]> git.proxmox.com Git - mirror_edk2.git/blame - CryptoPkg/Library/OpensslLib/EDKII_openssl-1.0.2f.patch
projects / mirror_edk2.git / blame
? search:
summary | shortlog | log | commit | commitdiff | tree
blob | blame (incremental) | history | HEAD
CryptoPkg/OpensslLib: Switch to upstream fix for OpenSSL RT#3969
[mirror_edk2.git] / CryptoPkg / Library / OpensslLib / EDKII_openssl-1.0.2f.patch
CommitLineData
ca6fa1fe 1diff --git a/Configure b/Configure\r
65213f29 2index 4a715dc..b4a4781 100755\r
ca6fa1fe
QL		 3--- a/Configure\r
4+++ b/Configure\r
65213f29
QL		 5@@ -605,6 +605,9 @@ my %table=(\r
6 # with itself, Applink is never engaged and can as well be omitted.\r
7 "mingw64", "gcc:-mno-cygwin -DL_ENDIAN -O3 -Wall -DWIN32_LEAN_AND_MEAN -DUNICODE -D_UNICODE::-D_MT:MINGW64:-lws2_32 -lgdi32 -lcrypt32:SIXTY_FOUR_BIT RC4_CHUNK_LL DES_INT EXPORT_VAR_AS_FN:${x86_64_asm}:mingw64:win32:cygwin-shared:-D_WINDLL:-mno-cygwin:.dll.a",\r
8 \r
9+# UEFI\r
10+"UEFI", "cc:-DL_ENDIAN -O:::UEFI::::",\r
11+\r
12 # UWIN \r
13 "UWIN", "cc:-DTERMIOS -DL_ENDIAN -O -Wall:::UWIN::BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${no_asm}:win32",\r
14 \r
15@@ -1082,7 +1085,7 @@ if (defined($disabled{"tls1"}))\r
ca6fa1fe
QL		 16 }\r
17 \r
18 if (defined($disabled{"ec"}) || defined($disabled{"dsa"})\r
19- || defined($disabled{"dh"}))\r
20+ || defined($disabled{"dh"}) || defined($disabled{"stdio"}))\r
21 {\r
22 $disabled{"gost"} = "forced";\r
23 }\r
e94546e7
QL		 24diff --git a/apps/apps.c b/apps/apps.c\r
25index 2e77805..e21e759 100644\r
26--- a/apps/apps.c\r
27+++ b/apps/apps.c\r
28@@ -2374,6 +2374,8 @@ int args_verify(char ***pargs, int *pargc,\r
29 flags |= X509_V_FLAG_PARTIAL_CHAIN;\r
30 else if (!strcmp(arg, "-no_alt_chains"))\r
31 flags |= X509_V_FLAG_NO_ALT_CHAINS;\r
32+ else if (!strcmp(arg, "-no_check_time"))\r
33+ flags |= X509_V_FLAG_NO_CHECK_TIME;\r
34 else\r
35 return 0;\r
36 \r
ca6fa1fe
QL		 37diff --git a/crypto/asn1/a_strex.c b/crypto/asn1/a_strex.c\r
38index 35fd44c..9f39bff 100644\r
39--- a/crypto/asn1/a_strex.c\r
40+++ b/crypto/asn1/a_strex.c\r
41@@ -104,6 +104,7 @@ static int send_bio_chars(void *arg, const void *buf, int len)\r
42 return 1;\r
43 }\r
44 \r
45+#ifndef OPENSSL_NO_FP_API\r
46 static int send_fp_chars(void *arg, const void *buf, int len)\r
47 {\r
48 if (!arg)\r
49@@ -112,6 +113,7 @@ static int send_fp_chars(void *arg, const void *buf, int len)\r
50 return 0;\r
51 return 1;\r
52 }\r
53+#endif\r
54 \r
55 typedef int char_io (void *arg, const void *buf, int len);\r
56 \r
e578aa19
QL		 57diff --git a/crypto/asn1/asn1_mac.h b/crypto/asn1/asn1_mac.h\r
58index abc6dc3..3a672e9 100644\r
59--- a/crypto/asn1/asn1_mac.h\r
60+++ b/crypto/asn1/asn1_mac.h\r
61@@ -70,7 +70,7 @@ extern "C" {\r
62 # endif\r
63 \r
64 # define ASN1_MAC_H_err(f,r,line) \\r
65- ERR_PUT_error(ASN1_MAC_ERR_LIB,(f),(r),__FILE__,(line))\r
66+ ERR_PUT_error(ASN1_MAC_ERR_LIB,(f),(r),OPENSSL_FILE,(line))\r
67 \r
68 # define M_ASN1_D2I_vars(a,type,func) \\r
69 ASN1_const_CTX c; \\r
70@@ -81,7 +81,7 @@ extern "C" {\r
71 c.error=ERR_R_NESTED_ASN1_ERROR; \\r
72 if ((a == NULL) || ((*a) == NULL)) \\r
73 { if ((ret=(type)func()) == NULL) \\r
74- { c.line=__LINE__; goto err; } } \\r
75+ { c.line=OPENSSL_LINE; goto err; } } \\r
76 else ret=(*a);\r
77 \r
78 # define M_ASN1_D2I_Init() \\r
79@@ -90,7 +90,7 @@ extern "C" {\r
80 \r
81 # define M_ASN1_D2I_Finish_2(a) \\r
82 if (!asn1_const_Finish(&c)) \\r
83- { c.line=__LINE__; goto err; } \\r
84+ { c.line=OPENSSL_LINE; goto err; } \\r
85 *(const unsigned char **)pp=c.p; \\r
86 if (a != NULL) (*a)=ret; \\r
87 return(ret);\r
88@@ -105,7 +105,7 @@ err:\\r
89 \r
90 # define M_ASN1_D2I_start_sequence() \\r
91 if (!asn1_GetSequence(&c,&length)) \\r
92- { c.line=__LINE__; goto err; }\r
93+ { c.line=OPENSSL_LINE; goto err; }\r
94 /* Begin reading ASN1 without a surrounding sequence */\r
95 # define M_ASN1_D2I_begin() \\r
96 c.slen = length;\r
97@@ -129,21 +129,21 @@ err:\\r
98 # define M_ASN1_D2I_get(b, func) \\r
99 c.q=c.p; \\r
100 if (func(&(b),&c.p,c.slen) == NULL) \\r
101- {c.line=__LINE__; goto err; } \\r
102+ {c.line=OPENSSL_LINE; goto err; } \\r
103 c.slen-=(c.p-c.q);\r
104 \r
105 /* Don't use this with d2i_ASN1_BOOLEAN() */\r
106 # define M_ASN1_D2I_get_x(type,b,func) \\r
107 c.q=c.p; \\r
108 if (((D2I_OF(type))func)(&(b),&c.p,c.slen) == NULL) \\r
109- {c.line=__LINE__; goto err; } \\r
110+ {c.line=OPENSSL_LINE; goto err; } \\r
111 c.slen-=(c.p-c.q);\r
112 \r
113 /* use this instead () */\r
114 # define M_ASN1_D2I_get_int(b,func) \\r
115 c.q=c.p; \\r
116 if (func(&(b),&c.p,c.slen) < 0) \\r
117- {c.line=__LINE__; goto err; } \\r
118+ {c.line=OPENSSL_LINE; goto err; } \\r
119 c.slen-=(c.p-c.q);\r
120 \r
121 # define M_ASN1_D2I_get_opt(b,func,type) \\r
122@@ -164,7 +164,7 @@ err:\\r
123 M_ASN1_next=(_tmp& V_ASN1_CONSTRUCTED)|type; \\r
124 c.q=c.p; \\r
125 if (func(&(b),&c.p,c.slen) == NULL) \\r
126- {c.line=__LINE__; M_ASN1_next_prev = _tmp; goto err; } \\r
127+ {c.line=OPENSSL_LINE; M_ASN1_next_prev = _tmp; goto err; } \\r
128 c.slen-=(c.p-c.q);\\r
129 M_ASN1_next_prev=_tmp;\r
130 \r
131@@ -258,20 +258,20 @@ err:\\r
132 c.q=c.p; \\r
133 if (d2i_ASN1_SET(&(r),&c.p,c.slen,(char *(*)())func,\\r
134 (void (*)())free_func,a,b) == NULL) \\r
135- { c.line=__LINE__; goto err; } \\r
136+ { c.line=OPENSSL_LINE; goto err; } \\r
137 c.slen-=(c.p-c.q);\r
138 \r
139 # define M_ASN1_D2I_get_imp_set_type(type,r,func,free_func,a,b) \\r
140 c.q=c.p; \\r
141 if (d2i_ASN1_SET_OF_##type(&(r),&c.p,c.slen,func,\\r
142 free_func,a,b) == NULL) \\r
143- { c.line=__LINE__; goto err; } \\r
144+ { c.line=OPENSSL_LINE; goto err; } \\r
145 c.slen-=(c.p-c.q);\r
146 \r
147 # define M_ASN1_D2I_get_set_strings(r,func,a,b) \\r
148 c.q=c.p; \\r
149 if (d2i_ASN1_STRING_SET(&(r),&c.p,c.slen,a,b) == NULL) \\r
150- { c.line=__LINE__; goto err; } \\r
151+ { c.line=OPENSSL_LINE; goto err; } \\r
152 c.slen-=(c.p-c.q);\r
153 \r
154 # define M_ASN1_D2I_get_EXP_opt(r,func,tag) \\r
155@@ -285,16 +285,16 @@ err:\\r
156 Tinf=ASN1_get_object(&c.p,&Tlen,&Ttag,&Tclass,c.slen); \\r
157 if (Tinf & 0x80) \\r
158 { c.error=ERR_R_BAD_ASN1_OBJECT_HEADER; \\r
159- c.line=__LINE__; goto err; } \\r
160+ c.line=OPENSSL_LINE; goto err; } \\r
161 if (Tinf == (V_ASN1_CONSTRUCTED+1)) \\r
162 Tlen = c.slen - (c.p - c.q) - 2; \\r
163 if (func(&(r),&c.p,Tlen) == NULL) \\r
164- { c.line=__LINE__; goto err; } \\r
165+ { c.line=OPENSSL_LINE; goto err; } \\r
166 if (Tinf == (V_ASN1_CONSTRUCTED+1)) { \\r
167 Tlen = c.slen - (c.p - c.q); \\r
168 if(!ASN1_const_check_infinite_end(&c.p, Tlen)) \\r
169 { c.error=ERR_R_MISSING_ASN1_EOS; \\r
170- c.line=__LINE__; goto err; } \\r
171+ c.line=OPENSSL_LINE; goto err; } \\r
172 }\\r
173 c.slen-=(c.p-c.q); \\r
174 }\r
175@@ -310,18 +310,18 @@ err:\\r
176 Tinf=ASN1_get_object(&c.p,&Tlen,&Ttag,&Tclass,c.slen); \\r
177 if (Tinf & 0x80) \\r
178 { c.error=ERR_R_BAD_ASN1_OBJECT_HEADER; \\r
179- c.line=__LINE__; goto err; } \\r
180+ c.line=OPENSSL_LINE; goto err; } \\r
181 if (Tinf == (V_ASN1_CONSTRUCTED+1)) \\r
182 Tlen = c.slen - (c.p - c.q) - 2; \\r
183 if (d2i_ASN1_SET(&(r),&c.p,Tlen,(char *(*)())func, \\r
184 (void (*)())free_func, \\r
185 b,V_ASN1_UNIVERSAL) == NULL) \\r
186- { c.line=__LINE__; goto err; } \\r
187+ { c.line=OPENSSL_LINE; goto err; } \\r
188 if (Tinf == (V_ASN1_CONSTRUCTED+1)) { \\r
189 Tlen = c.slen - (c.p - c.q); \\r
190 if(!ASN1_check_infinite_end(&c.p, Tlen)) \\r
191 { c.error=ERR_R_MISSING_ASN1_EOS; \\r
192- c.line=__LINE__; goto err; } \\r
193+ c.line=OPENSSL_LINE; goto err; } \\r
194 }\\r
195 c.slen-=(c.p-c.q); \\r
196 }\r
197@@ -337,17 +337,17 @@ err:\\r
198 Tinf=ASN1_get_object(&c.p,&Tlen,&Ttag,&Tclass,c.slen); \\r
199 if (Tinf & 0x80) \\r
200 { c.error=ERR_R_BAD_ASN1_OBJECT_HEADER; \\r
201- c.line=__LINE__; goto err; } \\r
202+ c.line=OPENSSL_LINE; goto err; } \\r
203 if (Tinf == (V_ASN1_CONSTRUCTED+1)) \\r
204 Tlen = c.slen - (c.p - c.q) - 2; \\r
205 if (d2i_ASN1_SET_OF_##type(&(r),&c.p,Tlen,func, \\r
206 free_func,b,V_ASN1_UNIVERSAL) == NULL) \\r
207- { c.line=__LINE__; goto err; } \\r
208+ { c.line=OPENSSL_LINE; goto err; } \\r
209 if (Tinf == (V_ASN1_CONSTRUCTED+1)) { \\r
210 Tlen = c.slen - (c.p - c.q); \\r
211 if(!ASN1_check_infinite_end(&c.p, Tlen)) \\r
212 { c.error=ERR_R_MISSING_ASN1_EOS; \\r
213- c.line=__LINE__; goto err; } \\r
214+ c.line=OPENSSL_LINE; goto err; } \\r
215 }\\r
216 c.slen-=(c.p-c.q); \\r
217 }\r
218@@ -355,7 +355,7 @@ err:\\r
219 /* New macros */\r
220 # define M_ASN1_New_Malloc(ret,type) \\r
221 if ((ret=(type *)OPENSSL_malloc(sizeof(type))) == NULL) \\r
222- { c.line=__LINE__; goto err2; }\r
223+ { c.line=OPENSSL_LINE; goto err2; }\r
224 \r
225 # define M_ASN1_New(arg,func) \\r
226 if (((arg)=func()) == NULL) return(NULL)\r
b9dbddd8
QL		 227diff --git a/crypto/bn/bn_prime.c b/crypto/bn/bn_prime.c\r
228index 1d25687..e933ead 100644\r
229--- a/crypto/bn/bn_prime.c\r
230+++ b/crypto/bn/bn_prime.c\r
231@@ -131,7 +131,7 @@\r
232 static int witness(BIGNUM *w, const BIGNUM *a, const BIGNUM *a1,\r
233 const BIGNUM *a1_odd, int k, BN_CTX *ctx,\r
234 BN_MONT_CTX *mont);\r
235-static int probable_prime(BIGNUM *rnd, int bits);\r
236+static int probable_prime(BIGNUM *rnd, int bits, prime_t *mods);\r
237 static int probable_prime_dh(BIGNUM *rnd, int bits,\r
238 const BIGNUM *add, const BIGNUM *rem,\r
239 BN_CTX *ctx);\r
240@@ -166,9 +166,13 @@ int BN_generate_prime_ex(BIGNUM *ret, int bits, int safe,\r
241 BIGNUM *t;\r
242 int found = 0;\r
243 int i, j, c1 = 0;\r
244- BN_CTX *ctx;\r
245+ BN_CTX *ctx = NULL;\r
246+ prime_t *mods = NULL;\r
247 int checks = BN_prime_checks_for_size(bits);\r
248 \r
249+ mods = OPENSSL_malloc(sizeof(*mods) * NUMPRIMES);\r
250+ if (mods == NULL)\r
251+ goto err;\r
252 ctx = BN_CTX_new();\r
253 if (ctx == NULL)\r
254 goto err;\r
255@@ -179,7 +183,7 @@ int BN_generate_prime_ex(BIGNUM *ret, int bits, int safe,\r
256 loop:\r
257 /* make a random number and set the top and bottom bits */\r
258 if (add == NULL) {\r
259- if (!probable_prime(ret, bits))\r
260+ if (!probable_prime(ret, bits, mods))\r
261 goto err;\r
262 } else {\r
263 if (safe) {\r
264@@ -230,6 +234,7 @@ int BN_generate_prime_ex(BIGNUM *ret, int bits, int safe,\r
265 /* we have a prime :-) */\r
266 found = 1;\r
267 err:\r
268+ OPENSSL_free(mods);\r
269 if (ctx != NULL) {\r
270 BN_CTX_end(ctx);\r
271 BN_CTX_free(ctx);\r
272@@ -375,10 +380,9 @@ static int witness(BIGNUM *w, const BIGNUM *a, const BIGNUM *a1,\r
273 return 1;\r
274 }\r
275 \r
276-static int probable_prime(BIGNUM *rnd, int bits)\r
277+static int probable_prime(BIGNUM *rnd, int bits, prime_t *mods)\r
278 {\r
279 int i;\r
280- prime_t mods[NUMPRIMES];\r
281 BN_ULONG delta, maxdelta;\r
282 \r
283 again:\r
ca6fa1fe
QL		 284diff --git a/crypto/conf/conf.h b/crypto/conf/conf.h\r
285index 8d926d5..41cf38e 100644\r
286--- a/crypto/conf/conf.h\r
287+++ b/crypto/conf/conf.h\r
288@@ -118,8 +118,10 @@ typedef void conf_finish_func (CONF_IMODULE *md);\r
289 \r
290 int CONF_set_default_method(CONF_METHOD *meth);\r
291 void CONF_set_nconf(CONF *conf, LHASH_OF(CONF_VALUE) *hash);\r
292+# ifndef OPENSSL_NO_STDIO\r
293 LHASH_OF(CONF_VALUE) *CONF_load(LHASH_OF(CONF_VALUE) *conf, const char *file,\r
294 long *eline);\r
295+# endif\r
296 # ifndef OPENSSL_NO_FP_API\r
297 LHASH_OF(CONF_VALUE) *CONF_load_fp(LHASH_OF(CONF_VALUE) *conf, FILE *fp,\r
298 long *eline);\r
299@@ -133,7 +135,9 @@ char *CONF_get_string(LHASH_OF(CONF_VALUE) *conf, const char *group,\r
300 long CONF_get_number(LHASH_OF(CONF_VALUE) *conf, const char *group,\r
301 const char *name);\r
302 void CONF_free(LHASH_OF(CONF_VALUE) *conf);\r
303+#ifndef OPENSSL_NO_FP_API\r
304 int CONF_dump_fp(LHASH_OF(CONF_VALUE) *conf, FILE *out);\r
305+#endif\r
306 int CONF_dump_bio(LHASH_OF(CONF_VALUE) *conf, BIO *out);\r
307 \r
308 void OPENSSL_config(const char *config_name);\r
309@@ -160,7 +164,9 @@ CONF_METHOD *NCONF_XML(void);\r
310 void NCONF_free(CONF *conf);\r
311 void NCONF_free_data(CONF *conf);\r
312 \r
313+# ifndef OPENSSL_NO_STDIO\r
314 int NCONF_load(CONF *conf, const char *file, long *eline);\r
315+# endif\r
316 # ifndef OPENSSL_NO_FP_API\r
317 int NCONF_load_fp(CONF *conf, FILE *fp, long *eline);\r
f93f78ea 318 # endif\r
ca6fa1fe
QL		 319@@ -170,7 +176,9 @@ STACK_OF(CONF_VALUE) *NCONF_get_section(const CONF *conf,\r
320 char *NCONF_get_string(const CONF *conf, const char *group, const char *name);\r
321 int NCONF_get_number_e(const CONF *conf, const char *group, const char *name,\r
322 long *result);\r
323+#ifndef OPENSSL_NO_FP_API\r
324 int NCONF_dump_fp(const CONF *conf, FILE *out);\r
325+#endif\r
326 int NCONF_dump_bio(const CONF *conf, BIO *out);\r
327 \r
328 # if 0 /* The following function has no error\r
329@@ -184,8 +192,10 @@ long NCONF_get_number(CONF *conf, char *group, char *name);\r
330 \r
331 int CONF_modules_load(const CONF *cnf, const char *appname,\r
332 unsigned long flags);\r
333+#ifndef OPENSSL_NO_STDIO\r
334 int CONF_modules_load_file(const char *filename, const char *appname,\r
335 unsigned long flags);\r
336+#endif\r
337 void CONF_modules_unload(int all);\r
338 void CONF_modules_finish(void);\r
339 void CONF_modules_free(void);\r
340diff --git a/crypto/conf/conf_def.c b/crypto/conf/conf_def.c\r
341index 68c77ce..3d308c7 100644\r
342--- a/crypto/conf/conf_def.c\r
343+++ b/crypto/conf/conf_def.c\r
344@@ -182,6 +182,10 @@ static int def_destroy_data(CONF *conf)\r
345 \r
346 static int def_load(CONF *conf, const char *name, long *line)\r
347 {\r
348+#ifdef OPENSSL_NO_STDIO\r
349+ CONFerr(CONF_F_DEF_LOAD, ERR_R_SYS_LIB);\r
350+ return 0;\r
351+#else\r
352 int ret;\r
353 BIO *in = NULL;\r
354 \r
355@@ -202,6 +206,7 @@ static int def_load(CONF *conf, const char *name, long *line)\r
356 BIO_free(in);\r
357 \r
358 return ret;\r
359+#endif\r
f93f78ea
QL		 360 }\r
361 \r
ca6fa1fe
QL		 362 static int def_load_bio(CONF *conf, BIO *in, long *line)\r
363diff --git a/crypto/conf/conf_lib.c b/crypto/conf/conf_lib.c\r
364index 5281384..952b545 100644\r
365--- a/crypto/conf/conf_lib.c\r
366+++ b/crypto/conf/conf_lib.c\r
367@@ -90,6 +90,7 @@ int CONF_set_default_method(CONF_METHOD *meth)\r
368 return 1;\r
369 }\r
370 \r
371+#ifndef OPENSSL_NO_STDIO\r
372 LHASH_OF(CONF_VALUE) *CONF_load(LHASH_OF(CONF_VALUE) *conf, const char *file,\r
373 long *eline)\r
374 {\r
375@@ -111,6 +112,7 @@ LHASH_OF(CONF_VALUE) *CONF_load(LHASH_OF(CONF_VALUE) *conf, const char *file,\r
376 \r
377 return ltmp;\r
378 }\r
379+#endif\r
380 \r
381 #ifndef OPENSSL_NO_FP_API\r
382 LHASH_OF(CONF_VALUE) *CONF_load_fp(LHASH_OF(CONF_VALUE) *conf, FILE *fp,\r
383@@ -255,6 +257,7 @@ void NCONF_free_data(CONF *conf)\r
384 conf->meth->destroy_data(conf);\r
385 }\r
386 \r
387+#ifndef OPENSSL_NO_STDIO\r
388 int NCONF_load(CONF *conf, const char *file, long *eline)\r
389 {\r
390 if (conf == NULL) {\r
391@@ -264,6 +267,7 @@ int NCONF_load(CONF *conf, const char *file, long *eline)\r
392 \r
393 return conf->meth->load(conf, file, eline);\r
394 }\r
395+#endif\r
396 \r
397 #ifndef OPENSSL_NO_FP_API\r
398 int NCONF_load_fp(CONF *conf, FILE *fp, long *eline)\r
399diff --git a/crypto/conf/conf_mod.c b/crypto/conf/conf_mod.c\r
400index 9acfca4..5e0a482 100644\r
401--- a/crypto/conf/conf_mod.c\r
402+++ b/crypto/conf/conf_mod.c\r
403@@ -159,6 +159,7 @@ int CONF_modules_load(const CONF *cnf, const char *appname,\r
f93f78ea 404 \r
ca6fa1fe
QL		 405 }\r
406 \r
407+#ifndef OPENSSL_NO_STDIO\r
408 int CONF_modules_load_file(const char *filename, const char *appname,\r
409 unsigned long flags)\r
410 {\r
411@@ -194,6 +195,7 @@ int CONF_modules_load_file(const char *filename, const char *appname,\r
412 \r
413 return ret;\r
414 }\r
415+#endif\r
416 \r
417 static int module_run(const CONF *cnf, char *name, char *value,\r
418 unsigned long flags)\r
419diff --git a/crypto/conf/conf_sap.c b/crypto/conf/conf_sap.c\r
420index c042cf2..a25b636 100644\r
421--- a/crypto/conf/conf_sap.c\r
422+++ b/crypto/conf/conf_sap.c\r
423@@ -87,9 +87,11 @@ void OPENSSL_config(const char *config_name)\r
424 ENGINE_load_builtin_engines();\r
425 #endif\r
426 ERR_clear_error();\r
427+#ifndef OPENSSL_NO_STDIO\r
428 CONF_modules_load_file(NULL, config_name,\r
429 CONF_MFLAGS_DEFAULT_SECTION |\r
430 CONF_MFLAGS_IGNORE_MISSING_FILE);\r
431+#endif\r
432 openssl_configured = 1;\r
433 }\r
434 \r
435diff --git a/crypto/cryptlib.c b/crypto/cryptlib.c\r
e578aa19 436index c9f674b..39ead7f 100644\r
ca6fa1fe
QL		 437--- a/crypto/cryptlib.c\r
438+++ b/crypto/cryptlib.c\r
e578aa19
QL		 439@@ -263,7 +263,7 @@ int CRYPTO_get_new_dynlockid(void)\r
440 return (0);\r
441 }\r
442 pointer->references = 1;\r
443- pointer->data = dynlock_create_callback(__FILE__, __LINE__);\r
444+ pointer->data = dynlock_create_callback(OPENSSL_FILE, OPENSSL_LINE);\r
445 if (pointer->data == NULL) {\r
446 OPENSSL_free(pointer);\r
447 CRYPTOerr(CRYPTO_F_CRYPTO_GET_NEW_DYNLOCKID, ERR_R_MALLOC_FAILURE);\r
448@@ -289,7 +289,7 @@ int CRYPTO_get_new_dynlockid(void)\r
449 CRYPTO_w_unlock(CRYPTO_LOCK_DYNLOCK);\r
450 \r
451 if (i == -1) {\r
452- dynlock_destroy_callback(pointer->data, __FILE__, __LINE__);\r
453+ dynlock_destroy_callback(pointer->data, OPENSSL_FILE, OPENSSL_LINE);\r
454 OPENSSL_free(pointer);\r
455 } else\r
456 i += 1; /* to avoid 0 */\r
457@@ -328,7 +328,7 @@ void CRYPTO_destroy_dynlockid(int i)\r
458 CRYPTO_w_unlock(CRYPTO_LOCK_DYNLOCK);\r
459 \r
460 if (pointer) {\r
461- dynlock_destroy_callback(pointer->data, __FILE__, __LINE__);\r
462+ dynlock_destroy_callback(pointer->data, OPENSSL_FILE, OPENSSL_LINE);\r
463 OPENSSL_free(pointer);\r
464 }\r
465 }\r
ca6fa1fe
QL		 466@@ -670,6 +670,7 @@ unsigned long *OPENSSL_ia32cap_loc(void)\r
467 }\r
468 \r
469 # if defined(OPENSSL_CPUID_OBJ) && !defined(OPENSSL_NO_ASM) && !defined(I386_ONLY)\r
470+#include <stdio.h>\r
471 # define OPENSSL_CPUID_SETUP\r
472 # if defined(_WIN32)\r
473 typedef unsigned __int64 IA32CAP;\r
474@@ -980,11 +981,13 @@ void OPENSSL_showfatal(const char *fmta, ...)\r
475 #else\r
476 void OPENSSL_showfatal(const char *fmta, ...)\r
477 {\r
478+#ifndef OPENSSL_NO_STDIO\r
479 va_list ap;\r
480 \r
481 va_start(ap, fmta);\r
482 vfprintf(stderr, fmta, ap);\r
483 va_end(ap);\r
484+#endif\r
485 }\r
486 \r
487 int OPENSSL_isservice(void)\r
488@@ -1011,10 +1014,12 @@ void OpenSSLDie(const char *file, int line, const char *assertion)\r
489 #endif\r
490 }\r
491 \r
492+#ifndef OPENSSL_NO_STDIO\r
493 void *OPENSSL_stderr(void)\r
494 {\r
495 return stderr;\r
496 }\r
497+#endif\r
498 \r
499 int CRYPTO_memcmp(const void *in_a, const void *in_b, size_t len)\r
500 {\r
501diff --git a/crypto/cryptlib.h b/crypto/cryptlib.h\r
502index fba180a..3e3ea5e 100644\r
503--- a/crypto/cryptlib.h\r
504+++ b/crypto/cryptlib.h\r
505@@ -101,7 +101,9 @@ extern "C" {\r
506 void OPENSSL_cpuid_setup(void);\r
507 extern unsigned int OPENSSL_ia32cap_P[];\r
508 void OPENSSL_showfatal(const char *fmta, ...);\r
509+#ifndef OPENSSL_NO_STDIO\r
510 void *OPENSSL_stderr(void);\r
511+#endif\r
512 extern int OPENSSL_NONPIC_relocated;\r
513 \r
514 #ifdef __cplusplus\r
3f73ccb3 515diff --git a/crypto/crypto.h b/crypto/crypto.h\r
e578aa19 516index c450d7a..063d78e 100644\r
3f73ccb3
QL		 517--- a/crypto/crypto.h\r
518+++ b/crypto/crypto.h\r
519@@ -235,15 +235,15 @@ typedef struct openssl_item_st {\r
520 # ifndef OPENSSL_NO_LOCKING\r
521 # ifndef CRYPTO_w_lock\r
522 # define CRYPTO_w_lock(type) \\r
523- CRYPTO_lock(CRYPTO_LOCK|CRYPTO_WRITE,type,__FILE__,__LINE__)\r
e578aa19 524+ CRYPTO_lock(CRYPTO_LOCK|CRYPTO_WRITE,type,OPENSSL_FILE,OPENSSL_LINE)\r
3f73ccb3
QL		 525 # define CRYPTO_w_unlock(type) \\r
526- CRYPTO_lock(CRYPTO_UNLOCK|CRYPTO_WRITE,type,__FILE__,__LINE__)\r
e578aa19 527+ CRYPTO_lock(CRYPTO_UNLOCK|CRYPTO_WRITE,type,OPENSSL_FILE,OPENSSL_LINE)\r
3f73ccb3
QL		 528 # define CRYPTO_r_lock(type) \\r
529- CRYPTO_lock(CRYPTO_LOCK|CRYPTO_READ,type,__FILE__,__LINE__)\r
e578aa19 530+ CRYPTO_lock(CRYPTO_LOCK|CRYPTO_READ,type,OPENSSL_FILE,OPENSSL_LINE)\r
3f73ccb3
QL		 531 # define CRYPTO_r_unlock(type) \\r
532- CRYPTO_lock(CRYPTO_UNLOCK|CRYPTO_READ,type,__FILE__,__LINE__)\r
e578aa19 533+ CRYPTO_lock(CRYPTO_UNLOCK|CRYPTO_READ,type,OPENSSL_FILE,OPENSSL_LINE)\r
3f73ccb3
QL		 534 # define CRYPTO_add(addr,amount,type) \\r
535- CRYPTO_add_lock(addr,amount,type,__FILE__,__LINE__)\r
e578aa19 536+ CRYPTO_add_lock(addr,amount,type,OPENSSL_FILE,OPENSSL_LINE)\r
3f73ccb3
QL		 537 # endif\r
538 # else\r
539 # define CRYPTO_w_lock(a)\r
540@@ -378,19 +378,19 @@ int CRYPTO_is_mem_check_on(void);\r
541 # define MemCheck_off() CRYPTO_mem_ctrl(CRYPTO_MEM_CHECK_DISABLE)\r
542 # define is_MemCheck_on() CRYPTO_is_mem_check_on()\r
543 \r
544-# define OPENSSL_malloc(num) CRYPTO_malloc((int)num,__FILE__,__LINE__)\r
545-# define OPENSSL_strdup(str) CRYPTO_strdup((str),__FILE__,__LINE__)\r
e578aa19
QL		 546+# define OPENSSL_malloc(num) CRYPTO_malloc((int)num,OPENSSL_FILE,OPENSSL_LINE)\r
547+# define OPENSSL_strdup(str) CRYPTO_strdup((str),OPENSSL_FILE,OPENSSL_LINE)\r
3f73ccb3
QL		 548 # define OPENSSL_realloc(addr,num) \\r
549- CRYPTO_realloc((char *)addr,(int)num,__FILE__,__LINE__)\r
e578aa19 550+ CRYPTO_realloc((char *)addr,(int)num,OPENSSL_FILE,OPENSSL_LINE)\r
3f73ccb3
QL		 551 # define OPENSSL_realloc_clean(addr,old_num,num) \\r
552- CRYPTO_realloc_clean(addr,old_num,num,__FILE__,__LINE__)\r
e578aa19 553+ CRYPTO_realloc_clean(addr,old_num,num,OPENSSL_FILE,OPENSSL_LINE)\r
3f73ccb3
QL		 554 # define OPENSSL_remalloc(addr,num) \\r
555- CRYPTO_remalloc((char **)addr,(int)num,__FILE__,__LINE__)\r
e578aa19 556+ CRYPTO_remalloc((char **)addr,(int)num,OPENSSL_FILE,OPENSSL_LINE)\r
3f73ccb3
QL		 557 # define OPENSSL_freeFunc CRYPTO_free\r
558 # define OPENSSL_free(addr) CRYPTO_free(addr)\r
559 \r
560 # define OPENSSL_malloc_locked(num) \\r
561- CRYPTO_malloc_locked((int)num,__FILE__,__LINE__)\r
e578aa19 562+ CRYPTO_malloc_locked((int)num,OPENSSL_FILE,OPENSSL_LINE)\r
3f73ccb3
QL		 563 # define OPENSSL_free_locked(addr) CRYPTO_free_locked(addr)\r
564 \r
565 const char *SSLeay_version(int type);\r
566@@ -545,7 +545,7 @@ void CRYPTO_set_mem_debug_options(long bits);\r
567 long CRYPTO_get_mem_debug_options(void);\r
568 \r
569 # define CRYPTO_push_info(info) \\r
570- CRYPTO_push_info_(info, __FILE__, __LINE__);\r
e578aa19 571+ CRYPTO_push_info_(info, OPENSSL_FILE, OPENSSL_LINE);\r
3f73ccb3
QL		 572 int CRYPTO_push_info_(const char *info, const char *file, int line);\r
573 int CRYPTO_pop_info(void);\r
574 int CRYPTO_remove_all_info(void);\r
575@@ -588,7 +588,7 @@ void CRYPTO_mem_leaks_cb(CRYPTO_MEM_LEAK_CB *cb);\r
576 \r
577 /* die if we have to */\r
578 void OpenSSLDie(const char *file, int line, const char *assertion);\r
579-# define OPENSSL_assert(e) (void)((e) ? 0 : (OpenSSLDie(__FILE__, __LINE__, #e),1))\r
e578aa19 580+# define OPENSSL_assert(e) (void)((e) ? 0 : (OpenSSLDie(OPENSSL_FILE, OPENSSL_LINE, #e),1))\r
3f73ccb3
QL		 581 \r
582 unsigned long *OPENSSL_ia32cap_loc(void);\r
583 # define OPENSSL_ia32cap (*(OPENSSL_ia32cap_loc()))\r
584@@ -605,14 +605,14 @@ void OPENSSL_init(void);\r
585 # define fips_md_init_ctx(alg, cx) \\r
586 int alg##_Init(cx##_CTX *c) \\r
587 { \\r
588- if (FIPS_mode()) OpenSSLDie(__FILE__, __LINE__, \\r
e578aa19 589+ if (FIPS_mode()) OpenSSLDie(OPENSSL_FILE, OPENSSL_LINE, \\r
3f73ccb3
QL		 590 "Low level API call to digest " #alg " forbidden in FIPS mode!"); \\r
591 return private_##alg##_Init(c); \\r
592 } \\r
593 int private_##alg##_Init(cx##_CTX *c)\r
594 \r
595 # define fips_cipher_abort(alg) \\r
596- if (FIPS_mode()) OpenSSLDie(__FILE__, __LINE__, \\r
e578aa19 597+ if (FIPS_mode()) OpenSSLDie(OPENSSL_FILE, OPENSSL_LINE, \\r
3f73ccb3
QL		 598 "Low level API call to cipher " #alg " forbidden in FIPS mode!")\r
599 \r
600 # else\r
ca6fa1fe
QL		 601diff --git a/crypto/des/read2pwd.c b/crypto/des/read2pwd.c\r
602index 01e275f..7633139 100644\r
603--- a/crypto/des/read2pwd.c\r
604+++ b/crypto/des/read2pwd.c\r
605@@ -114,6 +114,10 @@\r
606 #include <openssl/ui.h>\r
607 #include <openssl/crypto.h>\r
608 \r
609+#ifndef BUFSIZ\r
610+#define BUFSIZ 256\r
611+#endif\r
612+\r
613 int DES_read_password(DES_cblock *key, const char *prompt, int verify)\r
614 {\r
615 int ok;\r
f0e3cd19
QL		 616diff --git a/crypto/dh/Makefile b/crypto/dh/Makefile\r
617index 46fa5ac..cc366ec 100644\r
618--- a/crypto/dh/Makefile\r
619+++ b/crypto/dh/Makefile\r
620@@ -134,7 +134,7 @@ dh_gen.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h\r
621 dh_gen.o: ../../include/openssl/ossl_typ.h ../../include/openssl/safestack.h\r
622 dh_gen.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h\r
623 dh_gen.o: ../cryptlib.h dh_gen.c\r
624-dh_kdf.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h\r
625+dh_kdf.o: ../../e_os.h ../../include/openssl/asn1.h ../../include/openssl/bio.h\r
626 dh_kdf.o: ../../include/openssl/buffer.h ../../include/openssl/cms.h\r
627 dh_kdf.o: ../../include/openssl/crypto.h ../../include/openssl/dh.h\r
628 dh_kdf.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h\r
629diff --git a/crypto/dh/dh.h b/crypto/dh/dh.h\r
630index 5498a9d..4a5c665 100644\r
631--- a/crypto/dh/dh.h\r
632+++ b/crypto/dh/dh.h\r
633@@ -240,11 +240,13 @@ DH *DH_get_1024_160(void);\r
634 DH *DH_get_2048_224(void);\r
635 DH *DH_get_2048_256(void);\r
636 \r
637+# ifndef OPENSSL_NO_CMS\r
638 /* RFC2631 KDF */\r
639 int DH_KDF_X9_42(unsigned char *out, size_t outlen,\r
640 const unsigned char *Z, size_t Zlen,\r
641 ASN1_OBJECT *key_oid,\r
642 const unsigned char *ukm, size_t ukmlen, const EVP_MD *md);\r
643+# endif\r
644 \r
645 # define EVP_PKEY_CTX_set_dh_paramgen_prime_len(ctx, len) \\r
646 EVP_PKEY_CTX_ctrl(ctx, EVP_PKEY_DH, EVP_PKEY_OP_PARAMGEN, \\r
647@@ -337,7 +339,9 @@ int DH_KDF_X9_42(unsigned char *out, size_t outlen,\r
648 \r
649 /* KDF types */\r
650 # define EVP_PKEY_DH_KDF_NONE 1\r
651+# ifndef OPENSSL_NO_CMS\r
652 # define EVP_PKEY_DH_KDF_X9_42 2\r
653+# endif\r
654 \r
655 /* BEGIN ERROR CODES */\r
656 /*\r
657diff --git a/crypto/dh/dh_kdf.c b/crypto/dh/dh_kdf.c\r
658index a882cb2..4eddb9a 100644\r
659--- a/crypto/dh/dh_kdf.c\r
660+++ b/crypto/dh/dh_kdf.c\r
661@@ -51,13 +51,18 @@\r
662 * ====================================================================\r
663 */\r
664 \r
665+#include <e_os.h>\r
666+\r
667+#ifndef OPENSSL_NO_CMS\r
668 #include <string.h>\r
669 #include <openssl/dh.h>\r
670 #include <openssl/evp.h>\r
671 #include <openssl/asn1.h>\r
672 #include <openssl/cms.h>\r
673 \r
674+\r
675 /* Key derivation from X9.42/RFC2631 */\r
676+/* Uses CMS functions, hence the #ifdef wrapper. */\r
677 \r
678 #define DH_KDF_MAX (1L << 30)\r
679 \r
680@@ -185,3 +190,4 @@ int DH_KDF_X9_42(unsigned char *out, size_t outlen,\r
681 EVP_MD_CTX_cleanup(&mctx);\r
682 return rv;\r
683 }\r
684+#endif\r
3f73ccb3 685diff --git a/crypto/dh/dh_pmeth.c b/crypto/dh/dh_pmeth.c\r
f0e3cd19 686index b58e3fa..c6288f6 100644\r
3f73ccb3
QL		 687--- a/crypto/dh/dh_pmeth.c\r
688+++ b/crypto/dh/dh_pmeth.c\r
f0e3cd19
QL		 689@@ -207,7 +207,11 @@ static int pkey_dh_ctrl(EVP_PKEY_CTX *ctx, int type, int p1, void *p2)\r
690 case EVP_PKEY_CTRL_DH_KDF_TYPE:\r
691 if (p1 == -2)\r
692 return dctx->kdf_type;\r
f93f78ea 693+#ifdef OPENSSL_NO_CMS\r
f0e3cd19 694+ if (p1 != EVP_PKEY_DH_KDF_NONE)\r
f93f78ea 695+#else\r
f0e3cd19
QL		 696 if (p1 != EVP_PKEY_DH_KDF_NONE && p1 != EVP_PKEY_DH_KDF_X9_42)\r
697+#endif\r
698 return -2;\r
699 dctx->kdf_type = p1;\r
700 return 1;\r
701@@ -448,7 +452,10 @@ static int pkey_dh_derive(EVP_PKEY_CTX *ctx, unsigned char *key,\r
702 return ret;\r
703 *keylen = ret;\r
704 return 1;\r
705- } else if (dctx->kdf_type == EVP_PKEY_DH_KDF_X9_42) {\r
706+ }\r
707+#ifndef OPENSSL_NO_CMS\r
708+ else if (dctx->kdf_type == EVP_PKEY_DH_KDF_X9_42) {\r
709+\r
f93f78ea
QL		 710 unsigned char *Z = NULL;\r
711 size_t Zlen = 0;\r
712 if (!dctx->kdf_outlen || !dctx->kdf_oid)\r
f0e3cd19 713@@ -479,7 +486,8 @@ static int pkey_dh_derive(EVP_PKEY_CTX *ctx, unsigned char *key,\r
f93f78ea
QL		 714 }\r
715 return ret;\r
f93f78ea 716 }\r
f0e3cd19
QL		 717- return 1;\r
718+#endif\r
719+ return 0;\r
f93f78ea 720 }\r
f0e3cd19
QL		 721 \r
722 const EVP_PKEY_METHOD dh_pkey_meth = {\r
723diff --git a/crypto/ec/ec_ameth.c b/crypto/ec/ec_ameth.c\r
724index 83e208c..4869098 100644\r
725--- a/crypto/ec/ec_ameth.c\r
726+++ b/crypto/ec/ec_ameth.c\r
727@@ -67,8 +67,10 @@\r
728 #include <openssl/asn1t.h>\r
729 #include "asn1_locl.h"\r
730 \r
731+#ifndef OPENSSL_NO_CMS\r
732 static int ecdh_cms_decrypt(CMS_RecipientInfo *ri);\r
733 static int ecdh_cms_encrypt(CMS_RecipientInfo *ri);\r
734+#endif\r
735 \r
736 static int eckey_param2type(int *pptype, void **ppval, EC_KEY *ec_key)\r
737 {\r
e578aa19
QL		 738diff --git a/crypto/engine/eng_int.h b/crypto/engine/eng_int.h\r
739index 46f163b..b4a72a0 100644\r
740--- a/crypto/engine/eng_int.h\r
741+++ b/crypto/engine/eng_int.h\r
742@@ -88,7 +88,7 @@ extern "C" {\r
743 (unsigned int)(e), (isfunct ? "funct" : "struct"), \\r
744 ((isfunct) ? ((e)->funct_ref - (diff)) : ((e)->struct_ref - (diff))), \\r
745 ((isfunct) ? (e)->funct_ref : (e)->struct_ref), \\r
746- (__FILE__), (__LINE__));\r
747+ (OPENSSL_FILE), (OPENSSL_LINE));\r
748 \r
749 # else\r
750 \r
751@@ -136,7 +136,7 @@ ENGINE *engine_table_select(ENGINE_TABLE **table, int nid);\r
752 # else\r
753 ENGINE *engine_table_select_tmp(ENGINE_TABLE **table, int nid, const char *f,\r
754 int l);\r
755-# define engine_table_select(t,n) engine_table_select_tmp(t,n,__FILE__,__LINE__)\r
756+# define engine_table_select(t,n) engine_table_select_tmp(t,n,OPENSSL_FILE,OPENSSL_LINE)\r
757 # endif\r
758 typedef void (engine_table_doall_cb) (int nid, STACK_OF(ENGINE) *sk,\r
759 ENGINE *def, void *arg);\r
ca6fa1fe
QL		 760diff --git a/crypto/engine/eng_openssl.c b/crypto/engine/eng_openssl.c\r
761index 34b0029..cf622bb 100644\r
762--- a/crypto/engine/eng_openssl.c\r
763+++ b/crypto/engine/eng_openssl.c\r
764@@ -86,7 +86,9 @@\r
765 * this is no longer automatic in ENGINE_load_builtin_engines().\r
766 */\r
767 #define TEST_ENG_OPENSSL_RC4\r
768+#ifndef OPENSSL_NO_FP_API\r
769 #define TEST_ENG_OPENSSL_PKEY\r
770+#endif\r
771 /* #define TEST_ENG_OPENSSL_RC4_OTHERS */\r
772 #define TEST_ENG_OPENSSL_RC4_P_INIT\r
773 /* #define TEST_ENG_OPENSSL_RC4_P_CIPHER */\r
e578aa19
QL		 774diff --git a/crypto/err/err.h b/crypto/err/err.h\r
775index 585aa8b..04c6cfc 100644\r
776--- a/crypto/err/err.h\r
777+++ b/crypto/err/err.h\r
778@@ -200,39 +200,39 @@ typedef struct err_state_st {\r
779 \r
780 # define ERR_LIB_USER 128\r
781 \r
782-# define SYSerr(f,r) ERR_PUT_error(ERR_LIB_SYS,(f),(r),__FILE__,__LINE__)\r
783-# define BNerr(f,r) ERR_PUT_error(ERR_LIB_BN,(f),(r),__FILE__,__LINE__)\r
784-# define RSAerr(f,r) ERR_PUT_error(ERR_LIB_RSA,(f),(r),__FILE__,__LINE__)\r
785-# define DHerr(f,r) ERR_PUT_error(ERR_LIB_DH,(f),(r),__FILE__,__LINE__)\r
786-# define EVPerr(f,r) ERR_PUT_error(ERR_LIB_EVP,(f),(r),__FILE__,__LINE__)\r
787-# define BUFerr(f,r) ERR_PUT_error(ERR_LIB_BUF,(f),(r),__FILE__,__LINE__)\r
788-# define OBJerr(f,r) ERR_PUT_error(ERR_LIB_OBJ,(f),(r),__FILE__,__LINE__)\r
789-# define PEMerr(f,r) ERR_PUT_error(ERR_LIB_PEM,(f),(r),__FILE__,__LINE__)\r
790-# define DSAerr(f,r) ERR_PUT_error(ERR_LIB_DSA,(f),(r),__FILE__,__LINE__)\r
791-# define X509err(f,r) ERR_PUT_error(ERR_LIB_X509,(f),(r),__FILE__,__LINE__)\r
792-# define ASN1err(f,r) ERR_PUT_error(ERR_LIB_ASN1,(f),(r),__FILE__,__LINE__)\r
793-# define CONFerr(f,r) ERR_PUT_error(ERR_LIB_CONF,(f),(r),__FILE__,__LINE__)\r
794-# define CRYPTOerr(f,r) ERR_PUT_error(ERR_LIB_CRYPTO,(f),(r),__FILE__,__LINE__)\r
795-# define ECerr(f,r) ERR_PUT_error(ERR_LIB_EC,(f),(r),__FILE__,__LINE__)\r
796-# define SSLerr(f,r) ERR_PUT_error(ERR_LIB_SSL,(f),(r),__FILE__,__LINE__)\r
797-# define BIOerr(f,r) ERR_PUT_error(ERR_LIB_BIO,(f),(r),__FILE__,__LINE__)\r
798-# define PKCS7err(f,r) ERR_PUT_error(ERR_LIB_PKCS7,(f),(r),__FILE__,__LINE__)\r
799-# define X509V3err(f,r) ERR_PUT_error(ERR_LIB_X509V3,(f),(r),__FILE__,__LINE__)\r
800-# define PKCS12err(f,r) ERR_PUT_error(ERR_LIB_PKCS12,(f),(r),__FILE__,__LINE__)\r
801-# define RANDerr(f,r) ERR_PUT_error(ERR_LIB_RAND,(f),(r),__FILE__,__LINE__)\r
802-# define DSOerr(f,r) ERR_PUT_error(ERR_LIB_DSO,(f),(r),__FILE__,__LINE__)\r
803-# define ENGINEerr(f,r) ERR_PUT_error(ERR_LIB_ENGINE,(f),(r),__FILE__,__LINE__)\r
804-# define OCSPerr(f,r) ERR_PUT_error(ERR_LIB_OCSP,(f),(r),__FILE__,__LINE__)\r
805-# define UIerr(f,r) ERR_PUT_error(ERR_LIB_UI,(f),(r),__FILE__,__LINE__)\r
806-# define COMPerr(f,r) ERR_PUT_error(ERR_LIB_COMP,(f),(r),__FILE__,__LINE__)\r
807-# define ECDSAerr(f,r) ERR_PUT_error(ERR_LIB_ECDSA,(f),(r),__FILE__,__LINE__)\r
808-# define ECDHerr(f,r) ERR_PUT_error(ERR_LIB_ECDH,(f),(r),__FILE__,__LINE__)\r
809-# define STOREerr(f,r) ERR_PUT_error(ERR_LIB_STORE,(f),(r),__FILE__,__LINE__)\r
810-# define FIPSerr(f,r) ERR_PUT_error(ERR_LIB_FIPS,(f),(r),__FILE__,__LINE__)\r
811-# define CMSerr(f,r) ERR_PUT_error(ERR_LIB_CMS,(f),(r),__FILE__,__LINE__)\r
812-# define TSerr(f,r) ERR_PUT_error(ERR_LIB_TS,(f),(r),__FILE__,__LINE__)\r
813-# define HMACerr(f,r) ERR_PUT_error(ERR_LIB_HMAC,(f),(r),__FILE__,__LINE__)\r
814-# define JPAKEerr(f,r) ERR_PUT_error(ERR_LIB_JPAKE,(f),(r),__FILE__,__LINE__)\r
815+# define SYSerr(f,r) ERR_PUT_error(ERR_LIB_SYS,(f),(r),OPENSSL_FILE,OPENSSL_LINE)\r
816+# define BNerr(f,r) ERR_PUT_error(ERR_LIB_BN,(f),(r),OPENSSL_FILE,OPENSSL_LINE)\r
817+# define RSAerr(f,r) ERR_PUT_error(ERR_LIB_RSA,(f),(r),OPENSSL_FILE,OPENSSL_LINE)\r
818+# define DHerr(f,r) ERR_PUT_error(ERR_LIB_DH,(f),(r),OPENSSL_FILE,OPENSSL_LINE)\r
819+# define EVPerr(f,r) ERR_PUT_error(ERR_LIB_EVP,(f),(r),OPENSSL_FILE,OPENSSL_LINE)\r
820+# define BUFerr(f,r) ERR_PUT_error(ERR_LIB_BUF,(f),(r),OPENSSL_FILE,OPENSSL_LINE)\r
821+# define OBJerr(f,r) ERR_PUT_error(ERR_LIB_OBJ,(f),(r),OPENSSL_FILE,OPENSSL_LINE)\r
822+# define PEMerr(f,r) ERR_PUT_error(ERR_LIB_PEM,(f),(r),OPENSSL_FILE,OPENSSL_LINE)\r
823+# define DSAerr(f,r) ERR_PUT_error(ERR_LIB_DSA,(f),(r),OPENSSL_FILE,OPENSSL_LINE)\r
824+# define X509err(f,r) ERR_PUT_error(ERR_LIB_X509,(f),(r),OPENSSL_FILE,OPENSSL_LINE)\r
825+# define ASN1err(f,r) ERR_PUT_error(ERR_LIB_ASN1,(f),(r),OPENSSL_FILE,OPENSSL_LINE)\r
826+# define CONFerr(f,r) ERR_PUT_error(ERR_LIB_CONF,(f),(r),OPENSSL_FILE,OPENSSL_LINE)\r
827+# define CRYPTOerr(f,r) ERR_PUT_error(ERR_LIB_CRYPTO,(f),(r),OPENSSL_FILE,OPENSSL_LINE)\r
828+# define ECerr(f,r) ERR_PUT_error(ERR_LIB_EC,(f),(r),OPENSSL_FILE,OPENSSL_LINE)\r
829+# define SSLerr(f,r) ERR_PUT_error(ERR_LIB_SSL,(f),(r),OPENSSL_FILE,OPENSSL_LINE)\r
830+# define BIOerr(f,r) ERR_PUT_error(ERR_LIB_BIO,(f),(r),OPENSSL_FILE,OPENSSL_LINE)\r
831+# define PKCS7err(f,r) ERR_PUT_error(ERR_LIB_PKCS7,(f),(r),OPENSSL_FILE,OPENSSL_LINE)\r
832+# define X509V3err(f,r) ERR_PUT_error(ERR_LIB_X509V3,(f),(r),OPENSSL_FILE,OPENSSL_LINE)\r
833+# define PKCS12err(f,r) ERR_PUT_error(ERR_LIB_PKCS12,(f),(r),OPENSSL_FILE,OPENSSL_LINE)\r
834+# define RANDerr(f,r) ERR_PUT_error(ERR_LIB_RAND,(f),(r),OPENSSL_FILE,OPENSSL_LINE)\r
835+# define DSOerr(f,r) ERR_PUT_error(ERR_LIB_DSO,(f),(r),OPENSSL_FILE,OPENSSL_LINE)\r
836+# define ENGINEerr(f,r) ERR_PUT_error(ERR_LIB_ENGINE,(f),(r),OPENSSL_FILE,OPENSSL_LINE)\r
837+# define OCSPerr(f,r) ERR_PUT_error(ERR_LIB_OCSP,(f),(r),OPENSSL_FILE,OPENSSL_LINE)\r
838+# define UIerr(f,r) ERR_PUT_error(ERR_LIB_UI,(f),(r),OPENSSL_FILE,OPENSSL_LINE)\r
839+# define COMPerr(f,r) ERR_PUT_error(ERR_LIB_COMP,(f),(r),OPENSSL_FILE,OPENSSL_LINE)\r
840+# define ECDSAerr(f,r) ERR_PUT_error(ERR_LIB_ECDSA,(f),(r),OPENSSL_FILE,OPENSSL_LINE)\r
841+# define ECDHerr(f,r) ERR_PUT_error(ERR_LIB_ECDH,(f),(r),OPENSSL_FILE,OPENSSL_LINE)\r
842+# define STOREerr(f,r) ERR_PUT_error(ERR_LIB_STORE,(f),(r),OPENSSL_FILE,OPENSSL_LINE)\r
843+# define FIPSerr(f,r) ERR_PUT_error(ERR_LIB_FIPS,(f),(r),OPENSSL_FILE,OPENSSL_LINE)\r
844+# define CMSerr(f,r) ERR_PUT_error(ERR_LIB_CMS,(f),(r),OPENSSL_FILE,OPENSSL_LINE)\r
845+# define TSerr(f,r) ERR_PUT_error(ERR_LIB_TS,(f),(r),OPENSSL_FILE,OPENSSL_LINE)\r
846+# define HMACerr(f,r) ERR_PUT_error(ERR_LIB_HMAC,(f),(r),OPENSSL_FILE,OPENSSL_LINE)\r
847+# define JPAKEerr(f,r) ERR_PUT_error(ERR_LIB_JPAKE,(f),(r),OPENSSL_FILE,OPENSSL_LINE)\r
848 \r
849 /*\r
850 * Borland C seems too stupid to be able to shift and do longs in the\r
851diff --git a/crypto/opensslconf.h.in b/crypto/opensslconf.h.in\r
65213f29 852index 7a1c85d..7162c0f 100644\r
e578aa19
QL		 853--- a/crypto/opensslconf.h.in\r
854+++ b/crypto/opensslconf.h.in\r
855@@ -1,5 +1,15 @@\r
856 /* crypto/opensslconf.h.in */\r
857 \r
858+#ifndef OPENSSL_FILE\r
859+#ifdef OPENSSL_NO_FILENAMES\r
860+#define OPENSSL_FILE ""\r
861+#define OPENSSL_LINE 0\r
862+#else\r
863+#define OPENSSL_FILE __FILE__\r
864+#define OPENSSL_LINE __LINE__\r
865+#endif\r
866+#endif\r
867+\r
868 /* Generate 80386 code? */\r
869 #undef I386_ONLY\r
870 \r
65213f29
QL		 871@@ -56,7 +66,7 @@\r
872 #endif\r
873 #endif\r
874 \r
875-#if defined(HEADER_BN_H) && !defined(CONFIG_HEADER_BN_H)\r
876+#if defined(HEADER_BN_H) && !defined(CONFIG_HEADER_BN_H) && !defined(OPENSSL_SYSNAME_UEFI)\r
877 #define CONFIG_HEADER_BN_H\r
878 #undef BN_LLONG\r
879 \r
3f73ccb3 880diff --git a/crypto/pem/pem.h b/crypto/pem/pem.h\r
ca6fa1fe 881index d3b23fc..87b0b6a 100644\r
3f73ccb3
QL		 882--- a/crypto/pem/pem.h\r
883+++ b/crypto/pem/pem.h\r
884@@ -324,6 +324,7 @@ int PEM_write_bio_##name(BIO *bp, type *x, const EVP_CIPHER *enc, \\r
f93f78ea
QL		 885 \r
886 # define DECLARE_PEM_read_fp(name, type) /**/\r
887 # define DECLARE_PEM_write_fp(name, type) /**/\r
888+# define DECLARE_PEM_write_fp_const(name, type) /**/\r
889 # define DECLARE_PEM_write_cb_fp(name, type) /**/\r
890 # else\r
891 \r
ca6fa1fe
QL		 892@@ -417,6 +418,7 @@ int PEM_X509_INFO_write_bio(BIO *bp, X509_INFO *xi, EVP_CIPHER *enc,\r
893 pem_password_cb *cd, void *u);\r
894 # endif\r
895 \r
896+#ifndef OPENSSL_NO_FP_API\r
897 int PEM_read(FILE *fp, char **name, char **header,\r
898 unsigned char **data, long *len);\r
899 int PEM_write(FILE *fp, const char *name, const char *hdr,\r
900@@ -428,6 +430,7 @@ int PEM_ASN1_write(i2d_of_void *i2d, const char *name, FILE *fp,\r
901 int klen, pem_password_cb *callback, void *u);\r
902 STACK_OF(X509_INFO) *PEM_X509_INFO_read(FILE *fp, STACK_OF(X509_INFO) *sk,\r
903 pem_password_cb *cb, void *u);\r
904+#endif\r
905 \r
906 int PEM_SealInit(PEM_ENCODE_SEAL_CTX *ctx, EVP_CIPHER *type,\r
907 EVP_MD *md_type, unsigned char **ek, int *ekl,\r
908@@ -494,6 +497,7 @@ int i2d_PKCS8PrivateKey_nid_bio(BIO *bp, EVP_PKEY *x, int nid,\r
909 EVP_PKEY *d2i_PKCS8PrivateKey_bio(BIO *bp, EVP_PKEY **x, pem_password_cb *cb,\r
910 void *u);\r
911 \r
912+#ifndef OPENSSL_NO_FP_API\r
913 int i2d_PKCS8PrivateKey_fp(FILE *fp, EVP_PKEY *x, const EVP_CIPHER *enc,\r
914 char *kstr, int klen,\r
915 pem_password_cb *cb, void *u);\r
916@@ -510,7 +514,7 @@ EVP_PKEY *d2i_PKCS8PrivateKey_fp(FILE *fp, EVP_PKEY **x, pem_password_cb *cb,\r
917 int PEM_write_PKCS8PrivateKey(FILE *fp, EVP_PKEY *x, const EVP_CIPHER *enc,\r
918 char *kstr, int klen, pem_password_cb *cd,\r
919 void *u);\r
920-\r
921+#endif\r
922 EVP_PKEY *PEM_read_bio_Parameters(BIO *bp, EVP_PKEY **x);\r
923 int PEM_write_bio_Parameters(BIO *bp, EVP_PKEY *x);\r
924 \r
925diff --git a/crypto/pem/pem_pk8.c b/crypto/pem/pem_pk8.c\r
926index 5747c73..fe465cc 100644\r
927--- a/crypto/pem/pem_pk8.c\r
928+++ b/crypto/pem/pem_pk8.c\r
929@@ -69,10 +69,12 @@\r
930 static int do_pk8pkey(BIO *bp, EVP_PKEY *x, int isder,\r
931 int nid, const EVP_CIPHER *enc,\r
932 char *kstr, int klen, pem_password_cb *cb, void *u);\r
933+\r
934+#ifndef OPENSSL_NO_FP_API\r
935 static int do_pk8pkey_fp(FILE *bp, EVP_PKEY *x, int isder,\r
936 int nid, const EVP_CIPHER *enc,\r
937 char *kstr, int klen, pem_password_cb *cb, void *u);\r
938-\r
939+#endif\r
940 /*\r
941 * These functions write a private key in PKCS#8 format: it is a "drop in"\r
942 * replacement for PEM_write_bio_PrivateKey() and friends. As usual if 'enc'\r
3f73ccb3 943diff --git a/crypto/pkcs7/pk7_smime.c b/crypto/pkcs7/pk7_smime.c\r
b9dbddd8 944index c4d3724..0bc3d43 100644\r
3f73ccb3
QL		 945--- a/crypto/pkcs7/pk7_smime.c\r
946+++ b/crypto/pkcs7/pk7_smime.c\r
b9dbddd8
QL		 947@@ -64,6 +64,9 @@\r
948 #include <openssl/x509.h>\r
949 #include <openssl/x509v3.h>\r
950 \r
951+\r
952+#define BUFFERSIZE 4096\r
953+\r
954 static int pkcs7_copy_existing_digest(PKCS7 *p7, PKCS7_SIGNER_INFO *si);\r
955 \r
956 PKCS7 *PKCS7_sign(X509 *signcert, EVP_PKEY *pkey, STACK_OF(X509) *certs,\r
957@@ -254,7 +257,7 @@ int PKCS7_verify(PKCS7 *p7, STACK_OF(X509) *certs, X509_STORE *store,\r
f93f78ea
QL		 958 STACK_OF(PKCS7_SIGNER_INFO) *sinfos;\r
959 PKCS7_SIGNER_INFO *si;\r
960 X509_STORE_CTX cert_ctx;\r
961- char buf[4096];\r
962+ char *buf = NULL;\r
f93f78ea 963 int i, j = 0, k, ret = 0;\r
65202874
QL		 964 BIO *p7bio = NULL;\r
965 BIO *tmpin = NULL, *tmpout = NULL;\r
b9dbddd8 966@@ -274,12 +277,29 @@ int PKCS7_verify(PKCS7 *p7, STACK_OF(X509) *certs, X509_STORE *store,\r
503f6e38 967 PKCS7err(PKCS7_F_PKCS7_VERIFY, PKCS7_R_NO_CONTENT);\r
65202874
QL		 968 return 0;\r
969 }\r
503f6e38
QL		 970+#if 0\r
971+ /*\r
972+ * NB: this test commented out because some versions of Netscape\r
973+ * illegally include zero length content when signing data. Also\r
974+ * Microsoft Authenticode includes a SpcIndirectDataContent data\r
975+ * structure which describes the content to be protected by the\r
976+ * signature, rather than directly embedding that content. So\r
977+ * Authenticode implementations are also expected to use\r
978+ * PKCS7_verify() with explicit external data, on non-detached\r
979+ * PKCS#7 signatures.\r
980+ *\r
981+ * In OpenSSL 1.1 a new flag PKCS7_NO_DUAL_CONTENT has been\r
982+ * introduced to disable this sanity check. For the 1.0.2 branch\r
983+ * this change is not acceptable, so the check remains completely\r
984+ * commented out (as it has been for a long time).\r
985+ */\r
986 \r
987 /* Check for data and content: two sets of data */\r
988 if (!PKCS7_get_detached(p7) && indata) {\r
989 PKCS7err(PKCS7_F_PKCS7_VERIFY, PKCS7_R_CONTENT_AND_DATA_PRESENT);\r
990 return 0;\r
991 }\r
992+#endif\r
65202874 993 \r
65202874
QL		 994 sinfos = PKCS7_get_signer_info(p7);\r
995 \r
b9dbddd8 996@@ -356,8 +376,12 @@ int PKCS7_verify(PKCS7 *p7, STACK_OF(X509) *certs, X509_STORE *store,\r
f93f78ea
QL		 997 tmpout = out;\r
998 \r
b9dbddd8
QL		 999 /* We now have to 'read' from p7bio to calculate digests etc. */\r
1000+ if ((buf = OPENSSL_malloc(BUFFERSIZE)) == NULL) {\r
1001+ PKCS7err(PKCS7_F_PKCS7_VERIFY, ERR_R_MALLOC_FAILURE);\r
f93f78ea
QL		 1002+ goto err;\r
1003+ }\r
f93f78ea
QL		 1004 for (;;) {\r
1005- i = BIO_read(p7bio, buf, sizeof(buf));\r
b9dbddd8 1006+ i = BIO_read(p7bio, buf, BUFFERSIZE);\r
f93f78ea
QL		 1007 if (i <= 0)\r
1008 break;\r
1009 if (tmpout)\r
b9dbddd8
QL		 1010@@ -388,6 +412,7 @@ int PKCS7_verify(PKCS7 *p7, STACK_OF(X509) *certs, X509_STORE *store,\r
1011 ret = 1;\r
1012 \r
1013 err:\r
1014+ OPENSSL_free(buf);\r
1015 if (tmpin == indata) {\r
1016 if (indata)\r
1017 BIO_pop(p7bio);\r
1018@@ -506,7 +531,7 @@ int PKCS7_decrypt(PKCS7 *p7, EVP_PKEY *pkey, X509 *cert, BIO *data, int flags)\r
1019 {\r
1020 BIO *tmpmem;\r
1021 int ret, i;\r
1022- char buf[4096];\r
1023+ char *buf = NULL;\r
1024 \r
1025 if (!p7) {\r
1026 PKCS7err(PKCS7_F_PKCS7_DECRYPT, PKCS7_R_INVALID_NULL_POINTER);\r
1027@@ -550,24 +575,29 @@ int PKCS7_decrypt(PKCS7 *p7, EVP_PKEY *pkey, X509 *cert, BIO *data, int flags)\r
1028 }\r
1029 BIO_free_all(bread);\r
1030 return ret;\r
1031- } else {\r
1032- for (;;) {\r
1033- i = BIO_read(tmpmem, buf, sizeof(buf));\r
1034- if (i <= 0) {\r
1035- ret = 1;\r
1036- if (BIO_method_type(tmpmem) == BIO_TYPE_CIPHER) {\r
1037- if (!BIO_get_cipher_status(tmpmem))\r
1038- ret = 0;\r
1039- }\r
1040-\r
1041- break;\r
1042- }\r
1043- if (BIO_write(data, buf, i) != i) {\r
1044- ret = 0;\r
1045- break;\r
f93f78ea 1046+ }\r
b9dbddd8
QL		 1047+ if ((buf = OPENSSL_malloc(BUFFERSIZE)) == NULL) {\r
1048+ PKCS7err(PKCS7_F_PKCS7_DECRYPT, ERR_R_MALLOC_FAILURE);\r
1049+ goto err;\r
1050+ }\r
1051+ for (;;) {\r
1052+ i = BIO_read(tmpmem, buf, BUFFERSIZE);\r
1053+ if (i <= 0) {\r
1054+ ret = 1;\r
1055+ if (BIO_method_type(tmpmem) == BIO_TYPE_CIPHER) {\r
1056+ if (!BIO_get_cipher_status(tmpmem))\r
1057+ ret = 0;\r
1058 }\r
1059+\r
1060+ break;\r
1061+ }\r
1062+ if (BIO_write(data, buf, i) != i) {\r
1063+ ret = 0;\r
1064+ break;\r
1065 }\r
1066- BIO_free_all(tmpmem);\r
1067- return ret;\r
1068 }\r
1069+err:\r
1070+ OPENSSL_free(buf);\r
1071+ BIO_free_all(tmpmem);\r
1072+ return ret;\r
f93f78ea 1073 }\r
65213f29
QL		 1074diff --git a/crypto/rand/rand_egd.c b/crypto/rand/rand_egd.c\r
1075index 737aebf..f23f348 100644\r
1076--- a/crypto/rand/rand_egd.c\r
1077+++ b/crypto/rand/rand_egd.c\r
1078@@ -95,7 +95,7 @@\r
1079 * RAND_egd() is a wrapper for RAND_egd_bytes() with numbytes=255.\r
1080 */\r
1081 \r
1082-#if defined(OPENSSL_SYS_WIN32) || defined(OPENSSL_SYS_VMS) || defined(OPENSSL_SYS_MSDOS) || defined(OPENSSL_SYS_VXWORKS) || defined(OPENSSL_SYS_NETWARE) || defined(OPENSSL_SYS_VOS) || defined(OPENSSL_SYS_BEOS)\r
1083+#if defined(OPENSSL_SYS_WIN32) || defined(OPENSSL_SYS_VMS) || defined(OPENSSL_SYS_MSDOS) || defined(OPENSSL_SYS_VXWORKS) || defined(OPENSSL_SYS_NETWARE) || defined(OPENSSL_SYS_VOS) || defined(OPENSSL_SYS_BEOS) || defined(OPENSSL_SYS_UEFI)\r
1084 int RAND_query_egd_bytes(const char *path, unsigned char *buf, int bytes)\r
1085 {\r
1086 return (-1);\r
3f73ccb3
QL		 1087diff --git a/crypto/rand/rand_unix.c b/crypto/rand/rand_unix.c\r
1088index 266111e..f60fac6 100644\r
1089--- a/crypto/rand/rand_unix.c\r
1090+++ b/crypto/rand/rand_unix.c\r
f93f78ea
QL		 1091@@ -116,7 +116,7 @@\r
1092 #include <openssl/rand.h>\r
1093 #include "rand_lcl.h"\r
1094 \r
1095-#if !(defined(OPENSSL_SYS_WINDOWS) || defined(OPENSSL_SYS_WIN32) || defined(OPENSSL_SYS_VMS) || defined(OPENSSL_SYS_OS2) || defined(OPENSSL_SYS_VXWORKS) || defined(OPENSSL_SYS_NETWARE))\r
1096+#if !(defined(OPENSSL_SYS_WINDOWS) || defined(OPENSSL_SYS_WIN32) || defined(OPENSSL_SYS_VMS) || defined(OPENSSL_SYS_OS2) || defined(OPENSSL_SYS_VXWORKS) || defined(OPENSSL_SYS_NETWARE) || defined(OPENSSL_SYS_UEFI))\r
1097 \r
1098 # include <sys/types.h>\r
1099 # include <sys/time.h>\r
3f73ccb3 1100@@ -439,7 +439,7 @@ int RAND_poll(void)\r
f93f78ea
QL		 1101 * defined(OPENSSL_SYS_VXWORKS) ||\r
1102 * defined(OPENSSL_SYS_NETWARE)) */\r
1103 \r
1104-#if defined(OPENSSL_SYS_VXWORKS)\r
1105+#if defined(OPENSSL_SYS_VXWORKS) || defined(OPENSSL_SYS_UEFI)\r
1106 int RAND_poll(void)\r
1107 {\r
1108 return 0;\r
3f73ccb3 1109diff --git a/crypto/rsa/rsa_ameth.c b/crypto/rsa/rsa_ameth.c\r
f0e3cd19 1110index 4e06218..ddead3d 100644\r
3f73ccb3
QL		 1111--- a/crypto/rsa/rsa_ameth.c\r
1112+++ b/crypto/rsa/rsa_ameth.c\r
f93f78ea
QL		 1113@@ -68,10 +68,12 @@\r
1114 #endif\r
1115 #include "asn1_locl.h"\r
1116 \r
1117+#ifndef OPENSSL_NO_CMS\r
1118 static int rsa_cms_sign(CMS_SignerInfo *si);\r
1119 static int rsa_cms_verify(CMS_SignerInfo *si);\r
1120 static int rsa_cms_decrypt(CMS_RecipientInfo *ri);\r
1121 static int rsa_cms_encrypt(CMS_RecipientInfo *ri);\r
1122+#endif\r
1123 \r
1124 static int rsa_pub_encode(X509_PUBKEY *pk, const EVP_PKEY *pkey)\r
1125 {\r
3f73ccb3 1126@@ -665,6 +667,7 @@ static int rsa_pss_to_ctx(EVP_MD_CTX *ctx, EVP_PKEY_CTX *pkctx,\r
f93f78ea
QL		 1127 return rv;\r
1128 }\r
1129 \r
1130+#ifndef OPENSSL_NO_CMS\r
1131 static int rsa_cms_verify(CMS_SignerInfo *si)\r
1132 {\r
1133 int nid, nid2;\r
3f73ccb3 1134@@ -683,6 +686,7 @@ static int rsa_cms_verify(CMS_SignerInfo *si)\r
f93f78ea
QL		 1135 }\r
1136 return 0;\r
1137 }\r
1138+#endif\r
1139 \r
1140 /*\r
1141 * Customised RSA item verification routine. This is called when a signature\r
3f73ccb3 1142@@ -705,6 +709,7 @@ static int rsa_item_verify(EVP_MD_CTX *ctx, const ASN1_ITEM *it, void *asn,\r
f93f78ea
QL		 1143 return -1;\r
1144 }\r
1145 \r
1146+#ifndef OPENSSL_NO_CMS\r
1147 static int rsa_cms_sign(CMS_SignerInfo *si)\r
1148 {\r
1149 int pad_mode = RSA_PKCS1_PADDING;\r
3f73ccb3 1150@@ -729,6 +734,7 @@ static int rsa_cms_sign(CMS_SignerInfo *si)\r
f93f78ea
QL		 1151 X509_ALGOR_set0(alg, OBJ_nid2obj(NID_rsassaPss), V_ASN1_SEQUENCE, os);\r
1152 return 1;\r
1153 }\r
1154+#endif\r
1155 \r
1156 static int rsa_item_sign(EVP_MD_CTX *ctx, const ASN1_ITEM *it, void *asn,\r
1157 X509_ALGOR *alg1, X509_ALGOR *alg2,\r
f0e3cd19
QL		 1158@@ -762,6 +768,7 @@ static int rsa_item_sign(EVP_MD_CTX *ctx, const ASN1_ITEM *it, void *asn,\r
1159 return 2;\r
f93f78ea
QL		 1160 }\r
1161 \r
1162+#ifndef OPENSSL_NO_CMS\r
f0e3cd19
QL		 1163 static RSA_OAEP_PARAMS *rsa_oaep_decode(const X509_ALGOR *alg,\r
1164 X509_ALGOR **pmaskHash)\r
f93f78ea 1165 {\r
f0e3cd19 1166@@ -920,6 +927,7 @@ static int rsa_cms_encrypt(CMS_RecipientInfo *ri)\r
f93f78ea
QL		 1167 ASN1_STRING_free(os);\r
1168 return rv;\r
1169 }\r
1170+#endif\r
1171 \r
1172 const EVP_PKEY_ASN1_METHOD rsa_asn1_meths[] = {\r
1173 {\r
ca6fa1fe
QL		 1174diff --git a/crypto/srp/srp.h b/crypto/srp/srp.h\r
1175index d072536..73b945f 100644\r
1176--- a/crypto/srp/srp.h\r
1177+++ b/crypto/srp/srp.h\r
1178@@ -114,7 +114,9 @@ DECLARE_STACK_OF(SRP_gN)\r
1179 \r
1180 SRP_VBASE *SRP_VBASE_new(char *seed_key);\r
1181 int SRP_VBASE_free(SRP_VBASE *vb);\r
1182+#ifndef OPENSSL_NO_STDIO\r
1183 int SRP_VBASE_init(SRP_VBASE *vb, char *verifier_file);\r
1184+#endif\r
1185 SRP_user_pwd *SRP_VBASE_get_by_user(SRP_VBASE *vb, char *username);\r
1186 char *SRP_create_verifier(const char *user, const char *pass, char **salt,\r
1187 char **verifier, const char *N, const char *g);\r
1188diff --git a/crypto/srp/srp_vfy.c b/crypto/srp/srp_vfy.c\r
1189index a3f1a8a..3fbb186 100644\r
1190--- a/crypto/srp/srp_vfy.c\r
1191+++ b/crypto/srp/srp_vfy.c\r
1192@@ -225,6 +225,7 @@ static int SRP_user_pwd_set_ids(SRP_user_pwd *vinfo, const char *id,\r
1193 return (info == NULL || NULL != (vinfo->info = BUF_strdup(info)));\r
1194 }\r
1195 \r
1196+#ifndef OPENSSL_NO_STDIO\r
1197 static int SRP_user_pwd_set_sv(SRP_user_pwd *vinfo, const char *s,\r
1198 const char *v)\r
1199 {\r
1200@@ -239,6 +240,7 @@ static int SRP_user_pwd_set_sv(SRP_user_pwd *vinfo, const char *s,\r
1201 len = t_fromb64(tmp, s);\r
1202 return ((vinfo->s = BN_bin2bn(tmp, len, NULL)) != NULL);\r
1203 }\r
1204+#endif\r
1205 \r
1206 static int SRP_user_pwd_set_sv_BN(SRP_user_pwd *vinfo, BIGNUM *s, BIGNUM *v)\r
1207 {\r
1208@@ -279,6 +281,7 @@ int SRP_VBASE_free(SRP_VBASE *vb)\r
1209 return 0;\r
1210 }\r
1211 \r
1212+#ifndef OPENSSL_NO_STDIO\r
1213 static SRP_gN_cache *SRP_gN_new_init(const char *ch)\r
1214 {\r
1215 unsigned char tmp[MAX_LEN];\r
1216@@ -310,6 +313,7 @@ static void SRP_gN_free(SRP_gN_cache *gN_cache)\r
1217 BN_free(gN_cache->bn);\r
1218 OPENSSL_free(gN_cache);\r
1219 }\r
1220+#endif\r
1221 \r
1222 static SRP_gN *SRP_get_gN_by_id(const char *id, STACK_OF(SRP_gN) *gN_tab)\r
1223 {\r
1224@@ -326,6 +330,7 @@ static SRP_gN *SRP_get_gN_by_id(const char *id, STACK_OF(SRP_gN) *gN_tab)\r
1225 return SRP_get_default_gN(id);\r
1226 }\r
1227 \r
1228+#ifndef OPENSSL_NO_STDIO\r
1229 static BIGNUM *SRP_gN_place_bn(STACK_OF(SRP_gN_cache) *gN_cache, char *ch)\r
1230 {\r
1231 int i;\r
1232@@ -467,6 +472,7 @@ int SRP_VBASE_init(SRP_VBASE *vb, char *verifier_file)\r
1233 return error_code;\r
1234 \r
1235 }\r
1236+#endif\r
1237 \r
1238 SRP_user_pwd *SRP_VBASE_get_by_user(SRP_VBASE *vb, char *username)\r
1239 {\r
1240diff --git a/crypto/ts/ts.h b/crypto/ts/ts.h\r
1241index 16eccbb..a9fe40e 100644\r
1242--- a/crypto/ts/ts.h\r
1243+++ b/crypto/ts/ts.h\r
1244@@ -281,8 +281,10 @@ TS_REQ *d2i_TS_REQ(TS_REQ **a, const unsigned char **pp, long length);\r
1245 \r
1246 TS_REQ *TS_REQ_dup(TS_REQ *a);\r
1247 \r
1248+#ifndef OPENSSL_NO_FP_API\r
1249 TS_REQ *d2i_TS_REQ_fp(FILE *fp, TS_REQ **a);\r
1250 int i2d_TS_REQ_fp(FILE *fp, TS_REQ *a);\r
1251+#endif\r
1252 TS_REQ *d2i_TS_REQ_bio(BIO *fp, TS_REQ **a);\r
1253 int i2d_TS_REQ_bio(BIO *fp, TS_REQ *a);\r
1254 \r
1255@@ -294,10 +296,12 @@ TS_MSG_IMPRINT *d2i_TS_MSG_IMPRINT(TS_MSG_IMPRINT **a,\r
1256 \r
1257 TS_MSG_IMPRINT *TS_MSG_IMPRINT_dup(TS_MSG_IMPRINT *a);\r
1258 \r
1259+#ifndef OPENSSL_NO_FP_API\r
1260 TS_MSG_IMPRINT *d2i_TS_MSG_IMPRINT_fp(FILE *fp, TS_MSG_IMPRINT **a);\r
1261 int i2d_TS_MSG_IMPRINT_fp(FILE *fp, TS_MSG_IMPRINT *a);\r
1262-TS_MSG_IMPRINT *d2i_TS_MSG_IMPRINT_bio(BIO *fp, TS_MSG_IMPRINT **a);\r
1263-int i2d_TS_MSG_IMPRINT_bio(BIO *fp, TS_MSG_IMPRINT *a);\r
1264+#endif\r
1265+TS_MSG_IMPRINT *d2i_TS_MSG_IMPRINT_bio(BIO *bio, TS_MSG_IMPRINT **a);\r
1266+int i2d_TS_MSG_IMPRINT_bio(BIO *bio, TS_MSG_IMPRINT *a);\r
1267 \r
1268 TS_RESP *TS_RESP_new(void);\r
1269 void TS_RESP_free(TS_RESP *a);\r
1270@@ -306,10 +310,12 @@ TS_RESP *d2i_TS_RESP(TS_RESP **a, const unsigned char **pp, long length);\r
1271 TS_TST_INFO *PKCS7_to_TS_TST_INFO(PKCS7 *token);\r
1272 TS_RESP *TS_RESP_dup(TS_RESP *a);\r
1273 \r
1274+#ifndef OPENSSL_NO_FP_API\r
1275 TS_RESP *d2i_TS_RESP_fp(FILE *fp, TS_RESP **a);\r
1276 int i2d_TS_RESP_fp(FILE *fp, TS_RESP *a);\r
1277-TS_RESP *d2i_TS_RESP_bio(BIO *fp, TS_RESP **a);\r
1278-int i2d_TS_RESP_bio(BIO *fp, TS_RESP *a);\r
1279+#endif\r
1280+TS_RESP *d2i_TS_RESP_bio(BIO *bio, TS_RESP **a);\r
1281+int i2d_TS_RESP_bio(BIO *bio, TS_RESP *a);\r
1282 \r
1283 TS_STATUS_INFO *TS_STATUS_INFO_new(void);\r
1284 void TS_STATUS_INFO_free(TS_STATUS_INFO *a);\r
1285@@ -325,10 +331,12 @@ TS_TST_INFO *d2i_TS_TST_INFO(TS_TST_INFO **a, const unsigned char **pp,\r
1286 long length);\r
1287 TS_TST_INFO *TS_TST_INFO_dup(TS_TST_INFO *a);\r
1288 \r
1289+#ifndef OPENSSL_NO_FP_API\r
1290 TS_TST_INFO *d2i_TS_TST_INFO_fp(FILE *fp, TS_TST_INFO **a);\r
1291 int i2d_TS_TST_INFO_fp(FILE *fp, TS_TST_INFO *a);\r
1292-TS_TST_INFO *d2i_TS_TST_INFO_bio(BIO *fp, TS_TST_INFO **a);\r
1293-int i2d_TS_TST_INFO_bio(BIO *fp, TS_TST_INFO *a);\r
1294+#endif\r
1295+TS_TST_INFO *d2i_TS_TST_INFO_bio(BIO *bio, TS_TST_INFO **a);\r
1296+int i2d_TS_TST_INFO_bio(BIO *bio, TS_TST_INFO *a);\r
1297 \r
1298 TS_ACCURACY *TS_ACCURACY_new(void);\r
1299 void TS_ACCURACY_free(TS_ACCURACY *a);\r
1300@@ -728,15 +736,18 @@ int TS_MSG_IMPRINT_print_bio(BIO *bio, TS_MSG_IMPRINT *msg);\r
1301 * ts/ts_conf.c\r
1302 */\r
1303 \r
1304+#ifndef OPENSSL_NO_STDIO\r
1305 X509 *TS_CONF_load_cert(const char *file);\r
1306 STACK_OF(X509) *TS_CONF_load_certs(const char *file);\r
1307 EVP_PKEY *TS_CONF_load_key(const char *file, const char *pass);\r
1308+#endif\r
1309 const char *TS_CONF_get_tsa_section(CONF *conf, const char *section);\r
1310 int TS_CONF_set_serial(CONF *conf, const char *section, TS_serial_cb cb,\r
1311 TS_RESP_CTX *ctx);\r
1312 int TS_CONF_set_crypto_device(CONF *conf, const char *section,\r
1313 const char *device);\r
1314 int TS_CONF_set_default_engine(const char *name);\r
1315+#ifndef OPENSSL_NO_STDIO\r
1316 int TS_CONF_set_signer_cert(CONF *conf, const char *section,\r
1317 const char *cert, TS_RESP_CTX *ctx);\r
1318 int TS_CONF_set_certs(CONF *conf, const char *section, const char *certs,\r
1319@@ -744,6 +755,7 @@ int TS_CONF_set_certs(CONF *conf, const char *section, const char *certs,\r
1320 int TS_CONF_set_signer_key(CONF *conf, const char *section,\r
1321 const char *key, const char *pass,\r
1322 TS_RESP_CTX *ctx);\r
1323+#endif\r
1324 int TS_CONF_set_def_policy(CONF *conf, const char *section,\r
1325 const char *policy, TS_RESP_CTX *ctx);\r
1326 int TS_CONF_set_policies(CONF *conf, const char *section, TS_RESP_CTX *ctx);\r
1327@@ -784,6 +796,11 @@ void ERR_load_TS_strings(void);\r
1328 # define TS_F_TS_CHECK_SIGNING_CERTS 103\r
1329 # define TS_F_TS_CHECK_STATUS_INFO 104\r
1330 # define TS_F_TS_COMPUTE_IMPRINT 145\r
1331+# define TS_F_TS_CONF_INVALID 151\r
1332+# define TS_F_TS_CONF_LOAD_CERT 153\r
1333+# define TS_F_TS_CONF_LOAD_CERTS 154\r
1334+# define TS_F_TS_CONF_LOAD_KEY 155\r
1335+# define TS_F_TS_CONF_LOOKUP_FAIL 152\r
1336 # define TS_F_TS_CONF_SET_DEFAULT_ENGINE 146\r
1337 # define TS_F_TS_GET_STATUS_TEXT 105\r
1338 # define TS_F_TS_MSG_IMPRINT_SET_ALGO 118\r
1339@@ -822,6 +839,8 @@ void ERR_load_TS_strings(void);\r
1340 /* Reason codes. */\r
1341 # define TS_R_BAD_PKCS7_TYPE 132\r
1342 # define TS_R_BAD_TYPE 133\r
1343+# define TS_R_CANNOT_LOAD_CERT 137\r
1344+# define TS_R_CANNOT_LOAD_KEY 138\r
1345 # define TS_R_CERTIFICATE_VERIFY_ERROR 100\r
1346 # define TS_R_COULD_NOT_SET_ENGINE 127\r
1347 # define TS_R_COULD_NOT_SET_TIME 115\r
1348@@ -854,6 +873,8 @@ void ERR_load_TS_strings(void);\r
1349 # define TS_R_UNACCEPTABLE_POLICY 125\r
1350 # define TS_R_UNSUPPORTED_MD_ALGORITHM 126\r
1351 # define TS_R_UNSUPPORTED_VERSION 113\r
1352+# define TS_R_VAR_BAD_VALUE 135\r
1353+# define TS_R_VAR_LOOKUP_FAILURE 136\r
1354 # define TS_R_WRONG_CONTENT_TYPE 114\r
1355 \r
1356 #ifdef __cplusplus\r
1357diff --git a/crypto/ts/ts_conf.c b/crypto/ts/ts_conf.c\r
1358index 4716b23..c4416ba 100644\r
1359--- a/crypto/ts/ts_conf.c\r
1360+++ b/crypto/ts/ts_conf.c\r
1361@@ -92,6 +92,7 @@\r
1362 \r
1363 /* Function definitions for certificate and key loading. */\r
1364 \r
1365+#ifndef OPENSSL_NO_STDIO\r
1366 X509 *TS_CONF_load_cert(const char *file)\r
1367 {\r
1368 BIO *cert = NULL;\r
1369@@ -102,7 +103,7 @@ X509 *TS_CONF_load_cert(const char *file)\r
1370 x = PEM_read_bio_X509_AUX(cert, NULL, NULL, NULL);\r
1371 end:\r
1372 if (x == NULL)\r
1373- fprintf(stderr, "unable to load certificate: %s\n", file);\r
1374+ TSerr(TS_F_TS_CONF_LOAD_CERT, TS_R_CANNOT_LOAD_CERT);\r
1375 BIO_free(cert);\r
1376 return x;\r
1377 }\r
1378@@ -129,7 +130,7 @@ STACK_OF(X509) *TS_CONF_load_certs(const char *file)\r
1379 }\r
1380 end:\r
1381 if (othercerts == NULL)\r
1382- fprintf(stderr, "unable to load certificates: %s\n", file);\r
1383+ TSerr(TS_F_TS_CONF_LOAD_CERTS, TS_R_CANNOT_LOAD_CERT);\r
1384 sk_X509_INFO_pop_free(allcerts, X509_INFO_free);\r
1385 BIO_free(certs);\r
1386 return othercerts;\r
1387@@ -145,21 +146,24 @@ EVP_PKEY *TS_CONF_load_key(const char *file, const char *pass)\r
1388 pkey = PEM_read_bio_PrivateKey(key, NULL, NULL, (char *)pass);\r
1389 end:\r
1390 if (pkey == NULL)\r
1391- fprintf(stderr, "unable to load private key: %s\n", file);\r
1392+ TSerr(TS_F_TS_CONF_LOAD_KEY, TS_R_CANNOT_LOAD_KEY);\r
1393 BIO_free(key);\r
1394 return pkey;\r
1395 }\r
1396+#endif /* !OPENSSL_NO_STDIO */\r
1397 \r
1398 /* Function definitions for handling configuration options. */\r
1399 \r
1400 static void TS_CONF_lookup_fail(const char *name, const char *tag)\r
1401 {\r
1402- fprintf(stderr, "variable lookup failed for %s::%s\n", name, tag);\r
1403+ TSerr(TS_F_TS_CONF_LOOKUP_FAIL, TS_R_VAR_LOOKUP_FAILURE);\r
1404+ ERR_add_error_data(3, name, "::", tag);\r
1405 }\r
1406 \r
1407 static void TS_CONF_invalid(const char *name, const char *tag)\r
1408 {\r
1409- fprintf(stderr, "invalid variable value for %s::%s\n", name, tag);\r
1410+ TSerr(TS_F_TS_CONF_INVALID, TS_R_VAR_BAD_VALUE);\r
1411+ ERR_add_error_data(3, name, "::", tag);\r
1412 }\r
1413 \r
1414 const char *TS_CONF_get_tsa_section(CONF *conf, const char *section)\r
1415@@ -237,6 +241,7 @@ int TS_CONF_set_default_engine(const char *name)\r
1416 \r
1417 #endif\r
1418 \r
1419+#ifndef OPENSSL_NO_STDIO\r
1420 int TS_CONF_set_signer_cert(CONF *conf, const char *section,\r
1421 const char *cert, TS_RESP_CTX *ctx)\r
1422 {\r
1423@@ -302,6 +307,7 @@ int TS_CONF_set_signer_key(CONF *conf, const char *section,\r
1424 EVP_PKEY_free(key_obj);\r
1425 return ret;\r
1426 }\r
1427+#endif /* !OPENSSL_NO_STDIO */\r
1428 \r
1429 int TS_CONF_set_def_policy(CONF *conf, const char *section,\r
1430 const char *policy, TS_RESP_CTX *ctx)\r
1431diff --git a/crypto/ts/ts_err.c b/crypto/ts/ts_err.c\r
1432index ff1abf4..3f5b78f 100644\r
1433--- a/crypto/ts/ts_err.c\r
1434+++ b/crypto/ts/ts_err.c\r
1435@@ -1,6 +1,6 @@\r
1436 /* crypto/ts/ts_err.c */\r
1437 /* ====================================================================\r
1438- * Copyright (c) 1999-2007 The OpenSSL Project. All rights reserved.\r
1439+ * Copyright (c) 1999-2015 The OpenSSL Project. All rights reserved.\r
1440 *\r
1441 * Redistribution and use in source and binary forms, with or without\r
1442 * modification, are permitted provided that the following conditions\r
1443@@ -87,6 +87,11 @@ static ERR_STRING_DATA TS_str_functs[] = {\r
1444 {ERR_FUNC(TS_F_TS_CHECK_SIGNING_CERTS), "TS_CHECK_SIGNING_CERTS"},\r
1445 {ERR_FUNC(TS_F_TS_CHECK_STATUS_INFO), "TS_CHECK_STATUS_INFO"},\r
1446 {ERR_FUNC(TS_F_TS_COMPUTE_IMPRINT), "TS_COMPUTE_IMPRINT"},\r
1447+ {ERR_FUNC(TS_F_TS_CONF_INVALID), "ts_CONF_invalid"},\r
1448+ {ERR_FUNC(TS_F_TS_CONF_LOAD_CERT), "TS_CONF_load_cert"},\r
1449+ {ERR_FUNC(TS_F_TS_CONF_LOAD_CERTS), "TS_CONF_load_certs"},\r
1450+ {ERR_FUNC(TS_F_TS_CONF_LOAD_KEY), "TS_CONF_load_key"},\r
1451+ {ERR_FUNC(TS_F_TS_CONF_LOOKUP_FAIL), "ts_CONF_lookup_fail"},\r
1452 {ERR_FUNC(TS_F_TS_CONF_SET_DEFAULT_ENGINE), "TS_CONF_set_default_engine"},\r
1453 {ERR_FUNC(TS_F_TS_GET_STATUS_TEXT), "TS_GET_STATUS_TEXT"},\r
1454 {ERR_FUNC(TS_F_TS_MSG_IMPRINT_SET_ALGO), "TS_MSG_IMPRINT_set_algo"},\r
1455@@ -132,6 +137,8 @@ static ERR_STRING_DATA TS_str_functs[] = {\r
1456 static ERR_STRING_DATA TS_str_reasons[] = {\r
1457 {ERR_REASON(TS_R_BAD_PKCS7_TYPE), "bad pkcs7 type"},\r
1458 {ERR_REASON(TS_R_BAD_TYPE), "bad type"},\r
1459+ {ERR_REASON(TS_R_CANNOT_LOAD_CERT), "cannot load certificate"},\r
1460+ {ERR_REASON(TS_R_CANNOT_LOAD_KEY), "cannot load private key"},\r
1461 {ERR_REASON(TS_R_CERTIFICATE_VERIFY_ERROR), "certificate verify error"},\r
1462 {ERR_REASON(TS_R_COULD_NOT_SET_ENGINE), "could not set engine"},\r
1463 {ERR_REASON(TS_R_COULD_NOT_SET_TIME), "could not set time"},\r
1464@@ -170,6 +177,8 @@ static ERR_STRING_DATA TS_str_reasons[] = {\r
1465 {ERR_REASON(TS_R_UNACCEPTABLE_POLICY), "unacceptable policy"},\r
1466 {ERR_REASON(TS_R_UNSUPPORTED_MD_ALGORITHM), "unsupported md algorithm"},\r
1467 {ERR_REASON(TS_R_UNSUPPORTED_VERSION), "unsupported version"},\r
1468+ {ERR_REASON(TS_R_VAR_BAD_VALUE), "var bad value"},\r
1469+ {ERR_REASON(TS_R_VAR_LOOKUP_FAILURE), "cannot find config variable"},\r
1470 {ERR_REASON(TS_R_WRONG_CONTENT_TYPE), "wrong content type"},\r
1471 {0, NULL}\r
1472 };\r
1473diff --git a/crypto/ui/ui_util.c b/crypto/ui/ui_util.c\r
1474index 0f29011..80dd40e 100644\r
1475--- a/crypto/ui/ui_util.c\r
1476+++ b/crypto/ui/ui_util.c\r
1477@@ -56,6 +56,10 @@\r
1478 #include <string.h>\r
1479 #include "ui_locl.h"\r
1480 \r
1481+#ifndef BUFSIZ\r
1482+#define BUFSIZ 256\r
1483+#endif\r
1484+\r
1485 int UI_UTIL_read_pw_string(char *buf, int length, const char *prompt,\r
1486 int verify)\r
1487 {\r
1488diff --git a/crypto/x509/by_dir.c b/crypto/x509/by_dir.c\r
1489index 9ee8f8d..64b052e 100644\r
1490--- a/crypto/x509/by_dir.c\r
1491+++ b/crypto/x509/by_dir.c\r
1492@@ -69,6 +69,8 @@\r
1493 # include <sys/stat.h>\r
1494 #endif\r
1495 \r
1496+#ifndef OPENSSL_NO_STDIO\r
1497+\r
1498 #include <openssl/lhash.h>\r
1499 #include <openssl/x509.h>\r
1500 \r
1501@@ -434,3 +436,5 @@ static int get_cert_by_subject(X509_LOOKUP *xl, int type, X509_NAME *name,\r
1502 BUF_MEM_free(b);\r
1503 return (ok);\r
1504 }\r
1505+\r
1506+#endif /* OPENSSL_NO_STDIO */\r
3f73ccb3
QL		 1507diff --git a/crypto/x509/x509_vfy.c b/crypto/x509/x509_vfy.c\r
1508index 0429767..7ddc21c 100644\r
1509--- a/crypto/x509/x509_vfy.c\r
1510+++ b/crypto/x509/x509_vfy.c\r
1511@@ -940,6 +940,8 @@ static int check_crl_time(X509_STORE_CTX *ctx, X509_CRL *crl, int notify)\r
de0408be
DW		 1512 ctx->current_crl = crl;\r
1513 if (ctx->param->flags & X509_V_FLAG_USE_CHECK_TIME)\r
1514 ptime = &ctx->param->check_time;\r
1515+ else if (ctx->param->flags & X509_V_FLAG_NO_CHECK_TIME)\r
1516+ return 1;\r
1517 else\r
1518 ptime = NULL;\r
f93f78ea 1519 \r
3f73ccb3 1520@@ -1663,6 +1665,8 @@ static int check_cert_time(X509_STORE_CTX *ctx, X509 *x)\r
f93f78ea 1521 \r
de0408be
DW		 1522 if (ctx->param->flags & X509_V_FLAG_USE_CHECK_TIME)\r
1523 ptime = &ctx->param->check_time;\r
1524+ else if (ctx->param->flags & X509_V_FLAG_NO_CHECK_TIME)\r
1525+ return 1;\r
1526 else\r
1527 ptime = NULL;\r
f93f78ea 1528 \r
3f73ccb3 1529diff --git a/crypto/x509/x509_vfy.h b/crypto/x509/x509_vfy.h\r
ca6fa1fe 1530index 2663e1c..3790ef5 100644\r
3f73ccb3
QL		 1531--- a/crypto/x509/x509_vfy.h\r
1532+++ b/crypto/x509/x509_vfy.h\r
1533@@ -438,6 +438,8 @@ void X509_STORE_CTX_set_depth(X509_STORE_CTX *ctx, int depth);\r
de0408be
DW		 1534 * will force the behaviour to match that of previous versions.\r
1535 */\r
1536 # define X509_V_FLAG_NO_ALT_CHAINS 0x100000\r
1537+/* Do not check certificate/CRL validity against current time */\r
1538+# define X509_V_FLAG_NO_CHECK_TIME 0x200000\r
f93f78ea 1539 \r
de0408be
DW		 1540 # define X509_VP_FLAG_DEFAULT 0x1\r
1541 # define X509_VP_FLAG_OVERWRITE 0x2\r
ca6fa1fe
QL		 1542@@ -490,9 +492,10 @@ void X509_STORE_CTX_cleanup(X509_STORE_CTX *ctx);\r
1543 X509_STORE *X509_STORE_CTX_get0_store(X509_STORE_CTX *ctx);\r
1544 \r
1545 X509_LOOKUP *X509_STORE_add_lookup(X509_STORE *v, X509_LOOKUP_METHOD *m);\r
1546-\r
1547+#ifndef OPENSSL_NO_STDIO\r
1548 X509_LOOKUP_METHOD *X509_LOOKUP_hash_dir(void);\r
1549 X509_LOOKUP_METHOD *X509_LOOKUP_file(void);\r
1550+#endif\r
1551 \r
1552 int X509_STORE_add_cert(X509_STORE *ctx, X509 *x);\r
1553 int X509_STORE_add_crl(X509_STORE *ctx, X509_CRL *x);\r
3f73ccb3 1554diff --git a/crypto/x509v3/ext_dat.h b/crypto/x509v3/ext_dat.h\r
a62a7cc7 1555index c3a6fce..09ebbca 100644\r
3f73ccb3
QL		 1556--- a/crypto/x509v3/ext_dat.h\r
1557+++ b/crypto/x509v3/ext_dat.h\r
1558@@ -127,8 +127,10 @@ static const X509V3_EXT_METHOD *standard_exts[] = {\r
f93f78ea
QL		 1559 &v3_idp,\r
1560 &v3_alt[2],\r
1561 &v3_freshest_crl,\r
a62a7cc7 1562+#ifndef OPENSSL_NO_SCT\r
f93f78ea
QL		 1563 &v3_ct_scts[0],\r
1564 &v3_ct_scts[1],\r
1565+#endif\r
1566 };\r
1567 \r
1568 /* Number of standard extensions */\r
ca6fa1fe
QL		 1569diff --git a/crypto/x509v3/v3_pci.c b/crypto/x509v3/v3_pci.c\r
1570index 34cad53..12f12a7 100644\r
1571--- a/crypto/x509v3/v3_pci.c\r
1572+++ b/crypto/x509v3/v3_pci.c\r
1573@@ -149,6 +149,7 @@ static int process_pci_value(CONF_VALUE *val,\r
1574 goto err;\r
1575 }\r
1576 OPENSSL_free(tmp_data2);\r
1577+#ifndef OPENSSL_NO_STDIO\r
1578 } else if (strncmp(val->value, "file:", 5) == 0) {\r
1579 unsigned char buf[2048];\r
1580 int n;\r
1581@@ -181,6 +182,7 @@ static int process_pci_value(CONF_VALUE *val,\r
1582 X509V3_conf_err(val);\r
1583 goto err;\r
1584 }\r
1585+#endif /* !OPENSSL_NO_STDIO */\r
1586 } else if (strncmp(val->value, "text:", 5) == 0) {\r
1587 val_len = strlen(val->value + 5);\r
1588 tmp_data = OPENSSL_realloc((*policy)->data,\r
a62a7cc7
QL		 1589diff --git a/crypto/x509v3/v3_scts.c b/crypto/x509v3/v3_scts.c\r
1590index 0b7c681..1895b8f 100644\r
1591--- a/crypto/x509v3/v3_scts.c\r
1592+++ b/crypto/x509v3/v3_scts.c\r
1593@@ -61,6 +61,7 @@\r
1594 #include <openssl/asn1.h>\r
1595 #include <openssl/x509v3.h>\r
1596 \r
1597+#ifndef OPENSSL_NO_SCT\r
1598 /* Signature and hash algorithms from RFC 5246 */\r
1599 #define TLSEXT_hash_sha256 4\r
1600 \r
1601@@ -332,3 +333,4 @@ static int i2r_SCT_LIST(X509V3_EXT_METHOD *method, STACK_OF(SCT) *sct_list,\r
1602 \r
1603 return 1;\r
1604 }\r
1605+#endif\r
ca6fa1fe
QL		 1606diff --git a/crypto/x509v3/x509v3.h b/crypto/x509v3/x509v3.h\r
1607index f5c6156..a2e78aa 100644\r
1608--- a/crypto/x509v3/x509v3.h\r
1609+++ b/crypto/x509v3/x509v3.h\r
1610@@ -688,8 +688,9 @@ void X509V3_EXT_val_prn(BIO *out, STACK_OF(CONF_VALUE) *val, int indent,\r
1611 int ml);\r
1612 int X509V3_EXT_print(BIO *out, X509_EXTENSION *ext, unsigned long flag,\r
1613 int indent);\r
1614+#ifndef OPENSSL_NO_FP_API\r
1615 int X509V3_EXT_print_fp(FILE *out, X509_EXTENSION *ext, int flag, int indent);\r
1616-\r
1617+#endif\r
1618 int X509V3_extensions_print(BIO *out, char *title,\r
1619 STACK_OF(X509_EXTENSION) *exts,\r
1620 unsigned long flag, int indent);\r
e578aa19
QL		 1621diff --git a/demos/engines/cluster_labs/hw_cluster_labs_err.h b/demos/engines/cluster_labs/hw_cluster_labs_err.h\r
1622index 3300e11..e9e58d5 100644\r
1623--- a/demos/engines/cluster_labs/hw_cluster_labs_err.h\r
1624+++ b/demos/engines/cluster_labs/hw_cluster_labs_err.h\r
1625@@ -67,7 +67,7 @@ extern "C" {\r
1626 static void ERR_load_CL_strings(void);\r
1627 static void ERR_unload_CL_strings(void);\r
1628 static void ERR_CL_error(int function, int reason, char *file, int line);\r
1629-# define CLerr(f,r) ERR_CL_error((f),(r),__FILE__,__LINE__)\r
1630+# define CLerr(f,r) ERR_CL_error((f),(r),OPENSSL_FILE,OPENSSL_LINE)\r
1631 \r
1632 /* Error codes for the CL functions. */\r
1633 \r
1634diff --git a/demos/engines/ibmca/hw_ibmca_err.h b/demos/engines/ibmca/hw_ibmca_err.h\r
1635index c17e0c9..10d0212 100644\r
1636--- a/demos/engines/ibmca/hw_ibmca_err.h\r
1637+++ b/demos/engines/ibmca/hw_ibmca_err.h\r
1638@@ -67,7 +67,7 @@ extern "C" {\r
1639 static void ERR_load_IBMCA_strings(void);\r
1640 static void ERR_unload_IBMCA_strings(void);\r
1641 static void ERR_IBMCA_error(int function, int reason, char *file, int line);\r
1642-# define IBMCAerr(f,r) ERR_IBMCA_error((f),(r),__FILE__,__LINE__)\r
1643+# define IBMCAerr(f,r) ERR_IBMCA_error((f),(r),OPENSSL_FILE,OPENSSL_LINE)\r
1644 \r
1645 /* Error codes for the IBMCA functions. */\r
1646 \r
1647diff --git a/demos/engines/rsaref/rsaref_err.h b/demos/engines/rsaref/rsaref_err.h\r
1648index 4356815..598836f 100644\r
1649--- a/demos/engines/rsaref/rsaref_err.h\r
1650+++ b/demos/engines/rsaref/rsaref_err.h\r
1651@@ -68,7 +68,7 @@ extern "C" {\r
1652 static void ERR_load_RSAREF_strings(void);\r
1653 static void ERR_unload_RSAREF_strings(void);\r
1654 static void ERR_RSAREF_error(int function, int reason, char *file, int line);\r
1655-# define RSAREFerr(f,r) ERR_RSAREF_error((f),(r),__FILE__,__LINE__)\r
1656+# define RSAREFerr(f,r) ERR_RSAREF_error((f),(r),OPENSSL_FILE,OPENSSL_LINE)\r
1657 /* Error codes for the RSAREF functions. */\r
1658 \r
1659 /* Function codes. */\r
1660diff --git a/demos/engines/zencod/hw_zencod_err.h b/demos/engines/zencod/hw_zencod_err.h\r
1661index f4a8358..94d3293 100644\r
1662--- a/demos/engines/zencod/hw_zencod_err.h\r
1663+++ b/demos/engines/zencod/hw_zencod_err.h\r
1664@@ -67,7 +67,7 @@ extern "C" {\r
1665 static void ERR_load_ZENCOD_strings(void);\r
1666 static void ERR_unload_ZENCOD_strings(void);\r
1667 static void ERR_ZENCOD_error(int function, int reason, char *file, int line);\r
1668-# define ZENCODerr(f,r) ERR_ZENCOD_error((f),(r),__FILE__,__LINE__)\r
1669+# define ZENCODerr(f,r) ERR_ZENCOD_error((f),(r),OPENSSL_FILE,OPENSSL_LINE)\r
1670 \r
1671 /* Error codes for the ZENCOD functions. */\r
1672 \r
e94546e7
QL		 1673diff --git a/doc/crypto/X509_VERIFY_PARAM_set_flags.pod b/doc/crypto/X509_VERIFY_PARAM_set_flags.pod\r
1674index 44792f9..7f95d58 100644\r
1675--- a/doc/crypto/X509_VERIFY_PARAM_set_flags.pod\r
1676+++ b/doc/crypto/X509_VERIFY_PARAM_set_flags.pod\r
1677@@ -203,6 +203,10 @@ chain found is not trusted, then OpenSSL will continue to check to see if an\r
1678 alternative chain can be found that is trusted. With this flag set the behaviour\r
1679 will match that of OpenSSL versions prior to 1.0.2b.\r
1680 \r
1681+The B<X509_V_FLAG_NO_CHECK_TIME> flag suppresses checking the validity period\r
1682+of certificates and CRLs against the current time. If X509_VERIFY_PARAM_set_time()\r
1683+is used to specify a verification time, the check is not suppressed.\r
1684+\r
1685 =head1 NOTES\r
1686 \r
1687 The above functions should be used to manipulate verification parameters\r
e578aa19
QL		 1688diff --git a/doc/crypto/threads.pod b/doc/crypto/threads.pod\r
1689index dc0e939..fe123bb 100644\r
1690--- a/doc/crypto/threads.pod\r
1691+++ b/doc/crypto/threads.pod\r
1692@@ -51,15 +51,15 @@ CRYPTO_destroy_dynlockid, CRYPTO_lock - OpenSSL thread support\r
1693 void CRYPTO_lock(int mode, int n, const char *file, int line);\r
1694 \r
1695 #define CRYPTO_w_lock(type) \\r
1696- CRYPTO_lock(CRYPTO_LOCK|CRYPTO_WRITE,type,__FILE__,__LINE__)\r
1697+ CRYPTO_lock(CRYPTO_LOCK|CRYPTO_WRITE,type,OPENSSL_FILE,OPENSSL_LINE)\r
1698 #define CRYPTO_w_unlock(type) \\r
1699- CRYPTO_lock(CRYPTO_UNLOCK|CRYPTO_WRITE,type,__FILE__,__LINE__)\r
1700+ CRYPTO_lock(CRYPTO_UNLOCK|CRYPTO_WRITE,type,OPENSSL_FILE,OPENSSL_LINE)\r
1701 #define CRYPTO_r_lock(type) \\r
1702- CRYPTO_lock(CRYPTO_LOCK|CRYPTO_READ,type,__FILE__,__LINE__)\r
1703+ CRYPTO_lock(CRYPTO_LOCK|CRYPTO_READ,type,OPENSSL_FILE,OPENSSL_LINE)\r
1704 #define CRYPTO_r_unlock(type) \\r
1705- CRYPTO_lock(CRYPTO_UNLOCK|CRYPTO_READ,type,__FILE__,__LINE__)\r
1706+ CRYPTO_lock(CRYPTO_UNLOCK|CRYPTO_READ,type,OPENSSL_FILE,OPENSSL_LINE)\r
1707 #define CRYPTO_add(addr,amount,type) \\r
1708- CRYPTO_add_lock(addr,amount,type,__FILE__,__LINE__)\r
1709+ CRYPTO_add_lock(addr,amount,type,OPENSSL_FILE,OPENSSL_LINE)\r
1710 \r
1711 =head1 DESCRIPTION\r
1712 \r
3f73ccb3
QL		 1713diff --git a/e_os.h b/e_os.h\r
1714index 1fa36c1..3e9dae2 100644\r
1715--- a/e_os.h\r
1716+++ b/e_os.h\r
1717@@ -136,7 +136,7 @@ extern "C" {\r
97468ab9
DW		 1718 # define MSDOS\r
1719 # endif\r
1720 \r
1721-# if defined(MSDOS) && !defined(GETPID_IS_MEANINGLESS)\r
1722+# if (defined(MSDOS) || defined(OPENSSL_SYS_UEFI)) && !defined(GETPID_IS_MEANINGLESS)\r
1723 # define GETPID_IS_MEANINGLESS\r
1724 # endif\r
1725 \r
3f73ccb3
QL		 1726diff --git a/e_os2.h b/e_os2.h\r
1727index 7be9989..909e22f 100644\r
1728--- a/e_os2.h\r
1729+++ b/e_os2.h\r
1730@@ -97,7 +97,14 @@ extern "C" {\r
3b21958b
DW		 1731 * For 32 bit environment, there seems to be the CygWin environment and then\r
1732 * all the others that try to do the same thing Microsoft does...\r
1733 */\r
1734-# if defined(OPENSSL_SYSNAME_UWIN)\r
1735+/*\r
1736+ * UEFI lives here because it might be built with a Microsoft toolchain and\r
1737+ * we need to avoid the false positive match on Windows.\r
1738+ */\r
1739+# if defined(OPENSSL_SYSNAME_UEFI)\r
1740+# undef OPENSSL_SYS_UNIX\r
1741+# define OPENSSL_SYS_UEFI\r
1742+# elif defined(OPENSSL_SYSNAME_UWIN)\r
1743 # undef OPENSSL_SYS_UNIX\r
1744 # define OPENSSL_SYS_WIN32_UWIN\r
1745 # else\r
e578aa19
QL		 1746diff --git a/engines/ccgost/e_gost_err.h b/engines/ccgost/e_gost_err.h\r
1747index a2018ec..9eacdcf 100644\r
1748--- a/engines/ccgost/e_gost_err.h\r
1749+++ b/engines/ccgost/e_gost_err.h\r
1750@@ -67,7 +67,7 @@ extern "C" {\r
1751 void ERR_load_GOST_strings(void);\r
1752 void ERR_unload_GOST_strings(void);\r
1753 void ERR_GOST_error(int function, int reason, char *file, int line);\r
1754-# define GOSTerr(f,r) ERR_GOST_error((f),(r),__FILE__,__LINE__)\r
1755+# define GOSTerr(f,r) ERR_GOST_error((f),(r),OPENSSL_FILE,OPENSSL_LINE)\r
1756 \r
1757 /* Error codes for the GOST functions. */\r
1758 \r
1759diff --git a/engines/e_4758cca_err.h b/engines/e_4758cca_err.h\r
1760index 2f29d96..47a2635 100644\r
1761--- a/engines/e_4758cca_err.h\r
1762+++ b/engines/e_4758cca_err.h\r
1763@@ -67,7 +67,7 @@ extern "C" {\r
1764 static void ERR_load_CCA4758_strings(void);\r
1765 static void ERR_unload_CCA4758_strings(void);\r
1766 static void ERR_CCA4758_error(int function, int reason, char *file, int line);\r
1767-# define CCA4758err(f,r) ERR_CCA4758_error((f),(r),__FILE__,__LINE__)\r
1768+# define CCA4758err(f,r) ERR_CCA4758_error((f),(r),OPENSSL_FILE,OPENSSL_LINE)\r
1769 \r
1770 /* Error codes for the CCA4758 functions. */\r
1771 \r
1772diff --git a/engines/e_aep_err.h b/engines/e_aep_err.h\r
1773index 2ed0114..1f8fa5b 100644\r
1774--- a/engines/e_aep_err.h\r
1775+++ b/engines/e_aep_err.h\r
1776@@ -67,7 +67,7 @@ extern "C" {\r
1777 static void ERR_load_AEPHK_strings(void);\r
1778 static void ERR_unload_AEPHK_strings(void);\r
1779 static void ERR_AEPHK_error(int function, int reason, char *file, int line);\r
1780-# define AEPHKerr(f,r) ERR_AEPHK_error((f),(r),__FILE__,__LINE__)\r
1781+# define AEPHKerr(f,r) ERR_AEPHK_error((f),(r),OPENSSL_FILE,OPENSSL_LINE)\r
1782 \r
1783 /* Error codes for the AEPHK functions. */\r
1784 \r
1785diff --git a/engines/e_atalla_err.h b/engines/e_atalla_err.h\r
1786index 7b71eff..d958496 100644\r
1787--- a/engines/e_atalla_err.h\r
1788+++ b/engines/e_atalla_err.h\r
1789@@ -67,7 +67,7 @@ extern "C" {\r
1790 static void ERR_load_ATALLA_strings(void);\r
1791 static void ERR_unload_ATALLA_strings(void);\r
1792 static void ERR_ATALLA_error(int function, int reason, char *file, int line);\r
1793-# define ATALLAerr(f,r) ERR_ATALLA_error((f),(r),__FILE__,__LINE__)\r
1794+# define ATALLAerr(f,r) ERR_ATALLA_error((f),(r),OPENSSL_FILE,OPENSSL_LINE)\r
1795 \r
1796 /* Error codes for the ATALLA functions. */\r
1797 \r
1798diff --git a/engines/e_capi_err.h b/engines/e_capi_err.h\r
1799index b5d06dc..cfe46b1 100644\r
1800--- a/engines/e_capi_err.h\r
1801+++ b/engines/e_capi_err.h\r
1802@@ -67,7 +67,7 @@ extern "C" {\r
1803 static void ERR_load_CAPI_strings(void);\r
1804 static void ERR_unload_CAPI_strings(void);\r
1805 static void ERR_CAPI_error(int function, int reason, char *file, int line);\r
1806-# define CAPIerr(f,r) ERR_CAPI_error((f),(r),__FILE__,__LINE__)\r
1807+# define CAPIerr(f,r) ERR_CAPI_error((f),(r),OPENSSL_FILE,OPENSSL_LINE)\r
1808 \r
1809 /* Error codes for the CAPI functions. */\r
1810 \r
1811diff --git a/engines/e_chil_err.h b/engines/e_chil_err.h\r
1812index d86a4ce..3d961b9 100644\r
1813--- a/engines/e_chil_err.h\r
1814+++ b/engines/e_chil_err.h\r
1815@@ -67,7 +67,7 @@ extern "C" {\r
1816 static void ERR_load_HWCRHK_strings(void);\r
1817 static void ERR_unload_HWCRHK_strings(void);\r
1818 static void ERR_HWCRHK_error(int function, int reason, char *file, int line);\r
1819-# define HWCRHKerr(f,r) ERR_HWCRHK_error((f),(r),__FILE__,__LINE__)\r
1820+# define HWCRHKerr(f,r) ERR_HWCRHK_error((f),(r),OPENSSL_FILE,OPENSSL_LINE)\r
1821 \r
1822 /* Error codes for the HWCRHK functions. */\r
1823 \r
1824diff --git a/engines/e_cswift_err.h b/engines/e_cswift_err.h\r
1825index fde3a82..7c20691 100644\r
1826--- a/engines/e_cswift_err.h\r
1827+++ b/engines/e_cswift_err.h\r
1828@@ -67,7 +67,7 @@ extern "C" {\r
1829 static void ERR_load_CSWIFT_strings(void);\r
1830 static void ERR_unload_CSWIFT_strings(void);\r
1831 static void ERR_CSWIFT_error(int function, int reason, char *file, int line);\r
1832-# define CSWIFTerr(f,r) ERR_CSWIFT_error((f),(r),__FILE__,__LINE__)\r
1833+# define CSWIFTerr(f,r) ERR_CSWIFT_error((f),(r),OPENSSL_FILE,OPENSSL_LINE)\r
1834 \r
1835 /* Error codes for the CSWIFT functions. */\r
1836 \r
1837diff --git a/engines/e_gmp_err.h b/engines/e_gmp_err.h\r
1838index 637abbc..ccaf3da 100644\r
1839--- a/engines/e_gmp_err.h\r
1840+++ b/engines/e_gmp_err.h\r
1841@@ -67,7 +67,7 @@ extern "C" {\r
1842 static void ERR_load_GMP_strings(void);\r
1843 static void ERR_unload_GMP_strings(void);\r
1844 static void ERR_GMP_error(int function, int reason, char *file, int line);\r
1845-# define GMPerr(f,r) ERR_GMP_error((f),(r),__FILE__,__LINE__)\r
1846+# define GMPerr(f,r) ERR_GMP_error((f),(r),OPENSSL_FILE,OPENSSL_LINE)\r
1847 \r
1848 /* Error codes for the GMP functions. */\r
1849 \r
1850diff --git a/engines/e_nuron_err.h b/engines/e_nuron_err.h\r
1851index aa7849c..e607d3e 100644\r
1852--- a/engines/e_nuron_err.h\r
1853+++ b/engines/e_nuron_err.h\r
1854@@ -67,7 +67,7 @@ extern "C" {\r
1855 static void ERR_load_NURON_strings(void);\r
1856 static void ERR_unload_NURON_strings(void);\r
1857 static void ERR_NURON_error(int function, int reason, char *file, int line);\r
1858-# define NURONerr(f,r) ERR_NURON_error((f),(r),__FILE__,__LINE__)\r
1859+# define NURONerr(f,r) ERR_NURON_error((f),(r),OPENSSL_FILE,OPENSSL_LINE)\r
1860 \r
1861 /* Error codes for the NURON functions. */\r
1862 \r
1863diff --git a/engines/e_sureware_err.h b/engines/e_sureware_err.h\r
1864index bef8623..54f2848 100644\r
1865--- a/engines/e_sureware_err.h\r
1866+++ b/engines/e_sureware_err.h\r
1867@@ -68,7 +68,7 @@ static void ERR_load_SUREWARE_strings(void);\r
1868 static void ERR_unload_SUREWARE_strings(void);\r
1869 static void ERR_SUREWARE_error(int function, int reason, char *file,\r
1870 int line);\r
1871-# define SUREWAREerr(f,r) ERR_SUREWARE_error((f),(r),__FILE__,__LINE__)\r
1872+# define SUREWAREerr(f,r) ERR_SUREWARE_error((f),(r),OPENSSL_FILE,OPENSSL_LINE)\r
1873 \r
1874 /* Error codes for the SUREWARE functions. */\r
1875 \r
1876diff --git a/engines/e_ubsec_err.h b/engines/e_ubsec_err.h\r
1877index c8aec7c..67110ed 100644\r
1878--- a/engines/e_ubsec_err.h\r
1879+++ b/engines/e_ubsec_err.h\r
1880@@ -67,7 +67,7 @@ extern "C" {\r
1881 static void ERR_load_UBSEC_strings(void);\r
1882 static void ERR_unload_UBSEC_strings(void);\r
1883 static void ERR_UBSEC_error(int function, int reason, char *file, int line);\r
1884-# define UBSECerr(f,r) ERR_UBSEC_error((f),(r),__FILE__,__LINE__)\r
1885+# define UBSECerr(f,r) ERR_UBSEC_error((f),(r),OPENSSL_FILE,OPENSSL_LINE)\r
1886 \r
1887 /* Error codes for the UBSEC functions. */\r
1888 \r
a62a7cc7
QL		 1889diff --git a/makevms.com b/makevms.com\r
1890index f6b3ff2..1dcbe36 100755\r
1891--- a/makevms.com\r
1892+++ b/makevms.com\r
1893@@ -293,6 +293,7 @@ $ CONFIG_LOGICALS := AES,-\r
1894 RFC3779,-\r
1895 RIPEMD,-\r
1896 RSA,-\r
1897+ SCT,-\r
1898 SCTP,-\r
1899 SEED,-\r
1900 SHA,-\r
e578aa19
QL		 1901diff --git a/ssl/d1_both.c b/ssl/d1_both.c\r
1902index d1fc716..d5f661a 100644\r
1903--- a/ssl/d1_both.c\r
1904+++ b/ssl/d1_both.c\r
1905@@ -1053,7 +1053,7 @@ int dtls1_send_change_cipher_spec(SSL *s, int a, int b)\r
1906 int dtls1_read_failed(SSL *s, int code)\r
1907 {\r
1908 if (code > 0) {\r
1909- fprintf(stderr, "invalid state reached %s:%d", __FILE__, __LINE__);\r
1910+ fprintf(stderr, "dtls1_read_failed(); invalid state reached\n");\r
1911 return 1;\r
1912 }\r
1913 \r
1914diff --git a/ssl/ssl_asn1.c b/ssl/ssl_asn1.c\r
1915index 35cc27c..a1f5335 100644\r
1916--- a/ssl/ssl_asn1.c\r
1917+++ b/ssl/ssl_asn1.c\r
1918@@ -418,7 +418,7 @@ SSL_SESSION *d2i_SSL_SESSION(SSL_SESSION **a, const unsigned char **pp,\r
1919 if (ssl_version == SSL2_VERSION) {\r
1920 if (os.length != 3) {\r
1921 c.error = SSL_R_CIPHER_CODE_WRONG_LENGTH;\r
1922- c.line = __LINE__;\r
1923+ c.line = OPENSSL_LINE;\r
1924 goto err;\r
1925 }\r
1926 id = 0x02000000L |\r
1927@@ -429,14 +429,14 @@ SSL_SESSION *d2i_SSL_SESSION(SSL_SESSION **a, const unsigned char **pp,\r
1928 || ssl_version == DTLS1_BAD_VER) {\r
1929 if (os.length != 2) {\r
1930 c.error = SSL_R_CIPHER_CODE_WRONG_LENGTH;\r
1931- c.line = __LINE__;\r
1932+ c.line = OPENSSL_LINE;\r
1933 goto err;\r
1934 }\r
1935 id = 0x03000000L |\r
1936 ((unsigned long)os.data[0] << 8L) | (unsigned long)os.data[1];\r
1937 } else {\r
1938 c.error = SSL_R_UNKNOWN_SSL_VERSION;\r
1939- c.line = __LINE__;\r
1940+ c.line = OPENSSL_LINE;\r
1941 goto err;\r
1942 }\r
1943 \r
1944@@ -526,7 +526,7 @@ SSL_SESSION *d2i_SSL_SESSION(SSL_SESSION **a, const unsigned char **pp,\r
1945 if (os.data != NULL) {\r
1946 if (os.length > SSL_MAX_SID_CTX_LENGTH) {\r
1947 c.error = SSL_R_BAD_LENGTH;\r
1948- c.line = __LINE__;\r
1949+ c.line = OPENSSL_LINE;\r
1950 goto err;\r
1951 } else {\r
1952 ret->sid_ctx_length = os.length;\r
ca6fa1fe
QL		 1953diff --git a/ssl/ssl_cert.c b/ssl/ssl_cert.c\r
1954index a73f866..d534c0a 100644\r
1955--- a/ssl/ssl_cert.c\r
1956+++ b/ssl/ssl_cert.c\r
1957@@ -855,12 +855,13 @@ int SSL_CTX_add_client_CA(SSL_CTX *ctx, X509 *x)\r
1958 return (add_client_CA(&(ctx->client_CA), x));\r
1959 }\r
1960 \r
1961+#ifndef OPENSSL_NO_STDIO\r
1962+\r
1963 static int xname_cmp(const X509_NAME *const *a, const X509_NAME *const *b)\r
1964 {\r
1965 return (X509_NAME_cmp(*a, *b));\r
1966 }\r
1967 \r
1968-#ifndef OPENSSL_NO_STDIO\r
1969 /**\r
1970 * Load CA certs from a file into a ::STACK. Note that it is somewhat misnamed;\r
1971 * it doesn't really have anything to do with clients (except that a common use\r
1972@@ -928,7 +929,6 @@ STACK_OF(X509_NAME) *SSL_load_client_CA_file(const char *file)\r
1973 ERR_clear_error();\r
1974 return (ret);\r
1975 }\r
1976-#endif\r
1977 \r
1978 /**\r
1979 * Add a file of certs to a stack.\r
1980@@ -1048,6 +1048,7 @@ int SSL_add_dir_cert_subjects_to_stack(STACK_OF(X509_NAME) *stack,\r
1981 CRYPTO_w_unlock(CRYPTO_LOCK_READDIR);\r
1982 return ret;\r
1983 }\r
1984+#endif /* !OPENSSL_NO_STDIO */\r
1985 \r
1986 /* Add a certificate to a BUF_MEM structure */\r
1987 \r
1988diff --git a/ssl/ssl_conf.c b/ssl/ssl_conf.c\r
1989index 5478840..c2ad7c9 100644\r
1990--- a/ssl/ssl_conf.c\r
1991+++ b/ssl/ssl_conf.c\r
1992@@ -362,6 +362,7 @@ static int cmd_Options(SSL_CONF_CTX *cctx, const char *value)\r
1993 return CONF_parse_list(value, ',', 1, ssl_set_option_list, cctx);\r
1994 }\r
1995 \r
1996+#ifndef OPENSSL_NO_STDIO\r
1997 static int cmd_Certificate(SSL_CONF_CTX *cctx, const char *value)\r
1998 {\r
1999 int rv = 1;\r
2000@@ -428,7 +429,9 @@ static int cmd_DHParameters(SSL_CONF_CTX *cctx, const char *value)\r
2001 BIO_free(in);\r
2002 return rv > 0;\r
2003 }\r
2004-#endif\r
2005+#endif /* !OPENSSL_NO_DH */\r
2006+#endif /* !OPENSSL_NO_STDIO */\r
2007+\r
2008 typedef struct {\r
2009 int (*cmd) (SSL_CONF_CTX *cctx, const char *value);\r
2010 const char *str_file;\r
2011@@ -454,12 +457,14 @@ static const ssl_conf_cmd_tbl ssl_conf_cmds[] = {\r
2012 SSL_CONF_CMD_STRING(CipherString, "cipher"),\r
2013 SSL_CONF_CMD_STRING(Protocol, NULL),\r
2014 SSL_CONF_CMD_STRING(Options, NULL),\r
2015+#ifndef OPENSSL_NO_STDIO\r
2016 SSL_CONF_CMD(Certificate, "cert", SSL_CONF_TYPE_FILE),\r
2017 SSL_CONF_CMD(PrivateKey, "key", SSL_CONF_TYPE_FILE),\r
2018 SSL_CONF_CMD(ServerInfoFile, NULL, SSL_CONF_TYPE_FILE),\r
2019 #ifndef OPENSSL_NO_DH\r
2020 SSL_CONF_CMD(DHParameters, "dhparam", SSL_CONF_TYPE_FILE)\r
2021 #endif\r
2022+#endif\r
2023 };\r
2024 \r
2025 static int ssl_conf_cmd_skip_prefix(SSL_CONF_CTX *cctx, const char **pcmd)\r
e578aa19
QL		 2026diff --git a/ssl/t1_enc.c b/ssl/t1_enc.c\r
2027index 514fcb3..2a54cc9 100644\r
2028--- a/ssl/t1_enc.c\r
2029+++ b/ssl/t1_enc.c\r
2030@@ -780,9 +780,7 @@ int tls1_enc(SSL *s, int send)\r
2031 * we can't write into the input stream: Can this ever\r
2032 * happen?? (steve)\r
2033 */\r
2034- fprintf(stderr,\r
2035- "%s:%d: rec->data != rec->input\n",\r
2036- __FILE__, __LINE__);\r
2037+ fprintf(stderr, "tls1_enc: rec->data != rec->input\n");\r
2038 else if (RAND_bytes(rec->input, ivlen) <= 0)\r
2039 return -1;\r
2040 }\r
f0e3cd19
QL		 2041diff --git a/test/cms-test.pl b/test/cms-test.pl\r
2042index baa3b59..1ee3f02 100644\r
2043--- a/test/cms-test.pl\r
2044+++ b/test/cms-test.pl\r
2045@@ -100,6 +100,13 @@ my $no_ec2m;\r
2046 my $no_ecdh;\r
2047 my $ossl8 = `$ossl_path version -v` =~ /0\.9\.8/;\r
2048 \r
2049+system ("$ossl_path no-cms > $null_path");\r
2050+if ($? == 0)\r
2051+ {\r
2052+ print "CMS disabled\n";\r
2053+ exit 0;\r
2054+ }\r
2055+\r
2056 system ("$ossl_path no-ec > $null_path");\r
2057 if ($? == 0)\r
2058 {\r
2059diff --git a/util/libeay.num b/util/libeay.num\r
2060index 7f7487d..13b2e3a 100755\r
2061--- a/util/libeay.num\r
2062+++ b/util/libeay.num\r
2063@@ -4368,7 +4368,7 @@ DH_compute_key_padded 4732 EXIST::FUNCTION:DH\r
2064 ECDSA_METHOD_set_sign 4733 EXIST::FUNCTION:ECDSA\r
2065 CMS_RecipientEncryptedKey_cert_cmp 4734 EXIST:!VMS:FUNCTION:CMS\r
2066 CMS_RecipEncryptedKey_cert_cmp 4734 EXIST:VMS:FUNCTION:CMS\r
2067-DH_KDF_X9_42 4735 EXIST::FUNCTION:DH\r
2068+DH_KDF_X9_42 4735 EXIST::FUNCTION:CMS,DH\r
2069 RSA_OAEP_PARAMS_free 4736 EXIST::FUNCTION:RSA\r
2070 EVP_des_ede3_wrap 4737 EXIST::FUNCTION:DES\r
2071 RSA_OAEP_PARAMS_it 4738 EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:RSA\r
a62a7cc7
QL		 2072diff --git a/util/mkdef.pl b/util/mkdef.pl\r
2073index c57c7f7..d4c3386 100755\r
2074--- a/util/mkdef.pl\r
2075+++ b/util/mkdef.pl\r
2076@@ -97,6 +97,8 @@ my @known_algorithms = ( "RC2", "RC4", "RC5", "IDEA", "DES", "BF",\r
2077 "FP_API", "STDIO", "SOCK", "KRB5", "DGRAM",\r
2078 # Engines\r
2079 "STATIC_ENGINE", "ENGINE", "HW", "GMP",\r
2080+ # X.509v3 Signed Certificate Timestamps\r
2081+ "SCT",\r
2082 # RFC3779\r
2083 "RFC3779",\r
2084 # TLS\r
2085@@ -142,7 +144,7 @@ my $no_md2; my $no_md4; my $no_md5; my $no_sha; my $no_ripemd; my $no_mdc2;\r
2086 my $no_rsa; my $no_dsa; my $no_dh; my $no_hmac=0; my $no_aes; my $no_krb5;\r
2087 my $no_ec; my $no_ecdsa; my $no_ecdh; my $no_engine; my $no_hw;\r
2088 my $no_fp_api; my $no_static_engine=1; my $no_gmp; my $no_deprecated;\r
2089-my $no_rfc3779; my $no_psk; my $no_tlsext; my $no_cms; my $no_capieng;\r
2090+my $no_sct; my $no_rfc3779; my $no_psk; my $no_tlsext; my $no_cms; my $no_capieng;\r
2091 my $no_jpake; my $no_srp; my $no_ssl2; my $no_ec2m; my $no_nistp_gcc; \r
2092 my $no_nextprotoneg; my $no_sctp; my $no_srtp; my $no_ssl_trace;\r
2093 my $no_unit_test; my $no_ssl3_method;\r
2094@@ -233,6 +235,7 @@ foreach (@ARGV, split(/ /, $options))\r
2095 elsif (/^no-engine$/) { $no_engine=1; }\r
2096 elsif (/^no-hw$/) { $no_hw=1; }\r
2097 elsif (/^no-gmp$/) { $no_gmp=1; }\r
2098+ elsif (/^no-sct$/) { $no_sct=1; }\r
2099 elsif (/^no-rfc3779$/) { $no_rfc3779=1; }\r
2100 elsif (/^no-tlsext$/) { $no_tlsext=1; }\r
2101 elsif (/^no-cms$/) { $no_cms=1; }\r
2102@@ -1206,6 +1209,7 @@ sub is_valid\r
2103 if ($keyword eq "FP_API" && $no_fp_api) { return 0; }\r
2104 if ($keyword eq "STATIC_ENGINE" && $no_static_engine) { return 0; }\r
2105 if ($keyword eq "GMP" && $no_gmp) { return 0; }\r
2106+ if ($keyword eq "SCT" && $no_sct) { return 0; }\r
2107 if ($keyword eq "RFC3779" && $no_rfc3779) { return 0; }\r
2108 if ($keyword eq "TLSEXT" && $no_tlsext) { return 0; }\r
2109 if ($keyword eq "PSK" && $no_psk) { return 0; }\r
e578aa19
QL		 2110diff --git a/util/mkerr.pl b/util/mkerr.pl\r
2111index 09ebebe..cd57ade 100644\r
2112--- a/util/mkerr.pl\r
2113+++ b/util/mkerr.pl\r
2114@@ -89,7 +89,7 @@ Options:\r
2115 void ERR_load_<LIB>_strings(void);\r
2116 void ERR_unload_<LIB>_strings(void);\r
2117 void ERR_<LIB>_error(int f, int r, char *fn, int ln);\r
2118- #define <LIB>err(f,r) ERR_<LIB>_error(f,r,__FILE__,__LINE__)\r
2119+ #define <LIB>err(f,r) ERR_<LIB>_error(f,r,OPENSSL_FILE,OPENSSL_LINE)\r
2120 while the code facilitates the use of these in an environment\r
2121 where the error support routines are dynamically loaded at \r
2122 runtime.\r
2123@@ -474,7 +474,7 @@ EOF\r
2124 ${staticloader}void ERR_load_${lib}_strings(void);\r
2125 ${staticloader}void ERR_unload_${lib}_strings(void);\r
2126 ${staticloader}void ERR_${lib}_error(int function, int reason, char *file, int line);\r
2127-# define ${lib}err(f,r) ERR_${lib}_error((f),(r),__FILE__,__LINE__)\r
2128+# define ${lib}err(f,r) ERR_${lib}_error((f),(r),OPENSSL_FILE,OPENSSL_LINE)\r
2129 \r
2130 EOF\r
2131 }\r
EFI Development Kit II mirror for PVE