OpenSSL CHANGES
_______________
+ Changes between 1.0.1h and 1.0.1i [6 Aug 2014]
+
+ *) Fix SRP buffer overrun vulnerability. Invalid parameters passed to the
+ SRP code can be overrun an internal buffer. Add sanity check that
+ g, A, B < N to SRP code.
+
+ Thanks to Sean Devlin and Watson Ladd of Cryptography Services, NCC
+ Group for discovering this issue.
+ (CVE-2014-3512)
+ [Steve Henson]
+
+ *) A flaw in the OpenSSL SSL/TLS server code causes the server to negotiate
+ TLS 1.0 instead of higher protocol versions when the ClientHello message
+ is badly fragmented. This allows a man-in-the-middle attacker to force a
+ downgrade to TLS 1.0 even if both the server and the client support a
+ higher protocol version, by modifying the client's TLS records.
+
+ Thanks to David Benjamin and Adam Langley (Google) for discovering and
+ researching this issue.
+ (CVE-2014-3511)
+ [David Benjamin]
+
+ *) OpenSSL DTLS clients enabling anonymous (EC)DH ciphersuites are subject
+ to a denial of service attack. A malicious server can crash the client
+ with a null pointer dereference (read) by specifying an anonymous (EC)DH
+ ciphersuite and sending carefully crafted handshake messages.
+
+ Thanks to Felix Gröbert (Google) for discovering and researching this
+ issue.
+ (CVE-2014-3510)
+ [Emilia Käsper]
+
+ *) By sending carefully crafted DTLS packets an attacker could cause openssl
+ to leak memory. This can be exploited through a Denial of Service attack.
+ Thanks to Adam Langley for discovering and researching this issue.
+ (CVE-2014-3507)
+ [Adam Langley]
+
+ *) An attacker can force openssl to consume large amounts of memory whilst
+ processing DTLS handshake messages. This can be exploited through a
+ Denial of Service attack.
+ Thanks to Adam Langley for discovering and researching this issue.
+ (CVE-2014-3506)
+ [Adam Langley]
+
+ *) An attacker can force an error condition which causes openssl to crash
+ whilst processing DTLS packets due to memory being freed twice. This
+ can be exploited through a Denial of Service attack.
+ Thanks to Adam Langley and Wan-Teh Chang for discovering and researching
+ this issue.
+ (CVE-2014-3505)
+ [Adam Langley]
+
+ *) If a multithreaded client connects to a malicious server using a resumed
+ session and the server sends an ec point format extension it could write
+ up to 255 bytes to freed memory.
+
+ Thanks to Gabor Tyukasz (LogMeIn Inc) for discovering and researching this
+ issue.
+ (CVE-2014-3509)
+ [Gabor Tyukasz]
+
+ *) A malicious server can crash an OpenSSL client with a null pointer
+ dereference (read) by specifying an SRP ciphersuite even though it was not
+ properly negotiated with the client. This can be exploited through a
+ Denial of Service attack.
+
+ Thanks to Joonas Kuorilehto and Riku Hietamäki (Codenomicon) for
+ discovering and researching this issue.
+ (CVE-2014-5139)
+ [Steve Henson]
+
+ *) A flaw in OBJ_obj2txt may cause pretty printing functions such as
+ X509_name_oneline, X509_name_print_ex et al. to leak some information
+ from the stack. Applications may be affected if they echo pretty printing
+ output to the attacker.
+
+ Thanks to Ivan Fratric (Google) for discovering this issue.
+ (CVE-2014-3508)
+ [Emilia Käsper, and Steve Henson]
+
+ *) Fix ec_GFp_simple_points_make_affine (thus, EC_POINTs_mul etc.)
+ for corner cases. (Certain input points at infinity could lead to
+ bogus results, with non-infinity inputs mapped to infinity too.)
+ [Bodo Moeller]
+
Changes between 1.0.1g and 1.0.1h [5 Jun 2014]
*) Fix for SSL/TLS MITM flaw. An attacker using a carefully crafted
documentation is included in each OpenSSL distribution under the docs
directory.
-For information on parts of libcrypto that are not yet documented, you
-might want to read Ariel Glenn's documentation on SSLeay 0.9, OpenSSL's
-predecessor, at <URL: http://www.columbia.edu/~ariel/ssleay/>. Much
-of this still applies to OpenSSL.
-
There is some documentation about certificate extensions and PKCS#12
in doc/openssl.txt
#ifndef OPENSSL_NO_STORE\r
# define OPENSSL_NO_STORE\r
#endif\r
+#ifndef OPENSSL_NO_UNIT_TEST\r
+# define OPENSSL_NO_UNIT_TEST\r
+#endif\r
\r
#endif /* OPENSSL_DOING_MAKEDEPEND */\r
\r
# if defined(OPENSSL_NO_STORE) && !defined(NO_STORE)\r
# define NO_STORE\r
# endif\r
+# if defined(OPENSSL_NO_UNIT_TEST) && !defined(NO_UNIT_TEST)\r
+# define NO_UNIT_TEST\r
+# endif\r
#endif\r
\r
#define OPENSSL_CPUID_OBJ\r
* (Prior to 0.9.5a beta1, a different scheme was used: MMNNFFRBB for\r
* major minor fix final patch/beta)\r
*/\r
-#define OPENSSL_VERSION_NUMBER 0x1000108fL\r
+#define OPENSSL_VERSION_NUMBER 0x1000109fL\r
#ifdef OPENSSL_FIPS\r
-#define OPENSSL_VERSION_TEXT "OpenSSL 1.0.1h-fips 5 Jun 2014"\r
+#define OPENSSL_VERSION_TEXT "OpenSSL 1.0.1i-fips 6 Aug 2014"\r
#else\r
-#define OPENSSL_VERSION_TEXT "OpenSSL 1.0.1h 5 Jun 2014"\r
+#define OPENSSL_VERSION_TEXT "OpenSSL 1.0.1i 6 Aug 2014"\r
#endif\r
#define OPENSSL_VERSION_PTEXT " part of " OPENSSL_VERSION_TEXT\r
\r
#define SSL_TXT_aGOST94 "aGOST94"\r
#define SSL_TXT_aGOST01 "aGOST01"\r
#define SSL_TXT_aGOST "aGOST"\r
+#define SSL_TXT_aSRP "aSRP"\r
\r
#define SSL_TXT_DSS "DSS"\r
#define SSL_TXT_DH "DH"\r
void SSL_set_debug(SSL *s, int debug);\r
int SSL_cache_hit(SSL *s);\r
\r
+#ifndef OPENSSL_NO_UNIT_TEST\r
+const struct openssl_ssl_test_functions *SSL_test_functions(void);\r
+#endif\r
+\r
/* BEGIN ERROR CODES */\r
/* The following lines are auto generated by the script mkerr.pl. Any changes\r
* made after this point may be overwritten when the script is next run.\r
#define SSL_R_BAD_SRP_B_LENGTH 348\r
#define SSL_R_BAD_SRP_G_LENGTH 349\r
#define SSL_R_BAD_SRP_N_LENGTH 350\r
+#define SSL_R_BAD_SRP_PARAMETERS 371\r
#define SSL_R_BAD_SRP_S_LENGTH 351\r
#define SSL_R_BAD_SRTP_MKI_VALUE 352\r
#define SSL_R_BAD_SRTP_PROTECTION_PROFILE_LIST 353\r
This file gives a brief overview of the major changes between each OpenSSL
release. For more details please read the CHANGES file.
+ Major changes between OpenSSL 1.0.1h and OpenSSL 1.0.1i [6 Aug 2014]
+
+ o Fix for CVE-2014-3512
+ o Fix for CVE-2014-3511
+ o Fix for CVE-2014-3510
+ o Fix for CVE-2014-3507
+ o Fix for CVE-2014-3506
+ o Fix for CVE-2014-3505
+ o Fix for CVE-2014-3509
+ o Fix for CVE-2014-5139
+ o Fix for CVE-2014-3508
+
Major changes between OpenSSL 1.0.1g and OpenSSL 1.0.1h [5 Jun 2014]
o Fix for CVE-2014-0224
o Fix for CVE-2014-0221
+ o Fix for CVE-2014-0198
o Fix for CVE-2014-0195
o Fix for CVE-2014-3470
o Fix for CVE-2010-5298
- OpenSSL 1.0.1h 5 Jun 2014
+ OpenSSL 1.0.1i 6 Aug 2014
Copyright (c) 1998-2011 The OpenSSL Project
Copyright (c) 1995-1998 Eric A. Young, Tim J. Hudson
#ifdef ENABLE_PROCESS_PROTECTION\r
// 同梱するOpenSSLのバージョンに合わせてSHA1ハッシュ値を変更すること\r
#if defined(_M_IX86)\r
- // ssleay32.dll 1.0.1h\r
- RegisterTrustedModuleSHA1Hash("\x1B\x27\x4E\x29\x14\x78\x72\x0D\x33\x73\xD5\x98\xCF\xEA\x32\x07\x2B\x35\x69\x66");\r
- // libeay32.dll 1.0.1h\r
- RegisterTrustedModuleSHA1Hash("\x1D\x2E\x70\x49\x84\x2C\xE9\x1F\x64\xE8\x84\xD4\x62\x5B\xF4\x34\x9A\x0F\x82\xFC");\r
+ // ssleay32.dll 1.0.1i\r
+ RegisterTrustedModuleSHA1Hash("\xA0\x76\x7F\x44\x19\x91\x72\xFB\xF5\x0E\x03\xC7\x79\xE9\x4B\x4D\x72\x95\xED\x5C");\r
+ // libeay32.dll 1.0.1i\r
+ RegisterTrustedModuleSHA1Hash("\x79\xDC\x7A\x43\x8D\x4B\x57\x60\xE6\xBE\x18\x98\xD4\x9A\x36\x99\x74\x6C\x16\x06");\r
#elif defined(_M_AMD64)\r
- // ssleay32.dll 1.0.1h\r
- RegisterTrustedModuleSHA1Hash("\xB7\x5C\x31\xF3\x28\x73\xA0\x3C\x33\xDD\xBC\xB5\x8F\xD1\x38\xB6\xCE\x67\x4C\x40");\r
- // libeay32.dll 1.0.1h\r
- RegisterTrustedModuleSHA1Hash("\x5E\xBF\x56\x8C\xED\x06\xE8\x90\xE3\xC0\x3B\x6C\x51\x66\x4F\xC9\x9F\x1F\xF5\x89");\r
+ // ssleay32.dll 1.0.1i\r
+ RegisterTrustedModuleSHA1Hash("\x1E\x93\xF0\x23\xBB\x19\x62\x0C\x8A\x82\x1C\xE6\x4B\x68\x62\xE9\xB0\x7D\x37\x5C");\r
+ // libeay32.dll 1.0.1i\r
+ RegisterTrustedModuleSHA1Hash("\xF1\x77\xF4\x51\x23\xDF\x0F\x71\x33\xC5\x8C\xCF\xCF\x64\x09\xEF\xF9\x23\x1B\x30");\r
#endif\r
#endif\r
g_hOpenSSL = LoadLibrary("ssleay32.dll");\r