Source-Changes-HG archive
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]
[src/OPENSSL]: src/crypto/external/bsd/openssl/dist Changes between 1.1.1c an...
details: https://anonhg.NetBSD.org/src/rev/cc31f37d4131
branches: OPENSSL
changeset: 467298:cc31f37d4131
user: christos <christos%NetBSD.org@localhost>
date: Thu Jan 23 02:47:58 2020 +0000
description:
Changes between 1.1.1c and 1.1.1d [10 Sep 2019]
*) Fixed a fork protection issue. OpenSSL 1.1.1 introduced a rewritten random
number generator (RNG). This was intended to include protection in the
event of a fork() system call in order to ensure that the parent and child
processes did not share the same RNG state. However this protection was not
being used in the default case.
A partial mitigation for this issue is that the output from a high
precision timer is mixed into the RNG state so the likelihood of a parent
and child process sharing state is significantly reduced.
If an application already calls OPENSSL_init_crypto() explicitly using
OPENSSL_INIT_ATFORK then this problem does not occur at all.
(CVE-2019-1549)
[Matthias St. Pierre]
*) For built-in EC curves, ensure an EC_GROUP built from the curve name is
used even when parsing explicit parameters, when loading a serialized key
or calling `EC_GROUP_new_from_ecpkparameters()`/
`EC_GROUP_new_from_ecparameters()`.
This prevents bypass of security hardening and performance gains,
especially for curves with specialized EC_METHODs.
By default, if a key encoded with explicit parameters is loaded and later
serialized, the output is still encoded with explicit parameters, even if
internally a "named" EC_GROUP is used for computation.
[Nicola Tuveri]
*) Compute ECC cofactors if not provided during EC_GROUP construction. Before
this change, EC_GROUP_set_generator would accept order and/or cofactor as
NULL. After this change, only the cofactor parameter can be NULL. It also
does some minimal sanity checks on the passed order.
(CVE-2019-1547)
[Billy Bob Brumley]
*) Fixed a padding oracle in PKCS7_dataDecode and CMS_decrypt_set1_pkey.
An attack is simple, if the first CMS_recipientInfo is valid but the
second CMS_recipientInfo is chosen ciphertext. If the second
recipientInfo decodes to PKCS #1 v1.5 form plaintext, the correct
encryption key will be replaced by garbage, and the message cannot be
decoded, but if the RSA decryption fails, the correct encryption key is
used and the recipient will not notice the attack.
As a work around for this potential attack the length of the decrypted
key must be equal to the cipher default key length, in case the
certifiate is not given and all recipientInfo are tried out.
The old behaviour can be re-enabled in the CMS code by setting the
CMS_DEBUG_DECRYPT flag.
(CVE-2019-1563)
[Bernd Edlinger]
*) Early start up entropy quality from the DEVRANDOM seed source has been
improved for older Linux systems. The RAND subsystem will wait for
/dev/random to be producing output before seeding from /dev/urandom.
The seeded state is stored for future library initialisations using
a system global shared memory segment. The shared memory identifier
can be configured by defining OPENSSL_RAND_SEED_DEVRANDOM_SHM_ID to
the desired value. The default identifier is 114.
[Paul Dale]
*) Correct the extended master secret constant on EBCDIC systems. Without this
fix TLS connections between an EBCDIC system and a non-EBCDIC system that
negotiate EMS will fail. Unfortunately this also means that TLS connections
between EBCDIC systems with this fix, and EBCDIC systems without this
fix will fail if they negotiate EMS.
[Matt Caswell]
*) Use Windows installation paths in the mingw builds
Mingw isn't a POSIX environment per se, which means that Windows
paths should be used for installation.
(CVE-2019-1552)
[Richard Levitte]
*) Changed DH_check to accept parameters with order q and 2q subgroups.
With order 2q subgroups the bit 0 of the private key is not secret
but DH_generate_key works around that by clearing bit 0 of the
private key for those. This avoids leaking bit 0 of the private key.
[Bernd Edlinger]
*) Significantly reduce secure memory usage by the randomness pools.
[Paul Dale]
*) Revert the DEVRANDOM_WAIT feature for Linux systems
The DEVRANDOM_WAIT feature added a select() call to wait for the
/dev/random device to become readable before reading from the
/dev/urandom device.
It turned out that this change had negative side effects on
performance which were not acceptable. After some discussion it
was decided to revert this feature and leave it up to the OS
resp. the platform maintainer to ensure a proper initialization
during early boot time.
[Matthias St. Pierre]
diffstat:
crypto/external/bsd/openssl/dist/CHANGES | 111 +-
crypto/external/bsd/openssl/dist/Configurations/00-base-templates.conf | 4 +-
crypto/external/bsd/openssl/dist/Configurations/10-main.conf | 6 +-
crypto/external/bsd/openssl/dist/Configurations/15-ios.conf | 2 +-
crypto/external/bsd/openssl/dist/Configurations/50-win-onecore.conf | 2 +-
crypto/external/bsd/openssl/dist/Configurations/common0.tmpl | 2 +-
crypto/external/bsd/openssl/dist/Configurations/unix-Makefile.tmpl | 106 +-
crypto/external/bsd/openssl/dist/Configure | 5 +-
crypto/external/bsd/openssl/dist/INSTALL | 29 +-
crypto/external/bsd/openssl/dist/NEWS | 19 +-
crypto/external/bsd/openssl/dist/NOTES.WIN | 15 +
crypto/external/bsd/openssl/dist/README | 2 +-
crypto/external/bsd/openssl/dist/apps/apps.c | 9 +-
crypto/external/bsd/openssl/dist/apps/apps.h | 4 +-
crypto/external/bsd/openssl/dist/apps/ca.c | 4 +-
crypto/external/bsd/openssl/dist/apps/dgst.c | 4 +-
crypto/external/bsd/openssl/dist/apps/enc.c | 2 +-
crypto/external/bsd/openssl/dist/apps/ocsp.c | 6 +-
crypto/external/bsd/openssl/dist/apps/openssl.c | 3 +-
crypto/external/bsd/openssl/dist/apps/pkcs12.c | 2 +-
crypto/external/bsd/openssl/dist/apps/req.c | 16 +-
crypto/external/bsd/openssl/dist/apps/s_apps.h | 20 +-
crypto/external/bsd/openssl/dist/apps/s_cb.c | 3 +-
crypto/external/bsd/openssl/dist/apps/s_client.c | 2 +-
crypto/external/bsd/openssl/dist/apps/speed.c | 2 +-
crypto/external/bsd/openssl/dist/apps/storeutl.c | 4 +-
crypto/external/bsd/openssl/dist/config | 8 +-
crypto/external/bsd/openssl/dist/crypto/aes/asm/aes-s390x.pl | 6 +-
crypto/external/bsd/openssl/dist/crypto/asn1/a_time.c | 47 +-
crypto/external/bsd/openssl/dist/crypto/asn1/a_type.c | 10 +-
crypto/external/bsd/openssl/dist/crypto/asn1/x_bignum.c | 19 +-
crypto/external/bsd/openssl/dist/crypto/bio/b_addr.c | 26 +-
crypto/external/bsd/openssl/dist/crypto/bio/bss_dgram.c | 4 +-
crypto/external/bsd/openssl/dist/crypto/bio/bss_file.c | 61 +-
crypto/external/bsd/openssl/dist/crypto/bio/bss_mem.c | 4 +-
crypto/external/bsd/openssl/dist/crypto/bn/asm/mips.pl | 2 +-
crypto/external/bsd/openssl/dist/crypto/bn/bn_div.c | 4 +-
crypto/external/bsd/openssl/dist/crypto/bn/bn_lcl.h | 4 +-
crypto/external/bsd/openssl/dist/crypto/bn/bn_lib.c | 101 +-
crypto/external/bsd/openssl/dist/crypto/bn/bn_prime.c | 8 +-
crypto/external/bsd/openssl/dist/crypto/bn/bn_rand.c | 7 +-
crypto/external/bsd/openssl/dist/crypto/bn/bn_sqrt.c | 5 +-
crypto/external/bsd/openssl/dist/crypto/cms/cms_att.c | 136 +-
crypto/external/bsd/openssl/dist/crypto/cms/cms_env.c | 20 +-
crypto/external/bsd/openssl/dist/crypto/cms/cms_err.c | 5 +-
crypto/external/bsd/openssl/dist/crypto/cms/cms_lcl.h | 9 +-
crypto/external/bsd/openssl/dist/crypto/cms/cms_sd.c | 38 +-
crypto/external/bsd/openssl/dist/crypto/cms/cms_smime.c | 6 +-
crypto/external/bsd/openssl/dist/crypto/conf/conf_sap.c | 2 +-
crypto/external/bsd/openssl/dist/crypto/ctype.c | 8 +-
crypto/external/bsd/openssl/dist/crypto/dh/dh_check.c | 37 +-
crypto/external/bsd/openssl/dist/crypto/dh/dh_gen.c | 56 +-
crypto/external/bsd/openssl/dist/crypto/dh/dh_key.c | 13 +-
crypto/external/bsd/openssl/dist/crypto/dh/dh_lib.c | 6 +-
crypto/external/bsd/openssl/dist/crypto/dsa/dsa_ameth.c | 4 +-
crypto/external/bsd/openssl/dist/crypto/dsa/dsa_err.c | 4 +-
crypto/external/bsd/openssl/dist/crypto/dsa/dsa_ossl.c | 10 +-
crypto/external/bsd/openssl/dist/crypto/dso/dso_dlfcn.c | 5 +-
crypto/external/bsd/openssl/dist/crypto/ec/asm/ecp_nistz256-sparcv9.pl | 3 +-
crypto/external/bsd/openssl/dist/crypto/ec/asm/ecp_nistz256-x86_64.pl | 2 +-
crypto/external/bsd/openssl/dist/crypto/ec/asm/x25519-ppc64.pl | 6 +-
crypto/external/bsd/openssl/dist/crypto/ec/ec_asn1.c | 73 +-
crypto/external/bsd/openssl/dist/crypto/ec/ec_curve.c | 114 +-
crypto/external/bsd/openssl/dist/crypto/ec/ec_lcl.h | 4 +-
crypto/external/bsd/openssl/dist/crypto/ec/ec_lib.c | 103 +-
crypto/external/bsd/openssl/dist/crypto/ec/ecdh_ossl.c | 2 +-
crypto/external/bsd/openssl/dist/crypto/ec/ecdsa_ossl.c | 16 +-
crypto/external/bsd/openssl/dist/crypto/ec/ecp_nistp224.c | 66 +-
crypto/external/bsd/openssl/dist/crypto/ec/ecp_nistp256.c | 67 +-
crypto/external/bsd/openssl/dist/crypto/ec/ecp_nistp521.c | 69 +-
crypto/external/bsd/openssl/dist/crypto/ec/ecp_nistputil.c | 26 +-
crypto/external/bsd/openssl/dist/crypto/ec/ecx_meth.c | 2 +-
crypto/external/bsd/openssl/dist/crypto/engine/eng_devcrypto.c | 2 +-
crypto/external/bsd/openssl/dist/crypto/engine/eng_openssl.c | 8 +-
crypto/external/bsd/openssl/dist/crypto/err/err.c | 16 +-
crypto/external/bsd/openssl/dist/crypto/err/openssl.txt | 12 +
crypto/external/bsd/openssl/dist/crypto/evp/bio_ok.c | 6 +-
crypto/external/bsd/openssl/dist/crypto/evp/e_aes.c | 91 +-
crypto/external/bsd/openssl/dist/crypto/evp/e_aria.c | 13 +-
crypto/external/bsd/openssl/dist/crypto/evp/e_chacha20_poly1305.c | 7 +-
crypto/external/bsd/openssl/dist/crypto/evp/e_rc5.c | 6 +-
crypto/external/bsd/openssl/dist/crypto/evp/evp_err.c | 11 +-
crypto/external/bsd/openssl/dist/crypto/evp/evp_lib.c | 9 +-
crypto/external/bsd/openssl/dist/crypto/evp/m_sha3.c | 5 +-
crypto/external/bsd/openssl/dist/crypto/include/internal/ctype.h | 4 +-
crypto/external/bsd/openssl/dist/crypto/include/internal/rand_int.h | 6 +-
crypto/external/bsd/openssl/dist/crypto/include/internal/sm2err.h | 6 +-
crypto/external/bsd/openssl/dist/crypto/init.c | 3 +-
crypto/external/bsd/openssl/dist/crypto/lhash/lhash.c | 8 +-
crypto/external/bsd/openssl/dist/crypto/o_str.c | 2 +-
crypto/external/bsd/openssl/dist/crypto/pem/pvkfmt.c | 5 +-
crypto/external/bsd/openssl/dist/crypto/pkcs7/pk7_doit.c | 14 +-
crypto/external/bsd/openssl/dist/crypto/rand/drbg_lib.c | 13 +-
crypto/external/bsd/openssl/dist/crypto/rand/rand_err.c | 3 +-
crypto/external/bsd/openssl/dist/crypto/rand/rand_lcl.h | 46 +-
crypto/external/bsd/openssl/dist/crypto/rand/rand_lib.c | 148 +-
crypto/external/bsd/openssl/dist/crypto/rand/rand_unix.c | 185 +-
crypto/external/bsd/openssl/dist/crypto/rand/rand_win.c | 3 +-
crypto/external/bsd/openssl/dist/crypto/rsa/rsa_ameth.c | 13 +
crypto/external/bsd/openssl/dist/crypto/rsa/rsa_err.c | 4 +-
crypto/external/bsd/openssl/dist/crypto/rsa/rsa_gen.c | 2 +-
crypto/external/bsd/openssl/dist/crypto/rsa/rsa_lib.c | 17 +-
crypto/external/bsd/openssl/dist/crypto/rsa/rsa_ossl.c | 10 +
crypto/external/bsd/openssl/dist/crypto/s390xcap.c | 12 +-
crypto/external/bsd/openssl/dist/crypto/sha/asm/keccak1600-armv4.pl | 192 +-
crypto/external/bsd/openssl/dist/crypto/sha/asm/keccak1600-armv8.pl | 4 +-
crypto/external/bsd/openssl/dist/crypto/sha/asm/sha512-sparcv9.pl | 4 +-
crypto/external/bsd/openssl/dist/crypto/sm2/sm2_sign.c | 6 +-
crypto/external/bsd/openssl/dist/crypto/store/loader_file.c | 18 +-
crypto/external/bsd/openssl/dist/crypto/store/store_lib.c | 4 +-
crypto/external/bsd/openssl/dist/crypto/threads_none.c | 15 +-
crypto/external/bsd/openssl/dist/crypto/threads_pthread.c | 12 +-
crypto/external/bsd/openssl/dist/crypto/threads_win.c | 4 +
crypto/external/bsd/openssl/dist/crypto/ui/ui_lib.c | 4 +-
crypto/external/bsd/openssl/dist/crypto/ui/ui_openssl.c | 2 +-
crypto/external/bsd/openssl/dist/crypto/uid.c | 16 +-
crypto/external/bsd/openssl/dist/crypto/whrlpool/wp_block.c | 3 +-
crypto/external/bsd/openssl/dist/crypto/x509/by_dir.c | 6 +-
crypto/external/bsd/openssl/dist/crypto/x509/t_req.c | 6 +-
crypto/external/bsd/openssl/dist/crypto/x509/x509_att.c | 6 +-
crypto/external/bsd/openssl/dist/crypto/x509/x509_cmp.c | 12 +-
crypto/external/bsd/openssl/dist/crypto/x509/x509_err.c | 4 +-
crypto/external/bsd/openssl/dist/crypto/x509/x509_lu.c | 113 +-
crypto/external/bsd/openssl/dist/crypto/x509/x509_vfy.c | 12 +-
crypto/external/bsd/openssl/dist/crypto/x509v3/v3_alt.c | 11 +-
crypto/external/bsd/openssl/dist/crypto/x509v3/v3_purp.c | 16 +-
crypto/external/bsd/openssl/dist/demos/bio/descrip.mms | 2 +-
crypto/external/bsd/openssl/dist/demos/evp/aesgcm.c | 4 +-
crypto/external/bsd/openssl/dist/doc/HOWTO/proxy_certificates.txt | 2 +-
crypto/external/bsd/openssl/dist/doc/man1/engine.pod | 4 +-
crypto/external/bsd/openssl/dist/doc/man1/errstr.pod | 4 +-
crypto/external/bsd/openssl/dist/doc/man1/pkcs12.pod | 3 +-
crypto/external/bsd/openssl/dist/doc/man1/pkeyparam.pod | 4 +-
crypto/external/bsd/openssl/dist/doc/man1/s_client.pod | 2 +-
crypto/external/bsd/openssl/dist/doc/man1/s_server.pod | 2 +-
crypto/external/bsd/openssl/dist/doc/man3/ADMISSIONS.pod | 4 +-
crypto/external/bsd/openssl/dist/doc/man3/ASYNC_start_job.pod | 4 +-
crypto/external/bsd/openssl/dist/doc/man3/BIO_connect.pod | 2 +-
crypto/external/bsd/openssl/dist/doc/man3/BIO_f_ssl.pod | 38 +-
crypto/external/bsd/openssl/dist/doc/man3/BIO_find_type.pod | 4 +-
crypto/external/bsd/openssl/dist/doc/man3/BIO_new.pod | 4 +-
crypto/external/bsd/openssl/dist/doc/man3/BIO_s_accept.pod | 4 +-
crypto/external/bsd/openssl/dist/doc/man3/BIO_s_bio.pod | 6 +-
crypto/external/bsd/openssl/dist/doc/man3/BIO_s_connect.pod | 4 +-
crypto/external/bsd/openssl/dist/doc/man3/BIO_s_fd.pod | 4 +-
crypto/external/bsd/openssl/dist/doc/man3/BIO_s_mem.pod | 48 +-
crypto/external/bsd/openssl/dist/doc/man3/BIO_set_callback.pod | 12 +-
crypto/external/bsd/openssl/dist/doc/man3/BN_generate_prime.pod | 14 +-
crypto/external/bsd/openssl/dist/doc/man3/BN_mod_mul_montgomery.pod | 4 +-
crypto/external/bsd/openssl/dist/doc/man3/BN_new.pod | 4 +-
crypto/external/bsd/openssl/dist/doc/man3/CMS_final.pod | 4 +-
crypto/external/bsd/openssl/dist/doc/man3/CRYPTO_THREAD_run_once.pod | 4 +-
crypto/external/bsd/openssl/dist/doc/man3/CRYPTO_memcmp.pod | 39 +
crypto/external/bsd/openssl/dist/doc/man3/DES_random_key.pod | 8 +-
crypto/external/bsd/openssl/dist/doc/man3/DSA_generate_key.pod | 6 +-
crypto/external/bsd/openssl/dist/doc/man3/DSA_sign.pod | 9 +-
crypto/external/bsd/openssl/dist/doc/man3/ECDSA_SIG_new.pod | 25 +-
crypto/external/bsd/openssl/dist/doc/man3/EVP_DigestInit.pod | 4 +-
crypto/external/bsd/openssl/dist/doc/man3/EVP_DigestSignInit.pod | 12 +-
crypto/external/bsd/openssl/dist/doc/man3/EVP_DigestVerifyInit.pod | 10 +-
crypto/external/bsd/openssl/dist/doc/man3/EVP_PKEY_CTX_set_hkdf_md.pod | 4 +-
crypto/external/bsd/openssl/dist/doc/man3/EVP_PKEY_CTX_set_tls1_prf_md.pod | 4 +-
crypto/external/bsd/openssl/dist/doc/man3/EVP_PKEY_decrypt.pod | 4 +-
crypto/external/bsd/openssl/dist/doc/man3/EVP_PKEY_derive.pod | 4 +-
crypto/external/bsd/openssl/dist/doc/man3/EVP_PKEY_encrypt.pod | 4 +-
crypto/external/bsd/openssl/dist/doc/man3/EVP_PKEY_sign.pod | 4 +-
crypto/external/bsd/openssl/dist/doc/man3/EVP_PKEY_verify.pod | 4 +-
crypto/external/bsd/openssl/dist/doc/man3/EVP_PKEY_verify_recover.pod | 4 +-
crypto/external/bsd/openssl/dist/doc/man3/EVP_SealInit.pod | 9 +-
crypto/external/bsd/openssl/dist/doc/man3/EVP_SignInit.pod | 9 +-
crypto/external/bsd/openssl/dist/doc/man3/EVP_VerifyInit.pod | 4 +-
crypto/external/bsd/openssl/dist/doc/man3/EVP_aria.pod | 4 +-
crypto/external/bsd/openssl/dist/doc/man3/EVP_md5.pod | 4 +-
crypto/external/bsd/openssl/dist/doc/man3/EVP_rc5_32_12_16_cbc.pod | 27 +-
crypto/external/bsd/openssl/dist/doc/man3/OCSP_REQUEST_new.pod | 4 +-
crypto/external/bsd/openssl/dist/doc/man3/OPENSSL_fork_prepare.pod | 6 +-
crypto/external/bsd/openssl/dist/doc/man3/OSSL_STORE_LOADER.pod | 4 +-
crypto/external/bsd/openssl/dist/doc/man3/OSSL_STORE_expect.pod | 4 +-
crypto/external/bsd/openssl/dist/doc/man3/PKCS12_newpass.pod | 4 +-
crypto/external/bsd/openssl/dist/doc/man3/RAND_DRBG_set_callbacks.pod | 2 +-
crypto/external/bsd/openssl/dist/doc/man3/RAND_set_rand_method.pod | 9 +-
crypto/external/bsd/openssl/dist/doc/man3/RSA_blinding_on.pod | 5 +-
crypto/external/bsd/openssl/dist/doc/man3/RSA_generate_key.pod | 15 +-
crypto/external/bsd/openssl/dist/doc/man3/RSA_padding_add_PKCS1_type_1.pod | 7 +-
crypto/external/bsd/openssl/dist/doc/man3/RSA_public_encrypt.pod | 2 +-
crypto/external/bsd/openssl/dist/doc/man3/RSA_sign_ASN1_OCTET_STRING.pod | 10 +-
crypto/external/bsd/openssl/dist/doc/man3/SSL_CTX_config.pod | 4 +-
crypto/external/bsd/openssl/dist/doc/man3/SSL_CTX_dane_enable.pod | 4 +-
crypto/external/bsd/openssl/dist/doc/man3/SSL_CTX_get0_param.pod | 16 +-
crypto/external/bsd/openssl/dist/doc/man3/SSL_CTX_new.pod | 19 +-
crypto/external/bsd/openssl/dist/doc/man3/SSL_CTX_set_cipher_list.pod | 4 +-
crypto/external/bsd/openssl/dist/doc/man3/SSL_CTX_set_generate_session_id.pod | 4 +-
crypto/external/bsd/openssl/dist/doc/man3/SSL_CTX_set_session_id_context.pod | 6 +-
crypto/external/bsd/openssl/dist/doc/man3/SSL_CTX_set_verify.pod | 12 +-
crypto/external/bsd/openssl/dist/doc/man3/SSL_SESSION_get0_hostname.pod | 4 +-
crypto/external/bsd/openssl/dist/doc/man3/SSL_get_error.pod | 6 +-
crypto/external/bsd/openssl/dist/doc/man3/SSL_library_init.pod | 4 +-
crypto/external/bsd/openssl/dist/doc/man3/SSL_set1_host.pod | 4 +-
crypto/external/bsd/openssl/dist/doc/man3/SSL_write.pod | 2 +-
crypto/external/bsd/openssl/dist/doc/man3/X509_STORE_CTX_get_error.pod | 10 +-
crypto/external/bsd/openssl/dist/doc/man3/X509_STORE_CTX_set_verify_cb.pod | 4 +-
crypto/external/bsd/openssl/dist/doc/man3/X509_STORE_add_cert.pod | 6 +-
crypto/external/bsd/openssl/dist/doc/man3/X509_STORE_new.pod | 4 +-
crypto/external/bsd/openssl/dist/doc/man3/X509_VERIFY_PARAM_set_flags.pod | 4 +-
crypto/external/bsd/openssl/dist/doc/man3/X509_cmp.pod | 80 +
crypto/external/bsd/openssl/dist/doc/man3/X509_get_extension_flags.pod | 14 +-
crypto/external/bsd/openssl/dist/doc/man3/d2i_X509.pod | 20 +-
crypto/external/bsd/openssl/dist/doc/man5/x509v3_config.pod | 5 +-
crypto/external/bsd/openssl/dist/doc/man7/Ed25519.pod | 4 +-
crypto/external/bsd/openssl/dist/doc/man7/RAND.pod | 8 +-
crypto/external/bsd/openssl/dist/doc/man7/SM2.pod | 4 +-
crypto/external/bsd/openssl/dist/doc/man7/X25519.pod | 4 +-
crypto/external/bsd/openssl/dist/doc/man7/bio.pod | 4 +-
crypto/external/bsd/openssl/dist/doc/man7/scrypt.pod | 4 +-
crypto/external/bsd/openssl/dist/e_os.h | 30 +-
crypto/external/bsd/openssl/dist/engines/build.info | 15 +-
crypto/external/bsd/openssl/dist/engines/e_afalg.c | 16 +-
crypto/external/bsd/openssl/dist/include/internal/constant_time_locl.h | 64 +-
crypto/external/bsd/openssl/dist/include/internal/cryptlib.h | 1 +
crypto/external/bsd/openssl/dist/include/internal/dsoerr.h | 4 +-
crypto/external/bsd/openssl/dist/include/internal/refcount.h | 2 +-
crypto/external/bsd/openssl/dist/include/internal/thread_once.h | 2 +-
crypto/external/bsd/openssl/dist/include/internal/tsan_assist.h | 2 +-
crypto/external/bsd/openssl/dist/include/openssl/asn1err.h | 6 +-
crypto/external/bsd/openssl/dist/include/openssl/asyncerr.h | 6 +-
crypto/external/bsd/openssl/dist/include/openssl/bio.h | 6 +-
crypto/external/bsd/openssl/dist/include/openssl/bioerr.h | 6 +-
crypto/external/bsd/openssl/dist/include/openssl/bnerr.h | 6 +-
crypto/external/bsd/openssl/dist/include/openssl/buffererr.h | 6 +-
crypto/external/bsd/openssl/dist/include/openssl/cms.h | 5 +-
crypto/external/bsd/openssl/dist/include/openssl/cmserr.h | 8 +-
crypto/external/bsd/openssl/dist/include/openssl/comperr.h | 6 +-
crypto/external/bsd/openssl/dist/include/openssl/conferr.h | 6 +-
crypto/external/bsd/openssl/dist/include/openssl/cryptoerr.h | 9 +-
crypto/external/bsd/openssl/dist/include/openssl/cterr.h | 6 +-
crypto/external/bsd/openssl/dist/include/openssl/dherr.h | 6 +-
crypto/external/bsd/openssl/dist/include/openssl/dsaerr.h | 7 +-
crypto/external/bsd/openssl/dist/include/openssl/ec.h | 7 +-
crypto/external/bsd/openssl/dist/include/openssl/ecerr.h | 4 +
crypto/external/bsd/openssl/dist/include/openssl/engineerr.h | 6 +-
crypto/external/bsd/openssl/dist/include/openssl/evp.h | 4 +
crypto/external/bsd/openssl/dist/include/openssl/evperr.h | 12 +-
crypto/external/bsd/openssl/dist/include/openssl/kdferr.h | 6 +-
crypto/external/bsd/openssl/dist/include/openssl/objectserr.h | 6 +-
crypto/external/bsd/openssl/dist/include/openssl/ocsperr.h | 6 +-
crypto/external/bsd/openssl/dist/include/openssl/opensslv.h | 4 +-
crypto/external/bsd/openssl/dist/include/openssl/pemerr.h | 6 +-
crypto/external/bsd/openssl/dist/include/openssl/pkcs12err.h | 6 +-
crypto/external/bsd/openssl/dist/include/openssl/pkcs7err.h | 6 +-
crypto/external/bsd/openssl/dist/include/openssl/randerr.h | 5 +-
crypto/external/bsd/openssl/dist/include/openssl/rsaerr.h | 7 +-
crypto/external/bsd/openssl/dist/include/openssl/ssl.h | 60 +-
crypto/external/bsd/openssl/dist/include/openssl/sslerr.h | 4 +
crypto/external/bsd/openssl/dist/include/openssl/store.h | 6 +-
crypto/external/bsd/openssl/dist/include/openssl/storeerr.h | 6 +-
crypto/external/bsd/openssl/dist/include/openssl/tls1.h | 4 +-
crypto/external/bsd/openssl/dist/include/openssl/tserr.h | 6 +-
crypto/external/bsd/openssl/dist/include/openssl/uierr.h | 6 +-
crypto/external/bsd/openssl/dist/include/openssl/x509err.h | 7 +-
crypto/external/bsd/openssl/dist/include/openssl/x509v3.h | 2 +
crypto/external/bsd/openssl/dist/include/openssl/x509v3err.h | 6 +-
crypto/external/bsd/openssl/dist/ssl/d1_msg.c | 5 +-
crypto/external/bsd/openssl/dist/ssl/record/rec_layer_s3.c | 12 +-
crypto/external/bsd/openssl/dist/ssl/s3_lib.c | 14 +-
crypto/external/bsd/openssl/dist/ssl/ssl_cert.c | 5 +-
crypto/external/bsd/openssl/dist/ssl/ssl_ciph.c | 13 +-
crypto/external/bsd/openssl/dist/ssl/ssl_lib.c | 20 +-
crypto/external/bsd/openssl/dist/ssl/ssl_locl.h | 37 +-
crypto/external/bsd/openssl/dist/ssl/ssl_sess.c | 39 +-
crypto/external/bsd/openssl/dist/ssl/statem/extensions.c | 21 +-
crypto/external/bsd/openssl/dist/ssl/statem/extensions_clnt.c | 16 +-
crypto/external/bsd/openssl/dist/ssl/statem/extensions_srvr.c | 20 +-
crypto/external/bsd/openssl/dist/ssl/statem/statem_clnt.c | 6 -
crypto/external/bsd/openssl/dist/ssl/statem/statem_lib.c | 19 +-
crypto/external/bsd/openssl/dist/ssl/statem/statem_srvr.c | 54 +-
crypto/external/bsd/openssl/dist/ssl/t1_lib.c | 275 +-
crypto/external/bsd/openssl/dist/ssl/tls13_enc.c | 53 +-
crypto/external/bsd/openssl/dist/test/asn1_time_test.c | 6 +-
crypto/external/bsd/openssl/dist/test/bio_memleak_test.c | 40 +
crypto/external/bsd/openssl/dist/test/bntest.c | 47 +-
crypto/external/bsd/openssl/dist/test/build.info | 3 +-
crypto/external/bsd/openssl/dist/test/certs/mkcert.sh | 31 +-
crypto/external/bsd/openssl/dist/test/certs/server-pss-restrict-cert.pem | 21 +
crypto/external/bsd/openssl/dist/test/certs/server-pss-restrict-key.pem | 29 +
crypto/external/bsd/openssl/dist/test/certs/setup.sh | 6 +
crypto/external/bsd/openssl/dist/test/conf_include_test.c | 4 +-
crypto/external/bsd/openssl/dist/test/ct_test.c | 23 +-
crypto/external/bsd/openssl/dist/test/dhtest.c | 77 +-
crypto/external/bsd/openssl/dist/test/drbgtest.c | 47 +-
crypto/external/bsd/openssl/dist/test/dtlstest.c | 2 +-
crypto/external/bsd/openssl/dist/test/ectest.c | 444 ++++-
crypto/external/bsd/openssl/dist/test/enginetest.c | 19 +-
crypto/external/bsd/openssl/dist/test/evp_extra_test.c | 2 +-
crypto/external/bsd/openssl/dist/test/evp_test.c | 34 +-
crypto/external/bsd/openssl/dist/test/recipes/30-test_evp_data/evpciph.txt | 11 +
crypto/external/bsd/openssl/dist/test/recipes/70-test_sslmessages.t | 27 +-
crypto/external/bsd/openssl/dist/test/recipes/70-test_tls13kexmodes.t | 38 +-
crypto/external/bsd/openssl/dist/test/recipes/70-test_tls13messages.t | 91 +-
crypto/external/bsd/openssl/dist/test/recipes/80-test_cms.t | 69 +-
crypto/external/bsd/openssl/dist/test/recipes/80-test_cms_data/bad_signtime_attr.cms | Bin
crypto/external/bsd/openssl/dist/test/recipes/80-test_cms_data/ct_multiple_attr.cms | Bin
crypto/external/bsd/openssl/dist/test/recipes/80-test_cms_data/no_ct_attr.cms | Bin
crypto/external/bsd/openssl/dist/test/recipes/80-test_cms_data/no_md_attr.cms | Bin
crypto/external/bsd/openssl/dist/test/recipes/90-test_sslapi.t | 7 +-
crypto/external/bsd/openssl/dist/test/ssl-tests/20-cert-select.conf | 984 +++++----
crypto/external/bsd/openssl/dist/test/ssl-tests/20-cert-select.conf.in | 66 +
crypto/external/bsd/openssl/dist/test/sslapitest.c | 345 +++-
crypto/external/bsd/openssl/dist/test/ssltestlib.c | 98 +-
crypto/external/bsd/openssl/dist/test/ssltestlib.h | 3 +
crypto/external/bsd/openssl/dist/test/testutil.h | 13 +-
crypto/external/bsd/openssl/dist/test/testutil/driver.c | 26 +-
crypto/external/bsd/openssl/dist/test/testutil/random.c | 40 +
crypto/external/bsd/openssl/dist/test/tls13secretstest.c | 2 +-
crypto/external/bsd/openssl/dist/util/find-doc-nits | 28 +-
crypto/external/bsd/openssl/dist/util/libcrypto.num | 2 +
crypto/external/bsd/openssl/dist/util/mkdef.pl | 4 +-
crypto/external/bsd/openssl/dist/util/mkerr.pl | 8 +-
crypto/external/bsd/openssl/dist/util/perl/OpenSSL/Test.pm | 11 +-
crypto/external/bsd/openssl/dist/util/perl/TLSProxy/CertificateRequest.pm | 105 +
crypto/external/bsd/openssl/dist/util/perl/TLSProxy/Message.pm | 14 +
crypto/external/bsd/openssl/dist/util/perl/TLSProxy/Proxy.pm | 1 +
crypto/external/bsd/openssl/dist/util/perl/checkhandshake.pm | 20 +-
322 files changed, 5429 insertions(+), 1946 deletions(-)
diffs (truncated from 15605 to 300 lines):
diff -r 29645b1e84d1 -r cc31f37d4131 crypto/external/bsd/openssl/dist/CHANGES
--- a/crypto/external/bsd/openssl/dist/CHANGES Sun Jun 09 17:47:39 2019 +0000
+++ b/crypto/external/bsd/openssl/dist/CHANGES Thu Jan 23 02:47:58 2020 +0000
@@ -7,6 +7,101 @@
https://github.com/openssl/openssl/commits/ and pick the appropriate
release branch.
+ Changes between 1.1.1c and 1.1.1d [10 Sep 2019]
+
+ *) Fixed a fork protection issue. OpenSSL 1.1.1 introduced a rewritten random
+ number generator (RNG). This was intended to include protection in the
+ event of a fork() system call in order to ensure that the parent and child
+ processes did not share the same RNG state. However this protection was not
+ being used in the default case.
+
+ A partial mitigation for this issue is that the output from a high
+ precision timer is mixed into the RNG state so the likelihood of a parent
+ and child process sharing state is significantly reduced.
+
+ If an application already calls OPENSSL_init_crypto() explicitly using
+ OPENSSL_INIT_ATFORK then this problem does not occur at all.
+ (CVE-2019-1549)
+ [Matthias St. Pierre]
+
+ *) For built-in EC curves, ensure an EC_GROUP built from the curve name is
+ used even when parsing explicit parameters, when loading a serialized key
+ or calling `EC_GROUP_new_from_ecpkparameters()`/
+ `EC_GROUP_new_from_ecparameters()`.
+ This prevents bypass of security hardening and performance gains,
+ especially for curves with specialized EC_METHODs.
+ By default, if a key encoded with explicit parameters is loaded and later
+ serialized, the output is still encoded with explicit parameters, even if
+ internally a "named" EC_GROUP is used for computation.
+ [Nicola Tuveri]
+
+ *) Compute ECC cofactors if not provided during EC_GROUP construction. Before
+ this change, EC_GROUP_set_generator would accept order and/or cofactor as
+ NULL. After this change, only the cofactor parameter can be NULL. It also
+ does some minimal sanity checks on the passed order.
+ (CVE-2019-1547)
+ [Billy Bob Brumley]
+
+ *) Fixed a padding oracle in PKCS7_dataDecode and CMS_decrypt_set1_pkey.
+ An attack is simple, if the first CMS_recipientInfo is valid but the
+ second CMS_recipientInfo is chosen ciphertext. If the second
+ recipientInfo decodes to PKCS #1 v1.5 form plaintext, the correct
+ encryption key will be replaced by garbage, and the message cannot be
+ decoded, but if the RSA decryption fails, the correct encryption key is
+ used and the recipient will not notice the attack.
+ As a work around for this potential attack the length of the decrypted
+ key must be equal to the cipher default key length, in case the
+ certifiate is not given and all recipientInfo are tried out.
+ The old behaviour can be re-enabled in the CMS code by setting the
+ CMS_DEBUG_DECRYPT flag.
+ (CVE-2019-1563)
+ [Bernd Edlinger]
+
+ *) Early start up entropy quality from the DEVRANDOM seed source has been
+ improved for older Linux systems. The RAND subsystem will wait for
+ /dev/random to be producing output before seeding from /dev/urandom.
+ The seeded state is stored for future library initialisations using
+ a system global shared memory segment. The shared memory identifier
+ can be configured by defining OPENSSL_RAND_SEED_DEVRANDOM_SHM_ID to
+ the desired value. The default identifier is 114.
+ [Paul Dale]
+
+ *) Correct the extended master secret constant on EBCDIC systems. Without this
+ fix TLS connections between an EBCDIC system and a non-EBCDIC system that
+ negotiate EMS will fail. Unfortunately this also means that TLS connections
+ between EBCDIC systems with this fix, and EBCDIC systems without this
+ fix will fail if they negotiate EMS.
+ [Matt Caswell]
+
+ *) Use Windows installation paths in the mingw builds
+
+ Mingw isn't a POSIX environment per se, which means that Windows
+ paths should be used for installation.
+ (CVE-2019-1552)
+ [Richard Levitte]
+
+ *) Changed DH_check to accept parameters with order q and 2q subgroups.
+ With order 2q subgroups the bit 0 of the private key is not secret
+ but DH_generate_key works around that by clearing bit 0 of the
+ private key for those. This avoids leaking bit 0 of the private key.
+ [Bernd Edlinger]
+
+ *) Significantly reduce secure memory usage by the randomness pools.
+ [Paul Dale]
+
+ *) Revert the DEVRANDOM_WAIT feature for Linux systems
+
+ The DEVRANDOM_WAIT feature added a select() call to wait for the
+ /dev/random device to become readable before reading from the
+ /dev/urandom device.
+
+ It turned out that this change had negative side effects on
+ performance which were not acceptable. After some discussion it
+ was decided to revert this feature and leave it up to the OS
+ resp. the platform maintainer to ensure a proper initialization
+ during early boot time.
+ [Matthias St. Pierre]
+
Changes between 1.1.1b and 1.1.1c [28 May 2019]
*) Add build tests for C++. These are generated files that only do one
@@ -75,6 +170,16 @@
(CVE-2019-1543)
[Matt Caswell]
+ *) Add DEVRANDOM_WAIT feature for Linux systems
+
+ On older Linux systems where the getrandom() system call is not available,
+ OpenSSL normally uses the /dev/urandom device for seeding its CSPRNG.
+ Contrary to getrandom(), the /dev/urandom device will not block during
+ early boot when the kernel CSPRNG has not been seeded yet.
+
+ To mitigate this known weakness, use select() to wait for /dev/random to
+ become readable before reading from /dev/urandom.
+
*) Ensure that SM2 only uses SM3 as digest algorithm
[Paul Yang]
@@ -322,7 +427,7 @@
SSL_set_ciphersuites()
[Matt Caswell]
- *) Memory allocation failures consistenly add an error to the error
+ *) Memory allocation failures consistently add an error to the error
stack.
[Rich Salz]
@@ -6860,7 +6965,7 @@
reason texts, thereby removing some of the footprint that may not
be interesting if those errors aren't displayed anyway.
- NOTE: it's still possible for any application or module to have it's
+ NOTE: it's still possible for any application or module to have its
own set of error texts inserted. The routines are there, just not
used by default when no-err is given.
[Richard Levitte]
@@ -8826,7 +8931,7 @@
Changes between 0.9.6g and 0.9.6h [5 Dec 2002]
*) New function OPENSSL_cleanse(), which is used to cleanse a section of
- memory from it's contents. This is done with a counter that will
+ memory from its contents. This is done with a counter that will
place alternating values in each byte. This can be used to solve
two issues: 1) the removal of calls to memset() by highly optimizing
compilers, and 2) cleansing with other values than 0, since those can
diff -r 29645b1e84d1 -r cc31f37d4131 crypto/external/bsd/openssl/dist/Configurations/00-base-templates.conf
--- a/crypto/external/bsd/openssl/dist/Configurations/00-base-templates.conf Sun Jun 09 17:47:39 2019 +0000
+++ b/crypto/external/bsd/openssl/dist/Configurations/00-base-templates.conf Thu Jan 23 02:47:58 2020 +0000
@@ -198,7 +198,7 @@
bn_asm_src => "bn-586.s co-586.s x86-mont.s x86-gf2m.s",
ec_asm_src => "ecp_nistz256.c ecp_nistz256-x86.s",
des_asm_src => "des-586.s crypt586.s",
- aes_asm_src => "aes-586.s vpaes-x86.s aesni-x86.s",
+ aes_asm_src => "aes_core.c aes_cbc.c vpaes-x86.s aesni-x86.s",
bf_asm_src => "bf-586.s",
md5_asm_src => "md5-586.s",
cast_asm_src => "cast-586.s",
@@ -223,7 +223,7 @@
cpuid_asm_src => "x86_64cpuid.s",
bn_asm_src => "asm/x86_64-gcc.c x86_64-mont.s x86_64-mont5.s x86_64-gf2m.s rsaz_exp.c rsaz-x86_64.s rsaz-avx2.s",
ec_asm_src => "ecp_nistz256.c ecp_nistz256-x86_64.s x25519-x86_64.s",
- aes_asm_src => "aes-x86_64.s vpaes-x86_64.s bsaes-x86_64.s aesni-x86_64.s aesni-sha1-x86_64.s aesni-sha256-x86_64.s aesni-mb-x86_64.s",
+ aes_asm_src => "aes_core.c aes_cbc.c vpaes-x86_64.s aesni-x86_64.s aesni-sha1-x86_64.s aesni-sha256-x86_64.s aesni-mb-x86_64.s",
md5_asm_src => "md5-x86_64.s",
sha1_asm_src => "sha1-x86_64.s sha256-x86_64.s sha512-x86_64.s sha1-mb-x86_64.s sha256-mb-x86_64.s",
rc4_asm_src => "rc4-x86_64.s rc4-md5-x86_64.s",
diff -r 29645b1e84d1 -r cc31f37d4131 crypto/external/bsd/openssl/dist/Configurations/10-main.conf
--- a/crypto/external/bsd/openssl/dist/Configurations/10-main.conf Sun Jun 09 17:47:39 2019 +0000
+++ b/crypto/external/bsd/openssl/dist/Configurations/10-main.conf Thu Jan 23 02:47:58 2020 +0000
@@ -1111,7 +1111,7 @@
thread_scheme => "pthreads",
dso_scheme => "dlfcn",
shared_target => "self",
- module_ldflags => "-Wl,-G,-bsymbolic,-bexpall",
+ module_ldflags => "-Wl,-G,-bsymbolic,-bnoentry",
shared_ldflag => "-Wl,-G,-bsymbolic,-bnoentry",
shared_defflag => "-Wl,-bE:",
shared_extension => ".so.\$(SHLIB_VERSION_NUMBER)",
@@ -1397,6 +1397,10 @@
shared_extension => ".dll",
multilib => "",
apps_aux_src => add("win32_init.c"),
+ # "WOW" stands for "Windows on Windows", and that word engages
+ # some installation path heuristics in unix-Makefile.tmpl...
+ build_scheme => add("WOW", { separator => undef }),
+
},
"mingw64" => {
# As for OPENSSL_USE_APPLINK. Applink makes it possible to use
diff -r 29645b1e84d1 -r cc31f37d4131 crypto/external/bsd/openssl/dist/Configurations/15-ios.conf
--- a/crypto/external/bsd/openssl/dist/Configurations/15-ios.conf Sun Jun 09 17:47:39 2019 +0000
+++ b/crypto/external/bsd/openssl/dist/Configurations/15-ios.conf Thu Jan 23 02:47:58 2020 +0000
@@ -1,6 +1,6 @@
#### iPhoneOS/iOS
#
-# It takes recent enough XCode to use following two targets. It shouldn't
+# It takes recent enough Xcode to use following two targets. It shouldn't
# be a problem by now, but if they don't work, original targets below
# that depend on manual definition of environment variables should still
# work...
diff -r 29645b1e84d1 -r cc31f37d4131 crypto/external/bsd/openssl/dist/Configurations/50-win-onecore.conf
--- a/crypto/external/bsd/openssl/dist/Configurations/50-win-onecore.conf Sun Jun 09 17:47:39 2019 +0000
+++ b/crypto/external/bsd/openssl/dist/Configurations/50-win-onecore.conf Thu Jan 23 02:47:58 2020 +0000
@@ -1,6 +1,6 @@
# Windows OneCore targets.
#
-# OneCore is new API stability "contract" that transends Desktop, IoT and
+# OneCore is new API stability "contract" that transcends Desktop, IoT and
# Mobile[?] Windows editions. It's a set up "umbrella" libraries that
# export subset of Win32 API that are common to all Windows 10 devices.
#
diff -r 29645b1e84d1 -r cc31f37d4131 crypto/external/bsd/openssl/dist/Configurations/common0.tmpl
--- a/crypto/external/bsd/openssl/dist/Configurations/common0.tmpl Sun Jun 09 17:47:39 2019 +0000
+++ b/crypto/external/bsd/openssl/dist/Configurations/common0.tmpl Thu Jan 23 02:47:58 2020 +0000
@@ -22,7 +22,7 @@
our @generated =
sort ( ( grep { defined $unified_info{generate}->{$_} }
sort keys %generatables ),
- # Scripts are assumed to be generated, so add thhem too
+ # Scripts are assumed to be generated, so add them too
( grep { defined $unified_info{sources}->{$_} }
@{$unified_info{scripts}} ) );
diff -r 29645b1e84d1 -r cc31f37d4131 crypto/external/bsd/openssl/dist/Configurations/unix-Makefile.tmpl
--- a/crypto/external/bsd/openssl/dist/Configurations/unix-Makefile.tmpl Sun Jun 09 17:47:39 2019 +0000
+++ b/crypto/external/bsd/openssl/dist/Configurations/unix-Makefile.tmpl Thu Jan 23 02:47:58 2020 +0000
@@ -14,6 +14,26 @@
our $dsoext = $target{dso_extension} || ".so";
our $makedepprog = $disabled{makedepend} ? undef : $config{makedepprog};
+ # $mingw_installroot and $mingw_commonroot is relevant for mingw only.
+ my $build_scheme = $target{build_scheme};
+ my $install_flavour = $build_scheme->[$#$build_scheme]; # last element
+ my $mingw_installenv = $install_flavour eq "WOW" ? "ProgramFiles(x86)"
+ : "ProgramW6432";
+ my $mingw_commonenv = $install_flavour eq "WOW" ? "CommonProgramFiles(x86)"
+ : "CommonProgramW6432";
+ our $mingw_installroot =
+ defined($ENV{$mingw_installenv}) ? $mingw_installenv : 'ProgramFiles';
+ our $mingw_commonroot =
+ defined($ENV{$mingw_commonenv}) ? $mingw_commonenv : 'CommonProgramFiles';
+ my $mingw_installdflt =
+ $install_flavour eq "WOW" ? "C:/Program Files (x86)"
+ : "C:/Program Files";
+ my $mingw_commondflt = "$mingw_installdflt/Common Files";
+
+ # expand variables early
+ $mingw_installroot = $ENV{$mingw_installroot} // $mingw_installdflt;
+ $mingw_commonroot = $ENV{$mingw_commonroot} // $mingw_commondflt;
+
sub windowsdll { $config{target} =~ /^(?:Cygwin|mingw)/ }
# Shared AIX support is special. We put libcrypto[64].so.ver into
@@ -132,6 +152,7 @@
# Normally it is left empty.
DESTDIR=
+{- output_off() if $config{target} =~ /^mingw/; "" -}
# Do not edit these manually. Use Configure with --prefix or --openssldir
# to change this! Short explanation in the top comment in Configure
INSTALLTOP={- # $prefix is used in the OPENSSLDIR perl snippet
@@ -175,6 +196,83 @@
# Convenience variable for those who want to set the rpath in shared
# libraries and applications
LIBRPATH=$(libdir)
+{- output_on() if $config{target} =~ /^mingw/;
+ output_off() if $config{target} !~ /^mingw/;
+ "" -}
+# Do not edit these manually. Use Configure with --prefix or --openssldir
+# to change this! Short explanation in the top comment in Configure
+INSTALLTOP_dev={- # $prefix is used in the OPENSSLDIR perl snippet
+ #
+ use File::Spec::Win32;
+ my $prefix_default = "$mingw_installroot/OpenSSL";
+ our $prefix =
+ File::Spec::Win32->canonpath($config{prefix}
+ || $prefix_default);
+ our ($prefix_dev, $prefix_dir, $prefix_file) =
+ File::Spec::Win32->splitpath($prefix, 1);
+ $prefix =~ s|\\|/|g;
+ $prefix_dir =~ s|\\|/|g;
+ $prefix_dev -}
+INSTALLTOP_dir={- my $x = File::Spec::Win32->canonpath($prefix_dir);
+ $x =~ s|\\|/|g;
+ $x -}
+OPENSSLDIR_dev={- #
+ # The logic here is that if no --openssldir was given,
+ # OPENSSLDIR will get the value "$mingw_commonroot/SSL".
+ # If --openssldir was given and the value is an absolute
+ # path, OPENSSLDIR will get its value without change.
+ # If the value from --openssldir is a relative path,
+ # OPENSSLDIR will get $prefix with the --openssldir
+ # value appended as a subdirectory.
+ #
+ use File::Spec::Win32;
+ our $openssldir =
Home |
Main Index |
Thread Index |
Old Index