Update OpenSSL to 1.0.2c.

diff --git a/FFFTP_Eng_Release/FFFTP.exe b/FFFTP_Eng_Release/FFFTP.exe
index c2fb9b9..302cfc3 100644 (file)
Binary files a/FFFTP_Eng_Release/FFFTP.exe and b/FFFTP_Eng_Release/FFFTP.exe differ

diff --git a/FFFTP_Eng_Release_64/FFFTP.exe b/FFFTP_Eng_Release_64/FFFTP.exe
index 1cc65a3..c4903ec 100644 (file)
Binary files a/FFFTP_Eng_Release_64/FFFTP.exe and b/FFFTP_Eng_Release_64/FFFTP.exe differ

diff --git a/Release/FFFTP.exe b/Release/FFFTP.exe
index 2d30de7..0b5d3ad 100644 (file)
Binary files a/Release/FFFTP.exe and b/Release/FFFTP.exe differ

diff --git a/Release_64/FFFTP.exe b/Release_64/FFFTP.exe
index d01b97c..6dff3f9 100644 (file)
Binary files a/Release_64/FFFTP.exe and b/Release_64/FFFTP.exe differ

diff --git a/common.h b/common.h
index 1567d1d..3dc91c5 100644 (file)
--- a/common.h
+++ b/common.h
@@ -81,7 +81,7 @@
 // ソフトウェア自動更新\r
 // リリースバージョンはリリース予定年（10進数4桁）+月（2桁）+日（2桁）+通し番号（0スタート2桁）とする\r
 // 2014年7月31日中の30個目のリリースは2014073129\r
-#define RELEASE_VERSION_NUM            2015051600      /* リリースバージョン */\r
+#define RELEASE_VERSION_NUM            2015061300      /* リリースバージョン */\r
 \r
 \r
 // SourceForge.JPによるフォーク\r

diff --git a/contrib/openssl/bin/libeay32.dll b/contrib/openssl/bin/libeay32.dll
index 0c14258..05f49ef 100644 (file)
Binary files a/contrib/openssl/bin/libeay32.dll and b/contrib/openssl/bin/libeay32.dll differ

diff --git a/contrib/openssl/bin/ssleay32.dll b/contrib/openssl/bin/ssleay32.dll
index af071f2..3b58a08 100644 (file)
Binary files a/contrib/openssl/bin/ssleay32.dll and b/contrib/openssl/bin/ssleay32.dll differ

diff --git a/contrib/openssl/changes.txt b/contrib/openssl/changes.txt
index 3044aa7..4cbf61d 100644 (file)
--- a/contrib/openssl/changes.txt
+++ b/contrib/openssl/changes.txt
@@ -2,6 +2,96 @@
  OpenSSL CHANGES
  _______________
 
+ Changes between 1.0.2b and 1.0.2c [12 Jun 2015]
+
+  *) Fix HMAC ABI incompatibility. The previous version introduced an ABI
+     incompatibility in the handling of HMAC. The previous ABI has now been
+     restored.
+
+ Changes between 1.0.2a and 1.0.2b [11 Jun 2015]
+
+  *) Malformed ECParameters causes infinite loop
+
+     When processing an ECParameters structure OpenSSL enters an infinite loop
+     if the curve specified is over a specially malformed binary polynomial
+     field.
+
+     This can be used to perform denial of service against any
+     system which processes public keys, certificate requests or
+     certificates.  This includes TLS clients and TLS servers with
+     client authentication enabled.
+
+     This issue was reported to OpenSSL by Joseph Barr-Pixton.
+     (CVE-2015-1788)
+     [Andy Polyakov]
+
+  *) Exploitable out-of-bounds read in X509_cmp_time
+
+     X509_cmp_time does not properly check the length of the ASN1_TIME
+     string and can read a few bytes out of bounds. In addition,
+     X509_cmp_time accepts an arbitrary number of fractional seconds in the
+     time string.
+
+     An attacker can use this to craft malformed certificates and CRLs of
+     various sizes and potentially cause a segmentation fault, resulting in
+     a DoS on applications that verify certificates or CRLs. TLS clients
+     that verify CRLs are affected. TLS clients and servers with client
+     authentication enabled may be affected if they use custom verification
+     callbacks.
+
+     This issue was reported to OpenSSL by Robert Swiecki (Google), and
+     independently by Hanno Böck.
+     (CVE-2015-1789)
+     [Emilia Käsper]
+
+  *) PKCS7 crash with missing EnvelopedContent
+
+     The PKCS#7 parsing code does not handle missing inner EncryptedContent
+     correctly. An attacker can craft malformed ASN.1-encoded PKCS#7 blobs
+     with missing content and trigger a NULL pointer dereference on parsing.
+
+     Applications that decrypt PKCS#7 data or otherwise parse PKCS#7
+     structures from untrusted sources are affected. OpenSSL clients and
+     servers are not affected.
+
+     This issue was reported to OpenSSL by Michal Zalewski (Google).
+     (CVE-2015-1790)
+     [Emilia Käsper]
+
+  *) CMS verify infinite loop with unknown hash function
+
+     When verifying a signedData message the CMS code can enter an infinite loop
+     if presented with an unknown hash function OID. This can be used to perform
+     denial of service against any system which verifies signedData messages using
+     the CMS code.
+     This issue was reported to OpenSSL by Johannes Bauer.
+     (CVE-2015-1792)
+     [Stephen Henson]
+
+  *) Race condition handling NewSessionTicket
+
+     If a NewSessionTicket is received by a multi-threaded client when attempting to
+     reuse a previous ticket then a race condition can occur potentially leading to
+     a double free of the ticket data.
+     (CVE-2015-1791)
+     [Matt Caswell]
+
+  *) Removed support for the two export grade static DH ciphersuites
+     EXP-DH-RSA-DES-CBC-SHA and EXP-DH-DSS-DES-CBC-SHA. These two ciphersuites
+     were newly added (along with a number of other static DH ciphersuites) to
+     1.0.2. However the two export ones have *never* worked since they were
+     introduced. It seems strange in any case to be adding new export
+     ciphersuites, and given "logjam" it also does not seem correct to fix them.
+     [Matt Caswell]
+
+  *) Only support 256-bit or stronger elliptic curves with the
+     'ecdh_auto' setting (server) or by default (client). Of supported
+     curves, prefer P-256 (both).
+     [Emilia Kasper]
+
+  *) Reject DH handshakes with parameters shorter than 768 bits.
+     [Kurt Roeckx and Emilia Kasper]
+
  Changes between 1.0.2 and 1.0.2a [19 Mar 2015]
 
   *) ClientHello sigalgs DoS fix

diff --git a/contrib/openssl/include/openssl/bn.h b/contrib/openssl/include/openssl/bn.h
index 9d8f67c..85fa39e 100644 (file)
--- a/contrib/openssl/include/openssl/bn.h
+++ b/contrib/openssl/include/openssl/bn.h
@@ -779,6 +779,7 @@ int RAND_pseudo_bytes(unsigned char *buf, int num);
                          * wouldn't be constructed with top!=dmax. */ \\r
                         BN_ULONG *_not_const; \\r
                         memcpy(&_not_const, &_bnum1->d, sizeof(BN_ULONG*)); \\r
+                        /* Debug only - safe to ignore error return */ \\r
                         RAND_pseudo_bytes(&_tmp_char, 1); \\r
                         memset((unsigned char *)(_not_const + _bnum1->top), _tmp_char, \\r
                                 (_bnum1->dmax - _bnum1->top) * sizeof(BN_ULONG)); \\r
@@ -892,6 +893,7 @@ void ERR_load_BN_strings(void);
 # define BN_F_BN_GF2M_MOD_SOLVE_QUAD_ARR                  135\r
 # define BN_F_BN_GF2M_MOD_SQR                             136\r
 # define BN_F_BN_GF2M_MOD_SQRT                            137\r
+# define BN_F_BN_LSHIFT                                   145\r
 # define BN_F_BN_MOD_EXP2_MONT                            118\r
 # define BN_F_BN_MOD_EXP_MONT                             109\r
 # define BN_F_BN_MOD_EXP_MONT_CONSTTIME                   124\r
@@ -907,12 +909,14 @@ void ERR_load_BN_strings(void);
 # define BN_F_BN_NEW                                      113\r
 # define BN_F_BN_RAND                                     114\r
 # define BN_F_BN_RAND_RANGE                               122\r
+# define BN_F_BN_RSHIFT                                   146\r
 # define BN_F_BN_USUB                                     115\r
 \r
 /* Reason codes. */\r
 # define BN_R_ARG2_LT_ARG3                                100\r
 # define BN_R_BAD_RECIPROCAL                              101\r
 # define BN_R_BIGNUM_TOO_LONG                             114\r
+# define BN_R_BITS_TOO_SMALL                              118\r
 # define BN_R_CALLED_WITH_EVEN_MODULUS                    102\r
 # define BN_R_DIV_BY_ZERO                                 103\r
 # define BN_R_ENCODING_ERROR                              104\r
@@ -920,6 +924,7 @@ void ERR_load_BN_strings(void);
 # define BN_R_INPUT_NOT_REDUCED                           110\r
 # define BN_R_INVALID_LENGTH                              106\r
 # define BN_R_INVALID_RANGE                               115\r
+# define BN_R_INVALID_SHIFT                               119\r
 # define BN_R_NOT_A_SQUARE                                111\r
 # define BN_R_NOT_INITIALIZED                             107\r
 # define BN_R_NO_INVERSE                                  108\r

diff --git a/contrib/openssl/include/openssl/e_os2.h b/contrib/openssl/include/openssl/e_os2.h
index 3ded780..9f459f7 100644 (file)
--- a/contrib/openssl/include/openssl/e_os2.h
+++ b/contrib/openssl/include/openssl/e_os2.h
@@ -109,6 +109,12 @@ extern "C" {
 #    undef OPENSSL_SYS_UNIX\r
 #    define OPENSSL_SYS_WIN32\r
 #   endif\r
+#   if defined(_WIN64) || defined(OPENSSL_SYSNAME_WIN64)\r
+#    undef OPENSSL_SYS_UNIX\r
+#    if !defined(OPENSSL_SYS_WIN64)\r
+#     define OPENSSL_SYS_WIN64\r
+#    endif\r
+#   endif\r
 #   if defined(OPENSSL_SYSNAME_WINNT)\r
 #    undef OPENSSL_SYS_UNIX\r
 #    define OPENSSL_SYS_WINNT\r
@@ -121,7 +127,7 @@ extern "C" {
 # endif\r
 \r
 /* Anything that tries to look like Microsoft is "Windows" */\r
-# if defined(OPENSSL_SYS_WIN32) || defined(OPENSSL_SYS_WINNT) || defined(OPENSSL_SYS_WINCE)\r
+# if defined(OPENSSL_SYS_WIN32) || defined(OPENSSL_SYS_WIN64) || defined(OPENSSL_SYS_WINNT) || defined(OPENSSL_SYS_WINCE)\r
 #  undef OPENSSL_SYS_UNIX\r
 #  define OPENSSL_SYS_WINDOWS\r
 #  ifndef OPENSSL_SYS_MSDOS\r

diff --git a/contrib/openssl/include/openssl/ec.h b/contrib/openssl/include/openssl/ec.h
index 6cafb35..8fb623b 100644 (file)
--- a/contrib/openssl/include/openssl/ec.h
+++ b/contrib/openssl/include/openssl/ec.h
@@ -1097,6 +1097,12 @@ void ERR_load_EC_strings(void);
 # define EC_F_ECPARAMETERS_PRINT_FP                       148\r
 # define EC_F_ECPKPARAMETERS_PRINT                        149\r
 # define EC_F_ECPKPARAMETERS_PRINT_FP                     150\r
+# define EC_F_ECP_NISTZ256_GET_AFFINE                     240\r
+# define EC_F_ECP_NISTZ256_MULT_PRECOMPUTE                243\r
+# define EC_F_ECP_NISTZ256_POINTS_MUL                     241\r
+# define EC_F_ECP_NISTZ256_PRE_COMP_NEW                   244\r
+# define EC_F_ECP_NISTZ256_SET_WORDS                      245\r
+# define EC_F_ECP_NISTZ256_WINDOWED_MUL                   242\r
 # define EC_F_ECP_NIST_MOD_192                            203\r
 # define EC_F_ECP_NIST_MOD_224                            204\r
 # define EC_F_ECP_NIST_MOD_256                            205\r
@@ -1208,11 +1214,6 @@ void ERR_load_EC_strings(void);
 # define EC_F_NISTP224_PRE_COMP_NEW                       227\r
 # define EC_F_NISTP256_PRE_COMP_NEW                       236\r
 # define EC_F_NISTP521_PRE_COMP_NEW                       237\r
-# define EC_F_ECP_NISTZ256_GET_AFFINE                     240\r
-# define EC_F_ECP_NISTZ256_POINTS_MUL                     241\r
-# define EC_F_ECP_NISTZ256_WINDOWED_MUL                   242\r
-# define EC_F_ECP_NISTZ256_MULT_PRECOMPUTE                243\r
-# define EC_F_ECP_NISTZ256_PRE_COMP_NEW                   244\r
 # define EC_F_O2I_ECPUBLICKEY                             152\r
 # define EC_F_OLD_EC_PRIV_DECODE                          222\r
 # define EC_F_PKEY_EC_CTRL                                197\r

diff --git a/contrib/openssl/include/openssl/evp.h b/contrib/openssl/include/openssl/evp.h
index 1bcf8c3..f3d0253 100644 (file)
--- a/contrib/openssl/include/openssl/evp.h
+++ b/contrib/openssl/include/openssl/evp.h
@@ -103,7 +103,6 @@
 # define EVP_PKS_RSA     0x0100\r
 # define EVP_PKS_DSA     0x0200\r
 # define EVP_PKS_EC      0x0400\r
-# define EVP_PKT_EXP     0x1000 /* <= 512 bit key */\r
 \r
 # define EVP_PKEY_NONE   NID_undef\r
 # define EVP_PKEY_RSA    NID_rsaEncryption\r
@@ -424,6 +423,9 @@ struct evp_cipher_st {
 # define         EVP_CTRL_TLS1_1_MULTIBLOCK_DECRYPT      0x1b\r
 # define         EVP_CTRL_TLS1_1_MULTIBLOCK_MAX_BUFSIZE  0x1c\r
 \r
+/* RFC 5246 defines additional data to be 13 bytes in length */\r
+# define         EVP_AEAD_TLS1_AAD_LEN           13\r
+\r
 typedef struct {\r
     unsigned char *out;\r
     const unsigned char *inp;\r
@@ -1121,6 +1123,19 @@ void EVP_PKEY_asn1_set_free(EVP_PKEY_ASN1_METHOD *ameth,
 void EVP_PKEY_asn1_set_ctrl(EVP_PKEY_ASN1_METHOD *ameth,\r
                             int (*pkey_ctrl) (EVP_PKEY *pkey, int op,\r
                                               long arg1, void *arg2));\r
+void EVP_PKEY_asn1_set_item(EVP_PKEY_ASN1_METHOD *ameth,\r
+                            int (*item_verify) (EVP_MD_CTX *ctx,\r
+                                                const ASN1_ITEM *it,\r
+                                                void *asn,\r
+                                                X509_ALGOR *a,\r
+                                                ASN1_BIT_STRING *sig,\r
+                                                EVP_PKEY *pkey),\r
+                            int (*item_sign) (EVP_MD_CTX *ctx,\r
+                                              const ASN1_ITEM *it,\r
+                                              void *asn,\r
+                                              X509_ALGOR *alg1,\r
+                                              X509_ALGOR *alg2,\r
+                                              ASN1_BIT_STRING *sig));\r
 \r
 # define EVP_PKEY_OP_UNDEFINED           0\r
 # define EVP_PKEY_OP_PARAMGEN            (1<<1)\r

diff --git a/contrib/openssl/include/openssl/opensslv.h b/contrib/openssl/include/openssl/opensslv.h
index 772f8cd..1eef06b 100644 (file)
--- a/contrib/openssl/include/openssl/opensslv.h
+++ b/contrib/openssl/include/openssl/opensslv.h
@@ -30,11 +30,11 @@ extern "C" {
  * (Prior to 0.9.5a beta1, a different scheme was used: MMNNFFRBB for\r
  *  major minor fix final patch/beta)\r
  */\r
-# define OPENSSL_VERSION_NUMBER  0x1000201fL\r
+# define OPENSSL_VERSION_NUMBER  0x1000203fL\r
 # ifdef OPENSSL_FIPS\r
-#  define OPENSSL_VERSION_TEXT    "OpenSSL 1.0.2a-fips 19 Mar 2015"\r
+#  define OPENSSL_VERSION_TEXT    "OpenSSL 1.0.2c-fips 12 Jun 2015"\r
 # else\r
-#  define OPENSSL_VERSION_TEXT    "OpenSSL 1.0.2a 19 Mar 2015"\r
+#  define OPENSSL_VERSION_TEXT    "OpenSSL 1.0.2c 12 Jun 2015"\r
 # endif\r
 # define OPENSSL_VERSION_PTEXT   " part of " OPENSSL_VERSION_TEXT\r
 \r

diff --git a/contrib/openssl/include/openssl/ssl.h b/contrib/openssl/include/openssl/ssl.h
index d683199..1c4c268 100644 (file)
--- a/contrib/openssl/include/openssl/ssl.h
+++ b/contrib/openssl/include/openssl/ssl.h
@@ -1727,6 +1727,7 @@ extern "C" {
 # define SSL_ST_BEFORE                   0x4000\r
 # define SSL_ST_OK                       0x03\r
 # define SSL_ST_RENEGOTIATE              (0x04|SSL_ST_INIT)\r
+# define SSL_ST_ERR                      0x05\r
 \r
 # define SSL_CB_LOOP                     0x01\r
 # define SSL_CB_EXIT                     0x02\r
@@ -2640,6 +2641,7 @@ void ERR_load_SSL_strings(void);
 # define SSL_F_GET_CLIENT_MASTER_KEY                      107\r
 # define SSL_F_GET_SERVER_FINISHED                        108\r
 # define SSL_F_GET_SERVER_HELLO                           109\r
+# define SSL_F_GET_SERVER_STATIC_DH_KEY                   340\r
 # define SSL_F_GET_SERVER_VERIFY                          110\r
 # define SSL_F_I2D_SSL_SESSION                            111\r
 # define SSL_F_READ_N                                     112\r
@@ -2670,6 +2672,7 @@ void ERR_load_SSL_strings(void);
 # define SSL_F_SSL3_CHANGE_CIPHER_STATE                   129\r
 # define SSL_F_SSL3_CHECK_CERT_AND_ALGORITHM              130\r
 # define SSL_F_SSL3_CHECK_CLIENT_HELLO                    304\r
+# define SSL_F_SSL3_CHECK_FINISHED                        339\r
 # define SSL_F_SSL3_CLIENT_HELLO                          131\r
 # define SSL_F_SSL3_CONNECT                               132\r
 # define SSL_F_SSL3_CTRL                                  213\r
@@ -2784,6 +2787,7 @@ void ERR_load_SSL_strings(void);
 # define SSL_F_SSL_RSA_PUBLIC_ENCRYPT                     188\r
 # define SSL_F_SSL_SCAN_CLIENTHELLO_TLSEXT                320\r
 # define SSL_F_SSL_SCAN_SERVERHELLO_TLSEXT                321\r
+# define SSL_F_SSL_SESSION_DUP                            348\r
 # define SSL_F_SSL_SESSION_NEW                            189\r
 # define SSL_F_SSL_SESSION_PRINT_FP                       190\r
 # define SSL_F_SSL_SESSION_SET1_ID_CONTEXT                312\r
@@ -2904,6 +2908,7 @@ void ERR_load_SSL_strings(void);
 # define SSL_R_DATA_LENGTH_TOO_LONG                       146\r
 # define SSL_R_DECRYPTION_FAILED                          147\r
 # define SSL_R_DECRYPTION_FAILED_OR_BAD_RECORD_MAC        281\r
+# define SSL_R_DH_KEY_TOO_SMALL                           372\r
 # define SSL_R_DH_PUBLIC_VALUE_LENGTH_IS_WRONG            148\r
 # define SSL_R_DIGEST_CHECK_FAILED                        149\r
 # define SSL_R_DTLS_MESSAGE_TOO_BIG                       334\r

diff --git a/contrib/openssl/include/openssl/x509_vfy.h b/contrib/openssl/include/openssl/x509_vfy.h
index a2eb1e9..d503b46 100644 (file)
--- a/contrib/openssl/include/openssl/x509_vfy.h
+++ b/contrib/openssl/include/openssl/x509_vfy.h
@@ -432,6 +432,12 @@ void X509_STORE_CTX_set_depth(X509_STORE_CTX *ctx, int depth);
 \r
 /* Allow partial chains if at least one certificate is in trusted store */\r
 # define X509_V_FLAG_PARTIAL_CHAIN               0x80000\r
+/*\r
+ * If the initial chain is not trusted, do not attempt to build an alternative\r
+ * chain. Alternate chain checking was introduced in 1.0.2b. Setting this flag\r
+ * will force the behaviour to match that of previous versions.\r
+ */\r
+# define X509_V_FLAG_NO_ALT_CHAINS               0x100000\r
 \r
 # define X509_VP_FLAG_DEFAULT                    0x1\r
 # define X509_VP_FLAG_OVERWRITE                  0x2\r

diff --git a/contrib/openssl/news.txt b/contrib/openssl/news.txt
index 682c583..f3574cf 100644 (file)
--- a/contrib/openssl/news.txt
+++ b/contrib/openssl/news.txt
@@ -5,6 +5,18 @@
   This file gives a brief overview of the major changes between each OpenSSL
   release. For more details please read the CHANGES file.
 
+  Major changes between OpenSSL 1.0.2b and OpenSSL 1.0.2c [12 Jun 2015]
+
+      o Fix HMAC ABI incompatibility
+
+  Major changes between OpenSSL 1.0.2a and OpenSSL 1.0.2b [11 Jun 2015]
+
+      o Malformed ECParameters causes infinite loop (CVE-2015-1788)
+      o Exploitable out-of-bounds read in X509_cmp_time (CVE-2015-1789)
+      o PKCS7 crash with missing EnvelopedContent (CVE-2015-1790)
+      o CMS verify infinite loop with unknown hash function (CVE-2015-1792)
+      o Race condition handling NewSessionTicket (CVE-2015-1791)
+
   Major changes between OpenSSL 1.0.2 and OpenSSL 1.0.2a [19 Mar 2015]
 
       o OpenSSL 1.0.2 ClientHello sigalgs DoS fix (CVE-2015-0291)

diff --git a/contrib/openssl/readme.txt b/contrib/openssl/readme.txt
index 8ce093d..ae04431 100644 (file)
--- a/contrib/openssl/readme.txt
+++ b/contrib/openssl/readme.txt
@@ -1,5 +1,5 @@
 
- OpenSSL 1.0.2a 19 Mar 2015
+ OpenSSL 1.0.2c 12 Jun 2015
 
  Copyright (c) 1998-2011 The OpenSSL Project
  Copyright (c) 1995-1998 Eric A. Young, Tim J. Hudson

diff --git a/dist/amd64/libeay32.dll b/dist/amd64/libeay32.dll
index 7adefd1..c0d8f09 100644 (file)
Binary files a/dist/amd64/libeay32.dll and b/dist/amd64/libeay32.dll differ

diff --git a/dist/amd64/ssleay32.dll b/dist/amd64/ssleay32.dll
index c93cfad..a8b3773 100644 (file)
Binary files a/dist/amd64/ssleay32.dll and b/dist/amd64/ssleay32.dll differ

diff --git a/dist/libeay32.dll b/dist/libeay32.dll
index 0c14258..05f49ef 100644 (file)
Binary files a/dist/libeay32.dll and b/dist/libeay32.dll differ

diff --git a/dist/ssleay32.dll b/dist/ssleay32.dll
index af071f2..3b58a08 100644 (file)
Binary files a/dist/ssleay32.dll and b/dist/ssleay32.dll differ

diff --git a/socketwrapper.c b/socketwrapper.c
index 91f2918..082c5c9 100644 (file)
--- a/socketwrapper.c
+++ b/socketwrapper.c
@@ -153,15 +153,15 @@ BOOL LoadOpenSSL()
 #ifdef ENABLE_PROCESS_PROTECTION\r
        // 同梱するOpenSSLのバージョンに合わせてSHA1ハッシュ値を変更すること\r
 #if defined(_M_IX86)\r
-       // ssleay32.dll 1.0.2a\r
-       RegisterTrustedModuleSHA1Hash("\xBF\x60\xD4\x6E\xCE\xC6\xC8\xD1\xF8\xE6\xEE\x9D\x1B\x47\x4E\x7B\x71\xBC\xBC\x3E");\r
-       // libeay32.dll 1.0.2a\r
-       RegisterTrustedModuleSHA1Hash("\xD7\xFF\x8B\xB9\xBD\x31\xAE\x3C\x7F\xE3\xC6\xC5\xEF\xEA\x0E\x4D\xA0\x57\x94\x9E");\r
+       // ssleay32.dll 1.0.2c\r
+       RegisterTrustedModuleSHA1Hash("\x52\x8D\x30\xE5\xF5\x41\x8E\x16\x8A\x31\x8D\x36\xEA\xB7\xE0\x93\x4F\x13\x0B\x48");\r
+       // libeay32.dll 1.0.2c\r
+       RegisterTrustedModuleSHA1Hash("\x22\x3A\xCE\x78\xAC\x4B\x02\x20\x05\x61\x1B\xC5\xBF\xE7\x37\x7D\xD9\xDF\xE6\x1B");\r
 #elif defined(_M_AMD64)\r
-       // ssleay32.dll 1.0.2a\r
-       RegisterTrustedModuleSHA1Hash("\x65\x59\x15\x76\x68\x21\xE0\x5D\xA8\xF5\x9D\x45\x31\x67\x1C\x48\xE3\x36\x82\xCF");\r
-       // libeay32.dll 1.0.2a\r
-       RegisterTrustedModuleSHA1Hash("\x6B\x8E\x8B\x48\xE2\xFC\x8F\xE7\xFA\xBD\x84\x71\x4D\x16\xB9\x8F\x54\x00\xD0\x9A");\r
+       // ssleay32.dll 1.0.2c\r
+       RegisterTrustedModuleSHA1Hash("\x9E\xE1\xA7\x17\x2C\x78\xA7\x11\xEB\x11\x95\x95\x21\x18\x0F\x29\x6B\xDF\xE6\xDF");\r
+       // libeay32.dll 1.0.2c\r
+       RegisterTrustedModuleSHA1Hash("\x86\x8B\x4B\x13\x3C\x51\x29\x91\x2D\xD3\x81\x8D\x03\x8E\x5E\x43\xEB\x1C\xA8\x5C");\r
 #endif\r
 #endif\r
        g_hOpenSSL = LoadLibrary("ssleay32.dll");\r