diff --git a/CHANGES b/CHANGES index de9c7c1f4b30086d93c1ddc223ad3fd452b11785..27302057df144ac4964d46502e965fa9c7d2575d 100644 --- a/CHANGES +++ b/CHANGES @@ -9,6 +9,13 @@ Changes between 1.1.1c and 1.1.1d [xx XXX xxxx] + *) Use Windows installation paths in the mingw builds + + Mingw isn't a POSIX environment per se, which means that Windows + paths should be used for installation. + (CVE-2019-1552) + [Richard Levitte] + *) Changed DH parameters to generate the order q subgroup instead of 2q. Previously generated DH parameters are still accepted by DH_check but DH_generate_key works around that by clearing bit 0 of the diff --git a/Configurations/10-main.conf b/Configurations/10-main.conf index e311a5dcb694dd0d417e5b8776ee20581acf6f88..3c4299d2640488f47abc1abec930cac6570454e9 100644 --- a/Configurations/10-main.conf +++ b/Configurations/10-main.conf @@ -1397,6 +1397,10 @@ my %targets = ( shared_extension => ".dll", multilib => "", apps_aux_src => add("win32_init.c"), + # "WOW" stands for "Windows on Windows", and that word engages + # some installation path heuristics in unix-Makefile.tmpl... + build_scheme => add("WOW", { separator => undef }), + }, "mingw64" => { # As for OPENSSL_USE_APPLINK. Applink makes it possible to use diff --git a/Configurations/unix-Makefile.tmpl b/Configurations/unix-Makefile.tmpl index e7d246b6ad3b43d5285269c3871b1f4bd76df68c..4b923fd890dc705628a91ca5f56e1a5919a73ba0 100644 --- a/Configurations/unix-Makefile.tmpl +++ b/Configurations/unix-Makefile.tmpl @@ -14,6 +14,26 @@ our $dsoext = $target{dso_extension} || ".so"; our $makedepprog = $disabled{makedepend} ? undef : $config{makedepprog}; + # $mingw_installroot and $mingw_commonroot is relevant for mingw only. + my $build_scheme = $target{build_scheme}; + my $install_flavour = $build_scheme->[$#$build_scheme]; # last element + my $mingw_installenv = $install_flavour eq "WOW" ? "ProgramFiles(x86)" + : "ProgramW6432"; + my $mingw_commonenv = $install_flavour eq "WOW" ? "CommonProgramFiles(x86)" + : "CommonProgramW6432"; + our $mingw_installroot = + defined($ENV{$mingw_installenv}) ? $mingw_installenv : 'ProgramFiles'; + our $mingw_commonroot = + defined($ENV{$mingw_commonenv}) ? $mingw_commonenv : 'CommonProgramFiles'; + my $mingw_installdflt = + $install_flavour eq "WOW" ? "C:/Program Files (x86)" + : "C:/Program Files"; + my $mingw_commondflt = "$mingw_installdflt/Common Files"; + + # expand variables early + $mingw_installroot = $ENV{$mingw_installroot} // $mingw_installdflt; + $mingw_commonroot = $ENV{$mingw_commonroot} // $mingw_commondflt; + sub windowsdll { $config{target} =~ /^(?:Cygwin|mingw)/ } # Shared AIX support is special. We put libcrypto[64].so.ver into @@ -132,6 +152,7 @@ APPS_OPENSSL={- use File::Spec::Functions; # Normally it is left empty. DESTDIR= +{- output_off() if $config{target} =~ /^mingw/; "" -} # Do not edit these manually. Use Configure with --prefix or --openssldir # to change this! Short explanation in the top comment in Configure INSTALLTOP={- # $prefix is used in the OPENSSLDIR perl snippet @@ -175,6 +196,83 @@ ENGINESDIR=$(libdir)/engines-{- $sover_dirname -} # Convenience variable for those who want to set the rpath in shared # libraries and applications LIBRPATH=$(libdir) +{- output_on() if $config{target} =~ /^mingw/; + output_off() if $config{target} !~ /^mingw/; + "" -} +# Do not edit these manually. Use Configure with --prefix or --openssldir +# to change this! Short explanation in the top comment in Configure +INSTALLTOP_dev={- # $prefix is used in the OPENSSLDIR perl snippet + # + use File::Spec::Win32; + my $prefix_default = "$mingw_installroot/OpenSSL"; + our $prefix = + File::Spec::Win32->canonpath($config{prefix} + || $prefix_default); + our ($prefix_dev, $prefix_dir, $prefix_file) = + File::Spec::Win32->splitpath($prefix, 1); + $prefix =~ s|\\|/|g; + $prefix_dir =~ s|\\|/|g; + $prefix_dev -} +INSTALLTOP_dir={- my $x = File::Spec::Win32->canonpath($prefix_dir); + $x =~ s|\\|/|g; + $x -} +OPENSSLDIR_dev={- # + # The logic here is that if no --openssldir was given, + # OPENSSLDIR will get the value "$mingw_commonroot/SSL". + # If --openssldir was given and the value is an absolute + # path, OPENSSLDIR will get its value without change. + # If the value from --openssldir is a relative path, + # OPENSSLDIR will get $prefix with the --openssldir + # value appended as a subdirectory. + # + use File::Spec::Win32; + our $openssldir = + $config{openssldir} ? + (File::Spec::Win32->file_name_is_absolute($config{openssldir}) ? + File::Spec::Win32->canonpath($config{openssldir}) + : File::Spec::Win32->catdir($prefix, $config{openssldir})) + : File::Spec::Win32->canonpath("$mingw_commonroot/SSL"); + our ($openssldir_dev, $openssldir_dir, $openssldir_file) = + File::Spec::Win32->splitpath($openssldir, 1); + $openssldir =~ s|\\|/|g; + $openssldir_dir =~ s|\\|/|g; + $openssldir_dev -} +OPENSSLDIR_dir={- my $x = File::Spec::Win32->canonpath($openssldir_dir); + $x =~ s|\\|/|g; + $x -} +LIBDIR={- our $libdir = $config{libdir} || "lib"; + File::Spec::Win32->file_name_is_absolute($libdir) ? "" : $libdir -} +ENGINESDIR_dev={- use File::Spec::Win32; + our $enginesdir = + File::Spec::Win32->catdir($prefix,$libdir, + "engines-$sover_dirname"); + our ($enginesdir_dev, $enginesdir_dir, $enginesdir_file) = + File::Spec::Win32->splitpath($enginesdir, 1); + $enginesdir =~ s|\\|/|g; + $enginesdir_dir =~ s|\\|/|g; + $enginesdir_dev -} +ENGINESDIR_dir={- my $x = File::Spec::Win32->canonpath($enginesdir_dir); + $x =~ s|\\|/|g; + $x -} +# In a Windows environment, $(DESTDIR) is harder to contatenate with other +# directory variables, because both may contain devices. What we do here is +# to adapt INSTALLTOP, OPENSSLDIR and ENGINESDIR depending on if $(DESTDIR) +# has a value or not, to ensure that concatenation will always work further +# down. +ifneq "$(DESTDIR)" "" +INSTALLTOP=$(INSTALLTOP_dir) +OPENSSLDIR=$(OPENSSLDIR_dir) +ENGINESDIR=$(ENGINESDIR_dir) +else +INSTALLTOP=$(INSTALLTOP_dev)$(INSTALLTOP_dir) +OPENSSLDIR=$(OPENSSLDIR_dev)$(OPENSSLDIR_dir) +ENGINESDIR=$(ENGINESDIR_dev)$(ENGINESDIR_dir) +endif + +# $(libdir) is chosen to be compatible with the GNU coding standards +libdir={- File::Spec::Win32->file_name_is_absolute($libdir) + ? $libdir : '$(INSTALLTOP)/$(LIBDIR)' -} +{- output_on() if $config{target} !~ /^mingw/; "" -} MANDIR=$(INSTALLTOP)/share/man DOCDIR=$(INSTALLTOP)/share/doc/$(BASENAME) diff --git a/NOTES.WIN b/NOTES.WIN index 4d39d06f32ad10229318708c80d9454157ff234b..b1cb542d09085e6ed565d27aa95dd9d7fa708428 100644 --- a/NOTES.WIN +++ b/NOTES.WIN @@ -109,6 +109,21 @@ This naturally implies that you've installed corresponding add-on packages. + Independently of the method chosen to build for mingw, the installation + paths are similar to those used when building with VC-* targets, except + that in case the fallbacks mentioned there aren't possible (typically + when cross compiling on Linux), the paths will be the following: + + For mingw: + + PREFIX: C:/Program Files (x86)/OpenSSL + OPENSSLDIR C:/Program Files (x86)/Common Files/SSL + + For mingw64: + + PREFIX: C:/Program Files/OpenSSL + OPENSSLDIR C:/Program Files/Common Files/SSL + Linking your application ========================