]> git.proxmox.com Git - mirror_edk2.git/blame - CryptoPkg/Library/OpensslLib/EDKII_openssl-1.0.2f.patch
projects / mirror_edk2.git / blame
? search:
summary | shortlog | log | commit | commitdiff | tree
blob | blame (incremental) | history | HEAD
CryptoPkg/OpensslLib: Switch to upstream fix for OpenSSL RT#3955
[mirror_edk2.git] / CryptoPkg / Library / OpensslLib / EDKII_openssl-1.0.2f.patch
CommitLineData
ca6fa1fe
QL		 1diff --git a/Configure b/Configure\r
2index 4a715dc..eb61eda 100755\r
3--- a/Configure\r
4+++ b/Configure\r
5@@ -1082,7 +1082,7 @@ if (defined($disabled{"tls1"}))\r
6 }\r
7 \r
8 if (defined($disabled{"ec"}) || defined($disabled{"dsa"})\r
9- || defined($disabled{"dh"}))\r
10+ || defined($disabled{"dh"}) || defined($disabled{"stdio"}))\r
11 {\r
12 $disabled{"gost"} = "forced";\r
13 }\r
14diff --git a/crypto/asn1/a_strex.c b/crypto/asn1/a_strex.c\r
15index 35fd44c..9f39bff 100644\r
16--- a/crypto/asn1/a_strex.c\r
17+++ b/crypto/asn1/a_strex.c\r
18@@ -104,6 +104,7 @@ static int send_bio_chars(void *arg, const void *buf, int len)\r
19 return 1;\r
20 }\r
21 \r
22+#ifndef OPENSSL_NO_FP_API\r
23 static int send_fp_chars(void *arg, const void *buf, int len)\r
24 {\r
25 if (!arg)\r
26@@ -112,6 +113,7 @@ static int send_fp_chars(void *arg, const void *buf, int len)\r
27 return 0;\r
28 return 1;\r
29 }\r
30+#endif\r
31 \r
32 typedef int char_io (void *arg, const void *buf, int len);\r
33 \r
e578aa19
QL		 34diff --git a/crypto/asn1/asn1_mac.h b/crypto/asn1/asn1_mac.h\r
35index abc6dc3..3a672e9 100644\r
36--- a/crypto/asn1/asn1_mac.h\r
37+++ b/crypto/asn1/asn1_mac.h\r
38@@ -70,7 +70,7 @@ extern "C" {\r
39 # endif\r
40 \r
41 # define ASN1_MAC_H_err(f,r,line) \\r
42- ERR_PUT_error(ASN1_MAC_ERR_LIB,(f),(r),__FILE__,(line))\r
43+ ERR_PUT_error(ASN1_MAC_ERR_LIB,(f),(r),OPENSSL_FILE,(line))\r
44 \r
45 # define M_ASN1_D2I_vars(a,type,func) \\r
46 ASN1_const_CTX c; \\r
47@@ -81,7 +81,7 @@ extern "C" {\r
48 c.error=ERR_R_NESTED_ASN1_ERROR; \\r
49 if ((a == NULL) || ((*a) == NULL)) \\r
50 { if ((ret=(type)func()) == NULL) \\r
51- { c.line=__LINE__; goto err; } } \\r
52+ { c.line=OPENSSL_LINE; goto err; } } \\r
53 else ret=(*a);\r
54 \r
55 # define M_ASN1_D2I_Init() \\r
56@@ -90,7 +90,7 @@ extern "C" {\r
57 \r
58 # define M_ASN1_D2I_Finish_2(a) \\r
59 if (!asn1_const_Finish(&c)) \\r
60- { c.line=__LINE__; goto err; } \\r
61+ { c.line=OPENSSL_LINE; goto err; } \\r
62 *(const unsigned char **)pp=c.p; \\r
63 if (a != NULL) (*a)=ret; \\r
64 return(ret);\r
65@@ -105,7 +105,7 @@ err:\\r
66 \r
67 # define M_ASN1_D2I_start_sequence() \\r
68 if (!asn1_GetSequence(&c,&length)) \\r
69- { c.line=__LINE__; goto err; }\r
70+ { c.line=OPENSSL_LINE; goto err; }\r
71 /* Begin reading ASN1 without a surrounding sequence */\r
72 # define M_ASN1_D2I_begin() \\r
73 c.slen = length;\r
74@@ -129,21 +129,21 @@ err:\\r
75 # define M_ASN1_D2I_get(b, func) \\r
76 c.q=c.p; \\r
77 if (func(&(b),&c.p,c.slen) == NULL) \\r
78- {c.line=__LINE__; goto err; } \\r
79+ {c.line=OPENSSL_LINE; goto err; } \\r
80 c.slen-=(c.p-c.q);\r
81 \r
82 /* Don't use this with d2i_ASN1_BOOLEAN() */\r
83 # define M_ASN1_D2I_get_x(type,b,func) \\r
84 c.q=c.p; \\r
85 if (((D2I_OF(type))func)(&(b),&c.p,c.slen) == NULL) \\r
86- {c.line=__LINE__; goto err; } \\r
87+ {c.line=OPENSSL_LINE; goto err; } \\r
88 c.slen-=(c.p-c.q);\r
89 \r
90 /* use this instead () */\r
91 # define M_ASN1_D2I_get_int(b,func) \\r
92 c.q=c.p; \\r
93 if (func(&(b),&c.p,c.slen) < 0) \\r
94- {c.line=__LINE__; goto err; } \\r
95+ {c.line=OPENSSL_LINE; goto err; } \\r
96 c.slen-=(c.p-c.q);\r
97 \r
98 # define M_ASN1_D2I_get_opt(b,func,type) \\r
99@@ -164,7 +164,7 @@ err:\\r
100 M_ASN1_next=(_tmp& V_ASN1_CONSTRUCTED)|type; \\r
101 c.q=c.p; \\r
102 if (func(&(b),&c.p,c.slen) == NULL) \\r
103- {c.line=__LINE__; M_ASN1_next_prev = _tmp; goto err; } \\r
104+ {c.line=OPENSSL_LINE; M_ASN1_next_prev = _tmp; goto err; } \\r
105 c.slen-=(c.p-c.q);\\r
106 M_ASN1_next_prev=_tmp;\r
107 \r
108@@ -258,20 +258,20 @@ err:\\r
109 c.q=c.p; \\r
110 if (d2i_ASN1_SET(&(r),&c.p,c.slen,(char *(*)())func,\\r
111 (void (*)())free_func,a,b) == NULL) \\r
112- { c.line=__LINE__; goto err; } \\r
113+ { c.line=OPENSSL_LINE; goto err; } \\r
114 c.slen-=(c.p-c.q);\r
115 \r
116 # define M_ASN1_D2I_get_imp_set_type(type,r,func,free_func,a,b) \\r
117 c.q=c.p; \\r
118 if (d2i_ASN1_SET_OF_##type(&(r),&c.p,c.slen,func,\\r
119 free_func,a,b) == NULL) \\r
120- { c.line=__LINE__; goto err; } \\r
121+ { c.line=OPENSSL_LINE; goto err; } \\r
122 c.slen-=(c.p-c.q);\r
123 \r
124 # define M_ASN1_D2I_get_set_strings(r,func,a,b) \\r
125 c.q=c.p; \\r
126 if (d2i_ASN1_STRING_SET(&(r),&c.p,c.slen,a,b) == NULL) \\r
127- { c.line=__LINE__; goto err; } \\r
128+ { c.line=OPENSSL_LINE; goto err; } \\r
129 c.slen-=(c.p-c.q);\r
130 \r
131 # define M_ASN1_D2I_get_EXP_opt(r,func,tag) \\r
132@@ -285,16 +285,16 @@ err:\\r
133 Tinf=ASN1_get_object(&c.p,&Tlen,&Ttag,&Tclass,c.slen); \\r
134 if (Tinf & 0x80) \\r
135 { c.error=ERR_R_BAD_ASN1_OBJECT_HEADER; \\r
136- c.line=__LINE__; goto err; } \\r
137+ c.line=OPENSSL_LINE; goto err; } \\r
138 if (Tinf == (V_ASN1_CONSTRUCTED+1)) \\r
139 Tlen = c.slen - (c.p - c.q) - 2; \\r
140 if (func(&(r),&c.p,Tlen) == NULL) \\r
141- { c.line=__LINE__; goto err; } \\r
142+ { c.line=OPENSSL_LINE; goto err; } \\r
143 if (Tinf == (V_ASN1_CONSTRUCTED+1)) { \\r
144 Tlen = c.slen - (c.p - c.q); \\r
145 if(!ASN1_const_check_infinite_end(&c.p, Tlen)) \\r
146 { c.error=ERR_R_MISSING_ASN1_EOS; \\r
147- c.line=__LINE__; goto err; } \\r
148+ c.line=OPENSSL_LINE; goto err; } \\r
149 }\\r
150 c.slen-=(c.p-c.q); \\r
151 }\r
152@@ -310,18 +310,18 @@ err:\\r
153 Tinf=ASN1_get_object(&c.p,&Tlen,&Ttag,&Tclass,c.slen); \\r
154 if (Tinf & 0x80) \\r
155 { c.error=ERR_R_BAD_ASN1_OBJECT_HEADER; \\r
156- c.line=__LINE__; goto err; } \\r
157+ c.line=OPENSSL_LINE; goto err; } \\r
158 if (Tinf == (V_ASN1_CONSTRUCTED+1)) \\r
159 Tlen = c.slen - (c.p - c.q) - 2; \\r
160 if (d2i_ASN1_SET(&(r),&c.p,Tlen,(char *(*)())func, \\r
161 (void (*)())free_func, \\r
162 b,V_ASN1_UNIVERSAL) == NULL) \\r
163- { c.line=__LINE__; goto err; } \\r
164+ { c.line=OPENSSL_LINE; goto err; } \\r
165 if (Tinf == (V_ASN1_CONSTRUCTED+1)) { \\r
166 Tlen = c.slen - (c.p - c.q); \\r
167 if(!ASN1_check_infinite_end(&c.p, Tlen)) \\r
168 { c.error=ERR_R_MISSING_ASN1_EOS; \\r
169- c.line=__LINE__; goto err; } \\r
170+ c.line=OPENSSL_LINE; goto err; } \\r
171 }\\r
172 c.slen-=(c.p-c.q); \\r
173 }\r
174@@ -337,17 +337,17 @@ err:\\r
175 Tinf=ASN1_get_object(&c.p,&Tlen,&Ttag,&Tclass,c.slen); \\r
176 if (Tinf & 0x80) \\r
177 { c.error=ERR_R_BAD_ASN1_OBJECT_HEADER; \\r
178- c.line=__LINE__; goto err; } \\r
179+ c.line=OPENSSL_LINE; goto err; } \\r
180 if (Tinf == (V_ASN1_CONSTRUCTED+1)) \\r
181 Tlen = c.slen - (c.p - c.q) - 2; \\r
182 if (d2i_ASN1_SET_OF_##type(&(r),&c.p,Tlen,func, \\r
183 free_func,b,V_ASN1_UNIVERSAL) == NULL) \\r
184- { c.line=__LINE__; goto err; } \\r
185+ { c.line=OPENSSL_LINE; goto err; } \\r
186 if (Tinf == (V_ASN1_CONSTRUCTED+1)) { \\r
187 Tlen = c.slen - (c.p - c.q); \\r
188 if(!ASN1_check_infinite_end(&c.p, Tlen)) \\r
189 { c.error=ERR_R_MISSING_ASN1_EOS; \\r
190- c.line=__LINE__; goto err; } \\r
191+ c.line=OPENSSL_LINE; goto err; } \\r
192 }\\r
193 c.slen-=(c.p-c.q); \\r
194 }\r
195@@ -355,7 +355,7 @@ err:\\r
196 /* New macros */\r
197 # define M_ASN1_New_Malloc(ret,type) \\r
198 if ((ret=(type *)OPENSSL_malloc(sizeof(type))) == NULL) \\r
199- { c.line=__LINE__; goto err2; }\r
200+ { c.line=OPENSSL_LINE; goto err2; }\r
201 \r
202 # define M_ASN1_New(arg,func) \\r
203 if (((arg)=func()) == NULL) return(NULL)\r
b9dbddd8
QL		 204diff --git a/crypto/bn/bn_prime.c b/crypto/bn/bn_prime.c\r
205index 1d25687..e933ead 100644\r
206--- a/crypto/bn/bn_prime.c\r
207+++ b/crypto/bn/bn_prime.c\r
208@@ -131,7 +131,7 @@\r
209 static int witness(BIGNUM *w, const BIGNUM *a, const BIGNUM *a1,\r
210 const BIGNUM *a1_odd, int k, BN_CTX *ctx,\r
211 BN_MONT_CTX *mont);\r
212-static int probable_prime(BIGNUM *rnd, int bits);\r
213+static int probable_prime(BIGNUM *rnd, int bits, prime_t *mods);\r
214 static int probable_prime_dh(BIGNUM *rnd, int bits,\r
215 const BIGNUM *add, const BIGNUM *rem,\r
216 BN_CTX *ctx);\r
217@@ -166,9 +166,13 @@ int BN_generate_prime_ex(BIGNUM *ret, int bits, int safe,\r
218 BIGNUM *t;\r
219 int found = 0;\r
220 int i, j, c1 = 0;\r
221- BN_CTX *ctx;\r
222+ BN_CTX *ctx = NULL;\r
223+ prime_t *mods = NULL;\r
224 int checks = BN_prime_checks_for_size(bits);\r
225 \r
226+ mods = OPENSSL_malloc(sizeof(*mods) * NUMPRIMES);\r
227+ if (mods == NULL)\r
228+ goto err;\r
229 ctx = BN_CTX_new();\r
230 if (ctx == NULL)\r
231 goto err;\r
232@@ -179,7 +183,7 @@ int BN_generate_prime_ex(BIGNUM *ret, int bits, int safe,\r
233 loop:\r
234 /* make a random number and set the top and bottom bits */\r
235 if (add == NULL) {\r
236- if (!probable_prime(ret, bits))\r
237+ if (!probable_prime(ret, bits, mods))\r
238 goto err;\r
239 } else {\r
240 if (safe) {\r
241@@ -230,6 +234,7 @@ int BN_generate_prime_ex(BIGNUM *ret, int bits, int safe,\r
242 /* we have a prime :-) */\r
243 found = 1;\r
244 err:\r
245+ OPENSSL_free(mods);\r
246 if (ctx != NULL) {\r
247 BN_CTX_end(ctx);\r
248 BN_CTX_free(ctx);\r
249@@ -375,10 +380,9 @@ static int witness(BIGNUM *w, const BIGNUM *a, const BIGNUM *a1,\r
250 return 1;\r
251 }\r
252 \r
253-static int probable_prime(BIGNUM *rnd, int bits)\r
254+static int probable_prime(BIGNUM *rnd, int bits, prime_t *mods)\r
255 {\r
256 int i;\r
257- prime_t mods[NUMPRIMES];\r
258 BN_ULONG delta, maxdelta;\r
259 \r
260 again:\r
ca6fa1fe
QL		 261diff --git a/crypto/conf/conf.h b/crypto/conf/conf.h\r
262index 8d926d5..41cf38e 100644\r
263--- a/crypto/conf/conf.h\r
264+++ b/crypto/conf/conf.h\r
265@@ -118,8 +118,10 @@ typedef void conf_finish_func (CONF_IMODULE *md);\r
266 \r
267 int CONF_set_default_method(CONF_METHOD *meth);\r
268 void CONF_set_nconf(CONF *conf, LHASH_OF(CONF_VALUE) *hash);\r
269+# ifndef OPENSSL_NO_STDIO\r
270 LHASH_OF(CONF_VALUE) *CONF_load(LHASH_OF(CONF_VALUE) *conf, const char *file,\r
271 long *eline);\r
272+# endif\r
273 # ifndef OPENSSL_NO_FP_API\r
274 LHASH_OF(CONF_VALUE) *CONF_load_fp(LHASH_OF(CONF_VALUE) *conf, FILE *fp,\r
275 long *eline);\r
276@@ -133,7 +135,9 @@ char *CONF_get_string(LHASH_OF(CONF_VALUE) *conf, const char *group,\r
277 long CONF_get_number(LHASH_OF(CONF_VALUE) *conf, const char *group,\r
278 const char *name);\r
279 void CONF_free(LHASH_OF(CONF_VALUE) *conf);\r
280+#ifndef OPENSSL_NO_FP_API\r
281 int CONF_dump_fp(LHASH_OF(CONF_VALUE) *conf, FILE *out);\r
282+#endif\r
283 int CONF_dump_bio(LHASH_OF(CONF_VALUE) *conf, BIO *out);\r
284 \r
285 void OPENSSL_config(const char *config_name);\r
286@@ -160,7 +164,9 @@ CONF_METHOD *NCONF_XML(void);\r
287 void NCONF_free(CONF *conf);\r
288 void NCONF_free_data(CONF *conf);\r
289 \r
290+# ifndef OPENSSL_NO_STDIO\r
291 int NCONF_load(CONF *conf, const char *file, long *eline);\r
292+# endif\r
293 # ifndef OPENSSL_NO_FP_API\r
294 int NCONF_load_fp(CONF *conf, FILE *fp, long *eline);\r
f93f78ea 295 # endif\r
ca6fa1fe
QL		 296@@ -170,7 +176,9 @@ STACK_OF(CONF_VALUE) *NCONF_get_section(const CONF *conf,\r
297 char *NCONF_get_string(const CONF *conf, const char *group, const char *name);\r
298 int NCONF_get_number_e(const CONF *conf, const char *group, const char *name,\r
299 long *result);\r
300+#ifndef OPENSSL_NO_FP_API\r
301 int NCONF_dump_fp(const CONF *conf, FILE *out);\r
302+#endif\r
303 int NCONF_dump_bio(const CONF *conf, BIO *out);\r
304 \r
305 # if 0 /* The following function has no error\r
306@@ -184,8 +192,10 @@ long NCONF_get_number(CONF *conf, char *group, char *name);\r
307 \r
308 int CONF_modules_load(const CONF *cnf, const char *appname,\r
309 unsigned long flags);\r
310+#ifndef OPENSSL_NO_STDIO\r
311 int CONF_modules_load_file(const char *filename, const char *appname,\r
312 unsigned long flags);\r
313+#endif\r
314 void CONF_modules_unload(int all);\r
315 void CONF_modules_finish(void);\r
316 void CONF_modules_free(void);\r
317diff --git a/crypto/conf/conf_def.c b/crypto/conf/conf_def.c\r
318index 68c77ce..3d308c7 100644\r
319--- a/crypto/conf/conf_def.c\r
320+++ b/crypto/conf/conf_def.c\r
321@@ -182,6 +182,10 @@ static int def_destroy_data(CONF *conf)\r
322 \r
323 static int def_load(CONF *conf, const char *name, long *line)\r
324 {\r
325+#ifdef OPENSSL_NO_STDIO\r
326+ CONFerr(CONF_F_DEF_LOAD, ERR_R_SYS_LIB);\r
327+ return 0;\r
328+#else\r
329 int ret;\r
330 BIO *in = NULL;\r
331 \r
332@@ -202,6 +206,7 @@ static int def_load(CONF *conf, const char *name, long *line)\r
333 BIO_free(in);\r
334 \r
335 return ret;\r
336+#endif\r
f93f78ea
QL		 337 }\r
338 \r
ca6fa1fe
QL		 339 static int def_load_bio(CONF *conf, BIO *in, long *line)\r
340diff --git a/crypto/conf/conf_lib.c b/crypto/conf/conf_lib.c\r
341index 5281384..952b545 100644\r
342--- a/crypto/conf/conf_lib.c\r
343+++ b/crypto/conf/conf_lib.c\r
344@@ -90,6 +90,7 @@ int CONF_set_default_method(CONF_METHOD *meth)\r
345 return 1;\r
346 }\r
347 \r
348+#ifndef OPENSSL_NO_STDIO\r
349 LHASH_OF(CONF_VALUE) *CONF_load(LHASH_OF(CONF_VALUE) *conf, const char *file,\r
350 long *eline)\r
351 {\r
352@@ -111,6 +112,7 @@ LHASH_OF(CONF_VALUE) *CONF_load(LHASH_OF(CONF_VALUE) *conf, const char *file,\r
353 \r
354 return ltmp;\r
355 }\r
356+#endif\r
357 \r
358 #ifndef OPENSSL_NO_FP_API\r
359 LHASH_OF(CONF_VALUE) *CONF_load_fp(LHASH_OF(CONF_VALUE) *conf, FILE *fp,\r
360@@ -255,6 +257,7 @@ void NCONF_free_data(CONF *conf)\r
361 conf->meth->destroy_data(conf);\r
362 }\r
363 \r
364+#ifndef OPENSSL_NO_STDIO\r
365 int NCONF_load(CONF *conf, const char *file, long *eline)\r
366 {\r
367 if (conf == NULL) {\r
368@@ -264,6 +267,7 @@ int NCONF_load(CONF *conf, const char *file, long *eline)\r
369 \r
370 return conf->meth->load(conf, file, eline);\r
371 }\r
372+#endif\r
373 \r
374 #ifndef OPENSSL_NO_FP_API\r
375 int NCONF_load_fp(CONF *conf, FILE *fp, long *eline)\r
376diff --git a/crypto/conf/conf_mod.c b/crypto/conf/conf_mod.c\r
377index 9acfca4..5e0a482 100644\r
378--- a/crypto/conf/conf_mod.c\r
379+++ b/crypto/conf/conf_mod.c\r
380@@ -159,6 +159,7 @@ int CONF_modules_load(const CONF *cnf, const char *appname,\r
f93f78ea 381 \r
ca6fa1fe
QL		 382 }\r
383 \r
384+#ifndef OPENSSL_NO_STDIO\r
385 int CONF_modules_load_file(const char *filename, const char *appname,\r
386 unsigned long flags)\r
387 {\r
388@@ -194,6 +195,7 @@ int CONF_modules_load_file(const char *filename, const char *appname,\r
389 \r
390 return ret;\r
391 }\r
392+#endif\r
393 \r
394 static int module_run(const CONF *cnf, char *name, char *value,\r
395 unsigned long flags)\r
396diff --git a/crypto/conf/conf_sap.c b/crypto/conf/conf_sap.c\r
397index c042cf2..a25b636 100644\r
398--- a/crypto/conf/conf_sap.c\r
399+++ b/crypto/conf/conf_sap.c\r
400@@ -87,9 +87,11 @@ void OPENSSL_config(const char *config_name)\r
401 ENGINE_load_builtin_engines();\r
402 #endif\r
403 ERR_clear_error();\r
404+#ifndef OPENSSL_NO_STDIO\r
405 CONF_modules_load_file(NULL, config_name,\r
406 CONF_MFLAGS_DEFAULT_SECTION |\r
407 CONF_MFLAGS_IGNORE_MISSING_FILE);\r
408+#endif\r
409 openssl_configured = 1;\r
410 }\r
411 \r
412diff --git a/crypto/cryptlib.c b/crypto/cryptlib.c\r
e578aa19 413index c9f674b..39ead7f 100644\r
ca6fa1fe
QL		 414--- a/crypto/cryptlib.c\r
415+++ b/crypto/cryptlib.c\r
e578aa19
QL		 416@@ -263,7 +263,7 @@ int CRYPTO_get_new_dynlockid(void)\r
417 return (0);\r
418 }\r
419 pointer->references = 1;\r
420- pointer->data = dynlock_create_callback(__FILE__, __LINE__);\r
421+ pointer->data = dynlock_create_callback(OPENSSL_FILE, OPENSSL_LINE);\r
422 if (pointer->data == NULL) {\r
423 OPENSSL_free(pointer);\r
424 CRYPTOerr(CRYPTO_F_CRYPTO_GET_NEW_DYNLOCKID, ERR_R_MALLOC_FAILURE);\r
425@@ -289,7 +289,7 @@ int CRYPTO_get_new_dynlockid(void)\r
426 CRYPTO_w_unlock(CRYPTO_LOCK_DYNLOCK);\r
427 \r
428 if (i == -1) {\r
429- dynlock_destroy_callback(pointer->data, __FILE__, __LINE__);\r
430+ dynlock_destroy_callback(pointer->data, OPENSSL_FILE, OPENSSL_LINE);\r
431 OPENSSL_free(pointer);\r
432 } else\r
433 i += 1; /* to avoid 0 */\r
434@@ -328,7 +328,7 @@ void CRYPTO_destroy_dynlockid(int i)\r
435 CRYPTO_w_unlock(CRYPTO_LOCK_DYNLOCK);\r
436 \r
437 if (pointer) {\r
438- dynlock_destroy_callback(pointer->data, __FILE__, __LINE__);\r
439+ dynlock_destroy_callback(pointer->data, OPENSSL_FILE, OPENSSL_LINE);\r
440 OPENSSL_free(pointer);\r
441 }\r
442 }\r
ca6fa1fe
QL		 443@@ -670,6 +670,7 @@ unsigned long *OPENSSL_ia32cap_loc(void)\r
444 }\r
445 \r
446 # if defined(OPENSSL_CPUID_OBJ) && !defined(OPENSSL_NO_ASM) && !defined(I386_ONLY)\r
447+#include <stdio.h>\r
448 # define OPENSSL_CPUID_SETUP\r
449 # if defined(_WIN32)\r
450 typedef unsigned __int64 IA32CAP;\r
451@@ -980,11 +981,13 @@ void OPENSSL_showfatal(const char *fmta, ...)\r
452 #else\r
453 void OPENSSL_showfatal(const char *fmta, ...)\r
454 {\r
455+#ifndef OPENSSL_NO_STDIO\r
456 va_list ap;\r
457 \r
458 va_start(ap, fmta);\r
459 vfprintf(stderr, fmta, ap);\r
460 va_end(ap);\r
461+#endif\r
462 }\r
463 \r
464 int OPENSSL_isservice(void)\r
465@@ -1011,10 +1014,12 @@ void OpenSSLDie(const char *file, int line, const char *assertion)\r
466 #endif\r
467 }\r
468 \r
469+#ifndef OPENSSL_NO_STDIO\r
470 void *OPENSSL_stderr(void)\r
471 {\r
472 return stderr;\r
473 }\r
474+#endif\r
475 \r
476 int CRYPTO_memcmp(const void *in_a, const void *in_b, size_t len)\r
477 {\r
478diff --git a/crypto/cryptlib.h b/crypto/cryptlib.h\r
479index fba180a..3e3ea5e 100644\r
480--- a/crypto/cryptlib.h\r
481+++ b/crypto/cryptlib.h\r
482@@ -101,7 +101,9 @@ extern "C" {\r
483 void OPENSSL_cpuid_setup(void);\r
484 extern unsigned int OPENSSL_ia32cap_P[];\r
485 void OPENSSL_showfatal(const char *fmta, ...);\r
486+#ifndef OPENSSL_NO_STDIO\r
487 void *OPENSSL_stderr(void);\r
488+#endif\r
489 extern int OPENSSL_NONPIC_relocated;\r
490 \r
491 #ifdef __cplusplus\r
3f73ccb3 492diff --git a/crypto/crypto.h b/crypto/crypto.h\r
e578aa19 493index c450d7a..063d78e 100644\r
3f73ccb3
QL		 494--- a/crypto/crypto.h\r
495+++ b/crypto/crypto.h\r
496@@ -235,15 +235,15 @@ typedef struct openssl_item_st {\r
497 # ifndef OPENSSL_NO_LOCKING\r
498 # ifndef CRYPTO_w_lock\r
499 # define CRYPTO_w_lock(type) \\r
500- CRYPTO_lock(CRYPTO_LOCK|CRYPTO_WRITE,type,__FILE__,__LINE__)\r
e578aa19 501+ CRYPTO_lock(CRYPTO_LOCK|CRYPTO_WRITE,type,OPENSSL_FILE,OPENSSL_LINE)\r
3f73ccb3
QL		 502 # define CRYPTO_w_unlock(type) \\r
503- CRYPTO_lock(CRYPTO_UNLOCK|CRYPTO_WRITE,type,__FILE__,__LINE__)\r
e578aa19 504+ CRYPTO_lock(CRYPTO_UNLOCK|CRYPTO_WRITE,type,OPENSSL_FILE,OPENSSL_LINE)\r
3f73ccb3
QL		 505 # define CRYPTO_r_lock(type) \\r
506- CRYPTO_lock(CRYPTO_LOCK|CRYPTO_READ,type,__FILE__,__LINE__)\r
e578aa19 507+ CRYPTO_lock(CRYPTO_LOCK|CRYPTO_READ,type,OPENSSL_FILE,OPENSSL_LINE)\r
3f73ccb3
QL		 508 # define CRYPTO_r_unlock(type) \\r
509- CRYPTO_lock(CRYPTO_UNLOCK|CRYPTO_READ,type,__FILE__,__LINE__)\r
e578aa19 510+ CRYPTO_lock(CRYPTO_UNLOCK|CRYPTO_READ,type,OPENSSL_FILE,OPENSSL_LINE)\r
3f73ccb3
QL		 511 # define CRYPTO_add(addr,amount,type) \\r
512- CRYPTO_add_lock(addr,amount,type,__FILE__,__LINE__)\r
e578aa19 513+ CRYPTO_add_lock(addr,amount,type,OPENSSL_FILE,OPENSSL_LINE)\r
3f73ccb3
QL		 514 # endif\r
515 # else\r
516 # define CRYPTO_w_lock(a)\r
517@@ -378,19 +378,19 @@ int CRYPTO_is_mem_check_on(void);\r
518 # define MemCheck_off() CRYPTO_mem_ctrl(CRYPTO_MEM_CHECK_DISABLE)\r
519 # define is_MemCheck_on() CRYPTO_is_mem_check_on()\r
520 \r
521-# define OPENSSL_malloc(num) CRYPTO_malloc((int)num,__FILE__,__LINE__)\r
522-# define OPENSSL_strdup(str) CRYPTO_strdup((str),__FILE__,__LINE__)\r
e578aa19
QL		 523+# define OPENSSL_malloc(num) CRYPTO_malloc((int)num,OPENSSL_FILE,OPENSSL_LINE)\r
524+# define OPENSSL_strdup(str) CRYPTO_strdup((str),OPENSSL_FILE,OPENSSL_LINE)\r
3f73ccb3
QL		 525 # define OPENSSL_realloc(addr,num) \\r
526- CRYPTO_realloc((char *)addr,(int)num,__FILE__,__LINE__)\r
e578aa19 527+ CRYPTO_realloc((char *)addr,(int)num,OPENSSL_FILE,OPENSSL_LINE)\r
3f73ccb3
QL		 528 # define OPENSSL_realloc_clean(addr,old_num,num) \\r
529- CRYPTO_realloc_clean(addr,old_num,num,__FILE__,__LINE__)\r
e578aa19 530+ CRYPTO_realloc_clean(addr,old_num,num,OPENSSL_FILE,OPENSSL_LINE)\r
3f73ccb3
QL		 531 # define OPENSSL_remalloc(addr,num) \\r
532- CRYPTO_remalloc((char **)addr,(int)num,__FILE__,__LINE__)\r
e578aa19 533+ CRYPTO_remalloc((char **)addr,(int)num,OPENSSL_FILE,OPENSSL_LINE)\r
3f73ccb3
QL		 534 # define OPENSSL_freeFunc CRYPTO_free\r
535 # define OPENSSL_free(addr) CRYPTO_free(addr)\r
536 \r
537 # define OPENSSL_malloc_locked(num) \\r
538- CRYPTO_malloc_locked((int)num,__FILE__,__LINE__)\r
e578aa19 539+ CRYPTO_malloc_locked((int)num,OPENSSL_FILE,OPENSSL_LINE)\r
3f73ccb3
QL		 540 # define OPENSSL_free_locked(addr) CRYPTO_free_locked(addr)\r
541 \r
542 const char *SSLeay_version(int type);\r
543@@ -545,7 +545,7 @@ void CRYPTO_set_mem_debug_options(long bits);\r
544 long CRYPTO_get_mem_debug_options(void);\r
545 \r
546 # define CRYPTO_push_info(info) \\r
547- CRYPTO_push_info_(info, __FILE__, __LINE__);\r
e578aa19 548+ CRYPTO_push_info_(info, OPENSSL_FILE, OPENSSL_LINE);\r
3f73ccb3
QL		 549 int CRYPTO_push_info_(const char *info, const char *file, int line);\r
550 int CRYPTO_pop_info(void);\r
551 int CRYPTO_remove_all_info(void);\r
552@@ -588,7 +588,7 @@ void CRYPTO_mem_leaks_cb(CRYPTO_MEM_LEAK_CB *cb);\r
553 \r
554 /* die if we have to */\r
555 void OpenSSLDie(const char *file, int line, const char *assertion);\r
556-# define OPENSSL_assert(e) (void)((e) ? 0 : (OpenSSLDie(__FILE__, __LINE__, #e),1))\r
e578aa19 557+# define OPENSSL_assert(e) (void)((e) ? 0 : (OpenSSLDie(OPENSSL_FILE, OPENSSL_LINE, #e),1))\r
3f73ccb3
QL		 558 \r
559 unsigned long *OPENSSL_ia32cap_loc(void);\r
560 # define OPENSSL_ia32cap (*(OPENSSL_ia32cap_loc()))\r
561@@ -605,14 +605,14 @@ void OPENSSL_init(void);\r
562 # define fips_md_init_ctx(alg, cx) \\r
563 int alg##_Init(cx##_CTX *c) \\r
564 { \\r
565- if (FIPS_mode()) OpenSSLDie(__FILE__, __LINE__, \\r
e578aa19 566+ if (FIPS_mode()) OpenSSLDie(OPENSSL_FILE, OPENSSL_LINE, \\r
3f73ccb3
QL		 567 "Low level API call to digest " #alg " forbidden in FIPS mode!"); \\r
568 return private_##alg##_Init(c); \\r
569 } \\r
570 int private_##alg##_Init(cx##_CTX *c)\r
571 \r
572 # define fips_cipher_abort(alg) \\r
573- if (FIPS_mode()) OpenSSLDie(__FILE__, __LINE__, \\r
e578aa19 574+ if (FIPS_mode()) OpenSSLDie(OPENSSL_FILE, OPENSSL_LINE, \\r
3f73ccb3
QL		 575 "Low level API call to cipher " #alg " forbidden in FIPS mode!")\r
576 \r
577 # else\r
ca6fa1fe
QL		 578diff --git a/crypto/des/read2pwd.c b/crypto/des/read2pwd.c\r
579index 01e275f..7633139 100644\r
580--- a/crypto/des/read2pwd.c\r
581+++ b/crypto/des/read2pwd.c\r
582@@ -114,6 +114,10 @@\r
583 #include <openssl/ui.h>\r
584 #include <openssl/crypto.h>\r
585 \r
586+#ifndef BUFSIZ\r
587+#define BUFSIZ 256\r
588+#endif\r
589+\r
590 int DES_read_password(DES_cblock *key, const char *prompt, int verify)\r
591 {\r
592 int ok;\r
3f73ccb3
QL		 593diff --git a/crypto/dh/dh_pmeth.c b/crypto/dh/dh_pmeth.c\r
594index b58e3fa..e5f345a 100644\r
595--- a/crypto/dh/dh_pmeth.c\r
596+++ b/crypto/dh/dh_pmeth.c\r
597@@ -449,6 +449,9 @@ static int pkey_dh_derive(EVP_PKEY_CTX *ctx, unsigned char *key,\r
f93f78ea
QL		 598 *keylen = ret;\r
599 return 1;\r
600 } else if (dctx->kdf_type == EVP_PKEY_DH_KDF_X9_42) {\r
601+#ifdef OPENSSL_NO_CMS\r
602+ return 0;\r
603+#else\r
604 unsigned char *Z = NULL;\r
605 size_t Zlen = 0;\r
606 if (!dctx->kdf_outlen || !dctx->kdf_oid)\r
3f73ccb3 607@@ -478,6 +481,7 @@ static int pkey_dh_derive(EVP_PKEY_CTX *ctx, unsigned char *key,\r
f93f78ea
QL		 608 OPENSSL_free(Z);\r
609 }\r
610 return ret;\r
611+#endif\r
612 }\r
613 return 1;\r
614 }\r
e578aa19
QL		 615diff --git a/crypto/engine/eng_int.h b/crypto/engine/eng_int.h\r
616index 46f163b..b4a72a0 100644\r
617--- a/crypto/engine/eng_int.h\r
618+++ b/crypto/engine/eng_int.h\r
619@@ -88,7 +88,7 @@ extern "C" {\r
620 (unsigned int)(e), (isfunct ? "funct" : "struct"), \\r
621 ((isfunct) ? ((e)->funct_ref - (diff)) : ((e)->struct_ref - (diff))), \\r
622 ((isfunct) ? (e)->funct_ref : (e)->struct_ref), \\r
623- (__FILE__), (__LINE__));\r
624+ (OPENSSL_FILE), (OPENSSL_LINE));\r
625 \r
626 # else\r
627 \r
628@@ -136,7 +136,7 @@ ENGINE *engine_table_select(ENGINE_TABLE **table, int nid);\r
629 # else\r
630 ENGINE *engine_table_select_tmp(ENGINE_TABLE **table, int nid, const char *f,\r
631 int l);\r
632-# define engine_table_select(t,n) engine_table_select_tmp(t,n,__FILE__,__LINE__)\r
633+# define engine_table_select(t,n) engine_table_select_tmp(t,n,OPENSSL_FILE,OPENSSL_LINE)\r
634 # endif\r
635 typedef void (engine_table_doall_cb) (int nid, STACK_OF(ENGINE) *sk,\r
636 ENGINE *def, void *arg);\r
ca6fa1fe
QL		 637diff --git a/crypto/engine/eng_openssl.c b/crypto/engine/eng_openssl.c\r
638index 34b0029..cf622bb 100644\r
639--- a/crypto/engine/eng_openssl.c\r
640+++ b/crypto/engine/eng_openssl.c\r
641@@ -86,7 +86,9 @@\r
642 * this is no longer automatic in ENGINE_load_builtin_engines().\r
643 */\r
644 #define TEST_ENG_OPENSSL_RC4\r
645+#ifndef OPENSSL_NO_FP_API\r
646 #define TEST_ENG_OPENSSL_PKEY\r
647+#endif\r
648 /* #define TEST_ENG_OPENSSL_RC4_OTHERS */\r
649 #define TEST_ENG_OPENSSL_RC4_P_INIT\r
650 /* #define TEST_ENG_OPENSSL_RC4_P_CIPHER */\r
e578aa19
QL		 651diff --git a/crypto/err/err.h b/crypto/err/err.h\r
652index 585aa8b..04c6cfc 100644\r
653--- a/crypto/err/err.h\r
654+++ b/crypto/err/err.h\r
655@@ -200,39 +200,39 @@ typedef struct err_state_st {\r
656 \r
657 # define ERR_LIB_USER 128\r
658 \r
659-# define SYSerr(f,r) ERR_PUT_error(ERR_LIB_SYS,(f),(r),__FILE__,__LINE__)\r
660-# define BNerr(f,r) ERR_PUT_error(ERR_LIB_BN,(f),(r),__FILE__,__LINE__)\r
661-# define RSAerr(f,r) ERR_PUT_error(ERR_LIB_RSA,(f),(r),__FILE__,__LINE__)\r
662-# define DHerr(f,r) ERR_PUT_error(ERR_LIB_DH,(f),(r),__FILE__,__LINE__)\r
663-# define EVPerr(f,r) ERR_PUT_error(ERR_LIB_EVP,(f),(r),__FILE__,__LINE__)\r
664-# define BUFerr(f,r) ERR_PUT_error(ERR_LIB_BUF,(f),(r),__FILE__,__LINE__)\r
665-# define OBJerr(f,r) ERR_PUT_error(ERR_LIB_OBJ,(f),(r),__FILE__,__LINE__)\r
666-# define PEMerr(f,r) ERR_PUT_error(ERR_LIB_PEM,(f),(r),__FILE__,__LINE__)\r
667-# define DSAerr(f,r) ERR_PUT_error(ERR_LIB_DSA,(f),(r),__FILE__,__LINE__)\r
668-# define X509err(f,r) ERR_PUT_error(ERR_LIB_X509,(f),(r),__FILE__,__LINE__)\r
669-# define ASN1err(f,r) ERR_PUT_error(ERR_LIB_ASN1,(f),(r),__FILE__,__LINE__)\r
670-# define CONFerr(f,r) ERR_PUT_error(ERR_LIB_CONF,(f),(r),__FILE__,__LINE__)\r
671-# define CRYPTOerr(f,r) ERR_PUT_error(ERR_LIB_CRYPTO,(f),(r),__FILE__,__LINE__)\r
672-# define ECerr(f,r) ERR_PUT_error(ERR_LIB_EC,(f),(r),__FILE__,__LINE__)\r
673-# define SSLerr(f,r) ERR_PUT_error(ERR_LIB_SSL,(f),(r),__FILE__,__LINE__)\r
674-# define BIOerr(f,r) ERR_PUT_error(ERR_LIB_BIO,(f),(r),__FILE__,__LINE__)\r
675-# define PKCS7err(f,r) ERR_PUT_error(ERR_LIB_PKCS7,(f),(r),__FILE__,__LINE__)\r
676-# define X509V3err(f,r) ERR_PUT_error(ERR_LIB_X509V3,(f),(r),__FILE__,__LINE__)\r
677-# define PKCS12err(f,r) ERR_PUT_error(ERR_LIB_PKCS12,(f),(r),__FILE__,__LINE__)\r
678-# define RANDerr(f,r) ERR_PUT_error(ERR_LIB_RAND,(f),(r),__FILE__,__LINE__)\r
679-# define DSOerr(f,r) ERR_PUT_error(ERR_LIB_DSO,(f),(r),__FILE__,__LINE__)\r
680-# define ENGINEerr(f,r) ERR_PUT_error(ERR_LIB_ENGINE,(f),(r),__FILE__,__LINE__)\r
681-# define OCSPerr(f,r) ERR_PUT_error(ERR_LIB_OCSP,(f),(r),__FILE__,__LINE__)\r
682-# define UIerr(f,r) ERR_PUT_error(ERR_LIB_UI,(f),(r),__FILE__,__LINE__)\r
683-# define COMPerr(f,r) ERR_PUT_error(ERR_LIB_COMP,(f),(r),__FILE__,__LINE__)\r
684-# define ECDSAerr(f,r) ERR_PUT_error(ERR_LIB_ECDSA,(f),(r),__FILE__,__LINE__)\r
685-# define ECDHerr(f,r) ERR_PUT_error(ERR_LIB_ECDH,(f),(r),__FILE__,__LINE__)\r
686-# define STOREerr(f,r) ERR_PUT_error(ERR_LIB_STORE,(f),(r),__FILE__,__LINE__)\r
687-# define FIPSerr(f,r) ERR_PUT_error(ERR_LIB_FIPS,(f),(r),__FILE__,__LINE__)\r
688-# define CMSerr(f,r) ERR_PUT_error(ERR_LIB_CMS,(f),(r),__FILE__,__LINE__)\r
689-# define TSerr(f,r) ERR_PUT_error(ERR_LIB_TS,(f),(r),__FILE__,__LINE__)\r
690-# define HMACerr(f,r) ERR_PUT_error(ERR_LIB_HMAC,(f),(r),__FILE__,__LINE__)\r
691-# define JPAKEerr(f,r) ERR_PUT_error(ERR_LIB_JPAKE,(f),(r),__FILE__,__LINE__)\r
692+# define SYSerr(f,r) ERR_PUT_error(ERR_LIB_SYS,(f),(r),OPENSSL_FILE,OPENSSL_LINE)\r
693+# define BNerr(f,r) ERR_PUT_error(ERR_LIB_BN,(f),(r),OPENSSL_FILE,OPENSSL_LINE)\r
694+# define RSAerr(f,r) ERR_PUT_error(ERR_LIB_RSA,(f),(r),OPENSSL_FILE,OPENSSL_LINE)\r
695+# define DHerr(f,r) ERR_PUT_error(ERR_LIB_DH,(f),(r),OPENSSL_FILE,OPENSSL_LINE)\r
696+# define EVPerr(f,r) ERR_PUT_error(ERR_LIB_EVP,(f),(r),OPENSSL_FILE,OPENSSL_LINE)\r
697+# define BUFerr(f,r) ERR_PUT_error(ERR_LIB_BUF,(f),(r),OPENSSL_FILE,OPENSSL_LINE)\r
698+# define OBJerr(f,r) ERR_PUT_error(ERR_LIB_OBJ,(f),(r),OPENSSL_FILE,OPENSSL_LINE)\r
699+# define PEMerr(f,r) ERR_PUT_error(ERR_LIB_PEM,(f),(r),OPENSSL_FILE,OPENSSL_LINE)\r
700+# define DSAerr(f,r) ERR_PUT_error(ERR_LIB_DSA,(f),(r),OPENSSL_FILE,OPENSSL_LINE)\r
701+# define X509err(f,r) ERR_PUT_error(ERR_LIB_X509,(f),(r),OPENSSL_FILE,OPENSSL_LINE)\r
702+# define ASN1err(f,r) ERR_PUT_error(ERR_LIB_ASN1,(f),(r),OPENSSL_FILE,OPENSSL_LINE)\r
703+# define CONFerr(f,r) ERR_PUT_error(ERR_LIB_CONF,(f),(r),OPENSSL_FILE,OPENSSL_LINE)\r
704+# define CRYPTOerr(f,r) ERR_PUT_error(ERR_LIB_CRYPTO,(f),(r),OPENSSL_FILE,OPENSSL_LINE)\r
705+# define ECerr(f,r) ERR_PUT_error(ERR_LIB_EC,(f),(r),OPENSSL_FILE,OPENSSL_LINE)\r
706+# define SSLerr(f,r) ERR_PUT_error(ERR_LIB_SSL,(f),(r),OPENSSL_FILE,OPENSSL_LINE)\r
707+# define BIOerr(f,r) ERR_PUT_error(ERR_LIB_BIO,(f),(r),OPENSSL_FILE,OPENSSL_LINE)\r
708+# define PKCS7err(f,r) ERR_PUT_error(ERR_LIB_PKCS7,(f),(r),OPENSSL_FILE,OPENSSL_LINE)\r
709+# define X509V3err(f,r) ERR_PUT_error(ERR_LIB_X509V3,(f),(r),OPENSSL_FILE,OPENSSL_LINE)\r
710+# define PKCS12err(f,r) ERR_PUT_error(ERR_LIB_PKCS12,(f),(r),OPENSSL_FILE,OPENSSL_LINE)\r
711+# define RANDerr(f,r) ERR_PUT_error(ERR_LIB_RAND,(f),(r),OPENSSL_FILE,OPENSSL_LINE)\r
712+# define DSOerr(f,r) ERR_PUT_error(ERR_LIB_DSO,(f),(r),OPENSSL_FILE,OPENSSL_LINE)\r
713+# define ENGINEerr(f,r) ERR_PUT_error(ERR_LIB_ENGINE,(f),(r),OPENSSL_FILE,OPENSSL_LINE)\r
714+# define OCSPerr(f,r) ERR_PUT_error(ERR_LIB_OCSP,(f),(r),OPENSSL_FILE,OPENSSL_LINE)\r
715+# define UIerr(f,r) ERR_PUT_error(ERR_LIB_UI,(f),(r),OPENSSL_FILE,OPENSSL_LINE)\r
716+# define COMPerr(f,r) ERR_PUT_error(ERR_LIB_COMP,(f),(r),OPENSSL_FILE,OPENSSL_LINE)\r
717+# define ECDSAerr(f,r) ERR_PUT_error(ERR_LIB_ECDSA,(f),(r),OPENSSL_FILE,OPENSSL_LINE)\r
718+# define ECDHerr(f,r) ERR_PUT_error(ERR_LIB_ECDH,(f),(r),OPENSSL_FILE,OPENSSL_LINE)\r
719+# define STOREerr(f,r) ERR_PUT_error(ERR_LIB_STORE,(f),(r),OPENSSL_FILE,OPENSSL_LINE)\r
720+# define FIPSerr(f,r) ERR_PUT_error(ERR_LIB_FIPS,(f),(r),OPENSSL_FILE,OPENSSL_LINE)\r
721+# define CMSerr(f,r) ERR_PUT_error(ERR_LIB_CMS,(f),(r),OPENSSL_FILE,OPENSSL_LINE)\r
722+# define TSerr(f,r) ERR_PUT_error(ERR_LIB_TS,(f),(r),OPENSSL_FILE,OPENSSL_LINE)\r
723+# define HMACerr(f,r) ERR_PUT_error(ERR_LIB_HMAC,(f),(r),OPENSSL_FILE,OPENSSL_LINE)\r
724+# define JPAKEerr(f,r) ERR_PUT_error(ERR_LIB_JPAKE,(f),(r),OPENSSL_FILE,OPENSSL_LINE)\r
725 \r
726 /*\r
727 * Borland C seems too stupid to be able to shift and do longs in the\r
728diff --git a/crypto/opensslconf.h.in b/crypto/opensslconf.h.in\r
729index 7a1c85d..a5f51a7 100644\r
730--- a/crypto/opensslconf.h.in\r
731+++ b/crypto/opensslconf.h.in\r
732@@ -1,5 +1,15 @@\r
733 /* crypto/opensslconf.h.in */\r
734 \r
735+#ifndef OPENSSL_FILE\r
736+#ifdef OPENSSL_NO_FILENAMES\r
737+#define OPENSSL_FILE ""\r
738+#define OPENSSL_LINE 0\r
739+#else\r
740+#define OPENSSL_FILE __FILE__\r
741+#define OPENSSL_LINE __LINE__\r
742+#endif\r
743+#endif\r
744+\r
745 /* Generate 80386 code? */\r
746 #undef I386_ONLY\r
747 \r
3f73ccb3 748diff --git a/crypto/pem/pem.h b/crypto/pem/pem.h\r
ca6fa1fe 749index d3b23fc..87b0b6a 100644\r
3f73ccb3
QL		 750--- a/crypto/pem/pem.h\r
751+++ b/crypto/pem/pem.h\r
752@@ -324,6 +324,7 @@ int PEM_write_bio_##name(BIO *bp, type *x, const EVP_CIPHER *enc, \\r
f93f78ea
QL		 753 \r
754 # define DECLARE_PEM_read_fp(name, type) /**/\r
755 # define DECLARE_PEM_write_fp(name, type) /**/\r
756+# define DECLARE_PEM_write_fp_const(name, type) /**/\r
757 # define DECLARE_PEM_write_cb_fp(name, type) /**/\r
758 # else\r
759 \r
ca6fa1fe
QL		 760@@ -417,6 +418,7 @@ int PEM_X509_INFO_write_bio(BIO *bp, X509_INFO *xi, EVP_CIPHER *enc,\r
761 pem_password_cb *cd, void *u);\r
762 # endif\r
763 \r
764+#ifndef OPENSSL_NO_FP_API\r
765 int PEM_read(FILE *fp, char **name, char **header,\r
766 unsigned char **data, long *len);\r
767 int PEM_write(FILE *fp, const char *name, const char *hdr,\r
768@@ -428,6 +430,7 @@ int PEM_ASN1_write(i2d_of_void *i2d, const char *name, FILE *fp,\r
769 int klen, pem_password_cb *callback, void *u);\r
770 STACK_OF(X509_INFO) *PEM_X509_INFO_read(FILE *fp, STACK_OF(X509_INFO) *sk,\r
771 pem_password_cb *cb, void *u);\r
772+#endif\r
773 \r
774 int PEM_SealInit(PEM_ENCODE_SEAL_CTX *ctx, EVP_CIPHER *type,\r
775 EVP_MD *md_type, unsigned char **ek, int *ekl,\r
776@@ -494,6 +497,7 @@ int i2d_PKCS8PrivateKey_nid_bio(BIO *bp, EVP_PKEY *x, int nid,\r
777 EVP_PKEY *d2i_PKCS8PrivateKey_bio(BIO *bp, EVP_PKEY **x, pem_password_cb *cb,\r
778 void *u);\r
779 \r
780+#ifndef OPENSSL_NO_FP_API\r
781 int i2d_PKCS8PrivateKey_fp(FILE *fp, EVP_PKEY *x, const EVP_CIPHER *enc,\r
782 char *kstr, int klen,\r
783 pem_password_cb *cb, void *u);\r
784@@ -510,7 +514,7 @@ EVP_PKEY *d2i_PKCS8PrivateKey_fp(FILE *fp, EVP_PKEY **x, pem_password_cb *cb,\r
785 int PEM_write_PKCS8PrivateKey(FILE *fp, EVP_PKEY *x, const EVP_CIPHER *enc,\r
786 char *kstr, int klen, pem_password_cb *cd,\r
787 void *u);\r
788-\r
789+#endif\r
790 EVP_PKEY *PEM_read_bio_Parameters(BIO *bp, EVP_PKEY **x);\r
791 int PEM_write_bio_Parameters(BIO *bp, EVP_PKEY *x);\r
792 \r
793diff --git a/crypto/pem/pem_pk8.c b/crypto/pem/pem_pk8.c\r
794index 5747c73..fe465cc 100644\r
795--- a/crypto/pem/pem_pk8.c\r
796+++ b/crypto/pem/pem_pk8.c\r
797@@ -69,10 +69,12 @@\r
798 static int do_pk8pkey(BIO *bp, EVP_PKEY *x, int isder,\r
799 int nid, const EVP_CIPHER *enc,\r
800 char *kstr, int klen, pem_password_cb *cb, void *u);\r
801+\r
802+#ifndef OPENSSL_NO_FP_API\r
803 static int do_pk8pkey_fp(FILE *bp, EVP_PKEY *x, int isder,\r
804 int nid, const EVP_CIPHER *enc,\r
805 char *kstr, int klen, pem_password_cb *cb, void *u);\r
806-\r
807+#endif\r
808 /*\r
809 * These functions write a private key in PKCS#8 format: it is a "drop in"\r
810 * replacement for PEM_write_bio_PrivateKey() and friends. As usual if 'enc'\r
3f73ccb3 811diff --git a/crypto/pkcs7/pk7_smime.c b/crypto/pkcs7/pk7_smime.c\r
b9dbddd8 812index c4d3724..0bc3d43 100644\r
3f73ccb3
QL		 813--- a/crypto/pkcs7/pk7_smime.c\r
814+++ b/crypto/pkcs7/pk7_smime.c\r
b9dbddd8
QL		 815@@ -64,6 +64,9 @@\r
816 #include <openssl/x509.h>\r
817 #include <openssl/x509v3.h>\r
818 \r
819+\r
820+#define BUFFERSIZE 4096\r
821+\r
822 static int pkcs7_copy_existing_digest(PKCS7 *p7, PKCS7_SIGNER_INFO *si);\r
823 \r
824 PKCS7 *PKCS7_sign(X509 *signcert, EVP_PKEY *pkey, STACK_OF(X509) *certs,\r
825@@ -254,7 +257,7 @@ int PKCS7_verify(PKCS7 *p7, STACK_OF(X509) *certs, X509_STORE *store,\r
f93f78ea
QL		 826 STACK_OF(PKCS7_SIGNER_INFO) *sinfos;\r
827 PKCS7_SIGNER_INFO *si;\r
828 X509_STORE_CTX cert_ctx;\r
829- char buf[4096];\r
830+ char *buf = NULL;\r
f93f78ea 831 int i, j = 0, k, ret = 0;\r
65202874
QL		 832 BIO *p7bio = NULL;\r
833 BIO *tmpin = NULL, *tmpout = NULL;\r
b9dbddd8 834@@ -274,12 +277,29 @@ int PKCS7_verify(PKCS7 *p7, STACK_OF(X509) *certs, X509_STORE *store,\r
503f6e38 835 PKCS7err(PKCS7_F_PKCS7_VERIFY, PKCS7_R_NO_CONTENT);\r
65202874
QL		 836 return 0;\r
837 }\r
503f6e38
QL		 838+#if 0\r
839+ /*\r
840+ * NB: this test commented out because some versions of Netscape\r
841+ * illegally include zero length content when signing data. Also\r
842+ * Microsoft Authenticode includes a SpcIndirectDataContent data\r
843+ * structure which describes the content to be protected by the\r
844+ * signature, rather than directly embedding that content. So\r
845+ * Authenticode implementations are also expected to use\r
846+ * PKCS7_verify() with explicit external data, on non-detached\r
847+ * PKCS#7 signatures.\r
848+ *\r
849+ * In OpenSSL 1.1 a new flag PKCS7_NO_DUAL_CONTENT has been\r
850+ * introduced to disable this sanity check. For the 1.0.2 branch\r
851+ * this change is not acceptable, so the check remains completely\r
852+ * commented out (as it has been for a long time).\r
853+ */\r
854 \r
855 /* Check for data and content: two sets of data */\r
856 if (!PKCS7_get_detached(p7) && indata) {\r
857 PKCS7err(PKCS7_F_PKCS7_VERIFY, PKCS7_R_CONTENT_AND_DATA_PRESENT);\r
858 return 0;\r
859 }\r
860+#endif\r
65202874 861 \r
65202874
QL		 862 sinfos = PKCS7_get_signer_info(p7);\r
863 \r
b9dbddd8 864@@ -356,8 +376,12 @@ int PKCS7_verify(PKCS7 *p7, STACK_OF(X509) *certs, X509_STORE *store,\r
f93f78ea
QL		 865 tmpout = out;\r
866 \r
b9dbddd8
QL		 867 /* We now have to 'read' from p7bio to calculate digests etc. */\r
868+ if ((buf = OPENSSL_malloc(BUFFERSIZE)) == NULL) {\r
869+ PKCS7err(PKCS7_F_PKCS7_VERIFY, ERR_R_MALLOC_FAILURE);\r
f93f78ea
QL		 870+ goto err;\r
871+ }\r
f93f78ea
QL		 872 for (;;) {\r
873- i = BIO_read(p7bio, buf, sizeof(buf));\r
b9dbddd8 874+ i = BIO_read(p7bio, buf, BUFFERSIZE);\r
f93f78ea
QL		 875 if (i <= 0)\r
876 break;\r
877 if (tmpout)\r
b9dbddd8
QL		 878@@ -388,6 +412,7 @@ int PKCS7_verify(PKCS7 *p7, STACK_OF(X509) *certs, X509_STORE *store,\r
879 ret = 1;\r
880 \r
881 err:\r
882+ OPENSSL_free(buf);\r
883 if (tmpin == indata) {\r
884 if (indata)\r
885 BIO_pop(p7bio);\r
886@@ -506,7 +531,7 @@ int PKCS7_decrypt(PKCS7 *p7, EVP_PKEY *pkey, X509 *cert, BIO *data, int flags)\r
887 {\r
888 BIO *tmpmem;\r
889 int ret, i;\r
890- char buf[4096];\r
891+ char *buf = NULL;\r
892 \r
893 if (!p7) {\r
894 PKCS7err(PKCS7_F_PKCS7_DECRYPT, PKCS7_R_INVALID_NULL_POINTER);\r
895@@ -550,24 +575,29 @@ int PKCS7_decrypt(PKCS7 *p7, EVP_PKEY *pkey, X509 *cert, BIO *data, int flags)\r
896 }\r
897 BIO_free_all(bread);\r
898 return ret;\r
899- } else {\r
900- for (;;) {\r
901- i = BIO_read(tmpmem, buf, sizeof(buf));\r
902- if (i <= 0) {\r
903- ret = 1;\r
904- if (BIO_method_type(tmpmem) == BIO_TYPE_CIPHER) {\r
905- if (!BIO_get_cipher_status(tmpmem))\r
906- ret = 0;\r
907- }\r
908-\r
909- break;\r
910- }\r
911- if (BIO_write(data, buf, i) != i) {\r
912- ret = 0;\r
913- break;\r
f93f78ea 914+ }\r
b9dbddd8
QL		 915+ if ((buf = OPENSSL_malloc(BUFFERSIZE)) == NULL) {\r
916+ PKCS7err(PKCS7_F_PKCS7_DECRYPT, ERR_R_MALLOC_FAILURE);\r
917+ goto err;\r
918+ }\r
919+ for (;;) {\r
920+ i = BIO_read(tmpmem, buf, BUFFERSIZE);\r
921+ if (i <= 0) {\r
922+ ret = 1;\r
923+ if (BIO_method_type(tmpmem) == BIO_TYPE_CIPHER) {\r
924+ if (!BIO_get_cipher_status(tmpmem))\r
925+ ret = 0;\r
926 }\r
927+\r
928+ break;\r
929+ }\r
930+ if (BIO_write(data, buf, i) != i) {\r
931+ ret = 0;\r
932+ break;\r
933 }\r
934- BIO_free_all(tmpmem);\r
935- return ret;\r
936 }\r
937+err:\r
938+ OPENSSL_free(buf);\r
939+ BIO_free_all(tmpmem);\r
940+ return ret;\r
f93f78ea 941 }\r
3f73ccb3
QL		 942diff --git a/crypto/rand/rand_unix.c b/crypto/rand/rand_unix.c\r
943index 266111e..f60fac6 100644\r
944--- a/crypto/rand/rand_unix.c\r
945+++ b/crypto/rand/rand_unix.c\r
f93f78ea
QL		 946@@ -116,7 +116,7 @@\r
947 #include <openssl/rand.h>\r
948 #include "rand_lcl.h"\r
949 \r
950-#if !(defined(OPENSSL_SYS_WINDOWS) || defined(OPENSSL_SYS_WIN32) || defined(OPENSSL_SYS_VMS) || defined(OPENSSL_SYS_OS2) || defined(OPENSSL_SYS_VXWORKS) || defined(OPENSSL_SYS_NETWARE))\r
951+#if !(defined(OPENSSL_SYS_WINDOWS) || defined(OPENSSL_SYS_WIN32) || defined(OPENSSL_SYS_VMS) || defined(OPENSSL_SYS_OS2) || defined(OPENSSL_SYS_VXWORKS) || defined(OPENSSL_SYS_NETWARE) || defined(OPENSSL_SYS_UEFI))\r
952 \r
953 # include <sys/types.h>\r
954 # include <sys/time.h>\r
3f73ccb3 955@@ -439,7 +439,7 @@ int RAND_poll(void)\r
f93f78ea
QL		 956 * defined(OPENSSL_SYS_VXWORKS) ||\r
957 * defined(OPENSSL_SYS_NETWARE)) */\r
958 \r
959-#if defined(OPENSSL_SYS_VXWORKS)\r
960+#if defined(OPENSSL_SYS_VXWORKS) || defined(OPENSSL_SYS_UEFI)\r
961 int RAND_poll(void)\r
962 {\r
963 return 0;\r
3f73ccb3
QL		 964diff --git a/crypto/rsa/rsa_ameth.c b/crypto/rsa/rsa_ameth.c\r
965index 4e06218..f591f0f 100644\r
966--- a/crypto/rsa/rsa_ameth.c\r
967+++ b/crypto/rsa/rsa_ameth.c\r
f93f78ea
QL		 968@@ -68,10 +68,12 @@\r
969 #endif\r
970 #include "asn1_locl.h"\r
971 \r
972+#ifndef OPENSSL_NO_CMS\r
973 static int rsa_cms_sign(CMS_SignerInfo *si);\r
974 static int rsa_cms_verify(CMS_SignerInfo *si);\r
975 static int rsa_cms_decrypt(CMS_RecipientInfo *ri);\r
976 static int rsa_cms_encrypt(CMS_RecipientInfo *ri);\r
977+#endif\r
978 \r
979 static int rsa_pub_encode(X509_PUBKEY *pk, const EVP_PKEY *pkey)\r
980 {\r
3f73ccb3 981@@ -665,6 +667,7 @@ static int rsa_pss_to_ctx(EVP_MD_CTX *ctx, EVP_PKEY_CTX *pkctx,\r
f93f78ea
QL		 982 return rv;\r
983 }\r
984 \r
985+#ifndef OPENSSL_NO_CMS\r
986 static int rsa_cms_verify(CMS_SignerInfo *si)\r
987 {\r
988 int nid, nid2;\r
3f73ccb3 989@@ -683,6 +686,7 @@ static int rsa_cms_verify(CMS_SignerInfo *si)\r
f93f78ea
QL		 990 }\r
991 return 0;\r
992 }\r
993+#endif\r
994 \r
995 /*\r
996 * Customised RSA item verification routine. This is called when a signature\r
3f73ccb3 997@@ -705,6 +709,7 @@ static int rsa_item_verify(EVP_MD_CTX *ctx, const ASN1_ITEM *it, void *asn,\r
f93f78ea
QL		 998 return -1;\r
999 }\r
1000 \r
1001+#ifndef OPENSSL_NO_CMS\r
1002 static int rsa_cms_sign(CMS_SignerInfo *si)\r
1003 {\r
1004 int pad_mode = RSA_PKCS1_PADDING;\r
3f73ccb3 1005@@ -729,6 +734,7 @@ static int rsa_cms_sign(CMS_SignerInfo *si)\r
f93f78ea
QL		 1006 X509_ALGOR_set0(alg, OBJ_nid2obj(NID_rsassaPss), V_ASN1_SEQUENCE, os);\r
1007 return 1;\r
1008 }\r
1009+#endif\r
1010 \r
1011 static int rsa_item_sign(EVP_MD_CTX *ctx, const ASN1_ITEM *it, void *asn,\r
1012 X509_ALGOR *alg1, X509_ALGOR *alg2,\r
3f73ccb3 1013@@ -785,6 +791,7 @@ static RSA_OAEP_PARAMS *rsa_oaep_decode(const X509_ALGOR *alg,\r
f93f78ea
QL		 1014 return pss;\r
1015 }\r
1016 \r
1017+#ifndef OPENSSL_NO_CMS\r
1018 static int rsa_cms_decrypt(CMS_RecipientInfo *ri)\r
1019 {\r
1020 EVP_PKEY_CTX *pkctx;\r
3f73ccb3 1021@@ -857,7 +864,9 @@ static int rsa_cms_decrypt(CMS_RecipientInfo *ri)\r
f93f78ea
QL		 1022 X509_ALGOR_free(maskHash);\r
1023 return rv;\r
1024 }\r
1025+#endif\r
1026 \r
1027+#ifndef OPENSSL_NO_CMS\r
1028 static int rsa_cms_encrypt(CMS_RecipientInfo *ri)\r
1029 {\r
1030 const EVP_MD *md, *mgf1md;\r
3f73ccb3 1031@@ -920,6 +929,7 @@ static int rsa_cms_encrypt(CMS_RecipientInfo *ri)\r
f93f78ea
QL		 1032 ASN1_STRING_free(os);\r
1033 return rv;\r
1034 }\r
1035+#endif\r
1036 \r
1037 const EVP_PKEY_ASN1_METHOD rsa_asn1_meths[] = {\r
1038 {\r
ca6fa1fe
QL		 1039diff --git a/crypto/srp/srp.h b/crypto/srp/srp.h\r
1040index d072536..73b945f 100644\r
1041--- a/crypto/srp/srp.h\r
1042+++ b/crypto/srp/srp.h\r
1043@@ -114,7 +114,9 @@ DECLARE_STACK_OF(SRP_gN)\r
1044 \r
1045 SRP_VBASE *SRP_VBASE_new(char *seed_key);\r
1046 int SRP_VBASE_free(SRP_VBASE *vb);\r
1047+#ifndef OPENSSL_NO_STDIO\r
1048 int SRP_VBASE_init(SRP_VBASE *vb, char *verifier_file);\r
1049+#endif\r
1050 SRP_user_pwd *SRP_VBASE_get_by_user(SRP_VBASE *vb, char *username);\r
1051 char *SRP_create_verifier(const char *user, const char *pass, char **salt,\r
1052 char **verifier, const char *N, const char *g);\r
1053diff --git a/crypto/srp/srp_vfy.c b/crypto/srp/srp_vfy.c\r
1054index a3f1a8a..3fbb186 100644\r
1055--- a/crypto/srp/srp_vfy.c\r
1056+++ b/crypto/srp/srp_vfy.c\r
1057@@ -225,6 +225,7 @@ static int SRP_user_pwd_set_ids(SRP_user_pwd *vinfo, const char *id,\r
1058 return (info == NULL || NULL != (vinfo->info = BUF_strdup(info)));\r
1059 }\r
1060 \r
1061+#ifndef OPENSSL_NO_STDIO\r
1062 static int SRP_user_pwd_set_sv(SRP_user_pwd *vinfo, const char *s,\r
1063 const char *v)\r
1064 {\r
1065@@ -239,6 +240,7 @@ static int SRP_user_pwd_set_sv(SRP_user_pwd *vinfo, const char *s,\r
1066 len = t_fromb64(tmp, s);\r
1067 return ((vinfo->s = BN_bin2bn(tmp, len, NULL)) != NULL);\r
1068 }\r
1069+#endif\r
1070 \r
1071 static int SRP_user_pwd_set_sv_BN(SRP_user_pwd *vinfo, BIGNUM *s, BIGNUM *v)\r
1072 {\r
1073@@ -279,6 +281,7 @@ int SRP_VBASE_free(SRP_VBASE *vb)\r
1074 return 0;\r
1075 }\r
1076 \r
1077+#ifndef OPENSSL_NO_STDIO\r
1078 static SRP_gN_cache *SRP_gN_new_init(const char *ch)\r
1079 {\r
1080 unsigned char tmp[MAX_LEN];\r
1081@@ -310,6 +313,7 @@ static void SRP_gN_free(SRP_gN_cache *gN_cache)\r
1082 BN_free(gN_cache->bn);\r
1083 OPENSSL_free(gN_cache);\r
1084 }\r
1085+#endif\r
1086 \r
1087 static SRP_gN *SRP_get_gN_by_id(const char *id, STACK_OF(SRP_gN) *gN_tab)\r
1088 {\r
1089@@ -326,6 +330,7 @@ static SRP_gN *SRP_get_gN_by_id(const char *id, STACK_OF(SRP_gN) *gN_tab)\r
1090 return SRP_get_default_gN(id);\r
1091 }\r
1092 \r
1093+#ifndef OPENSSL_NO_STDIO\r
1094 static BIGNUM *SRP_gN_place_bn(STACK_OF(SRP_gN_cache) *gN_cache, char *ch)\r
1095 {\r
1096 int i;\r
1097@@ -467,6 +472,7 @@ int SRP_VBASE_init(SRP_VBASE *vb, char *verifier_file)\r
1098 return error_code;\r
1099 \r
1100 }\r
1101+#endif\r
1102 \r
1103 SRP_user_pwd *SRP_VBASE_get_by_user(SRP_VBASE *vb, char *username)\r
1104 {\r
1105diff --git a/crypto/ts/ts.h b/crypto/ts/ts.h\r
1106index 16eccbb..a9fe40e 100644\r
1107--- a/crypto/ts/ts.h\r
1108+++ b/crypto/ts/ts.h\r
1109@@ -281,8 +281,10 @@ TS_REQ *d2i_TS_REQ(TS_REQ **a, const unsigned char **pp, long length);\r
1110 \r
1111 TS_REQ *TS_REQ_dup(TS_REQ *a);\r
1112 \r
1113+#ifndef OPENSSL_NO_FP_API\r
1114 TS_REQ *d2i_TS_REQ_fp(FILE *fp, TS_REQ **a);\r
1115 int i2d_TS_REQ_fp(FILE *fp, TS_REQ *a);\r
1116+#endif\r
1117 TS_REQ *d2i_TS_REQ_bio(BIO *fp, TS_REQ **a);\r
1118 int i2d_TS_REQ_bio(BIO *fp, TS_REQ *a);\r
1119 \r
1120@@ -294,10 +296,12 @@ TS_MSG_IMPRINT *d2i_TS_MSG_IMPRINT(TS_MSG_IMPRINT **a,\r
1121 \r
1122 TS_MSG_IMPRINT *TS_MSG_IMPRINT_dup(TS_MSG_IMPRINT *a);\r
1123 \r
1124+#ifndef OPENSSL_NO_FP_API\r
1125 TS_MSG_IMPRINT *d2i_TS_MSG_IMPRINT_fp(FILE *fp, TS_MSG_IMPRINT **a);\r
1126 int i2d_TS_MSG_IMPRINT_fp(FILE *fp, TS_MSG_IMPRINT *a);\r
1127-TS_MSG_IMPRINT *d2i_TS_MSG_IMPRINT_bio(BIO *fp, TS_MSG_IMPRINT **a);\r
1128-int i2d_TS_MSG_IMPRINT_bio(BIO *fp, TS_MSG_IMPRINT *a);\r
1129+#endif\r
1130+TS_MSG_IMPRINT *d2i_TS_MSG_IMPRINT_bio(BIO *bio, TS_MSG_IMPRINT **a);\r
1131+int i2d_TS_MSG_IMPRINT_bio(BIO *bio, TS_MSG_IMPRINT *a);\r
1132 \r
1133 TS_RESP *TS_RESP_new(void);\r
1134 void TS_RESP_free(TS_RESP *a);\r
1135@@ -306,10 +310,12 @@ TS_RESP *d2i_TS_RESP(TS_RESP **a, const unsigned char **pp, long length);\r
1136 TS_TST_INFO *PKCS7_to_TS_TST_INFO(PKCS7 *token);\r
1137 TS_RESP *TS_RESP_dup(TS_RESP *a);\r
1138 \r
1139+#ifndef OPENSSL_NO_FP_API\r
1140 TS_RESP *d2i_TS_RESP_fp(FILE *fp, TS_RESP **a);\r
1141 int i2d_TS_RESP_fp(FILE *fp, TS_RESP *a);\r
1142-TS_RESP *d2i_TS_RESP_bio(BIO *fp, TS_RESP **a);\r
1143-int i2d_TS_RESP_bio(BIO *fp, TS_RESP *a);\r
1144+#endif\r
1145+TS_RESP *d2i_TS_RESP_bio(BIO *bio, TS_RESP **a);\r
1146+int i2d_TS_RESP_bio(BIO *bio, TS_RESP *a);\r
1147 \r
1148 TS_STATUS_INFO *TS_STATUS_INFO_new(void);\r
1149 void TS_STATUS_INFO_free(TS_STATUS_INFO *a);\r
1150@@ -325,10 +331,12 @@ TS_TST_INFO *d2i_TS_TST_INFO(TS_TST_INFO **a, const unsigned char **pp,\r
1151 long length);\r
1152 TS_TST_INFO *TS_TST_INFO_dup(TS_TST_INFO *a);\r
1153 \r
1154+#ifndef OPENSSL_NO_FP_API\r
1155 TS_TST_INFO *d2i_TS_TST_INFO_fp(FILE *fp, TS_TST_INFO **a);\r
1156 int i2d_TS_TST_INFO_fp(FILE *fp, TS_TST_INFO *a);\r
1157-TS_TST_INFO *d2i_TS_TST_INFO_bio(BIO *fp, TS_TST_INFO **a);\r
1158-int i2d_TS_TST_INFO_bio(BIO *fp, TS_TST_INFO *a);\r
1159+#endif\r
1160+TS_TST_INFO *d2i_TS_TST_INFO_bio(BIO *bio, TS_TST_INFO **a);\r
1161+int i2d_TS_TST_INFO_bio(BIO *bio, TS_TST_INFO *a);\r
1162 \r
1163 TS_ACCURACY *TS_ACCURACY_new(void);\r
1164 void TS_ACCURACY_free(TS_ACCURACY *a);\r
1165@@ -728,15 +736,18 @@ int TS_MSG_IMPRINT_print_bio(BIO *bio, TS_MSG_IMPRINT *msg);\r
1166 * ts/ts_conf.c\r
1167 */\r
1168 \r
1169+#ifndef OPENSSL_NO_STDIO\r
1170 X509 *TS_CONF_load_cert(const char *file);\r
1171 STACK_OF(X509) *TS_CONF_load_certs(const char *file);\r
1172 EVP_PKEY *TS_CONF_load_key(const char *file, const char *pass);\r
1173+#endif\r
1174 const char *TS_CONF_get_tsa_section(CONF *conf, const char *section);\r
1175 int TS_CONF_set_serial(CONF *conf, const char *section, TS_serial_cb cb,\r
1176 TS_RESP_CTX *ctx);\r
1177 int TS_CONF_set_crypto_device(CONF *conf, const char *section,\r
1178 const char *device);\r
1179 int TS_CONF_set_default_engine(const char *name);\r
1180+#ifndef OPENSSL_NO_STDIO\r
1181 int TS_CONF_set_signer_cert(CONF *conf, const char *section,\r
1182 const char *cert, TS_RESP_CTX *ctx);\r
1183 int TS_CONF_set_certs(CONF *conf, const char *section, const char *certs,\r
1184@@ -744,6 +755,7 @@ int TS_CONF_set_certs(CONF *conf, const char *section, const char *certs,\r
1185 int TS_CONF_set_signer_key(CONF *conf, const char *section,\r
1186 const char *key, const char *pass,\r
1187 TS_RESP_CTX *ctx);\r
1188+#endif\r
1189 int TS_CONF_set_def_policy(CONF *conf, const char *section,\r
1190 const char *policy, TS_RESP_CTX *ctx);\r
1191 int TS_CONF_set_policies(CONF *conf, const char *section, TS_RESP_CTX *ctx);\r
1192@@ -784,6 +796,11 @@ void ERR_load_TS_strings(void);\r
1193 # define TS_F_TS_CHECK_SIGNING_CERTS 103\r
1194 # define TS_F_TS_CHECK_STATUS_INFO 104\r
1195 # define TS_F_TS_COMPUTE_IMPRINT 145\r
1196+# define TS_F_TS_CONF_INVALID 151\r
1197+# define TS_F_TS_CONF_LOAD_CERT 153\r
1198+# define TS_F_TS_CONF_LOAD_CERTS 154\r
1199+# define TS_F_TS_CONF_LOAD_KEY 155\r
1200+# define TS_F_TS_CONF_LOOKUP_FAIL 152\r
1201 # define TS_F_TS_CONF_SET_DEFAULT_ENGINE 146\r
1202 # define TS_F_TS_GET_STATUS_TEXT 105\r
1203 # define TS_F_TS_MSG_IMPRINT_SET_ALGO 118\r
1204@@ -822,6 +839,8 @@ void ERR_load_TS_strings(void);\r
1205 /* Reason codes. */\r
1206 # define TS_R_BAD_PKCS7_TYPE 132\r
1207 # define TS_R_BAD_TYPE 133\r
1208+# define TS_R_CANNOT_LOAD_CERT 137\r
1209+# define TS_R_CANNOT_LOAD_KEY 138\r
1210 # define TS_R_CERTIFICATE_VERIFY_ERROR 100\r
1211 # define TS_R_COULD_NOT_SET_ENGINE 127\r
1212 # define TS_R_COULD_NOT_SET_TIME 115\r
1213@@ -854,6 +873,8 @@ void ERR_load_TS_strings(void);\r
1214 # define TS_R_UNACCEPTABLE_POLICY 125\r
1215 # define TS_R_UNSUPPORTED_MD_ALGORITHM 126\r
1216 # define TS_R_UNSUPPORTED_VERSION 113\r
1217+# define TS_R_VAR_BAD_VALUE 135\r
1218+# define TS_R_VAR_LOOKUP_FAILURE 136\r
1219 # define TS_R_WRONG_CONTENT_TYPE 114\r
1220 \r
1221 #ifdef __cplusplus\r
1222diff --git a/crypto/ts/ts_conf.c b/crypto/ts/ts_conf.c\r
1223index 4716b23..c4416ba 100644\r
1224--- a/crypto/ts/ts_conf.c\r
1225+++ b/crypto/ts/ts_conf.c\r
1226@@ -92,6 +92,7 @@\r
1227 \r
1228 /* Function definitions for certificate and key loading. */\r
1229 \r
1230+#ifndef OPENSSL_NO_STDIO\r
1231 X509 *TS_CONF_load_cert(const char *file)\r
1232 {\r
1233 BIO *cert = NULL;\r
1234@@ -102,7 +103,7 @@ X509 *TS_CONF_load_cert(const char *file)\r
1235 x = PEM_read_bio_X509_AUX(cert, NULL, NULL, NULL);\r
1236 end:\r
1237 if (x == NULL)\r
1238- fprintf(stderr, "unable to load certificate: %s\n", file);\r
1239+ TSerr(TS_F_TS_CONF_LOAD_CERT, TS_R_CANNOT_LOAD_CERT);\r
1240 BIO_free(cert);\r
1241 return x;\r
1242 }\r
1243@@ -129,7 +130,7 @@ STACK_OF(X509) *TS_CONF_load_certs(const char *file)\r
1244 }\r
1245 end:\r
1246 if (othercerts == NULL)\r
1247- fprintf(stderr, "unable to load certificates: %s\n", file);\r
1248+ TSerr(TS_F_TS_CONF_LOAD_CERTS, TS_R_CANNOT_LOAD_CERT);\r
1249 sk_X509_INFO_pop_free(allcerts, X509_INFO_free);\r
1250 BIO_free(certs);\r
1251 return othercerts;\r
1252@@ -145,21 +146,24 @@ EVP_PKEY *TS_CONF_load_key(const char *file, const char *pass)\r
1253 pkey = PEM_read_bio_PrivateKey(key, NULL, NULL, (char *)pass);\r
1254 end:\r
1255 if (pkey == NULL)\r
1256- fprintf(stderr, "unable to load private key: %s\n", file);\r
1257+ TSerr(TS_F_TS_CONF_LOAD_KEY, TS_R_CANNOT_LOAD_KEY);\r
1258 BIO_free(key);\r
1259 return pkey;\r
1260 }\r
1261+#endif /* !OPENSSL_NO_STDIO */\r
1262 \r
1263 /* Function definitions for handling configuration options. */\r
1264 \r
1265 static void TS_CONF_lookup_fail(const char *name, const char *tag)\r
1266 {\r
1267- fprintf(stderr, "variable lookup failed for %s::%s\n", name, tag);\r
1268+ TSerr(TS_F_TS_CONF_LOOKUP_FAIL, TS_R_VAR_LOOKUP_FAILURE);\r
1269+ ERR_add_error_data(3, name, "::", tag);\r
1270 }\r
1271 \r
1272 static void TS_CONF_invalid(const char *name, const char *tag)\r
1273 {\r
1274- fprintf(stderr, "invalid variable value for %s::%s\n", name, tag);\r
1275+ TSerr(TS_F_TS_CONF_INVALID, TS_R_VAR_BAD_VALUE);\r
1276+ ERR_add_error_data(3, name, "::", tag);\r
1277 }\r
1278 \r
1279 const char *TS_CONF_get_tsa_section(CONF *conf, const char *section)\r
1280@@ -237,6 +241,7 @@ int TS_CONF_set_default_engine(const char *name)\r
1281 \r
1282 #endif\r
1283 \r
1284+#ifndef OPENSSL_NO_STDIO\r
1285 int TS_CONF_set_signer_cert(CONF *conf, const char *section,\r
1286 const char *cert, TS_RESP_CTX *ctx)\r
1287 {\r
1288@@ -302,6 +307,7 @@ int TS_CONF_set_signer_key(CONF *conf, const char *section,\r
1289 EVP_PKEY_free(key_obj);\r
1290 return ret;\r
1291 }\r
1292+#endif /* !OPENSSL_NO_STDIO */\r
1293 \r
1294 int TS_CONF_set_def_policy(CONF *conf, const char *section,\r
1295 const char *policy, TS_RESP_CTX *ctx)\r
1296diff --git a/crypto/ts/ts_err.c b/crypto/ts/ts_err.c\r
1297index ff1abf4..3f5b78f 100644\r
1298--- a/crypto/ts/ts_err.c\r
1299+++ b/crypto/ts/ts_err.c\r
1300@@ -1,6 +1,6 @@\r
1301 /* crypto/ts/ts_err.c */\r
1302 /* ====================================================================\r
1303- * Copyright (c) 1999-2007 The OpenSSL Project. All rights reserved.\r
1304+ * Copyright (c) 1999-2015 The OpenSSL Project. All rights reserved.\r
1305 *\r
1306 * Redistribution and use in source and binary forms, with or without\r
1307 * modification, are permitted provided that the following conditions\r
1308@@ -87,6 +87,11 @@ static ERR_STRING_DATA TS_str_functs[] = {\r
1309 {ERR_FUNC(TS_F_TS_CHECK_SIGNING_CERTS), "TS_CHECK_SIGNING_CERTS"},\r
1310 {ERR_FUNC(TS_F_TS_CHECK_STATUS_INFO), "TS_CHECK_STATUS_INFO"},\r
1311 {ERR_FUNC(TS_F_TS_COMPUTE_IMPRINT), "TS_COMPUTE_IMPRINT"},\r
1312+ {ERR_FUNC(TS_F_TS_CONF_INVALID), "ts_CONF_invalid"},\r
1313+ {ERR_FUNC(TS_F_TS_CONF_LOAD_CERT), "TS_CONF_load_cert"},\r
1314+ {ERR_FUNC(TS_F_TS_CONF_LOAD_CERTS), "TS_CONF_load_certs"},\r
1315+ {ERR_FUNC(TS_F_TS_CONF_LOAD_KEY), "TS_CONF_load_key"},\r
1316+ {ERR_FUNC(TS_F_TS_CONF_LOOKUP_FAIL), "ts_CONF_lookup_fail"},\r
1317 {ERR_FUNC(TS_F_TS_CONF_SET_DEFAULT_ENGINE), "TS_CONF_set_default_engine"},\r
1318 {ERR_FUNC(TS_F_TS_GET_STATUS_TEXT), "TS_GET_STATUS_TEXT"},\r
1319 {ERR_FUNC(TS_F_TS_MSG_IMPRINT_SET_ALGO), "TS_MSG_IMPRINT_set_algo"},\r
1320@@ -132,6 +137,8 @@ static ERR_STRING_DATA TS_str_functs[] = {\r
1321 static ERR_STRING_DATA TS_str_reasons[] = {\r
1322 {ERR_REASON(TS_R_BAD_PKCS7_TYPE), "bad pkcs7 type"},\r
1323 {ERR_REASON(TS_R_BAD_TYPE), "bad type"},\r
1324+ {ERR_REASON(TS_R_CANNOT_LOAD_CERT), "cannot load certificate"},\r
1325+ {ERR_REASON(TS_R_CANNOT_LOAD_KEY), "cannot load private key"},\r
1326 {ERR_REASON(TS_R_CERTIFICATE_VERIFY_ERROR), "certificate verify error"},\r
1327 {ERR_REASON(TS_R_COULD_NOT_SET_ENGINE), "could not set engine"},\r
1328 {ERR_REASON(TS_R_COULD_NOT_SET_TIME), "could not set time"},\r
1329@@ -170,6 +177,8 @@ static ERR_STRING_DATA TS_str_reasons[] = {\r
1330 {ERR_REASON(TS_R_UNACCEPTABLE_POLICY), "unacceptable policy"},\r
1331 {ERR_REASON(TS_R_UNSUPPORTED_MD_ALGORITHM), "unsupported md algorithm"},\r
1332 {ERR_REASON(TS_R_UNSUPPORTED_VERSION), "unsupported version"},\r
1333+ {ERR_REASON(TS_R_VAR_BAD_VALUE), "var bad value"},\r
1334+ {ERR_REASON(TS_R_VAR_LOOKUP_FAILURE), "cannot find config variable"},\r
1335 {ERR_REASON(TS_R_WRONG_CONTENT_TYPE), "wrong content type"},\r
1336 {0, NULL}\r
1337 };\r
1338diff --git a/crypto/ui/ui_util.c b/crypto/ui/ui_util.c\r
1339index 0f29011..80dd40e 100644\r
1340--- a/crypto/ui/ui_util.c\r
1341+++ b/crypto/ui/ui_util.c\r
1342@@ -56,6 +56,10 @@\r
1343 #include <string.h>\r
1344 #include "ui_locl.h"\r
1345 \r
1346+#ifndef BUFSIZ\r
1347+#define BUFSIZ 256\r
1348+#endif\r
1349+\r
1350 int UI_UTIL_read_pw_string(char *buf, int length, const char *prompt,\r
1351 int verify)\r
1352 {\r
1353diff --git a/crypto/x509/by_dir.c b/crypto/x509/by_dir.c\r
1354index 9ee8f8d..64b052e 100644\r
1355--- a/crypto/x509/by_dir.c\r
1356+++ b/crypto/x509/by_dir.c\r
1357@@ -69,6 +69,8 @@\r
1358 # include <sys/stat.h>\r
1359 #endif\r
1360 \r
1361+#ifndef OPENSSL_NO_STDIO\r
1362+\r
1363 #include <openssl/lhash.h>\r
1364 #include <openssl/x509.h>\r
1365 \r
1366@@ -434,3 +436,5 @@ static int get_cert_by_subject(X509_LOOKUP *xl, int type, X509_NAME *name,\r
1367 BUF_MEM_free(b);\r
1368 return (ok);\r
1369 }\r
1370+\r
1371+#endif /* OPENSSL_NO_STDIO */\r
3f73ccb3
QL		 1372diff --git a/crypto/x509/x509_vfy.c b/crypto/x509/x509_vfy.c\r
1373index 0429767..7ddc21c 100644\r
1374--- a/crypto/x509/x509_vfy.c\r
1375+++ b/crypto/x509/x509_vfy.c\r
1376@@ -940,6 +940,8 @@ static int check_crl_time(X509_STORE_CTX *ctx, X509_CRL *crl, int notify)\r
de0408be
DW		 1377 ctx->current_crl = crl;\r
1378 if (ctx->param->flags & X509_V_FLAG_USE_CHECK_TIME)\r
1379 ptime = &ctx->param->check_time;\r
1380+ else if (ctx->param->flags & X509_V_FLAG_NO_CHECK_TIME)\r
1381+ return 1;\r
1382 else\r
1383 ptime = NULL;\r
f93f78ea 1384 \r
3f73ccb3 1385@@ -1663,6 +1665,8 @@ static int check_cert_time(X509_STORE_CTX *ctx, X509 *x)\r
f93f78ea 1386 \r
de0408be
DW		 1387 if (ctx->param->flags & X509_V_FLAG_USE_CHECK_TIME)\r
1388 ptime = &ctx->param->check_time;\r
1389+ else if (ctx->param->flags & X509_V_FLAG_NO_CHECK_TIME)\r
1390+ return 1;\r
1391 else\r
1392 ptime = NULL;\r
f93f78ea 1393 \r
3f73ccb3 1394diff --git a/crypto/x509/x509_vfy.h b/crypto/x509/x509_vfy.h\r
ca6fa1fe 1395index 2663e1c..3790ef5 100644\r
3f73ccb3
QL		 1396--- a/crypto/x509/x509_vfy.h\r
1397+++ b/crypto/x509/x509_vfy.h\r
1398@@ -438,6 +438,8 @@ void X509_STORE_CTX_set_depth(X509_STORE_CTX *ctx, int depth);\r
de0408be
DW		 1399 * will force the behaviour to match that of previous versions.\r
1400 */\r
1401 # define X509_V_FLAG_NO_ALT_CHAINS 0x100000\r
1402+/* Do not check certificate/CRL validity against current time */\r
1403+# define X509_V_FLAG_NO_CHECK_TIME 0x200000\r
f93f78ea 1404 \r
de0408be
DW		 1405 # define X509_VP_FLAG_DEFAULT 0x1\r
1406 # define X509_VP_FLAG_OVERWRITE 0x2\r
ca6fa1fe
QL		 1407@@ -490,9 +492,10 @@ void X509_STORE_CTX_cleanup(X509_STORE_CTX *ctx);\r
1408 X509_STORE *X509_STORE_CTX_get0_store(X509_STORE_CTX *ctx);\r
1409 \r
1410 X509_LOOKUP *X509_STORE_add_lookup(X509_STORE *v, X509_LOOKUP_METHOD *m);\r
1411-\r
1412+#ifndef OPENSSL_NO_STDIO\r
1413 X509_LOOKUP_METHOD *X509_LOOKUP_hash_dir(void);\r
1414 X509_LOOKUP_METHOD *X509_LOOKUP_file(void);\r
1415+#endif\r
1416 \r
1417 int X509_STORE_add_cert(X509_STORE *ctx, X509 *x);\r
1418 int X509_STORE_add_crl(X509_STORE *ctx, X509_CRL *x);\r
3f73ccb3
QL		 1419diff --git a/crypto/x509v3/ext_dat.h b/crypto/x509v3/ext_dat.h\r
1420index c3a6fce..01edd2a 100644\r
1421--- a/crypto/x509v3/ext_dat.h\r
1422+++ b/crypto/x509v3/ext_dat.h\r
1423@@ -127,8 +127,10 @@ static const X509V3_EXT_METHOD *standard_exts[] = {\r
f93f78ea
QL		 1424 &v3_idp,\r
1425 &v3_alt[2],\r
1426 &v3_freshest_crl,\r
1427+#ifndef OPENSSL_SYS_UEFI\r
1428 &v3_ct_scts[0],\r
1429 &v3_ct_scts[1],\r
1430+#endif\r
1431 };\r
1432 \r
1433 /* Number of standard extensions */\r
ca6fa1fe
QL		 1434diff --git a/crypto/x509v3/v3_pci.c b/crypto/x509v3/v3_pci.c\r
1435index 34cad53..12f12a7 100644\r
1436--- a/crypto/x509v3/v3_pci.c\r
1437+++ b/crypto/x509v3/v3_pci.c\r
1438@@ -149,6 +149,7 @@ static int process_pci_value(CONF_VALUE *val,\r
1439 goto err;\r
1440 }\r
1441 OPENSSL_free(tmp_data2);\r
1442+#ifndef OPENSSL_NO_STDIO\r
1443 } else if (strncmp(val->value, "file:", 5) == 0) {\r
1444 unsigned char buf[2048];\r
1445 int n;\r
1446@@ -181,6 +182,7 @@ static int process_pci_value(CONF_VALUE *val,\r
1447 X509V3_conf_err(val);\r
1448 goto err;\r
1449 }\r
1450+#endif /* !OPENSSL_NO_STDIO */\r
1451 } else if (strncmp(val->value, "text:", 5) == 0) {\r
1452 val_len = strlen(val->value + 5);\r
1453 tmp_data = OPENSSL_realloc((*policy)->data,\r
1454diff --git a/crypto/x509v3/x509v3.h b/crypto/x509v3/x509v3.h\r
1455index f5c6156..a2e78aa 100644\r
1456--- a/crypto/x509v3/x509v3.h\r
1457+++ b/crypto/x509v3/x509v3.h\r
1458@@ -688,8 +688,9 @@ void X509V3_EXT_val_prn(BIO *out, STACK_OF(CONF_VALUE) *val, int indent,\r
1459 int ml);\r
1460 int X509V3_EXT_print(BIO *out, X509_EXTENSION *ext, unsigned long flag,\r
1461 int indent);\r
1462+#ifndef OPENSSL_NO_FP_API\r
1463 int X509V3_EXT_print_fp(FILE *out, X509_EXTENSION *ext, int flag, int indent);\r
1464-\r
1465+#endif\r
1466 int X509V3_extensions_print(BIO *out, char *title,\r
1467 STACK_OF(X509_EXTENSION) *exts,\r
1468 unsigned long flag, int indent);\r
e578aa19
QL		 1469diff --git a/demos/engines/cluster_labs/hw_cluster_labs_err.h b/demos/engines/cluster_labs/hw_cluster_labs_err.h\r
1470index 3300e11..e9e58d5 100644\r
1471--- a/demos/engines/cluster_labs/hw_cluster_labs_err.h\r
1472+++ b/demos/engines/cluster_labs/hw_cluster_labs_err.h\r
1473@@ -67,7 +67,7 @@ extern "C" {\r
1474 static void ERR_load_CL_strings(void);\r
1475 static void ERR_unload_CL_strings(void);\r
1476 static void ERR_CL_error(int function, int reason, char *file, int line);\r
1477-# define CLerr(f,r) ERR_CL_error((f),(r),__FILE__,__LINE__)\r
1478+# define CLerr(f,r) ERR_CL_error((f),(r),OPENSSL_FILE,OPENSSL_LINE)\r
1479 \r
1480 /* Error codes for the CL functions. */\r
1481 \r
1482diff --git a/demos/engines/ibmca/hw_ibmca_err.h b/demos/engines/ibmca/hw_ibmca_err.h\r
1483index c17e0c9..10d0212 100644\r
1484--- a/demos/engines/ibmca/hw_ibmca_err.h\r
1485+++ b/demos/engines/ibmca/hw_ibmca_err.h\r
1486@@ -67,7 +67,7 @@ extern "C" {\r
1487 static void ERR_load_IBMCA_strings(void);\r
1488 static void ERR_unload_IBMCA_strings(void);\r
1489 static void ERR_IBMCA_error(int function, int reason, char *file, int line);\r
1490-# define IBMCAerr(f,r) ERR_IBMCA_error((f),(r),__FILE__,__LINE__)\r
1491+# define IBMCAerr(f,r) ERR_IBMCA_error((f),(r),OPENSSL_FILE,OPENSSL_LINE)\r
1492 \r
1493 /* Error codes for the IBMCA functions. */\r
1494 \r
1495diff --git a/demos/engines/rsaref/rsaref_err.h b/demos/engines/rsaref/rsaref_err.h\r
1496index 4356815..598836f 100644\r
1497--- a/demos/engines/rsaref/rsaref_err.h\r
1498+++ b/demos/engines/rsaref/rsaref_err.h\r
1499@@ -68,7 +68,7 @@ extern "C" {\r
1500 static void ERR_load_RSAREF_strings(void);\r
1501 static void ERR_unload_RSAREF_strings(void);\r
1502 static void ERR_RSAREF_error(int function, int reason, char *file, int line);\r
1503-# define RSAREFerr(f,r) ERR_RSAREF_error((f),(r),__FILE__,__LINE__)\r
1504+# define RSAREFerr(f,r) ERR_RSAREF_error((f),(r),OPENSSL_FILE,OPENSSL_LINE)\r
1505 /* Error codes for the RSAREF functions. */\r
1506 \r
1507 /* Function codes. */\r
1508diff --git a/demos/engines/zencod/hw_zencod_err.h b/demos/engines/zencod/hw_zencod_err.h\r
1509index f4a8358..94d3293 100644\r
1510--- a/demos/engines/zencod/hw_zencod_err.h\r
1511+++ b/demos/engines/zencod/hw_zencod_err.h\r
1512@@ -67,7 +67,7 @@ extern "C" {\r
1513 static void ERR_load_ZENCOD_strings(void);\r
1514 static void ERR_unload_ZENCOD_strings(void);\r
1515 static void ERR_ZENCOD_error(int function, int reason, char *file, int line);\r
1516-# define ZENCODerr(f,r) ERR_ZENCOD_error((f),(r),__FILE__,__LINE__)\r
1517+# define ZENCODerr(f,r) ERR_ZENCOD_error((f),(r),OPENSSL_FILE,OPENSSL_LINE)\r
1518 \r
1519 /* Error codes for the ZENCOD functions. */\r
1520 \r
1521diff --git a/doc/crypto/threads.pod b/doc/crypto/threads.pod\r
1522index dc0e939..fe123bb 100644\r
1523--- a/doc/crypto/threads.pod\r
1524+++ b/doc/crypto/threads.pod\r
1525@@ -51,15 +51,15 @@ CRYPTO_destroy_dynlockid, CRYPTO_lock - OpenSSL thread support\r
1526 void CRYPTO_lock(int mode, int n, const char *file, int line);\r
1527 \r
1528 #define CRYPTO_w_lock(type) \\r
1529- CRYPTO_lock(CRYPTO_LOCK|CRYPTO_WRITE,type,__FILE__,__LINE__)\r
1530+ CRYPTO_lock(CRYPTO_LOCK|CRYPTO_WRITE,type,OPENSSL_FILE,OPENSSL_LINE)\r
1531 #define CRYPTO_w_unlock(type) \\r
1532- CRYPTO_lock(CRYPTO_UNLOCK|CRYPTO_WRITE,type,__FILE__,__LINE__)\r
1533+ CRYPTO_lock(CRYPTO_UNLOCK|CRYPTO_WRITE,type,OPENSSL_FILE,OPENSSL_LINE)\r
1534 #define CRYPTO_r_lock(type) \\r
1535- CRYPTO_lock(CRYPTO_LOCK|CRYPTO_READ,type,__FILE__,__LINE__)\r
1536+ CRYPTO_lock(CRYPTO_LOCK|CRYPTO_READ,type,OPENSSL_FILE,OPENSSL_LINE)\r
1537 #define CRYPTO_r_unlock(type) \\r
1538- CRYPTO_lock(CRYPTO_UNLOCK|CRYPTO_READ,type,__FILE__,__LINE__)\r
1539+ CRYPTO_lock(CRYPTO_UNLOCK|CRYPTO_READ,type,OPENSSL_FILE,OPENSSL_LINE)\r
1540 #define CRYPTO_add(addr,amount,type) \\r
1541- CRYPTO_add_lock(addr,amount,type,__FILE__,__LINE__)\r
1542+ CRYPTO_add_lock(addr,amount,type,OPENSSL_FILE,OPENSSL_LINE)\r
1543 \r
1544 =head1 DESCRIPTION\r
1545 \r
3f73ccb3
QL		 1546diff --git a/e_os.h b/e_os.h\r
1547index 1fa36c1..3e9dae2 100644\r
1548--- a/e_os.h\r
1549+++ b/e_os.h\r
1550@@ -136,7 +136,7 @@ extern "C" {\r
97468ab9
DW		 1551 # define MSDOS\r
1552 # endif\r
1553 \r
1554-# if defined(MSDOS) && !defined(GETPID_IS_MEANINGLESS)\r
1555+# if (defined(MSDOS) || defined(OPENSSL_SYS_UEFI)) && !defined(GETPID_IS_MEANINGLESS)\r
1556 # define GETPID_IS_MEANINGLESS\r
1557 # endif\r
1558 \r
3f73ccb3
QL		 1559diff --git a/e_os2.h b/e_os2.h\r
1560index 7be9989..909e22f 100644\r
1561--- a/e_os2.h\r
1562+++ b/e_os2.h\r
1563@@ -97,7 +97,14 @@ extern "C" {\r
3b21958b
DW		 1564 * For 32 bit environment, there seems to be the CygWin environment and then\r
1565 * all the others that try to do the same thing Microsoft does...\r
1566 */\r
1567-# if defined(OPENSSL_SYSNAME_UWIN)\r
1568+/*\r
1569+ * UEFI lives here because it might be built with a Microsoft toolchain and\r
1570+ * we need to avoid the false positive match on Windows.\r
1571+ */\r
1572+# if defined(OPENSSL_SYSNAME_UEFI)\r
1573+# undef OPENSSL_SYS_UNIX\r
1574+# define OPENSSL_SYS_UEFI\r
1575+# elif defined(OPENSSL_SYSNAME_UWIN)\r
1576 # undef OPENSSL_SYS_UNIX\r
1577 # define OPENSSL_SYS_WIN32_UWIN\r
1578 # else\r
e578aa19
QL		 1579diff --git a/engines/ccgost/e_gost_err.h b/engines/ccgost/e_gost_err.h\r
1580index a2018ec..9eacdcf 100644\r
1581--- a/engines/ccgost/e_gost_err.h\r
1582+++ b/engines/ccgost/e_gost_err.h\r
1583@@ -67,7 +67,7 @@ extern "C" {\r
1584 void ERR_load_GOST_strings(void);\r
1585 void ERR_unload_GOST_strings(void);\r
1586 void ERR_GOST_error(int function, int reason, char *file, int line);\r
1587-# define GOSTerr(f,r) ERR_GOST_error((f),(r),__FILE__,__LINE__)\r
1588+# define GOSTerr(f,r) ERR_GOST_error((f),(r),OPENSSL_FILE,OPENSSL_LINE)\r
1589 \r
1590 /* Error codes for the GOST functions. */\r
1591 \r
1592diff --git a/engines/e_4758cca_err.h b/engines/e_4758cca_err.h\r
1593index 2f29d96..47a2635 100644\r
1594--- a/engines/e_4758cca_err.h\r
1595+++ b/engines/e_4758cca_err.h\r
1596@@ -67,7 +67,7 @@ extern "C" {\r
1597 static void ERR_load_CCA4758_strings(void);\r
1598 static void ERR_unload_CCA4758_strings(void);\r
1599 static void ERR_CCA4758_error(int function, int reason, char *file, int line);\r
1600-# define CCA4758err(f,r) ERR_CCA4758_error((f),(r),__FILE__,__LINE__)\r
1601+# define CCA4758err(f,r) ERR_CCA4758_error((f),(r),OPENSSL_FILE,OPENSSL_LINE)\r
1602 \r
1603 /* Error codes for the CCA4758 functions. */\r
1604 \r
1605diff --git a/engines/e_aep_err.h b/engines/e_aep_err.h\r
1606index 2ed0114..1f8fa5b 100644\r
1607--- a/engines/e_aep_err.h\r
1608+++ b/engines/e_aep_err.h\r
1609@@ -67,7 +67,7 @@ extern "C" {\r
1610 static void ERR_load_AEPHK_strings(void);\r
1611 static void ERR_unload_AEPHK_strings(void);\r
1612 static void ERR_AEPHK_error(int function, int reason, char *file, int line);\r
1613-# define AEPHKerr(f,r) ERR_AEPHK_error((f),(r),__FILE__,__LINE__)\r
1614+# define AEPHKerr(f,r) ERR_AEPHK_error((f),(r),OPENSSL_FILE,OPENSSL_LINE)\r
1615 \r
1616 /* Error codes for the AEPHK functions. */\r
1617 \r
1618diff --git a/engines/e_atalla_err.h b/engines/e_atalla_err.h\r
1619index 7b71eff..d958496 100644\r
1620--- a/engines/e_atalla_err.h\r
1621+++ b/engines/e_atalla_err.h\r
1622@@ -67,7 +67,7 @@ extern "C" {\r
1623 static void ERR_load_ATALLA_strings(void);\r
1624 static void ERR_unload_ATALLA_strings(void);\r
1625 static void ERR_ATALLA_error(int function, int reason, char *file, int line);\r
1626-# define ATALLAerr(f,r) ERR_ATALLA_error((f),(r),__FILE__,__LINE__)\r
1627+# define ATALLAerr(f,r) ERR_ATALLA_error((f),(r),OPENSSL_FILE,OPENSSL_LINE)\r
1628 \r
1629 /* Error codes for the ATALLA functions. */\r
1630 \r
1631diff --git a/engines/e_capi_err.h b/engines/e_capi_err.h\r
1632index b5d06dc..cfe46b1 100644\r
1633--- a/engines/e_capi_err.h\r
1634+++ b/engines/e_capi_err.h\r
1635@@ -67,7 +67,7 @@ extern "C" {\r
1636 static void ERR_load_CAPI_strings(void);\r
1637 static void ERR_unload_CAPI_strings(void);\r
1638 static void ERR_CAPI_error(int function, int reason, char *file, int line);\r
1639-# define CAPIerr(f,r) ERR_CAPI_error((f),(r),__FILE__,__LINE__)\r
1640+# define CAPIerr(f,r) ERR_CAPI_error((f),(r),OPENSSL_FILE,OPENSSL_LINE)\r
1641 \r
1642 /* Error codes for the CAPI functions. */\r
1643 \r
1644diff --git a/engines/e_chil_err.h b/engines/e_chil_err.h\r
1645index d86a4ce..3d961b9 100644\r
1646--- a/engines/e_chil_err.h\r
1647+++ b/engines/e_chil_err.h\r
1648@@ -67,7 +67,7 @@ extern "C" {\r
1649 static void ERR_load_HWCRHK_strings(void);\r
1650 static void ERR_unload_HWCRHK_strings(void);\r
1651 static void ERR_HWCRHK_error(int function, int reason, char *file, int line);\r
1652-# define HWCRHKerr(f,r) ERR_HWCRHK_error((f),(r),__FILE__,__LINE__)\r
1653+# define HWCRHKerr(f,r) ERR_HWCRHK_error((f),(r),OPENSSL_FILE,OPENSSL_LINE)\r
1654 \r
1655 /* Error codes for the HWCRHK functions. */\r
1656 \r
1657diff --git a/engines/e_cswift_err.h b/engines/e_cswift_err.h\r
1658index fde3a82..7c20691 100644\r
1659--- a/engines/e_cswift_err.h\r
1660+++ b/engines/e_cswift_err.h\r
1661@@ -67,7 +67,7 @@ extern "C" {\r
1662 static void ERR_load_CSWIFT_strings(void);\r
1663 static void ERR_unload_CSWIFT_strings(void);\r
1664 static void ERR_CSWIFT_error(int function, int reason, char *file, int line);\r
1665-# define CSWIFTerr(f,r) ERR_CSWIFT_error((f),(r),__FILE__,__LINE__)\r
1666+# define CSWIFTerr(f,r) ERR_CSWIFT_error((f),(r),OPENSSL_FILE,OPENSSL_LINE)\r
1667 \r
1668 /* Error codes for the CSWIFT functions. */\r
1669 \r
1670diff --git a/engines/e_gmp_err.h b/engines/e_gmp_err.h\r
1671index 637abbc..ccaf3da 100644\r
1672--- a/engines/e_gmp_err.h\r
1673+++ b/engines/e_gmp_err.h\r
1674@@ -67,7 +67,7 @@ extern "C" {\r
1675 static void ERR_load_GMP_strings(void);\r
1676 static void ERR_unload_GMP_strings(void);\r
1677 static void ERR_GMP_error(int function, int reason, char *file, int line);\r
1678-# define GMPerr(f,r) ERR_GMP_error((f),(r),__FILE__,__LINE__)\r
1679+# define GMPerr(f,r) ERR_GMP_error((f),(r),OPENSSL_FILE,OPENSSL_LINE)\r
1680 \r
1681 /* Error codes for the GMP functions. */\r
1682 \r
1683diff --git a/engines/e_nuron_err.h b/engines/e_nuron_err.h\r
1684index aa7849c..e607d3e 100644\r
1685--- a/engines/e_nuron_err.h\r
1686+++ b/engines/e_nuron_err.h\r
1687@@ -67,7 +67,7 @@ extern "C" {\r
1688 static void ERR_load_NURON_strings(void);\r
1689 static void ERR_unload_NURON_strings(void);\r
1690 static void ERR_NURON_error(int function, int reason, char *file, int line);\r
1691-# define NURONerr(f,r) ERR_NURON_error((f),(r),__FILE__,__LINE__)\r
1692+# define NURONerr(f,r) ERR_NURON_error((f),(r),OPENSSL_FILE,OPENSSL_LINE)\r
1693 \r
1694 /* Error codes for the NURON functions. */\r
1695 \r
1696diff --git a/engines/e_sureware_err.h b/engines/e_sureware_err.h\r
1697index bef8623..54f2848 100644\r
1698--- a/engines/e_sureware_err.h\r
1699+++ b/engines/e_sureware_err.h\r
1700@@ -68,7 +68,7 @@ static void ERR_load_SUREWARE_strings(void);\r
1701 static void ERR_unload_SUREWARE_strings(void);\r
1702 static void ERR_SUREWARE_error(int function, int reason, char *file,\r
1703 int line);\r
1704-# define SUREWAREerr(f,r) ERR_SUREWARE_error((f),(r),__FILE__,__LINE__)\r
1705+# define SUREWAREerr(f,r) ERR_SUREWARE_error((f),(r),OPENSSL_FILE,OPENSSL_LINE)\r
1706 \r
1707 /* Error codes for the SUREWARE functions. */\r
1708 \r
1709diff --git a/engines/e_ubsec_err.h b/engines/e_ubsec_err.h\r
1710index c8aec7c..67110ed 100644\r
1711--- a/engines/e_ubsec_err.h\r
1712+++ b/engines/e_ubsec_err.h\r
1713@@ -67,7 +67,7 @@ extern "C" {\r
1714 static void ERR_load_UBSEC_strings(void);\r
1715 static void ERR_unload_UBSEC_strings(void);\r
1716 static void ERR_UBSEC_error(int function, int reason, char *file, int line);\r
1717-# define UBSECerr(f,r) ERR_UBSEC_error((f),(r),__FILE__,__LINE__)\r
1718+# define UBSECerr(f,r) ERR_UBSEC_error((f),(r),OPENSSL_FILE,OPENSSL_LINE)\r
1719 \r
1720 /* Error codes for the UBSEC functions. */\r
1721 \r
1722diff --git a/ssl/d1_both.c b/ssl/d1_both.c\r
1723index d1fc716..d5f661a 100644\r
1724--- a/ssl/d1_both.c\r
1725+++ b/ssl/d1_both.c\r
1726@@ -1053,7 +1053,7 @@ int dtls1_send_change_cipher_spec(SSL *s, int a, int b)\r
1727 int dtls1_read_failed(SSL *s, int code)\r
1728 {\r
1729 if (code > 0) {\r
1730- fprintf(stderr, "invalid state reached %s:%d", __FILE__, __LINE__);\r
1731+ fprintf(stderr, "dtls1_read_failed(); invalid state reached\n");\r
1732 return 1;\r
1733 }\r
1734 \r
1735diff --git a/ssl/ssl_asn1.c b/ssl/ssl_asn1.c\r
1736index 35cc27c..a1f5335 100644\r
1737--- a/ssl/ssl_asn1.c\r
1738+++ b/ssl/ssl_asn1.c\r
1739@@ -418,7 +418,7 @@ SSL_SESSION *d2i_SSL_SESSION(SSL_SESSION **a, const unsigned char **pp,\r
1740 if (ssl_version == SSL2_VERSION) {\r
1741 if (os.length != 3) {\r
1742 c.error = SSL_R_CIPHER_CODE_WRONG_LENGTH;\r
1743- c.line = __LINE__;\r
1744+ c.line = OPENSSL_LINE;\r
1745 goto err;\r
1746 }\r
1747 id = 0x02000000L |\r
1748@@ -429,14 +429,14 @@ SSL_SESSION *d2i_SSL_SESSION(SSL_SESSION **a, const unsigned char **pp,\r
1749 || ssl_version == DTLS1_BAD_VER) {\r
1750 if (os.length != 2) {\r
1751 c.error = SSL_R_CIPHER_CODE_WRONG_LENGTH;\r
1752- c.line = __LINE__;\r
1753+ c.line = OPENSSL_LINE;\r
1754 goto err;\r
1755 }\r
1756 id = 0x03000000L |\r
1757 ((unsigned long)os.data[0] << 8L) | (unsigned long)os.data[1];\r
1758 } else {\r
1759 c.error = SSL_R_UNKNOWN_SSL_VERSION;\r
1760- c.line = __LINE__;\r
1761+ c.line = OPENSSL_LINE;\r
1762 goto err;\r
1763 }\r
1764 \r
1765@@ -526,7 +526,7 @@ SSL_SESSION *d2i_SSL_SESSION(SSL_SESSION **a, const unsigned char **pp,\r
1766 if (os.data != NULL) {\r
1767 if (os.length > SSL_MAX_SID_CTX_LENGTH) {\r
1768 c.error = SSL_R_BAD_LENGTH;\r
1769- c.line = __LINE__;\r
1770+ c.line = OPENSSL_LINE;\r
1771 goto err;\r
1772 } else {\r
1773 ret->sid_ctx_length = os.length;\r
ca6fa1fe
QL		 1774diff --git a/ssl/ssl_cert.c b/ssl/ssl_cert.c\r
1775index a73f866..d534c0a 100644\r
1776--- a/ssl/ssl_cert.c\r
1777+++ b/ssl/ssl_cert.c\r
1778@@ -855,12 +855,13 @@ int SSL_CTX_add_client_CA(SSL_CTX *ctx, X509 *x)\r
1779 return (add_client_CA(&(ctx->client_CA), x));\r
1780 }\r
1781 \r
1782+#ifndef OPENSSL_NO_STDIO\r
1783+\r
1784 static int xname_cmp(const X509_NAME *const *a, const X509_NAME *const *b)\r
1785 {\r
1786 return (X509_NAME_cmp(*a, *b));\r
1787 }\r
1788 \r
1789-#ifndef OPENSSL_NO_STDIO\r
1790 /**\r
1791 * Load CA certs from a file into a ::STACK. Note that it is somewhat misnamed;\r
1792 * it doesn't really have anything to do with clients (except that a common use\r
1793@@ -928,7 +929,6 @@ STACK_OF(X509_NAME) *SSL_load_client_CA_file(const char *file)\r
1794 ERR_clear_error();\r
1795 return (ret);\r
1796 }\r
1797-#endif\r
1798 \r
1799 /**\r
1800 * Add a file of certs to a stack.\r
1801@@ -1048,6 +1048,7 @@ int SSL_add_dir_cert_subjects_to_stack(STACK_OF(X509_NAME) *stack,\r
1802 CRYPTO_w_unlock(CRYPTO_LOCK_READDIR);\r
1803 return ret;\r
1804 }\r
1805+#endif /* !OPENSSL_NO_STDIO */\r
1806 \r
1807 /* Add a certificate to a BUF_MEM structure */\r
1808 \r
1809diff --git a/ssl/ssl_conf.c b/ssl/ssl_conf.c\r
1810index 5478840..c2ad7c9 100644\r
1811--- a/ssl/ssl_conf.c\r
1812+++ b/ssl/ssl_conf.c\r
1813@@ -362,6 +362,7 @@ static int cmd_Options(SSL_CONF_CTX *cctx, const char *value)\r
1814 return CONF_parse_list(value, ',', 1, ssl_set_option_list, cctx);\r
1815 }\r
1816 \r
1817+#ifndef OPENSSL_NO_STDIO\r
1818 static int cmd_Certificate(SSL_CONF_CTX *cctx, const char *value)\r
1819 {\r
1820 int rv = 1;\r
1821@@ -428,7 +429,9 @@ static int cmd_DHParameters(SSL_CONF_CTX *cctx, const char *value)\r
1822 BIO_free(in);\r
1823 return rv > 0;\r
1824 }\r
1825-#endif\r
1826+#endif /* !OPENSSL_NO_DH */\r
1827+#endif /* !OPENSSL_NO_STDIO */\r
1828+\r
1829 typedef struct {\r
1830 int (*cmd) (SSL_CONF_CTX *cctx, const char *value);\r
1831 const char *str_file;\r
1832@@ -454,12 +457,14 @@ static const ssl_conf_cmd_tbl ssl_conf_cmds[] = {\r
1833 SSL_CONF_CMD_STRING(CipherString, "cipher"),\r
1834 SSL_CONF_CMD_STRING(Protocol, NULL),\r
1835 SSL_CONF_CMD_STRING(Options, NULL),\r
1836+#ifndef OPENSSL_NO_STDIO\r
1837 SSL_CONF_CMD(Certificate, "cert", SSL_CONF_TYPE_FILE),\r
1838 SSL_CONF_CMD(PrivateKey, "key", SSL_CONF_TYPE_FILE),\r
1839 SSL_CONF_CMD(ServerInfoFile, NULL, SSL_CONF_TYPE_FILE),\r
1840 #ifndef OPENSSL_NO_DH\r
1841 SSL_CONF_CMD(DHParameters, "dhparam", SSL_CONF_TYPE_FILE)\r
1842 #endif\r
1843+#endif\r
1844 };\r
1845 \r
1846 static int ssl_conf_cmd_skip_prefix(SSL_CONF_CTX *cctx, const char **pcmd)\r
e578aa19
QL		 1847diff --git a/ssl/t1_enc.c b/ssl/t1_enc.c\r
1848index 514fcb3..2a54cc9 100644\r
1849--- a/ssl/t1_enc.c\r
1850+++ b/ssl/t1_enc.c\r
1851@@ -780,9 +780,7 @@ int tls1_enc(SSL *s, int send)\r
1852 * we can't write into the input stream: Can this ever\r
1853 * happen?? (steve)\r
1854 */\r
1855- fprintf(stderr,\r
1856- "%s:%d: rec->data != rec->input\n",\r
1857- __FILE__, __LINE__);\r
1858+ fprintf(stderr, "tls1_enc: rec->data != rec->input\n");\r
1859 else if (RAND_bytes(rec->input, ivlen) <= 0)\r
1860 return -1;\r
1861 }\r
1862diff --git a/util/mkerr.pl b/util/mkerr.pl\r
1863index 09ebebe..cd57ade 100644\r
1864--- a/util/mkerr.pl\r
1865+++ b/util/mkerr.pl\r
1866@@ -89,7 +89,7 @@ Options:\r
1867 void ERR_load_<LIB>_strings(void);\r
1868 void ERR_unload_<LIB>_strings(void);\r
1869 void ERR_<LIB>_error(int f, int r, char *fn, int ln);\r
1870- #define <LIB>err(f,r) ERR_<LIB>_error(f,r,__FILE__,__LINE__)\r
1871+ #define <LIB>err(f,r) ERR_<LIB>_error(f,r,OPENSSL_FILE,OPENSSL_LINE)\r
1872 while the code facilitates the use of these in an environment\r
1873 where the error support routines are dynamically loaded at \r
1874 runtime.\r
1875@@ -474,7 +474,7 @@ EOF\r
1876 ${staticloader}void ERR_load_${lib}_strings(void);\r
1877 ${staticloader}void ERR_unload_${lib}_strings(void);\r
1878 ${staticloader}void ERR_${lib}_error(int function, int reason, char *file, int line);\r
1879-# define ${lib}err(f,r) ERR_${lib}_error((f),(r),__FILE__,__LINE__)\r
1880+# define ${lib}err(f,r) ERR_${lib}_error((f),(r),OPENSSL_FILE,OPENSSL_LINE)\r
1881 \r
1882 EOF\r
1883 }\r
EFI Development Kit II mirror for PVE