]> git.proxmox.com Git - mirror_edk2.git/blame - CryptoPkg/Library/OpensslLib/EDKII_openssl-1.0.2f.patch
projects / mirror_edk2.git / blame
? search:
summary | shortlog | log | commit | commitdiff | tree
blob | blame (incremental) | history | HEAD
CryptoPkg/OpensslLib: Switch to upstream fix for OpenSSL RT#3992
[mirror_edk2.git] / CryptoPkg / Library / OpensslLib / EDKII_openssl-1.0.2f.patch
CommitLineData
ca6fa1fe
QL		 1diff --git a/Configure b/Configure\r
2index 4a715dc..eb61eda 100755\r
3--- a/Configure\r
4+++ b/Configure\r
5@@ -1082,7 +1082,7 @@ if (defined($disabled{"tls1"}))\r
6 }\r
7 \r
8 if (defined($disabled{"ec"}) || defined($disabled{"dsa"})\r
9- || defined($disabled{"dh"}))\r
10+ || defined($disabled{"dh"}) || defined($disabled{"stdio"}))\r
11 {\r
12 $disabled{"gost"} = "forced";\r
13 }\r
e94546e7
QL		 14diff --git a/apps/apps.c b/apps/apps.c\r
15index 2e77805..e21e759 100644\r
16--- a/apps/apps.c\r
17+++ b/apps/apps.c\r
18@@ -2374,6 +2374,8 @@ int args_verify(char ***pargs, int *pargc,\r
19 flags |= X509_V_FLAG_PARTIAL_CHAIN;\r
20 else if (!strcmp(arg, "-no_alt_chains"))\r
21 flags |= X509_V_FLAG_NO_ALT_CHAINS;\r
22+ else if (!strcmp(arg, "-no_check_time"))\r
23+ flags |= X509_V_FLAG_NO_CHECK_TIME;\r
24 else\r
25 return 0;\r
26 \r
ca6fa1fe
QL		 27diff --git a/crypto/asn1/a_strex.c b/crypto/asn1/a_strex.c\r
28index 35fd44c..9f39bff 100644\r
29--- a/crypto/asn1/a_strex.c\r
30+++ b/crypto/asn1/a_strex.c\r
31@@ -104,6 +104,7 @@ static int send_bio_chars(void *arg, const void *buf, int len)\r
32 return 1;\r
33 }\r
34 \r
35+#ifndef OPENSSL_NO_FP_API\r
36 static int send_fp_chars(void *arg, const void *buf, int len)\r
37 {\r
38 if (!arg)\r
39@@ -112,6 +113,7 @@ static int send_fp_chars(void *arg, const void *buf, int len)\r
40 return 0;\r
41 return 1;\r
42 }\r
43+#endif\r
44 \r
45 typedef int char_io (void *arg, const void *buf, int len);\r
46 \r
e578aa19
QL		 47diff --git a/crypto/asn1/asn1_mac.h b/crypto/asn1/asn1_mac.h\r
48index abc6dc3..3a672e9 100644\r
49--- a/crypto/asn1/asn1_mac.h\r
50+++ b/crypto/asn1/asn1_mac.h\r
51@@ -70,7 +70,7 @@ extern "C" {\r
52 # endif\r
53 \r
54 # define ASN1_MAC_H_err(f,r,line) \\r
55- ERR_PUT_error(ASN1_MAC_ERR_LIB,(f),(r),__FILE__,(line))\r
56+ ERR_PUT_error(ASN1_MAC_ERR_LIB,(f),(r),OPENSSL_FILE,(line))\r
57 \r
58 # define M_ASN1_D2I_vars(a,type,func) \\r
59 ASN1_const_CTX c; \\r
60@@ -81,7 +81,7 @@ extern "C" {\r
61 c.error=ERR_R_NESTED_ASN1_ERROR; \\r
62 if ((a == NULL) || ((*a) == NULL)) \\r
63 { if ((ret=(type)func()) == NULL) \\r
64- { c.line=__LINE__; goto err; } } \\r
65+ { c.line=OPENSSL_LINE; goto err; } } \\r
66 else ret=(*a);\r
67 \r
68 # define M_ASN1_D2I_Init() \\r
69@@ -90,7 +90,7 @@ extern "C" {\r
70 \r
71 # define M_ASN1_D2I_Finish_2(a) \\r
72 if (!asn1_const_Finish(&c)) \\r
73- { c.line=__LINE__; goto err; } \\r
74+ { c.line=OPENSSL_LINE; goto err; } \\r
75 *(const unsigned char **)pp=c.p; \\r
76 if (a != NULL) (*a)=ret; \\r
77 return(ret);\r
78@@ -105,7 +105,7 @@ err:\\r
79 \r
80 # define M_ASN1_D2I_start_sequence() \\r
81 if (!asn1_GetSequence(&c,&length)) \\r
82- { c.line=__LINE__; goto err; }\r
83+ { c.line=OPENSSL_LINE; goto err; }\r
84 /* Begin reading ASN1 without a surrounding sequence */\r
85 # define M_ASN1_D2I_begin() \\r
86 c.slen = length;\r
87@@ -129,21 +129,21 @@ err:\\r
88 # define M_ASN1_D2I_get(b, func) \\r
89 c.q=c.p; \\r
90 if (func(&(b),&c.p,c.slen) == NULL) \\r
91- {c.line=__LINE__; goto err; } \\r
92+ {c.line=OPENSSL_LINE; goto err; } \\r
93 c.slen-=(c.p-c.q);\r
94 \r
95 /* Don't use this with d2i_ASN1_BOOLEAN() */\r
96 # define M_ASN1_D2I_get_x(type,b,func) \\r
97 c.q=c.p; \\r
98 if (((D2I_OF(type))func)(&(b),&c.p,c.slen) == NULL) \\r
99- {c.line=__LINE__; goto err; } \\r
100+ {c.line=OPENSSL_LINE; goto err; } \\r
101 c.slen-=(c.p-c.q);\r
102 \r
103 /* use this instead () */\r
104 # define M_ASN1_D2I_get_int(b,func) \\r
105 c.q=c.p; \\r
106 if (func(&(b),&c.p,c.slen) < 0) \\r
107- {c.line=__LINE__; goto err; } \\r
108+ {c.line=OPENSSL_LINE; goto err; } \\r
109 c.slen-=(c.p-c.q);\r
110 \r
111 # define M_ASN1_D2I_get_opt(b,func,type) \\r
112@@ -164,7 +164,7 @@ err:\\r
113 M_ASN1_next=(_tmp& V_ASN1_CONSTRUCTED)|type; \\r
114 c.q=c.p; \\r
115 if (func(&(b),&c.p,c.slen) == NULL) \\r
116- {c.line=__LINE__; M_ASN1_next_prev = _tmp; goto err; } \\r
117+ {c.line=OPENSSL_LINE; M_ASN1_next_prev = _tmp; goto err; } \\r
118 c.slen-=(c.p-c.q);\\r
119 M_ASN1_next_prev=_tmp;\r
120 \r
121@@ -258,20 +258,20 @@ err:\\r
122 c.q=c.p; \\r
123 if (d2i_ASN1_SET(&(r),&c.p,c.slen,(char *(*)())func,\\r
124 (void (*)())free_func,a,b) == NULL) \\r
125- { c.line=__LINE__; goto err; } \\r
126+ { c.line=OPENSSL_LINE; goto err; } \\r
127 c.slen-=(c.p-c.q);\r
128 \r
129 # define M_ASN1_D2I_get_imp_set_type(type,r,func,free_func,a,b) \\r
130 c.q=c.p; \\r
131 if (d2i_ASN1_SET_OF_##type(&(r),&c.p,c.slen,func,\\r
132 free_func,a,b) == NULL) \\r
133- { c.line=__LINE__; goto err; } \\r
134+ { c.line=OPENSSL_LINE; goto err; } \\r
135 c.slen-=(c.p-c.q);\r
136 \r
137 # define M_ASN1_D2I_get_set_strings(r,func,a,b) \\r
138 c.q=c.p; \\r
139 if (d2i_ASN1_STRING_SET(&(r),&c.p,c.slen,a,b) == NULL) \\r
140- { c.line=__LINE__; goto err; } \\r
141+ { c.line=OPENSSL_LINE; goto err; } \\r
142 c.slen-=(c.p-c.q);\r
143 \r
144 # define M_ASN1_D2I_get_EXP_opt(r,func,tag) \\r
145@@ -285,16 +285,16 @@ err:\\r
146 Tinf=ASN1_get_object(&c.p,&Tlen,&Ttag,&Tclass,c.slen); \\r
147 if (Tinf & 0x80) \\r
148 { c.error=ERR_R_BAD_ASN1_OBJECT_HEADER; \\r
149- c.line=__LINE__; goto err; } \\r
150+ c.line=OPENSSL_LINE; goto err; } \\r
151 if (Tinf == (V_ASN1_CONSTRUCTED+1)) \\r
152 Tlen = c.slen - (c.p - c.q) - 2; \\r
153 if (func(&(r),&c.p,Tlen) == NULL) \\r
154- { c.line=__LINE__; goto err; } \\r
155+ { c.line=OPENSSL_LINE; goto err; } \\r
156 if (Tinf == (V_ASN1_CONSTRUCTED+1)) { \\r
157 Tlen = c.slen - (c.p - c.q); \\r
158 if(!ASN1_const_check_infinite_end(&c.p, Tlen)) \\r
159 { c.error=ERR_R_MISSING_ASN1_EOS; \\r
160- c.line=__LINE__; goto err; } \\r
161+ c.line=OPENSSL_LINE; goto err; } \\r
162 }\\r
163 c.slen-=(c.p-c.q); \\r
164 }\r
165@@ -310,18 +310,18 @@ err:\\r
166 Tinf=ASN1_get_object(&c.p,&Tlen,&Ttag,&Tclass,c.slen); \\r
167 if (Tinf & 0x80) \\r
168 { c.error=ERR_R_BAD_ASN1_OBJECT_HEADER; \\r
169- c.line=__LINE__; goto err; } \\r
170+ c.line=OPENSSL_LINE; goto err; } \\r
171 if (Tinf == (V_ASN1_CONSTRUCTED+1)) \\r
172 Tlen = c.slen - (c.p - c.q) - 2; \\r
173 if (d2i_ASN1_SET(&(r),&c.p,Tlen,(char *(*)())func, \\r
174 (void (*)())free_func, \\r
175 b,V_ASN1_UNIVERSAL) == NULL) \\r
176- { c.line=__LINE__; goto err; } \\r
177+ { c.line=OPENSSL_LINE; goto err; } \\r
178 if (Tinf == (V_ASN1_CONSTRUCTED+1)) { \\r
179 Tlen = c.slen - (c.p - c.q); \\r
180 if(!ASN1_check_infinite_end(&c.p, Tlen)) \\r
181 { c.error=ERR_R_MISSING_ASN1_EOS; \\r
182- c.line=__LINE__; goto err; } \\r
183+ c.line=OPENSSL_LINE; goto err; } \\r
184 }\\r
185 c.slen-=(c.p-c.q); \\r
186 }\r
187@@ -337,17 +337,17 @@ err:\\r
188 Tinf=ASN1_get_object(&c.p,&Tlen,&Ttag,&Tclass,c.slen); \\r
189 if (Tinf & 0x80) \\r
190 { c.error=ERR_R_BAD_ASN1_OBJECT_HEADER; \\r
191- c.line=__LINE__; goto err; } \\r
192+ c.line=OPENSSL_LINE; goto err; } \\r
193 if (Tinf == (V_ASN1_CONSTRUCTED+1)) \\r
194 Tlen = c.slen - (c.p - c.q) - 2; \\r
195 if (d2i_ASN1_SET_OF_##type(&(r),&c.p,Tlen,func, \\r
196 free_func,b,V_ASN1_UNIVERSAL) == NULL) \\r
197- { c.line=__LINE__; goto err; } \\r
198+ { c.line=OPENSSL_LINE; goto err; } \\r
199 if (Tinf == (V_ASN1_CONSTRUCTED+1)) { \\r
200 Tlen = c.slen - (c.p - c.q); \\r
201 if(!ASN1_check_infinite_end(&c.p, Tlen)) \\r
202 { c.error=ERR_R_MISSING_ASN1_EOS; \\r
203- c.line=__LINE__; goto err; } \\r
204+ c.line=OPENSSL_LINE; goto err; } \\r
205 }\\r
206 c.slen-=(c.p-c.q); \\r
207 }\r
208@@ -355,7 +355,7 @@ err:\\r
209 /* New macros */\r
210 # define M_ASN1_New_Malloc(ret,type) \\r
211 if ((ret=(type *)OPENSSL_malloc(sizeof(type))) == NULL) \\r
212- { c.line=__LINE__; goto err2; }\r
213+ { c.line=OPENSSL_LINE; goto err2; }\r
214 \r
215 # define M_ASN1_New(arg,func) \\r
216 if (((arg)=func()) == NULL) return(NULL)\r
b9dbddd8
QL		 217diff --git a/crypto/bn/bn_prime.c b/crypto/bn/bn_prime.c\r
218index 1d25687..e933ead 100644\r
219--- a/crypto/bn/bn_prime.c\r
220+++ b/crypto/bn/bn_prime.c\r
221@@ -131,7 +131,7 @@\r
222 static int witness(BIGNUM *w, const BIGNUM *a, const BIGNUM *a1,\r
223 const BIGNUM *a1_odd, int k, BN_CTX *ctx,\r
224 BN_MONT_CTX *mont);\r
225-static int probable_prime(BIGNUM *rnd, int bits);\r
226+static int probable_prime(BIGNUM *rnd, int bits, prime_t *mods);\r
227 static int probable_prime_dh(BIGNUM *rnd, int bits,\r
228 const BIGNUM *add, const BIGNUM *rem,\r
229 BN_CTX *ctx);\r
230@@ -166,9 +166,13 @@ int BN_generate_prime_ex(BIGNUM *ret, int bits, int safe,\r
231 BIGNUM *t;\r
232 int found = 0;\r
233 int i, j, c1 = 0;\r
234- BN_CTX *ctx;\r
235+ BN_CTX *ctx = NULL;\r
236+ prime_t *mods = NULL;\r
237 int checks = BN_prime_checks_for_size(bits);\r
238 \r
239+ mods = OPENSSL_malloc(sizeof(*mods) * NUMPRIMES);\r
240+ if (mods == NULL)\r
241+ goto err;\r
242 ctx = BN_CTX_new();\r
243 if (ctx == NULL)\r
244 goto err;\r
245@@ -179,7 +183,7 @@ int BN_generate_prime_ex(BIGNUM *ret, int bits, int safe,\r
246 loop:\r
247 /* make a random number and set the top and bottom bits */\r
248 if (add == NULL) {\r
249- if (!probable_prime(ret, bits))\r
250+ if (!probable_prime(ret, bits, mods))\r
251 goto err;\r
252 } else {\r
253 if (safe) {\r
254@@ -230,6 +234,7 @@ int BN_generate_prime_ex(BIGNUM *ret, int bits, int safe,\r
255 /* we have a prime :-) */\r
256 found = 1;\r
257 err:\r
258+ OPENSSL_free(mods);\r
259 if (ctx != NULL) {\r
260 BN_CTX_end(ctx);\r
261 BN_CTX_free(ctx);\r
262@@ -375,10 +380,9 @@ static int witness(BIGNUM *w, const BIGNUM *a, const BIGNUM *a1,\r
263 return 1;\r
264 }\r
265 \r
266-static int probable_prime(BIGNUM *rnd, int bits)\r
267+static int probable_prime(BIGNUM *rnd, int bits, prime_t *mods)\r
268 {\r
269 int i;\r
270- prime_t mods[NUMPRIMES];\r
271 BN_ULONG delta, maxdelta;\r
272 \r
273 again:\r
ca6fa1fe
QL		 274diff --git a/crypto/conf/conf.h b/crypto/conf/conf.h\r
275index 8d926d5..41cf38e 100644\r
276--- a/crypto/conf/conf.h\r
277+++ b/crypto/conf/conf.h\r
278@@ -118,8 +118,10 @@ typedef void conf_finish_func (CONF_IMODULE *md);\r
279 \r
280 int CONF_set_default_method(CONF_METHOD *meth);\r
281 void CONF_set_nconf(CONF *conf, LHASH_OF(CONF_VALUE) *hash);\r
282+# ifndef OPENSSL_NO_STDIO\r
283 LHASH_OF(CONF_VALUE) *CONF_load(LHASH_OF(CONF_VALUE) *conf, const char *file,\r
284 long *eline);\r
285+# endif\r
286 # ifndef OPENSSL_NO_FP_API\r
287 LHASH_OF(CONF_VALUE) *CONF_load_fp(LHASH_OF(CONF_VALUE) *conf, FILE *fp,\r
288 long *eline);\r
289@@ -133,7 +135,9 @@ char *CONF_get_string(LHASH_OF(CONF_VALUE) *conf, const char *group,\r
290 long CONF_get_number(LHASH_OF(CONF_VALUE) *conf, const char *group,\r
291 const char *name);\r
292 void CONF_free(LHASH_OF(CONF_VALUE) *conf);\r
293+#ifndef OPENSSL_NO_FP_API\r
294 int CONF_dump_fp(LHASH_OF(CONF_VALUE) *conf, FILE *out);\r
295+#endif\r
296 int CONF_dump_bio(LHASH_OF(CONF_VALUE) *conf, BIO *out);\r
297 \r
298 void OPENSSL_config(const char *config_name);\r
299@@ -160,7 +164,9 @@ CONF_METHOD *NCONF_XML(void);\r
300 void NCONF_free(CONF *conf);\r
301 void NCONF_free_data(CONF *conf);\r
302 \r
303+# ifndef OPENSSL_NO_STDIO\r
304 int NCONF_load(CONF *conf, const char *file, long *eline);\r
305+# endif\r
306 # ifndef OPENSSL_NO_FP_API\r
307 int NCONF_load_fp(CONF *conf, FILE *fp, long *eline);\r
f93f78ea 308 # endif\r
ca6fa1fe
QL		 309@@ -170,7 +176,9 @@ STACK_OF(CONF_VALUE) *NCONF_get_section(const CONF *conf,\r
310 char *NCONF_get_string(const CONF *conf, const char *group, const char *name);\r
311 int NCONF_get_number_e(const CONF *conf, const char *group, const char *name,\r
312 long *result);\r
313+#ifndef OPENSSL_NO_FP_API\r
314 int NCONF_dump_fp(const CONF *conf, FILE *out);\r
315+#endif\r
316 int NCONF_dump_bio(const CONF *conf, BIO *out);\r
317 \r
318 # if 0 /* The following function has no error\r
319@@ -184,8 +192,10 @@ long NCONF_get_number(CONF *conf, char *group, char *name);\r
320 \r
321 int CONF_modules_load(const CONF *cnf, const char *appname,\r
322 unsigned long flags);\r
323+#ifndef OPENSSL_NO_STDIO\r
324 int CONF_modules_load_file(const char *filename, const char *appname,\r
325 unsigned long flags);\r
326+#endif\r
327 void CONF_modules_unload(int all);\r
328 void CONF_modules_finish(void);\r
329 void CONF_modules_free(void);\r
330diff --git a/crypto/conf/conf_def.c b/crypto/conf/conf_def.c\r
331index 68c77ce..3d308c7 100644\r
332--- a/crypto/conf/conf_def.c\r
333+++ b/crypto/conf/conf_def.c\r
334@@ -182,6 +182,10 @@ static int def_destroy_data(CONF *conf)\r
335 \r
336 static int def_load(CONF *conf, const char *name, long *line)\r
337 {\r
338+#ifdef OPENSSL_NO_STDIO\r
339+ CONFerr(CONF_F_DEF_LOAD, ERR_R_SYS_LIB);\r
340+ return 0;\r
341+#else\r
342 int ret;\r
343 BIO *in = NULL;\r
344 \r
345@@ -202,6 +206,7 @@ static int def_load(CONF *conf, const char *name, long *line)\r
346 BIO_free(in);\r
347 \r
348 return ret;\r
349+#endif\r
f93f78ea
QL		 350 }\r
351 \r
ca6fa1fe
QL		 352 static int def_load_bio(CONF *conf, BIO *in, long *line)\r
353diff --git a/crypto/conf/conf_lib.c b/crypto/conf/conf_lib.c\r
354index 5281384..952b545 100644\r
355--- a/crypto/conf/conf_lib.c\r
356+++ b/crypto/conf/conf_lib.c\r
357@@ -90,6 +90,7 @@ int CONF_set_default_method(CONF_METHOD *meth)\r
358 return 1;\r
359 }\r
360 \r
361+#ifndef OPENSSL_NO_STDIO\r
362 LHASH_OF(CONF_VALUE) *CONF_load(LHASH_OF(CONF_VALUE) *conf, const char *file,\r
363 long *eline)\r
364 {\r
365@@ -111,6 +112,7 @@ LHASH_OF(CONF_VALUE) *CONF_load(LHASH_OF(CONF_VALUE) *conf, const char *file,\r
366 \r
367 return ltmp;\r
368 }\r
369+#endif\r
370 \r
371 #ifndef OPENSSL_NO_FP_API\r
372 LHASH_OF(CONF_VALUE) *CONF_load_fp(LHASH_OF(CONF_VALUE) *conf, FILE *fp,\r
373@@ -255,6 +257,7 @@ void NCONF_free_data(CONF *conf)\r
374 conf->meth->destroy_data(conf);\r
375 }\r
376 \r
377+#ifndef OPENSSL_NO_STDIO\r
378 int NCONF_load(CONF *conf, const char *file, long *eline)\r
379 {\r
380 if (conf == NULL) {\r
381@@ -264,6 +267,7 @@ int NCONF_load(CONF *conf, const char *file, long *eline)\r
382 \r
383 return conf->meth->load(conf, file, eline);\r
384 }\r
385+#endif\r
386 \r
387 #ifndef OPENSSL_NO_FP_API\r
388 int NCONF_load_fp(CONF *conf, FILE *fp, long *eline)\r
389diff --git a/crypto/conf/conf_mod.c b/crypto/conf/conf_mod.c\r
390index 9acfca4..5e0a482 100644\r
391--- a/crypto/conf/conf_mod.c\r
392+++ b/crypto/conf/conf_mod.c\r
393@@ -159,6 +159,7 @@ int CONF_modules_load(const CONF *cnf, const char *appname,\r
f93f78ea 394 \r
ca6fa1fe
QL		 395 }\r
396 \r
397+#ifndef OPENSSL_NO_STDIO\r
398 int CONF_modules_load_file(const char *filename, const char *appname,\r
399 unsigned long flags)\r
400 {\r
401@@ -194,6 +195,7 @@ int CONF_modules_load_file(const char *filename, const char *appname,\r
402 \r
403 return ret;\r
404 }\r
405+#endif\r
406 \r
407 static int module_run(const CONF *cnf, char *name, char *value,\r
408 unsigned long flags)\r
409diff --git a/crypto/conf/conf_sap.c b/crypto/conf/conf_sap.c\r
410index c042cf2..a25b636 100644\r
411--- a/crypto/conf/conf_sap.c\r
412+++ b/crypto/conf/conf_sap.c\r
413@@ -87,9 +87,11 @@ void OPENSSL_config(const char *config_name)\r
414 ENGINE_load_builtin_engines();\r
415 #endif\r
416 ERR_clear_error();\r
417+#ifndef OPENSSL_NO_STDIO\r
418 CONF_modules_load_file(NULL, config_name,\r
419 CONF_MFLAGS_DEFAULT_SECTION |\r
420 CONF_MFLAGS_IGNORE_MISSING_FILE);\r
421+#endif\r
422 openssl_configured = 1;\r
423 }\r
424 \r
425diff --git a/crypto/cryptlib.c b/crypto/cryptlib.c\r
e578aa19 426index c9f674b..39ead7f 100644\r
ca6fa1fe
QL		 427--- a/crypto/cryptlib.c\r
428+++ b/crypto/cryptlib.c\r
e578aa19
QL		 429@@ -263,7 +263,7 @@ int CRYPTO_get_new_dynlockid(void)\r
430 return (0);\r
431 }\r
432 pointer->references = 1;\r
433- pointer->data = dynlock_create_callback(__FILE__, __LINE__);\r
434+ pointer->data = dynlock_create_callback(OPENSSL_FILE, OPENSSL_LINE);\r
435 if (pointer->data == NULL) {\r
436 OPENSSL_free(pointer);\r
437 CRYPTOerr(CRYPTO_F_CRYPTO_GET_NEW_DYNLOCKID, ERR_R_MALLOC_FAILURE);\r
438@@ -289,7 +289,7 @@ int CRYPTO_get_new_dynlockid(void)\r
439 CRYPTO_w_unlock(CRYPTO_LOCK_DYNLOCK);\r
440 \r
441 if (i == -1) {\r
442- dynlock_destroy_callback(pointer->data, __FILE__, __LINE__);\r
443+ dynlock_destroy_callback(pointer->data, OPENSSL_FILE, OPENSSL_LINE);\r
444 OPENSSL_free(pointer);\r
445 } else\r
446 i += 1; /* to avoid 0 */\r
447@@ -328,7 +328,7 @@ void CRYPTO_destroy_dynlockid(int i)\r
448 CRYPTO_w_unlock(CRYPTO_LOCK_DYNLOCK);\r
449 \r
450 if (pointer) {\r
451- dynlock_destroy_callback(pointer->data, __FILE__, __LINE__);\r
452+ dynlock_destroy_callback(pointer->data, OPENSSL_FILE, OPENSSL_LINE);\r
453 OPENSSL_free(pointer);\r
454 }\r
455 }\r
ca6fa1fe
QL		 456@@ -670,6 +670,7 @@ unsigned long *OPENSSL_ia32cap_loc(void)\r
457 }\r
458 \r
459 # if defined(OPENSSL_CPUID_OBJ) && !defined(OPENSSL_NO_ASM) && !defined(I386_ONLY)\r
460+#include <stdio.h>\r
461 # define OPENSSL_CPUID_SETUP\r
462 # if defined(_WIN32)\r
463 typedef unsigned __int64 IA32CAP;\r
464@@ -980,11 +981,13 @@ void OPENSSL_showfatal(const char *fmta, ...)\r
465 #else\r
466 void OPENSSL_showfatal(const char *fmta, ...)\r
467 {\r
468+#ifndef OPENSSL_NO_STDIO\r
469 va_list ap;\r
470 \r
471 va_start(ap, fmta);\r
472 vfprintf(stderr, fmta, ap);\r
473 va_end(ap);\r
474+#endif\r
475 }\r
476 \r
477 int OPENSSL_isservice(void)\r
478@@ -1011,10 +1014,12 @@ void OpenSSLDie(const char *file, int line, const char *assertion)\r
479 #endif\r
480 }\r
481 \r
482+#ifndef OPENSSL_NO_STDIO\r
483 void *OPENSSL_stderr(void)\r
484 {\r
485 return stderr;\r
486 }\r
487+#endif\r
488 \r
489 int CRYPTO_memcmp(const void *in_a, const void *in_b, size_t len)\r
490 {\r
491diff --git a/crypto/cryptlib.h b/crypto/cryptlib.h\r
492index fba180a..3e3ea5e 100644\r
493--- a/crypto/cryptlib.h\r
494+++ b/crypto/cryptlib.h\r
495@@ -101,7 +101,9 @@ extern "C" {\r
496 void OPENSSL_cpuid_setup(void);\r
497 extern unsigned int OPENSSL_ia32cap_P[];\r
498 void OPENSSL_showfatal(const char *fmta, ...);\r
499+#ifndef OPENSSL_NO_STDIO\r
500 void *OPENSSL_stderr(void);\r
501+#endif\r
502 extern int OPENSSL_NONPIC_relocated;\r
503 \r
504 #ifdef __cplusplus\r
3f73ccb3 505diff --git a/crypto/crypto.h b/crypto/crypto.h\r
e578aa19 506index c450d7a..063d78e 100644\r
3f73ccb3
QL		 507--- a/crypto/crypto.h\r
508+++ b/crypto/crypto.h\r
509@@ -235,15 +235,15 @@ typedef struct openssl_item_st {\r
510 # ifndef OPENSSL_NO_LOCKING\r
511 # ifndef CRYPTO_w_lock\r
512 # define CRYPTO_w_lock(type) \\r
513- CRYPTO_lock(CRYPTO_LOCK|CRYPTO_WRITE,type,__FILE__,__LINE__)\r
e578aa19 514+ CRYPTO_lock(CRYPTO_LOCK|CRYPTO_WRITE,type,OPENSSL_FILE,OPENSSL_LINE)\r
3f73ccb3
QL		 515 # define CRYPTO_w_unlock(type) \\r
516- CRYPTO_lock(CRYPTO_UNLOCK|CRYPTO_WRITE,type,__FILE__,__LINE__)\r
e578aa19 517+ CRYPTO_lock(CRYPTO_UNLOCK|CRYPTO_WRITE,type,OPENSSL_FILE,OPENSSL_LINE)\r
3f73ccb3
QL		 518 # define CRYPTO_r_lock(type) \\r
519- CRYPTO_lock(CRYPTO_LOCK|CRYPTO_READ,type,__FILE__,__LINE__)\r
e578aa19 520+ CRYPTO_lock(CRYPTO_LOCK|CRYPTO_READ,type,OPENSSL_FILE,OPENSSL_LINE)\r
3f73ccb3
QL		 521 # define CRYPTO_r_unlock(type) \\r
522- CRYPTO_lock(CRYPTO_UNLOCK|CRYPTO_READ,type,__FILE__,__LINE__)\r
e578aa19 523+ CRYPTO_lock(CRYPTO_UNLOCK|CRYPTO_READ,type,OPENSSL_FILE,OPENSSL_LINE)\r
3f73ccb3
QL		 524 # define CRYPTO_add(addr,amount,type) \\r
525- CRYPTO_add_lock(addr,amount,type,__FILE__,__LINE__)\r
e578aa19 526+ CRYPTO_add_lock(addr,amount,type,OPENSSL_FILE,OPENSSL_LINE)\r
3f73ccb3
QL		 527 # endif\r
528 # else\r
529 # define CRYPTO_w_lock(a)\r
530@@ -378,19 +378,19 @@ int CRYPTO_is_mem_check_on(void);\r
531 # define MemCheck_off() CRYPTO_mem_ctrl(CRYPTO_MEM_CHECK_DISABLE)\r
532 # define is_MemCheck_on() CRYPTO_is_mem_check_on()\r
533 \r
534-# define OPENSSL_malloc(num) CRYPTO_malloc((int)num,__FILE__,__LINE__)\r
535-# define OPENSSL_strdup(str) CRYPTO_strdup((str),__FILE__,__LINE__)\r
e578aa19
QL		 536+# define OPENSSL_malloc(num) CRYPTO_malloc((int)num,OPENSSL_FILE,OPENSSL_LINE)\r
537+# define OPENSSL_strdup(str) CRYPTO_strdup((str),OPENSSL_FILE,OPENSSL_LINE)\r
3f73ccb3
QL		 538 # define OPENSSL_realloc(addr,num) \\r
539- CRYPTO_realloc((char *)addr,(int)num,__FILE__,__LINE__)\r
e578aa19 540+ CRYPTO_realloc((char *)addr,(int)num,OPENSSL_FILE,OPENSSL_LINE)\r
3f73ccb3
QL		 541 # define OPENSSL_realloc_clean(addr,old_num,num) \\r
542- CRYPTO_realloc_clean(addr,old_num,num,__FILE__,__LINE__)\r
e578aa19 543+ CRYPTO_realloc_clean(addr,old_num,num,OPENSSL_FILE,OPENSSL_LINE)\r
3f73ccb3
QL		 544 # define OPENSSL_remalloc(addr,num) \\r
545- CRYPTO_remalloc((char **)addr,(int)num,__FILE__,__LINE__)\r
e578aa19 546+ CRYPTO_remalloc((char **)addr,(int)num,OPENSSL_FILE,OPENSSL_LINE)\r
3f73ccb3
QL		 547 # define OPENSSL_freeFunc CRYPTO_free\r
548 # define OPENSSL_free(addr) CRYPTO_free(addr)\r
549 \r
550 # define OPENSSL_malloc_locked(num) \\r
551- CRYPTO_malloc_locked((int)num,__FILE__,__LINE__)\r
e578aa19 552+ CRYPTO_malloc_locked((int)num,OPENSSL_FILE,OPENSSL_LINE)\r
3f73ccb3
QL		 553 # define OPENSSL_free_locked(addr) CRYPTO_free_locked(addr)\r
554 \r
555 const char *SSLeay_version(int type);\r
556@@ -545,7 +545,7 @@ void CRYPTO_set_mem_debug_options(long bits);\r
557 long CRYPTO_get_mem_debug_options(void);\r
558 \r
559 # define CRYPTO_push_info(info) \\r
560- CRYPTO_push_info_(info, __FILE__, __LINE__);\r
e578aa19 561+ CRYPTO_push_info_(info, OPENSSL_FILE, OPENSSL_LINE);\r
3f73ccb3
QL		 562 int CRYPTO_push_info_(const char *info, const char *file, int line);\r
563 int CRYPTO_pop_info(void);\r
564 int CRYPTO_remove_all_info(void);\r
565@@ -588,7 +588,7 @@ void CRYPTO_mem_leaks_cb(CRYPTO_MEM_LEAK_CB *cb);\r
566 \r
567 /* die if we have to */\r
568 void OpenSSLDie(const char *file, int line, const char *assertion);\r
569-# define OPENSSL_assert(e) (void)((e) ? 0 : (OpenSSLDie(__FILE__, __LINE__, #e),1))\r
e578aa19 570+# define OPENSSL_assert(e) (void)((e) ? 0 : (OpenSSLDie(OPENSSL_FILE, OPENSSL_LINE, #e),1))\r
3f73ccb3
QL		 571 \r
572 unsigned long *OPENSSL_ia32cap_loc(void);\r
573 # define OPENSSL_ia32cap (*(OPENSSL_ia32cap_loc()))\r
574@@ -605,14 +605,14 @@ void OPENSSL_init(void);\r
575 # define fips_md_init_ctx(alg, cx) \\r
576 int alg##_Init(cx##_CTX *c) \\r
577 { \\r
578- if (FIPS_mode()) OpenSSLDie(__FILE__, __LINE__, \\r
e578aa19 579+ if (FIPS_mode()) OpenSSLDie(OPENSSL_FILE, OPENSSL_LINE, \\r
3f73ccb3
QL		 580 "Low level API call to digest " #alg " forbidden in FIPS mode!"); \\r
581 return private_##alg##_Init(c); \\r
582 } \\r
583 int private_##alg##_Init(cx##_CTX *c)\r
584 \r
585 # define fips_cipher_abort(alg) \\r
586- if (FIPS_mode()) OpenSSLDie(__FILE__, __LINE__, \\r
e578aa19 587+ if (FIPS_mode()) OpenSSLDie(OPENSSL_FILE, OPENSSL_LINE, \\r
3f73ccb3
QL		 588 "Low level API call to cipher " #alg " forbidden in FIPS mode!")\r
589 \r
590 # else\r
ca6fa1fe
QL		 591diff --git a/crypto/des/read2pwd.c b/crypto/des/read2pwd.c\r
592index 01e275f..7633139 100644\r
593--- a/crypto/des/read2pwd.c\r
594+++ b/crypto/des/read2pwd.c\r
595@@ -114,6 +114,10 @@\r
596 #include <openssl/ui.h>\r
597 #include <openssl/crypto.h>\r
598 \r
599+#ifndef BUFSIZ\r
600+#define BUFSIZ 256\r
601+#endif\r
602+\r
603 int DES_read_password(DES_cblock *key, const char *prompt, int verify)\r
604 {\r
605 int ok;\r
f0e3cd19
QL		 606diff --git a/crypto/dh/Makefile b/crypto/dh/Makefile\r
607index 46fa5ac..cc366ec 100644\r
608--- a/crypto/dh/Makefile\r
609+++ b/crypto/dh/Makefile\r
610@@ -134,7 +134,7 @@ dh_gen.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h\r
611 dh_gen.o: ../../include/openssl/ossl_typ.h ../../include/openssl/safestack.h\r
612 dh_gen.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h\r
613 dh_gen.o: ../cryptlib.h dh_gen.c\r
614-dh_kdf.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h\r
615+dh_kdf.o: ../../e_os.h ../../include/openssl/asn1.h ../../include/openssl/bio.h\r
616 dh_kdf.o: ../../include/openssl/buffer.h ../../include/openssl/cms.h\r
617 dh_kdf.o: ../../include/openssl/crypto.h ../../include/openssl/dh.h\r
618 dh_kdf.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h\r
619diff --git a/crypto/dh/dh.h b/crypto/dh/dh.h\r
620index 5498a9d..4a5c665 100644\r
621--- a/crypto/dh/dh.h\r
622+++ b/crypto/dh/dh.h\r
623@@ -240,11 +240,13 @@ DH *DH_get_1024_160(void);\r
624 DH *DH_get_2048_224(void);\r
625 DH *DH_get_2048_256(void);\r
626 \r
627+# ifndef OPENSSL_NO_CMS\r
628 /* RFC2631 KDF */\r
629 int DH_KDF_X9_42(unsigned char *out, size_t outlen,\r
630 const unsigned char *Z, size_t Zlen,\r
631 ASN1_OBJECT *key_oid,\r
632 const unsigned char *ukm, size_t ukmlen, const EVP_MD *md);\r
633+# endif\r
634 \r
635 # define EVP_PKEY_CTX_set_dh_paramgen_prime_len(ctx, len) \\r
636 EVP_PKEY_CTX_ctrl(ctx, EVP_PKEY_DH, EVP_PKEY_OP_PARAMGEN, \\r
637@@ -337,7 +339,9 @@ int DH_KDF_X9_42(unsigned char *out, size_t outlen,\r
638 \r
639 /* KDF types */\r
640 # define EVP_PKEY_DH_KDF_NONE 1\r
641+# ifndef OPENSSL_NO_CMS\r
642 # define EVP_PKEY_DH_KDF_X9_42 2\r
643+# endif\r
644 \r
645 /* BEGIN ERROR CODES */\r
646 /*\r
647diff --git a/crypto/dh/dh_kdf.c b/crypto/dh/dh_kdf.c\r
648index a882cb2..4eddb9a 100644\r
649--- a/crypto/dh/dh_kdf.c\r
650+++ b/crypto/dh/dh_kdf.c\r
651@@ -51,13 +51,18 @@\r
652 * ====================================================================\r
653 */\r
654 \r
655+#include <e_os.h>\r
656+\r
657+#ifndef OPENSSL_NO_CMS\r
658 #include <string.h>\r
659 #include <openssl/dh.h>\r
660 #include <openssl/evp.h>\r
661 #include <openssl/asn1.h>\r
662 #include <openssl/cms.h>\r
663 \r
664+\r
665 /* Key derivation from X9.42/RFC2631 */\r
666+/* Uses CMS functions, hence the #ifdef wrapper. */\r
667 \r
668 #define DH_KDF_MAX (1L << 30)\r
669 \r
670@@ -185,3 +190,4 @@ int DH_KDF_X9_42(unsigned char *out, size_t outlen,\r
671 EVP_MD_CTX_cleanup(&mctx);\r
672 return rv;\r
673 }\r
674+#endif\r
3f73ccb3 675diff --git a/crypto/dh/dh_pmeth.c b/crypto/dh/dh_pmeth.c\r
f0e3cd19 676index b58e3fa..c6288f6 100644\r
3f73ccb3
QL		 677--- a/crypto/dh/dh_pmeth.c\r
678+++ b/crypto/dh/dh_pmeth.c\r
f0e3cd19
QL		 679@@ -207,7 +207,11 @@ static int pkey_dh_ctrl(EVP_PKEY_CTX *ctx, int type, int p1, void *p2)\r
680 case EVP_PKEY_CTRL_DH_KDF_TYPE:\r
681 if (p1 == -2)\r
682 return dctx->kdf_type;\r
f93f78ea 683+#ifdef OPENSSL_NO_CMS\r
f0e3cd19 684+ if (p1 != EVP_PKEY_DH_KDF_NONE)\r
f93f78ea 685+#else\r
f0e3cd19
QL		 686 if (p1 != EVP_PKEY_DH_KDF_NONE && p1 != EVP_PKEY_DH_KDF_X9_42)\r
687+#endif\r
688 return -2;\r
689 dctx->kdf_type = p1;\r
690 return 1;\r
691@@ -448,7 +452,10 @@ static int pkey_dh_derive(EVP_PKEY_CTX *ctx, unsigned char *key,\r
692 return ret;\r
693 *keylen = ret;\r
694 return 1;\r
695- } else if (dctx->kdf_type == EVP_PKEY_DH_KDF_X9_42) {\r
696+ }\r
697+#ifndef OPENSSL_NO_CMS\r
698+ else if (dctx->kdf_type == EVP_PKEY_DH_KDF_X9_42) {\r
699+\r
f93f78ea
QL		 700 unsigned char *Z = NULL;\r
701 size_t Zlen = 0;\r
702 if (!dctx->kdf_outlen || !dctx->kdf_oid)\r
f0e3cd19 703@@ -479,7 +486,8 @@ static int pkey_dh_derive(EVP_PKEY_CTX *ctx, unsigned char *key,\r
f93f78ea
QL		 704 }\r
705 return ret;\r
f93f78ea 706 }\r
f0e3cd19
QL		 707- return 1;\r
708+#endif\r
709+ return 0;\r
f93f78ea 710 }\r
f0e3cd19
QL		 711 \r
712 const EVP_PKEY_METHOD dh_pkey_meth = {\r
713diff --git a/crypto/ec/ec_ameth.c b/crypto/ec/ec_ameth.c\r
714index 83e208c..4869098 100644\r
715--- a/crypto/ec/ec_ameth.c\r
716+++ b/crypto/ec/ec_ameth.c\r
717@@ -67,8 +67,10 @@\r
718 #include <openssl/asn1t.h>\r
719 #include "asn1_locl.h"\r
720 \r
721+#ifndef OPENSSL_NO_CMS\r
722 static int ecdh_cms_decrypt(CMS_RecipientInfo *ri);\r
723 static int ecdh_cms_encrypt(CMS_RecipientInfo *ri);\r
724+#endif\r
725 \r
726 static int eckey_param2type(int *pptype, void **ppval, EC_KEY *ec_key)\r
727 {\r
e578aa19
QL		 728diff --git a/crypto/engine/eng_int.h b/crypto/engine/eng_int.h\r
729index 46f163b..b4a72a0 100644\r
730--- a/crypto/engine/eng_int.h\r
731+++ b/crypto/engine/eng_int.h\r
732@@ -88,7 +88,7 @@ extern "C" {\r
733 (unsigned int)(e), (isfunct ? "funct" : "struct"), \\r
734 ((isfunct) ? ((e)->funct_ref - (diff)) : ((e)->struct_ref - (diff))), \\r
735 ((isfunct) ? (e)->funct_ref : (e)->struct_ref), \\r
736- (__FILE__), (__LINE__));\r
737+ (OPENSSL_FILE), (OPENSSL_LINE));\r
738 \r
739 # else\r
740 \r
741@@ -136,7 +136,7 @@ ENGINE *engine_table_select(ENGINE_TABLE **table, int nid);\r
742 # else\r
743 ENGINE *engine_table_select_tmp(ENGINE_TABLE **table, int nid, const char *f,\r
744 int l);\r
745-# define engine_table_select(t,n) engine_table_select_tmp(t,n,__FILE__,__LINE__)\r
746+# define engine_table_select(t,n) engine_table_select_tmp(t,n,OPENSSL_FILE,OPENSSL_LINE)\r
747 # endif\r
748 typedef void (engine_table_doall_cb) (int nid, STACK_OF(ENGINE) *sk,\r
749 ENGINE *def, void *arg);\r
ca6fa1fe
QL		 750diff --git a/crypto/engine/eng_openssl.c b/crypto/engine/eng_openssl.c\r
751index 34b0029..cf622bb 100644\r
752--- a/crypto/engine/eng_openssl.c\r
753+++ b/crypto/engine/eng_openssl.c\r
754@@ -86,7 +86,9 @@\r
755 * this is no longer automatic in ENGINE_load_builtin_engines().\r
756 */\r
757 #define TEST_ENG_OPENSSL_RC4\r
758+#ifndef OPENSSL_NO_FP_API\r
759 #define TEST_ENG_OPENSSL_PKEY\r
760+#endif\r
761 /* #define TEST_ENG_OPENSSL_RC4_OTHERS */\r
762 #define TEST_ENG_OPENSSL_RC4_P_INIT\r
763 /* #define TEST_ENG_OPENSSL_RC4_P_CIPHER */\r
e578aa19
QL		 764diff --git a/crypto/err/err.h b/crypto/err/err.h\r
765index 585aa8b..04c6cfc 100644\r
766--- a/crypto/err/err.h\r
767+++ b/crypto/err/err.h\r
768@@ -200,39 +200,39 @@ typedef struct err_state_st {\r
769 \r
770 # define ERR_LIB_USER 128\r
771 \r
772-# define SYSerr(f,r) ERR_PUT_error(ERR_LIB_SYS,(f),(r),__FILE__,__LINE__)\r
773-# define BNerr(f,r) ERR_PUT_error(ERR_LIB_BN,(f),(r),__FILE__,__LINE__)\r
774-# define RSAerr(f,r) ERR_PUT_error(ERR_LIB_RSA,(f),(r),__FILE__,__LINE__)\r
775-# define DHerr(f,r) ERR_PUT_error(ERR_LIB_DH,(f),(r),__FILE__,__LINE__)\r
776-# define EVPerr(f,r) ERR_PUT_error(ERR_LIB_EVP,(f),(r),__FILE__,__LINE__)\r
777-# define BUFerr(f,r) ERR_PUT_error(ERR_LIB_BUF,(f),(r),__FILE__,__LINE__)\r
778-# define OBJerr(f,r) ERR_PUT_error(ERR_LIB_OBJ,(f),(r),__FILE__,__LINE__)\r
779-# define PEMerr(f,r) ERR_PUT_error(ERR_LIB_PEM,(f),(r),__FILE__,__LINE__)\r
780-# define DSAerr(f,r) ERR_PUT_error(ERR_LIB_DSA,(f),(r),__FILE__,__LINE__)\r
781-# define X509err(f,r) ERR_PUT_error(ERR_LIB_X509,(f),(r),__FILE__,__LINE__)\r
782-# define ASN1err(f,r) ERR_PUT_error(ERR_LIB_ASN1,(f),(r),__FILE__,__LINE__)\r
783-# define CONFerr(f,r) ERR_PUT_error(ERR_LIB_CONF,(f),(r),__FILE__,__LINE__)\r
784-# define CRYPTOerr(f,r) ERR_PUT_error(ERR_LIB_CRYPTO,(f),(r),__FILE__,__LINE__)\r
785-# define ECerr(f,r) ERR_PUT_error(ERR_LIB_EC,(f),(r),__FILE__,__LINE__)\r
786-# define SSLerr(f,r) ERR_PUT_error(ERR_LIB_SSL,(f),(r),__FILE__,__LINE__)\r
787-# define BIOerr(f,r) ERR_PUT_error(ERR_LIB_BIO,(f),(r),__FILE__,__LINE__)\r
788-# define PKCS7err(f,r) ERR_PUT_error(ERR_LIB_PKCS7,(f),(r),__FILE__,__LINE__)\r
789-# define X509V3err(f,r) ERR_PUT_error(ERR_LIB_X509V3,(f),(r),__FILE__,__LINE__)\r
790-# define PKCS12err(f,r) ERR_PUT_error(ERR_LIB_PKCS12,(f),(r),__FILE__,__LINE__)\r
791-# define RANDerr(f,r) ERR_PUT_error(ERR_LIB_RAND,(f),(r),__FILE__,__LINE__)\r
792-# define DSOerr(f,r) ERR_PUT_error(ERR_LIB_DSO,(f),(r),__FILE__,__LINE__)\r
793-# define ENGINEerr(f,r) ERR_PUT_error(ERR_LIB_ENGINE,(f),(r),__FILE__,__LINE__)\r
794-# define OCSPerr(f,r) ERR_PUT_error(ERR_LIB_OCSP,(f),(r),__FILE__,__LINE__)\r
795-# define UIerr(f,r) ERR_PUT_error(ERR_LIB_UI,(f),(r),__FILE__,__LINE__)\r
796-# define COMPerr(f,r) ERR_PUT_error(ERR_LIB_COMP,(f),(r),__FILE__,__LINE__)\r
797-# define ECDSAerr(f,r) ERR_PUT_error(ERR_LIB_ECDSA,(f),(r),__FILE__,__LINE__)\r
798-# define ECDHerr(f,r) ERR_PUT_error(ERR_LIB_ECDH,(f),(r),__FILE__,__LINE__)\r
799-# define STOREerr(f,r) ERR_PUT_error(ERR_LIB_STORE,(f),(r),__FILE__,__LINE__)\r
800-# define FIPSerr(f,r) ERR_PUT_error(ERR_LIB_FIPS,(f),(r),__FILE__,__LINE__)\r
801-# define CMSerr(f,r) ERR_PUT_error(ERR_LIB_CMS,(f),(r),__FILE__,__LINE__)\r
802-# define TSerr(f,r) ERR_PUT_error(ERR_LIB_TS,(f),(r),__FILE__,__LINE__)\r
803-# define HMACerr(f,r) ERR_PUT_error(ERR_LIB_HMAC,(f),(r),__FILE__,__LINE__)\r
804-# define JPAKEerr(f,r) ERR_PUT_error(ERR_LIB_JPAKE,(f),(r),__FILE__,__LINE__)\r
805+# define SYSerr(f,r) ERR_PUT_error(ERR_LIB_SYS,(f),(r),OPENSSL_FILE,OPENSSL_LINE)\r
806+# define BNerr(f,r) ERR_PUT_error(ERR_LIB_BN,(f),(r),OPENSSL_FILE,OPENSSL_LINE)\r
807+# define RSAerr(f,r) ERR_PUT_error(ERR_LIB_RSA,(f),(r),OPENSSL_FILE,OPENSSL_LINE)\r
808+# define DHerr(f,r) ERR_PUT_error(ERR_LIB_DH,(f),(r),OPENSSL_FILE,OPENSSL_LINE)\r
809+# define EVPerr(f,r) ERR_PUT_error(ERR_LIB_EVP,(f),(r),OPENSSL_FILE,OPENSSL_LINE)\r
810+# define BUFerr(f,r) ERR_PUT_error(ERR_LIB_BUF,(f),(r),OPENSSL_FILE,OPENSSL_LINE)\r
811+# define OBJerr(f,r) ERR_PUT_error(ERR_LIB_OBJ,(f),(r),OPENSSL_FILE,OPENSSL_LINE)\r
812+# define PEMerr(f,r) ERR_PUT_error(ERR_LIB_PEM,(f),(r),OPENSSL_FILE,OPENSSL_LINE)\r
813+# define DSAerr(f,r) ERR_PUT_error(ERR_LIB_DSA,(f),(r),OPENSSL_FILE,OPENSSL_LINE)\r
814+# define X509err(f,r) ERR_PUT_error(ERR_LIB_X509,(f),(r),OPENSSL_FILE,OPENSSL_LINE)\r
815+# define ASN1err(f,r) ERR_PUT_error(ERR_LIB_ASN1,(f),(r),OPENSSL_FILE,OPENSSL_LINE)\r
816+# define CONFerr(f,r) ERR_PUT_error(ERR_LIB_CONF,(f),(r),OPENSSL_FILE,OPENSSL_LINE)\r
817+# define CRYPTOerr(f,r) ERR_PUT_error(ERR_LIB_CRYPTO,(f),(r),OPENSSL_FILE,OPENSSL_LINE)\r
818+# define ECerr(f,r) ERR_PUT_error(ERR_LIB_EC,(f),(r),OPENSSL_FILE,OPENSSL_LINE)\r
819+# define SSLerr(f,r) ERR_PUT_error(ERR_LIB_SSL,(f),(r),OPENSSL_FILE,OPENSSL_LINE)\r
820+# define BIOerr(f,r) ERR_PUT_error(ERR_LIB_BIO,(f),(r),OPENSSL_FILE,OPENSSL_LINE)\r
821+# define PKCS7err(f,r) ERR_PUT_error(ERR_LIB_PKCS7,(f),(r),OPENSSL_FILE,OPENSSL_LINE)\r
822+# define X509V3err(f,r) ERR_PUT_error(ERR_LIB_X509V3,(f),(r),OPENSSL_FILE,OPENSSL_LINE)\r
823+# define PKCS12err(f,r) ERR_PUT_error(ERR_LIB_PKCS12,(f),(r),OPENSSL_FILE,OPENSSL_LINE)\r
824+# define RANDerr(f,r) ERR_PUT_error(ERR_LIB_RAND,(f),(r),OPENSSL_FILE,OPENSSL_LINE)\r
825+# define DSOerr(f,r) ERR_PUT_error(ERR_LIB_DSO,(f),(r),OPENSSL_FILE,OPENSSL_LINE)\r
826+# define ENGINEerr(f,r) ERR_PUT_error(ERR_LIB_ENGINE,(f),(r),OPENSSL_FILE,OPENSSL_LINE)\r
827+# define OCSPerr(f,r) ERR_PUT_error(ERR_LIB_OCSP,(f),(r),OPENSSL_FILE,OPENSSL_LINE)\r
828+# define UIerr(f,r) ERR_PUT_error(ERR_LIB_UI,(f),(r),OPENSSL_FILE,OPENSSL_LINE)\r
829+# define COMPerr(f,r) ERR_PUT_error(ERR_LIB_COMP,(f),(r),OPENSSL_FILE,OPENSSL_LINE)\r
830+# define ECDSAerr(f,r) ERR_PUT_error(ERR_LIB_ECDSA,(f),(r),OPENSSL_FILE,OPENSSL_LINE)\r
831+# define ECDHerr(f,r) ERR_PUT_error(ERR_LIB_ECDH,(f),(r),OPENSSL_FILE,OPENSSL_LINE)\r
832+# define STOREerr(f,r) ERR_PUT_error(ERR_LIB_STORE,(f),(r),OPENSSL_FILE,OPENSSL_LINE)\r
833+# define FIPSerr(f,r) ERR_PUT_error(ERR_LIB_FIPS,(f),(r),OPENSSL_FILE,OPENSSL_LINE)\r
834+# define CMSerr(f,r) ERR_PUT_error(ERR_LIB_CMS,(f),(r),OPENSSL_FILE,OPENSSL_LINE)\r
835+# define TSerr(f,r) ERR_PUT_error(ERR_LIB_TS,(f),(r),OPENSSL_FILE,OPENSSL_LINE)\r
836+# define HMACerr(f,r) ERR_PUT_error(ERR_LIB_HMAC,(f),(r),OPENSSL_FILE,OPENSSL_LINE)\r
837+# define JPAKEerr(f,r) ERR_PUT_error(ERR_LIB_JPAKE,(f),(r),OPENSSL_FILE,OPENSSL_LINE)\r
838 \r
839 /*\r
840 * Borland C seems too stupid to be able to shift and do longs in the\r
841diff --git a/crypto/opensslconf.h.in b/crypto/opensslconf.h.in\r
842index 7a1c85d..a5f51a7 100644\r
843--- a/crypto/opensslconf.h.in\r
844+++ b/crypto/opensslconf.h.in\r
845@@ -1,5 +1,15 @@\r
846 /* crypto/opensslconf.h.in */\r
847 \r
848+#ifndef OPENSSL_FILE\r
849+#ifdef OPENSSL_NO_FILENAMES\r
850+#define OPENSSL_FILE ""\r
851+#define OPENSSL_LINE 0\r
852+#else\r
853+#define OPENSSL_FILE __FILE__\r
854+#define OPENSSL_LINE __LINE__\r
855+#endif\r
856+#endif\r
857+\r
858 /* Generate 80386 code? */\r
859 #undef I386_ONLY\r
860 \r
3f73ccb3 861diff --git a/crypto/pem/pem.h b/crypto/pem/pem.h\r
ca6fa1fe 862index d3b23fc..87b0b6a 100644\r
3f73ccb3
QL		 863--- a/crypto/pem/pem.h\r
864+++ b/crypto/pem/pem.h\r
865@@ -324,6 +324,7 @@ int PEM_write_bio_##name(BIO *bp, type *x, const EVP_CIPHER *enc, \\r
f93f78ea
QL		 866 \r
867 # define DECLARE_PEM_read_fp(name, type) /**/\r
868 # define DECLARE_PEM_write_fp(name, type) /**/\r
869+# define DECLARE_PEM_write_fp_const(name, type) /**/\r
870 # define DECLARE_PEM_write_cb_fp(name, type) /**/\r
871 # else\r
872 \r
ca6fa1fe
QL		 873@@ -417,6 +418,7 @@ int PEM_X509_INFO_write_bio(BIO *bp, X509_INFO *xi, EVP_CIPHER *enc,\r
874 pem_password_cb *cd, void *u);\r
875 # endif\r
876 \r
877+#ifndef OPENSSL_NO_FP_API\r
878 int PEM_read(FILE *fp, char **name, char **header,\r
879 unsigned char **data, long *len);\r
880 int PEM_write(FILE *fp, const char *name, const char *hdr,\r
881@@ -428,6 +430,7 @@ int PEM_ASN1_write(i2d_of_void *i2d, const char *name, FILE *fp,\r
882 int klen, pem_password_cb *callback, void *u);\r
883 STACK_OF(X509_INFO) *PEM_X509_INFO_read(FILE *fp, STACK_OF(X509_INFO) *sk,\r
884 pem_password_cb *cb, void *u);\r
885+#endif\r
886 \r
887 int PEM_SealInit(PEM_ENCODE_SEAL_CTX *ctx, EVP_CIPHER *type,\r
888 EVP_MD *md_type, unsigned char **ek, int *ekl,\r
889@@ -494,6 +497,7 @@ int i2d_PKCS8PrivateKey_nid_bio(BIO *bp, EVP_PKEY *x, int nid,\r
890 EVP_PKEY *d2i_PKCS8PrivateKey_bio(BIO *bp, EVP_PKEY **x, pem_password_cb *cb,\r
891 void *u);\r
892 \r
893+#ifndef OPENSSL_NO_FP_API\r
894 int i2d_PKCS8PrivateKey_fp(FILE *fp, EVP_PKEY *x, const EVP_CIPHER *enc,\r
895 char *kstr, int klen,\r
896 pem_password_cb *cb, void *u);\r
897@@ -510,7 +514,7 @@ EVP_PKEY *d2i_PKCS8PrivateKey_fp(FILE *fp, EVP_PKEY **x, pem_password_cb *cb,\r
898 int PEM_write_PKCS8PrivateKey(FILE *fp, EVP_PKEY *x, const EVP_CIPHER *enc,\r
899 char *kstr, int klen, pem_password_cb *cd,\r
900 void *u);\r
901-\r
902+#endif\r
903 EVP_PKEY *PEM_read_bio_Parameters(BIO *bp, EVP_PKEY **x);\r
904 int PEM_write_bio_Parameters(BIO *bp, EVP_PKEY *x);\r
905 \r
906diff --git a/crypto/pem/pem_pk8.c b/crypto/pem/pem_pk8.c\r
907index 5747c73..fe465cc 100644\r
908--- a/crypto/pem/pem_pk8.c\r
909+++ b/crypto/pem/pem_pk8.c\r
910@@ -69,10 +69,12 @@\r
911 static int do_pk8pkey(BIO *bp, EVP_PKEY *x, int isder,\r
912 int nid, const EVP_CIPHER *enc,\r
913 char *kstr, int klen, pem_password_cb *cb, void *u);\r
914+\r
915+#ifndef OPENSSL_NO_FP_API\r
916 static int do_pk8pkey_fp(FILE *bp, EVP_PKEY *x, int isder,\r
917 int nid, const EVP_CIPHER *enc,\r
918 char *kstr, int klen, pem_password_cb *cb, void *u);\r
919-\r
920+#endif\r
921 /*\r
922 * These functions write a private key in PKCS#8 format: it is a "drop in"\r
923 * replacement for PEM_write_bio_PrivateKey() and friends. As usual if 'enc'\r
3f73ccb3 924diff --git a/crypto/pkcs7/pk7_smime.c b/crypto/pkcs7/pk7_smime.c\r
b9dbddd8 925index c4d3724..0bc3d43 100644\r
3f73ccb3
QL		 926--- a/crypto/pkcs7/pk7_smime.c\r
927+++ b/crypto/pkcs7/pk7_smime.c\r
b9dbddd8
QL		 928@@ -64,6 +64,9 @@\r
929 #include <openssl/x509.h>\r
930 #include <openssl/x509v3.h>\r
931 \r
932+\r
933+#define BUFFERSIZE 4096\r
934+\r
935 static int pkcs7_copy_existing_digest(PKCS7 *p7, PKCS7_SIGNER_INFO *si);\r
936 \r
937 PKCS7 *PKCS7_sign(X509 *signcert, EVP_PKEY *pkey, STACK_OF(X509) *certs,\r
938@@ -254,7 +257,7 @@ int PKCS7_verify(PKCS7 *p7, STACK_OF(X509) *certs, X509_STORE *store,\r
f93f78ea
QL		 939 STACK_OF(PKCS7_SIGNER_INFO) *sinfos;\r
940 PKCS7_SIGNER_INFO *si;\r
941 X509_STORE_CTX cert_ctx;\r
942- char buf[4096];\r
943+ char *buf = NULL;\r
f93f78ea 944 int i, j = 0, k, ret = 0;\r
65202874
QL		 945 BIO *p7bio = NULL;\r
946 BIO *tmpin = NULL, *tmpout = NULL;\r
b9dbddd8 947@@ -274,12 +277,29 @@ int PKCS7_verify(PKCS7 *p7, STACK_OF(X509) *certs, X509_STORE *store,\r
503f6e38 948 PKCS7err(PKCS7_F_PKCS7_VERIFY, PKCS7_R_NO_CONTENT);\r
65202874
QL		 949 return 0;\r
950 }\r
503f6e38
QL		 951+#if 0\r
952+ /*\r
953+ * NB: this test commented out because some versions of Netscape\r
954+ * illegally include zero length content when signing data. Also\r
955+ * Microsoft Authenticode includes a SpcIndirectDataContent data\r
956+ * structure which describes the content to be protected by the\r
957+ * signature, rather than directly embedding that content. So\r
958+ * Authenticode implementations are also expected to use\r
959+ * PKCS7_verify() with explicit external data, on non-detached\r
960+ * PKCS#7 signatures.\r
961+ *\r
962+ * In OpenSSL 1.1 a new flag PKCS7_NO_DUAL_CONTENT has been\r
963+ * introduced to disable this sanity check. For the 1.0.2 branch\r
964+ * this change is not acceptable, so the check remains completely\r
965+ * commented out (as it has been for a long time).\r
966+ */\r
967 \r
968 /* Check for data and content: two sets of data */\r
969 if (!PKCS7_get_detached(p7) && indata) {\r
970 PKCS7err(PKCS7_F_PKCS7_VERIFY, PKCS7_R_CONTENT_AND_DATA_PRESENT);\r
971 return 0;\r
972 }\r
973+#endif\r
65202874 974 \r
65202874
QL		 975 sinfos = PKCS7_get_signer_info(p7);\r
976 \r
b9dbddd8 977@@ -356,8 +376,12 @@ int PKCS7_verify(PKCS7 *p7, STACK_OF(X509) *certs, X509_STORE *store,\r
f93f78ea
QL		 978 tmpout = out;\r
979 \r
b9dbddd8
QL		 980 /* We now have to 'read' from p7bio to calculate digests etc. */\r
981+ if ((buf = OPENSSL_malloc(BUFFERSIZE)) == NULL) {\r
982+ PKCS7err(PKCS7_F_PKCS7_VERIFY, ERR_R_MALLOC_FAILURE);\r
f93f78ea
QL		 983+ goto err;\r
984+ }\r
f93f78ea
QL		 985 for (;;) {\r
986- i = BIO_read(p7bio, buf, sizeof(buf));\r
b9dbddd8 987+ i = BIO_read(p7bio, buf, BUFFERSIZE);\r
f93f78ea
QL		 988 if (i <= 0)\r
989 break;\r
990 if (tmpout)\r
b9dbddd8
QL		 991@@ -388,6 +412,7 @@ int PKCS7_verify(PKCS7 *p7, STACK_OF(X509) *certs, X509_STORE *store,\r
992 ret = 1;\r
993 \r
994 err:\r
995+ OPENSSL_free(buf);\r
996 if (tmpin == indata) {\r
997 if (indata)\r
998 BIO_pop(p7bio);\r
999@@ -506,7 +531,7 @@ int PKCS7_decrypt(PKCS7 *p7, EVP_PKEY *pkey, X509 *cert, BIO *data, int flags)\r
1000 {\r
1001 BIO *tmpmem;\r
1002 int ret, i;\r
1003- char buf[4096];\r
1004+ char *buf = NULL;\r
1005 \r
1006 if (!p7) {\r
1007 PKCS7err(PKCS7_F_PKCS7_DECRYPT, PKCS7_R_INVALID_NULL_POINTER);\r
1008@@ -550,24 +575,29 @@ int PKCS7_decrypt(PKCS7 *p7, EVP_PKEY *pkey, X509 *cert, BIO *data, int flags)\r
1009 }\r
1010 BIO_free_all(bread);\r
1011 return ret;\r
1012- } else {\r
1013- for (;;) {\r
1014- i = BIO_read(tmpmem, buf, sizeof(buf));\r
1015- if (i <= 0) {\r
1016- ret = 1;\r
1017- if (BIO_method_type(tmpmem) == BIO_TYPE_CIPHER) {\r
1018- if (!BIO_get_cipher_status(tmpmem))\r
1019- ret = 0;\r
1020- }\r
1021-\r
1022- break;\r
1023- }\r
1024- if (BIO_write(data, buf, i) != i) {\r
1025- ret = 0;\r
1026- break;\r
f93f78ea 1027+ }\r
b9dbddd8
QL		 1028+ if ((buf = OPENSSL_malloc(BUFFERSIZE)) == NULL) {\r
1029+ PKCS7err(PKCS7_F_PKCS7_DECRYPT, ERR_R_MALLOC_FAILURE);\r
1030+ goto err;\r
1031+ }\r
1032+ for (;;) {\r
1033+ i = BIO_read(tmpmem, buf, BUFFERSIZE);\r
1034+ if (i <= 0) {\r
1035+ ret = 1;\r
1036+ if (BIO_method_type(tmpmem) == BIO_TYPE_CIPHER) {\r
1037+ if (!BIO_get_cipher_status(tmpmem))\r
1038+ ret = 0;\r
1039 }\r
1040+\r
1041+ break;\r
1042+ }\r
1043+ if (BIO_write(data, buf, i) != i) {\r
1044+ ret = 0;\r
1045+ break;\r
1046 }\r
1047- BIO_free_all(tmpmem);\r
1048- return ret;\r
1049 }\r
1050+err:\r
1051+ OPENSSL_free(buf);\r
1052+ BIO_free_all(tmpmem);\r
1053+ return ret;\r
f93f78ea 1054 }\r
3f73ccb3
QL		 1055diff --git a/crypto/rand/rand_unix.c b/crypto/rand/rand_unix.c\r
1056index 266111e..f60fac6 100644\r
1057--- a/crypto/rand/rand_unix.c\r
1058+++ b/crypto/rand/rand_unix.c\r
f93f78ea
QL		 1059@@ -116,7 +116,7 @@\r
1060 #include <openssl/rand.h>\r
1061 #include "rand_lcl.h"\r
1062 \r
1063-#if !(defined(OPENSSL_SYS_WINDOWS) || defined(OPENSSL_SYS_WIN32) || defined(OPENSSL_SYS_VMS) || defined(OPENSSL_SYS_OS2) || defined(OPENSSL_SYS_VXWORKS) || defined(OPENSSL_SYS_NETWARE))\r
1064+#if !(defined(OPENSSL_SYS_WINDOWS) || defined(OPENSSL_SYS_WIN32) || defined(OPENSSL_SYS_VMS) || defined(OPENSSL_SYS_OS2) || defined(OPENSSL_SYS_VXWORKS) || defined(OPENSSL_SYS_NETWARE) || defined(OPENSSL_SYS_UEFI))\r
1065 \r
1066 # include <sys/types.h>\r
1067 # include <sys/time.h>\r
3f73ccb3 1068@@ -439,7 +439,7 @@ int RAND_poll(void)\r
f93f78ea
QL		 1069 * defined(OPENSSL_SYS_VXWORKS) ||\r
1070 * defined(OPENSSL_SYS_NETWARE)) */\r
1071 \r
1072-#if defined(OPENSSL_SYS_VXWORKS)\r
1073+#if defined(OPENSSL_SYS_VXWORKS) || defined(OPENSSL_SYS_UEFI)\r
1074 int RAND_poll(void)\r
1075 {\r
1076 return 0;\r
3f73ccb3 1077diff --git a/crypto/rsa/rsa_ameth.c b/crypto/rsa/rsa_ameth.c\r
f0e3cd19 1078index 4e06218..ddead3d 100644\r
3f73ccb3
QL		 1079--- a/crypto/rsa/rsa_ameth.c\r
1080+++ b/crypto/rsa/rsa_ameth.c\r
f93f78ea
QL		 1081@@ -68,10 +68,12 @@\r
1082 #endif\r
1083 #include "asn1_locl.h"\r
1084 \r
1085+#ifndef OPENSSL_NO_CMS\r
1086 static int rsa_cms_sign(CMS_SignerInfo *si);\r
1087 static int rsa_cms_verify(CMS_SignerInfo *si);\r
1088 static int rsa_cms_decrypt(CMS_RecipientInfo *ri);\r
1089 static int rsa_cms_encrypt(CMS_RecipientInfo *ri);\r
1090+#endif\r
1091 \r
1092 static int rsa_pub_encode(X509_PUBKEY *pk, const EVP_PKEY *pkey)\r
1093 {\r
3f73ccb3 1094@@ -665,6 +667,7 @@ static int rsa_pss_to_ctx(EVP_MD_CTX *ctx, EVP_PKEY_CTX *pkctx,\r
f93f78ea
QL		 1095 return rv;\r
1096 }\r
1097 \r
1098+#ifndef OPENSSL_NO_CMS\r
1099 static int rsa_cms_verify(CMS_SignerInfo *si)\r
1100 {\r
1101 int nid, nid2;\r
3f73ccb3 1102@@ -683,6 +686,7 @@ static int rsa_cms_verify(CMS_SignerInfo *si)\r
f93f78ea
QL		 1103 }\r
1104 return 0;\r
1105 }\r
1106+#endif\r
1107 \r
1108 /*\r
1109 * Customised RSA item verification routine. This is called when a signature\r
3f73ccb3 1110@@ -705,6 +709,7 @@ static int rsa_item_verify(EVP_MD_CTX *ctx, const ASN1_ITEM *it, void *asn,\r
f93f78ea
QL		 1111 return -1;\r
1112 }\r
1113 \r
1114+#ifndef OPENSSL_NO_CMS\r
1115 static int rsa_cms_sign(CMS_SignerInfo *si)\r
1116 {\r
1117 int pad_mode = RSA_PKCS1_PADDING;\r
3f73ccb3 1118@@ -729,6 +734,7 @@ static int rsa_cms_sign(CMS_SignerInfo *si)\r
f93f78ea
QL		 1119 X509_ALGOR_set0(alg, OBJ_nid2obj(NID_rsassaPss), V_ASN1_SEQUENCE, os);\r
1120 return 1;\r
1121 }\r
1122+#endif\r
1123 \r
1124 static int rsa_item_sign(EVP_MD_CTX *ctx, const ASN1_ITEM *it, void *asn,\r
1125 X509_ALGOR *alg1, X509_ALGOR *alg2,\r
f0e3cd19
QL		 1126@@ -762,6 +768,7 @@ static int rsa_item_sign(EVP_MD_CTX *ctx, const ASN1_ITEM *it, void *asn,\r
1127 return 2;\r
f93f78ea
QL		 1128 }\r
1129 \r
1130+#ifndef OPENSSL_NO_CMS\r
f0e3cd19
QL		 1131 static RSA_OAEP_PARAMS *rsa_oaep_decode(const X509_ALGOR *alg,\r
1132 X509_ALGOR **pmaskHash)\r
f93f78ea 1133 {\r
f0e3cd19 1134@@ -920,6 +927,7 @@ static int rsa_cms_encrypt(CMS_RecipientInfo *ri)\r
f93f78ea
QL		 1135 ASN1_STRING_free(os);\r
1136 return rv;\r
1137 }\r
1138+#endif\r
1139 \r
1140 const EVP_PKEY_ASN1_METHOD rsa_asn1_meths[] = {\r
1141 {\r
ca6fa1fe
QL		 1142diff --git a/crypto/srp/srp.h b/crypto/srp/srp.h\r
1143index d072536..73b945f 100644\r
1144--- a/crypto/srp/srp.h\r
1145+++ b/crypto/srp/srp.h\r
1146@@ -114,7 +114,9 @@ DECLARE_STACK_OF(SRP_gN)\r
1147 \r
1148 SRP_VBASE *SRP_VBASE_new(char *seed_key);\r
1149 int SRP_VBASE_free(SRP_VBASE *vb);\r
1150+#ifndef OPENSSL_NO_STDIO\r
1151 int SRP_VBASE_init(SRP_VBASE *vb, char *verifier_file);\r
1152+#endif\r
1153 SRP_user_pwd *SRP_VBASE_get_by_user(SRP_VBASE *vb, char *username);\r
1154 char *SRP_create_verifier(const char *user, const char *pass, char **salt,\r
1155 char **verifier, const char *N, const char *g);\r
1156diff --git a/crypto/srp/srp_vfy.c b/crypto/srp/srp_vfy.c\r
1157index a3f1a8a..3fbb186 100644\r
1158--- a/crypto/srp/srp_vfy.c\r
1159+++ b/crypto/srp/srp_vfy.c\r
1160@@ -225,6 +225,7 @@ static int SRP_user_pwd_set_ids(SRP_user_pwd *vinfo, const char *id,\r
1161 return (info == NULL || NULL != (vinfo->info = BUF_strdup(info)));\r
1162 }\r
1163 \r
1164+#ifndef OPENSSL_NO_STDIO\r
1165 static int SRP_user_pwd_set_sv(SRP_user_pwd *vinfo, const char *s,\r
1166 const char *v)\r
1167 {\r
1168@@ -239,6 +240,7 @@ static int SRP_user_pwd_set_sv(SRP_user_pwd *vinfo, const char *s,\r
1169 len = t_fromb64(tmp, s);\r
1170 return ((vinfo->s = BN_bin2bn(tmp, len, NULL)) != NULL);\r
1171 }\r
1172+#endif\r
1173 \r
1174 static int SRP_user_pwd_set_sv_BN(SRP_user_pwd *vinfo, BIGNUM *s, BIGNUM *v)\r
1175 {\r
1176@@ -279,6 +281,7 @@ int SRP_VBASE_free(SRP_VBASE *vb)\r
1177 return 0;\r
1178 }\r
1179 \r
1180+#ifndef OPENSSL_NO_STDIO\r
1181 static SRP_gN_cache *SRP_gN_new_init(const char *ch)\r
1182 {\r
1183 unsigned char tmp[MAX_LEN];\r
1184@@ -310,6 +313,7 @@ static void SRP_gN_free(SRP_gN_cache *gN_cache)\r
1185 BN_free(gN_cache->bn);\r
1186 OPENSSL_free(gN_cache);\r
1187 }\r
1188+#endif\r
1189 \r
1190 static SRP_gN *SRP_get_gN_by_id(const char *id, STACK_OF(SRP_gN) *gN_tab)\r
1191 {\r
1192@@ -326,6 +330,7 @@ static SRP_gN *SRP_get_gN_by_id(const char *id, STACK_OF(SRP_gN) *gN_tab)\r
1193 return SRP_get_default_gN(id);\r
1194 }\r
1195 \r
1196+#ifndef OPENSSL_NO_STDIO\r
1197 static BIGNUM *SRP_gN_place_bn(STACK_OF(SRP_gN_cache) *gN_cache, char *ch)\r
1198 {\r
1199 int i;\r
1200@@ -467,6 +472,7 @@ int SRP_VBASE_init(SRP_VBASE *vb, char *verifier_file)\r
1201 return error_code;\r
1202 \r
1203 }\r
1204+#endif\r
1205 \r
1206 SRP_user_pwd *SRP_VBASE_get_by_user(SRP_VBASE *vb, char *username)\r
1207 {\r
1208diff --git a/crypto/ts/ts.h b/crypto/ts/ts.h\r
1209index 16eccbb..a9fe40e 100644\r
1210--- a/crypto/ts/ts.h\r
1211+++ b/crypto/ts/ts.h\r
1212@@ -281,8 +281,10 @@ TS_REQ *d2i_TS_REQ(TS_REQ **a, const unsigned char **pp, long length);\r
1213 \r
1214 TS_REQ *TS_REQ_dup(TS_REQ *a);\r
1215 \r
1216+#ifndef OPENSSL_NO_FP_API\r
1217 TS_REQ *d2i_TS_REQ_fp(FILE *fp, TS_REQ **a);\r
1218 int i2d_TS_REQ_fp(FILE *fp, TS_REQ *a);\r
1219+#endif\r
1220 TS_REQ *d2i_TS_REQ_bio(BIO *fp, TS_REQ **a);\r
1221 int i2d_TS_REQ_bio(BIO *fp, TS_REQ *a);\r
1222 \r
1223@@ -294,10 +296,12 @@ TS_MSG_IMPRINT *d2i_TS_MSG_IMPRINT(TS_MSG_IMPRINT **a,\r
1224 \r
1225 TS_MSG_IMPRINT *TS_MSG_IMPRINT_dup(TS_MSG_IMPRINT *a);\r
1226 \r
1227+#ifndef OPENSSL_NO_FP_API\r
1228 TS_MSG_IMPRINT *d2i_TS_MSG_IMPRINT_fp(FILE *fp, TS_MSG_IMPRINT **a);\r
1229 int i2d_TS_MSG_IMPRINT_fp(FILE *fp, TS_MSG_IMPRINT *a);\r
1230-TS_MSG_IMPRINT *d2i_TS_MSG_IMPRINT_bio(BIO *fp, TS_MSG_IMPRINT **a);\r
1231-int i2d_TS_MSG_IMPRINT_bio(BIO *fp, TS_MSG_IMPRINT *a);\r
1232+#endif\r
1233+TS_MSG_IMPRINT *d2i_TS_MSG_IMPRINT_bio(BIO *bio, TS_MSG_IMPRINT **a);\r
1234+int i2d_TS_MSG_IMPRINT_bio(BIO *bio, TS_MSG_IMPRINT *a);\r
1235 \r
1236 TS_RESP *TS_RESP_new(void);\r
1237 void TS_RESP_free(TS_RESP *a);\r
1238@@ -306,10 +310,12 @@ TS_RESP *d2i_TS_RESP(TS_RESP **a, const unsigned char **pp, long length);\r
1239 TS_TST_INFO *PKCS7_to_TS_TST_INFO(PKCS7 *token);\r
1240 TS_RESP *TS_RESP_dup(TS_RESP *a);\r
1241 \r
1242+#ifndef OPENSSL_NO_FP_API\r
1243 TS_RESP *d2i_TS_RESP_fp(FILE *fp, TS_RESP **a);\r
1244 int i2d_TS_RESP_fp(FILE *fp, TS_RESP *a);\r
1245-TS_RESP *d2i_TS_RESP_bio(BIO *fp, TS_RESP **a);\r
1246-int i2d_TS_RESP_bio(BIO *fp, TS_RESP *a);\r
1247+#endif\r
1248+TS_RESP *d2i_TS_RESP_bio(BIO *bio, TS_RESP **a);\r
1249+int i2d_TS_RESP_bio(BIO *bio, TS_RESP *a);\r
1250 \r
1251 TS_STATUS_INFO *TS_STATUS_INFO_new(void);\r
1252 void TS_STATUS_INFO_free(TS_STATUS_INFO *a);\r
1253@@ -325,10 +331,12 @@ TS_TST_INFO *d2i_TS_TST_INFO(TS_TST_INFO **a, const unsigned char **pp,\r
1254 long length);\r
1255 TS_TST_INFO *TS_TST_INFO_dup(TS_TST_INFO *a);\r
1256 \r
1257+#ifndef OPENSSL_NO_FP_API\r
1258 TS_TST_INFO *d2i_TS_TST_INFO_fp(FILE *fp, TS_TST_INFO **a);\r
1259 int i2d_TS_TST_INFO_fp(FILE *fp, TS_TST_INFO *a);\r
1260-TS_TST_INFO *d2i_TS_TST_INFO_bio(BIO *fp, TS_TST_INFO **a);\r
1261-int i2d_TS_TST_INFO_bio(BIO *fp, TS_TST_INFO *a);\r
1262+#endif\r
1263+TS_TST_INFO *d2i_TS_TST_INFO_bio(BIO *bio, TS_TST_INFO **a);\r
1264+int i2d_TS_TST_INFO_bio(BIO *bio, TS_TST_INFO *a);\r
1265 \r
1266 TS_ACCURACY *TS_ACCURACY_new(void);\r
1267 void TS_ACCURACY_free(TS_ACCURACY *a);\r
1268@@ -728,15 +736,18 @@ int TS_MSG_IMPRINT_print_bio(BIO *bio, TS_MSG_IMPRINT *msg);\r
1269 * ts/ts_conf.c\r
1270 */\r
1271 \r
1272+#ifndef OPENSSL_NO_STDIO\r
1273 X509 *TS_CONF_load_cert(const char *file);\r
1274 STACK_OF(X509) *TS_CONF_load_certs(const char *file);\r
1275 EVP_PKEY *TS_CONF_load_key(const char *file, const char *pass);\r
1276+#endif\r
1277 const char *TS_CONF_get_tsa_section(CONF *conf, const char *section);\r
1278 int TS_CONF_set_serial(CONF *conf, const char *section, TS_serial_cb cb,\r
1279 TS_RESP_CTX *ctx);\r
1280 int TS_CONF_set_crypto_device(CONF *conf, const char *section,\r
1281 const char *device);\r
1282 int TS_CONF_set_default_engine(const char *name);\r
1283+#ifndef OPENSSL_NO_STDIO\r
1284 int TS_CONF_set_signer_cert(CONF *conf, const char *section,\r
1285 const char *cert, TS_RESP_CTX *ctx);\r
1286 int TS_CONF_set_certs(CONF *conf, const char *section, const char *certs,\r
1287@@ -744,6 +755,7 @@ int TS_CONF_set_certs(CONF *conf, const char *section, const char *certs,\r
1288 int TS_CONF_set_signer_key(CONF *conf, const char *section,\r
1289 const char *key, const char *pass,\r
1290 TS_RESP_CTX *ctx);\r
1291+#endif\r
1292 int TS_CONF_set_def_policy(CONF *conf, const char *section,\r
1293 const char *policy, TS_RESP_CTX *ctx);\r
1294 int TS_CONF_set_policies(CONF *conf, const char *section, TS_RESP_CTX *ctx);\r
1295@@ -784,6 +796,11 @@ void ERR_load_TS_strings(void);\r
1296 # define TS_F_TS_CHECK_SIGNING_CERTS 103\r
1297 # define TS_F_TS_CHECK_STATUS_INFO 104\r
1298 # define TS_F_TS_COMPUTE_IMPRINT 145\r
1299+# define TS_F_TS_CONF_INVALID 151\r
1300+# define TS_F_TS_CONF_LOAD_CERT 153\r
1301+# define TS_F_TS_CONF_LOAD_CERTS 154\r
1302+# define TS_F_TS_CONF_LOAD_KEY 155\r
1303+# define TS_F_TS_CONF_LOOKUP_FAIL 152\r
1304 # define TS_F_TS_CONF_SET_DEFAULT_ENGINE 146\r
1305 # define TS_F_TS_GET_STATUS_TEXT 105\r
1306 # define TS_F_TS_MSG_IMPRINT_SET_ALGO 118\r
1307@@ -822,6 +839,8 @@ void ERR_load_TS_strings(void);\r
1308 /* Reason codes. */\r
1309 # define TS_R_BAD_PKCS7_TYPE 132\r
1310 # define TS_R_BAD_TYPE 133\r
1311+# define TS_R_CANNOT_LOAD_CERT 137\r
1312+# define TS_R_CANNOT_LOAD_KEY 138\r
1313 # define TS_R_CERTIFICATE_VERIFY_ERROR 100\r
1314 # define TS_R_COULD_NOT_SET_ENGINE 127\r
1315 # define TS_R_COULD_NOT_SET_TIME 115\r
1316@@ -854,6 +873,8 @@ void ERR_load_TS_strings(void);\r
1317 # define TS_R_UNACCEPTABLE_POLICY 125\r
1318 # define TS_R_UNSUPPORTED_MD_ALGORITHM 126\r
1319 # define TS_R_UNSUPPORTED_VERSION 113\r
1320+# define TS_R_VAR_BAD_VALUE 135\r
1321+# define TS_R_VAR_LOOKUP_FAILURE 136\r
1322 # define TS_R_WRONG_CONTENT_TYPE 114\r
1323 \r
1324 #ifdef __cplusplus\r
1325diff --git a/crypto/ts/ts_conf.c b/crypto/ts/ts_conf.c\r
1326index 4716b23..c4416ba 100644\r
1327--- a/crypto/ts/ts_conf.c\r
1328+++ b/crypto/ts/ts_conf.c\r
1329@@ -92,6 +92,7 @@\r
1330 \r
1331 /* Function definitions for certificate and key loading. */\r
1332 \r
1333+#ifndef OPENSSL_NO_STDIO\r
1334 X509 *TS_CONF_load_cert(const char *file)\r
1335 {\r
1336 BIO *cert = NULL;\r
1337@@ -102,7 +103,7 @@ X509 *TS_CONF_load_cert(const char *file)\r
1338 x = PEM_read_bio_X509_AUX(cert, NULL, NULL, NULL);\r
1339 end:\r
1340 if (x == NULL)\r
1341- fprintf(stderr, "unable to load certificate: %s\n", file);\r
1342+ TSerr(TS_F_TS_CONF_LOAD_CERT, TS_R_CANNOT_LOAD_CERT);\r
1343 BIO_free(cert);\r
1344 return x;\r
1345 }\r
1346@@ -129,7 +130,7 @@ STACK_OF(X509) *TS_CONF_load_certs(const char *file)\r
1347 }\r
1348 end:\r
1349 if (othercerts == NULL)\r
1350- fprintf(stderr, "unable to load certificates: %s\n", file);\r
1351+ TSerr(TS_F_TS_CONF_LOAD_CERTS, TS_R_CANNOT_LOAD_CERT);\r
1352 sk_X509_INFO_pop_free(allcerts, X509_INFO_free);\r
1353 BIO_free(certs);\r
1354 return othercerts;\r
1355@@ -145,21 +146,24 @@ EVP_PKEY *TS_CONF_load_key(const char *file, const char *pass)\r
1356 pkey = PEM_read_bio_PrivateKey(key, NULL, NULL, (char *)pass);\r
1357 end:\r
1358 if (pkey == NULL)\r
1359- fprintf(stderr, "unable to load private key: %s\n", file);\r
1360+ TSerr(TS_F_TS_CONF_LOAD_KEY, TS_R_CANNOT_LOAD_KEY);\r
1361 BIO_free(key);\r
1362 return pkey;\r
1363 }\r
1364+#endif /* !OPENSSL_NO_STDIO */\r
1365 \r
1366 /* Function definitions for handling configuration options. */\r
1367 \r
1368 static void TS_CONF_lookup_fail(const char *name, const char *tag)\r
1369 {\r
1370- fprintf(stderr, "variable lookup failed for %s::%s\n", name, tag);\r
1371+ TSerr(TS_F_TS_CONF_LOOKUP_FAIL, TS_R_VAR_LOOKUP_FAILURE);\r
1372+ ERR_add_error_data(3, name, "::", tag);\r
1373 }\r
1374 \r
1375 static void TS_CONF_invalid(const char *name, const char *tag)\r
1376 {\r
1377- fprintf(stderr, "invalid variable value for %s::%s\n", name, tag);\r
1378+ TSerr(TS_F_TS_CONF_INVALID, TS_R_VAR_BAD_VALUE);\r
1379+ ERR_add_error_data(3, name, "::", tag);\r
1380 }\r
1381 \r
1382 const char *TS_CONF_get_tsa_section(CONF *conf, const char *section)\r
1383@@ -237,6 +241,7 @@ int TS_CONF_set_default_engine(const char *name)\r
1384 \r
1385 #endif\r
1386 \r
1387+#ifndef OPENSSL_NO_STDIO\r
1388 int TS_CONF_set_signer_cert(CONF *conf, const char *section,\r
1389 const char *cert, TS_RESP_CTX *ctx)\r
1390 {\r
1391@@ -302,6 +307,7 @@ int TS_CONF_set_signer_key(CONF *conf, const char *section,\r
1392 EVP_PKEY_free(key_obj);\r
1393 return ret;\r
1394 }\r
1395+#endif /* !OPENSSL_NO_STDIO */\r
1396 \r
1397 int TS_CONF_set_def_policy(CONF *conf, const char *section,\r
1398 const char *policy, TS_RESP_CTX *ctx)\r
1399diff --git a/crypto/ts/ts_err.c b/crypto/ts/ts_err.c\r
1400index ff1abf4..3f5b78f 100644\r
1401--- a/crypto/ts/ts_err.c\r
1402+++ b/crypto/ts/ts_err.c\r
1403@@ -1,6 +1,6 @@\r
1404 /* crypto/ts/ts_err.c */\r
1405 /* ====================================================================\r
1406- * Copyright (c) 1999-2007 The OpenSSL Project. All rights reserved.\r
1407+ * Copyright (c) 1999-2015 The OpenSSL Project. All rights reserved.\r
1408 *\r
1409 * Redistribution and use in source and binary forms, with or without\r
1410 * modification, are permitted provided that the following conditions\r
1411@@ -87,6 +87,11 @@ static ERR_STRING_DATA TS_str_functs[] = {\r
1412 {ERR_FUNC(TS_F_TS_CHECK_SIGNING_CERTS), "TS_CHECK_SIGNING_CERTS"},\r
1413 {ERR_FUNC(TS_F_TS_CHECK_STATUS_INFO), "TS_CHECK_STATUS_INFO"},\r
1414 {ERR_FUNC(TS_F_TS_COMPUTE_IMPRINT), "TS_COMPUTE_IMPRINT"},\r
1415+ {ERR_FUNC(TS_F_TS_CONF_INVALID), "ts_CONF_invalid"},\r
1416+ {ERR_FUNC(TS_F_TS_CONF_LOAD_CERT), "TS_CONF_load_cert"},\r
1417+ {ERR_FUNC(TS_F_TS_CONF_LOAD_CERTS), "TS_CONF_load_certs"},\r
1418+ {ERR_FUNC(TS_F_TS_CONF_LOAD_KEY), "TS_CONF_load_key"},\r
1419+ {ERR_FUNC(TS_F_TS_CONF_LOOKUP_FAIL), "ts_CONF_lookup_fail"},\r
1420 {ERR_FUNC(TS_F_TS_CONF_SET_DEFAULT_ENGINE), "TS_CONF_set_default_engine"},\r
1421 {ERR_FUNC(TS_F_TS_GET_STATUS_TEXT), "TS_GET_STATUS_TEXT"},\r
1422 {ERR_FUNC(TS_F_TS_MSG_IMPRINT_SET_ALGO), "TS_MSG_IMPRINT_set_algo"},\r
1423@@ -132,6 +137,8 @@ static ERR_STRING_DATA TS_str_functs[] = {\r
1424 static ERR_STRING_DATA TS_str_reasons[] = {\r
1425 {ERR_REASON(TS_R_BAD_PKCS7_TYPE), "bad pkcs7 type"},\r
1426 {ERR_REASON(TS_R_BAD_TYPE), "bad type"},\r
1427+ {ERR_REASON(TS_R_CANNOT_LOAD_CERT), "cannot load certificate"},\r
1428+ {ERR_REASON(TS_R_CANNOT_LOAD_KEY), "cannot load private key"},\r
1429 {ERR_REASON(TS_R_CERTIFICATE_VERIFY_ERROR), "certificate verify error"},\r
1430 {ERR_REASON(TS_R_COULD_NOT_SET_ENGINE), "could not set engine"},\r
1431 {ERR_REASON(TS_R_COULD_NOT_SET_TIME), "could not set time"},\r
1432@@ -170,6 +177,8 @@ static ERR_STRING_DATA TS_str_reasons[] = {\r
1433 {ERR_REASON(TS_R_UNACCEPTABLE_POLICY), "unacceptable policy"},\r
1434 {ERR_REASON(TS_R_UNSUPPORTED_MD_ALGORITHM), "unsupported md algorithm"},\r
1435 {ERR_REASON(TS_R_UNSUPPORTED_VERSION), "unsupported version"},\r
1436+ {ERR_REASON(TS_R_VAR_BAD_VALUE), "var bad value"},\r
1437+ {ERR_REASON(TS_R_VAR_LOOKUP_FAILURE), "cannot find config variable"},\r
1438 {ERR_REASON(TS_R_WRONG_CONTENT_TYPE), "wrong content type"},\r
1439 {0, NULL}\r
1440 };\r
1441diff --git a/crypto/ui/ui_util.c b/crypto/ui/ui_util.c\r
1442index 0f29011..80dd40e 100644\r
1443--- a/crypto/ui/ui_util.c\r
1444+++ b/crypto/ui/ui_util.c\r
1445@@ -56,6 +56,10 @@\r
1446 #include <string.h>\r
1447 #include "ui_locl.h"\r
1448 \r
1449+#ifndef BUFSIZ\r
1450+#define BUFSIZ 256\r
1451+#endif\r
1452+\r
1453 int UI_UTIL_read_pw_string(char *buf, int length, const char *prompt,\r
1454 int verify)\r
1455 {\r
1456diff --git a/crypto/x509/by_dir.c b/crypto/x509/by_dir.c\r
1457index 9ee8f8d..64b052e 100644\r
1458--- a/crypto/x509/by_dir.c\r
1459+++ b/crypto/x509/by_dir.c\r
1460@@ -69,6 +69,8 @@\r
1461 # include <sys/stat.h>\r
1462 #endif\r
1463 \r
1464+#ifndef OPENSSL_NO_STDIO\r
1465+\r
1466 #include <openssl/lhash.h>\r
1467 #include <openssl/x509.h>\r
1468 \r
1469@@ -434,3 +436,5 @@ static int get_cert_by_subject(X509_LOOKUP *xl, int type, X509_NAME *name,\r
1470 BUF_MEM_free(b);\r
1471 return (ok);\r
1472 }\r
1473+\r
1474+#endif /* OPENSSL_NO_STDIO */\r
3f73ccb3
QL		 1475diff --git a/crypto/x509/x509_vfy.c b/crypto/x509/x509_vfy.c\r
1476index 0429767..7ddc21c 100644\r
1477--- a/crypto/x509/x509_vfy.c\r
1478+++ b/crypto/x509/x509_vfy.c\r
1479@@ -940,6 +940,8 @@ static int check_crl_time(X509_STORE_CTX *ctx, X509_CRL *crl, int notify)\r
de0408be
DW		 1480 ctx->current_crl = crl;\r
1481 if (ctx->param->flags & X509_V_FLAG_USE_CHECK_TIME)\r
1482 ptime = &ctx->param->check_time;\r
1483+ else if (ctx->param->flags & X509_V_FLAG_NO_CHECK_TIME)\r
1484+ return 1;\r
1485 else\r
1486 ptime = NULL;\r
f93f78ea 1487 \r
3f73ccb3 1488@@ -1663,6 +1665,8 @@ static int check_cert_time(X509_STORE_CTX *ctx, X509 *x)\r
f93f78ea 1489 \r
de0408be
DW		 1490 if (ctx->param->flags & X509_V_FLAG_USE_CHECK_TIME)\r
1491 ptime = &ctx->param->check_time;\r
1492+ else if (ctx->param->flags & X509_V_FLAG_NO_CHECK_TIME)\r
1493+ return 1;\r
1494 else\r
1495 ptime = NULL;\r
f93f78ea 1496 \r
3f73ccb3 1497diff --git a/crypto/x509/x509_vfy.h b/crypto/x509/x509_vfy.h\r
ca6fa1fe 1498index 2663e1c..3790ef5 100644\r
3f73ccb3
QL		 1499--- a/crypto/x509/x509_vfy.h\r
1500+++ b/crypto/x509/x509_vfy.h\r
1501@@ -438,6 +438,8 @@ void X509_STORE_CTX_set_depth(X509_STORE_CTX *ctx, int depth);\r
de0408be
DW		 1502 * will force the behaviour to match that of previous versions.\r
1503 */\r
1504 # define X509_V_FLAG_NO_ALT_CHAINS 0x100000\r
1505+/* Do not check certificate/CRL validity against current time */\r
1506+# define X509_V_FLAG_NO_CHECK_TIME 0x200000\r
f93f78ea 1507 \r
de0408be
DW		 1508 # define X509_VP_FLAG_DEFAULT 0x1\r
1509 # define X509_VP_FLAG_OVERWRITE 0x2\r
ca6fa1fe
QL		 1510@@ -490,9 +492,10 @@ void X509_STORE_CTX_cleanup(X509_STORE_CTX *ctx);\r
1511 X509_STORE *X509_STORE_CTX_get0_store(X509_STORE_CTX *ctx);\r
1512 \r
1513 X509_LOOKUP *X509_STORE_add_lookup(X509_STORE *v, X509_LOOKUP_METHOD *m);\r
1514-\r
1515+#ifndef OPENSSL_NO_STDIO\r
1516 X509_LOOKUP_METHOD *X509_LOOKUP_hash_dir(void);\r
1517 X509_LOOKUP_METHOD *X509_LOOKUP_file(void);\r
1518+#endif\r
1519 \r
1520 int X509_STORE_add_cert(X509_STORE *ctx, X509 *x);\r
1521 int X509_STORE_add_crl(X509_STORE *ctx, X509_CRL *x);\r
3f73ccb3 1522diff --git a/crypto/x509v3/ext_dat.h b/crypto/x509v3/ext_dat.h\r
a62a7cc7 1523index c3a6fce..09ebbca 100644\r
3f73ccb3
QL		 1524--- a/crypto/x509v3/ext_dat.h\r
1525+++ b/crypto/x509v3/ext_dat.h\r
1526@@ -127,8 +127,10 @@ static const X509V3_EXT_METHOD *standard_exts[] = {\r
f93f78ea
QL		 1527 &v3_idp,\r
1528 &v3_alt[2],\r
1529 &v3_freshest_crl,\r
a62a7cc7 1530+#ifndef OPENSSL_NO_SCT\r
f93f78ea
QL		 1531 &v3_ct_scts[0],\r
1532 &v3_ct_scts[1],\r
1533+#endif\r
1534 };\r
1535 \r
1536 /* Number of standard extensions */\r
ca6fa1fe
QL		 1537diff --git a/crypto/x509v3/v3_pci.c b/crypto/x509v3/v3_pci.c\r
1538index 34cad53..12f12a7 100644\r
1539--- a/crypto/x509v3/v3_pci.c\r
1540+++ b/crypto/x509v3/v3_pci.c\r
1541@@ -149,6 +149,7 @@ static int process_pci_value(CONF_VALUE *val,\r
1542 goto err;\r
1543 }\r
1544 OPENSSL_free(tmp_data2);\r
1545+#ifndef OPENSSL_NO_STDIO\r
1546 } else if (strncmp(val->value, "file:", 5) == 0) {\r
1547 unsigned char buf[2048];\r
1548 int n;\r
1549@@ -181,6 +182,7 @@ static int process_pci_value(CONF_VALUE *val,\r
1550 X509V3_conf_err(val);\r
1551 goto err;\r
1552 }\r
1553+#endif /* !OPENSSL_NO_STDIO */\r
1554 } else if (strncmp(val->value, "text:", 5) == 0) {\r
1555 val_len = strlen(val->value + 5);\r
1556 tmp_data = OPENSSL_realloc((*policy)->data,\r
a62a7cc7
QL		 1557diff --git a/crypto/x509v3/v3_scts.c b/crypto/x509v3/v3_scts.c\r
1558index 0b7c681..1895b8f 100644\r
1559--- a/crypto/x509v3/v3_scts.c\r
1560+++ b/crypto/x509v3/v3_scts.c\r
1561@@ -61,6 +61,7 @@\r
1562 #include <openssl/asn1.h>\r
1563 #include <openssl/x509v3.h>\r
1564 \r
1565+#ifndef OPENSSL_NO_SCT\r
1566 /* Signature and hash algorithms from RFC 5246 */\r
1567 #define TLSEXT_hash_sha256 4\r
1568 \r
1569@@ -332,3 +333,4 @@ static int i2r_SCT_LIST(X509V3_EXT_METHOD *method, STACK_OF(SCT) *sct_list,\r
1570 \r
1571 return 1;\r
1572 }\r
1573+#endif\r
ca6fa1fe
QL		 1574diff --git a/crypto/x509v3/x509v3.h b/crypto/x509v3/x509v3.h\r
1575index f5c6156..a2e78aa 100644\r
1576--- a/crypto/x509v3/x509v3.h\r
1577+++ b/crypto/x509v3/x509v3.h\r
1578@@ -688,8 +688,9 @@ void X509V3_EXT_val_prn(BIO *out, STACK_OF(CONF_VALUE) *val, int indent,\r
1579 int ml);\r
1580 int X509V3_EXT_print(BIO *out, X509_EXTENSION *ext, unsigned long flag,\r
1581 int indent);\r
1582+#ifndef OPENSSL_NO_FP_API\r
1583 int X509V3_EXT_print_fp(FILE *out, X509_EXTENSION *ext, int flag, int indent);\r
1584-\r
1585+#endif\r
1586 int X509V3_extensions_print(BIO *out, char *title,\r
1587 STACK_OF(X509_EXTENSION) *exts,\r
1588 unsigned long flag, int indent);\r
e578aa19
QL		 1589diff --git a/demos/engines/cluster_labs/hw_cluster_labs_err.h b/demos/engines/cluster_labs/hw_cluster_labs_err.h\r
1590index 3300e11..e9e58d5 100644\r
1591--- a/demos/engines/cluster_labs/hw_cluster_labs_err.h\r
1592+++ b/demos/engines/cluster_labs/hw_cluster_labs_err.h\r
1593@@ -67,7 +67,7 @@ extern "C" {\r
1594 static void ERR_load_CL_strings(void);\r
1595 static void ERR_unload_CL_strings(void);\r
1596 static void ERR_CL_error(int function, int reason, char *file, int line);\r
1597-# define CLerr(f,r) ERR_CL_error((f),(r),__FILE__,__LINE__)\r
1598+# define CLerr(f,r) ERR_CL_error((f),(r),OPENSSL_FILE,OPENSSL_LINE)\r
1599 \r
1600 /* Error codes for the CL functions. */\r
1601 \r
1602diff --git a/demos/engines/ibmca/hw_ibmca_err.h b/demos/engines/ibmca/hw_ibmca_err.h\r
1603index c17e0c9..10d0212 100644\r
1604--- a/demos/engines/ibmca/hw_ibmca_err.h\r
1605+++ b/demos/engines/ibmca/hw_ibmca_err.h\r
1606@@ -67,7 +67,7 @@ extern "C" {\r
1607 static void ERR_load_IBMCA_strings(void);\r
1608 static void ERR_unload_IBMCA_strings(void);\r
1609 static void ERR_IBMCA_error(int function, int reason, char *file, int line);\r
1610-# define IBMCAerr(f,r) ERR_IBMCA_error((f),(r),__FILE__,__LINE__)\r
1611+# define IBMCAerr(f,r) ERR_IBMCA_error((f),(r),OPENSSL_FILE,OPENSSL_LINE)\r
1612 \r
1613 /* Error codes for the IBMCA functions. */\r
1614 \r
1615diff --git a/demos/engines/rsaref/rsaref_err.h b/demos/engines/rsaref/rsaref_err.h\r
1616index 4356815..598836f 100644\r
1617--- a/demos/engines/rsaref/rsaref_err.h\r
1618+++ b/demos/engines/rsaref/rsaref_err.h\r
1619@@ -68,7 +68,7 @@ extern "C" {\r
1620 static void ERR_load_RSAREF_strings(void);\r
1621 static void ERR_unload_RSAREF_strings(void);\r
1622 static void ERR_RSAREF_error(int function, int reason, char *file, int line);\r
1623-# define RSAREFerr(f,r) ERR_RSAREF_error((f),(r),__FILE__,__LINE__)\r
1624+# define RSAREFerr(f,r) ERR_RSAREF_error((f),(r),OPENSSL_FILE,OPENSSL_LINE)\r
1625 /* Error codes for the RSAREF functions. */\r
1626 \r
1627 /* Function codes. */\r
1628diff --git a/demos/engines/zencod/hw_zencod_err.h b/demos/engines/zencod/hw_zencod_err.h\r
1629index f4a8358..94d3293 100644\r
1630--- a/demos/engines/zencod/hw_zencod_err.h\r
1631+++ b/demos/engines/zencod/hw_zencod_err.h\r
1632@@ -67,7 +67,7 @@ extern "C" {\r
1633 static void ERR_load_ZENCOD_strings(void);\r
1634 static void ERR_unload_ZENCOD_strings(void);\r
1635 static void ERR_ZENCOD_error(int function, int reason, char *file, int line);\r
1636-# define ZENCODerr(f,r) ERR_ZENCOD_error((f),(r),__FILE__,__LINE__)\r
1637+# define ZENCODerr(f,r) ERR_ZENCOD_error((f),(r),OPENSSL_FILE,OPENSSL_LINE)\r
1638 \r
1639 /* Error codes for the ZENCOD functions. */\r
1640 \r
e94546e7
QL		 1641diff --git a/doc/crypto/X509_VERIFY_PARAM_set_flags.pod b/doc/crypto/X509_VERIFY_PARAM_set_flags.pod\r
1642index 44792f9..7f95d58 100644\r
1643--- a/doc/crypto/X509_VERIFY_PARAM_set_flags.pod\r
1644+++ b/doc/crypto/X509_VERIFY_PARAM_set_flags.pod\r
1645@@ -203,6 +203,10 @@ chain found is not trusted, then OpenSSL will continue to check to see if an\r
1646 alternative chain can be found that is trusted. With this flag set the behaviour\r
1647 will match that of OpenSSL versions prior to 1.0.2b.\r
1648 \r
1649+The B<X509_V_FLAG_NO_CHECK_TIME> flag suppresses checking the validity period\r
1650+of certificates and CRLs against the current time. If X509_VERIFY_PARAM_set_time()\r
1651+is used to specify a verification time, the check is not suppressed.\r
1652+\r
1653 =head1 NOTES\r
1654 \r
1655 The above functions should be used to manipulate verification parameters\r
e578aa19
QL		 1656diff --git a/doc/crypto/threads.pod b/doc/crypto/threads.pod\r
1657index dc0e939..fe123bb 100644\r
1658--- a/doc/crypto/threads.pod\r
1659+++ b/doc/crypto/threads.pod\r
1660@@ -51,15 +51,15 @@ CRYPTO_destroy_dynlockid, CRYPTO_lock - OpenSSL thread support\r
1661 void CRYPTO_lock(int mode, int n, const char *file, int line);\r
1662 \r
1663 #define CRYPTO_w_lock(type) \\r
1664- CRYPTO_lock(CRYPTO_LOCK|CRYPTO_WRITE,type,__FILE__,__LINE__)\r
1665+ CRYPTO_lock(CRYPTO_LOCK|CRYPTO_WRITE,type,OPENSSL_FILE,OPENSSL_LINE)\r
1666 #define CRYPTO_w_unlock(type) \\r
1667- CRYPTO_lock(CRYPTO_UNLOCK|CRYPTO_WRITE,type,__FILE__,__LINE__)\r
1668+ CRYPTO_lock(CRYPTO_UNLOCK|CRYPTO_WRITE,type,OPENSSL_FILE,OPENSSL_LINE)\r
1669 #define CRYPTO_r_lock(type) \\r
1670- CRYPTO_lock(CRYPTO_LOCK|CRYPTO_READ,type,__FILE__,__LINE__)\r
1671+ CRYPTO_lock(CRYPTO_LOCK|CRYPTO_READ,type,OPENSSL_FILE,OPENSSL_LINE)\r
1672 #define CRYPTO_r_unlock(type) \\r
1673- CRYPTO_lock(CRYPTO_UNLOCK|CRYPTO_READ,type,__FILE__,__LINE__)\r
1674+ CRYPTO_lock(CRYPTO_UNLOCK|CRYPTO_READ,type,OPENSSL_FILE,OPENSSL_LINE)\r
1675 #define CRYPTO_add(addr,amount,type) \\r
1676- CRYPTO_add_lock(addr,amount,type,__FILE__,__LINE__)\r
1677+ CRYPTO_add_lock(addr,amount,type,OPENSSL_FILE,OPENSSL_LINE)\r
1678 \r
1679 =head1 DESCRIPTION\r
1680 \r
3f73ccb3
QL		 1681diff --git a/e_os.h b/e_os.h\r
1682index 1fa36c1..3e9dae2 100644\r
1683--- a/e_os.h\r
1684+++ b/e_os.h\r
1685@@ -136,7 +136,7 @@ extern "C" {\r
97468ab9
DW		 1686 # define MSDOS\r
1687 # endif\r
1688 \r
1689-# if defined(MSDOS) && !defined(GETPID_IS_MEANINGLESS)\r
1690+# if (defined(MSDOS) || defined(OPENSSL_SYS_UEFI)) && !defined(GETPID_IS_MEANINGLESS)\r
1691 # define GETPID_IS_MEANINGLESS\r
1692 # endif\r
1693 \r
3f73ccb3
QL		 1694diff --git a/e_os2.h b/e_os2.h\r
1695index 7be9989..909e22f 100644\r
1696--- a/e_os2.h\r
1697+++ b/e_os2.h\r
1698@@ -97,7 +97,14 @@ extern "C" {\r
3b21958b
DW		 1699 * For 32 bit environment, there seems to be the CygWin environment and then\r
1700 * all the others that try to do the same thing Microsoft does...\r
1701 */\r
1702-# if defined(OPENSSL_SYSNAME_UWIN)\r
1703+/*\r
1704+ * UEFI lives here because it might be built with a Microsoft toolchain and\r
1705+ * we need to avoid the false positive match on Windows.\r
1706+ */\r
1707+# if defined(OPENSSL_SYSNAME_UEFI)\r
1708+# undef OPENSSL_SYS_UNIX\r
1709+# define OPENSSL_SYS_UEFI\r
1710+# elif defined(OPENSSL_SYSNAME_UWIN)\r
1711 # undef OPENSSL_SYS_UNIX\r
1712 # define OPENSSL_SYS_WIN32_UWIN\r
1713 # else\r
e578aa19
QL		 1714diff --git a/engines/ccgost/e_gost_err.h b/engines/ccgost/e_gost_err.h\r
1715index a2018ec..9eacdcf 100644\r
1716--- a/engines/ccgost/e_gost_err.h\r
1717+++ b/engines/ccgost/e_gost_err.h\r
1718@@ -67,7 +67,7 @@ extern "C" {\r
1719 void ERR_load_GOST_strings(void);\r
1720 void ERR_unload_GOST_strings(void);\r
1721 void ERR_GOST_error(int function, int reason, char *file, int line);\r
1722-# define GOSTerr(f,r) ERR_GOST_error((f),(r),__FILE__,__LINE__)\r
1723+# define GOSTerr(f,r) ERR_GOST_error((f),(r),OPENSSL_FILE,OPENSSL_LINE)\r
1724 \r
1725 /* Error codes for the GOST functions. */\r
1726 \r
1727diff --git a/engines/e_4758cca_err.h b/engines/e_4758cca_err.h\r
1728index 2f29d96..47a2635 100644\r
1729--- a/engines/e_4758cca_err.h\r
1730+++ b/engines/e_4758cca_err.h\r
1731@@ -67,7 +67,7 @@ extern "C" {\r
1732 static void ERR_load_CCA4758_strings(void);\r
1733 static void ERR_unload_CCA4758_strings(void);\r
1734 static void ERR_CCA4758_error(int function, int reason, char *file, int line);\r
1735-# define CCA4758err(f,r) ERR_CCA4758_error((f),(r),__FILE__,__LINE__)\r
1736+# define CCA4758err(f,r) ERR_CCA4758_error((f),(r),OPENSSL_FILE,OPENSSL_LINE)\r
1737 \r
1738 /* Error codes for the CCA4758 functions. */\r
1739 \r
1740diff --git a/engines/e_aep_err.h b/engines/e_aep_err.h\r
1741index 2ed0114..1f8fa5b 100644\r
1742--- a/engines/e_aep_err.h\r
1743+++ b/engines/e_aep_err.h\r
1744@@ -67,7 +67,7 @@ extern "C" {\r
1745 static void ERR_load_AEPHK_strings(void);\r
1746 static void ERR_unload_AEPHK_strings(void);\r
1747 static void ERR_AEPHK_error(int function, int reason, char *file, int line);\r
1748-# define AEPHKerr(f,r) ERR_AEPHK_error((f),(r),__FILE__,__LINE__)\r
1749+# define AEPHKerr(f,r) ERR_AEPHK_error((f),(r),OPENSSL_FILE,OPENSSL_LINE)\r
1750 \r
1751 /* Error codes for the AEPHK functions. */\r
1752 \r
1753diff --git a/engines/e_atalla_err.h b/engines/e_atalla_err.h\r
1754index 7b71eff..d958496 100644\r
1755--- a/engines/e_atalla_err.h\r
1756+++ b/engines/e_atalla_err.h\r
1757@@ -67,7 +67,7 @@ extern "C" {\r
1758 static void ERR_load_ATALLA_strings(void);\r
1759 static void ERR_unload_ATALLA_strings(void);\r
1760 static void ERR_ATALLA_error(int function, int reason, char *file, int line);\r
1761-# define ATALLAerr(f,r) ERR_ATALLA_error((f),(r),__FILE__,__LINE__)\r
1762+# define ATALLAerr(f,r) ERR_ATALLA_error((f),(r),OPENSSL_FILE,OPENSSL_LINE)\r
1763 \r
1764 /* Error codes for the ATALLA functions. */\r
1765 \r
1766diff --git a/engines/e_capi_err.h b/engines/e_capi_err.h\r
1767index b5d06dc..cfe46b1 100644\r
1768--- a/engines/e_capi_err.h\r
1769+++ b/engines/e_capi_err.h\r
1770@@ -67,7 +67,7 @@ extern "C" {\r
1771 static void ERR_load_CAPI_strings(void);\r
1772 static void ERR_unload_CAPI_strings(void);\r
1773 static void ERR_CAPI_error(int function, int reason, char *file, int line);\r
1774-# define CAPIerr(f,r) ERR_CAPI_error((f),(r),__FILE__,__LINE__)\r
1775+# define CAPIerr(f,r) ERR_CAPI_error((f),(r),OPENSSL_FILE,OPENSSL_LINE)\r
1776 \r
1777 /* Error codes for the CAPI functions. */\r
1778 \r
1779diff --git a/engines/e_chil_err.h b/engines/e_chil_err.h\r
1780index d86a4ce..3d961b9 100644\r
1781--- a/engines/e_chil_err.h\r
1782+++ b/engines/e_chil_err.h\r
1783@@ -67,7 +67,7 @@ extern "C" {\r
1784 static void ERR_load_HWCRHK_strings(void);\r
1785 static void ERR_unload_HWCRHK_strings(void);\r
1786 static void ERR_HWCRHK_error(int function, int reason, char *file, int line);\r
1787-# define HWCRHKerr(f,r) ERR_HWCRHK_error((f),(r),__FILE__,__LINE__)\r
1788+# define HWCRHKerr(f,r) ERR_HWCRHK_error((f),(r),OPENSSL_FILE,OPENSSL_LINE)\r
1789 \r
1790 /* Error codes for the HWCRHK functions. */\r
1791 \r
1792diff --git a/engines/e_cswift_err.h b/engines/e_cswift_err.h\r
1793index fde3a82..7c20691 100644\r
1794--- a/engines/e_cswift_err.h\r
1795+++ b/engines/e_cswift_err.h\r
1796@@ -67,7 +67,7 @@ extern "C" {\r
1797 static void ERR_load_CSWIFT_strings(void);\r
1798 static void ERR_unload_CSWIFT_strings(void);\r
1799 static void ERR_CSWIFT_error(int function, int reason, char *file, int line);\r
1800-# define CSWIFTerr(f,r) ERR_CSWIFT_error((f),(r),__FILE__,__LINE__)\r
1801+# define CSWIFTerr(f,r) ERR_CSWIFT_error((f),(r),OPENSSL_FILE,OPENSSL_LINE)\r
1802 \r
1803 /* Error codes for the CSWIFT functions. */\r
1804 \r
1805diff --git a/engines/e_gmp_err.h b/engines/e_gmp_err.h\r
1806index 637abbc..ccaf3da 100644\r
1807--- a/engines/e_gmp_err.h\r
1808+++ b/engines/e_gmp_err.h\r
1809@@ -67,7 +67,7 @@ extern "C" {\r
1810 static void ERR_load_GMP_strings(void);\r
1811 static void ERR_unload_GMP_strings(void);\r
1812 static void ERR_GMP_error(int function, int reason, char *file, int line);\r
1813-# define GMPerr(f,r) ERR_GMP_error((f),(r),__FILE__,__LINE__)\r
1814+# define GMPerr(f,r) ERR_GMP_error((f),(r),OPENSSL_FILE,OPENSSL_LINE)\r
1815 \r
1816 /* Error codes for the GMP functions. */\r
1817 \r
1818diff --git a/engines/e_nuron_err.h b/engines/e_nuron_err.h\r
1819index aa7849c..e607d3e 100644\r
1820--- a/engines/e_nuron_err.h\r
1821+++ b/engines/e_nuron_err.h\r
1822@@ -67,7 +67,7 @@ extern "C" {\r
1823 static void ERR_load_NURON_strings(void);\r
1824 static void ERR_unload_NURON_strings(void);\r
1825 static void ERR_NURON_error(int function, int reason, char *file, int line);\r
1826-# define NURONerr(f,r) ERR_NURON_error((f),(r),__FILE__,__LINE__)\r
1827+# define NURONerr(f,r) ERR_NURON_error((f),(r),OPENSSL_FILE,OPENSSL_LINE)\r
1828 \r
1829 /* Error codes for the NURON functions. */\r
1830 \r
1831diff --git a/engines/e_sureware_err.h b/engines/e_sureware_err.h\r
1832index bef8623..54f2848 100644\r
1833--- a/engines/e_sureware_err.h\r
1834+++ b/engines/e_sureware_err.h\r
1835@@ -68,7 +68,7 @@ static void ERR_load_SUREWARE_strings(void);\r
1836 static void ERR_unload_SUREWARE_strings(void);\r
1837 static void ERR_SUREWARE_error(int function, int reason, char *file,\r
1838 int line);\r
1839-# define SUREWAREerr(f,r) ERR_SUREWARE_error((f),(r),__FILE__,__LINE__)\r
1840+# define SUREWAREerr(f,r) ERR_SUREWARE_error((f),(r),OPENSSL_FILE,OPENSSL_LINE)\r
1841 \r
1842 /* Error codes for the SUREWARE functions. */\r
1843 \r
1844diff --git a/engines/e_ubsec_err.h b/engines/e_ubsec_err.h\r
1845index c8aec7c..67110ed 100644\r
1846--- a/engines/e_ubsec_err.h\r
1847+++ b/engines/e_ubsec_err.h\r
1848@@ -67,7 +67,7 @@ extern "C" {\r
1849 static void ERR_load_UBSEC_strings(void);\r
1850 static void ERR_unload_UBSEC_strings(void);\r
1851 static void ERR_UBSEC_error(int function, int reason, char *file, int line);\r
1852-# define UBSECerr(f,r) ERR_UBSEC_error((f),(r),__FILE__,__LINE__)\r
1853+# define UBSECerr(f,r) ERR_UBSEC_error((f),(r),OPENSSL_FILE,OPENSSL_LINE)\r
1854 \r
1855 /* Error codes for the UBSEC functions. */\r
1856 \r
a62a7cc7
QL		 1857diff --git a/makevms.com b/makevms.com\r
1858index f6b3ff2..1dcbe36 100755\r
1859--- a/makevms.com\r
1860+++ b/makevms.com\r
1861@@ -293,6 +293,7 @@ $ CONFIG_LOGICALS := AES,-\r
1862 RFC3779,-\r
1863 RIPEMD,-\r
1864 RSA,-\r
1865+ SCT,-\r
1866 SCTP,-\r
1867 SEED,-\r
1868 SHA,-\r
e578aa19
QL		 1869diff --git a/ssl/d1_both.c b/ssl/d1_both.c\r
1870index d1fc716..d5f661a 100644\r
1871--- a/ssl/d1_both.c\r
1872+++ b/ssl/d1_both.c\r
1873@@ -1053,7 +1053,7 @@ int dtls1_send_change_cipher_spec(SSL *s, int a, int b)\r
1874 int dtls1_read_failed(SSL *s, int code)\r
1875 {\r
1876 if (code > 0) {\r
1877- fprintf(stderr, "invalid state reached %s:%d", __FILE__, __LINE__);\r
1878+ fprintf(stderr, "dtls1_read_failed(); invalid state reached\n");\r
1879 return 1;\r
1880 }\r
1881 \r
1882diff --git a/ssl/ssl_asn1.c b/ssl/ssl_asn1.c\r
1883index 35cc27c..a1f5335 100644\r
1884--- a/ssl/ssl_asn1.c\r
1885+++ b/ssl/ssl_asn1.c\r
1886@@ -418,7 +418,7 @@ SSL_SESSION *d2i_SSL_SESSION(SSL_SESSION **a, const unsigned char **pp,\r
1887 if (ssl_version == SSL2_VERSION) {\r
1888 if (os.length != 3) {\r
1889 c.error = SSL_R_CIPHER_CODE_WRONG_LENGTH;\r
1890- c.line = __LINE__;\r
1891+ c.line = OPENSSL_LINE;\r
1892 goto err;\r
1893 }\r
1894 id = 0x02000000L |\r
1895@@ -429,14 +429,14 @@ SSL_SESSION *d2i_SSL_SESSION(SSL_SESSION **a, const unsigned char **pp,\r
1896 || ssl_version == DTLS1_BAD_VER) {\r
1897 if (os.length != 2) {\r
1898 c.error = SSL_R_CIPHER_CODE_WRONG_LENGTH;\r
1899- c.line = __LINE__;\r
1900+ c.line = OPENSSL_LINE;\r
1901 goto err;\r
1902 }\r
1903 id = 0x03000000L |\r
1904 ((unsigned long)os.data[0] << 8L) | (unsigned long)os.data[1];\r
1905 } else {\r
1906 c.error = SSL_R_UNKNOWN_SSL_VERSION;\r
1907- c.line = __LINE__;\r
1908+ c.line = OPENSSL_LINE;\r
1909 goto err;\r
1910 }\r
1911 \r
1912@@ -526,7 +526,7 @@ SSL_SESSION *d2i_SSL_SESSION(SSL_SESSION **a, const unsigned char **pp,\r
1913 if (os.data != NULL) {\r
1914 if (os.length > SSL_MAX_SID_CTX_LENGTH) {\r
1915 c.error = SSL_R_BAD_LENGTH;\r
1916- c.line = __LINE__;\r
1917+ c.line = OPENSSL_LINE;\r
1918 goto err;\r
1919 } else {\r
1920 ret->sid_ctx_length = os.length;\r
ca6fa1fe
QL		 1921diff --git a/ssl/ssl_cert.c b/ssl/ssl_cert.c\r
1922index a73f866..d534c0a 100644\r
1923--- a/ssl/ssl_cert.c\r
1924+++ b/ssl/ssl_cert.c\r
1925@@ -855,12 +855,13 @@ int SSL_CTX_add_client_CA(SSL_CTX *ctx, X509 *x)\r
1926 return (add_client_CA(&(ctx->client_CA), x));\r
1927 }\r
1928 \r
1929+#ifndef OPENSSL_NO_STDIO\r
1930+\r
1931 static int xname_cmp(const X509_NAME *const *a, const X509_NAME *const *b)\r
1932 {\r
1933 return (X509_NAME_cmp(*a, *b));\r
1934 }\r
1935 \r
1936-#ifndef OPENSSL_NO_STDIO\r
1937 /**\r
1938 * Load CA certs from a file into a ::STACK. Note that it is somewhat misnamed;\r
1939 * it doesn't really have anything to do with clients (except that a common use\r
1940@@ -928,7 +929,6 @@ STACK_OF(X509_NAME) *SSL_load_client_CA_file(const char *file)\r
1941 ERR_clear_error();\r
1942 return (ret);\r
1943 }\r
1944-#endif\r
1945 \r
1946 /**\r
1947 * Add a file of certs to a stack.\r
1948@@ -1048,6 +1048,7 @@ int SSL_add_dir_cert_subjects_to_stack(STACK_OF(X509_NAME) *stack,\r
1949 CRYPTO_w_unlock(CRYPTO_LOCK_READDIR);\r
1950 return ret;\r
1951 }\r
1952+#endif /* !OPENSSL_NO_STDIO */\r
1953 \r
1954 /* Add a certificate to a BUF_MEM structure */\r
1955 \r
1956diff --git a/ssl/ssl_conf.c b/ssl/ssl_conf.c\r
1957index 5478840..c2ad7c9 100644\r
1958--- a/ssl/ssl_conf.c\r
1959+++ b/ssl/ssl_conf.c\r
1960@@ -362,6 +362,7 @@ static int cmd_Options(SSL_CONF_CTX *cctx, const char *value)\r
1961 return CONF_parse_list(value, ',', 1, ssl_set_option_list, cctx);\r
1962 }\r
1963 \r
1964+#ifndef OPENSSL_NO_STDIO\r
1965 static int cmd_Certificate(SSL_CONF_CTX *cctx, const char *value)\r
1966 {\r
1967 int rv = 1;\r
1968@@ -428,7 +429,9 @@ static int cmd_DHParameters(SSL_CONF_CTX *cctx, const char *value)\r
1969 BIO_free(in);\r
1970 return rv > 0;\r
1971 }\r
1972-#endif\r
1973+#endif /* !OPENSSL_NO_DH */\r
1974+#endif /* !OPENSSL_NO_STDIO */\r
1975+\r
1976 typedef struct {\r
1977 int (*cmd) (SSL_CONF_CTX *cctx, const char *value);\r
1978 const char *str_file;\r
1979@@ -454,12 +457,14 @@ static const ssl_conf_cmd_tbl ssl_conf_cmds[] = {\r
1980 SSL_CONF_CMD_STRING(CipherString, "cipher"),\r
1981 SSL_CONF_CMD_STRING(Protocol, NULL),\r
1982 SSL_CONF_CMD_STRING(Options, NULL),\r
1983+#ifndef OPENSSL_NO_STDIO\r
1984 SSL_CONF_CMD(Certificate, "cert", SSL_CONF_TYPE_FILE),\r
1985 SSL_CONF_CMD(PrivateKey, "key", SSL_CONF_TYPE_FILE),\r
1986 SSL_CONF_CMD(ServerInfoFile, NULL, SSL_CONF_TYPE_FILE),\r
1987 #ifndef OPENSSL_NO_DH\r
1988 SSL_CONF_CMD(DHParameters, "dhparam", SSL_CONF_TYPE_FILE)\r
1989 #endif\r
1990+#endif\r
1991 };\r
1992 \r
1993 static int ssl_conf_cmd_skip_prefix(SSL_CONF_CTX *cctx, const char **pcmd)\r
e578aa19
QL		 1994diff --git a/ssl/t1_enc.c b/ssl/t1_enc.c\r
1995index 514fcb3..2a54cc9 100644\r
1996--- a/ssl/t1_enc.c\r
1997+++ b/ssl/t1_enc.c\r
1998@@ -780,9 +780,7 @@ int tls1_enc(SSL *s, int send)\r
1999 * we can't write into the input stream: Can this ever\r
2000 * happen?? (steve)\r
2001 */\r
2002- fprintf(stderr,\r
2003- "%s:%d: rec->data != rec->input\n",\r
2004- __FILE__, __LINE__);\r
2005+ fprintf(stderr, "tls1_enc: rec->data != rec->input\n");\r
2006 else if (RAND_bytes(rec->input, ivlen) <= 0)\r
2007 return -1;\r
2008 }\r
f0e3cd19
QL		 2009diff --git a/test/cms-test.pl b/test/cms-test.pl\r
2010index baa3b59..1ee3f02 100644\r
2011--- a/test/cms-test.pl\r
2012+++ b/test/cms-test.pl\r
2013@@ -100,6 +100,13 @@ my $no_ec2m;\r
2014 my $no_ecdh;\r
2015 my $ossl8 = `$ossl_path version -v` =~ /0\.9\.8/;\r
2016 \r
2017+system ("$ossl_path no-cms > $null_path");\r
2018+if ($? == 0)\r
2019+ {\r
2020+ print "CMS disabled\n";\r
2021+ exit 0;\r
2022+ }\r
2023+\r
2024 system ("$ossl_path no-ec > $null_path");\r
2025 if ($? == 0)\r
2026 {\r
2027diff --git a/util/libeay.num b/util/libeay.num\r
2028index 7f7487d..13b2e3a 100755\r
2029--- a/util/libeay.num\r
2030+++ b/util/libeay.num\r
2031@@ -4368,7 +4368,7 @@ DH_compute_key_padded 4732 EXIST::FUNCTION:DH\r
2032 ECDSA_METHOD_set_sign 4733 EXIST::FUNCTION:ECDSA\r
2033 CMS_RecipientEncryptedKey_cert_cmp 4734 EXIST:!VMS:FUNCTION:CMS\r
2034 CMS_RecipEncryptedKey_cert_cmp 4734 EXIST:VMS:FUNCTION:CMS\r
2035-DH_KDF_X9_42 4735 EXIST::FUNCTION:DH\r
2036+DH_KDF_X9_42 4735 EXIST::FUNCTION:CMS,DH\r
2037 RSA_OAEP_PARAMS_free 4736 EXIST::FUNCTION:RSA\r
2038 EVP_des_ede3_wrap 4737 EXIST::FUNCTION:DES\r
2039 RSA_OAEP_PARAMS_it 4738 EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:RSA\r
a62a7cc7
QL		 2040diff --git a/util/mkdef.pl b/util/mkdef.pl\r
2041index c57c7f7..d4c3386 100755\r
2042--- a/util/mkdef.pl\r
2043+++ b/util/mkdef.pl\r
2044@@ -97,6 +97,8 @@ my @known_algorithms = ( "RC2", "RC4", "RC5", "IDEA", "DES", "BF",\r
2045 "FP_API", "STDIO", "SOCK", "KRB5", "DGRAM",\r
2046 # Engines\r
2047 "STATIC_ENGINE", "ENGINE", "HW", "GMP",\r
2048+ # X.509v3 Signed Certificate Timestamps\r
2049+ "SCT",\r
2050 # RFC3779\r
2051 "RFC3779",\r
2052 # TLS\r
2053@@ -142,7 +144,7 @@ my $no_md2; my $no_md4; my $no_md5; my $no_sha; my $no_ripemd; my $no_mdc2;\r
2054 my $no_rsa; my $no_dsa; my $no_dh; my $no_hmac=0; my $no_aes; my $no_krb5;\r
2055 my $no_ec; my $no_ecdsa; my $no_ecdh; my $no_engine; my $no_hw;\r
2056 my $no_fp_api; my $no_static_engine=1; my $no_gmp; my $no_deprecated;\r
2057-my $no_rfc3779; my $no_psk; my $no_tlsext; my $no_cms; my $no_capieng;\r
2058+my $no_sct; my $no_rfc3779; my $no_psk; my $no_tlsext; my $no_cms; my $no_capieng;\r
2059 my $no_jpake; my $no_srp; my $no_ssl2; my $no_ec2m; my $no_nistp_gcc; \r
2060 my $no_nextprotoneg; my $no_sctp; my $no_srtp; my $no_ssl_trace;\r
2061 my $no_unit_test; my $no_ssl3_method;\r
2062@@ -233,6 +235,7 @@ foreach (@ARGV, split(/ /, $options))\r
2063 elsif (/^no-engine$/) { $no_engine=1; }\r
2064 elsif (/^no-hw$/) { $no_hw=1; }\r
2065 elsif (/^no-gmp$/) { $no_gmp=1; }\r
2066+ elsif (/^no-sct$/) { $no_sct=1; }\r
2067 elsif (/^no-rfc3779$/) { $no_rfc3779=1; }\r
2068 elsif (/^no-tlsext$/) { $no_tlsext=1; }\r
2069 elsif (/^no-cms$/) { $no_cms=1; }\r
2070@@ -1206,6 +1209,7 @@ sub is_valid\r
2071 if ($keyword eq "FP_API" && $no_fp_api) { return 0; }\r
2072 if ($keyword eq "STATIC_ENGINE" && $no_static_engine) { return 0; }\r
2073 if ($keyword eq "GMP" && $no_gmp) { return 0; }\r
2074+ if ($keyword eq "SCT" && $no_sct) { return 0; }\r
2075 if ($keyword eq "RFC3779" && $no_rfc3779) { return 0; }\r
2076 if ($keyword eq "TLSEXT" && $no_tlsext) { return 0; }\r
2077 if ($keyword eq "PSK" && $no_psk) { return 0; }\r
e578aa19
QL		 2078diff --git a/util/mkerr.pl b/util/mkerr.pl\r
2079index 09ebebe..cd57ade 100644\r
2080--- a/util/mkerr.pl\r
2081+++ b/util/mkerr.pl\r
2082@@ -89,7 +89,7 @@ Options:\r
2083 void ERR_load_<LIB>_strings(void);\r
2084 void ERR_unload_<LIB>_strings(void);\r
2085 void ERR_<LIB>_error(int f, int r, char *fn, int ln);\r
2086- #define <LIB>err(f,r) ERR_<LIB>_error(f,r,__FILE__,__LINE__)\r
2087+ #define <LIB>err(f,r) ERR_<LIB>_error(f,r,OPENSSL_FILE,OPENSSL_LINE)\r
2088 while the code facilitates the use of these in an environment\r
2089 where the error support routines are dynamically loaded at \r
2090 runtime.\r
2091@@ -474,7 +474,7 @@ EOF\r
2092 ${staticloader}void ERR_load_${lib}_strings(void);\r
2093 ${staticloader}void ERR_unload_${lib}_strings(void);\r
2094 ${staticloader}void ERR_${lib}_error(int function, int reason, char *file, int line);\r
2095-# define ${lib}err(f,r) ERR_${lib}_error((f),(r),__FILE__,__LINE__)\r
2096+# define ${lib}err(f,r) ERR_${lib}_error((f),(r),OPENSSL_FILE,OPENSSL_LINE)\r
2097 \r
2098 EOF\r
2099 }\r
EFI Development Kit II mirror for PVE