OpenSSL CHANGES
_______________
+ Changes between 1.0.1i and 1.0.1j [15 Oct 2014]
+
+ *) SRTP Memory Leak.
+
+ A flaw in the DTLS SRTP extension parsing code allows an attacker, who
+ sends a carefully crafted handshake message, to cause OpenSSL to fail
+ to free up to 64k of memory causing a memory leak. This could be
+ exploited in a Denial Of Service attack. This issue affects OpenSSL
+ 1.0.1 server implementations for both SSL/TLS and DTLS regardless of
+ whether SRTP is used or configured. Implementations of OpenSSL that
+ have been compiled with OPENSSL_NO_SRTP defined are not affected.
+
+ The fix was developed by the OpenSSL team.
+ (CVE-2014-3513)
+ [OpenSSL team]
+
+ *) Session Ticket Memory Leak.
+
+ When an OpenSSL SSL/TLS/DTLS server receives a session ticket the
+ integrity of that ticket is first verified. In the event of a session
+ ticket integrity check failing, OpenSSL will fail to free memory
+ causing a memory leak. By sending a large number of invalid session
+ tickets an attacker could exploit this issue in a Denial Of Service
+ attack.
+ (CVE-2014-3567)
+ [Steve Henson]
+
+ *) Build option no-ssl3 is incomplete.
+
+ When OpenSSL is configured with "no-ssl3" as a build option, servers
+ could accept and complete a SSL 3.0 handshake, and clients could be
+ configured to send them.
+ (CVE-2014-3568)
+ [Akamai and the OpenSSL team]
+
+ *) Add support for TLS_FALLBACK_SCSV.
+ Client applications doing fallback retries should call
+ SSL_set_mode(s, SSL_MODE_SEND_FALLBACK_SCSV).
+ (CVE-2014-3566)
+ [Adam Langley, Bodo Moeller]
+
+ *) Add additional DigestInfo checks.
+
+ Reencode DigestInto in DER and check against the original when
+ verifying RSA signature: this will reject any improperly encoded
+ DigestInfo structures.
+
+ Note: this is a precautionary measure and no attacks are currently known.
+
+ [Steve Henson]
+
Changes between 1.0.1h and 1.0.1i [6 Aug 2014]
*) Fix SRP buffer overrun vulnerability. Invalid parameters passed to the
#endif\r
\r
#define DTLS1_VERSION 0xFEFF\r
+#define DTLS_MAX_VERSION DTLS1_VERSION\r
+\r
#define DTLS1_BAD_VER 0x0100\r
\r
#if 0\r
}\r
#endif\r
#endif\r
-\r
\r
#include <sys/types.h>\r
\r
+#ifdef __cplusplus\r
+extern "C" {\r
+#endif\r
+\r
/* Avoid name clashes with other applications */\r
#define os_toascii _openssl_os_toascii\r
#define os_toebcdic _openssl_os_toebcdic\r
void *ebcdic2ascii(void *dest, const void *srce, size_t count);\r
void *ascii2ebcdic(void *dest, const void *srce, size_t count);\r
\r
+#ifdef __cplusplus\r
+}\r
+#endif\r
#endif\r
int EC_POINT_make_affine(const EC_GROUP *group, EC_POINT *point, BN_CTX *ctx);\r
int EC_POINTs_make_affine(const EC_GROUP *group, size_t num, EC_POINT *points[], BN_CTX *ctx);\r
\r
-/** Computes r = generator * n sum_{i=0}^num p[i] * m[i]\r
+/** Computes r = generator * n sum_{i=0}^{num-1} p[i] * m[i]\r
* \param group underlying EC_GROUP object\r
* \param r EC_POINT object for the result\r
* \param n BIGNUM with the multiplier for the group generator (optional)\r
\r
#include <stddef.h>\r
\r
+#ifdef __cplusplus\r
+extern "C" {\r
+#endif\r
typedef void (*block128_f)(const unsigned char in[16],\r
unsigned char out[16],\r
const void *key);\r
\r
int CRYPTO_xts128_encrypt(const XTS128_CONTEXT *ctx, const unsigned char iv[16],\r
const unsigned char *inp, unsigned char *out, size_t len, int enc);\r
+#ifdef __cplusplus\r
+}\r
+#endif\r
/* opensslconf.h */\r
/* WARNING: Generated automatically from opensslconf.h.in by Configure. */\r
\r
+#ifdef __cplusplus\r
+extern "C" {\r
+#endif\r
/* OpenSSL was configured with the following options: */\r
#ifndef OPENSSL_SYSNAME_WIN32\r
# define OPENSSL_SYSNAME_WIN32\r
\r
#endif /* DES_DEFAULT_OPTIONS */\r
#endif /* HEADER_DES_LOCL_H */\r
+#ifdef __cplusplus\r
+}\r
+#endif\r
#ifndef HEADER_OPENSSLV_H\r
#define HEADER_OPENSSLV_H\r
\r
+#ifdef __cplusplus\r
+extern "C" {\r
+#endif\r
+\r
/* Numeric release version identifier:\r
* MNNFFPPS: major minor fix patch status\r
* The status nibble has one of the values 0 for development, 1 to e for betas\r
* (Prior to 0.9.5a beta1, a different scheme was used: MMNNFFRBB for\r
* major minor fix final patch/beta)\r
*/\r
-#define OPENSSL_VERSION_NUMBER 0x1000109fL\r
+#define OPENSSL_VERSION_NUMBER 0x100010afL\r
#ifdef OPENSSL_FIPS\r
-#define OPENSSL_VERSION_TEXT "OpenSSL 1.0.1i-fips 6 Aug 2014"\r
+#define OPENSSL_VERSION_TEXT "OpenSSL 1.0.1j-fips 15 Oct 2014"\r
#else\r
-#define OPENSSL_VERSION_TEXT "OpenSSL 1.0.1i 6 Aug 2014"\r
+#define OPENSSL_VERSION_TEXT "OpenSSL 1.0.1j 15 Oct 2014"\r
#endif\r
#define OPENSSL_VERSION_PTEXT " part of " OPENSSL_VERSION_TEXT\r
\r
#define SHLIB_VERSION_NUMBER "1.0.0"\r
\r
\r
+#ifdef __cplusplus\r
+}\r
+#endif\r
#endif /* HEADER_OPENSSLV_H */\r
#ifndef HEADER_OPENSSL_TYPES_H\r
#define HEADER_OPENSSL_TYPES_H\r
\r
+#ifdef __cplusplus\r
+extern "C" {\r
+#endif\r
+\r
#include <openssl/e_os2.h>\r
\r
#ifdef NO_ASN1_TYPEDEFS\r
typedef struct ocsp_response_st OCSP_RESPONSE;\r
typedef struct ocsp_responder_id_st OCSP_RESPID;\r
\r
+#ifdef __cplusplus\r
+}\r
+#endif\r
#endif /* def HEADER_OPENSSL_TYPES_H */\r
(OBJ_obj2nid((a)->type) == NID_pkcs7_signedAndEnveloped)\r
#define PKCS7_type_is_data(a) (OBJ_obj2nid((a)->type) == NID_pkcs7_data)\r
#define PKCS7_type_is_digest(a) (OBJ_obj2nid((a)->type) == NID_pkcs7_digest)\r
-#define PKCS7_type_is_encrypted(a) \\r
- (OBJ_obj2nid((a)->type) == NID_pkcs7_encrypted)\r
-\r
-#define PKCS7_type_is_digest(a) (OBJ_obj2nid((a)->type) == NID_pkcs7_digest)\r
\r
#define PKCS7_set_detached(p,v) \\r
PKCS7_ctrl(p,PKCS7_OP_SET_DETACHED_SIGNATURE,v,NULL)\r
#include <stdlib.h>\r
#include <string.h>\r
\r
+#ifdef __cplusplus\r
+extern "C" {\r
+#endif\r
typedef struct _pqueue *pqueue;\r
\r
typedef struct _pitem\r
void pqueue_print(pqueue pq);\r
int pqueue_size(pqueue pq);\r
\r
+#ifdef __cplusplus\r
+}\r
+#endif\r
#endif /* ! HEADER_PQUEUE_H */\r
#define RSA_R_OPERATION_NOT_ALLOWED_IN_FIPS_MODE 158\r
#define RSA_R_OPERATION_NOT_SUPPORTED_FOR_THIS_KEYTYPE 148\r
#define RSA_R_PADDING_CHECK_FAILED 114\r
+#define RSA_R_PKCS_DECODING_ERROR 159\r
#define RSA_R_P_NOT_PRIME 128\r
#define RSA_R_Q_NOT_PRIME 129\r
#define RSA_R_RSA_OPERATIONS_NOT_SUPPORTED 130\r
\r
#include <openssl/stack.h>\r
\r
+#ifdef __cplusplus\r
+extern "C" {\r
+#endif\r
+\r
#ifndef CHECKED_PTR_OF\r
#define CHECKED_PTR_OF(type, p) \\r
((void*) (1 ? p : (type*)0))\r
#define lh_SSL_SESSION_free(lh) LHM_lh_free(SSL_SESSION,lh)\r
/* End of util/mkstack.pl block, you may now edit :-) */\r
\r
+\r
+#ifdef __cplusplus\r
+}\r
+#endif\r
#endif /* !defined HEADER_SAFESTACK_H */\r
#define SRTP_NULL_SHA1_80 0x0005\r
#define SRTP_NULL_SHA1_32 0x0006\r
\r
+#ifndef OPENSSL_NO_SRTP\r
+\r
int SSL_CTX_set_tlsext_use_srtp(SSL_CTX *ctx, const char *profiles);\r
int SSL_set_tlsext_use_srtp(SSL *ctx, const char *profiles);\r
SRTP_PROTECTION_PROFILE *SSL_get_selected_srtp_profile(SSL *s);\r
STACK_OF(SRTP_PROTECTION_PROFILE) *SSL_get_srtp_profiles(SSL *ssl);\r
SRTP_PROTECTION_PROFILE *SSL_get_selected_srtp_profile(SSL *s);\r
\r
+#endif\r
+\r
#ifdef __cplusplus\r
}\r
#endif\r
*/\r
#define SSL_MODE_SEND_CLIENTHELLO_TIME 0x00000020L\r
#define SSL_MODE_SEND_SERVERHELLO_TIME 0x00000040L\r
+/* Send TLS_FALLBACK_SCSV in the ClientHello.\r
+ * To be set by applications that reconnect with a downgraded protocol\r
+ * version; see draft-ietf-tls-downgrade-scsv-00 for details. */\r
+#define SSL_MODE_SEND_FALLBACK_SCSV 0x00000080L\r
\r
/* Note: SSL[_CTX]_set_{options,mode} use |= op on the previous value,\r
* they cannot be used to clear bits. */\r
#define SSL_AD_BAD_CERTIFICATE_STATUS_RESPONSE TLS1_AD_BAD_CERTIFICATE_STATUS_RESPONSE\r
#define SSL_AD_BAD_CERTIFICATE_HASH_VALUE TLS1_AD_BAD_CERTIFICATE_HASH_VALUE\r
#define SSL_AD_UNKNOWN_PSK_IDENTITY TLS1_AD_UNKNOWN_PSK_IDENTITY /* fatal */\r
+#define SSL_AD_INAPPROPRIATE_FALLBACK TLS1_AD_INAPPROPRIATE_FALLBACK /* fatal */\r
\r
#define SSL_ERROR_NONE 0\r
#define SSL_ERROR_SSL 1\r
#define SSL_CTRL_GET_EXTRA_CHAIN_CERTS 82\r
#define SSL_CTRL_CLEAR_EXTRA_CHAIN_CERTS 83\r
\r
+#define SSL_CTRL_CHECK_PROTO_VERSION 119\r
+\r
#define DTLSv1_get_timeout(ssl, arg) \\r
SSL_ctrl(ssl,DTLS_CTRL_GET_TIMEOUT,0, (void *)arg)\r
#define DTLSv1_handle_timeout(ssl) \\r
#define SSL_R_HTTPS_PROXY_REQUEST 155\r
#define SSL_R_HTTP_REQUEST 156\r
#define SSL_R_ILLEGAL_PADDING 283\r
+#define SSL_R_INAPPROPRIATE_FALLBACK 373\r
#define SSL_R_INCONSISTENT_COMPRESSION 340\r
#define SSL_R_INVALID_CHALLENGE_LENGTH 158\r
#define SSL_R_INVALID_COMMAND 280\r
#define SSL_R_TLSV1_ALERT_DECRYPTION_FAILED 1021\r
#define SSL_R_TLSV1_ALERT_DECRYPT_ERROR 1051\r
#define SSL_R_TLSV1_ALERT_EXPORT_RESTRICTION 1060\r
+#define SSL_R_TLSV1_ALERT_INAPPROPRIATE_FALLBACK 1086\r
#define SSL_R_TLSV1_ALERT_INSUFFICIENT_SECURITY 1071\r
#define SSL_R_TLSV1_ALERT_INTERNAL_ERROR 1080\r
#define SSL_R_TLSV1_ALERT_NO_RENEGOTIATION 1100\r
extern "C" {\r
#endif\r
\r
-/* Signalling cipher suite value: from draft-ietf-tls-renegotiation-03.txt */\r
+/* Signalling cipher suite value from RFC 5746\r
+ * (TLS_EMPTY_RENEGOTIATION_INFO_SCSV) */\r
#define SSL3_CK_SCSV 0x030000FF\r
\r
+/* Signalling cipher suite value from draft-ietf-tls-downgrade-scsv-00\r
+ * (TLS_FALLBACK_SCSV) */\r
+#define SSL3_CK_FALLBACK_SCSV 0x03005600\r
+\r
#define SSL3_CK_RSA_NULL_MD5 0x03000001\r
#define SSL3_CK_RSA_NULL_SHA 0x03000002\r
#define SSL3_CK_RSA_RC4_40_MD5 0x03000003\r
\r
#define TLS1_ALLOW_EXPERIMENTAL_CIPHERSUITES 0\r
\r
+#define TLS1_VERSION 0x0301\r
+#define TLS1_1_VERSION 0x0302\r
#define TLS1_2_VERSION 0x0303\r
-#define TLS1_2_VERSION_MAJOR 0x03\r
-#define TLS1_2_VERSION_MINOR 0x03\r
+#define TLS_MAX_VERSION TLS1_2_VERSION\r
+\r
+#define TLS1_VERSION_MAJOR 0x03\r
+#define TLS1_VERSION_MINOR 0x01\r
\r
-#define TLS1_1_VERSION 0x0302\r
#define TLS1_1_VERSION_MAJOR 0x03\r
#define TLS1_1_VERSION_MINOR 0x02\r
\r
-#define TLS1_VERSION 0x0301\r
-#define TLS1_VERSION_MAJOR 0x03\r
-#define TLS1_VERSION_MINOR 0x01\r
+#define TLS1_2_VERSION_MAJOR 0x03\r
+#define TLS1_2_VERSION_MINOR 0x03\r
\r
#define TLS1_get_version(s) \\r
((s->version >> 8) == TLS1_VERSION_MAJOR ? s->version : 0)\r
#define TLS1_AD_PROTOCOL_VERSION 70 /* fatal */\r
#define TLS1_AD_INSUFFICIENT_SECURITY 71 /* fatal */\r
#define TLS1_AD_INTERNAL_ERROR 80 /* fatal */\r
+#define TLS1_AD_INAPPROPRIATE_FALLBACK 86 /* fatal */\r
#define TLS1_AD_USER_CANCELLED 90\r
#define TLS1_AD_NO_RENEGOTIATION 100\r
/* codes 110-114 are from RFC3546 */\r
This file gives a brief overview of the major changes between each OpenSSL
release. For more details please read the CHANGES file.
+ Major changes between OpenSSL 1.0.1i and OpenSSL 1.0.1j [15 Oct 2014]
+
+ o Fix for CVE-2014-3513
+ o Fix for CVE-2014-3567
+ o Mitigation for CVE-2014-3566 (SSL protocol vulnerability)
+ o Fix for CVE-2014-3568
+
Major changes between OpenSSL 1.0.1h and OpenSSL 1.0.1i [6 Aug 2014]
o Fix for CVE-2014-3512
- OpenSSL 1.0.1i 6 Aug 2014
+ OpenSSL 1.0.1j 15 Oct 2014
Copyright (c) 1998-2011 The OpenSSL Project
Copyright (c) 1995-1998 Eric A. Young, Tim J. Hudson
#ifdef ENABLE_PROCESS_PROTECTION\r
// 同梱するOpenSSLのバージョンに合わせてSHA1ハッシュ値を変更すること\r
#if defined(_M_IX86)\r
- // ssleay32.dll 1.0.1i\r
- RegisterTrustedModuleSHA1Hash("\xA0\x76\x7F\x44\x19\x91\x72\xFB\xF5\x0E\x03\xC7\x79\xE9\x4B\x4D\x72\x95\xED\x5C");\r
- // libeay32.dll 1.0.1i\r
- RegisterTrustedModuleSHA1Hash("\x79\xDC\x7A\x43\x8D\x4B\x57\x60\xE6\xBE\x18\x98\xD4\x9A\x36\x99\x74\x6C\x16\x06");\r
+ // ssleay32.dll 1.0.1j\r
+ RegisterTrustedModuleSHA1Hash("\x57\x83\x70\x2D\x44\x8F\x1F\xB3\x83\xC2\xC1\x93\xB5\x92\xC8\x14\xFE\x2B\x31\x59");\r
+ // libeay32.dll 1.0.1j\r
+ RegisterTrustedModuleSHA1Hash("\x66\x15\x03\xCA\xFB\x5C\x08\x96\x4B\x80\x9A\x55\x14\xDB\x1F\x12\x4A\x9C\x53\x52");\r
#elif defined(_M_AMD64)\r
- // ssleay32.dll 1.0.1i\r
- RegisterTrustedModuleSHA1Hash("\x1E\x93\xF0\x23\xBB\x19\x62\x0C\x8A\x82\x1C\xE6\x4B\x68\x62\xE9\xB0\x7D\x37\x5C");\r
- // libeay32.dll 1.0.1i\r
- RegisterTrustedModuleSHA1Hash("\xF1\x77\xF4\x51\x23\xDF\x0F\x71\x33\xC5\x8C\xCF\xCF\x64\x09\xEF\xF9\x23\x1B\x30");\r
+ // ssleay32.dll 1.0.1j\r
+ RegisterTrustedModuleSHA1Hash("\x4C\xBD\xC5\x05\xB5\xB2\x48\xA8\xC2\x0B\xE4\xB3\x17\x02\x9C\x32\xE2\x84\x87\xA9");\r
+ // libeay32.dll 1.0.1j\r
+ RegisterTrustedModuleSHA1Hash("\xF7\x31\xBF\xF6\x2C\x51\xBA\x00\x38\x7E\x76\x2F\x8B\xB3\xF9\x52\x5D\xED\xA4\xE6");\r
#endif\r
#endif\r
g_hOpenSSL = LoadLibrary("ssleay32.dll");\r