// ソフトウェア自動更新\r
// リリースバージョンはリリース予定年(10進数4桁)+月(2桁)+日(2桁)+通し番号(0スタート2桁)とする\r
// 2014年7月31日中の30個目のリリースは2014073129\r
-#define RELEASE_VERSION_NUM 2015051600 /* リリースバージョン */\r
+#define RELEASE_VERSION_NUM 2015061300 /* リリースバージョン */\r
\r
\r
// SourceForge.JPによるフォーク\r
OpenSSL CHANGES
_______________
+ Changes between 1.0.2b and 1.0.2c [12 Jun 2015]
+
+ *) Fix HMAC ABI incompatibility. The previous version introduced an ABI
+ incompatibility in the handling of HMAC. The previous ABI has now been
+ restored.
+
+ Changes between 1.0.2a and 1.0.2b [11 Jun 2015]
+
+ *) Malformed ECParameters causes infinite loop
+
+ When processing an ECParameters structure OpenSSL enters an infinite loop
+ if the curve specified is over a specially malformed binary polynomial
+ field.
+
+ This can be used to perform denial of service against any
+ system which processes public keys, certificate requests or
+ certificates. This includes TLS clients and TLS servers with
+ client authentication enabled.
+
+ This issue was reported to OpenSSL by Joseph Barr-Pixton.
+ (CVE-2015-1788)
+ [Andy Polyakov]
+
+ *) Exploitable out-of-bounds read in X509_cmp_time
+
+ X509_cmp_time does not properly check the length of the ASN1_TIME
+ string and can read a few bytes out of bounds. In addition,
+ X509_cmp_time accepts an arbitrary number of fractional seconds in the
+ time string.
+
+ An attacker can use this to craft malformed certificates and CRLs of
+ various sizes and potentially cause a segmentation fault, resulting in
+ a DoS on applications that verify certificates or CRLs. TLS clients
+ that verify CRLs are affected. TLS clients and servers with client
+ authentication enabled may be affected if they use custom verification
+ callbacks.
+
+ This issue was reported to OpenSSL by Robert Swiecki (Google), and
+ independently by Hanno Böck.
+ (CVE-2015-1789)
+ [Emilia Käsper]
+
+ *) PKCS7 crash with missing EnvelopedContent
+
+ The PKCS#7 parsing code does not handle missing inner EncryptedContent
+ correctly. An attacker can craft malformed ASN.1-encoded PKCS#7 blobs
+ with missing content and trigger a NULL pointer dereference on parsing.
+
+ Applications that decrypt PKCS#7 data or otherwise parse PKCS#7
+ structures from untrusted sources are affected. OpenSSL clients and
+ servers are not affected.
+
+ This issue was reported to OpenSSL by Michal Zalewski (Google).
+ (CVE-2015-1790)
+ [Emilia Käsper]
+
+ *) CMS verify infinite loop with unknown hash function
+
+ When verifying a signedData message the CMS code can enter an infinite loop
+ if presented with an unknown hash function OID. This can be used to perform
+ denial of service against any system which verifies signedData messages using
+ the CMS code.
+ This issue was reported to OpenSSL by Johannes Bauer.
+ (CVE-2015-1792)
+ [Stephen Henson]
+
+ *) Race condition handling NewSessionTicket
+
+ If a NewSessionTicket is received by a multi-threaded client when attempting to
+ reuse a previous ticket then a race condition can occur potentially leading to
+ a double free of the ticket data.
+ (CVE-2015-1791)
+ [Matt Caswell]
+
+ *) Removed support for the two export grade static DH ciphersuites
+ EXP-DH-RSA-DES-CBC-SHA and EXP-DH-DSS-DES-CBC-SHA. These two ciphersuites
+ were newly added (along with a number of other static DH ciphersuites) to
+ 1.0.2. However the two export ones have *never* worked since they were
+ introduced. It seems strange in any case to be adding new export
+ ciphersuites, and given "logjam" it also does not seem correct to fix them.
+ [Matt Caswell]
+
+ *) Only support 256-bit or stronger elliptic curves with the
+ 'ecdh_auto' setting (server) or by default (client). Of supported
+ curves, prefer P-256 (both).
+ [Emilia Kasper]
+
+ *) Reject DH handshakes with parameters shorter than 768 bits.
+ [Kurt Roeckx and Emilia Kasper]
+
Changes between 1.0.2 and 1.0.2a [19 Mar 2015]
*) ClientHello sigalgs DoS fix
* wouldn't be constructed with top!=dmax. */ \\r
BN_ULONG *_not_const; \\r
memcpy(&_not_const, &_bnum1->d, sizeof(BN_ULONG*)); \\r
+ /* Debug only - safe to ignore error return */ \\r
RAND_pseudo_bytes(&_tmp_char, 1); \\r
memset((unsigned char *)(_not_const + _bnum1->top), _tmp_char, \\r
(_bnum1->dmax - _bnum1->top) * sizeof(BN_ULONG)); \\r
# define BN_F_BN_GF2M_MOD_SOLVE_QUAD_ARR 135\r
# define BN_F_BN_GF2M_MOD_SQR 136\r
# define BN_F_BN_GF2M_MOD_SQRT 137\r
+# define BN_F_BN_LSHIFT 145\r
# define BN_F_BN_MOD_EXP2_MONT 118\r
# define BN_F_BN_MOD_EXP_MONT 109\r
# define BN_F_BN_MOD_EXP_MONT_CONSTTIME 124\r
# define BN_F_BN_NEW 113\r
# define BN_F_BN_RAND 114\r
# define BN_F_BN_RAND_RANGE 122\r
+# define BN_F_BN_RSHIFT 146\r
# define BN_F_BN_USUB 115\r
\r
/* Reason codes. */\r
# define BN_R_ARG2_LT_ARG3 100\r
# define BN_R_BAD_RECIPROCAL 101\r
# define BN_R_BIGNUM_TOO_LONG 114\r
+# define BN_R_BITS_TOO_SMALL 118\r
# define BN_R_CALLED_WITH_EVEN_MODULUS 102\r
# define BN_R_DIV_BY_ZERO 103\r
# define BN_R_ENCODING_ERROR 104\r
# define BN_R_INPUT_NOT_REDUCED 110\r
# define BN_R_INVALID_LENGTH 106\r
# define BN_R_INVALID_RANGE 115\r
+# define BN_R_INVALID_SHIFT 119\r
# define BN_R_NOT_A_SQUARE 111\r
# define BN_R_NOT_INITIALIZED 107\r
# define BN_R_NO_INVERSE 108\r
# undef OPENSSL_SYS_UNIX\r
# define OPENSSL_SYS_WIN32\r
# endif\r
+# if defined(_WIN64) || defined(OPENSSL_SYSNAME_WIN64)\r
+# undef OPENSSL_SYS_UNIX\r
+# if !defined(OPENSSL_SYS_WIN64)\r
+# define OPENSSL_SYS_WIN64\r
+# endif\r
+# endif\r
# if defined(OPENSSL_SYSNAME_WINNT)\r
# undef OPENSSL_SYS_UNIX\r
# define OPENSSL_SYS_WINNT\r
# endif\r
\r
/* Anything that tries to look like Microsoft is "Windows" */\r
-# if defined(OPENSSL_SYS_WIN32) || defined(OPENSSL_SYS_WINNT) || defined(OPENSSL_SYS_WINCE)\r
+# if defined(OPENSSL_SYS_WIN32) || defined(OPENSSL_SYS_WIN64) || defined(OPENSSL_SYS_WINNT) || defined(OPENSSL_SYS_WINCE)\r
# undef OPENSSL_SYS_UNIX\r
# define OPENSSL_SYS_WINDOWS\r
# ifndef OPENSSL_SYS_MSDOS\r
# define EC_F_ECPARAMETERS_PRINT_FP 148\r
# define EC_F_ECPKPARAMETERS_PRINT 149\r
# define EC_F_ECPKPARAMETERS_PRINT_FP 150\r
+# define EC_F_ECP_NISTZ256_GET_AFFINE 240\r
+# define EC_F_ECP_NISTZ256_MULT_PRECOMPUTE 243\r
+# define EC_F_ECP_NISTZ256_POINTS_MUL 241\r
+# define EC_F_ECP_NISTZ256_PRE_COMP_NEW 244\r
+# define EC_F_ECP_NISTZ256_SET_WORDS 245\r
+# define EC_F_ECP_NISTZ256_WINDOWED_MUL 242\r
# define EC_F_ECP_NIST_MOD_192 203\r
# define EC_F_ECP_NIST_MOD_224 204\r
# define EC_F_ECP_NIST_MOD_256 205\r
# define EC_F_NISTP224_PRE_COMP_NEW 227\r
# define EC_F_NISTP256_PRE_COMP_NEW 236\r
# define EC_F_NISTP521_PRE_COMP_NEW 237\r
-# define EC_F_ECP_NISTZ256_GET_AFFINE 240\r
-# define EC_F_ECP_NISTZ256_POINTS_MUL 241\r
-# define EC_F_ECP_NISTZ256_WINDOWED_MUL 242\r
-# define EC_F_ECP_NISTZ256_MULT_PRECOMPUTE 243\r
-# define EC_F_ECP_NISTZ256_PRE_COMP_NEW 244\r
# define EC_F_O2I_ECPUBLICKEY 152\r
# define EC_F_OLD_EC_PRIV_DECODE 222\r
# define EC_F_PKEY_EC_CTRL 197\r
# define EVP_PKS_RSA 0x0100\r
# define EVP_PKS_DSA 0x0200\r
# define EVP_PKS_EC 0x0400\r
-# define EVP_PKT_EXP 0x1000 /* <= 512 bit key */\r
\r
# define EVP_PKEY_NONE NID_undef\r
# define EVP_PKEY_RSA NID_rsaEncryption\r
# define EVP_CTRL_TLS1_1_MULTIBLOCK_DECRYPT 0x1b\r
# define EVP_CTRL_TLS1_1_MULTIBLOCK_MAX_BUFSIZE 0x1c\r
\r
+/* RFC 5246 defines additional data to be 13 bytes in length */\r
+# define EVP_AEAD_TLS1_AAD_LEN 13\r
+\r
typedef struct {\r
unsigned char *out;\r
const unsigned char *inp;\r
void EVP_PKEY_asn1_set_ctrl(EVP_PKEY_ASN1_METHOD *ameth,\r
int (*pkey_ctrl) (EVP_PKEY *pkey, int op,\r
long arg1, void *arg2));\r
+void EVP_PKEY_asn1_set_item(EVP_PKEY_ASN1_METHOD *ameth,\r
+ int (*item_verify) (EVP_MD_CTX *ctx,\r
+ const ASN1_ITEM *it,\r
+ void *asn,\r
+ X509_ALGOR *a,\r
+ ASN1_BIT_STRING *sig,\r
+ EVP_PKEY *pkey),\r
+ int (*item_sign) (EVP_MD_CTX *ctx,\r
+ const ASN1_ITEM *it,\r
+ void *asn,\r
+ X509_ALGOR *alg1,\r
+ X509_ALGOR *alg2,\r
+ ASN1_BIT_STRING *sig));\r
\r
# define EVP_PKEY_OP_UNDEFINED 0\r
# define EVP_PKEY_OP_PARAMGEN (1<<1)\r
* (Prior to 0.9.5a beta1, a different scheme was used: MMNNFFRBB for\r
* major minor fix final patch/beta)\r
*/\r
-# define OPENSSL_VERSION_NUMBER 0x1000201fL\r
+# define OPENSSL_VERSION_NUMBER 0x1000203fL\r
# ifdef OPENSSL_FIPS\r
-# define OPENSSL_VERSION_TEXT "OpenSSL 1.0.2a-fips 19 Mar 2015"\r
+# define OPENSSL_VERSION_TEXT "OpenSSL 1.0.2c-fips 12 Jun 2015"\r
# else\r
-# define OPENSSL_VERSION_TEXT "OpenSSL 1.0.2a 19 Mar 2015"\r
+# define OPENSSL_VERSION_TEXT "OpenSSL 1.0.2c 12 Jun 2015"\r
# endif\r
# define OPENSSL_VERSION_PTEXT " part of " OPENSSL_VERSION_TEXT\r
\r
# define SSL_ST_BEFORE 0x4000\r
# define SSL_ST_OK 0x03\r
# define SSL_ST_RENEGOTIATE (0x04|SSL_ST_INIT)\r
+# define SSL_ST_ERR 0x05\r
\r
# define SSL_CB_LOOP 0x01\r
# define SSL_CB_EXIT 0x02\r
# define SSL_F_GET_CLIENT_MASTER_KEY 107\r
# define SSL_F_GET_SERVER_FINISHED 108\r
# define SSL_F_GET_SERVER_HELLO 109\r
+# define SSL_F_GET_SERVER_STATIC_DH_KEY 340\r
# define SSL_F_GET_SERVER_VERIFY 110\r
# define SSL_F_I2D_SSL_SESSION 111\r
# define SSL_F_READ_N 112\r
# define SSL_F_SSL3_CHANGE_CIPHER_STATE 129\r
# define SSL_F_SSL3_CHECK_CERT_AND_ALGORITHM 130\r
# define SSL_F_SSL3_CHECK_CLIENT_HELLO 304\r
+# define SSL_F_SSL3_CHECK_FINISHED 339\r
# define SSL_F_SSL3_CLIENT_HELLO 131\r
# define SSL_F_SSL3_CONNECT 132\r
# define SSL_F_SSL3_CTRL 213\r
# define SSL_F_SSL_RSA_PUBLIC_ENCRYPT 188\r
# define SSL_F_SSL_SCAN_CLIENTHELLO_TLSEXT 320\r
# define SSL_F_SSL_SCAN_SERVERHELLO_TLSEXT 321\r
+# define SSL_F_SSL_SESSION_DUP 348\r
# define SSL_F_SSL_SESSION_NEW 189\r
# define SSL_F_SSL_SESSION_PRINT_FP 190\r
# define SSL_F_SSL_SESSION_SET1_ID_CONTEXT 312\r
# define SSL_R_DATA_LENGTH_TOO_LONG 146\r
# define SSL_R_DECRYPTION_FAILED 147\r
# define SSL_R_DECRYPTION_FAILED_OR_BAD_RECORD_MAC 281\r
+# define SSL_R_DH_KEY_TOO_SMALL 372\r
# define SSL_R_DH_PUBLIC_VALUE_LENGTH_IS_WRONG 148\r
# define SSL_R_DIGEST_CHECK_FAILED 149\r
# define SSL_R_DTLS_MESSAGE_TOO_BIG 334\r
\r
/* Allow partial chains if at least one certificate is in trusted store */\r
# define X509_V_FLAG_PARTIAL_CHAIN 0x80000\r
+/*\r
+ * If the initial chain is not trusted, do not attempt to build an alternative\r
+ * chain. Alternate chain checking was introduced in 1.0.2b. Setting this flag\r
+ * will force the behaviour to match that of previous versions.\r
+ */\r
+# define X509_V_FLAG_NO_ALT_CHAINS 0x100000\r
\r
# define X509_VP_FLAG_DEFAULT 0x1\r
# define X509_VP_FLAG_OVERWRITE 0x2\r
This file gives a brief overview of the major changes between each OpenSSL
release. For more details please read the CHANGES file.
+ Major changes between OpenSSL 1.0.2b and OpenSSL 1.0.2c [12 Jun 2015]
+
+ o Fix HMAC ABI incompatibility
+
+ Major changes between OpenSSL 1.0.2a and OpenSSL 1.0.2b [11 Jun 2015]
+
+ o Malformed ECParameters causes infinite loop (CVE-2015-1788)
+ o Exploitable out-of-bounds read in X509_cmp_time (CVE-2015-1789)
+ o PKCS7 crash with missing EnvelopedContent (CVE-2015-1790)
+ o CMS verify infinite loop with unknown hash function (CVE-2015-1792)
+ o Race condition handling NewSessionTicket (CVE-2015-1791)
+
Major changes between OpenSSL 1.0.2 and OpenSSL 1.0.2a [19 Mar 2015]
o OpenSSL 1.0.2 ClientHello sigalgs DoS fix (CVE-2015-0291)
- OpenSSL 1.0.2a 19 Mar 2015
+ OpenSSL 1.0.2c 12 Jun 2015
Copyright (c) 1998-2011 The OpenSSL Project
Copyright (c) 1995-1998 Eric A. Young, Tim J. Hudson
#ifdef ENABLE_PROCESS_PROTECTION\r
// 同梱するOpenSSLのバージョンに合わせてSHA1ハッシュ値を変更すること\r
#if defined(_M_IX86)\r
- // ssleay32.dll 1.0.2a\r
- RegisterTrustedModuleSHA1Hash("\xBF\x60\xD4\x6E\xCE\xC6\xC8\xD1\xF8\xE6\xEE\x9D\x1B\x47\x4E\x7B\x71\xBC\xBC\x3E");\r
- // libeay32.dll 1.0.2a\r
- RegisterTrustedModuleSHA1Hash("\xD7\xFF\x8B\xB9\xBD\x31\xAE\x3C\x7F\xE3\xC6\xC5\xEF\xEA\x0E\x4D\xA0\x57\x94\x9E");\r
+ // ssleay32.dll 1.0.2c\r
+ RegisterTrustedModuleSHA1Hash("\x52\x8D\x30\xE5\xF5\x41\x8E\x16\x8A\x31\x8D\x36\xEA\xB7\xE0\x93\x4F\x13\x0B\x48");\r
+ // libeay32.dll 1.0.2c\r
+ RegisterTrustedModuleSHA1Hash("\x22\x3A\xCE\x78\xAC\x4B\x02\x20\x05\x61\x1B\xC5\xBF\xE7\x37\x7D\xD9\xDF\xE6\x1B");\r
#elif defined(_M_AMD64)\r
- // ssleay32.dll 1.0.2a\r
- RegisterTrustedModuleSHA1Hash("\x65\x59\x15\x76\x68\x21\xE0\x5D\xA8\xF5\x9D\x45\x31\x67\x1C\x48\xE3\x36\x82\xCF");\r
- // libeay32.dll 1.0.2a\r
- RegisterTrustedModuleSHA1Hash("\x6B\x8E\x8B\x48\xE2\xFC\x8F\xE7\xFA\xBD\x84\x71\x4D\x16\xB9\x8F\x54\x00\xD0\x9A");\r
+ // ssleay32.dll 1.0.2c\r
+ RegisterTrustedModuleSHA1Hash("\x9E\xE1\xA7\x17\x2C\x78\xA7\x11\xEB\x11\x95\x95\x21\x18\x0F\x29\x6B\xDF\xE6\xDF");\r
+ // libeay32.dll 1.0.2c\r
+ RegisterTrustedModuleSHA1Hash("\x86\x8B\x4B\x13\x3C\x51\x29\x91\x2D\xD3\x81\x8D\x03\x8E\x5E\x43\xEB\x1C\xA8\x5C");\r
#endif\r
#endif\r
g_hOpenSSL = LoadLibrary("ssleay32.dll");\r