Source-Changes-HG archive

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]

[src/OPENSSL]: src/crypto/external/bsd/openssl/dist Changes between 1.1.1c an...



details:   https://anonhg.NetBSD.org/src/rev/cc31f37d4131
branches:  OPENSSL
changeset: 467298:cc31f37d4131
user:      christos <christos%NetBSD.org@localhost>
date:      Thu Jan 23 02:47:58 2020 +0000

description:
Changes between 1.1.1c and 1.1.1d [10 Sep 2019]

  *) Fixed a fork protection issue. OpenSSL 1.1.1 introduced a rewritten random
     number generator (RNG). This was intended to include protection in the
     event of a fork() system call in order to ensure that the parent and child
     processes did not share the same RNG state. However this protection was not
     being used in the default case.

     A partial mitigation for this issue is that the output from a high
     precision timer is mixed into the RNG state so the likelihood of a parent
     and child process sharing state is significantly reduced.

     If an application already calls OPENSSL_init_crypto() explicitly using
     OPENSSL_INIT_ATFORK then this problem does not occur at all.
     (CVE-2019-1549)
     [Matthias St. Pierre]

  *) For built-in EC curves, ensure an EC_GROUP built from the curve name is
     used even when parsing explicit parameters, when loading a serialized key
     or calling `EC_GROUP_new_from_ecpkparameters()`/
     `EC_GROUP_new_from_ecparameters()`.
     This prevents bypass of security hardening and performance gains,
     especially for curves with specialized EC_METHODs.
     By default, if a key encoded with explicit parameters is loaded and later
     serialized, the output is still encoded with explicit parameters, even if
     internally a "named" EC_GROUP is used for computation.
     [Nicola Tuveri]

  *) Compute ECC cofactors if not provided during EC_GROUP construction. Before
     this change, EC_GROUP_set_generator would accept order and/or cofactor as
     NULL. After this change, only the cofactor parameter can be NULL. It also
     does some minimal sanity checks on the passed order.
     (CVE-2019-1547)
     [Billy Bob Brumley]

  *) Fixed a padding oracle in PKCS7_dataDecode and CMS_decrypt_set1_pkey.
     An attack is simple, if the first CMS_recipientInfo is valid but the
     second CMS_recipientInfo is chosen ciphertext. If the second
     recipientInfo decodes to PKCS #1 v1.5 form plaintext, the correct
     encryption key will be replaced by garbage, and the message cannot be
     decoded, but if the RSA decryption fails, the correct encryption key is
     used and the recipient will not notice the attack.
     As a work around for this potential attack the length of the decrypted
     key must be equal to the cipher default key length, in case the
     certifiate is not given and all recipientInfo are tried out.
     The old behaviour can be re-enabled in the CMS code by setting the
     CMS_DEBUG_DECRYPT flag.
     (CVE-2019-1563)
     [Bernd Edlinger]

  *) Early start up entropy quality from the DEVRANDOM seed source has been
     improved for older Linux systems.  The RAND subsystem will wait for
     /dev/random to be producing output before seeding from /dev/urandom.
     The seeded state is stored for future library initialisations using
     a system global shared memory segment.  The shared memory identifier
     can be configured by defining OPENSSL_RAND_SEED_DEVRANDOM_SHM_ID to
     the desired value.  The default identifier is 114.
     [Paul Dale]

  *) Correct the extended master secret constant on EBCDIC systems. Without this
     fix TLS connections between an EBCDIC system and a non-EBCDIC system that
     negotiate EMS will fail. Unfortunately this also means that TLS connections
     between EBCDIC systems with this fix, and EBCDIC systems without this
     fix will fail if they negotiate EMS.
     [Matt Caswell]

  *) Use Windows installation paths in the mingw builds

     Mingw isn't a POSIX environment per se, which means that Windows
     paths should be used for installation.
     (CVE-2019-1552)
     [Richard Levitte]

  *) Changed DH_check to accept parameters with order q and 2q subgroups.
     With order 2q subgroups the bit 0 of the private key is not secret
     but DH_generate_key works around that by clearing bit 0 of the
     private key for those. This avoids leaking bit 0 of the private key.
     [Bernd Edlinger]

  *) Significantly reduce secure memory usage by the randomness pools.
     [Paul Dale]

  *) Revert the DEVRANDOM_WAIT feature for Linux systems

     The DEVRANDOM_WAIT feature added a select() call to wait for the
     /dev/random device to become readable before reading from the
     /dev/urandom device.

     It turned out that this change had negative side effects on
     performance which were not acceptable. After some discussion it
     was decided to revert this feature and leave it up to the OS
     resp. the platform maintainer to ensure a proper initialization
     during early boot time.
     [Matthias St. Pierre]

diffstat:

 crypto/external/bsd/openssl/dist/CHANGES                                             |  111 +-
 crypto/external/bsd/openssl/dist/Configurations/00-base-templates.conf               |    4 +-
 crypto/external/bsd/openssl/dist/Configurations/10-main.conf                         |    6 +-
 crypto/external/bsd/openssl/dist/Configurations/15-ios.conf                          |    2 +-
 crypto/external/bsd/openssl/dist/Configurations/50-win-onecore.conf                  |    2 +-
 crypto/external/bsd/openssl/dist/Configurations/common0.tmpl                         |    2 +-
 crypto/external/bsd/openssl/dist/Configurations/unix-Makefile.tmpl                   |  106 +-
 crypto/external/bsd/openssl/dist/Configure                                           |    5 +-
 crypto/external/bsd/openssl/dist/INSTALL                                             |   29 +-
 crypto/external/bsd/openssl/dist/NEWS                                                |   19 +-
 crypto/external/bsd/openssl/dist/NOTES.WIN                                           |   15 +
 crypto/external/bsd/openssl/dist/README                                              |    2 +-
 crypto/external/bsd/openssl/dist/apps/apps.c                                         |    9 +-
 crypto/external/bsd/openssl/dist/apps/apps.h                                         |    4 +-
 crypto/external/bsd/openssl/dist/apps/ca.c                                           |    4 +-
 crypto/external/bsd/openssl/dist/apps/dgst.c                                         |    4 +-
 crypto/external/bsd/openssl/dist/apps/enc.c                                          |    2 +-
 crypto/external/bsd/openssl/dist/apps/ocsp.c                                         |    6 +-
 crypto/external/bsd/openssl/dist/apps/openssl.c                                      |    3 +-
 crypto/external/bsd/openssl/dist/apps/pkcs12.c                                       |    2 +-
 crypto/external/bsd/openssl/dist/apps/req.c                                          |   16 +-
 crypto/external/bsd/openssl/dist/apps/s_apps.h                                       |   20 +-
 crypto/external/bsd/openssl/dist/apps/s_cb.c                                         |    3 +-
 crypto/external/bsd/openssl/dist/apps/s_client.c                                     |    2 +-
 crypto/external/bsd/openssl/dist/apps/speed.c                                        |    2 +-
 crypto/external/bsd/openssl/dist/apps/storeutl.c                                     |    4 +-
 crypto/external/bsd/openssl/dist/config                                              |    8 +-
 crypto/external/bsd/openssl/dist/crypto/aes/asm/aes-s390x.pl                         |    6 +-
 crypto/external/bsd/openssl/dist/crypto/asn1/a_time.c                                |   47 +-
 crypto/external/bsd/openssl/dist/crypto/asn1/a_type.c                                |   10 +-
 crypto/external/bsd/openssl/dist/crypto/asn1/x_bignum.c                              |   19 +-
 crypto/external/bsd/openssl/dist/crypto/bio/b_addr.c                                 |   26 +-
 crypto/external/bsd/openssl/dist/crypto/bio/bss_dgram.c                              |    4 +-
 crypto/external/bsd/openssl/dist/crypto/bio/bss_file.c                               |   61 +-
 crypto/external/bsd/openssl/dist/crypto/bio/bss_mem.c                                |    4 +-
 crypto/external/bsd/openssl/dist/crypto/bn/asm/mips.pl                               |    2 +-
 crypto/external/bsd/openssl/dist/crypto/bn/bn_div.c                                  |    4 +-
 crypto/external/bsd/openssl/dist/crypto/bn/bn_lcl.h                                  |    4 +-
 crypto/external/bsd/openssl/dist/crypto/bn/bn_lib.c                                  |  101 +-
 crypto/external/bsd/openssl/dist/crypto/bn/bn_prime.c                                |    8 +-
 crypto/external/bsd/openssl/dist/crypto/bn/bn_rand.c                                 |    7 +-
 crypto/external/bsd/openssl/dist/crypto/bn/bn_sqrt.c                                 |    5 +-
 crypto/external/bsd/openssl/dist/crypto/cms/cms_att.c                                |  136 +-
 crypto/external/bsd/openssl/dist/crypto/cms/cms_env.c                                |   20 +-
 crypto/external/bsd/openssl/dist/crypto/cms/cms_err.c                                |    5 +-
 crypto/external/bsd/openssl/dist/crypto/cms/cms_lcl.h                                |    9 +-
 crypto/external/bsd/openssl/dist/crypto/cms/cms_sd.c                                 |   38 +-
 crypto/external/bsd/openssl/dist/crypto/cms/cms_smime.c                              |    6 +-
 crypto/external/bsd/openssl/dist/crypto/conf/conf_sap.c                              |    2 +-
 crypto/external/bsd/openssl/dist/crypto/ctype.c                                      |    8 +-
 crypto/external/bsd/openssl/dist/crypto/dh/dh_check.c                                |   37 +-
 crypto/external/bsd/openssl/dist/crypto/dh/dh_gen.c                                  |   56 +-
 crypto/external/bsd/openssl/dist/crypto/dh/dh_key.c                                  |   13 +-
 crypto/external/bsd/openssl/dist/crypto/dh/dh_lib.c                                  |    6 +-
 crypto/external/bsd/openssl/dist/crypto/dsa/dsa_ameth.c                              |    4 +-
 crypto/external/bsd/openssl/dist/crypto/dsa/dsa_err.c                                |    4 +-
 crypto/external/bsd/openssl/dist/crypto/dsa/dsa_ossl.c                               |   10 +-
 crypto/external/bsd/openssl/dist/crypto/dso/dso_dlfcn.c                              |    5 +-
 crypto/external/bsd/openssl/dist/crypto/ec/asm/ecp_nistz256-sparcv9.pl               |    3 +-
 crypto/external/bsd/openssl/dist/crypto/ec/asm/ecp_nistz256-x86_64.pl                |    2 +-
 crypto/external/bsd/openssl/dist/crypto/ec/asm/x25519-ppc64.pl                       |    6 +-
 crypto/external/bsd/openssl/dist/crypto/ec/ec_asn1.c                                 |   73 +-
 crypto/external/bsd/openssl/dist/crypto/ec/ec_curve.c                                |  114 +-
 crypto/external/bsd/openssl/dist/crypto/ec/ec_lcl.h                                  |    4 +-
 crypto/external/bsd/openssl/dist/crypto/ec/ec_lib.c                                  |  103 +-
 crypto/external/bsd/openssl/dist/crypto/ec/ecdh_ossl.c                               |    2 +-
 crypto/external/bsd/openssl/dist/crypto/ec/ecdsa_ossl.c                              |   16 +-
 crypto/external/bsd/openssl/dist/crypto/ec/ecp_nistp224.c                            |   66 +-
 crypto/external/bsd/openssl/dist/crypto/ec/ecp_nistp256.c                            |   67 +-
 crypto/external/bsd/openssl/dist/crypto/ec/ecp_nistp521.c                            |   69 +-
 crypto/external/bsd/openssl/dist/crypto/ec/ecp_nistputil.c                           |   26 +-
 crypto/external/bsd/openssl/dist/crypto/ec/ecx_meth.c                                |    2 +-
 crypto/external/bsd/openssl/dist/crypto/engine/eng_devcrypto.c                       |    2 +-
 crypto/external/bsd/openssl/dist/crypto/engine/eng_openssl.c                         |    8 +-
 crypto/external/bsd/openssl/dist/crypto/err/err.c                                    |   16 +-
 crypto/external/bsd/openssl/dist/crypto/err/openssl.txt                              |   12 +
 crypto/external/bsd/openssl/dist/crypto/evp/bio_ok.c                                 |    6 +-
 crypto/external/bsd/openssl/dist/crypto/evp/e_aes.c                                  |   91 +-
 crypto/external/bsd/openssl/dist/crypto/evp/e_aria.c                                 |   13 +-
 crypto/external/bsd/openssl/dist/crypto/evp/e_chacha20_poly1305.c                    |    7 +-
 crypto/external/bsd/openssl/dist/crypto/evp/e_rc5.c                                  |    6 +-
 crypto/external/bsd/openssl/dist/crypto/evp/evp_err.c                                |   11 +-
 crypto/external/bsd/openssl/dist/crypto/evp/evp_lib.c                                |    9 +-
 crypto/external/bsd/openssl/dist/crypto/evp/m_sha3.c                                 |    5 +-
 crypto/external/bsd/openssl/dist/crypto/include/internal/ctype.h                     |    4 +-
 crypto/external/bsd/openssl/dist/crypto/include/internal/rand_int.h                  |    6 +-
 crypto/external/bsd/openssl/dist/crypto/include/internal/sm2err.h                    |    6 +-
 crypto/external/bsd/openssl/dist/crypto/init.c                                       |    3 +-
 crypto/external/bsd/openssl/dist/crypto/lhash/lhash.c                                |    8 +-
 crypto/external/bsd/openssl/dist/crypto/o_str.c                                      |    2 +-
 crypto/external/bsd/openssl/dist/crypto/pem/pvkfmt.c                                 |    5 +-
 crypto/external/bsd/openssl/dist/crypto/pkcs7/pk7_doit.c                             |   14 +-
 crypto/external/bsd/openssl/dist/crypto/rand/drbg_lib.c                              |   13 +-
 crypto/external/bsd/openssl/dist/crypto/rand/rand_err.c                              |    3 +-
 crypto/external/bsd/openssl/dist/crypto/rand/rand_lcl.h                              |   46 +-
 crypto/external/bsd/openssl/dist/crypto/rand/rand_lib.c                              |  148 +-
 crypto/external/bsd/openssl/dist/crypto/rand/rand_unix.c                             |  185 +-
 crypto/external/bsd/openssl/dist/crypto/rand/rand_win.c                              |    3 +-
 crypto/external/bsd/openssl/dist/crypto/rsa/rsa_ameth.c                              |   13 +
 crypto/external/bsd/openssl/dist/crypto/rsa/rsa_err.c                                |    4 +-
 crypto/external/bsd/openssl/dist/crypto/rsa/rsa_gen.c                                |    2 +-
 crypto/external/bsd/openssl/dist/crypto/rsa/rsa_lib.c                                |   17 +-
 crypto/external/bsd/openssl/dist/crypto/rsa/rsa_ossl.c                               |   10 +
 crypto/external/bsd/openssl/dist/crypto/s390xcap.c                                   |   12 +-
 crypto/external/bsd/openssl/dist/crypto/sha/asm/keccak1600-armv4.pl                  |  192 +-
 crypto/external/bsd/openssl/dist/crypto/sha/asm/keccak1600-armv8.pl                  |    4 +-
 crypto/external/bsd/openssl/dist/crypto/sha/asm/sha512-sparcv9.pl                    |    4 +-
 crypto/external/bsd/openssl/dist/crypto/sm2/sm2_sign.c                               |    6 +-
 crypto/external/bsd/openssl/dist/crypto/store/loader_file.c                          |   18 +-
 crypto/external/bsd/openssl/dist/crypto/store/store_lib.c                            |    4 +-
 crypto/external/bsd/openssl/dist/crypto/threads_none.c                               |   15 +-
 crypto/external/bsd/openssl/dist/crypto/threads_pthread.c                            |   12 +-
 crypto/external/bsd/openssl/dist/crypto/threads_win.c                                |    4 +
 crypto/external/bsd/openssl/dist/crypto/ui/ui_lib.c                                  |    4 +-
 crypto/external/bsd/openssl/dist/crypto/ui/ui_openssl.c                              |    2 +-
 crypto/external/bsd/openssl/dist/crypto/uid.c                                        |   16 +-
 crypto/external/bsd/openssl/dist/crypto/whrlpool/wp_block.c                          |    3 +-
 crypto/external/bsd/openssl/dist/crypto/x509/by_dir.c                                |    6 +-
 crypto/external/bsd/openssl/dist/crypto/x509/t_req.c                                 |    6 +-
 crypto/external/bsd/openssl/dist/crypto/x509/x509_att.c                              |    6 +-
 crypto/external/bsd/openssl/dist/crypto/x509/x509_cmp.c                              |   12 +-
 crypto/external/bsd/openssl/dist/crypto/x509/x509_err.c                              |    4 +-
 crypto/external/bsd/openssl/dist/crypto/x509/x509_lu.c                               |  113 +-
 crypto/external/bsd/openssl/dist/crypto/x509/x509_vfy.c                              |   12 +-
 crypto/external/bsd/openssl/dist/crypto/x509v3/v3_alt.c                              |   11 +-
 crypto/external/bsd/openssl/dist/crypto/x509v3/v3_purp.c                             |   16 +-
 crypto/external/bsd/openssl/dist/demos/bio/descrip.mms                               |    2 +-
 crypto/external/bsd/openssl/dist/demos/evp/aesgcm.c                                  |    4 +-
 crypto/external/bsd/openssl/dist/doc/HOWTO/proxy_certificates.txt                    |    2 +-
 crypto/external/bsd/openssl/dist/doc/man1/engine.pod                                 |    4 +-
 crypto/external/bsd/openssl/dist/doc/man1/errstr.pod                                 |    4 +-
 crypto/external/bsd/openssl/dist/doc/man1/pkcs12.pod                                 |    3 +-
 crypto/external/bsd/openssl/dist/doc/man1/pkeyparam.pod                              |    4 +-
 crypto/external/bsd/openssl/dist/doc/man1/s_client.pod                               |    2 +-
 crypto/external/bsd/openssl/dist/doc/man1/s_server.pod                               |    2 +-
 crypto/external/bsd/openssl/dist/doc/man3/ADMISSIONS.pod                             |    4 +-
 crypto/external/bsd/openssl/dist/doc/man3/ASYNC_start_job.pod                        |    4 +-
 crypto/external/bsd/openssl/dist/doc/man3/BIO_connect.pod                            |    2 +-
 crypto/external/bsd/openssl/dist/doc/man3/BIO_f_ssl.pod                              |   38 +-
 crypto/external/bsd/openssl/dist/doc/man3/BIO_find_type.pod                          |    4 +-
 crypto/external/bsd/openssl/dist/doc/man3/BIO_new.pod                                |    4 +-
 crypto/external/bsd/openssl/dist/doc/man3/BIO_s_accept.pod                           |    4 +-
 crypto/external/bsd/openssl/dist/doc/man3/BIO_s_bio.pod                              |    6 +-
 crypto/external/bsd/openssl/dist/doc/man3/BIO_s_connect.pod                          |    4 +-
 crypto/external/bsd/openssl/dist/doc/man3/BIO_s_fd.pod                               |    4 +-
 crypto/external/bsd/openssl/dist/doc/man3/BIO_s_mem.pod                              |   48 +-
 crypto/external/bsd/openssl/dist/doc/man3/BIO_set_callback.pod                       |   12 +-
 crypto/external/bsd/openssl/dist/doc/man3/BN_generate_prime.pod                      |   14 +-
 crypto/external/bsd/openssl/dist/doc/man3/BN_mod_mul_montgomery.pod                  |    4 +-
 crypto/external/bsd/openssl/dist/doc/man3/BN_new.pod                                 |    4 +-
 crypto/external/bsd/openssl/dist/doc/man3/CMS_final.pod                              |    4 +-
 crypto/external/bsd/openssl/dist/doc/man3/CRYPTO_THREAD_run_once.pod                 |    4 +-
 crypto/external/bsd/openssl/dist/doc/man3/CRYPTO_memcmp.pod                          |   39 +
 crypto/external/bsd/openssl/dist/doc/man3/DES_random_key.pod                         |    8 +-
 crypto/external/bsd/openssl/dist/doc/man3/DSA_generate_key.pod                       |    6 +-
 crypto/external/bsd/openssl/dist/doc/man3/DSA_sign.pod                               |    9 +-
 crypto/external/bsd/openssl/dist/doc/man3/ECDSA_SIG_new.pod                          |   25 +-
 crypto/external/bsd/openssl/dist/doc/man3/EVP_DigestInit.pod                         |    4 +-
 crypto/external/bsd/openssl/dist/doc/man3/EVP_DigestSignInit.pod                     |   12 +-
 crypto/external/bsd/openssl/dist/doc/man3/EVP_DigestVerifyInit.pod                   |   10 +-
 crypto/external/bsd/openssl/dist/doc/man3/EVP_PKEY_CTX_set_hkdf_md.pod               |    4 +-
 crypto/external/bsd/openssl/dist/doc/man3/EVP_PKEY_CTX_set_tls1_prf_md.pod           |    4 +-
 crypto/external/bsd/openssl/dist/doc/man3/EVP_PKEY_decrypt.pod                       |    4 +-
 crypto/external/bsd/openssl/dist/doc/man3/EVP_PKEY_derive.pod                        |    4 +-
 crypto/external/bsd/openssl/dist/doc/man3/EVP_PKEY_encrypt.pod                       |    4 +-
 crypto/external/bsd/openssl/dist/doc/man3/EVP_PKEY_sign.pod                          |    4 +-
 crypto/external/bsd/openssl/dist/doc/man3/EVP_PKEY_verify.pod                        |    4 +-
 crypto/external/bsd/openssl/dist/doc/man3/EVP_PKEY_verify_recover.pod                |    4 +-
 crypto/external/bsd/openssl/dist/doc/man3/EVP_SealInit.pod                           |    9 +-
 crypto/external/bsd/openssl/dist/doc/man3/EVP_SignInit.pod                           |    9 +-
 crypto/external/bsd/openssl/dist/doc/man3/EVP_VerifyInit.pod                         |    4 +-
 crypto/external/bsd/openssl/dist/doc/man3/EVP_aria.pod                               |    4 +-
 crypto/external/bsd/openssl/dist/doc/man3/EVP_md5.pod                                |    4 +-
 crypto/external/bsd/openssl/dist/doc/man3/EVP_rc5_32_12_16_cbc.pod                   |   27 +-
 crypto/external/bsd/openssl/dist/doc/man3/OCSP_REQUEST_new.pod                       |    4 +-
 crypto/external/bsd/openssl/dist/doc/man3/OPENSSL_fork_prepare.pod                   |    6 +-
 crypto/external/bsd/openssl/dist/doc/man3/OSSL_STORE_LOADER.pod                      |    4 +-
 crypto/external/bsd/openssl/dist/doc/man3/OSSL_STORE_expect.pod                      |    4 +-
 crypto/external/bsd/openssl/dist/doc/man3/PKCS12_newpass.pod                         |    4 +-
 crypto/external/bsd/openssl/dist/doc/man3/RAND_DRBG_set_callbacks.pod                |    2 +-
 crypto/external/bsd/openssl/dist/doc/man3/RAND_set_rand_method.pod                   |    9 +-
 crypto/external/bsd/openssl/dist/doc/man3/RSA_blinding_on.pod                        |    5 +-
 crypto/external/bsd/openssl/dist/doc/man3/RSA_generate_key.pod                       |   15 +-
 crypto/external/bsd/openssl/dist/doc/man3/RSA_padding_add_PKCS1_type_1.pod           |    7 +-
 crypto/external/bsd/openssl/dist/doc/man3/RSA_public_encrypt.pod                     |    2 +-
 crypto/external/bsd/openssl/dist/doc/man3/RSA_sign_ASN1_OCTET_STRING.pod             |   10 +-
 crypto/external/bsd/openssl/dist/doc/man3/SSL_CTX_config.pod                         |    4 +-
 crypto/external/bsd/openssl/dist/doc/man3/SSL_CTX_dane_enable.pod                    |    4 +-
 crypto/external/bsd/openssl/dist/doc/man3/SSL_CTX_get0_param.pod                     |   16 +-
 crypto/external/bsd/openssl/dist/doc/man3/SSL_CTX_new.pod                            |   19 +-
 crypto/external/bsd/openssl/dist/doc/man3/SSL_CTX_set_cipher_list.pod                |    4 +-
 crypto/external/bsd/openssl/dist/doc/man3/SSL_CTX_set_generate_session_id.pod        |    4 +-
 crypto/external/bsd/openssl/dist/doc/man3/SSL_CTX_set_session_id_context.pod         |    6 +-
 crypto/external/bsd/openssl/dist/doc/man3/SSL_CTX_set_verify.pod                     |   12 +-
 crypto/external/bsd/openssl/dist/doc/man3/SSL_SESSION_get0_hostname.pod              |    4 +-
 crypto/external/bsd/openssl/dist/doc/man3/SSL_get_error.pod                          |    6 +-
 crypto/external/bsd/openssl/dist/doc/man3/SSL_library_init.pod                       |    4 +-
 crypto/external/bsd/openssl/dist/doc/man3/SSL_set1_host.pod                          |    4 +-
 crypto/external/bsd/openssl/dist/doc/man3/SSL_write.pod                              |    2 +-
 crypto/external/bsd/openssl/dist/doc/man3/X509_STORE_CTX_get_error.pod               |   10 +-
 crypto/external/bsd/openssl/dist/doc/man3/X509_STORE_CTX_set_verify_cb.pod           |    4 +-
 crypto/external/bsd/openssl/dist/doc/man3/X509_STORE_add_cert.pod                    |    6 +-
 crypto/external/bsd/openssl/dist/doc/man3/X509_STORE_new.pod                         |    4 +-
 crypto/external/bsd/openssl/dist/doc/man3/X509_VERIFY_PARAM_set_flags.pod            |    4 +-
 crypto/external/bsd/openssl/dist/doc/man3/X509_cmp.pod                               |   80 +
 crypto/external/bsd/openssl/dist/doc/man3/X509_get_extension_flags.pod               |   14 +-
 crypto/external/bsd/openssl/dist/doc/man3/d2i_X509.pod                               |   20 +-
 crypto/external/bsd/openssl/dist/doc/man5/x509v3_config.pod                          |    5 +-
 crypto/external/bsd/openssl/dist/doc/man7/Ed25519.pod                                |    4 +-
 crypto/external/bsd/openssl/dist/doc/man7/RAND.pod                                   |    8 +-
 crypto/external/bsd/openssl/dist/doc/man7/SM2.pod                                    |    4 +-
 crypto/external/bsd/openssl/dist/doc/man7/X25519.pod                                 |    4 +-
 crypto/external/bsd/openssl/dist/doc/man7/bio.pod                                    |    4 +-
 crypto/external/bsd/openssl/dist/doc/man7/scrypt.pod                                 |    4 +-
 crypto/external/bsd/openssl/dist/e_os.h                                              |   30 +-
 crypto/external/bsd/openssl/dist/engines/build.info                                  |   15 +-
 crypto/external/bsd/openssl/dist/engines/e_afalg.c                                   |   16 +-
 crypto/external/bsd/openssl/dist/include/internal/constant_time_locl.h               |   64 +-
 crypto/external/bsd/openssl/dist/include/internal/cryptlib.h                         |    1 +
 crypto/external/bsd/openssl/dist/include/internal/dsoerr.h                           |    4 +-
 crypto/external/bsd/openssl/dist/include/internal/refcount.h                         |    2 +-
 crypto/external/bsd/openssl/dist/include/internal/thread_once.h                      |    2 +-
 crypto/external/bsd/openssl/dist/include/internal/tsan_assist.h                      |    2 +-
 crypto/external/bsd/openssl/dist/include/openssl/asn1err.h                           |    6 +-
 crypto/external/bsd/openssl/dist/include/openssl/asyncerr.h                          |    6 +-
 crypto/external/bsd/openssl/dist/include/openssl/bio.h                               |    6 +-
 crypto/external/bsd/openssl/dist/include/openssl/bioerr.h                            |    6 +-
 crypto/external/bsd/openssl/dist/include/openssl/bnerr.h                             |    6 +-
 crypto/external/bsd/openssl/dist/include/openssl/buffererr.h                         |    6 +-
 crypto/external/bsd/openssl/dist/include/openssl/cms.h                               |    5 +-
 crypto/external/bsd/openssl/dist/include/openssl/cmserr.h                            |    8 +-
 crypto/external/bsd/openssl/dist/include/openssl/comperr.h                           |    6 +-
 crypto/external/bsd/openssl/dist/include/openssl/conferr.h                           |    6 +-
 crypto/external/bsd/openssl/dist/include/openssl/cryptoerr.h                         |    9 +-
 crypto/external/bsd/openssl/dist/include/openssl/cterr.h                             |    6 +-
 crypto/external/bsd/openssl/dist/include/openssl/dherr.h                             |    6 +-
 crypto/external/bsd/openssl/dist/include/openssl/dsaerr.h                            |    7 +-
 crypto/external/bsd/openssl/dist/include/openssl/ec.h                                |    7 +-
 crypto/external/bsd/openssl/dist/include/openssl/ecerr.h                             |    4 +
 crypto/external/bsd/openssl/dist/include/openssl/engineerr.h                         |    6 +-
 crypto/external/bsd/openssl/dist/include/openssl/evp.h                               |    4 +
 crypto/external/bsd/openssl/dist/include/openssl/evperr.h                            |   12 +-
 crypto/external/bsd/openssl/dist/include/openssl/kdferr.h                            |    6 +-
 crypto/external/bsd/openssl/dist/include/openssl/objectserr.h                        |    6 +-
 crypto/external/bsd/openssl/dist/include/openssl/ocsperr.h                           |    6 +-
 crypto/external/bsd/openssl/dist/include/openssl/opensslv.h                          |    4 +-
 crypto/external/bsd/openssl/dist/include/openssl/pemerr.h                            |    6 +-
 crypto/external/bsd/openssl/dist/include/openssl/pkcs12err.h                         |    6 +-
 crypto/external/bsd/openssl/dist/include/openssl/pkcs7err.h                          |    6 +-
 crypto/external/bsd/openssl/dist/include/openssl/randerr.h                           |    5 +-
 crypto/external/bsd/openssl/dist/include/openssl/rsaerr.h                            |    7 +-
 crypto/external/bsd/openssl/dist/include/openssl/ssl.h                               |   60 +-
 crypto/external/bsd/openssl/dist/include/openssl/sslerr.h                            |    4 +
 crypto/external/bsd/openssl/dist/include/openssl/store.h                             |    6 +-
 crypto/external/bsd/openssl/dist/include/openssl/storeerr.h                          |    6 +-
 crypto/external/bsd/openssl/dist/include/openssl/tls1.h                              |    4 +-
 crypto/external/bsd/openssl/dist/include/openssl/tserr.h                             |    6 +-
 crypto/external/bsd/openssl/dist/include/openssl/uierr.h                             |    6 +-
 crypto/external/bsd/openssl/dist/include/openssl/x509err.h                           |    7 +-
 crypto/external/bsd/openssl/dist/include/openssl/x509v3.h                            |    2 +
 crypto/external/bsd/openssl/dist/include/openssl/x509v3err.h                         |    6 +-
 crypto/external/bsd/openssl/dist/ssl/d1_msg.c                                        |    5 +-
 crypto/external/bsd/openssl/dist/ssl/record/rec_layer_s3.c                           |   12 +-
 crypto/external/bsd/openssl/dist/ssl/s3_lib.c                                        |   14 +-
 crypto/external/bsd/openssl/dist/ssl/ssl_cert.c                                      |    5 +-
 crypto/external/bsd/openssl/dist/ssl/ssl_ciph.c                                      |   13 +-
 crypto/external/bsd/openssl/dist/ssl/ssl_lib.c                                       |   20 +-
 crypto/external/bsd/openssl/dist/ssl/ssl_locl.h                                      |   37 +-
 crypto/external/bsd/openssl/dist/ssl/ssl_sess.c                                      |   39 +-
 crypto/external/bsd/openssl/dist/ssl/statem/extensions.c                             |   21 +-
 crypto/external/bsd/openssl/dist/ssl/statem/extensions_clnt.c                        |   16 +-
 crypto/external/bsd/openssl/dist/ssl/statem/extensions_srvr.c                        |   20 +-
 crypto/external/bsd/openssl/dist/ssl/statem/statem_clnt.c                            |    6 -
 crypto/external/bsd/openssl/dist/ssl/statem/statem_lib.c                             |   19 +-
 crypto/external/bsd/openssl/dist/ssl/statem/statem_srvr.c                            |   54 +-
 crypto/external/bsd/openssl/dist/ssl/t1_lib.c                                        |  275 +-
 crypto/external/bsd/openssl/dist/ssl/tls13_enc.c                                     |   53 +-
 crypto/external/bsd/openssl/dist/test/asn1_time_test.c                               |    6 +-
 crypto/external/bsd/openssl/dist/test/bio_memleak_test.c                             |   40 +
 crypto/external/bsd/openssl/dist/test/bntest.c                                       |   47 +-
 crypto/external/bsd/openssl/dist/test/build.info                                     |    3 +-
 crypto/external/bsd/openssl/dist/test/certs/mkcert.sh                                |   31 +-
 crypto/external/bsd/openssl/dist/test/certs/server-pss-restrict-cert.pem             |   21 +
 crypto/external/bsd/openssl/dist/test/certs/server-pss-restrict-key.pem              |   29 +
 crypto/external/bsd/openssl/dist/test/certs/setup.sh                                 |    6 +
 crypto/external/bsd/openssl/dist/test/conf_include_test.c                            |    4 +-
 crypto/external/bsd/openssl/dist/test/ct_test.c                                      |   23 +-
 crypto/external/bsd/openssl/dist/test/dhtest.c                                       |   77 +-
 crypto/external/bsd/openssl/dist/test/drbgtest.c                                     |   47 +-
 crypto/external/bsd/openssl/dist/test/dtlstest.c                                     |    2 +-
 crypto/external/bsd/openssl/dist/test/ectest.c                                       |  444 ++++-
 crypto/external/bsd/openssl/dist/test/enginetest.c                                   |   19 +-
 crypto/external/bsd/openssl/dist/test/evp_extra_test.c                               |    2 +-
 crypto/external/bsd/openssl/dist/test/evp_test.c                                     |   34 +-
 crypto/external/bsd/openssl/dist/test/recipes/30-test_evp_data/evpciph.txt           |   11 +
 crypto/external/bsd/openssl/dist/test/recipes/70-test_sslmessages.t                  |   27 +-
 crypto/external/bsd/openssl/dist/test/recipes/70-test_tls13kexmodes.t                |   38 +-
 crypto/external/bsd/openssl/dist/test/recipes/70-test_tls13messages.t                |   91 +-
 crypto/external/bsd/openssl/dist/test/recipes/80-test_cms.t                          |   69 +-
 crypto/external/bsd/openssl/dist/test/recipes/80-test_cms_data/bad_signtime_attr.cms |  Bin 
 crypto/external/bsd/openssl/dist/test/recipes/80-test_cms_data/ct_multiple_attr.cms  |  Bin 
 crypto/external/bsd/openssl/dist/test/recipes/80-test_cms_data/no_ct_attr.cms        |  Bin 
 crypto/external/bsd/openssl/dist/test/recipes/80-test_cms_data/no_md_attr.cms        |  Bin 
 crypto/external/bsd/openssl/dist/test/recipes/90-test_sslapi.t                       |    7 +-
 crypto/external/bsd/openssl/dist/test/ssl-tests/20-cert-select.conf                  |  984 +++++----
 crypto/external/bsd/openssl/dist/test/ssl-tests/20-cert-select.conf.in               |   66 +
 crypto/external/bsd/openssl/dist/test/sslapitest.c                                   |  345 +++-
 crypto/external/bsd/openssl/dist/test/ssltestlib.c                                   |   98 +-
 crypto/external/bsd/openssl/dist/test/ssltestlib.h                                   |    3 +
 crypto/external/bsd/openssl/dist/test/testutil.h                                     |   13 +-
 crypto/external/bsd/openssl/dist/test/testutil/driver.c                              |   26 +-
 crypto/external/bsd/openssl/dist/test/testutil/random.c                              |   40 +
 crypto/external/bsd/openssl/dist/test/tls13secretstest.c                             |    2 +-
 crypto/external/bsd/openssl/dist/util/find-doc-nits                                  |   28 +-
 crypto/external/bsd/openssl/dist/util/libcrypto.num                                  |    2 +
 crypto/external/bsd/openssl/dist/util/mkdef.pl                                       |    4 +-
 crypto/external/bsd/openssl/dist/util/mkerr.pl                                       |    8 +-
 crypto/external/bsd/openssl/dist/util/perl/OpenSSL/Test.pm                           |   11 +-
 crypto/external/bsd/openssl/dist/util/perl/TLSProxy/CertificateRequest.pm            |  105 +
 crypto/external/bsd/openssl/dist/util/perl/TLSProxy/Message.pm                       |   14 +
 crypto/external/bsd/openssl/dist/util/perl/TLSProxy/Proxy.pm                         |    1 +
 crypto/external/bsd/openssl/dist/util/perl/checkhandshake.pm                         |   20 +-
 322 files changed, 5429 insertions(+), 1946 deletions(-)

diffs (truncated from 15605 to 300 lines):

diff -r 29645b1e84d1 -r cc31f37d4131 crypto/external/bsd/openssl/dist/CHANGES
--- a/crypto/external/bsd/openssl/dist/CHANGES  Sun Jun 09 17:47:39 2019 +0000
+++ b/crypto/external/bsd/openssl/dist/CHANGES  Thu Jan 23 02:47:58 2020 +0000
@@ -7,6 +7,101 @@
  https://github.com/openssl/openssl/commits/ and pick the appropriate
  release branch.
 
+ Changes between 1.1.1c and 1.1.1d [10 Sep 2019]
+
+  *) Fixed a fork protection issue. OpenSSL 1.1.1 introduced a rewritten random
+     number generator (RNG). This was intended to include protection in the
+     event of a fork() system call in order to ensure that the parent and child
+     processes did not share the same RNG state. However this protection was not
+     being used in the default case.
+
+     A partial mitigation for this issue is that the output from a high
+     precision timer is mixed into the RNG state so the likelihood of a parent
+     and child process sharing state is significantly reduced.
+
+     If an application already calls OPENSSL_init_crypto() explicitly using
+     OPENSSL_INIT_ATFORK then this problem does not occur at all.
+     (CVE-2019-1549)
+     [Matthias St. Pierre]
+
+  *) For built-in EC curves, ensure an EC_GROUP built from the curve name is
+     used even when parsing explicit parameters, when loading a serialized key
+     or calling `EC_GROUP_new_from_ecpkparameters()`/
+     `EC_GROUP_new_from_ecparameters()`.
+     This prevents bypass of security hardening and performance gains,
+     especially for curves with specialized EC_METHODs.
+     By default, if a key encoded with explicit parameters is loaded and later
+     serialized, the output is still encoded with explicit parameters, even if
+     internally a "named" EC_GROUP is used for computation.
+     [Nicola Tuveri]
+
+  *) Compute ECC cofactors if not provided during EC_GROUP construction. Before
+     this change, EC_GROUP_set_generator would accept order and/or cofactor as
+     NULL. After this change, only the cofactor parameter can be NULL. It also
+     does some minimal sanity checks on the passed order.
+     (CVE-2019-1547)
+     [Billy Bob Brumley]
+
+  *) Fixed a padding oracle in PKCS7_dataDecode and CMS_decrypt_set1_pkey.
+     An attack is simple, if the first CMS_recipientInfo is valid but the
+     second CMS_recipientInfo is chosen ciphertext. If the second
+     recipientInfo decodes to PKCS #1 v1.5 form plaintext, the correct
+     encryption key will be replaced by garbage, and the message cannot be
+     decoded, but if the RSA decryption fails, the correct encryption key is
+     used and the recipient will not notice the attack.
+     As a work around for this potential attack the length of the decrypted
+     key must be equal to the cipher default key length, in case the
+     certifiate is not given and all recipientInfo are tried out.
+     The old behaviour can be re-enabled in the CMS code by setting the
+     CMS_DEBUG_DECRYPT flag.
+     (CVE-2019-1563)
+     [Bernd Edlinger]
+
+  *) Early start up entropy quality from the DEVRANDOM seed source has been
+     improved for older Linux systems.  The RAND subsystem will wait for
+     /dev/random to be producing output before seeding from /dev/urandom.
+     The seeded state is stored for future library initialisations using
+     a system global shared memory segment.  The shared memory identifier
+     can be configured by defining OPENSSL_RAND_SEED_DEVRANDOM_SHM_ID to
+     the desired value.  The default identifier is 114.
+     [Paul Dale]
+
+  *) Correct the extended master secret constant on EBCDIC systems. Without this
+     fix TLS connections between an EBCDIC system and a non-EBCDIC system that
+     negotiate EMS will fail. Unfortunately this also means that TLS connections
+     between EBCDIC systems with this fix, and EBCDIC systems without this
+     fix will fail if they negotiate EMS.
+     [Matt Caswell]
+
+  *) Use Windows installation paths in the mingw builds
+
+     Mingw isn't a POSIX environment per se, which means that Windows
+     paths should be used for installation.
+     (CVE-2019-1552)
+     [Richard Levitte]
+
+  *) Changed DH_check to accept parameters with order q and 2q subgroups.
+     With order 2q subgroups the bit 0 of the private key is not secret
+     but DH_generate_key works around that by clearing bit 0 of the
+     private key for those. This avoids leaking bit 0 of the private key.
+     [Bernd Edlinger]
+
+  *) Significantly reduce secure memory usage by the randomness pools.
+     [Paul Dale]
+
+  *) Revert the DEVRANDOM_WAIT feature for Linux systems
+
+     The DEVRANDOM_WAIT feature added a select() call to wait for the
+     /dev/random device to become readable before reading from the
+     /dev/urandom device.
+
+     It turned out that this change had negative side effects on
+     performance which were not acceptable. After some discussion it
+     was decided to revert this feature and leave it up to the OS
+     resp. the platform maintainer to ensure a proper initialization
+     during early boot time.
+     [Matthias St. Pierre]
+
  Changes between 1.1.1b and 1.1.1c [28 May 2019]
 
   *) Add build tests for C++.  These are generated files that only do one
@@ -75,6 +170,16 @@
      (CVE-2019-1543)
      [Matt Caswell]
 
+  *) Add DEVRANDOM_WAIT feature for Linux systems
+
+     On older Linux systems where the getrandom() system call is not available,
+     OpenSSL normally uses the /dev/urandom device for seeding its CSPRNG.
+     Contrary to getrandom(), the /dev/urandom device will not block during
+     early boot when the kernel CSPRNG has not been seeded yet.
+
+     To mitigate this known weakness, use select() to wait for /dev/random to
+     become readable before reading from /dev/urandom.
+
   *) Ensure that SM2 only uses SM3 as digest algorithm
      [Paul Yang]
 
@@ -322,7 +427,7 @@
         SSL_set_ciphersuites()
      [Matt Caswell]
 
-  *) Memory allocation failures consistenly add an error to the error
+  *) Memory allocation failures consistently add an error to the error
      stack.
      [Rich Salz]
 
@@ -6860,7 +6965,7 @@
      reason texts, thereby removing some of the footprint that may not
      be interesting if those errors aren't displayed anyway.
 
-     NOTE: it's still possible for any application or module to have it's
+     NOTE: it's still possible for any application or module to have its
      own set of error texts inserted.  The routines are there, just not
      used by default when no-err is given.
      [Richard Levitte]
@@ -8826,7 +8931,7 @@
  Changes between 0.9.6g and 0.9.6h  [5 Dec 2002]
 
   *) New function OPENSSL_cleanse(), which is used to cleanse a section of
-     memory from it's contents.  This is done with a counter that will
+     memory from its contents.  This is done with a counter that will
      place alternating values in each byte.  This can be used to solve
      two issues: 1) the removal of calls to memset() by highly optimizing
      compilers, and 2) cleansing with other values than 0, since those can
diff -r 29645b1e84d1 -r cc31f37d4131 crypto/external/bsd/openssl/dist/Configurations/00-base-templates.conf
--- a/crypto/external/bsd/openssl/dist/Configurations/00-base-templates.conf    Sun Jun 09 17:47:39 2019 +0000
+++ b/crypto/external/bsd/openssl/dist/Configurations/00-base-templates.conf    Thu Jan 23 02:47:58 2020 +0000
@@ -198,7 +198,7 @@
        bn_asm_src      => "bn-586.s co-586.s x86-mont.s x86-gf2m.s",
        ec_asm_src      => "ecp_nistz256.c ecp_nistz256-x86.s",
        des_asm_src     => "des-586.s crypt586.s",
-       aes_asm_src     => "aes-586.s vpaes-x86.s aesni-x86.s",
+       aes_asm_src     => "aes_core.c aes_cbc.c vpaes-x86.s aesni-x86.s",
        bf_asm_src      => "bf-586.s",
        md5_asm_src     => "md5-586.s",
        cast_asm_src    => "cast-586.s",
@@ -223,7 +223,7 @@
        cpuid_asm_src   => "x86_64cpuid.s",
        bn_asm_src      => "asm/x86_64-gcc.c x86_64-mont.s x86_64-mont5.s x86_64-gf2m.s rsaz_exp.c rsaz-x86_64.s rsaz-avx2.s",
        ec_asm_src      => "ecp_nistz256.c ecp_nistz256-x86_64.s x25519-x86_64.s",
-       aes_asm_src     => "aes-x86_64.s vpaes-x86_64.s bsaes-x86_64.s aesni-x86_64.s aesni-sha1-x86_64.s aesni-sha256-x86_64.s aesni-mb-x86_64.s",
+       aes_asm_src     => "aes_core.c aes_cbc.c vpaes-x86_64.s aesni-x86_64.s aesni-sha1-x86_64.s aesni-sha256-x86_64.s aesni-mb-x86_64.s",
        md5_asm_src     => "md5-x86_64.s",
        sha1_asm_src    => "sha1-x86_64.s sha256-x86_64.s sha512-x86_64.s sha1-mb-x86_64.s sha256-mb-x86_64.s",
        rc4_asm_src     => "rc4-x86_64.s rc4-md5-x86_64.s",
diff -r 29645b1e84d1 -r cc31f37d4131 crypto/external/bsd/openssl/dist/Configurations/10-main.conf
--- a/crypto/external/bsd/openssl/dist/Configurations/10-main.conf      Sun Jun 09 17:47:39 2019 +0000
+++ b/crypto/external/bsd/openssl/dist/Configurations/10-main.conf      Thu Jan 23 02:47:58 2020 +0000
@@ -1111,7 +1111,7 @@
         thread_scheme    => "pthreads",
         dso_scheme       => "dlfcn",
         shared_target    => "self",
-        module_ldflags   => "-Wl,-G,-bsymbolic,-bexpall",
+        module_ldflags   => "-Wl,-G,-bsymbolic,-bnoentry",
         shared_ldflag    => "-Wl,-G,-bsymbolic,-bnoentry",
         shared_defflag   => "-Wl,-bE:",
         shared_extension => ".so.\$(SHLIB_VERSION_NUMBER)",
@@ -1397,6 +1397,10 @@
         shared_extension => ".dll",
         multilib         => "",
         apps_aux_src     => add("win32_init.c"),
+        # "WOW" stands for "Windows on Windows", and that word engages
+        # some installation path heuristics in unix-Makefile.tmpl...
+        build_scheme     => add("WOW", { separator => undef }),
+
     },
     "mingw64" => {
         # As for OPENSSL_USE_APPLINK. Applink makes it possible to use
diff -r 29645b1e84d1 -r cc31f37d4131 crypto/external/bsd/openssl/dist/Configurations/15-ios.conf
--- a/crypto/external/bsd/openssl/dist/Configurations/15-ios.conf       Sun Jun 09 17:47:39 2019 +0000
+++ b/crypto/external/bsd/openssl/dist/Configurations/15-ios.conf       Thu Jan 23 02:47:58 2020 +0000
@@ -1,6 +1,6 @@
 #### iPhoneOS/iOS
 #
-# It takes recent enough XCode to use following two targets. It shouldn't
+# It takes recent enough Xcode to use following two targets. It shouldn't
 # be a problem by now, but if they don't work, original targets below
 # that depend on manual definition of environment variables should still
 # work...
diff -r 29645b1e84d1 -r cc31f37d4131 crypto/external/bsd/openssl/dist/Configurations/50-win-onecore.conf
--- a/crypto/external/bsd/openssl/dist/Configurations/50-win-onecore.conf       Sun Jun 09 17:47:39 2019 +0000
+++ b/crypto/external/bsd/openssl/dist/Configurations/50-win-onecore.conf       Thu Jan 23 02:47:58 2020 +0000
@@ -1,6 +1,6 @@
 # Windows OneCore targets.
 #
-# OneCore is new API stability "contract" that transends Desktop, IoT and
+# OneCore is new API stability "contract" that transcends Desktop, IoT and
 # Mobile[?] Windows editions. It's a set up "umbrella" libraries that
 # export subset of Win32 API that are common to all Windows 10 devices.
 #
diff -r 29645b1e84d1 -r cc31f37d4131 crypto/external/bsd/openssl/dist/Configurations/common0.tmpl
--- a/crypto/external/bsd/openssl/dist/Configurations/common0.tmpl      Sun Jun 09 17:47:39 2019 +0000
+++ b/crypto/external/bsd/openssl/dist/Configurations/common0.tmpl      Thu Jan 23 02:47:58 2020 +0000
@@ -22,7 +22,7 @@
  our @generated =
      sort ( ( grep { defined $unified_info{generate}->{$_} }
               sort keys %generatables ),
-            # Scripts are assumed to be generated, so add thhem too
+            # Scripts are assumed to be generated, so add them too
             ( grep { defined $unified_info{sources}->{$_} }
               @{$unified_info{scripts}} ) );
 
diff -r 29645b1e84d1 -r cc31f37d4131 crypto/external/bsd/openssl/dist/Configurations/unix-Makefile.tmpl
--- a/crypto/external/bsd/openssl/dist/Configurations/unix-Makefile.tmpl        Sun Jun 09 17:47:39 2019 +0000
+++ b/crypto/external/bsd/openssl/dist/Configurations/unix-Makefile.tmpl        Thu Jan 23 02:47:58 2020 +0000
@@ -14,6 +14,26 @@
      our $dsoext = $target{dso_extension} || ".so";
      our $makedepprog = $disabled{makedepend} ? undef : $config{makedepprog};
 
+     # $mingw_installroot and $mingw_commonroot is relevant for mingw only.
+     my $build_scheme = $target{build_scheme};
+     my $install_flavour = $build_scheme->[$#$build_scheme]; # last element
+     my $mingw_installenv = $install_flavour eq "WOW" ? "ProgramFiles(x86)"
+                                                      : "ProgramW6432";
+     my $mingw_commonenv = $install_flavour eq "WOW" ? "CommonProgramFiles(x86)"
+                                                     : "CommonProgramW6432";
+     our $mingw_installroot =
+         defined($ENV{$mingw_installenv}) ? $mingw_installenv : 'ProgramFiles';
+     our $mingw_commonroot =
+         defined($ENV{$mingw_commonenv}) ? $mingw_commonenv : 'CommonProgramFiles';
+     my $mingw_installdflt =
+         $install_flavour eq "WOW" ? "C:/Program Files (x86)"
+                                   : "C:/Program Files";
+     my $mingw_commondflt = "$mingw_installdflt/Common Files";
+
+     # expand variables early
+     $mingw_installroot = $ENV{$mingw_installroot} // $mingw_installdflt;
+     $mingw_commonroot = $ENV{$mingw_commonroot} // $mingw_commondflt;
+
      sub windowsdll { $config{target} =~ /^(?:Cygwin|mingw)/ }
 
      # Shared AIX support is special. We put libcrypto[64].so.ver into
@@ -132,6 +152,7 @@
 # Normally it is left empty.
 DESTDIR=
 
+{- output_off() if $config{target} =~ /^mingw/; "" -}
 # Do not edit these manually. Use Configure with --prefix or --openssldir
 # to change this!  Short explanation in the top comment in Configure
 INSTALLTOP={- # $prefix is used in the OPENSSLDIR perl snippet
@@ -175,6 +196,83 @@
 # Convenience variable for those who want to set the rpath in shared
 # libraries and applications
 LIBRPATH=$(libdir)
+{- output_on() if $config{target} =~ /^mingw/;
+   output_off() if $config{target} !~ /^mingw/;
+   "" -}
+# Do not edit these manually. Use Configure with --prefix or --openssldir
+# to change this!  Short explanation in the top comment in Configure
+INSTALLTOP_dev={- # $prefix is used in the OPENSSLDIR perl snippet
+                  #
+                  use File::Spec::Win32;
+                  my $prefix_default = "$mingw_installroot/OpenSSL";
+                  our $prefix =
+                      File::Spec::Win32->canonpath($config{prefix}
+                                                  || $prefix_default);
+                  our ($prefix_dev, $prefix_dir, $prefix_file) =
+                      File::Spec::Win32->splitpath($prefix, 1);
+                  $prefix =~ s|\\|/|g;
+                  $prefix_dir =~ s|\\|/|g;
+                  $prefix_dev -}
+INSTALLTOP_dir={- my $x = File::Spec::Win32->canonpath($prefix_dir);
+                  $x =~ s|\\|/|g;
+                  $x -}
+OPENSSLDIR_dev={- #
+                  # The logic here is that if no --openssldir was given,
+                  # OPENSSLDIR will get the value "$mingw_commonroot/SSL".
+                  # If --openssldir was given and the value is an absolute
+                  # path, OPENSSLDIR will get its value without change.
+                  # If the value from --openssldir is a relative path,
+                  # OPENSSLDIR will get $prefix with the --openssldir
+                  # value appended as a subdirectory.
+                  #
+                  use File::Spec::Win32;
+                  our $openssldir =



Home | Main Index | Thread Index | Old Index