+++ /dev/null
-diff U3 crypto/bio/bio.h crypto/bio/bio.h\r
---- crypto/bio/bio.h Thu Jun 11 21:50:12 2015\r
-+++ crypto/bio/bio.h Fri Jun 12 11:00:52 2015\r
-@@ -646,10 +646,10 @@\r
- int BIO_asn1_get_suffix(BIO *b, asn1_ps_func **psuffix,\r
- asn1_ps_func **psuffix_free);\r
- \r
--# ifndef OPENSSL_NO_FP_API\r
- BIO_METHOD *BIO_s_file(void);\r
- BIO *BIO_new_file(const char *filename, const char *mode);\r
- BIO *BIO_new_fp(FILE *stream, int close_flag);\r
-+# ifndef OPENSSL_NO_FP_API\r
- # define BIO_s_file_internal BIO_s_file\r
- # endif\r
- BIO *BIO_new(BIO_METHOD *type);\r
-diff U3 crypto/bio/bss_file.c crypto/bio/bss_file.c\r
---- crypto/bio/bss_file.c Thu Jun 11 21:01:06 2015\r
-+++ crypto/bio/bss_file.c Fri Jun 12 11:01:28 2015\r
-@@ -460,6 +460,23 @@\r
- return (ret);\r
- }\r
- \r
-+# else\r
-+\r
-+BIO_METHOD *BIO_s_file(void)\r
-+{\r
-+ return NULL;\r
-+}\r
-+\r
-+BIO *BIO_new_file(const char *filename, const char *mode)\r
-+{\r
-+ return NULL;\r
-+}\r
-+\r
-+BIO *BIO_new_fp(FILE *stream, int close_flag)\r
-+{\r
-+ return NULL;\r
-+}\r
-+\r
- # endif /* OPENSSL_NO_STDIO */\r
- \r
- #endif /* HEADER_BSS_FILE_C */\r
-diff U3 crypto/dh/dh_pmeth.c crypto/dh/dh_pmeth.c\r
---- crypto/dh/dh_pmeth.c Thu Jun 11 21:50:12 2015\r
-+++ crypto/dh/dh_pmeth.c Fri Jun 12 11:08:48 2015\r
-@@ -449,6 +449,9 @@\r
- *keylen = ret;\r
- return 1;\r
- } else if (dctx->kdf_type == EVP_PKEY_DH_KDF_X9_42) {\r
-+#ifdef OPENSSL_NO_CMS\r
-+ return 0;\r
-+#else\r
- unsigned char *Z = NULL;\r
- size_t Zlen = 0;\r
- if (!dctx->kdf_outlen || !dctx->kdf_oid)\r
-@@ -478,6 +481,7 @@\r
- OPENSSL_free(Z);\r
- }\r
- return ret;\r
-+#endif\r
- }\r
- return 1;\r
- }\r
-diff U3 crypto/pem/pem.h crypto/pem/pem.h\r
---- crypto/pem/pem.h Thu Jun 11 21:50:12 2015\r
-+++ crypto/pem/pem.h Fri Jun 12 10:58:18 2015\r
-@@ -324,6 +324,7 @@\r
- \r
- # define DECLARE_PEM_read_fp(name, type) /**/\r
- # define DECLARE_PEM_write_fp(name, type) /**/\r
-+# define DECLARE_PEM_write_fp_const(name, type) /**/\r
- # define DECLARE_PEM_write_cb_fp(name, type) /**/\r
- # else\r
- \r
-diff U3 crypto/pkcs7/pk7_smime.c crypto/pkcs7/pk7_smime.c\r
---- crypto/pkcs7/pk7_smime.c Thu Jun 11 21:01:06 2015\r
-+++ crypto/pkcs7/pk7_smime.c Fri Jun 12 11:23:38 2015\r
-@@ -254,7 +254,8 @@\r
- STACK_OF(PKCS7_SIGNER_INFO) *sinfos;\r
- PKCS7_SIGNER_INFO *si;\r
- X509_STORE_CTX cert_ctx;\r
-- char buf[4096];\r
-+ char *buf = NULL;\r
-+ int bufsiz;\r
- int i, j = 0, k, ret = 0;\r
- BIO *p7bio;\r
- BIO *tmpin, *tmpout;\r
-@@ -365,9 +366,14 @@\r
- } else\r
- tmpout = out;\r
- \r
-+ bufsiz = 4096;\r
-+ buf = OPENSSL_malloc(bufsiz);\r
-+ if (buf == NULL) {\r
-+ goto err;\r
-+ }\r
- /* We now have to 'read' from p7bio to calculate digests etc. */\r
- for (;;) {\r
-- i = BIO_read(p7bio, buf, sizeof(buf));\r
-+ i = BIO_read(p7bio, buf, bufsiz);\r
- if (i <= 0)\r
- break;\r
- if (tmpout)\r
-@@ -406,6 +412,10 @@\r
- BIO_free_all(p7bio);\r
- \r
- sk_X509_free(signers);\r
-+\r
-+ if (buf != NULL) {\r
-+ OPENSSL_free(buf);\r
-+ }\r
- \r
- return ret;\r
- }\r
-diff U3 crypto/rand/rand_unix.c crypto/rand/rand_unix.c\r
---- crypto/rand/rand_unix.c Thu Jun 11 21:01:06 2015\r
-+++ crypto/rand/rand_unix.c Fri Jun 12 10:51:21 2015\r
-@@ -116,7 +116,7 @@\r
- #include <openssl/rand.h>\r
- #include "rand_lcl.h"\r
- \r
--#if !(defined(OPENSSL_SYS_WINDOWS) || defined(OPENSSL_SYS_WIN32) || defined(OPENSSL_SYS_VMS) || defined(OPENSSL_SYS_OS2) || defined(OPENSSL_SYS_VXWORKS) || defined(OPENSSL_SYS_NETWARE))\r
-+#if !(defined(OPENSSL_SYS_WINDOWS) || defined(OPENSSL_SYS_WIN32) || defined(OPENSSL_SYS_VMS) || defined(OPENSSL_SYS_OS2) || defined(OPENSSL_SYS_VXWORKS) || defined(OPENSSL_SYS_NETWARE) || defined(OPENSSL_SYS_UEFI))\r
- \r
- # include <sys/types.h>\r
- # include <sys/time.h>\r
-@@ -439,7 +439,7 @@\r
- * defined(OPENSSL_SYS_VXWORKS) ||\r
- * defined(OPENSSL_SYS_NETWARE)) */\r
- \r
--#if defined(OPENSSL_SYS_VXWORKS)\r
-+#if defined(OPENSSL_SYS_VXWORKS) || defined(OPENSSL_SYS_UEFI)\r
- int RAND_poll(void)\r
- {\r
- return 0;\r
-diff U3 crypto/rsa/rsa_ameth.c crypto/rsa/rsa_ameth.c\r
---- crypto/rsa/rsa_ameth.c Thu Jun 11 21:50:12 2015\r
-+++ crypto/rsa/rsa_ameth.c Fri Jun 12 10:45:38 2015\r
-@@ -68,10 +68,12 @@\r
- #endif\r
- #include "asn1_locl.h"\r
- \r
-+#ifndef OPENSSL_NO_CMS\r
- static int rsa_cms_sign(CMS_SignerInfo *si);\r
- static int rsa_cms_verify(CMS_SignerInfo *si);\r
- static int rsa_cms_decrypt(CMS_RecipientInfo *ri);\r
- static int rsa_cms_encrypt(CMS_RecipientInfo *ri);\r
-+#endif\r
- \r
- static int rsa_pub_encode(X509_PUBKEY *pk, const EVP_PKEY *pkey)\r
- {\r
-@@ -665,6 +667,7 @@\r
- return rv;\r
- }\r
- \r
-+#ifndef OPENSSL_NO_CMS\r
- static int rsa_cms_verify(CMS_SignerInfo *si)\r
- {\r
- int nid, nid2;\r
-@@ -683,6 +686,7 @@\r
- }\r
- return 0;\r
- }\r
-+#endif\r
- \r
- /*\r
- * Customised RSA item verification routine. This is called when a signature\r
-@@ -705,6 +709,7 @@\r
- return -1;\r
- }\r
- \r
-+#ifndef OPENSSL_NO_CMS\r
- static int rsa_cms_sign(CMS_SignerInfo *si)\r
- {\r
- int pad_mode = RSA_PKCS1_PADDING;\r
-@@ -729,6 +734,7 @@\r
- X509_ALGOR_set0(alg, OBJ_nid2obj(NID_rsassaPss), V_ASN1_SEQUENCE, os);\r
- return 1;\r
- }\r
-+#endif\r
- \r
- static int rsa_item_sign(EVP_MD_CTX *ctx, const ASN1_ITEM *it, void *asn,\r
- X509_ALGOR *alg1, X509_ALGOR *alg2,\r
-@@ -785,6 +791,7 @@\r
- return pss;\r
- }\r
- \r
-+#ifndef OPENSSL_NO_CMS\r
- static int rsa_cms_decrypt(CMS_RecipientInfo *ri)\r
- {\r
- EVP_PKEY_CTX *pkctx;\r
-@@ -857,7 +864,9 @@\r
- X509_ALGOR_free(maskHash);\r
- return rv;\r
- }\r
-+#endif\r
- \r
-+#ifndef OPENSSL_NO_CMS\r
- static int rsa_cms_encrypt(CMS_RecipientInfo *ri)\r
- {\r
- const EVP_MD *md, *mgf1md;\r
-@@ -920,6 +929,7 @@\r
- ASN1_STRING_free(os);\r
- return rv;\r
- }\r
-+#endif\r
- \r
- const EVP_PKEY_ASN1_METHOD rsa_asn1_meths[] = {\r
- {\r
-diff U3 crypto/x509/x509_vfy.c crypto/x509/x509_vfy.c\r
---- crypto/x509/x509_vfy.c Thu Jun 11 21:52:58 2015\r
-+++ crypto/x509/x509_vfy.c Fri Jun 12 11:29:37 2015\r
-@@ -935,6 +935,8 @@\r
- ctx->current_crl = crl;\r
- if (ctx->param->flags & X509_V_FLAG_USE_CHECK_TIME)\r
- ptime = &ctx->param->check_time;\r
-+ else if (ctx->param->flags & X509_V_FLAG_NO_CHECK_TIME)\r
-+ return 1;\r
- else\r
- ptime = NULL;\r
- \r
-@@ -1658,6 +1660,8 @@\r
- \r
- if (ctx->param->flags & X509_V_FLAG_USE_CHECK_TIME)\r
- ptime = &ctx->param->check_time;\r
-+ else if (ctx->param->flags & X509_V_FLAG_NO_CHECK_TIME)\r
-+ return 1;\r
- else\r
- ptime = NULL;\r
- \r
-diff U3 crypto/x509/x509_vfy.h crypto/x509/x509_vfy.h\r
---- crypto/x509/x509_vfy.h Thu Jul 09 19:57:16 2015\r
-+++ crypto/x509/x509_vfy.h Thu Oct 29 14:05:57 2015\r
-@@ -438,6 +438,8 @@\r
- * will force the behaviour to match that of previous versions.\r
- */\r
- # define X509_V_FLAG_NO_ALT_CHAINS 0x100000\r
-+/* Do not check certificate/CRL validity against current time */\r
-+# define X509_V_FLAG_NO_CHECK_TIME 0x200000\r
- \r
- # define X509_VP_FLAG_DEFAULT 0x1\r
- # define X509_VP_FLAG_OVERWRITE 0x2\r
-diff U3 crypto/x509v3/ext_dat.h crypto/x509v3/ext_dat.h\r
---- crypto/x509v3/ext_dat.h Thu Jun 11 21:50:12 2015\r
-+++ crypto/x509v3/ext_dat.h Fri Jun 12 11:11:03 2015\r
-@@ -127,8 +127,10 @@\r
- &v3_idp,\r
- &v3_alt[2],\r
- &v3_freshest_crl,\r
-+#ifndef OPENSSL_SYS_UEFI\r
- &v3_ct_scts[0],\r
- &v3_ct_scts[1],\r
-+#endif\r
- };\r
- \r
- /* Number of standard extensions */\r
-diff U3 crypto/crypto.h crypto/crypto.h\r
---- crypto/crypto.h Thu Jun 11 21:01:06 2015\r
-+++ crypto/crypto.h Fri Jun 12 11:33:27 2015\r
-@@ -235,15 +235,15 @@\r
- # ifndef OPENSSL_NO_LOCKING\r
- # ifndef CRYPTO_w_lock\r
- # define CRYPTO_w_lock(type) \\r
-- CRYPTO_lock(CRYPTO_LOCK|CRYPTO_WRITE,type,__FILE__,__LINE__)\r
-+ CRYPTO_lock(CRYPTO_LOCK|CRYPTO_WRITE,type,NULL,0)\r
- # define CRYPTO_w_unlock(type) \\r
-- CRYPTO_lock(CRYPTO_UNLOCK|CRYPTO_WRITE,type,__FILE__,__LINE__)\r
-+ CRYPTO_lock(CRYPTO_UNLOCK|CRYPTO_WRITE,type,NULL,0)\r
- # define CRYPTO_r_lock(type) \\r
-- CRYPTO_lock(CRYPTO_LOCK|CRYPTO_READ,type,__FILE__,__LINE__)\r
-+ CRYPTO_lock(CRYPTO_LOCK|CRYPTO_READ,type,NULL,0)\r
- # define CRYPTO_r_unlock(type) \\r
-- CRYPTO_lock(CRYPTO_UNLOCK|CRYPTO_READ,type,__FILE__,__LINE__)\r
-+ CRYPTO_lock(CRYPTO_UNLOCK|CRYPTO_READ,type,NULL,0)\r
- # define CRYPTO_add(addr,amount,type) \\r
-- CRYPTO_add_lock(addr,amount,type,__FILE__,__LINE__)\r
-+ CRYPTO_add_lock(addr,amount,type,NULL,0)\r
- # endif\r
- # else\r
- # define CRYPTO_w_lock(a)\r
-@@ -378,19 +378,19 @@\r
- # define MemCheck_off() CRYPTO_mem_ctrl(CRYPTO_MEM_CHECK_DISABLE)\r
- # define is_MemCheck_on() CRYPTO_is_mem_check_on()\r
- \r
--# define OPENSSL_malloc(num) CRYPTO_malloc((int)num,__FILE__,__LINE__)\r
--# define OPENSSL_strdup(str) CRYPTO_strdup((str),__FILE__,__LINE__)\r
-+# define OPENSSL_malloc(num) CRYPTO_malloc((int)num,NULL,0)\r
-+# define OPENSSL_strdup(str) CRYPTO_strdup((str),NULL,0)\r
- # define OPENSSL_realloc(addr,num) \\r
-- CRYPTO_realloc((char *)addr,(int)num,__FILE__,__LINE__)\r
-+ CRYPTO_realloc((char *)addr,(int)num,NULL,0)\r
- # define OPENSSL_realloc_clean(addr,old_num,num) \\r
-- CRYPTO_realloc_clean(addr,old_num,num,__FILE__,__LINE__)\r
-+ CRYPTO_realloc_clean(addr,old_num,num,NULL,0)\r
- # define OPENSSL_remalloc(addr,num) \\r
-- CRYPTO_remalloc((char **)addr,(int)num,__FILE__,__LINE__)\r
-+ CRYPTO_remalloc((char **)addr,(int)num,NULL,0)\r
- # define OPENSSL_freeFunc CRYPTO_free\r
- # define OPENSSL_free(addr) CRYPTO_free(addr)\r
- \r
- # define OPENSSL_malloc_locked(num) \\r
-- CRYPTO_malloc_locked((int)num,__FILE__,__LINE__)\r
-+ CRYPTO_malloc_locked((int)num,NULL,0)\r
- # define OPENSSL_free_locked(addr) CRYPTO_free_locked(addr)\r
- \r
- const char *SSLeay_version(int type);\r
-@@ -545,7 +545,7 @@\r
- long CRYPTO_get_mem_debug_options(void);\r
- \r
- # define CRYPTO_push_info(info) \\r
-- CRYPTO_push_info_(info, __FILE__, __LINE__);\r
-+ CRYPTO_push_info_(info, NULL, 0);\r
- int CRYPTO_push_info_(const char *info, const char *file, int line);\r
- int CRYPTO_pop_info(void);\r
- int CRYPTO_remove_all_info(void);\r
-@@ -588,7 +588,7 @@\r
- \r
- /* die if we have to */\r
- void OpenSSLDie(const char *file, int line, const char *assertion);\r
--# define OPENSSL_assert(e) (void)((e) ? 0 : (OpenSSLDie(__FILE__, __LINE__, #e),1))\r
-+# define OPENSSL_assert(e) (void)((e) ? 0 : (OpenSSLDie(NULL, 0, #e),1))\r
- \r
- unsigned long *OPENSSL_ia32cap_loc(void);\r
- # define OPENSSL_ia32cap (*(OPENSSL_ia32cap_loc()))\r
-@@ -605,14 +605,14 @@\r
- # define fips_md_init_ctx(alg, cx) \\r
- int alg##_Init(cx##_CTX *c) \\r
- { \\r
-- if (FIPS_mode()) OpenSSLDie(__FILE__, __LINE__, \\r
-+ if (FIPS_mode()) OpenSSLDie(NULL, 0, \\r
- "Low level API call to digest " #alg " forbidden in FIPS mode!"); \\r
- return private_##alg##_Init(c); \\r
- } \\r
- int private_##alg##_Init(cx##_CTX *c)\r
- \r
- # define fips_cipher_abort(alg) \\r
-- if (FIPS_mode()) OpenSSLDie(__FILE__, __LINE__, \\r
-+ if (FIPS_mode()) OpenSSLDie(NULL, 0, \\r
- "Low level API call to cipher " #alg " forbidden in FIPS mode!")\r
- \r
- # else\r
-diff U3 crypto/opensslconf.h crypto/opensslconf.h\r
---- crypto/opensslconf.h Thu Jun 11 21:55:38 2015\r
-+++ crypto/opensslconf.h Fri Jun 12 10:28:27 2015\r
-@@ -5,15 +5,72 @@\r
- extern "C" {\r
- #endif\r
- /* OpenSSL was configured with the following options: */\r
-+#ifndef OPENSSL_SYSNAME_UEFI\r
-+# define OPENSSL_SYSNAME_UEFI\r
-+#endif\r
- #ifndef OPENSSL_DOING_MAKEDEPEND\r
- \r
- \r
-+#ifndef OPENSSL_NO_BF\r
-+# define OPENSSL_NO_BF\r
-+#endif\r
-+#ifndef OPENSSL_NO_CAMELLIA\r
-+# define OPENSSL_NO_CAMELLIA\r
-+#endif\r
-+#ifndef OPENSSL_NO_CAPIENG\r
-+# define OPENSSL_NO_CAPIENG\r
-+#endif\r
-+#ifndef OPENSSL_NO_CAST\r
-+# define OPENSSL_NO_CAST\r
-+#endif\r
-+#ifndef OPENSSL_NO_CMS\r
-+# define OPENSSL_NO_CMS\r
-+#endif\r
-+#ifndef OPENSSL_NO_DEPRECATED\r
-+# define OPENSSL_NO_DEPRECATED\r
-+#endif\r
-+#ifndef OPENSSL_NO_DGRAM\r
-+# define OPENSSL_NO_DGRAM\r
-+#endif\r
-+#ifndef OPENSSL_NO_DSA\r
-+# define OPENSSL_NO_DSA\r
-+#endif\r
-+#ifndef OPENSSL_NO_DYNAMIC_ENGINE\r
-+# define OPENSSL_NO_DYNAMIC_ENGINE\r
-+#endif\r
-+#ifndef OPENSSL_NO_EC\r
-+# define OPENSSL_NO_EC\r
-+#endif\r
- #ifndef OPENSSL_NO_EC_NISTP_64_GCC_128\r
- # define OPENSSL_NO_EC_NISTP_64_GCC_128\r
- #endif\r
-+#ifndef OPENSSL_NO_ECDH\r
-+# define OPENSSL_NO_ECDH\r
-+#endif\r
-+#ifndef OPENSSL_NO_ECDSA\r
-+# define OPENSSL_NO_ECDSA\r
-+#endif\r
-+#ifndef OPENSSL_NO_ENGINE\r
-+# define OPENSSL_NO_ENGINE\r
-+#endif\r
-+#ifndef OPENSSL_NO_ENGINES\r
-+# define OPENSSL_NO_ENGINES\r
-+#endif\r
-+#ifndef OPENSSL_NO_FILENAMES\r
-+# define OPENSSL_NO_FILENAMES\r
-+#endif\r
-+#ifndef OPENSSL_NO_FP_API\r
-+# define OPENSSL_NO_FP_API\r
-+#endif\r
- #ifndef OPENSSL_NO_GMP\r
- # define OPENSSL_NO_GMP\r
- #endif\r
-+#ifndef OPENSSL_NO_GOST\r
-+# define OPENSSL_NO_GOST\r
-+#endif\r
-+#ifndef OPENSSL_NO_IDEA\r
-+# define OPENSSL_NO_IDEA\r
-+#endif\r
- #ifndef OPENSSL_NO_JPAKE\r
- # define OPENSSL_NO_JPAKE\r
- #endif\r
-@@ -23,30 +80,90 @@\r
- #ifndef OPENSSL_NO_LIBUNBOUND\r
- # define OPENSSL_NO_LIBUNBOUND\r
- #endif\r
-+#ifndef OPENSSL_NO_LOCKING\r
-+# define OPENSSL_NO_LOCKING\r
-+#endif\r
- #ifndef OPENSSL_NO_MD2\r
- # define OPENSSL_NO_MD2\r
- #endif\r
-+#ifndef OPENSSL_NO_MDC2\r
-+# define OPENSSL_NO_MDC2\r
-+#endif\r
-+#ifndef OPENSSL_NO_POSIX_IO\r
-+# define OPENSSL_NO_POSIX_IO\r
-+#endif\r
-+#ifndef OPENSSL_NO_RC2\r
-+# define OPENSSL_NO_RC2\r
-+#endif\r
- #ifndef OPENSSL_NO_RC5\r
- # define OPENSSL_NO_RC5\r
- #endif\r
-+#ifndef OPENSSL_NO_RCS\r
-+# define OPENSSL_NO_RCS\r
-+#endif\r
- #ifndef OPENSSL_NO_RFC3779\r
- # define OPENSSL_NO_RFC3779\r
- #endif\r
-+#ifndef OPENSSL_NO_RIPEMD\r
-+# define OPENSSL_NO_RIPEMD\r
-+#endif\r
-+#ifndef OPENSSL_NO_SCRYPT\r
-+# define OPENSSL_NO_SCRYPT\r
-+#endif\r
-+#ifndef OPENSSL_NO_SCT\r
-+# define OPENSSL_NO_SCT\r
-+#endif\r
- #ifndef OPENSSL_NO_SCTP\r
- # define OPENSSL_NO_SCTP\r
- #endif\r
-+#ifndef OPENSSL_NO_SEED\r
-+# define OPENSSL_NO_SEED\r
-+#endif\r
-+#ifndef OPENSSL_NO_SHA0\r
-+# define OPENSSL_NO_SHA0\r
-+#endif\r
-+#ifndef OPENSSL_NO_SOCK\r
-+# define OPENSSL_NO_SOCK\r
-+#endif\r
-+#ifndef OPENSSL_NO_SRP\r
-+# define OPENSSL_NO_SRP\r
-+#endif\r
- #ifndef OPENSSL_NO_SSL_TRACE\r
- # define OPENSSL_NO_SSL_TRACE\r
- #endif\r
-+#ifndef OPENSSL_NO_SSL2\r
-+# define OPENSSL_NO_SSL2\r
-+#endif\r
-+#ifndef OPENSSL_NO_SSL3\r
-+# define OPENSSL_NO_SSL3\r
-+#endif\r
-+#ifndef OPENSSL_NO_STDIO\r
-+# define OPENSSL_NO_STDIO\r
-+#endif\r
- #ifndef OPENSSL_NO_STORE\r
- # define OPENSSL_NO_STORE\r
- #endif\r
-+#ifndef OPENSSL_NO_UI\r
-+# define OPENSSL_NO_UI\r
-+#endif\r
- #ifndef OPENSSL_NO_UNIT_TEST\r
- # define OPENSSL_NO_UNIT_TEST\r
- #endif\r
-+#ifndef OPENSSL_NO_WHIRLPOOL\r
-+# define OPENSSL_NO_WHIRLPOOL\r
-+#endif\r
- \r
- #endif /* OPENSSL_DOING_MAKEDEPEND */\r
- \r
-+#ifndef OPENSSL_NO_ASM\r
-+# define OPENSSL_NO_ASM\r
-+#endif\r
-+#ifndef OPENSSL_NO_ERR\r
-+# define OPENSSL_NO_ERR\r
-+#endif\r
-+#ifndef OPENSSL_NO_HW\r
-+# define OPENSSL_NO_HW\r
-+#endif\r
- #ifndef OPENSSL_NO_DYNAMIC_ENGINE\r
- # define OPENSSL_NO_DYNAMIC_ENGINE\r
- #endif\r
-@@ -56,12 +173,66 @@\r
- who haven't had the time to do the appropriate changes in their\r
- applications. */\r
- #ifdef OPENSSL_ALGORITHM_DEFINES\r
-+# if defined(OPENSSL_NO_BF) && !defined(NO_BF)\r
-+# define NO_BF\r
-+# endif\r
-+# if defined(OPENSSL_NO_CAMELLIA) && !defined(NO_CAMELLIA)\r
-+# define NO_CAMELLIA\r
-+# endif\r
-+# if defined(OPENSSL_NO_CAPIENG) && !defined(NO_CAPIENG)\r
-+# define NO_CAPIENG\r
-+# endif\r
-+# if defined(OPENSSL_NO_CAST) && !defined(NO_CAST)\r
-+# define NO_CAST\r
-+# endif\r
-+# if defined(OPENSSL_NO_CMS) && !defined(NO_CMS)\r
-+# define NO_CMS\r
-+# endif\r
-+# if defined(OPENSSL_NO_DEPRECATED) && !defined(NO_DEPRECATED)\r
-+# define NO_DEPRECATED\r
-+# endif\r
-+# if defined(OPENSSL_NO_DGRAM) && !defined(NO_DGRAM)\r
-+# define NO_DGRAM\r
-+# endif\r
-+# if defined(OPENSSL_NO_DSA) && !defined(NO_DSA)\r
-+# define NO_DSA\r
-+# endif\r
-+# if defined(OPENSSL_NO_DYNAMIC_ENGINE) && !defined(NO_DYNAMIC_ENGINE)\r
-+# define NO_DYNAMIC_ENGINE\r
-+# endif\r
-+# if defined(OPENSSL_NO_EC) && !defined(NO_EC)\r
-+# define NO_EC\r
-+# endif\r
- # if defined(OPENSSL_NO_EC_NISTP_64_GCC_128) && !defined(NO_EC_NISTP_64_GCC_128)\r
- # define NO_EC_NISTP_64_GCC_128\r
- # endif\r
-+# if defined(OPENSSL_NO_ECDH) && !defined(NO_ECDH)\r
-+# define NO_ECDH\r
-+# endif\r
-+# if defined(OPENSSL_NO_ECDSA) && !defined(NO_ECDSA)\r
-+# define NO_ECDSA\r
-+# endif\r
-+# if defined(OPENSSL_NO_ENGINE) && !defined(NO_ENGINE)\r
-+# define NO_ENGINE\r
-+# endif\r
-+# if defined(OPENSSL_NO_ENGINES) && !defined(NO_ENGINES)\r
-+# define NO_ENGINES\r
-+# endif\r
-+# if defined(OPENSSL_NO_FILENAMES) && !defined(NO_FILENAMES)\r
-+# define NO_FILENAMES\r
-+# endif\r
-+# if defined(OPENSSL_NO_FP_API) && !defined(NO_FP_API)\r
-+# define NO_FP_API\r
-+# endif\r
- # if defined(OPENSSL_NO_GMP) && !defined(NO_GMP)\r
- # define NO_GMP\r
- # endif\r
-+# if defined(OPENSSL_NO_GOST) && !defined(NO_GOST)\r
-+# define NO_GOST\r
-+# endif\r
-+# if defined(OPENSSL_NO_IDEA) && !defined(NO_IDEA)\r
-+# define NO_IDEA\r
-+# endif\r
- # if defined(OPENSSL_NO_JPAKE) && !defined(NO_JPAKE)\r
- # define NO_JPAKE\r
- # endif\r
-@@ -71,27 +242,78 @@\r
- # if defined(OPENSSL_NO_LIBUNBOUND) && !defined(NO_LIBUNBOUND)\r
- # define NO_LIBUNBOUND\r
- # endif\r
-+# if defined(OPENSSL_NO_LOCKING) && !defined(NO_LOCKING)\r
-+# define NO_LOCKING\r
-+# endif\r
- # if defined(OPENSSL_NO_MD2) && !defined(NO_MD2)\r
- # define NO_MD2\r
- # endif\r
-+# if defined(OPENSSL_NO_MDC2) && !defined(NO_MDC2)\r
-+# define NO_MDC2\r
-+# endif\r
-+# if defined(OPENSSL_NO_POSIX_IO) && !defined(NO_POSIX_IO)\r
-+# define NO_POSIX_IO\r
-+# endif\r
-+# if defined(OPENSSL_NO_RC2) && !defined(NO_RC2)\r
-+# define NO_RC2\r
-+# endif\r
- # if defined(OPENSSL_NO_RC5) && !defined(NO_RC5)\r
- # define NO_RC5\r
- # endif\r
-+# if defined(OPENSSL_NO_RCS) && !defined(NO_RCS)\r
-+# define NO_RCS\r
-+# endif\r
- # if defined(OPENSSL_NO_RFC3779) && !defined(NO_RFC3779)\r
- # define NO_RFC3779\r
- # endif\r
-+# if defined(OPENSSL_NO_RIPEMD) && !defined(NO_RIPEMD)\r
-+# define NO_RIPEMD\r
-+# endif\r
-+# if defined(OPENSSL_NO_SCRYPT) && !defined(NO_SCRYPT)\r
-+# define NO_SCRYPT\r
-+# endif\r
-+# if defined(OPENSSL_NO_SCT) && !defined(NO_SCT)\r
-+# define NO_SCT\r
-+# endif\r
- # if defined(OPENSSL_NO_SCTP) && !defined(NO_SCTP)\r
- # define NO_SCTP\r
- # endif\r
-+# if defined(OPENSSL_NO_SEED) && !defined(NO_SEED)\r
-+# define NO_SEED\r
-+# endif\r
-+# if defined(OPENSSL_NO_SHA0) && !defined(NO_SHA0)\r
-+# define NO_SHA0\r
-+# endif\r
-+# if defined(OPENSSL_NO_SOCK) && !defined(NO_SOCK)\r
-+# define NO_SOCK\r
-+# endif\r
-+# if defined(OPENSSL_NO_SRP) && !defined(NO_SRP)\r
-+# define NO_SRP\r
-+# endif\r
- # if defined(OPENSSL_NO_SSL_TRACE) && !defined(NO_SSL_TRACE)\r
- # define NO_SSL_TRACE\r
- # endif\r
-+# if defined(OPENSSL_NO_SSL2) && !defined(NO_SSL2)\r
-+# define NO_SSL2\r
-+# endif\r
-+# if defined(OPENSSL_NO_SSL3) && !defined(NO_SSL3)\r
-+# define NO_SSL3\r
-+# endif\r
-+# if defined(OPENSSL_NO_STDIO) && !defined(NO_STDIO)\r
-+# define NO_STDIO\r
-+# endif\r
- # if defined(OPENSSL_NO_STORE) && !defined(NO_STORE)\r
- # define NO_STORE\r
- # endif\r
-+# if defined(OPENSSL_NO_UI) && !defined(NO_UI)\r
-+# define NO_UI\r
-+# endif\r
- # if defined(OPENSSL_NO_UNIT_TEST) && !defined(NO_UNIT_TEST)\r
- # define NO_UNIT_TEST\r
- # endif\r
-+# if defined(OPENSSL_NO_WHIRLPOOL) && !defined(NO_WHIRLPOOL)\r
-+# define NO_WHIRLPOOL\r
-+# endif\r
- #endif\r
- \r
- /* crypto/opensslconf.h.in */\r
-@@ -152,7 +374,7 @@\r
- #endif\r
- #endif\r
- \r
--#if defined(HEADER_BN_H) && !defined(CONFIG_HEADER_BN_H)\r
-+#if defined(HEADER_BN_H) && !defined(CONFIG_HEADER_BN_H) && !defined(OPENSSL_SYSNAME_UEFI)\r
- #define CONFIG_HEADER_BN_H\r
- #undef BN_LLONG\r
- \r
-diff U3 e_os.h e_os.h\r
---- e_os.h Thu Jul 09 19:57:16 2015\r
-+++ e_os.h Thu Oct 29 16:54:10 2015\r
-@@ -136,7 +136,7 @@\r
- # define MSDOS\r
- # endif\r
- \r
--# if defined(MSDOS) && !defined(GETPID_IS_MEANINGLESS)\r
-+# if (defined(MSDOS) || defined(OPENSSL_SYS_UEFI)) && !defined(GETPID_IS_MEANINGLESS)\r
- # define GETPID_IS_MEANINGLESS\r
- # endif\r
- \r
-diff U3 e_os2.h e_os2.h\r
---- e_os2.h Thu Jul 09 19:57:16 2015\r
-+++ e_os2.h Thu Oct 29 15:08:19 2015\r
-@@ -97,7 +97,14 @@\r
- * For 32 bit environment, there seems to be the CygWin environment and then\r
- * all the others that try to do the same thing Microsoft does...\r
- */\r
--# if defined(OPENSSL_SYSNAME_UWIN)\r
-+/*\r
-+ * UEFI lives here because it might be built with a Microsoft toolchain and\r
-+ * we need to avoid the false positive match on Windows.\r
-+ */\r
-+# if defined(OPENSSL_SYSNAME_UEFI)\r
-+# undef OPENSSL_SYS_UNIX\r
-+# define OPENSSL_SYS_UEFI\r
-+# elif defined(OPENSSL_SYSNAME_UWIN)\r
- # undef OPENSSL_SYS_UNIX\r
- # define OPENSSL_SYS_WIN32_UWIN\r
- # else\r
--- /dev/null
+diff U3 crypto/bio/bio.h crypto/bio/bio.h\r
+--- crypto/bio/bio.h Thu Jun 11 21:50:12 2015\r
++++ crypto/bio/bio.h Fri Jun 12 11:00:52 2015\r
+@@ -646,10 +646,10 @@\r
+ int BIO_asn1_get_suffix(BIO *b, asn1_ps_func **psuffix,\r
+ asn1_ps_func **psuffix_free);\r
+ \r
+-# ifndef OPENSSL_NO_FP_API\r
+ BIO_METHOD *BIO_s_file(void);\r
+ BIO *BIO_new_file(const char *filename, const char *mode);\r
+ BIO *BIO_new_fp(FILE *stream, int close_flag);\r
++# ifndef OPENSSL_NO_FP_API\r
+ # define BIO_s_file_internal BIO_s_file\r
+ # endif\r
+ BIO *BIO_new(BIO_METHOD *type);\r
+diff U3 crypto/bio/bss_file.c crypto/bio/bss_file.c\r
+--- crypto/bio/bss_file.c Thu Jun 11 21:01:06 2015\r
++++ crypto/bio/bss_file.c Fri Jun 12 11:01:28 2015\r
+@@ -467,6 +467,23 @@\r
+ return (ret);\r
+ }\r
+ \r
++# else\r
++\r
++BIO_METHOD *BIO_s_file(void)\r
++{\r
++ return NULL;\r
++}\r
++\r
++BIO *BIO_new_file(const char *filename, const char *mode)\r
++{\r
++ return NULL;\r
++}\r
++\r
++BIO *BIO_new_fp(FILE *stream, int close_flag)\r
++{\r
++ return NULL;\r
++}\r
++\r
+ # endif /* OPENSSL_NO_STDIO */\r
+ \r
+ #endif /* HEADER_BSS_FILE_C */\r
+diff U3 crypto/dh/dh_pmeth.c crypto/dh/dh_pmeth.c\r
+--- crypto/dh/dh_pmeth.c Thu Jun 11 21:50:12 2015\r
++++ crypto/dh/dh_pmeth.c Fri Jun 12 11:08:48 2015\r
+@@ -449,6 +449,9 @@\r
+ *keylen = ret;\r
+ return 1;\r
+ } else if (dctx->kdf_type == EVP_PKEY_DH_KDF_X9_42) {\r
++#ifdef OPENSSL_NO_CMS\r
++ return 0;\r
++#else\r
+ unsigned char *Z = NULL;\r
+ size_t Zlen = 0;\r
+ if (!dctx->kdf_outlen || !dctx->kdf_oid)\r
+@@ -478,6 +481,7 @@\r
+ OPENSSL_free(Z);\r
+ }\r
+ return ret;\r
++#endif\r
+ }\r
+ return 1;\r
+ }\r
+diff U3 crypto/pem/pem.h crypto/pem/pem.h\r
+--- crypto/pem/pem.h Thu Jun 11 21:50:12 2015\r
++++ crypto/pem/pem.h Fri Jun 12 10:58:18 2015\r
+@@ -324,6 +324,7 @@\r
+ \r
+ # define DECLARE_PEM_read_fp(name, type) /**/\r
+ # define DECLARE_PEM_write_fp(name, type) /**/\r
++# define DECLARE_PEM_write_fp_const(name, type) /**/\r
+ # define DECLARE_PEM_write_cb_fp(name, type) /**/\r
+ # else\r
+ \r
+diff U3 crypto/pkcs7/pk7_smime.c crypto/pkcs7/pk7_smime.c\r
+--- crypto/pkcs7/pk7_smime.c Thu Jun 11 21:01:06 2015\r
++++ crypto/pkcs7/pk7_smime.c Fri Jun 12 11:23:38 2015\r
+@@ -254,7 +254,8 @@\r
+ STACK_OF(PKCS7_SIGNER_INFO) *sinfos;\r
+ PKCS7_SIGNER_INFO *si;\r
+ X509_STORE_CTX cert_ctx;\r
+- char buf[4096];\r
++ char *buf = NULL;\r
++ int bufsiz;\r
+ int i, j = 0, k, ret = 0;\r
+ BIO *p7bio = NULL;\r
+ BIO *tmpin = NULL, *tmpout = NULL;\r
+@@ -275,12 +276,6 @@\r
+ return 0;\r
+ }\r
+ \r
+- /* Check for data and content: two sets of data */\r
+- if (!PKCS7_get_detached(p7) && indata) {\r
+- PKCS7err(PKCS7_F_PKCS7_VERIFY, PKCS7_R_CONTENT_AND_DATA_PRESENT);\r
+- return 0;\r
+- }\r
+-\r
+ sinfos = PKCS7_get_signer_info(p7);\r
+ \r
+ if (!sinfos || !sk_PKCS7_SIGNER_INFO_num(sinfos)) {\r
+@@ -355,9 +350,14 @@\r
+ } else\r
+ tmpout = out;\r
+ \r
++ bufsiz = 4096;\r
++ buf = OPENSSL_malloc(bufsiz);\r
++ if (buf == NULL) {\r
++ goto err;\r
++ }\r
+ /* We now have to 'read' from p7bio to calculate digests etc. */\r
+ for (;;) {\r
+- i = BIO_read(p7bio, buf, sizeof(buf));\r
++ i = BIO_read(p7bio, buf, bufsiz);\r
+ if (i <= 0)\r
+ break;\r
+ if (tmpout)\r
+@@ -394,6 +394,10 @@\r
+ }\r
+ BIO_free_all(p7bio);\r
+ sk_X509_free(signers);\r
++\r
++ if (buf != NULL) {\r
++ OPENSSL_free(buf);\r
++ }\r
+ return ret;\r
+ }\r
+ \r
+diff U3 crypto/rand/rand_unix.c crypto/rand/rand_unix.c\r
+--- crypto/rand/rand_unix.c Thu Jun 11 21:01:06 2015\r
++++ crypto/rand/rand_unix.c Fri Jun 12 10:51:21 2015\r
+@@ -116,7 +116,7 @@\r
+ #include <openssl/rand.h>\r
+ #include "rand_lcl.h"\r
+ \r
+-#if !(defined(OPENSSL_SYS_WINDOWS) || defined(OPENSSL_SYS_WIN32) || defined(OPENSSL_SYS_VMS) || defined(OPENSSL_SYS_OS2) || defined(OPENSSL_SYS_VXWORKS) || defined(OPENSSL_SYS_NETWARE))\r
++#if !(defined(OPENSSL_SYS_WINDOWS) || defined(OPENSSL_SYS_WIN32) || defined(OPENSSL_SYS_VMS) || defined(OPENSSL_SYS_OS2) || defined(OPENSSL_SYS_VXWORKS) || defined(OPENSSL_SYS_NETWARE) || defined(OPENSSL_SYS_UEFI))\r
+ \r
+ # include <sys/types.h>\r
+ # include <sys/time.h>\r
+@@ -439,7 +439,7 @@\r
+ * defined(OPENSSL_SYS_VXWORKS) ||\r
+ * defined(OPENSSL_SYS_NETWARE)) */\r
+ \r
+-#if defined(OPENSSL_SYS_VXWORKS)\r
++#if defined(OPENSSL_SYS_VXWORKS) || defined(OPENSSL_SYS_UEFI)\r
+ int RAND_poll(void)\r
+ {\r
+ return 0;\r
+diff U3 crypto/rsa/rsa_ameth.c crypto/rsa/rsa_ameth.c\r
+--- crypto/rsa/rsa_ameth.c Thu Jun 11 21:50:12 2015\r
++++ crypto/rsa/rsa_ameth.c Fri Jun 12 10:45:38 2015\r
+@@ -68,10 +68,12 @@\r
+ #endif\r
+ #include "asn1_locl.h"\r
+ \r
++#ifndef OPENSSL_NO_CMS\r
+ static int rsa_cms_sign(CMS_SignerInfo *si);\r
+ static int rsa_cms_verify(CMS_SignerInfo *si);\r
+ static int rsa_cms_decrypt(CMS_RecipientInfo *ri);\r
+ static int rsa_cms_encrypt(CMS_RecipientInfo *ri);\r
++#endif\r
+ \r
+ static int rsa_pub_encode(X509_PUBKEY *pk, const EVP_PKEY *pkey)\r
+ {\r
+@@ -665,6 +667,7 @@\r
+ return rv;\r
+ }\r
+ \r
++#ifndef OPENSSL_NO_CMS\r
+ static int rsa_cms_verify(CMS_SignerInfo *si)\r
+ {\r
+ int nid, nid2;\r
+@@ -683,6 +686,7 @@\r
+ }\r
+ return 0;\r
+ }\r
++#endif\r
+ \r
+ /*\r
+ * Customised RSA item verification routine. This is called when a signature\r
+@@ -705,6 +709,7 @@\r
+ return -1;\r
+ }\r
+ \r
++#ifndef OPENSSL_NO_CMS\r
+ static int rsa_cms_sign(CMS_SignerInfo *si)\r
+ {\r
+ int pad_mode = RSA_PKCS1_PADDING;\r
+@@ -729,6 +734,7 @@\r
+ X509_ALGOR_set0(alg, OBJ_nid2obj(NID_rsassaPss), V_ASN1_SEQUENCE, os);\r
+ return 1;\r
+ }\r
++#endif\r
+ \r
+ static int rsa_item_sign(EVP_MD_CTX *ctx, const ASN1_ITEM *it, void *asn,\r
+ X509_ALGOR *alg1, X509_ALGOR *alg2,\r
+@@ -785,6 +791,7 @@\r
+ return pss;\r
+ }\r
+ \r
++#ifndef OPENSSL_NO_CMS\r
+ static int rsa_cms_decrypt(CMS_RecipientInfo *ri)\r
+ {\r
+ EVP_PKEY_CTX *pkctx;\r
+@@ -857,7 +864,9 @@\r
+ X509_ALGOR_free(maskHash);\r
+ return rv;\r
+ }\r
++#endif\r
+ \r
++#ifndef OPENSSL_NO_CMS\r
+ static int rsa_cms_encrypt(CMS_RecipientInfo *ri)\r
+ {\r
+ const EVP_MD *md, *mgf1md;\r
+@@ -920,6 +929,7 @@\r
+ ASN1_STRING_free(os);\r
+ return rv;\r
+ }\r
++#endif\r
+ \r
+ const EVP_PKEY_ASN1_METHOD rsa_asn1_meths[] = {\r
+ {\r
+diff U3 crypto/x509/x509_vfy.c crypto/x509/x509_vfy.c\r
+--- crypto/x509/x509_vfy.c Thu Jun 11 21:52:58 2015\r
++++ crypto/x509/x509_vfy.c Fri Jun 12 11:29:37 2015\r
+@@ -940,6 +940,8 @@\r
+ ctx->current_crl = crl;\r
+ if (ctx->param->flags & X509_V_FLAG_USE_CHECK_TIME)\r
+ ptime = &ctx->param->check_time;\r
++ else if (ctx->param->flags & X509_V_FLAG_NO_CHECK_TIME)\r
++ return 1;\r
+ else\r
+ ptime = NULL;\r
+ \r
+@@ -1663,6 +1665,8 @@\r
+ \r
+ if (ctx->param->flags & X509_V_FLAG_USE_CHECK_TIME)\r
+ ptime = &ctx->param->check_time;\r
++ else if (ctx->param->flags & X509_V_FLAG_NO_CHECK_TIME)\r
++ return 1;\r
+ else\r
+ ptime = NULL;\r
+ \r
+diff U3 crypto/x509/x509_vfy.h crypto/x509/x509_vfy.h\r
+--- crypto/x509/x509_vfy.h Thu Jul 09 19:57:16 2015\r
++++ crypto/x509/x509_vfy.h Thu Oct 29 14:05:57 2015\r
+@@ -438,6 +438,8 @@\r
+ * will force the behaviour to match that of previous versions.\r
+ */\r
+ # define X509_V_FLAG_NO_ALT_CHAINS 0x100000\r
++/* Do not check certificate/CRL validity against current time */\r
++# define X509_V_FLAG_NO_CHECK_TIME 0x200000\r
+ \r
+ # define X509_VP_FLAG_DEFAULT 0x1\r
+ # define X509_VP_FLAG_OVERWRITE 0x2\r
+diff U3 crypto/x509v3/ext_dat.h crypto/x509v3/ext_dat.h\r
+--- crypto/x509v3/ext_dat.h Thu Jun 11 21:50:12 2015\r
++++ crypto/x509v3/ext_dat.h Fri Jun 12 11:11:03 2015\r
+@@ -127,8 +127,10 @@\r
+ &v3_idp,\r
+ &v3_alt[2],\r
+ &v3_freshest_crl,\r
++#ifndef OPENSSL_SYS_UEFI\r
+ &v3_ct_scts[0],\r
+ &v3_ct_scts[1],\r
++#endif\r
+ };\r
+ \r
+ /* Number of standard extensions */\r
+diff U3 crypto/crypto.h crypto/crypto.h\r
+--- crypto/crypto.h Thu Jun 11 21:01:06 2015\r
++++ crypto/crypto.h Fri Jun 12 11:33:27 2015\r
+@@ -235,15 +235,15 @@\r
+ # ifndef OPENSSL_NO_LOCKING\r
+ # ifndef CRYPTO_w_lock\r
+ # define CRYPTO_w_lock(type) \\r
+- CRYPTO_lock(CRYPTO_LOCK|CRYPTO_WRITE,type,__FILE__,__LINE__)\r
++ CRYPTO_lock(CRYPTO_LOCK|CRYPTO_WRITE,type,NULL,0)\r
+ # define CRYPTO_w_unlock(type) \\r
+- CRYPTO_lock(CRYPTO_UNLOCK|CRYPTO_WRITE,type,__FILE__,__LINE__)\r
++ CRYPTO_lock(CRYPTO_UNLOCK|CRYPTO_WRITE,type,NULL,0)\r
+ # define CRYPTO_r_lock(type) \\r
+- CRYPTO_lock(CRYPTO_LOCK|CRYPTO_READ,type,__FILE__,__LINE__)\r
++ CRYPTO_lock(CRYPTO_LOCK|CRYPTO_READ,type,NULL,0)\r
+ # define CRYPTO_r_unlock(type) \\r
+- CRYPTO_lock(CRYPTO_UNLOCK|CRYPTO_READ,type,__FILE__,__LINE__)\r
++ CRYPTO_lock(CRYPTO_UNLOCK|CRYPTO_READ,type,NULL,0)\r
+ # define CRYPTO_add(addr,amount,type) \\r
+- CRYPTO_add_lock(addr,amount,type,__FILE__,__LINE__)\r
++ CRYPTO_add_lock(addr,amount,type,NULL,0)\r
+ # endif\r
+ # else\r
+ # define CRYPTO_w_lock(a)\r
+@@ -378,19 +378,19 @@\r
+ # define MemCheck_off() CRYPTO_mem_ctrl(CRYPTO_MEM_CHECK_DISABLE)\r
+ # define is_MemCheck_on() CRYPTO_is_mem_check_on()\r
+ \r
+-# define OPENSSL_malloc(num) CRYPTO_malloc((int)num,__FILE__,__LINE__)\r
+-# define OPENSSL_strdup(str) CRYPTO_strdup((str),__FILE__,__LINE__)\r
++# define OPENSSL_malloc(num) CRYPTO_malloc((int)num,NULL,0)\r
++# define OPENSSL_strdup(str) CRYPTO_strdup((str),NULL,0)\r
+ # define OPENSSL_realloc(addr,num) \\r
+- CRYPTO_realloc((char *)addr,(int)num,__FILE__,__LINE__)\r
++ CRYPTO_realloc((char *)addr,(int)num,NULL,0)\r
+ # define OPENSSL_realloc_clean(addr,old_num,num) \\r
+- CRYPTO_realloc_clean(addr,old_num,num,__FILE__,__LINE__)\r
++ CRYPTO_realloc_clean(addr,old_num,num,NULL,0)\r
+ # define OPENSSL_remalloc(addr,num) \\r
+- CRYPTO_remalloc((char **)addr,(int)num,__FILE__,__LINE__)\r
++ CRYPTO_remalloc((char **)addr,(int)num,NULL,0)\r
+ # define OPENSSL_freeFunc CRYPTO_free\r
+ # define OPENSSL_free(addr) CRYPTO_free(addr)\r
+ \r
+ # define OPENSSL_malloc_locked(num) \\r
+- CRYPTO_malloc_locked((int)num,__FILE__,__LINE__)\r
++ CRYPTO_malloc_locked((int)num,NULL,0)\r
+ # define OPENSSL_free_locked(addr) CRYPTO_free_locked(addr)\r
+ \r
+ const char *SSLeay_version(int type);\r
+@@ -545,7 +545,7 @@\r
+ long CRYPTO_get_mem_debug_options(void);\r
+ \r
+ # define CRYPTO_push_info(info) \\r
+- CRYPTO_push_info_(info, __FILE__, __LINE__);\r
++ CRYPTO_push_info_(info, NULL, 0);\r
+ int CRYPTO_push_info_(const char *info, const char *file, int line);\r
+ int CRYPTO_pop_info(void);\r
+ int CRYPTO_remove_all_info(void);\r
+@@ -588,7 +588,7 @@\r
+ \r
+ /* die if we have to */\r
+ void OpenSSLDie(const char *file, int line, const char *assertion);\r
+-# define OPENSSL_assert(e) (void)((e) ? 0 : (OpenSSLDie(__FILE__, __LINE__, #e),1))\r
++# define OPENSSL_assert(e) (void)((e) ? 0 : (OpenSSLDie(NULL, 0, #e),1))\r
+ \r
+ unsigned long *OPENSSL_ia32cap_loc(void);\r
+ # define OPENSSL_ia32cap (*(OPENSSL_ia32cap_loc()))\r
+@@ -605,14 +605,14 @@\r
+ # define fips_md_init_ctx(alg, cx) \\r
+ int alg##_Init(cx##_CTX *c) \\r
+ { \\r
+- if (FIPS_mode()) OpenSSLDie(__FILE__, __LINE__, \\r
++ if (FIPS_mode()) OpenSSLDie(NULL, 0, \\r
+ "Low level API call to digest " #alg " forbidden in FIPS mode!"); \\r
+ return private_##alg##_Init(c); \\r
+ } \\r
+ int private_##alg##_Init(cx##_CTX *c)\r
+ \r
+ # define fips_cipher_abort(alg) \\r
+- if (FIPS_mode()) OpenSSLDie(__FILE__, __LINE__, \\r
++ if (FIPS_mode()) OpenSSLDie(NULL, 0, \\r
+ "Low level API call to cipher " #alg " forbidden in FIPS mode!")\r
+ \r
+ # else\r
+diff U3 crypto/opensslconf.h crypto/opensslconf.h\r
+--- crypto/opensslconf.h Thu Jun 11 21:55:38 2015\r
++++ crypto/opensslconf.h Fri Jun 12 10:28:27 2015\r
+@@ -5,15 +5,72 @@\r
+ extern "C" {\r
+ #endif\r
+ /* OpenSSL was configured with the following options: */\r
++#ifndef OPENSSL_SYSNAME_UEFI\r
++# define OPENSSL_SYSNAME_UEFI\r
++#endif\r
+ #ifndef OPENSSL_DOING_MAKEDEPEND\r
+ \r
+ \r
++#ifndef OPENSSL_NO_BF\r
++# define OPENSSL_NO_BF\r
++#endif\r
++#ifndef OPENSSL_NO_CAMELLIA\r
++# define OPENSSL_NO_CAMELLIA\r
++#endif\r
++#ifndef OPENSSL_NO_CAPIENG\r
++# define OPENSSL_NO_CAPIENG\r
++#endif\r
++#ifndef OPENSSL_NO_CAST\r
++# define OPENSSL_NO_CAST\r
++#endif\r
++#ifndef OPENSSL_NO_CMS\r
++# define OPENSSL_NO_CMS\r
++#endif\r
++#ifndef OPENSSL_NO_DEPRECATED\r
++# define OPENSSL_NO_DEPRECATED\r
++#endif\r
++#ifndef OPENSSL_NO_DGRAM\r
++# define OPENSSL_NO_DGRAM\r
++#endif\r
++#ifndef OPENSSL_NO_DSA\r
++# define OPENSSL_NO_DSA\r
++#endif\r
++#ifndef OPENSSL_NO_DYNAMIC_ENGINE\r
++# define OPENSSL_NO_DYNAMIC_ENGINE\r
++#endif\r
++#ifndef OPENSSL_NO_EC\r
++# define OPENSSL_NO_EC\r
++#endif\r
+ #ifndef OPENSSL_NO_EC_NISTP_64_GCC_128\r
+ # define OPENSSL_NO_EC_NISTP_64_GCC_128\r
+ #endif\r
++#ifndef OPENSSL_NO_ECDH\r
++# define OPENSSL_NO_ECDH\r
++#endif\r
++#ifndef OPENSSL_NO_ECDSA\r
++# define OPENSSL_NO_ECDSA\r
++#endif\r
++#ifndef OPENSSL_NO_ENGINE\r
++# define OPENSSL_NO_ENGINE\r
++#endif\r
++#ifndef OPENSSL_NO_ENGINES\r
++# define OPENSSL_NO_ENGINES\r
++#endif\r
++#ifndef OPENSSL_NO_FILENAMES\r
++# define OPENSSL_NO_FILENAMES\r
++#endif\r
++#ifndef OPENSSL_NO_FP_API\r
++# define OPENSSL_NO_FP_API\r
++#endif\r
+ #ifndef OPENSSL_NO_GMP\r
+ # define OPENSSL_NO_GMP\r
+ #endif\r
++#ifndef OPENSSL_NO_GOST\r
++# define OPENSSL_NO_GOST\r
++#endif\r
++#ifndef OPENSSL_NO_IDEA\r
++# define OPENSSL_NO_IDEA\r
++#endif\r
+ #ifndef OPENSSL_NO_JPAKE\r
+ # define OPENSSL_NO_JPAKE\r
+ #endif\r
+@@ -23,30 +80,90 @@\r
+ #ifndef OPENSSL_NO_LIBUNBOUND\r
+ # define OPENSSL_NO_LIBUNBOUND\r
+ #endif\r
++#ifndef OPENSSL_NO_LOCKING\r
++# define OPENSSL_NO_LOCKING\r
++#endif\r
+ #ifndef OPENSSL_NO_MD2\r
+ # define OPENSSL_NO_MD2\r
+ #endif\r
++#ifndef OPENSSL_NO_MDC2\r
++# define OPENSSL_NO_MDC2\r
++#endif\r
++#ifndef OPENSSL_NO_POSIX_IO\r
++# define OPENSSL_NO_POSIX_IO\r
++#endif\r
++#ifndef OPENSSL_NO_RC2\r
++# define OPENSSL_NO_RC2\r
++#endif\r
+ #ifndef OPENSSL_NO_RC5\r
+ # define OPENSSL_NO_RC5\r
+ #endif\r
++#ifndef OPENSSL_NO_RCS\r
++# define OPENSSL_NO_RCS\r
++#endif\r
+ #ifndef OPENSSL_NO_RFC3779\r
+ # define OPENSSL_NO_RFC3779\r
+ #endif\r
++#ifndef OPENSSL_NO_RIPEMD\r
++# define OPENSSL_NO_RIPEMD\r
++#endif\r
++#ifndef OPENSSL_NO_SCRYPT\r
++# define OPENSSL_NO_SCRYPT\r
++#endif\r
++#ifndef OPENSSL_NO_SCT\r
++# define OPENSSL_NO_SCT\r
++#endif\r
+ #ifndef OPENSSL_NO_SCTP\r
+ # define OPENSSL_NO_SCTP\r
+ #endif\r
++#ifndef OPENSSL_NO_SEED\r
++# define OPENSSL_NO_SEED\r
++#endif\r
++#ifndef OPENSSL_NO_SHA0\r
++# define OPENSSL_NO_SHA0\r
++#endif\r
++#ifndef OPENSSL_NO_SOCK\r
++# define OPENSSL_NO_SOCK\r
++#endif\r
++#ifndef OPENSSL_NO_SRP\r
++# define OPENSSL_NO_SRP\r
++#endif\r
+ #ifndef OPENSSL_NO_SSL_TRACE\r
+ # define OPENSSL_NO_SSL_TRACE\r
+ #endif\r
++#ifndef OPENSSL_NO_SSL2\r
++# define OPENSSL_NO_SSL2\r
++#endif\r
++#ifndef OPENSSL_NO_SSL3\r
++# define OPENSSL_NO_SSL3\r
++#endif\r
++#ifndef OPENSSL_NO_STDIO\r
++# define OPENSSL_NO_STDIO\r
++#endif\r
+ #ifndef OPENSSL_NO_STORE\r
+ # define OPENSSL_NO_STORE\r
+ #endif\r
++#ifndef OPENSSL_NO_UI\r
++# define OPENSSL_NO_UI\r
++#endif\r
+ #ifndef OPENSSL_NO_UNIT_TEST\r
+ # define OPENSSL_NO_UNIT_TEST\r
+ #endif\r
++#ifndef OPENSSL_NO_WHIRLPOOL\r
++# define OPENSSL_NO_WHIRLPOOL\r
++#endif\r
+ \r
+ #endif /* OPENSSL_DOING_MAKEDEPEND */\r
+ \r
++#ifndef OPENSSL_NO_ASM\r
++# define OPENSSL_NO_ASM\r
++#endif\r
++#ifndef OPENSSL_NO_ERR\r
++# define OPENSSL_NO_ERR\r
++#endif\r
++#ifndef OPENSSL_NO_HW\r
++# define OPENSSL_NO_HW\r
++#endif\r
+ #ifndef OPENSSL_NO_DYNAMIC_ENGINE\r
+ # define OPENSSL_NO_DYNAMIC_ENGINE\r
+ #endif\r
+@@ -56,12 +173,66 @@\r
+ who haven't had the time to do the appropriate changes in their\r
+ applications. */\r
+ #ifdef OPENSSL_ALGORITHM_DEFINES\r
++# if defined(OPENSSL_NO_BF) && !defined(NO_BF)\r
++# define NO_BF\r
++# endif\r
++# if defined(OPENSSL_NO_CAMELLIA) && !defined(NO_CAMELLIA)\r
++# define NO_CAMELLIA\r
++# endif\r
++# if defined(OPENSSL_NO_CAPIENG) && !defined(NO_CAPIENG)\r
++# define NO_CAPIENG\r
++# endif\r
++# if defined(OPENSSL_NO_CAST) && !defined(NO_CAST)\r
++# define NO_CAST\r
++# endif\r
++# if defined(OPENSSL_NO_CMS) && !defined(NO_CMS)\r
++# define NO_CMS\r
++# endif\r
++# if defined(OPENSSL_NO_DEPRECATED) && !defined(NO_DEPRECATED)\r
++# define NO_DEPRECATED\r
++# endif\r
++# if defined(OPENSSL_NO_DGRAM) && !defined(NO_DGRAM)\r
++# define NO_DGRAM\r
++# endif\r
++# if defined(OPENSSL_NO_DSA) && !defined(NO_DSA)\r
++# define NO_DSA\r
++# endif\r
++# if defined(OPENSSL_NO_DYNAMIC_ENGINE) && !defined(NO_DYNAMIC_ENGINE)\r
++# define NO_DYNAMIC_ENGINE\r
++# endif\r
++# if defined(OPENSSL_NO_EC) && !defined(NO_EC)\r
++# define NO_EC\r
++# endif\r
+ # if defined(OPENSSL_NO_EC_NISTP_64_GCC_128) && !defined(NO_EC_NISTP_64_GCC_128)\r
+ # define NO_EC_NISTP_64_GCC_128\r
+ # endif\r
++# if defined(OPENSSL_NO_ECDH) && !defined(NO_ECDH)\r
++# define NO_ECDH\r
++# endif\r
++# if defined(OPENSSL_NO_ECDSA) && !defined(NO_ECDSA)\r
++# define NO_ECDSA\r
++# endif\r
++# if defined(OPENSSL_NO_ENGINE) && !defined(NO_ENGINE)\r
++# define NO_ENGINE\r
++# endif\r
++# if defined(OPENSSL_NO_ENGINES) && !defined(NO_ENGINES)\r
++# define NO_ENGINES\r
++# endif\r
++# if defined(OPENSSL_NO_FILENAMES) && !defined(NO_FILENAMES)\r
++# define NO_FILENAMES\r
++# endif\r
++# if defined(OPENSSL_NO_FP_API) && !defined(NO_FP_API)\r
++# define NO_FP_API\r
++# endif\r
+ # if defined(OPENSSL_NO_GMP) && !defined(NO_GMP)\r
+ # define NO_GMP\r
+ # endif\r
++# if defined(OPENSSL_NO_GOST) && !defined(NO_GOST)\r
++# define NO_GOST\r
++# endif\r
++# if defined(OPENSSL_NO_IDEA) && !defined(NO_IDEA)\r
++# define NO_IDEA\r
++# endif\r
+ # if defined(OPENSSL_NO_JPAKE) && !defined(NO_JPAKE)\r
+ # define NO_JPAKE\r
+ # endif\r
+@@ -71,27 +242,78 @@\r
+ # if defined(OPENSSL_NO_LIBUNBOUND) && !defined(NO_LIBUNBOUND)\r
+ # define NO_LIBUNBOUND\r
+ # endif\r
++# if defined(OPENSSL_NO_LOCKING) && !defined(NO_LOCKING)\r
++# define NO_LOCKING\r
++# endif\r
+ # if defined(OPENSSL_NO_MD2) && !defined(NO_MD2)\r
+ # define NO_MD2\r
+ # endif\r
++# if defined(OPENSSL_NO_MDC2) && !defined(NO_MDC2)\r
++# define NO_MDC2\r
++# endif\r
++# if defined(OPENSSL_NO_POSIX_IO) && !defined(NO_POSIX_IO)\r
++# define NO_POSIX_IO\r
++# endif\r
++# if defined(OPENSSL_NO_RC2) && !defined(NO_RC2)\r
++# define NO_RC2\r
++# endif\r
+ # if defined(OPENSSL_NO_RC5) && !defined(NO_RC5)\r
+ # define NO_RC5\r
+ # endif\r
++# if defined(OPENSSL_NO_RCS) && !defined(NO_RCS)\r
++# define NO_RCS\r
++# endif\r
+ # if defined(OPENSSL_NO_RFC3779) && !defined(NO_RFC3779)\r
+ # define NO_RFC3779\r
+ # endif\r
++# if defined(OPENSSL_NO_RIPEMD) && !defined(NO_RIPEMD)\r
++# define NO_RIPEMD\r
++# endif\r
++# if defined(OPENSSL_NO_SCRYPT) && !defined(NO_SCRYPT)\r
++# define NO_SCRYPT\r
++# endif\r
++# if defined(OPENSSL_NO_SCT) && !defined(NO_SCT)\r
++# define NO_SCT\r
++# endif\r
+ # if defined(OPENSSL_NO_SCTP) && !defined(NO_SCTP)\r
+ # define NO_SCTP\r
+ # endif\r
++# if defined(OPENSSL_NO_SEED) && !defined(NO_SEED)\r
++# define NO_SEED\r
++# endif\r
++# if defined(OPENSSL_NO_SHA0) && !defined(NO_SHA0)\r
++# define NO_SHA0\r
++# endif\r
++# if defined(OPENSSL_NO_SOCK) && !defined(NO_SOCK)\r
++# define NO_SOCK\r
++# endif\r
++# if defined(OPENSSL_NO_SRP) && !defined(NO_SRP)\r
++# define NO_SRP\r
++# endif\r
+ # if defined(OPENSSL_NO_SSL_TRACE) && !defined(NO_SSL_TRACE)\r
+ # define NO_SSL_TRACE\r
+ # endif\r
++# if defined(OPENSSL_NO_SSL2) && !defined(NO_SSL2)\r
++# define NO_SSL2\r
++# endif\r
++# if defined(OPENSSL_NO_SSL3) && !defined(NO_SSL3)\r
++# define NO_SSL3\r
++# endif\r
++# if defined(OPENSSL_NO_STDIO) && !defined(NO_STDIO)\r
++# define NO_STDIO\r
++# endif\r
+ # if defined(OPENSSL_NO_STORE) && !defined(NO_STORE)\r
+ # define NO_STORE\r
+ # endif\r
++# if defined(OPENSSL_NO_UI) && !defined(NO_UI)\r
++# define NO_UI\r
++# endif\r
+ # if defined(OPENSSL_NO_UNIT_TEST) && !defined(NO_UNIT_TEST)\r
+ # define NO_UNIT_TEST\r
+ # endif\r
++# if defined(OPENSSL_NO_WHIRLPOOL) && !defined(NO_WHIRLPOOL)\r
++# define NO_WHIRLPOOL\r
++# endif\r
+ #endif\r
+ \r
+ /* crypto/opensslconf.h.in */\r
+@@ -152,7 +374,7 @@\r
+ #endif\r
+ #endif\r
+ \r
+-#if defined(HEADER_BN_H) && !defined(CONFIG_HEADER_BN_H)\r
++#if defined(HEADER_BN_H) && !defined(CONFIG_HEADER_BN_H) && !defined(OPENSSL_SYSNAME_UEFI)\r
+ #define CONFIG_HEADER_BN_H\r
+ #undef BN_LLONG\r
+ \r
+diff U3 e_os.h e_os.h\r
+--- e_os.h Thu Jul 09 19:57:16 2015\r
++++ e_os.h Thu Oct 29 16:54:10 2015\r
+@@ -136,7 +136,7 @@\r
+ # define MSDOS\r
+ # endif\r
+ \r
+-# if defined(MSDOS) && !defined(GETPID_IS_MEANINGLESS)\r
++# if (defined(MSDOS) || defined(OPENSSL_SYS_UEFI)) && !defined(GETPID_IS_MEANINGLESS)\r
+ # define GETPID_IS_MEANINGLESS\r
+ # endif\r
+ \r
+diff U3 e_os2.h e_os2.h\r
+--- e_os2.h Thu Jul 09 19:57:16 2015\r
++++ e_os2.h Thu Oct 29 15:08:19 2015\r
+@@ -97,7 +97,14 @@\r
+ * For 32 bit environment, there seems to be the CygWin environment and then\r
+ * all the others that try to do the same thing Microsoft does...\r
+ */\r
+-# if defined(OPENSSL_SYSNAME_UWIN)\r
++/*\r
++ * UEFI lives here because it might be built with a Microsoft toolchain and\r
++ * we need to avoid the false positive match on Windows.\r
++ */\r
++# if defined(OPENSSL_SYSNAME_UEFI)\r
++# undef OPENSSL_SYS_UNIX\r
++# define OPENSSL_SYS_UEFI\r
++# elif defined(OPENSSL_SYSNAME_UWIN)\r
+ # undef OPENSSL_SYS_UNIX\r
+ # define OPENSSL_SYS_WIN32_UWIN\r
+ # else\r
-cd openssl-1.0.2d\r
+cd openssl-1.0.2e\r
copy e_os2.h ..\..\..\Include\openssl\r
copy crypto\crypto.h ..\..\..\Include\openssl\r
copy crypto\opensslv.h ..\..\..\Include\openssl\r
#!/bin/sh
-cd openssl-1.0.2d
+cd openssl-1.0.2e
cp e_os2.h ../../../Include/openssl
cp crypto/crypto.h ../../../Include/openssl
cp crypto/opensslv.h ../../../Include/openssl
MODULE_TYPE = BASE\r
VERSION_STRING = 1.0\r
LIBRARY_CLASS = OpensslLib\r
- DEFINE OPENSSL_PATH = openssl-1.0.2d\r
+ DEFINE OPENSSL_PATH = openssl-1.0.2e\r
DEFINE OPENSSL_FLAGS = -DL_ENDIAN -DOPENSSL_SMALL_FOOTPRINT -D_CRT_SECURE_NO_DEPRECATE -D_CRT_NONSTDC_NO_DEPRECATE\r
\r
#\r
================================================================================\r
OpenSSL-Version\r
================================================================================\r
- Current supported OpenSSL version for UEFI Crypto Library is 1.0.2d.\r
- http://www.openssl.org/source/openssl-1.0.2d.tar.gz\r
+ Current supported OpenSSL version for UEFI Crypto Library is 1.0.2e.\r
+ http://www.openssl.org/source/openssl-1.0.2e.tar.gz\r
\r
\r
================================================================================\r
HOW to Install Openssl for UEFI Building\r
================================================================================\r
-1. Download OpenSSL 1.0.2d from official website:\r
- http://www.openssl.org/source/openssl-1.0.2d.tar.gz\r
+1. Download OpenSSL 1.0.2e from official website:\r
+ http://www.openssl.org/source/openssl-1.0.2e.tar.gz\r
\r
- NOTE: Some web browsers may rename the downloaded TAR file to openssl-1.0.2d.tar.tar.\r
- When you do the download, rename the "openssl-1.0.2d.tar.tar" to\r
- "openssl-1.0.2d.tar.gz" or rename the local downloaded file with ".tar.tar"\r
+ NOTE: Some web browsers may rename the downloaded TAR file to openssl-1.0.2e.tar.tar.\r
+ When you do the download, rename the "openssl-1.0.2e.tar.tar" to\r
+ "openssl-1.0.2e.tar.gz" or rename the local downloaded file with ".tar.tar"\r
extension to ".tar.gz".\r
\r
-2. Extract TAR into CryptoPkg/Library/OpenSslLib/openssl-1.0.2d\r
+2. Extract TAR into CryptoPkg/Library/OpenSslLib/openssl-1.0.2e\r
\r
NOTE: If you use WinZip to unpack the openssl source in Windows, please\r
uncheck the WinZip smart CR/LF conversion option (WINZIP: Options -->\r
Configuration --> Miscellaneous --> "TAR file smart CR/LF conversion").\r
\r
-3. Apply this patch: EDKII_openssl-1.0.2d.patch, and make installation\r
+3. Apply this patch: EDKII_openssl-1.0.2e.patch, and make installation\r
\r
For Windows Environment:\r
------------------------\r
1) Make sure the patch utility has been installed in your machine.\r
Install Cygwin or get the patch utility binary from\r
http://gnuwin32.sourceforge.net/packages/patch.htm\r
- 2) cd $(WORKSPACE)\CryptoPkg\Library\OpensslLib\openssl-1.0.2d\r
- 3) patch -p0 -i ..\EDKII_openssl-1.0.2d.patch\r
+ 2) cd $(WORKSPACE)\CryptoPkg\Library\OpensslLib\openssl-1.0.2e\r
+ 3) patch -p0 -i ..\EDKII_openssl-1.0.2e.patch\r
4) cd ..\r
5) Install.cmd\r
\r
-----------------------\r
1) Make sure the patch utility has been installed in your machine.\r
Patch utility is available from http://directory.fsf.org/project/patch/\r
- 2) cd $(WORKSPACE)/CryptoPkg/Library/OpensslLib/openssl-1.0.2d\r
- 3) patch -p0 -i ../EDKII_openssl-1.0.2d.patch\r
+ 2) cd $(WORKSPACE)/CryptoPkg/Library/OpensslLib/openssl-1.0.2e\r
+ 3) patch -p0 -i ../EDKII_openssl-1.0.2e.patch\r
4) cd ..\r
5) ./Install.sh\r
\r