNUM with the multiplier for the group generator (optional)\r

diff --git a/contrib/openssl/include/openssl/modes.h b/contrib/openssl/include/openssl/modes.h
index a14479b..a9f475d 100644 (file)
--- a/contrib/openssl/include/openssl/modes.h
+++ b/contrib/openssl/include/openssl/modes.h
@@ -7,6 +7,9 @@
 \r
 #include <stddef.h>\r
 \r
+#ifdef  __cplusplus\r
+extern "C" {\r
+#endif\r
 typedef void (*block128_f)(const unsigned char in[16],\r
                        unsigned char out[16],\r
                        const void *key);\r
@@ -133,3 +136,6 @@ typedef struct xts128_context XTS128_CONTEXT;
 \r
 int CRYPTO_xts128_encrypt(const XTS128_CONTEXT *ctx, const unsigned char iv[16],\r
        const unsigned char *inp, unsigned char *out, size_t len, int enc);\r
+#ifdef  __cplusplus\r
+}\r
+#endif\r

diff --git a/contrib/openssl/include/openssl/opensslconf.h b/contrib/openssl/include/openssl/opensslconf.h
index 17e3b6d..a468f76 100644 (file)
--- a/contrib/openssl/include/openssl/opensslconf.h
+++ b/contrib/openssl/include/openssl/opensslconf.h
@@ -1,6 +1,9 @@
 /* opensslconf.h */\r
 /* WARNING: Generated automatically from opensslconf.h.in by Configure. */\r
 \r
+#ifdef  __cplusplus\r
+extern "C" {\r
+#endif\r
 /* OpenSSL was configured with the following options: */\r
 #ifndef OPENSSL_SYSNAME_WIN32\r
 # define OPENSSL_SYSNAME_WIN32\r
@@ -239,3 +242,6 @@ YOU SHOULD NOT HAVE BOTH DES_RISC1 AND DES_RISC2 DEFINED!!!!!
 \r
 #endif /* DES_DEFAULT_OPTIONS */\r
 #endif /* HEADER_DES_LOCL_H */\r
+#ifdef  __cplusplus\r
+}\r
+#endif\r

diff --git a/contrib/openssl/include/openssl/opensslv.h b/contrib/openssl/include/openssl/opensslv.h
index 0feb127..216e8f4 100644 (file)
--- a/contrib/openssl/include/openssl/opensslv.h
+++ b/contrib/openssl/include/openssl/opensslv.h
@@ -1,6 +1,10 @@
 #ifndef HEADER_OPENSSLV_H\r
 #define HEADER_OPENSSLV_H\r
 \r
+#ifdef  __cplusplus\r
+extern "C" {\r
+#endif\r
+\r
 /* Numeric release version identifier:\r
  * MNNFFPPS: major minor fix patch status\r
  * The status nibble has one of the values 0 for development, 1 to e for betas\r
@@ -25,11 +29,11 @@
  * (Prior to 0.9.5a beta1, a different scheme was used: MMNNFFRBB for\r
  *  major minor fix final patch/beta)\r
  */\r
-#define OPENSSL_VERSION_NUMBER 0x1000109fL\r
+#define OPENSSL_VERSION_NUMBER 0x100010afL\r
 #ifdef OPENSSL_FIPS\r
-#define OPENSSL_VERSION_TEXT   "OpenSSL 1.0.1i-fips 6 Aug 2014"\r
+#define OPENSSL_VERSION_TEXT   "OpenSSL 1.0.1j-fips 15 Oct 2014"\r
 #else\r
-#define OPENSSL_VERSION_TEXT   "OpenSSL 1.0.1i 6 Aug 2014"\r
+#define OPENSSL_VERSION_TEXT   "OpenSSL 1.0.1j 15 Oct 2014"\r
 #endif\r
 #define OPENSSL_VERSION_PTEXT  " part of " OPENSSL_VERSION_TEXT\r
 \r
@@ -86,4 +90,7 @@
 #define SHLIB_VERSION_NUMBER "1.0.0"\r
 \r
 \r
+#ifdef  __cplusplus\r
+}\r
+#endif\r
 #endif /* HEADER_OPENSSLV_H */\r

diff --git a/contrib/openssl/include/openssl/ossl_typ.h b/contrib/openssl/include/openssl/ossl_typ.h
index 54e8069..15da44a 100644 (file)
--- a/contrib/openssl/include/openssl/ossl_typ.h
+++ b/contrib/openssl/include/openssl/ossl_typ.h
@@ -55,6 +55,10 @@
 #ifndef HEADER_OPENSSL_TYPES_H\r
 #define HEADER_OPENSSL_TYPES_H\r
 \r
+#ifdef  __cplusplus\r
+extern "C" {\r
+#endif\r
+\r
 #include <openssl/e_os2.h>\r
 \r
 #ifdef NO_ASN1_TYPEDEFS\r
@@ -199,4 +203,7 @@ typedef struct ocsp_req_ctx_st OCSP_REQ_CTX;
 typedef struct ocsp_response_st OCSP_RESPONSE;\r
 typedef struct ocsp_responder_id_st OCSP_RESPID;\r
 \r
+#ifdef  __cplusplus\r
+}\r
+#endif\r
 #endif /* def HEADER_OPENSSL_TYPES_H */\r

diff --git a/contrib/openssl/include/openssl/pkcs7.h b/contrib/openssl/include/openssl/pkcs7.h
index 7786b22..0fc79e7 100644 (file)
--- a/contrib/openssl/include/openssl/pkcs7.h
+++ b/contrib/openssl/include/openssl/pkcs7.h
@@ -233,10 +233,6 @@ DECLARE_PKCS12_STACK_OF(PKCS7)
                (OBJ_obj2nid((a)->type) == NID_pkcs7_signedAndEnveloped)\r
 #define PKCS7_type_is_data(a)   (OBJ_obj2nid((a)->type) == NID_pkcs7_data)\r
 #define PKCS7_type_is_digest(a)   (OBJ_obj2nid((a)->type) == NID_pkcs7_digest)\r
-#define PKCS7_type_is_encrypted(a) \\r
-               (OBJ_obj2nid((a)->type) == NID_pkcs7_encrypted)\r
-\r
-#define PKCS7_type_is_digest(a)   (OBJ_obj2nid((a)->type) == NID_pkcs7_digest)\r
 \r
 #define PKCS7_set_detached(p,v) \\r
                PKCS7_ctrl(p,PKCS7_OP_SET_DETACHED_SIGNATURE,v,NULL)\r

diff --git a/contrib/openssl/include/openssl/pqueue.h b/contrib/openssl/include/openssl/pqueue.h
index e35d420..d0548af 100644 (file)
--- a/contrib/openssl/include/openssl/pqueue.h
+++ b/contrib/openssl/include/openssl/pqueue.h
@@ -64,6 +64,9 @@
 #include <stdlib.h>\r
 #include <string.h>\r
 \r
+#ifdef  __cplusplus\r
+extern "C" {\r
+#endif\r
 typedef struct _pqueue *pqueue;\r
 \r
 typedef struct _pitem\r
@@ -91,4 +94,7 @@ pitem *pqueue_next(piterator *iter);
 void   pqueue_print(pqueue pq);\r
 int    pqueue_size(pqueue pq);\r
 \r
+#ifdef  __cplusplus\r
+}\r
+#endif\r
 #endif /* ! HEADER_PQUEUE_H */\r

diff --git a/contrib/openssl/include/openssl/rsa.h b/contrib/openssl/include/openssl/rsa.h
index a7c62fd..2bf9e75 100644 (file)
--- a/contrib/openssl/include/openssl/rsa.h
+++ b/contrib/openssl/include/openssl/rsa.h
@@ -559,6 +559,7 @@ void ERR_load_RSA_strings(void);
 #define RSA_R_OPERATION_NOT_ALLOWED_IN_FIPS_MODE        158\r
 #define RSA_R_OPERATION_NOT_SUPPORTED_FOR_THIS_KEYTYPE  148\r
 #define RSA_R_PADDING_CHECK_FAILED                      114\r
+#define RSA_R_PKCS_DECODING_ERROR                       159\r
 #define RSA_R_P_NOT_PRIME                               128\r
 #define RSA_R_Q_NOT_PRIME                               129\r
 #define RSA_R_RSA_OPERATIONS_NOT_SUPPORTED              130\r

diff --git a/contrib/openssl/include/openssl/safestack.h b/contrib/openssl/include/openssl/safestack.h
index c6a7081..a6acafa 100644 (file)
--- a/contrib/openssl/include/openssl/safestack.h
+++ b/contrib/openssl/include/openssl/safestack.h
@@ -57,6 +57,10 @@
 \r
 #include <openssl/stack.h>\r
 \r
+#ifdef __cplusplus\r
+extern "C" {\r
+#endif\r
+\r
 #ifndef CHECKED_PTR_OF\r
 #define CHECKED_PTR_OF(type, p) \\r
     ((void*) (1 ? p : (type*)0))\r
@@ -2660,4 +2664,8 @@ DECLARE_SPECIAL_STACK_OF(OPENSSL_BLOCK, void)
 #define lh_SSL_SESSION_free(lh) LHM_lh_free(SSL_SESSION,lh)\r
 /* End of util/mkstack.pl block, you may now edit :-) */\r
 \r
+\r
+#ifdef  __cplusplus\r
+}\r
+#endif\r
 #endif /* !defined HEADER_SAFESTACK_H */\r

diff --git a/contrib/openssl/include/openssl/srtp.h b/contrib/openssl/include/openssl/srtp.h
index 2030146..e983543 100644 (file)
--- a/contrib/openssl/include/openssl/srtp.h
+++ b/contrib/openssl/include/openssl/srtp.h
@@ -130,6 +130,8 @@ extern "C" {
 #define SRTP_NULL_SHA1_80      0x0005\r
 #define SRTP_NULL_SHA1_32      0x0006\r
 \r
+#ifndef OPENSSL_NO_SRTP\r
+\r
 int SSL_CTX_set_tlsext_use_srtp(SSL_CTX *ctx, const char *profiles);\r
 int SSL_set_tlsext_use_srtp(SSL *ctx, const char *profiles);\r
 SRTP_PROTECTION_PROFILE *SSL_get_selected_srtp_profile(SSL *s);\r
@@ -137,6 +139,8 @@ SRTP_PROTECTION_PROFILE *SSL_get_selected_srtp_profile(SSL *s);
 STACK_OF(SRTP_PROTECTION_PROFILE) *SSL_get_srtp_profiles(SSL *ssl);\r
 SRTP_PROTECTION_PROFILE *SSL_get_selected_srtp_profile(SSL *s);\r
 \r
+#endif\r
+\r
 #ifdef  __cplusplus\r
 }\r
 #endif\r

diff --git a/contrib/openssl/include/openssl/ssl.h b/contrib/openssl/include/openssl/ssl.h
index 29ffd52..e93033d 100644 (file)
--- a/contrib/openssl/include/openssl/ssl.h
+++ b/contrib/openssl/include/openssl/ssl.h
@@ -653,6 +653,10 @@ struct ssl_session_st
  */\r
 #define SSL_MODE_SEND_CLIENTHELLO_TIME 0x00000020L\r
 #define SSL_MODE_SEND_SERVERHELLO_TIME 0x00000040L\r
+/* Send TLS_FALLBACK_SCSV in the ClientHello.\r
+ * To be set by applications that reconnect with a downgraded protocol\r
+ * version; see draft-ietf-tls-downgrade-scsv-00 for details. */\r
+#define SSL_MODE_SEND_FALLBACK_SCSV 0x00000080L\r
 \r
 /* Note: SSL[_CTX]_set_{options,mode} use |= op on the previous value,\r
  * they cannot be used to clear bits. */\r
@@ -1511,6 +1515,7 @@ DECLARE_PEM_rw(SSL_SESSION, SSL_SESSION)
 #define SSL_AD_BAD_CERTIFICATE_STATUS_RESPONSE TLS1_AD_BAD_CERTIFICATE_STATUS_RESPONSE\r
 #define SSL_AD_BAD_CERTIFICATE_HASH_VALUE TLS1_AD_BAD_CERTIFICATE_HASH_VALUE\r
 #define SSL_AD_UNKNOWN_PSK_IDENTITY     TLS1_AD_UNKNOWN_PSK_IDENTITY /* fatal */\r
+#define SSL_AD_INAPPROPRIATE_FALLBACK  TLS1_AD_INAPPROPRIATE_FALLBACK /* fatal */\r
 \r
 #define SSL_ERROR_NONE                 0\r
 #define SSL_ERROR_SSL                  1\r
@@ -1621,6 +1626,8 @@ DECLARE_PEM_rw(SSL_SESSION, SSL_SESSION)
 #define SSL_CTRL_GET_EXTRA_CHAIN_CERTS         82\r
 #define SSL_CTRL_CLEAR_EXTRA_CHAIN_CERTS       83\r
 \r
+#define SSL_CTRL_CHECK_PROTO_VERSION           119\r
+\r
 #define DTLSv1_get_timeout(ssl, arg) \\r
        SSL_ctrl(ssl,DTLS_CTRL_GET_TIMEOUT,0, (void *)arg)\r
 #define DTLSv1_handle_timeout(ssl) \\r
@@ -2379,6 +2386,7 @@ void ERR_load_SSL_strings(void);
 #define SSL_R_HTTPS_PROXY_REQUEST                       155\r
 #define SSL_R_HTTP_REQUEST                              156\r
 #define SSL_R_ILLEGAL_PADDING                           283\r
+#define SSL_R_INAPPROPRIATE_FALLBACK                    373\r
 #define SSL_R_INCONSISTENT_COMPRESSION                  340\r
 #define SSL_R_INVALID_CHALLENGE_LENGTH                  158\r
 #define SSL_R_INVALID_COMMAND                           280\r
@@ -2525,6 +2533,7 @@ void ERR_load_SSL_strings(void);
 #define SSL_R_TLSV1_ALERT_DECRYPTION_FAILED             1021\r
 #define SSL_R_TLSV1_ALERT_DECRYPT_ERROR                         1051\r
 #define SSL_R_TLSV1_ALERT_EXPORT_RESTRICTION            1060\r
+#define SSL_R_TLSV1_ALERT_INAPPROPRIATE_FALLBACK        1086\r
 #define SSL_R_TLSV1_ALERT_INSUFFICIENT_SECURITY                 1071\r
 #define SSL_R_TLSV1_ALERT_INTERNAL_ERROR                1080\r
 #define SSL_R_TLSV1_ALERT_NO_RENEGOTIATION              1100\r

diff --git a/contrib/openssl/include/openssl/ssl3.h b/contrib/openssl/include/openssl/ssl3.h
index de8b460..4c30b50 100644 (file)
--- a/contrib/openssl/include/openssl/ssl3.h
+++ b/contrib/openssl/include/openssl/ssl3.h
@@ -128,9 +128,14 @@
 extern "C" {\r
 #endif\r
 \r
-/* Signalling cipher suite value: from draft-ietf-tls-renegotiation-03.txt */\r
+/* Signalling cipher suite value from RFC 5746\r
+ * (TLS_EMPTY_RENEGOTIATION_INFO_SCSV) */\r
 #define SSL3_CK_SCSV                           0x030000FF\r
 \r
+/* Signalling cipher suite value from draft-ietf-tls-downgrade-scsv-00\r
+ * (TLS_FALLBACK_SCSV) */\r
+#define SSL3_CK_FALLBACK_SCSV                  0x03005600\r
+\r
 #define SSL3_CK_RSA_NULL_MD5                   0x03000001\r
 #define SSL3_CK_RSA_NULL_SHA                   0x03000002\r
 #define SSL3_CK_RSA_RC4_40_MD5                         0x03000003\r

diff --git a/contrib/openssl/include/openssl/tls1.h b/contrib/openssl/include/openssl/tls1.h
index 25d958b..648ca36 100644 (file)
--- a/contrib/openssl/include/openssl/tls1.h
+++ b/contrib/openssl/include/openssl/tls1.h
@@ -159,17 +159,19 @@ extern "C" {
 \r
 #define TLS1_ALLOW_EXPERIMENTAL_CIPHERSUITES   0\r
 \r
+#define TLS1_VERSION                   0x0301\r
+#define TLS1_1_VERSION                 0x0302\r
 #define TLS1_2_VERSION                 0x0303\r
-#define TLS1_2_VERSION_MAJOR           0x03\r
-#define TLS1_2_VERSION_MINOR           0x03\r
+#define TLS_MAX_VERSION                        TLS1_2_VERSION\r
+\r
+#define TLS1_VERSION_MAJOR             0x03\r
+#define TLS1_VERSION_MINOR             0x01\r
 \r
-#define TLS1_1_VERSION                 0x0302\r
 #define TLS1_1_VERSION_MAJOR           0x03\r
 #define TLS1_1_VERSION_MINOR           0x02\r
 \r
-#define TLS1_VERSION                   0x0301\r
-#define TLS1_VERSION_MAJOR             0x03\r
-#define TLS1_VERSION_MINOR             0x01\r
+#define TLS1_2_VERSION_MAJOR           0x03\r
+#define TLS1_2_VERSION_MINOR           0x03\r
 \r
 #define TLS1_get_version(s) \\r
                ((s->version >> 8) == TLS1_VERSION_MAJOR ? s->version : 0)\r
@@ -187,6 +189,7 @@ extern "C" {
 #define TLS1_AD_PROTOCOL_VERSION       70      /* fatal */\r
 #define TLS1_AD_INSUFFICIENT_SECURITY  71      /* fatal */\r
 #define TLS1_AD_INTERNAL_ERROR         80      /* fatal */\r
+#define TLS1_AD_INAPPROPRIATE_FALLBACK 86      /* fatal */\r
 #define TLS1_AD_USER_CANCELLED         90\r
 #define TLS1_AD_NO_RENEGOTIATION       100\r
 /* codes 110-114 are from RFC3546 */\r

diff --git a/contrib/openssl/news.txt b/contrib/openssl/news.txt
index 8b2be4b..512a667 100644 (file)
--- a/contrib/openssl/news.txt
+++ b/contrib/openssl/news.txt
@@ -5,6 +5,13 @@
   This file gives a brief overview of the major changes between each OpenSSL
   release. For more details please read the CHANGES file.
 
+  Major changes between OpenSSL 1.0.1i and OpenSSL 1.0.1j [15 Oct 2014]
+
+      o Fix for CVE-2014-3513
+      o Fix for CVE-2014-3567
+      o Mitigation for CVE-2014-3566 (SSL protocol vulnerability)
+      o Fix for CVE-2014-3568
+
   Major changes between OpenSSL 1.0.1h and OpenSSL 1.0.1i [6 Aug 2014]
 
       o Fix for CVE-2014-3512

diff --git a/contrib/openssl/readme.txt b/contrib/openssl/readme.txt
index b2cf1ce..cb90c9f 100644 (file)
--- a/contrib/openssl/readme.txt
+++ b/contrib/openssl/readme.txt
@@ -1,5 +1,5 @@
 
- OpenSSL 1.0.1i 6 Aug 2014
+ OpenSSL 1.0.1j 15 Oct 2014
 
  Copyright (c) 1998-2011 The OpenSSL Project
  Copyright (c) 1995-1998 Eric A. Young, Tim J. Hudson

diff --git a/dist/amd64/libeay32.dll b/dist/amd64/libeay32.dll
index e40a974..b5944e1 100644 (file)
Binary files a/dist/amd64/libeay32.dll and b/dist/amd64/libeay32.dll differ

diff --git a/dist/amd64/ssleay32.dll b/dist/amd64/ssleay32.dll
index 4bc2d6c..989b693 100644 (file)
Binary files a/dist/amd64/ssleay32.dll and b/dist/amd64/ssleay32.dll differ

diff --git a/dist/libeay32.dll b/dist/libeay32.dll
index e9543bc..ab95481 100644 (file)
Binary files a/dist/libeay32.dll and b/dist/libeay32.dll differ

diff --git a/dist/ssleay32.dll b/dist/ssleay32.dll
index fde54ab..60912c3 100644 (file)
Binary files a/dist/ssleay32.dll and b/dist/ssleay32.dll differ

diff --git a/socketwrapper.c b/socketwrapper.c
index f752045..71da863 100644 (file)
--- a/socketwrapper.c
+++ b/socketwrapper.c
@@ -153,15 +153,15 @@ BOOL LoadOpenSSL()
 #ifdef ENABLE_PROCESS_PROTECTION\r
        // 同梱するOpenSSLのバージョンに合わせてSHA1ハッシュ値を変更すること\r
 #if defined(_M_IX86)\r
-       // ssleay32.dll 1.0.1i\r
-       RegisterTrustedModuleSHA1Hash("\xA0\x76\x7F\x44\x19\x91\x72\xFB\xF5\x0E\x03\xC7\x79\xE9\x4B\x4D\x72\x95\xED\x5C");\r
-       // libeay32.dll 1.0.1i\r
-       RegisterTrustedModuleSHA1Hash("\x79\xDC\x7A\x43\x8D\x4B\x57\x60\xE6\xBE\x18\x98\xD4\x9A\x36\x99\x74\x6C\x16\x06");\r
+       // ssleay32.dll 1.0.1j\r
+       RegisterTrustedModuleSHA1Hash("\x57\x83\x70\x2D\x44\x8F\x1F\xB3\x83\xC2\xC1\x93\xB5\x92\xC8\x14\xFE\x2B\x31\x59");\r
+       // libeay32.dll 1.0.1j\r
+       RegisterTrustedModuleSHA1Hash("\x66\x15\x03\xCA\xFB\x5C\x08\x96\x4B\x80\x9A\x55\x14\xDB\x1F\x12\x4A\x9C\x53\x52");\r
 #elif defined(_M_AMD64)\r
-       // ssleay32.dll 1.0.1i\r
-       RegisterTrustedModuleSHA1Hash("\x1E\x93\xF0\x23\xBB\x19\x62\x0C\x8A\x82\x1C\xE6\x4B\x68\x62\xE9\xB0\x7D\x37\x5C");\r
-       // libeay32.dll 1.0.1i\r
-       RegisterTrustedModuleSHA1Hash("\xF1\x77\xF4\x51\x23\xDF\x0F\x71\x33\xC5\x8C\xCF\xCF\x64\x09\xEF\xF9\x23\x1B\x30");\r
+       // ssleay32.dll 1.0.1j\r
+       RegisterTrustedModuleSHA1Hash("\x4C\xBD\xC5\x05\xB5\xB2\x48\xA8\xC2\x0B\xE4\xB3\x17\x02\x9C\x32\xE2\x84\x87\xA9");\r
+       // libeay32.dll 1.0.1j\r
+       RegisterTrustedModuleSHA1Hash("\xF7\x31\xBF\xF6\x2C\x51\xBA\x00\x38\x7E\x76\x2F\x8B\xB3\xF9\x52\x5D\xED\xA4\xE6");\r
 #endif\r
 #endif\r
        g_hOpenSSL = LoadLibrary("ssleay32.dll");\r