]> git.proxmox.com Git - mirror_edk2.git/blame - CryptoPkg/Library/OpensslLib/EDKII_openssl-1.0.2h.patch
projects / mirror_edk2.git / blame
? search:
summary | shortlog | log | commit | commitdiff | tree
blob | blame (incremental) | history | HEAD
CryptoPkg: Fix capitalization of path name in Patch-HOWTO.txt
[mirror_edk2.git] / CryptoPkg / Library / OpensslLib / EDKII_openssl-1.0.2h.patch
CommitLineData
ca6fa1fe 1diff --git a/Configure b/Configure\r
ec3a1a11 2index c98107a..c122709 100755\r
ca6fa1fe
QL		 3--- a/Configure\r
4+++ b/Configure\r
ec3a1a11 5@@ -609,6 +609,9 @@ my %table=(\r
65213f29
QL		 6 # with itself, Applink is never engaged and can as well be omitted.\r
7 "mingw64", "gcc:-mno-cygwin -DL_ENDIAN -O3 -Wall -DWIN32_LEAN_AND_MEAN -DUNICODE -D_UNICODE::-D_MT:MINGW64:-lws2_32 -lgdi32 -lcrypt32:SIXTY_FOUR_BIT RC4_CHUNK_LL DES_INT EXPORT_VAR_AS_FN:${x86_64_asm}:mingw64:win32:cygwin-shared:-D_WINDLL:-mno-cygwin:.dll.a",\r
8 \r
9+# UEFI\r
10+"UEFI", "cc:-DL_ENDIAN -O:::UEFI::::",\r
11+\r
12 # UWIN \r
13 "UWIN", "cc:-DTERMIOS -DL_ENDIAN -O -Wall:::UWIN::BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${no_asm}:win32",\r
14 \r
ec3a1a11 15@@ -1088,7 +1091,7 @@ if (defined($disabled{"tls1"}))\r
ca6fa1fe
QL		 16 }\r
17 \r
18 if (defined($disabled{"ec"}) || defined($disabled{"dsa"})\r
19- || defined($disabled{"dh"}))\r
20+ || defined($disabled{"dh"}) || defined($disabled{"stdio"}))\r
21 {\r
22 $disabled{"gost"} = "forced";\r
23 }\r
e94546e7 24diff --git a/apps/apps.c b/apps/apps.c\r
ec3a1a11 25index b1dd970..8278c28 100644\r
e94546e7
QL		 26--- a/apps/apps.c\r
27+++ b/apps/apps.c\r
28@@ -2374,6 +2374,8 @@ int args_verify(char ***pargs, int *pargc,\r
29 flags |= X509_V_FLAG_PARTIAL_CHAIN;\r
30 else if (!strcmp(arg, "-no_alt_chains"))\r
31 flags |= X509_V_FLAG_NO_ALT_CHAINS;\r
32+ else if (!strcmp(arg, "-no_check_time"))\r
33+ flags |= X509_V_FLAG_NO_CHECK_TIME;\r
34 else\r
35 return 0;\r
36 \r
ca6fa1fe
QL		 37diff --git a/crypto/asn1/a_strex.c b/crypto/asn1/a_strex.c\r
38index 35fd44c..9f39bff 100644\r
39--- a/crypto/asn1/a_strex.c\r
40+++ b/crypto/asn1/a_strex.c\r
41@@ -104,6 +104,7 @@ static int send_bio_chars(void *arg, const void *buf, int len)\r
42 return 1;\r
43 }\r
44 \r
45+#ifndef OPENSSL_NO_FP_API\r
46 static int send_fp_chars(void *arg, const void *buf, int len)\r
47 {\r
48 if (!arg)\r
49@@ -112,6 +113,7 @@ static int send_fp_chars(void *arg, const void *buf, int len)\r
50 return 0;\r
51 return 1;\r
52 }\r
53+#endif\r
54 \r
55 typedef int char_io (void *arg, const void *buf, int len);\r
56 \r
e578aa19
QL		 57diff --git a/crypto/asn1/asn1_mac.h b/crypto/asn1/asn1_mac.h\r
58index abc6dc3..3a672e9 100644\r
59--- a/crypto/asn1/asn1_mac.h\r
60+++ b/crypto/asn1/asn1_mac.h\r
61@@ -70,7 +70,7 @@ extern "C" {\r
62 # endif\r
63 \r
64 # define ASN1_MAC_H_err(f,r,line) \\r
65- ERR_PUT_error(ASN1_MAC_ERR_LIB,(f),(r),__FILE__,(line))\r
66+ ERR_PUT_error(ASN1_MAC_ERR_LIB,(f),(r),OPENSSL_FILE,(line))\r
67 \r
68 # define M_ASN1_D2I_vars(a,type,func) \\r
69 ASN1_const_CTX c; \\r
70@@ -81,7 +81,7 @@ extern "C" {\r
71 c.error=ERR_R_NESTED_ASN1_ERROR; \\r
72 if ((a == NULL) || ((*a) == NULL)) \\r
73 { if ((ret=(type)func()) == NULL) \\r
74- { c.line=__LINE__; goto err; } } \\r
75+ { c.line=OPENSSL_LINE; goto err; } } \\r
76 else ret=(*a);\r
77 \r
78 # define M_ASN1_D2I_Init() \\r
79@@ -90,7 +90,7 @@ extern "C" {\r
80 \r
81 # define M_ASN1_D2I_Finish_2(a) \\r
82 if (!asn1_const_Finish(&c)) \\r
83- { c.line=__LINE__; goto err; } \\r
84+ { c.line=OPENSSL_LINE; goto err; } \\r
85 *(const unsigned char **)pp=c.p; \\r
86 if (a != NULL) (*a)=ret; \\r
87 return(ret);\r
88@@ -105,7 +105,7 @@ err:\\r
89 \r
90 # define M_ASN1_D2I_start_sequence() \\r
91 if (!asn1_GetSequence(&c,&length)) \\r
92- { c.line=__LINE__; goto err; }\r
93+ { c.line=OPENSSL_LINE; goto err; }\r
94 /* Begin reading ASN1 without a surrounding sequence */\r
95 # define M_ASN1_D2I_begin() \\r
96 c.slen = length;\r
97@@ -129,21 +129,21 @@ err:\\r
98 # define M_ASN1_D2I_get(b, func) \\r
99 c.q=c.p; \\r
100 if (func(&(b),&c.p,c.slen) == NULL) \\r
101- {c.line=__LINE__; goto err; } \\r
102+ {c.line=OPENSSL_LINE; goto err; } \\r
103 c.slen-=(c.p-c.q);\r
104 \r
105 /* Don't use this with d2i_ASN1_BOOLEAN() */\r
106 # define M_ASN1_D2I_get_x(type,b,func) \\r
107 c.q=c.p; \\r
108 if (((D2I_OF(type))func)(&(b),&c.p,c.slen) == NULL) \\r
109- {c.line=__LINE__; goto err; } \\r
110+ {c.line=OPENSSL_LINE; goto err; } \\r
111 c.slen-=(c.p-c.q);\r
112 \r
113 /* use this instead () */\r
114 # define M_ASN1_D2I_get_int(b,func) \\r
115 c.q=c.p; \\r
116 if (func(&(b),&c.p,c.slen) < 0) \\r
117- {c.line=__LINE__; goto err; } \\r
118+ {c.line=OPENSSL_LINE; goto err; } \\r
119 c.slen-=(c.p-c.q);\r
120 \r
121 # define M_ASN1_D2I_get_opt(b,func,type) \\r
122@@ -164,7 +164,7 @@ err:\\r
123 M_ASN1_next=(_tmp& V_ASN1_CONSTRUCTED)|type; \\r
124 c.q=c.p; \\r
125 if (func(&(b),&c.p,c.slen) == NULL) \\r
126- {c.line=__LINE__; M_ASN1_next_prev = _tmp; goto err; } \\r
127+ {c.line=OPENSSL_LINE; M_ASN1_next_prev = _tmp; goto err; } \\r
128 c.slen-=(c.p-c.q);\\r
129 M_ASN1_next_prev=_tmp;\r
130 \r
131@@ -258,20 +258,20 @@ err:\\r
132 c.q=c.p; \\r
133 if (d2i_ASN1_SET(&(r),&c.p,c.slen,(char *(*)())func,\\r
134 (void (*)())free_func,a,b) == NULL) \\r
135- { c.line=__LINE__; goto err; } \\r
136+ { c.line=OPENSSL_LINE; goto err; } \\r
137 c.slen-=(c.p-c.q);\r
138 \r
139 # define M_ASN1_D2I_get_imp_set_type(type,r,func,free_func,a,b) \\r
140 c.q=c.p; \\r
141 if (d2i_ASN1_SET_OF_##type(&(r),&c.p,c.slen,func,\\r
142 free_func,a,b) == NULL) \\r
143- { c.line=__LINE__; goto err; } \\r
144+ { c.line=OPENSSL_LINE; goto err; } \\r
145 c.slen-=(c.p-c.q);\r
146 \r
147 # define M_ASN1_D2I_get_set_strings(r,func,a,b) \\r
148 c.q=c.p; \\r
149 if (d2i_ASN1_STRING_SET(&(r),&c.p,c.slen,a,b) == NULL) \\r
150- { c.line=__LINE__; goto err; } \\r
151+ { c.line=OPENSSL_LINE; goto err; } \\r
152 c.slen-=(c.p-c.q);\r
153 \r
154 # define M_ASN1_D2I_get_EXP_opt(r,func,tag) \\r
155@@ -285,16 +285,16 @@ err:\\r
156 Tinf=ASN1_get_object(&c.p,&Tlen,&Ttag,&Tclass,c.slen); \\r
157 if (Tinf & 0x80) \\r
158 { c.error=ERR_R_BAD_ASN1_OBJECT_HEADER; \\r
159- c.line=__LINE__; goto err; } \\r
160+ c.line=OPENSSL_LINE; goto err; } \\r
161 if (Tinf == (V_ASN1_CONSTRUCTED+1)) \\r
162 Tlen = c.slen - (c.p - c.q) - 2; \\r
163 if (func(&(r),&c.p,Tlen) == NULL) \\r
164- { c.line=__LINE__; goto err; } \\r
165+ { c.line=OPENSSL_LINE; goto err; } \\r
166 if (Tinf == (V_ASN1_CONSTRUCTED+1)) { \\r
167 Tlen = c.slen - (c.p - c.q); \\r
168 if(!ASN1_const_check_infinite_end(&c.p, Tlen)) \\r
169 { c.error=ERR_R_MISSING_ASN1_EOS; \\r
170- c.line=__LINE__; goto err; } \\r
171+ c.line=OPENSSL_LINE; goto err; } \\r
172 }\\r
173 c.slen-=(c.p-c.q); \\r
174 }\r
175@@ -310,18 +310,18 @@ err:\\r
176 Tinf=ASN1_get_object(&c.p,&Tlen,&Ttag,&Tclass,c.slen); \\r
177 if (Tinf & 0x80) \\r
178 { c.error=ERR_R_BAD_ASN1_OBJECT_HEADER; \\r
179- c.line=__LINE__; goto err; } \\r
180+ c.line=OPENSSL_LINE; goto err; } \\r
181 if (Tinf == (V_ASN1_CONSTRUCTED+1)) \\r
182 Tlen = c.slen - (c.p - c.q) - 2; \\r
183 if (d2i_ASN1_SET(&(r),&c.p,Tlen,(char *(*)())func, \\r
184 (void (*)())free_func, \\r
185 b,V_ASN1_UNIVERSAL) == NULL) \\r
186- { c.line=__LINE__; goto err; } \\r
187+ { c.line=OPENSSL_LINE; goto err; } \\r
188 if (Tinf == (V_ASN1_CONSTRUCTED+1)) { \\r
189 Tlen = c.slen - (c.p - c.q); \\r
190 if(!ASN1_check_infinite_end(&c.p, Tlen)) \\r
191 { c.error=ERR_R_MISSING_ASN1_EOS; \\r
192- c.line=__LINE__; goto err; } \\r
193+ c.line=OPENSSL_LINE; goto err; } \\r
194 }\\r
195 c.slen-=(c.p-c.q); \\r
196 }\r
197@@ -337,17 +337,17 @@ err:\\r
198 Tinf=ASN1_get_object(&c.p,&Tlen,&Ttag,&Tclass,c.slen); \\r
199 if (Tinf & 0x80) \\r
200 { c.error=ERR_R_BAD_ASN1_OBJECT_HEADER; \\r
201- c.line=__LINE__; goto err; } \\r
202+ c.line=OPENSSL_LINE; goto err; } \\r
203 if (Tinf == (V_ASN1_CONSTRUCTED+1)) \\r
204 Tlen = c.slen - (c.p - c.q) - 2; \\r
205 if (d2i_ASN1_SET_OF_##type(&(r),&c.p,Tlen,func, \\r
206 free_func,b,V_ASN1_UNIVERSAL) == NULL) \\r
207- { c.line=__LINE__; goto err; } \\r
208+ { c.line=OPENSSL_LINE; goto err; } \\r
209 if (Tinf == (V_ASN1_CONSTRUCTED+1)) { \\r
210 Tlen = c.slen - (c.p - c.q); \\r
211 if(!ASN1_check_infinite_end(&c.p, Tlen)) \\r
212 { c.error=ERR_R_MISSING_ASN1_EOS; \\r
213- c.line=__LINE__; goto err; } \\r
214+ c.line=OPENSSL_LINE; goto err; } \\r
215 }\\r
216 c.slen-=(c.p-c.q); \\r
217 }\r
218@@ -355,7 +355,7 @@ err:\\r
219 /* New macros */\r
220 # define M_ASN1_New_Malloc(ret,type) \\r
221 if ((ret=(type *)OPENSSL_malloc(sizeof(type))) == NULL) \\r
222- { c.line=__LINE__; goto err2; }\r
223+ { c.line=OPENSSL_LINE; goto err2; }\r
224 \r
225 # define M_ASN1_New(arg,func) \\r
226 if (((arg)=func()) == NULL) return(NULL)\r
42d68342
QL		 227diff --git a/crypto/asn1/n_pkey.c b/crypto/asn1/n_pkey.c\r
228index d5a5514..bede55c 100644\r
229--- a/crypto/asn1/n_pkey.c\r
230+++ b/crypto/asn1/n_pkey.c\r
231@@ -193,7 +193,12 @@ int i2d_RSA_NET(const RSA *a, unsigned char **pp,\r
232 OPENSSL_cleanse(pkey->private_key->data, rsalen);\r
233 \r
234 if (cb == NULL)\r
235+#ifndef OPENSSL_NO_UI\r
236 cb = EVP_read_pw_string;\r
237+#else\r
238+ i = 1;\r
239+ else\r
240+#endif\r
241 i = cb((char *)buf, 256, "Enter Private Key password:", 1);\r
242 if (i != 0) {\r
243 ASN1err(ASN1_F_I2D_RSA_NET, ASN1_R_BAD_PASSWORD_READ);\r
244@@ -264,7 +269,11 @@ RSA *d2i_RSA_NET(RSA **a, const unsigned char **pp, long length,\r
245 goto err;\r
246 }\r
247 if (cb == NULL)\r
248+#ifndef OPENSSL_NO_UI\r
249 cb = EVP_read_pw_string;\r
250+#else\r
251+ goto err;\r
252+#endif\r
253 if ((ret = d2i_RSA_NET_2(a, enckey->enckey->digest, cb, sgckey)) == NULL)\r
254 goto err;\r
255 \r
b9dbddd8 256diff --git a/crypto/bn/bn_prime.c b/crypto/bn/bn_prime.c\r
8ff7187c 257index 1d25687..ad641c3 100644\r
b9dbddd8
QL		 258--- a/crypto/bn/bn_prime.c\r
259+++ b/crypto/bn/bn_prime.c\r
260@@ -131,7 +131,7 @@\r
261 static int witness(BIGNUM *w, const BIGNUM *a, const BIGNUM *a1,\r
262 const BIGNUM *a1_odd, int k, BN_CTX *ctx,\r
263 BN_MONT_CTX *mont);\r
264-static int probable_prime(BIGNUM *rnd, int bits);\r
265+static int probable_prime(BIGNUM *rnd, int bits, prime_t *mods);\r
266 static int probable_prime_dh(BIGNUM *rnd, int bits,\r
267 const BIGNUM *add, const BIGNUM *rem,\r
268 BN_CTX *ctx);\r
269@@ -166,9 +166,13 @@ int BN_generate_prime_ex(BIGNUM *ret, int bits, int safe,\r
270 BIGNUM *t;\r
271 int found = 0;\r
272 int i, j, c1 = 0;\r
273- BN_CTX *ctx;\r
274+ BN_CTX *ctx = NULL;\r
275+ prime_t *mods = NULL;\r
276 int checks = BN_prime_checks_for_size(bits);\r
277 \r
278+ mods = OPENSSL_malloc(sizeof(*mods) * NUMPRIMES);\r
279+ if (mods == NULL)\r
8ff7187c 280+ goto err;\r
b9dbddd8
QL		 281 ctx = BN_CTX_new();\r
282 if (ctx == NULL)\r
283 goto err;\r
284@@ -179,7 +183,7 @@ int BN_generate_prime_ex(BIGNUM *ret, int bits, int safe,\r
285 loop:\r
286 /* make a random number and set the top and bottom bits */\r
287 if (add == NULL) {\r
288- if (!probable_prime(ret, bits))\r
289+ if (!probable_prime(ret, bits, mods))\r
290 goto err;\r
291 } else {\r
292 if (safe) {\r
293@@ -230,6 +234,7 @@ int BN_generate_prime_ex(BIGNUM *ret, int bits, int safe,\r
294 /* we have a prime :-) */\r
295 found = 1;\r
296 err:\r
297+ OPENSSL_free(mods);\r
298 if (ctx != NULL) {\r
299 BN_CTX_end(ctx);\r
300 BN_CTX_free(ctx);\r
301@@ -375,10 +380,9 @@ static int witness(BIGNUM *w, const BIGNUM *a, const BIGNUM *a1,\r
302 return 1;\r
303 }\r
304 \r
305-static int probable_prime(BIGNUM *rnd, int bits)\r
306+static int probable_prime(BIGNUM *rnd, int bits, prime_t *mods)\r
307 {\r
308 int i;\r
309- prime_t mods[NUMPRIMES];\r
310 BN_ULONG delta, maxdelta;\r
311 \r
312 again:\r
ca6fa1fe 313diff --git a/crypto/conf/conf.h b/crypto/conf/conf.h\r
8ff7187c 314index 8d926d5..c29e97d 100644\r
ca6fa1fe
QL		 315--- a/crypto/conf/conf.h\r
316+++ b/crypto/conf/conf.h\r
317@@ -118,8 +118,10 @@ typedef void conf_finish_func (CONF_IMODULE *md);\r
318 \r
319 int CONF_set_default_method(CONF_METHOD *meth);\r
320 void CONF_set_nconf(CONF *conf, LHASH_OF(CONF_VALUE) *hash);\r
321+# ifndef OPENSSL_NO_STDIO\r
322 LHASH_OF(CONF_VALUE) *CONF_load(LHASH_OF(CONF_VALUE) *conf, const char *file,\r
323 long *eline);\r
324+# endif\r
325 # ifndef OPENSSL_NO_FP_API\r
326 LHASH_OF(CONF_VALUE) *CONF_load_fp(LHASH_OF(CONF_VALUE) *conf, FILE *fp,\r
327 long *eline);\r
328@@ -133,7 +135,9 @@ char *CONF_get_string(LHASH_OF(CONF_VALUE) *conf, const char *group,\r
329 long CONF_get_number(LHASH_OF(CONF_VALUE) *conf, const char *group,\r
330 const char *name);\r
331 void CONF_free(LHASH_OF(CONF_VALUE) *conf);\r
8ff7187c 332+# ifndef OPENSSL_NO_FP_API\r
ca6fa1fe 333 int CONF_dump_fp(LHASH_OF(CONF_VALUE) *conf, FILE *out);\r
8ff7187c 334+# endif\r
ca6fa1fe
QL		 335 int CONF_dump_bio(LHASH_OF(CONF_VALUE) *conf, BIO *out);\r
336 \r
337 void OPENSSL_config(const char *config_name);\r
338@@ -160,7 +164,9 @@ CONF_METHOD *NCONF_XML(void);\r
339 void NCONF_free(CONF *conf);\r
340 void NCONF_free_data(CONF *conf);\r
341 \r
342+# ifndef OPENSSL_NO_STDIO\r
343 int NCONF_load(CONF *conf, const char *file, long *eline);\r
344+# endif\r
345 # ifndef OPENSSL_NO_FP_API\r
346 int NCONF_load_fp(CONF *conf, FILE *fp, long *eline);\r
f93f78ea 347 # endif\r
ca6fa1fe
QL		 348@@ -170,7 +176,9 @@ STACK_OF(CONF_VALUE) *NCONF_get_section(const CONF *conf,\r
349 char *NCONF_get_string(const CONF *conf, const char *group, const char *name);\r
350 int NCONF_get_number_e(const CONF *conf, const char *group, const char *name,\r
351 long *result);\r
8ff7187c 352+# ifndef OPENSSL_NO_FP_API\r
ca6fa1fe 353 int NCONF_dump_fp(const CONF *conf, FILE *out);\r
8ff7187c 354+# endif\r
ca6fa1fe
QL		 355 int NCONF_dump_bio(const CONF *conf, BIO *out);\r
356 \r
357 # if 0 /* The following function has no error\r
358@@ -184,8 +192,10 @@ long NCONF_get_number(CONF *conf, char *group, char *name);\r
359 \r
360 int CONF_modules_load(const CONF *cnf, const char *appname,\r
361 unsigned long flags);\r
8ff7187c 362+# ifndef OPENSSL_NO_STDIO\r
ca6fa1fe
QL		 363 int CONF_modules_load_file(const char *filename, const char *appname,\r
364 unsigned long flags);\r
8ff7187c 365+# endif\r
ca6fa1fe
QL		 366 void CONF_modules_unload(int all);\r
367 void CONF_modules_finish(void);\r
368 void CONF_modules_free(void);\r
369diff --git a/crypto/conf/conf_def.c b/crypto/conf/conf_def.c\r
370index 68c77ce..3d308c7 100644\r
371--- a/crypto/conf/conf_def.c\r
372+++ b/crypto/conf/conf_def.c\r
373@@ -182,6 +182,10 @@ static int def_destroy_data(CONF *conf)\r
374 \r
375 static int def_load(CONF *conf, const char *name, long *line)\r
376 {\r
377+#ifdef OPENSSL_NO_STDIO\r
378+ CONFerr(CONF_F_DEF_LOAD, ERR_R_SYS_LIB);\r
379+ return 0;\r
380+#else\r
381 int ret;\r
382 BIO *in = NULL;\r
383 \r
384@@ -202,6 +206,7 @@ static int def_load(CONF *conf, const char *name, long *line)\r
385 BIO_free(in);\r
386 \r
387 return ret;\r
388+#endif\r
f93f78ea
QL		 389 }\r
390 \r
ca6fa1fe
QL		 391 static int def_load_bio(CONF *conf, BIO *in, long *line)\r
392diff --git a/crypto/conf/conf_lib.c b/crypto/conf/conf_lib.c\r
393index 5281384..952b545 100644\r
394--- a/crypto/conf/conf_lib.c\r
395+++ b/crypto/conf/conf_lib.c\r
396@@ -90,6 +90,7 @@ int CONF_set_default_method(CONF_METHOD *meth)\r
397 return 1;\r
398 }\r
399 \r
400+#ifndef OPENSSL_NO_STDIO\r
401 LHASH_OF(CONF_VALUE) *CONF_load(LHASH_OF(CONF_VALUE) *conf, const char *file,\r
402 long *eline)\r
403 {\r
404@@ -111,6 +112,7 @@ LHASH_OF(CONF_VALUE) *CONF_load(LHASH_OF(CONF_VALUE) *conf, const char *file,\r
405 \r
406 return ltmp;\r
407 }\r
408+#endif\r
409 \r
410 #ifndef OPENSSL_NO_FP_API\r
411 LHASH_OF(CONF_VALUE) *CONF_load_fp(LHASH_OF(CONF_VALUE) *conf, FILE *fp,\r
412@@ -255,6 +257,7 @@ void NCONF_free_data(CONF *conf)\r
413 conf->meth->destroy_data(conf);\r
414 }\r
415 \r
416+#ifndef OPENSSL_NO_STDIO\r
417 int NCONF_load(CONF *conf, const char *file, long *eline)\r
418 {\r
419 if (conf == NULL) {\r
420@@ -264,6 +267,7 @@ int NCONF_load(CONF *conf, const char *file, long *eline)\r
421 \r
422 return conf->meth->load(conf, file, eline);\r
423 }\r
424+#endif\r
425 \r
426 #ifndef OPENSSL_NO_FP_API\r
427 int NCONF_load_fp(CONF *conf, FILE *fp, long *eline)\r
428diff --git a/crypto/conf/conf_mod.c b/crypto/conf/conf_mod.c\r
429index 9acfca4..5e0a482 100644\r
430--- a/crypto/conf/conf_mod.c\r
431+++ b/crypto/conf/conf_mod.c\r
432@@ -159,6 +159,7 @@ int CONF_modules_load(const CONF *cnf, const char *appname,\r
f93f78ea 433 \r
ca6fa1fe
QL		 434 }\r
435 \r
436+#ifndef OPENSSL_NO_STDIO\r
437 int CONF_modules_load_file(const char *filename, const char *appname,\r
438 unsigned long flags)\r
439 {\r
440@@ -194,6 +195,7 @@ int CONF_modules_load_file(const char *filename, const char *appname,\r
441 \r
442 return ret;\r
443 }\r
444+#endif\r
445 \r
446 static int module_run(const CONF *cnf, char *name, char *value,\r
447 unsigned long flags)\r
448diff --git a/crypto/conf/conf_sap.c b/crypto/conf/conf_sap.c\r
449index c042cf2..a25b636 100644\r
450--- a/crypto/conf/conf_sap.c\r
451+++ b/crypto/conf/conf_sap.c\r
452@@ -87,9 +87,11 @@ void OPENSSL_config(const char *config_name)\r
453 ENGINE_load_builtin_engines();\r
454 #endif\r
455 ERR_clear_error();\r
456+#ifndef OPENSSL_NO_STDIO\r
457 CONF_modules_load_file(NULL, config_name,\r
458 CONF_MFLAGS_DEFAULT_SECTION |\r
459 CONF_MFLAGS_IGNORE_MISSING_FILE);\r
460+#endif\r
461 openssl_configured = 1;\r
462 }\r
463 \r
464diff --git a/crypto/cryptlib.c b/crypto/cryptlib.c\r
ec3a1a11 465index 1925428..da4b34d 100644\r
ca6fa1fe
QL		 466--- a/crypto/cryptlib.c\r
467+++ b/crypto/cryptlib.c\r
e578aa19
QL		 468@@ -263,7 +263,7 @@ int CRYPTO_get_new_dynlockid(void)\r
469 return (0);\r
470 }\r
471 pointer->references = 1;\r
472- pointer->data = dynlock_create_callback(__FILE__, __LINE__);\r
473+ pointer->data = dynlock_create_callback(OPENSSL_FILE, OPENSSL_LINE);\r
474 if (pointer->data == NULL) {\r
475 OPENSSL_free(pointer);\r
476 CRYPTOerr(CRYPTO_F_CRYPTO_GET_NEW_DYNLOCKID, ERR_R_MALLOC_FAILURE);\r
477@@ -289,7 +289,7 @@ int CRYPTO_get_new_dynlockid(void)\r
478 CRYPTO_w_unlock(CRYPTO_LOCK_DYNLOCK);\r
479 \r
480 if (i == -1) {\r
481- dynlock_destroy_callback(pointer->data, __FILE__, __LINE__);\r
482+ dynlock_destroy_callback(pointer->data, OPENSSL_FILE, OPENSSL_LINE);\r
483 OPENSSL_free(pointer);\r
484 } else\r
485 i += 1; /* to avoid 0 */\r
486@@ -328,7 +328,7 @@ void CRYPTO_destroy_dynlockid(int i)\r
487 CRYPTO_w_unlock(CRYPTO_LOCK_DYNLOCK);\r
488 \r
489 if (pointer) {\r
490- dynlock_destroy_callback(pointer->data, __FILE__, __LINE__);\r
491+ dynlock_destroy_callback(pointer->data, OPENSSL_FILE, OPENSSL_LINE);\r
492 OPENSSL_free(pointer);\r
493 }\r
494 }\r
ca6fa1fe
QL		 495@@ -670,6 +670,7 @@ unsigned long *OPENSSL_ia32cap_loc(void)\r
496 }\r
497 \r
498 # if defined(OPENSSL_CPUID_OBJ) && !defined(OPENSSL_NO_ASM) && !defined(I386_ONLY)\r
499+#include <stdio.h>\r
500 # define OPENSSL_CPUID_SETUP\r
501 # if defined(_WIN32)\r
502 typedef unsigned __int64 IA32CAP;\r
503@@ -980,11 +981,13 @@ void OPENSSL_showfatal(const char *fmta, ...)\r
504 #else\r
505 void OPENSSL_showfatal(const char *fmta, ...)\r
506 {\r
507+#ifndef OPENSSL_NO_STDIO\r
508 va_list ap;\r
509 \r
510 va_start(ap, fmta);\r
511 vfprintf(stderr, fmta, ap);\r
512 va_end(ap);\r
513+#endif\r
514 }\r
515 \r
516 int OPENSSL_isservice(void)\r
517@@ -1011,10 +1014,12 @@ void OpenSSLDie(const char *file, int line, const char *assertion)\r
518 #endif\r
519 }\r
520 \r
521+#ifndef OPENSSL_NO_STDIO\r
522 void *OPENSSL_stderr(void)\r
523 {\r
524 return stderr;\r
525 }\r
526+#endif\r
527 \r
ec3a1a11 528 int CRYPTO_memcmp(const volatile void *in_a, const volatile void *in_b, size_t len)\r
ca6fa1fe
QL		 529 {\r
530diff --git a/crypto/cryptlib.h b/crypto/cryptlib.h\r
531index fba180a..3e3ea5e 100644\r
532--- a/crypto/cryptlib.h\r
533+++ b/crypto/cryptlib.h\r
534@@ -101,7 +101,9 @@ extern "C" {\r
535 void OPENSSL_cpuid_setup(void);\r
536 extern unsigned int OPENSSL_ia32cap_P[];\r
537 void OPENSSL_showfatal(const char *fmta, ...);\r
538+#ifndef OPENSSL_NO_STDIO\r
539 void *OPENSSL_stderr(void);\r
540+#endif\r
541 extern int OPENSSL_NONPIC_relocated;\r
542 \r
543 #ifdef __cplusplus\r
3f73ccb3 544diff --git a/crypto/crypto.h b/crypto/crypto.h\r
ec3a1a11 545index 6c644ce..bea4ca1 100644\r
3f73ccb3
QL		 546--- a/crypto/crypto.h\r
547+++ b/crypto/crypto.h\r
548@@ -235,15 +235,15 @@ typedef struct openssl_item_st {\r
549 # ifndef OPENSSL_NO_LOCKING\r
550 # ifndef CRYPTO_w_lock\r
551 # define CRYPTO_w_lock(type) \\r
552- CRYPTO_lock(CRYPTO_LOCK|CRYPTO_WRITE,type,__FILE__,__LINE__)\r
e578aa19 553+ CRYPTO_lock(CRYPTO_LOCK|CRYPTO_WRITE,type,OPENSSL_FILE,OPENSSL_LINE)\r
3f73ccb3
QL		 554 # define CRYPTO_w_unlock(type) \\r
555- CRYPTO_lock(CRYPTO_UNLOCK|CRYPTO_WRITE,type,__FILE__,__LINE__)\r
e578aa19 556+ CRYPTO_lock(CRYPTO_UNLOCK|CRYPTO_WRITE,type,OPENSSL_FILE,OPENSSL_LINE)\r
3f73ccb3
QL		 557 # define CRYPTO_r_lock(type) \\r
558- CRYPTO_lock(CRYPTO_LOCK|CRYPTO_READ,type,__FILE__,__LINE__)\r
e578aa19 559+ CRYPTO_lock(CRYPTO_LOCK|CRYPTO_READ,type,OPENSSL_FILE,OPENSSL_LINE)\r
3f73ccb3
QL		 560 # define CRYPTO_r_unlock(type) \\r
561- CRYPTO_lock(CRYPTO_UNLOCK|CRYPTO_READ,type,__FILE__,__LINE__)\r
e578aa19 562+ CRYPTO_lock(CRYPTO_UNLOCK|CRYPTO_READ,type,OPENSSL_FILE,OPENSSL_LINE)\r
3f73ccb3
QL		 563 # define CRYPTO_add(addr,amount,type) \\r
564- CRYPTO_add_lock(addr,amount,type,__FILE__,__LINE__)\r
e578aa19 565+ CRYPTO_add_lock(addr,amount,type,OPENSSL_FILE,OPENSSL_LINE)\r
3f73ccb3
QL		 566 # endif\r
567 # else\r
568 # define CRYPTO_w_lock(a)\r
569@@ -378,19 +378,19 @@ int CRYPTO_is_mem_check_on(void);\r
570 # define MemCheck_off() CRYPTO_mem_ctrl(CRYPTO_MEM_CHECK_DISABLE)\r
571 # define is_MemCheck_on() CRYPTO_is_mem_check_on()\r
572 \r
573-# define OPENSSL_malloc(num) CRYPTO_malloc((int)num,__FILE__,__LINE__)\r
574-# define OPENSSL_strdup(str) CRYPTO_strdup((str),__FILE__,__LINE__)\r
e578aa19
QL		 575+# define OPENSSL_malloc(num) CRYPTO_malloc((int)num,OPENSSL_FILE,OPENSSL_LINE)\r
576+# define OPENSSL_strdup(str) CRYPTO_strdup((str),OPENSSL_FILE,OPENSSL_LINE)\r
3f73ccb3
QL		 577 # define OPENSSL_realloc(addr,num) \\r
578- CRYPTO_realloc((char *)addr,(int)num,__FILE__,__LINE__)\r
e578aa19 579+ CRYPTO_realloc((char *)addr,(int)num,OPENSSL_FILE,OPENSSL_LINE)\r
3f73ccb3
QL		 580 # define OPENSSL_realloc_clean(addr,old_num,num) \\r
581- CRYPTO_realloc_clean(addr,old_num,num,__FILE__,__LINE__)\r
e578aa19 582+ CRYPTO_realloc_clean(addr,old_num,num,OPENSSL_FILE,OPENSSL_LINE)\r
3f73ccb3
QL		 583 # define OPENSSL_remalloc(addr,num) \\r
584- CRYPTO_remalloc((char **)addr,(int)num,__FILE__,__LINE__)\r
e578aa19 585+ CRYPTO_remalloc((char **)addr,(int)num,OPENSSL_FILE,OPENSSL_LINE)\r
3f73ccb3
QL		 586 # define OPENSSL_freeFunc CRYPTO_free\r
587 # define OPENSSL_free(addr) CRYPTO_free(addr)\r
588 \r
589 # define OPENSSL_malloc_locked(num) \\r
590- CRYPTO_malloc_locked((int)num,__FILE__,__LINE__)\r
e578aa19 591+ CRYPTO_malloc_locked((int)num,OPENSSL_FILE,OPENSSL_LINE)\r
3f73ccb3
QL		 592 # define OPENSSL_free_locked(addr) CRYPTO_free_locked(addr)\r
593 \r
594 const char *SSLeay_version(int type);\r
595@@ -545,7 +545,7 @@ void CRYPTO_set_mem_debug_options(long bits);\r
596 long CRYPTO_get_mem_debug_options(void);\r
597 \r
598 # define CRYPTO_push_info(info) \\r
599- CRYPTO_push_info_(info, __FILE__, __LINE__);\r
e578aa19 600+ CRYPTO_push_info_(info, OPENSSL_FILE, OPENSSL_LINE);\r
3f73ccb3
QL		 601 int CRYPTO_push_info_(const char *info, const char *file, int line);\r
602 int CRYPTO_pop_info(void);\r
603 int CRYPTO_remove_all_info(void);\r
604@@ -588,7 +588,7 @@ void CRYPTO_mem_leaks_cb(CRYPTO_MEM_LEAK_CB *cb);\r
605 \r
606 /* die if we have to */\r
607 void OpenSSLDie(const char *file, int line, const char *assertion);\r
608-# define OPENSSL_assert(e) (void)((e) ? 0 : (OpenSSLDie(__FILE__, __LINE__, #e),1))\r
e578aa19 609+# define OPENSSL_assert(e) (void)((e) ? 0 : (OpenSSLDie(OPENSSL_FILE, OPENSSL_LINE, #e),1))\r
3f73ccb3
QL		 610 \r
611 unsigned long *OPENSSL_ia32cap_loc(void);\r
612 # define OPENSSL_ia32cap (*(OPENSSL_ia32cap_loc()))\r
613@@ -605,14 +605,14 @@ void OPENSSL_init(void);\r
614 # define fips_md_init_ctx(alg, cx) \\r
615 int alg##_Init(cx##_CTX *c) \\r
616 { \\r
617- if (FIPS_mode()) OpenSSLDie(__FILE__, __LINE__, \\r
e578aa19 618+ if (FIPS_mode()) OpenSSLDie(OPENSSL_FILE, OPENSSL_LINE, \\r
3f73ccb3
QL		 619 "Low level API call to digest " #alg " forbidden in FIPS mode!"); \\r
620 return private_##alg##_Init(c); \\r
621 } \\r
622 int private_##alg##_Init(cx##_CTX *c)\r
623 \r
624 # define fips_cipher_abort(alg) \\r
625- if (FIPS_mode()) OpenSSLDie(__FILE__, __LINE__, \\r
e578aa19 626+ if (FIPS_mode()) OpenSSLDie(OPENSSL_FILE, OPENSSL_LINE, \\r
3f73ccb3
QL		 627 "Low level API call to cipher " #alg " forbidden in FIPS mode!")\r
628 \r
629 # else\r
ca6fa1fe
QL		 630diff --git a/crypto/des/read2pwd.c b/crypto/des/read2pwd.c\r
631index 01e275f..7633139 100644\r
632--- a/crypto/des/read2pwd.c\r
633+++ b/crypto/des/read2pwd.c\r
634@@ -114,6 +114,10 @@\r
635 #include <openssl/ui.h>\r
636 #include <openssl/crypto.h>\r
637 \r
638+#ifndef BUFSIZ\r
639+#define BUFSIZ 256\r
640+#endif\r
641+\r
642 int DES_read_password(DES_cblock *key, const char *prompt, int verify)\r
643 {\r
644 int ok;\r
f0e3cd19
QL		 645diff --git a/crypto/dh/Makefile b/crypto/dh/Makefile\r
646index 46fa5ac..cc366ec 100644\r
647--- a/crypto/dh/Makefile\r
648+++ b/crypto/dh/Makefile\r
649@@ -134,7 +134,7 @@ dh_gen.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h\r
650 dh_gen.o: ../../include/openssl/ossl_typ.h ../../include/openssl/safestack.h\r
651 dh_gen.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h\r
652 dh_gen.o: ../cryptlib.h dh_gen.c\r
653-dh_kdf.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h\r
654+dh_kdf.o: ../../e_os.h ../../include/openssl/asn1.h ../../include/openssl/bio.h\r
655 dh_kdf.o: ../../include/openssl/buffer.h ../../include/openssl/cms.h\r
656 dh_kdf.o: ../../include/openssl/crypto.h ../../include/openssl/dh.h\r
657 dh_kdf.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h\r
658diff --git a/crypto/dh/dh.h b/crypto/dh/dh.h\r
ec3a1a11 659index a5bd901..6488879 100644\r
f0e3cd19
QL		 660--- a/crypto/dh/dh.h\r
661+++ b/crypto/dh/dh.h\r
662@@ -240,11 +240,13 @@ DH *DH_get_1024_160(void);\r
663 DH *DH_get_2048_224(void);\r
664 DH *DH_get_2048_256(void);\r
665 \r
666+# ifndef OPENSSL_NO_CMS\r
667 /* RFC2631 KDF */\r
668 int DH_KDF_X9_42(unsigned char *out, size_t outlen,\r
669 const unsigned char *Z, size_t Zlen,\r
670 ASN1_OBJECT *key_oid,\r
671 const unsigned char *ukm, size_t ukmlen, const EVP_MD *md);\r
672+# endif\r
673 \r
674 # define EVP_PKEY_CTX_set_dh_paramgen_prime_len(ctx, len) \\r
675 EVP_PKEY_CTX_ctrl(ctx, EVP_PKEY_DH, EVP_PKEY_OP_PARAMGEN, \\r
676@@ -337,7 +339,9 @@ int DH_KDF_X9_42(unsigned char *out, size_t outlen,\r
677 \r
678 /* KDF types */\r
679 # define EVP_PKEY_DH_KDF_NONE 1\r
680+# ifndef OPENSSL_NO_CMS\r
681 # define EVP_PKEY_DH_KDF_X9_42 2\r
682+# endif\r
683 \r
684 /* BEGIN ERROR CODES */\r
685 /*\r
686diff --git a/crypto/dh/dh_kdf.c b/crypto/dh/dh_kdf.c\r
8ff7187c 687index a882cb2..aace5fb 100644\r
f0e3cd19
QL		 688--- a/crypto/dh/dh_kdf.c\r
689+++ b/crypto/dh/dh_kdf.c\r
8ff7187c 690@@ -51,6 +51,9 @@\r
f0e3cd19
QL		 691 * ====================================================================\r
692 */\r
693 \r
694+#include <e_os.h>\r
695+\r
696+#ifndef OPENSSL_NO_CMS\r
697 #include <string.h>\r
698 #include <openssl/dh.h>\r
699 #include <openssl/evp.h>\r
8ff7187c 700@@ -58,6 +61,7 @@\r
f0e3cd19
QL		 701 #include <openssl/cms.h>\r
702 \r
f0e3cd19
QL		 703 /* Key derivation from X9.42/RFC2631 */\r
704+/* Uses CMS functions, hence the #ifdef wrapper. */\r
705 \r
706 #define DH_KDF_MAX (1L << 30)\r
707 \r
8ff7187c 708@@ -185,3 +189,4 @@ int DH_KDF_X9_42(unsigned char *out, size_t outlen,\r
f0e3cd19
QL		 709 EVP_MD_CTX_cleanup(&mctx);\r
710 return rv;\r
711 }\r
712+#endif\r
3f73ccb3 713diff --git a/crypto/dh/dh_pmeth.c b/crypto/dh/dh_pmeth.c\r
8ff7187c 714index b58e3fa..926be98 100644\r
3f73ccb3
QL		 715--- a/crypto/dh/dh_pmeth.c\r
716+++ b/crypto/dh/dh_pmeth.c\r
f0e3cd19
QL		 717@@ -207,7 +207,11 @@ static int pkey_dh_ctrl(EVP_PKEY_CTX *ctx, int type, int p1, void *p2)\r
718 case EVP_PKEY_CTRL_DH_KDF_TYPE:\r
719 if (p1 == -2)\r
720 return dctx->kdf_type;\r
f93f78ea 721+#ifdef OPENSSL_NO_CMS\r
f0e3cd19 722+ if (p1 != EVP_PKEY_DH_KDF_NONE)\r
f93f78ea 723+#else\r
f0e3cd19
QL		 724 if (p1 != EVP_PKEY_DH_KDF_NONE && p1 != EVP_PKEY_DH_KDF_X9_42)\r
725+#endif\r
726 return -2;\r
727 dctx->kdf_type = p1;\r
728 return 1;\r
8ff7187c 729@@ -448,7 +452,9 @@ static int pkey_dh_derive(EVP_PKEY_CTX *ctx, unsigned char *key,\r
f0e3cd19
QL		 730 return ret;\r
731 *keylen = ret;\r
732 return 1;\r
733- } else if (dctx->kdf_type == EVP_PKEY_DH_KDF_X9_42) {\r
734+ }\r
735+#ifndef OPENSSL_NO_CMS\r
736+ else if (dctx->kdf_type == EVP_PKEY_DH_KDF_X9_42) {\r
f93f78ea
QL		 737 unsigned char *Z = NULL;\r
738 size_t Zlen = 0;\r
739 if (!dctx->kdf_outlen || !dctx->kdf_oid)\r
8ff7187c 740@@ -479,7 +485,8 @@ static int pkey_dh_derive(EVP_PKEY_CTX *ctx, unsigned char *key,\r
f93f78ea
QL		 741 }\r
742 return ret;\r
f93f78ea 743 }\r
f0e3cd19
QL		 744- return 1;\r
745+#endif\r
746+ return 0;\r
f93f78ea 747 }\r
f0e3cd19
QL		 748 \r
749 const EVP_PKEY_METHOD dh_pkey_meth = {\r
750diff --git a/crypto/ec/ec_ameth.c b/crypto/ec/ec_ameth.c\r
751index 83e208c..4869098 100644\r
752--- a/crypto/ec/ec_ameth.c\r
753+++ b/crypto/ec/ec_ameth.c\r
754@@ -67,8 +67,10 @@\r
755 #include <openssl/asn1t.h>\r
756 #include "asn1_locl.h"\r
757 \r
758+#ifndef OPENSSL_NO_CMS\r
759 static int ecdh_cms_decrypt(CMS_RecipientInfo *ri);\r
760 static int ecdh_cms_encrypt(CMS_RecipientInfo *ri);\r
761+#endif\r
762 \r
763 static int eckey_param2type(int *pptype, void **ppval, EC_KEY *ec_key)\r
764 {\r
e578aa19
QL		 765diff --git a/crypto/engine/eng_int.h b/crypto/engine/eng_int.h\r
766index 46f163b..b4a72a0 100644\r
767--- a/crypto/engine/eng_int.h\r
768+++ b/crypto/engine/eng_int.h\r
769@@ -88,7 +88,7 @@ extern "C" {\r
770 (unsigned int)(e), (isfunct ? "funct" : "struct"), \\r
771 ((isfunct) ? ((e)->funct_ref - (diff)) : ((e)->struct_ref - (diff))), \\r
772 ((isfunct) ? (e)->funct_ref : (e)->struct_ref), \\r
773- (__FILE__), (__LINE__));\r
774+ (OPENSSL_FILE), (OPENSSL_LINE));\r
775 \r
776 # else\r
777 \r
778@@ -136,7 +136,7 @@ ENGINE *engine_table_select(ENGINE_TABLE **table, int nid);\r
779 # else\r
780 ENGINE *engine_table_select_tmp(ENGINE_TABLE **table, int nid, const char *f,\r
781 int l);\r
782-# define engine_table_select(t,n) engine_table_select_tmp(t,n,__FILE__,__LINE__)\r
783+# define engine_table_select(t,n) engine_table_select_tmp(t,n,OPENSSL_FILE,OPENSSL_LINE)\r
784 # endif\r
785 typedef void (engine_table_doall_cb) (int nid, STACK_OF(ENGINE) *sk,\r
786 ENGINE *def, void *arg);\r
ca6fa1fe
QL		 787diff --git a/crypto/engine/eng_openssl.c b/crypto/engine/eng_openssl.c\r
788index 34b0029..cf622bb 100644\r
789--- a/crypto/engine/eng_openssl.c\r
790+++ b/crypto/engine/eng_openssl.c\r
791@@ -86,7 +86,9 @@\r
792 * this is no longer automatic in ENGINE_load_builtin_engines().\r
793 */\r
794 #define TEST_ENG_OPENSSL_RC4\r
795+#ifndef OPENSSL_NO_FP_API\r
796 #define TEST_ENG_OPENSSL_PKEY\r
797+#endif\r
798 /* #define TEST_ENG_OPENSSL_RC4_OTHERS */\r
799 #define TEST_ENG_OPENSSL_RC4_P_INIT\r
800 /* #define TEST_ENG_OPENSSL_RC4_P_CIPHER */\r
e578aa19
QL		 801diff --git a/crypto/err/err.h b/crypto/err/err.h\r
802index 585aa8b..04c6cfc 100644\r
803--- a/crypto/err/err.h\r
804+++ b/crypto/err/err.h\r
805@@ -200,39 +200,39 @@ typedef struct err_state_st {\r
806 \r
807 # define ERR_LIB_USER 128\r
808 \r
809-# define SYSerr(f,r) ERR_PUT_error(ERR_LIB_SYS,(f),(r),__FILE__,__LINE__)\r
810-# define BNerr(f,r) ERR_PUT_error(ERR_LIB_BN,(f),(r),__FILE__,__LINE__)\r
811-# define RSAerr(f,r) ERR_PUT_error(ERR_LIB_RSA,(f),(r),__FILE__,__LINE__)\r
812-# define DHerr(f,r) ERR_PUT_error(ERR_LIB_DH,(f),(r),__FILE__,__LINE__)\r
813-# define EVPerr(f,r) ERR_PUT_error(ERR_LIB_EVP,(f),(r),__FILE__,__LINE__)\r
814-# define BUFerr(f,r) ERR_PUT_error(ERR_LIB_BUF,(f),(r),__FILE__,__LINE__)\r
815-# define OBJerr(f,r) ERR_PUT_error(ERR_LIB_OBJ,(f),(r),__FILE__,__LINE__)\r
816-# define PEMerr(f,r) ERR_PUT_error(ERR_LIB_PEM,(f),(r),__FILE__,__LINE__)\r
817-# define DSAerr(f,r) ERR_PUT_error(ERR_LIB_DSA,(f),(r),__FILE__,__LINE__)\r
818-# define X509err(f,r) ERR_PUT_error(ERR_LIB_X509,(f),(r),__FILE__,__LINE__)\r
819-# define ASN1err(f,r) ERR_PUT_error(ERR_LIB_ASN1,(f),(r),__FILE__,__LINE__)\r
820-# define CONFerr(f,r) ERR_PUT_error(ERR_LIB_CONF,(f),(r),__FILE__,__LINE__)\r
821-# define CRYPTOerr(f,r) ERR_PUT_error(ERR_LIB_CRYPTO,(f),(r),__FILE__,__LINE__)\r
822-# define ECerr(f,r) ERR_PUT_error(ERR_LIB_EC,(f),(r),__FILE__,__LINE__)\r
823-# define SSLerr(f,r) ERR_PUT_error(ERR_LIB_SSL,(f),(r),__FILE__,__LINE__)\r
824-# define BIOerr(f,r) ERR_PUT_error(ERR_LIB_BIO,(f),(r),__FILE__,__LINE__)\r
825-# define PKCS7err(f,r) ERR_PUT_error(ERR_LIB_PKCS7,(f),(r),__FILE__,__LINE__)\r
826-# define X509V3err(f,r) ERR_PUT_error(ERR_LIB_X509V3,(f),(r),__FILE__,__LINE__)\r
827-# define PKCS12err(f,r) ERR_PUT_error(ERR_LIB_PKCS12,(f),(r),__FILE__,__LINE__)\r
828-# define RANDerr(f,r) ERR_PUT_error(ERR_LIB_RAND,(f),(r),__FILE__,__LINE__)\r
829-# define DSOerr(f,r) ERR_PUT_error(ERR_LIB_DSO,(f),(r),__FILE__,__LINE__)\r
830-# define ENGINEerr(f,r) ERR_PUT_error(ERR_LIB_ENGINE,(f),(r),__FILE__,__LINE__)\r
831-# define OCSPerr(f,r) ERR_PUT_error(ERR_LIB_OCSP,(f),(r),__FILE__,__LINE__)\r
832-# define UIerr(f,r) ERR_PUT_error(ERR_LIB_UI,(f),(r),__FILE__,__LINE__)\r
833-# define COMPerr(f,r) ERR_PUT_error(ERR_LIB_COMP,(f),(r),__FILE__,__LINE__)\r
834-# define ECDSAerr(f,r) ERR_PUT_error(ERR_LIB_ECDSA,(f),(r),__FILE__,__LINE__)\r
835-# define ECDHerr(f,r) ERR_PUT_error(ERR_LIB_ECDH,(f),(r),__FILE__,__LINE__)\r
836-# define STOREerr(f,r) ERR_PUT_error(ERR_LIB_STORE,(f),(r),__FILE__,__LINE__)\r
837-# define FIPSerr(f,r) ERR_PUT_error(ERR_LIB_FIPS,(f),(r),__FILE__,__LINE__)\r
838-# define CMSerr(f,r) ERR_PUT_error(ERR_LIB_CMS,(f),(r),__FILE__,__LINE__)\r
839-# define TSerr(f,r) ERR_PUT_error(ERR_LIB_TS,(f),(r),__FILE__,__LINE__)\r
840-# define HMACerr(f,r) ERR_PUT_error(ERR_LIB_HMAC,(f),(r),__FILE__,__LINE__)\r
841-# define JPAKEerr(f,r) ERR_PUT_error(ERR_LIB_JPAKE,(f),(r),__FILE__,__LINE__)\r
842+# define SYSerr(f,r) ERR_PUT_error(ERR_LIB_SYS,(f),(r),OPENSSL_FILE,OPENSSL_LINE)\r
843+# define BNerr(f,r) ERR_PUT_error(ERR_LIB_BN,(f),(r),OPENSSL_FILE,OPENSSL_LINE)\r
844+# define RSAerr(f,r) ERR_PUT_error(ERR_LIB_RSA,(f),(r),OPENSSL_FILE,OPENSSL_LINE)\r
845+# define DHerr(f,r) ERR_PUT_error(ERR_LIB_DH,(f),(r),OPENSSL_FILE,OPENSSL_LINE)\r
846+# define EVPerr(f,r) ERR_PUT_error(ERR_LIB_EVP,(f),(r),OPENSSL_FILE,OPENSSL_LINE)\r
847+# define BUFerr(f,r) ERR_PUT_error(ERR_LIB_BUF,(f),(r),OPENSSL_FILE,OPENSSL_LINE)\r
848+# define OBJerr(f,r) ERR_PUT_error(ERR_LIB_OBJ,(f),(r),OPENSSL_FILE,OPENSSL_LINE)\r
849+# define PEMerr(f,r) ERR_PUT_error(ERR_LIB_PEM,(f),(r),OPENSSL_FILE,OPENSSL_LINE)\r
850+# define DSAerr(f,r) ERR_PUT_error(ERR_LIB_DSA,(f),(r),OPENSSL_FILE,OPENSSL_LINE)\r
851+# define X509err(f,r) ERR_PUT_error(ERR_LIB_X509,(f),(r),OPENSSL_FILE,OPENSSL_LINE)\r
852+# define ASN1err(f,r) ERR_PUT_error(ERR_LIB_ASN1,(f),(r),OPENSSL_FILE,OPENSSL_LINE)\r
853+# define CONFerr(f,r) ERR_PUT_error(ERR_LIB_CONF,(f),(r),OPENSSL_FILE,OPENSSL_LINE)\r
854+# define CRYPTOerr(f,r) ERR_PUT_error(ERR_LIB_CRYPTO,(f),(r),OPENSSL_FILE,OPENSSL_LINE)\r
855+# define ECerr(f,r) ERR_PUT_error(ERR_LIB_EC,(f),(r),OPENSSL_FILE,OPENSSL_LINE)\r
856+# define SSLerr(f,r) ERR_PUT_error(ERR_LIB_SSL,(f),(r),OPENSSL_FILE,OPENSSL_LINE)\r
857+# define BIOerr(f,r) ERR_PUT_error(ERR_LIB_BIO,(f),(r),OPENSSL_FILE,OPENSSL_LINE)\r
858+# define PKCS7err(f,r) ERR_PUT_error(ERR_LIB_PKCS7,(f),(r),OPENSSL_FILE,OPENSSL_LINE)\r
859+# define X509V3err(f,r) ERR_PUT_error(ERR_LIB_X509V3,(f),(r),OPENSSL_FILE,OPENSSL_LINE)\r
860+# define PKCS12err(f,r) ERR_PUT_error(ERR_LIB_PKCS12,(f),(r),OPENSSL_FILE,OPENSSL_LINE)\r
861+# define RANDerr(f,r) ERR_PUT_error(ERR_LIB_RAND,(f),(r),OPENSSL_FILE,OPENSSL_LINE)\r
862+# define DSOerr(f,r) ERR_PUT_error(ERR_LIB_DSO,(f),(r),OPENSSL_FILE,OPENSSL_LINE)\r
863+# define ENGINEerr(f,r) ERR_PUT_error(ERR_LIB_ENGINE,(f),(r),OPENSSL_FILE,OPENSSL_LINE)\r
864+# define OCSPerr(f,r) ERR_PUT_error(ERR_LIB_OCSP,(f),(r),OPENSSL_FILE,OPENSSL_LINE)\r
865+# define UIerr(f,r) ERR_PUT_error(ERR_LIB_UI,(f),(r),OPENSSL_FILE,OPENSSL_LINE)\r
866+# define COMPerr(f,r) ERR_PUT_error(ERR_LIB_COMP,(f),(r),OPENSSL_FILE,OPENSSL_LINE)\r
867+# define ECDSAerr(f,r) ERR_PUT_error(ERR_LIB_ECDSA,(f),(r),OPENSSL_FILE,OPENSSL_LINE)\r
868+# define ECDHerr(f,r) ERR_PUT_error(ERR_LIB_ECDH,(f),(r),OPENSSL_FILE,OPENSSL_LINE)\r
869+# define STOREerr(f,r) ERR_PUT_error(ERR_LIB_STORE,(f),(r),OPENSSL_FILE,OPENSSL_LINE)\r
870+# define FIPSerr(f,r) ERR_PUT_error(ERR_LIB_FIPS,(f),(r),OPENSSL_FILE,OPENSSL_LINE)\r
871+# define CMSerr(f,r) ERR_PUT_error(ERR_LIB_CMS,(f),(r),OPENSSL_FILE,OPENSSL_LINE)\r
872+# define TSerr(f,r) ERR_PUT_error(ERR_LIB_TS,(f),(r),OPENSSL_FILE,OPENSSL_LINE)\r
873+# define HMACerr(f,r) ERR_PUT_error(ERR_LIB_HMAC,(f),(r),OPENSSL_FILE,OPENSSL_LINE)\r
874+# define JPAKEerr(f,r) ERR_PUT_error(ERR_LIB_JPAKE,(f),(r),OPENSSL_FILE,OPENSSL_LINE)\r
875 \r
876 /*\r
877 * Borland C seems too stupid to be able to shift and do longs in the\r
42d68342
QL		 878diff --git a/crypto/evp/evp.h b/crypto/evp/evp.h\r
879index 39ab793..ad1e350 100644\r
880--- a/crypto/evp/evp.h\r
881+++ b/crypto/evp/evp.h\r
882@@ -602,11 +602,13 @@ int EVP_MD_CTX_copy(EVP_MD_CTX *out, const EVP_MD_CTX *in);\r
883 int EVP_DigestInit(EVP_MD_CTX *ctx, const EVP_MD *type);\r
884 int EVP_DigestFinal(EVP_MD_CTX *ctx, unsigned char *md, unsigned int *s);\r
885 \r
886+#ifndef OPENSSL_NO_UI\r
887 int EVP_read_pw_string(char *buf, int length, const char *prompt, int verify);\r
888 int EVP_read_pw_string_min(char *buf, int minlen, int maxlen,\r
889 const char *prompt, int verify);\r
890 void EVP_set_pw_prompt(const char *prompt);\r
891 char *EVP_get_pw_prompt(void);\r
892+#endif\r
893 \r
894 int EVP_BytesToKey(const EVP_CIPHER *type, const EVP_MD *md,\r
895 const unsigned char *salt, const unsigned char *data,\r
896diff --git a/crypto/evp/evp_key.c b/crypto/evp/evp_key.c\r
897index 5be9e33..63c8866 100644\r
898--- a/crypto/evp/evp_key.c\r
899+++ b/crypto/evp/evp_key.c\r
900@@ -63,6 +63,7 @@\r
901 #include <openssl/evp.h>\r
902 #include <openssl/ui.h>\r
903 \r
904+#ifndef OPENSSL_NO_UI\r
905 /* should be init to zeros. */\r
906 static char prompt_string[80];\r
907 \r
908@@ -117,6 +118,7 @@ int EVP_read_pw_string_min(char *buf, int min, int len, const char *prompt,\r
909 OPENSSL_cleanse(buff, BUFSIZ);\r
910 return ret;\r
911 }\r
912+#endif /* OPENSSL_NO_UI */\r
913 \r
914 int EVP_BytesToKey(const EVP_CIPHER *type, const EVP_MD *md,\r
915 const unsigned char *salt, const unsigned char *data,\r
e578aa19 916diff --git a/crypto/opensslconf.h.in b/crypto/opensslconf.h.in\r
65213f29 917index 7a1c85d..7162c0f 100644\r
e578aa19
QL		 918--- a/crypto/opensslconf.h.in\r
919+++ b/crypto/opensslconf.h.in\r
920@@ -1,5 +1,15 @@\r
921 /* crypto/opensslconf.h.in */\r
922 \r
923+#ifndef OPENSSL_FILE\r
924+#ifdef OPENSSL_NO_FILENAMES\r
925+#define OPENSSL_FILE ""\r
926+#define OPENSSL_LINE 0\r
927+#else\r
928+#define OPENSSL_FILE __FILE__\r
929+#define OPENSSL_LINE __LINE__\r
930+#endif\r
931+#endif\r
932+\r
933 /* Generate 80386 code? */\r
934 #undef I386_ONLY\r
935 \r
65213f29
QL		 936@@ -56,7 +66,7 @@\r
937 #endif\r
938 #endif\r
939 \r
940-#if defined(HEADER_BN_H) && !defined(CONFIG_HEADER_BN_H)\r
941+#if defined(HEADER_BN_H) && !defined(CONFIG_HEADER_BN_H) && !defined(OPENSSL_SYSNAME_UEFI)\r
942 #define CONFIG_HEADER_BN_H\r
943 #undef BN_LLONG\r
944 \r
3f73ccb3 945diff --git a/crypto/pem/pem.h b/crypto/pem/pem.h\r
8ff7187c 946index d3b23fc..5df6ffd 100644\r
3f73ccb3
QL		 947--- a/crypto/pem/pem.h\r
948+++ b/crypto/pem/pem.h\r
949@@ -324,6 +324,7 @@ int PEM_write_bio_##name(BIO *bp, type *x, const EVP_CIPHER *enc, \\r
f93f78ea
QL		 950 \r
951 # define DECLARE_PEM_read_fp(name, type) /**/\r
952 # define DECLARE_PEM_write_fp(name, type) /**/\r
953+# define DECLARE_PEM_write_fp_const(name, type) /**/\r
954 # define DECLARE_PEM_write_cb_fp(name, type) /**/\r
955 # else\r
956 \r
ca6fa1fe
QL		 957@@ -417,6 +418,7 @@ int PEM_X509_INFO_write_bio(BIO *bp, X509_INFO *xi, EVP_CIPHER *enc,\r
958 pem_password_cb *cd, void *u);\r
959 # endif\r
960 \r
961+#ifndef OPENSSL_NO_FP_API\r
962 int PEM_read(FILE *fp, char **name, char **header,\r
963 unsigned char **data, long *len);\r
964 int PEM_write(FILE *fp, const char *name, const char *hdr,\r
965@@ -428,6 +430,7 @@ int PEM_ASN1_write(i2d_of_void *i2d, const char *name, FILE *fp,\r
966 int klen, pem_password_cb *callback, void *u);\r
967 STACK_OF(X509_INFO) *PEM_X509_INFO_read(FILE *fp, STACK_OF(X509_INFO) *sk,\r
968 pem_password_cb *cb, void *u);\r
969+#endif\r
970 \r
971 int PEM_SealInit(PEM_ENCODE_SEAL_CTX *ctx, EVP_CIPHER *type,\r
972 EVP_MD *md_type, unsigned char **ek, int *ekl,\r
973@@ -494,6 +497,7 @@ int i2d_PKCS8PrivateKey_nid_bio(BIO *bp, EVP_PKEY *x, int nid,\r
974 EVP_PKEY *d2i_PKCS8PrivateKey_bio(BIO *bp, EVP_PKEY **x, pem_password_cb *cb,\r
975 void *u);\r
976 \r
977+#ifndef OPENSSL_NO_FP_API\r
978 int i2d_PKCS8PrivateKey_fp(FILE *fp, EVP_PKEY *x, const EVP_CIPHER *enc,\r
979 char *kstr, int klen,\r
980 pem_password_cb *cb, void *u);\r
8ff7187c 981@@ -510,6 +514,7 @@ EVP_PKEY *d2i_PKCS8PrivateKey_fp(FILE *fp, EVP_PKEY **x, pem_password_cb *cb,\r
ca6fa1fe
QL		 982 int PEM_write_PKCS8PrivateKey(FILE *fp, EVP_PKEY *x, const EVP_CIPHER *enc,\r
983 char *kstr, int klen, pem_password_cb *cd,\r
984 void *u);\r
ca6fa1fe 985+#endif\r
8ff7187c 986 \r
ca6fa1fe
QL		 987 EVP_PKEY *PEM_read_bio_Parameters(BIO *bp, EVP_PKEY **x);\r
988 int PEM_write_bio_Parameters(BIO *bp, EVP_PKEY *x);\r
42d68342 989diff --git a/crypto/pem/pem_lib.c b/crypto/pem/pem_lib.c\r
8ff7187c 990index fe881d6..e25cc68 100644\r
42d68342
QL		 991--- a/crypto/pem/pem_lib.c\r
992+++ b/crypto/pem/pem_lib.c\r
993@@ -84,7 +84,7 @@ int pem_check_suffix(const char *pem_str, const char *suffix);\r
994 \r
995 int PEM_def_callback(char *buf, int num, int w, void *key)\r
996 {\r
997-#ifdef OPENSSL_NO_FP_API\r
998+#if defined(OPENSSL_NO_FP_API) || defined(OPENSSL_NO_UI)\r
999 /*\r
1000 * We should not ever call the default callback routine from windows.\r
1001 */\r
ca6fa1fe 1002diff --git a/crypto/pem/pem_pk8.c b/crypto/pem/pem_pk8.c\r
8ff7187c 1003index 5747c73..9edca4d 100644\r
ca6fa1fe
QL		 1004--- a/crypto/pem/pem_pk8.c\r
1005+++ b/crypto/pem/pem_pk8.c\r
8ff7187c 1006@@ -69,9 +69,11 @@\r
ca6fa1fe
QL		 1007 static int do_pk8pkey(BIO *bp, EVP_PKEY *x, int isder,\r
1008 int nid, const EVP_CIPHER *enc,\r
1009 char *kstr, int klen, pem_password_cb *cb, void *u);\r
ca6fa1fe
QL		 1010+#ifndef OPENSSL_NO_FP_API\r
1011 static int do_pk8pkey_fp(FILE *bp, EVP_PKEY *x, int isder,\r
1012 int nid, const EVP_CIPHER *enc,\r
1013 char *kstr, int klen, pem_password_cb *cb, void *u);\r
ca6fa1fe 1014+#endif\r
8ff7187c 1015 \r
ca6fa1fe
QL		 1016 /*\r
1017 * These functions write a private key in PKCS#8 format: it is a "drop in"\r
3f73ccb3 1018diff --git a/crypto/pkcs7/pk7_smime.c b/crypto/pkcs7/pk7_smime.c\r
8ff7187c 1019index dc9b484..e75c4b2 100644\r
3f73ccb3
QL		 1020--- a/crypto/pkcs7/pk7_smime.c\r
1021+++ b/crypto/pkcs7/pk7_smime.c\r
8ff7187c 1022@@ -64,6 +64,8 @@\r
b9dbddd8
QL		 1023 #include <openssl/x509.h>\r
1024 #include <openssl/x509v3.h>\r
1025 \r
b9dbddd8
QL		 1026+#define BUFFERSIZE 4096\r
1027+\r
1028 static int pkcs7_copy_existing_digest(PKCS7 *p7, PKCS7_SIGNER_INFO *si);\r
1029 \r
1030 PKCS7 *PKCS7_sign(X509 *signcert, EVP_PKEY *pkey, STACK_OF(X509) *certs,\r
8ff7187c 1031@@ -254,7 +256,7 @@ int PKCS7_verify(PKCS7 *p7, STACK_OF(X509) *certs, X509_STORE *store,\r
f93f78ea
QL		 1032 STACK_OF(PKCS7_SIGNER_INFO) *sinfos;\r
1033 PKCS7_SIGNER_INFO *si;\r
1034 X509_STORE_CTX cert_ctx;\r
1035- char buf[4096];\r
1036+ char *buf = NULL;\r
f93f78ea 1037 int i, j = 0, k, ret = 0;\r
65202874
QL		 1038 BIO *p7bio = NULL;\r
1039 BIO *tmpin = NULL, *tmpout = NULL;\r
8ff7187c 1040@@ -373,8 +375,12 @@ int PKCS7_verify(PKCS7 *p7, STACK_OF(X509) *certs, X509_STORE *store,\r
f93f78ea
QL		 1041 tmpout = out;\r
1042 \r
b9dbddd8
QL		 1043 /* We now have to 'read' from p7bio to calculate digests etc. */\r
1044+ if ((buf = OPENSSL_malloc(BUFFERSIZE)) == NULL) {\r
1045+ PKCS7err(PKCS7_F_PKCS7_VERIFY, ERR_R_MALLOC_FAILURE);\r
f93f78ea
QL		 1046+ goto err;\r
1047+ }\r
f93f78ea
QL		 1048 for (;;) {\r
1049- i = BIO_read(p7bio, buf, sizeof(buf));\r
b9dbddd8 1050+ i = BIO_read(p7bio, buf, BUFFERSIZE);\r
f93f78ea
QL		 1051 if (i <= 0)\r
1052 break;\r
1053 if (tmpout)\r
8ff7187c 1054@@ -405,6 +411,7 @@ int PKCS7_verify(PKCS7 *p7, STACK_OF(X509) *certs, X509_STORE *store,\r
b9dbddd8
QL		 1055 ret = 1;\r
1056 \r
1057 err:\r
1058+ OPENSSL_free(buf);\r
1059 if (tmpin == indata) {\r
1060 if (indata)\r
1061 BIO_pop(p7bio);\r
8ff7187c 1062@@ -523,7 +530,7 @@ int PKCS7_decrypt(PKCS7 *p7, EVP_PKEY *pkey, X509 *cert, BIO *data, int flags)\r
b9dbddd8
QL		 1063 {\r
1064 BIO *tmpmem;\r
1065 int ret, i;\r
1066- char buf[4096];\r
1067+ char *buf = NULL;\r
1068 \r
1069 if (!p7) {\r
1070 PKCS7err(PKCS7_F_PKCS7_DECRYPT, PKCS7_R_INVALID_NULL_POINTER);\r
8ff7187c 1071@@ -567,24 +574,30 @@ int PKCS7_decrypt(PKCS7 *p7, EVP_PKEY *pkey, X509 *cert, BIO *data, int flags)\r
b9dbddd8
QL		 1072 }\r
1073 BIO_free_all(bread);\r
1074 return ret;\r
1075- } else {\r
1076- for (;;) {\r
1077- i = BIO_read(tmpmem, buf, sizeof(buf));\r
1078- if (i <= 0) {\r
1079- ret = 1;\r
1080- if (BIO_method_type(tmpmem) == BIO_TYPE_CIPHER) {\r
1081- if (!BIO_get_cipher_status(tmpmem))\r
1082- ret = 0;\r
1083- }\r
1084-\r
1085- break;\r
1086- }\r
1087- if (BIO_write(data, buf, i) != i) {\r
1088- ret = 0;\r
1089- break;\r
f93f78ea 1090+ }\r
b9dbddd8
QL		 1091+ if ((buf = OPENSSL_malloc(BUFFERSIZE)) == NULL) {\r
1092+ PKCS7err(PKCS7_F_PKCS7_DECRYPT, ERR_R_MALLOC_FAILURE);\r
1093+ goto err;\r
1094+ }\r
1095+ for (;;) {\r
1096+ i = BIO_read(tmpmem, buf, BUFFERSIZE);\r
1097+ if (i <= 0) {\r
1098+ ret = 1;\r
1099+ if (BIO_method_type(tmpmem) == BIO_TYPE_CIPHER) {\r
1100+ if (!BIO_get_cipher_status(tmpmem))\r
1101+ ret = 0;\r
1102 }\r
1103+\r
1104+ break;\r
1105+ }\r
1106+ if (BIO_write(data, buf, i) != i) {\r
1107+ ret = 0;\r
1108+ break;\r
1109 }\r
1110- BIO_free_all(tmpmem);\r
1111- return ret;\r
1112 }\r
8ff7187c 1113+\r
b9dbddd8
QL		 1114+err:\r
1115+ OPENSSL_free(buf);\r
1116+ BIO_free_all(tmpmem);\r
1117+ return ret;\r
f93f78ea 1118 }\r
65213f29
QL		 1119diff --git a/crypto/rand/rand_egd.c b/crypto/rand/rand_egd.c\r
1120index 737aebf..f23f348 100644\r
1121--- a/crypto/rand/rand_egd.c\r
1122+++ b/crypto/rand/rand_egd.c\r
1123@@ -95,7 +95,7 @@\r
1124 * RAND_egd() is a wrapper for RAND_egd_bytes() with numbytes=255.\r
1125 */\r
1126 \r
1127-#if defined(OPENSSL_SYS_WIN32) || defined(OPENSSL_SYS_VMS) || defined(OPENSSL_SYS_MSDOS) || defined(OPENSSL_SYS_VXWORKS) || defined(OPENSSL_SYS_NETWARE) || defined(OPENSSL_SYS_VOS) || defined(OPENSSL_SYS_BEOS)\r
1128+#if defined(OPENSSL_SYS_WIN32) || defined(OPENSSL_SYS_VMS) || defined(OPENSSL_SYS_MSDOS) || defined(OPENSSL_SYS_VXWORKS) || defined(OPENSSL_SYS_NETWARE) || defined(OPENSSL_SYS_VOS) || defined(OPENSSL_SYS_BEOS) || defined(OPENSSL_SYS_UEFI)\r
1129 int RAND_query_egd_bytes(const char *path, unsigned char *buf, int bytes)\r
1130 {\r
1131 return (-1);\r
3f73ccb3
QL		 1132diff --git a/crypto/rand/rand_unix.c b/crypto/rand/rand_unix.c\r
1133index 266111e..f60fac6 100644\r
1134--- a/crypto/rand/rand_unix.c\r
1135+++ b/crypto/rand/rand_unix.c\r
f93f78ea
QL		 1136@@ -116,7 +116,7 @@\r
1137 #include <openssl/rand.h>\r
1138 #include "rand_lcl.h"\r
1139 \r
1140-#if !(defined(OPENSSL_SYS_WINDOWS) || defined(OPENSSL_SYS_WIN32) || defined(OPENSSL_SYS_VMS) || defined(OPENSSL_SYS_OS2) || defined(OPENSSL_SYS_VXWORKS) || defined(OPENSSL_SYS_NETWARE))\r
1141+#if !(defined(OPENSSL_SYS_WINDOWS) || defined(OPENSSL_SYS_WIN32) || defined(OPENSSL_SYS_VMS) || defined(OPENSSL_SYS_OS2) || defined(OPENSSL_SYS_VXWORKS) || defined(OPENSSL_SYS_NETWARE) || defined(OPENSSL_SYS_UEFI))\r
1142 \r
1143 # include <sys/types.h>\r
1144 # include <sys/time.h>\r
3f73ccb3 1145@@ -439,7 +439,7 @@ int RAND_poll(void)\r
f93f78ea
QL		 1146 * defined(OPENSSL_SYS_VXWORKS) ||\r
1147 * defined(OPENSSL_SYS_NETWARE)) */\r
1148 \r
1149-#if defined(OPENSSL_SYS_VXWORKS)\r
1150+#if defined(OPENSSL_SYS_VXWORKS) || defined(OPENSSL_SYS_UEFI)\r
1151 int RAND_poll(void)\r
1152 {\r
1153 return 0;\r
3f73ccb3 1154diff --git a/crypto/rsa/rsa_ameth.c b/crypto/rsa/rsa_ameth.c\r
f0e3cd19 1155index 4e06218..ddead3d 100644\r
3f73ccb3
QL		 1156--- a/crypto/rsa/rsa_ameth.c\r
1157+++ b/crypto/rsa/rsa_ameth.c\r
f93f78ea
QL		 1158@@ -68,10 +68,12 @@\r
1159 #endif\r
1160 #include "asn1_locl.h"\r
1161 \r
1162+#ifndef OPENSSL_NO_CMS\r
1163 static int rsa_cms_sign(CMS_SignerInfo *si);\r
1164 static int rsa_cms_verify(CMS_SignerInfo *si);\r
1165 static int rsa_cms_decrypt(CMS_RecipientInfo *ri);\r
1166 static int rsa_cms_encrypt(CMS_RecipientInfo *ri);\r
1167+#endif\r
1168 \r
1169 static int rsa_pub_encode(X509_PUBKEY *pk, const EVP_PKEY *pkey)\r
1170 {\r
3f73ccb3 1171@@ -665,6 +667,7 @@ static int rsa_pss_to_ctx(EVP_MD_CTX *ctx, EVP_PKEY_CTX *pkctx,\r
f93f78ea
QL		 1172 return rv;\r
1173 }\r
1174 \r
1175+#ifndef OPENSSL_NO_CMS\r
1176 static int rsa_cms_verify(CMS_SignerInfo *si)\r
1177 {\r
1178 int nid, nid2;\r
3f73ccb3 1179@@ -683,6 +686,7 @@ static int rsa_cms_verify(CMS_SignerInfo *si)\r
f93f78ea
QL		 1180 }\r
1181 return 0;\r
1182 }\r
1183+#endif\r
1184 \r
1185 /*\r
1186 * Customised RSA item verification routine. This is called when a signature\r
3f73ccb3 1187@@ -705,6 +709,7 @@ static int rsa_item_verify(EVP_MD_CTX *ctx, const ASN1_ITEM *it, void *asn,\r
f93f78ea
QL		 1188 return -1;\r
1189 }\r
1190 \r
1191+#ifndef OPENSSL_NO_CMS\r
1192 static int rsa_cms_sign(CMS_SignerInfo *si)\r
1193 {\r
1194 int pad_mode = RSA_PKCS1_PADDING;\r
3f73ccb3 1195@@ -729,6 +734,7 @@ static int rsa_cms_sign(CMS_SignerInfo *si)\r
f93f78ea
QL		 1196 X509_ALGOR_set0(alg, OBJ_nid2obj(NID_rsassaPss), V_ASN1_SEQUENCE, os);\r
1197 return 1;\r
1198 }\r
1199+#endif\r
1200 \r
1201 static int rsa_item_sign(EVP_MD_CTX *ctx, const ASN1_ITEM *it, void *asn,\r
1202 X509_ALGOR *alg1, X509_ALGOR *alg2,\r
f0e3cd19
QL		 1203@@ -762,6 +768,7 @@ static int rsa_item_sign(EVP_MD_CTX *ctx, const ASN1_ITEM *it, void *asn,\r
1204 return 2;\r
f93f78ea
QL		 1205 }\r
1206 \r
1207+#ifndef OPENSSL_NO_CMS\r
f0e3cd19
QL		 1208 static RSA_OAEP_PARAMS *rsa_oaep_decode(const X509_ALGOR *alg,\r
1209 X509_ALGOR **pmaskHash)\r
f93f78ea 1210 {\r
f0e3cd19 1211@@ -920,6 +927,7 @@ static int rsa_cms_encrypt(CMS_RecipientInfo *ri)\r
f93f78ea
QL		 1212 ASN1_STRING_free(os);\r
1213 return rv;\r
1214 }\r
1215+#endif\r
1216 \r
1217 const EVP_PKEY_ASN1_METHOD rsa_asn1_meths[] = {\r
1218 {\r
ca6fa1fe 1219diff --git a/crypto/srp/srp.h b/crypto/srp/srp.h\r
8ff7187c 1220index 028892a..4ed4bfe 100644\r
ca6fa1fe
QL		 1221--- a/crypto/srp/srp.h\r
1222+++ b/crypto/srp/srp.h\r
8ff7187c 1223@@ -119,7 +119,9 @@ DECLARE_STACK_OF(SRP_gN)\r
ca6fa1fe
QL		 1224 \r
1225 SRP_VBASE *SRP_VBASE_new(char *seed_key);\r
1226 int SRP_VBASE_free(SRP_VBASE *vb);\r
1227+#ifndef OPENSSL_NO_STDIO\r
1228 int SRP_VBASE_init(SRP_VBASE *vb, char *verifier_file);\r
1229+#endif\r
8ff7187c 1230 \r
ec3a1a11 1231 /* This method ignores the configured seed and fails for an unknown user. */\r
ca6fa1fe 1232 SRP_user_pwd *SRP_VBASE_get_by_user(SRP_VBASE *vb, char *username);\r
ca6fa1fe 1233diff --git a/crypto/srp/srp_vfy.c b/crypto/srp/srp_vfy.c\r
ec3a1a11 1234index 26ad3e0..6be4cf2 100644\r
ca6fa1fe
QL		 1235--- a/crypto/srp/srp_vfy.c\r
1236+++ b/crypto/srp/srp_vfy.c\r
1237@@ -225,6 +225,7 @@ static int SRP_user_pwd_set_ids(SRP_user_pwd *vinfo, const char *id,\r
1238 return (info == NULL || NULL != (vinfo->info = BUF_strdup(info)));\r
1239 }\r
1240 \r
1241+#ifndef OPENSSL_NO_STDIO\r
1242 static int SRP_user_pwd_set_sv(SRP_user_pwd *vinfo, const char *s,\r
1243 const char *v)\r
1244 {\r
1245@@ -239,6 +240,7 @@ static int SRP_user_pwd_set_sv(SRP_user_pwd *vinfo, const char *s,\r
1246 len = t_fromb64(tmp, s);\r
1247 return ((vinfo->s = BN_bin2bn(tmp, len, NULL)) != NULL);\r
1248 }\r
1249+#endif\r
1250 \r
1251 static int SRP_user_pwd_set_sv_BN(SRP_user_pwd *vinfo, BIGNUM *s, BIGNUM *v)\r
1252 {\r
ec3a1a11 1253@@ -297,6 +299,7 @@ int SRP_VBASE_free(SRP_VBASE *vb)\r
ca6fa1fe
QL		 1254 return 0;\r
1255 }\r
1256 \r
1257+#ifndef OPENSSL_NO_STDIO\r
1258 static SRP_gN_cache *SRP_gN_new_init(const char *ch)\r
1259 {\r
1260 unsigned char tmp[MAX_LEN];\r
ec3a1a11 1261@@ -328,6 +331,7 @@ static void SRP_gN_free(SRP_gN_cache *gN_cache)\r
ca6fa1fe
QL		 1262 BN_free(gN_cache->bn);\r
1263 OPENSSL_free(gN_cache);\r
1264 }\r
1265+#endif\r
1266 \r
1267 static SRP_gN *SRP_get_gN_by_id(const char *id, STACK_OF(SRP_gN) *gN_tab)\r
1268 {\r
ec3a1a11 1269@@ -344,6 +348,7 @@ static SRP_gN *SRP_get_gN_by_id(const char *id, STACK_OF(SRP_gN) *gN_tab)\r
ca6fa1fe
QL		 1270 return SRP_get_default_gN(id);\r
1271 }\r
1272 \r
1273+#ifndef OPENSSL_NO_STDIO\r
1274 static BIGNUM *SRP_gN_place_bn(STACK_OF(SRP_gN_cache) *gN_cache, char *ch)\r
1275 {\r
1276 int i;\r
ec3a1a11 1277@@ -485,6 +490,7 @@ int SRP_VBASE_init(SRP_VBASE *vb, char *verifier_file)\r
ca6fa1fe
QL		 1278 return error_code;\r
1279 \r
1280 }\r
1281+#endif\r
1282 \r
ec3a1a11 1283 static SRP_user_pwd *find_user(SRP_VBASE *vb, char *username)\r
ca6fa1fe
QL		 1284 {\r
1285diff --git a/crypto/ts/ts.h b/crypto/ts/ts.h\r
1286index 16eccbb..a9fe40e 100644\r
1287--- a/crypto/ts/ts.h\r
1288+++ b/crypto/ts/ts.h\r
1289@@ -281,8 +281,10 @@ TS_REQ *d2i_TS_REQ(TS_REQ **a, const unsigned char **pp, long length);\r
1290 \r
1291 TS_REQ *TS_REQ_dup(TS_REQ *a);\r
1292 \r
1293+#ifndef OPENSSL_NO_FP_API\r
1294 TS_REQ *d2i_TS_REQ_fp(FILE *fp, TS_REQ **a);\r
1295 int i2d_TS_REQ_fp(FILE *fp, TS_REQ *a);\r
1296+#endif\r
1297 TS_REQ *d2i_TS_REQ_bio(BIO *fp, TS_REQ **a);\r
1298 int i2d_TS_REQ_bio(BIO *fp, TS_REQ *a);\r
1299 \r
1300@@ -294,10 +296,12 @@ TS_MSG_IMPRINT *d2i_TS_MSG_IMPRINT(TS_MSG_IMPRINT **a,\r
1301 \r
1302 TS_MSG_IMPRINT *TS_MSG_IMPRINT_dup(TS_MSG_IMPRINT *a);\r
1303 \r
1304+#ifndef OPENSSL_NO_FP_API\r
1305 TS_MSG_IMPRINT *d2i_TS_MSG_IMPRINT_fp(FILE *fp, TS_MSG_IMPRINT **a);\r
1306 int i2d_TS_MSG_IMPRINT_fp(FILE *fp, TS_MSG_IMPRINT *a);\r
1307-TS_MSG_IMPRINT *d2i_TS_MSG_IMPRINT_bio(BIO *fp, TS_MSG_IMPRINT **a);\r
1308-int i2d_TS_MSG_IMPRINT_bio(BIO *fp, TS_MSG_IMPRINT *a);\r
1309+#endif\r
1310+TS_MSG_IMPRINT *d2i_TS_MSG_IMPRINT_bio(BIO *bio, TS_MSG_IMPRINT **a);\r
1311+int i2d_TS_MSG_IMPRINT_bio(BIO *bio, TS_MSG_IMPRINT *a);\r
1312 \r
1313 TS_RESP *TS_RESP_new(void);\r
1314 void TS_RESP_free(TS_RESP *a);\r
1315@@ -306,10 +310,12 @@ TS_RESP *d2i_TS_RESP(TS_RESP **a, const unsigned char **pp, long length);\r
1316 TS_TST_INFO *PKCS7_to_TS_TST_INFO(PKCS7 *token);\r
1317 TS_RESP *TS_RESP_dup(TS_RESP *a);\r
1318 \r
1319+#ifndef OPENSSL_NO_FP_API\r
1320 TS_RESP *d2i_TS_RESP_fp(FILE *fp, TS_RESP **a);\r
1321 int i2d_TS_RESP_fp(FILE *fp, TS_RESP *a);\r
1322-TS_RESP *d2i_TS_RESP_bio(BIO *fp, TS_RESP **a);\r
1323-int i2d_TS_RESP_bio(BIO *fp, TS_RESP *a);\r
1324+#endif\r
1325+TS_RESP *d2i_TS_RESP_bio(BIO *bio, TS_RESP **a);\r
1326+int i2d_TS_RESP_bio(BIO *bio, TS_RESP *a);\r
1327 \r
1328 TS_STATUS_INFO *TS_STATUS_INFO_new(void);\r
1329 void TS_STATUS_INFO_free(TS_STATUS_INFO *a);\r
1330@@ -325,10 +331,12 @@ TS_TST_INFO *d2i_TS_TST_INFO(TS_TST_INFO **a, const unsigned char **pp,\r
1331 long length);\r
1332 TS_TST_INFO *TS_TST_INFO_dup(TS_TST_INFO *a);\r
1333 \r
1334+#ifndef OPENSSL_NO_FP_API\r
1335 TS_TST_INFO *d2i_TS_TST_INFO_fp(FILE *fp, TS_TST_INFO **a);\r
1336 int i2d_TS_TST_INFO_fp(FILE *fp, TS_TST_INFO *a);\r
1337-TS_TST_INFO *d2i_TS_TST_INFO_bio(BIO *fp, TS_TST_INFO **a);\r
1338-int i2d_TS_TST_INFO_bio(BIO *fp, TS_TST_INFO *a);\r
1339+#endif\r
1340+TS_TST_INFO *d2i_TS_TST_INFO_bio(BIO *bio, TS_TST_INFO **a);\r
1341+int i2d_TS_TST_INFO_bio(BIO *bio, TS_TST_INFO *a);\r
1342 \r
1343 TS_ACCURACY *TS_ACCURACY_new(void);\r
1344 void TS_ACCURACY_free(TS_ACCURACY *a);\r
1345@@ -728,15 +736,18 @@ int TS_MSG_IMPRINT_print_bio(BIO *bio, TS_MSG_IMPRINT *msg);\r
1346 * ts/ts_conf.c\r
1347 */\r
1348 \r
1349+#ifndef OPENSSL_NO_STDIO\r
1350 X509 *TS_CONF_load_cert(const char *file);\r
1351 STACK_OF(X509) *TS_CONF_load_certs(const char *file);\r
1352 EVP_PKEY *TS_CONF_load_key(const char *file, const char *pass);\r
1353+#endif\r
1354 const char *TS_CONF_get_tsa_section(CONF *conf, const char *section);\r
1355 int TS_CONF_set_serial(CONF *conf, const char *section, TS_serial_cb cb,\r
1356 TS_RESP_CTX *ctx);\r
1357 int TS_CONF_set_crypto_device(CONF *conf, const char *section,\r
1358 const char *device);\r
1359 int TS_CONF_set_default_engine(const char *name);\r
1360+#ifndef OPENSSL_NO_STDIO\r
1361 int TS_CONF_set_signer_cert(CONF *conf, const char *section,\r
1362 const char *cert, TS_RESP_CTX *ctx);\r
1363 int TS_CONF_set_certs(CONF *conf, const char *section, const char *certs,\r
1364@@ -744,6 +755,7 @@ int TS_CONF_set_certs(CONF *conf, const char *section, const char *certs,\r
1365 int TS_CONF_set_signer_key(CONF *conf, const char *section,\r
1366 const char *key, const char *pass,\r
1367 TS_RESP_CTX *ctx);\r
1368+#endif\r
1369 int TS_CONF_set_def_policy(CONF *conf, const char *section,\r
1370 const char *policy, TS_RESP_CTX *ctx);\r
1371 int TS_CONF_set_policies(CONF *conf, const char *section, TS_RESP_CTX *ctx);\r
1372@@ -784,6 +796,11 @@ void ERR_load_TS_strings(void);\r
1373 # define TS_F_TS_CHECK_SIGNING_CERTS 103\r
1374 # define TS_F_TS_CHECK_STATUS_INFO 104\r
1375 # define TS_F_TS_COMPUTE_IMPRINT 145\r
1376+# define TS_F_TS_CONF_INVALID 151\r
1377+# define TS_F_TS_CONF_LOAD_CERT 153\r
1378+# define TS_F_TS_CONF_LOAD_CERTS 154\r
1379+# define TS_F_TS_CONF_LOAD_KEY 155\r
1380+# define TS_F_TS_CONF_LOOKUP_FAIL 152\r
1381 # define TS_F_TS_CONF_SET_DEFAULT_ENGINE 146\r
1382 # define TS_F_TS_GET_STATUS_TEXT 105\r
1383 # define TS_F_TS_MSG_IMPRINT_SET_ALGO 118\r
1384@@ -822,6 +839,8 @@ void ERR_load_TS_strings(void);\r
1385 /* Reason codes. */\r
1386 # define TS_R_BAD_PKCS7_TYPE 132\r
1387 # define TS_R_BAD_TYPE 133\r
1388+# define TS_R_CANNOT_LOAD_CERT 137\r
1389+# define TS_R_CANNOT_LOAD_KEY 138\r
1390 # define TS_R_CERTIFICATE_VERIFY_ERROR 100\r
1391 # define TS_R_COULD_NOT_SET_ENGINE 127\r
1392 # define TS_R_COULD_NOT_SET_TIME 115\r
1393@@ -854,6 +873,8 @@ void ERR_load_TS_strings(void);\r
1394 # define TS_R_UNACCEPTABLE_POLICY 125\r
1395 # define TS_R_UNSUPPORTED_MD_ALGORITHM 126\r
1396 # define TS_R_UNSUPPORTED_VERSION 113\r
1397+# define TS_R_VAR_BAD_VALUE 135\r
1398+# define TS_R_VAR_LOOKUP_FAILURE 136\r
1399 # define TS_R_WRONG_CONTENT_TYPE 114\r
1400 \r
1401 #ifdef __cplusplus\r
1402diff --git a/crypto/ts/ts_conf.c b/crypto/ts/ts_conf.c\r
1403index 4716b23..c4416ba 100644\r
1404--- a/crypto/ts/ts_conf.c\r
1405+++ b/crypto/ts/ts_conf.c\r
1406@@ -92,6 +92,7 @@\r
1407 \r
1408 /* Function definitions for certificate and key loading. */\r
1409 \r
1410+#ifndef OPENSSL_NO_STDIO\r
1411 X509 *TS_CONF_load_cert(const char *file)\r
1412 {\r
1413 BIO *cert = NULL;\r
1414@@ -102,7 +103,7 @@ X509 *TS_CONF_load_cert(const char *file)\r
1415 x = PEM_read_bio_X509_AUX(cert, NULL, NULL, NULL);\r
1416 end:\r
1417 if (x == NULL)\r
1418- fprintf(stderr, "unable to load certificate: %s\n", file);\r
1419+ TSerr(TS_F_TS_CONF_LOAD_CERT, TS_R_CANNOT_LOAD_CERT);\r
1420 BIO_free(cert);\r
1421 return x;\r
1422 }\r
1423@@ -129,7 +130,7 @@ STACK_OF(X509) *TS_CONF_load_certs(const char *file)\r
1424 }\r
1425 end:\r
1426 if (othercerts == NULL)\r
1427- fprintf(stderr, "unable to load certificates: %s\n", file);\r
1428+ TSerr(TS_F_TS_CONF_LOAD_CERTS, TS_R_CANNOT_LOAD_CERT);\r
1429 sk_X509_INFO_pop_free(allcerts, X509_INFO_free);\r
1430 BIO_free(certs);\r
1431 return othercerts;\r
1432@@ -145,21 +146,24 @@ EVP_PKEY *TS_CONF_load_key(const char *file, const char *pass)\r
1433 pkey = PEM_read_bio_PrivateKey(key, NULL, NULL, (char *)pass);\r
1434 end:\r
1435 if (pkey == NULL)\r
1436- fprintf(stderr, "unable to load private key: %s\n", file);\r
1437+ TSerr(TS_F_TS_CONF_LOAD_KEY, TS_R_CANNOT_LOAD_KEY);\r
1438 BIO_free(key);\r
1439 return pkey;\r
1440 }\r
1441+#endif /* !OPENSSL_NO_STDIO */\r
1442 \r
1443 /* Function definitions for handling configuration options. */\r
1444 \r
1445 static void TS_CONF_lookup_fail(const char *name, const char *tag)\r
1446 {\r
1447- fprintf(stderr, "variable lookup failed for %s::%s\n", name, tag);\r
1448+ TSerr(TS_F_TS_CONF_LOOKUP_FAIL, TS_R_VAR_LOOKUP_FAILURE);\r
1449+ ERR_add_error_data(3, name, "::", tag);\r
1450 }\r
1451 \r
1452 static void TS_CONF_invalid(const char *name, const char *tag)\r
1453 {\r
1454- fprintf(stderr, "invalid variable value for %s::%s\n", name, tag);\r
1455+ TSerr(TS_F_TS_CONF_INVALID, TS_R_VAR_BAD_VALUE);\r
1456+ ERR_add_error_data(3, name, "::", tag);\r
1457 }\r
1458 \r
1459 const char *TS_CONF_get_tsa_section(CONF *conf, const char *section)\r
1460@@ -237,6 +241,7 @@ int TS_CONF_set_default_engine(const char *name)\r
1461 \r
1462 #endif\r
1463 \r
1464+#ifndef OPENSSL_NO_STDIO\r
1465 int TS_CONF_set_signer_cert(CONF *conf, const char *section,\r
1466 const char *cert, TS_RESP_CTX *ctx)\r
1467 {\r
1468@@ -302,6 +307,7 @@ int TS_CONF_set_signer_key(CONF *conf, const char *section,\r
1469 EVP_PKEY_free(key_obj);\r
1470 return ret;\r
1471 }\r
1472+#endif /* !OPENSSL_NO_STDIO */\r
1473 \r
1474 int TS_CONF_set_def_policy(CONF *conf, const char *section,\r
1475 const char *policy, TS_RESP_CTX *ctx)\r
1476diff --git a/crypto/ts/ts_err.c b/crypto/ts/ts_err.c\r
1477index ff1abf4..3f5b78f 100644\r
1478--- a/crypto/ts/ts_err.c\r
1479+++ b/crypto/ts/ts_err.c\r
1480@@ -1,6 +1,6 @@\r
1481 /* crypto/ts/ts_err.c */\r
1482 /* ====================================================================\r
1483- * Copyright (c) 1999-2007 The OpenSSL Project. All rights reserved.\r
1484+ * Copyright (c) 1999-2015 The OpenSSL Project. All rights reserved.\r
1485 *\r
1486 * Redistribution and use in source and binary forms, with or without\r
1487 * modification, are permitted provided that the following conditions\r
1488@@ -87,6 +87,11 @@ static ERR_STRING_DATA TS_str_functs[] = {\r
1489 {ERR_FUNC(TS_F_TS_CHECK_SIGNING_CERTS), "TS_CHECK_SIGNING_CERTS"},\r
1490 {ERR_FUNC(TS_F_TS_CHECK_STATUS_INFO), "TS_CHECK_STATUS_INFO"},\r
1491 {ERR_FUNC(TS_F_TS_COMPUTE_IMPRINT), "TS_COMPUTE_IMPRINT"},\r
1492+ {ERR_FUNC(TS_F_TS_CONF_INVALID), "ts_CONF_invalid"},\r
1493+ {ERR_FUNC(TS_F_TS_CONF_LOAD_CERT), "TS_CONF_load_cert"},\r
1494+ {ERR_FUNC(TS_F_TS_CONF_LOAD_CERTS), "TS_CONF_load_certs"},\r
1495+ {ERR_FUNC(TS_F_TS_CONF_LOAD_KEY), "TS_CONF_load_key"},\r
1496+ {ERR_FUNC(TS_F_TS_CONF_LOOKUP_FAIL), "ts_CONF_lookup_fail"},\r
1497 {ERR_FUNC(TS_F_TS_CONF_SET_DEFAULT_ENGINE), "TS_CONF_set_default_engine"},\r
1498 {ERR_FUNC(TS_F_TS_GET_STATUS_TEXT), "TS_GET_STATUS_TEXT"},\r
1499 {ERR_FUNC(TS_F_TS_MSG_IMPRINT_SET_ALGO), "TS_MSG_IMPRINT_set_algo"},\r
1500@@ -132,6 +137,8 @@ static ERR_STRING_DATA TS_str_functs[] = {\r
1501 static ERR_STRING_DATA TS_str_reasons[] = {\r
1502 {ERR_REASON(TS_R_BAD_PKCS7_TYPE), "bad pkcs7 type"},\r
1503 {ERR_REASON(TS_R_BAD_TYPE), "bad type"},\r
1504+ {ERR_REASON(TS_R_CANNOT_LOAD_CERT), "cannot load certificate"},\r
1505+ {ERR_REASON(TS_R_CANNOT_LOAD_KEY), "cannot load private key"},\r
1506 {ERR_REASON(TS_R_CERTIFICATE_VERIFY_ERROR), "certificate verify error"},\r
1507 {ERR_REASON(TS_R_COULD_NOT_SET_ENGINE), "could not set engine"},\r
1508 {ERR_REASON(TS_R_COULD_NOT_SET_TIME), "could not set time"},\r
1509@@ -170,6 +177,8 @@ static ERR_STRING_DATA TS_str_reasons[] = {\r
1510 {ERR_REASON(TS_R_UNACCEPTABLE_POLICY), "unacceptable policy"},\r
1511 {ERR_REASON(TS_R_UNSUPPORTED_MD_ALGORITHM), "unsupported md algorithm"},\r
1512 {ERR_REASON(TS_R_UNSUPPORTED_VERSION), "unsupported version"},\r
1513+ {ERR_REASON(TS_R_VAR_BAD_VALUE), "var bad value"},\r
1514+ {ERR_REASON(TS_R_VAR_LOOKUP_FAILURE), "cannot find config variable"},\r
1515 {ERR_REASON(TS_R_WRONG_CONTENT_TYPE), "wrong content type"},\r
1516 {0, NULL}\r
1517 };\r
1518diff --git a/crypto/ui/ui_util.c b/crypto/ui/ui_util.c\r
1519index 0f29011..80dd40e 100644\r
1520--- a/crypto/ui/ui_util.c\r
1521+++ b/crypto/ui/ui_util.c\r
1522@@ -56,6 +56,10 @@\r
1523 #include <string.h>\r
1524 #include "ui_locl.h"\r
1525 \r
1526+#ifndef BUFSIZ\r
1527+#define BUFSIZ 256\r
1528+#endif\r
1529+\r
1530 int UI_UTIL_read_pw_string(char *buf, int length, const char *prompt,\r
1531 int verify)\r
1532 {\r
1533diff --git a/crypto/x509/by_dir.c b/crypto/x509/by_dir.c\r
1534index 9ee8f8d..64b052e 100644\r
1535--- a/crypto/x509/by_dir.c\r
1536+++ b/crypto/x509/by_dir.c\r
1537@@ -69,6 +69,8 @@\r
1538 # include <sys/stat.h>\r
1539 #endif\r
1540 \r
1541+#ifndef OPENSSL_NO_STDIO\r
1542+\r
1543 #include <openssl/lhash.h>\r
1544 #include <openssl/x509.h>\r
1545 \r
1546@@ -434,3 +436,5 @@ static int get_cert_by_subject(X509_LOOKUP *xl, int type, X509_NAME *name,\r
1547 BUF_MEM_free(b);\r
1548 return (ok);\r
1549 }\r
1550+\r
1551+#endif /* OPENSSL_NO_STDIO */\r
3f73ccb3 1552diff --git a/crypto/x509/x509_vfy.c b/crypto/x509/x509_vfy.c\r
ec3a1a11 1553index 4d34dba..25e8a89 100644\r
3f73ccb3
QL		 1554--- a/crypto/x509/x509_vfy.c\r
1555+++ b/crypto/x509/x509_vfy.c\r
ec3a1a11 1556@@ -950,6 +950,8 @@ static int check_crl_time(X509_STORE_CTX *ctx, X509_CRL *crl, int notify)\r
de0408be
DW		 1557 ctx->current_crl = crl;\r
1558 if (ctx->param->flags & X509_V_FLAG_USE_CHECK_TIME)\r
1559 ptime = &ctx->param->check_time;\r
1560+ else if (ctx->param->flags & X509_V_FLAG_NO_CHECK_TIME)\r
1561+ return 1;\r
1562 else\r
1563 ptime = NULL;\r
f93f78ea 1564 \r
ec3a1a11 1565@@ -1673,6 +1675,8 @@ static int check_cert_time(X509_STORE_CTX *ctx, X509 *x)\r
f93f78ea 1566 \r
de0408be
DW		 1567 if (ctx->param->flags & X509_V_FLAG_USE_CHECK_TIME)\r
1568 ptime = &ctx->param->check_time;\r
1569+ else if (ctx->param->flags & X509_V_FLAG_NO_CHECK_TIME)\r
1570+ return 1;\r
1571 else\r
1572 ptime = NULL;\r
f93f78ea 1573 \r
3f73ccb3 1574diff --git a/crypto/x509/x509_vfy.h b/crypto/x509/x509_vfy.h\r
ca6fa1fe 1575index 2663e1c..3790ef5 100644\r
3f73ccb3
QL		 1576--- a/crypto/x509/x509_vfy.h\r
1577+++ b/crypto/x509/x509_vfy.h\r
1578@@ -438,6 +438,8 @@ void X509_STORE_CTX_set_depth(X509_STORE_CTX *ctx, int depth);\r
de0408be
DW		 1579 * will force the behaviour to match that of previous versions.\r
1580 */\r
1581 # define X509_V_FLAG_NO_ALT_CHAINS 0x100000\r
1582+/* Do not check certificate/CRL validity against current time */\r
1583+# define X509_V_FLAG_NO_CHECK_TIME 0x200000\r
f93f78ea 1584 \r
de0408be
DW		 1585 # define X509_VP_FLAG_DEFAULT 0x1\r
1586 # define X509_VP_FLAG_OVERWRITE 0x2\r
ca6fa1fe
QL		 1587@@ -490,9 +492,10 @@ void X509_STORE_CTX_cleanup(X509_STORE_CTX *ctx);\r
1588 X509_STORE *X509_STORE_CTX_get0_store(X509_STORE_CTX *ctx);\r
1589 \r
1590 X509_LOOKUP *X509_STORE_add_lookup(X509_STORE *v, X509_LOOKUP_METHOD *m);\r
1591-\r
1592+#ifndef OPENSSL_NO_STDIO\r
1593 X509_LOOKUP_METHOD *X509_LOOKUP_hash_dir(void);\r
1594 X509_LOOKUP_METHOD *X509_LOOKUP_file(void);\r
1595+#endif\r
1596 \r
1597 int X509_STORE_add_cert(X509_STORE *ctx, X509 *x);\r
1598 int X509_STORE_add_crl(X509_STORE *ctx, X509_CRL *x);\r
3f73ccb3 1599diff --git a/crypto/x509v3/ext_dat.h b/crypto/x509v3/ext_dat.h\r
a62a7cc7 1600index c3a6fce..09ebbca 100644\r
3f73ccb3
QL		 1601--- a/crypto/x509v3/ext_dat.h\r
1602+++ b/crypto/x509v3/ext_dat.h\r
1603@@ -127,8 +127,10 @@ static const X509V3_EXT_METHOD *standard_exts[] = {\r
f93f78ea
QL		 1604 &v3_idp,\r
1605 &v3_alt[2],\r
1606 &v3_freshest_crl,\r
a62a7cc7 1607+#ifndef OPENSSL_NO_SCT\r
f93f78ea
QL		 1608 &v3_ct_scts[0],\r
1609 &v3_ct_scts[1],\r
1610+#endif\r
1611 };\r
1612 \r
1613 /* Number of standard extensions */\r
ca6fa1fe
QL		 1614diff --git a/crypto/x509v3/v3_pci.c b/crypto/x509v3/v3_pci.c\r
1615index 34cad53..12f12a7 100644\r
1616--- a/crypto/x509v3/v3_pci.c\r
1617+++ b/crypto/x509v3/v3_pci.c\r
1618@@ -149,6 +149,7 @@ static int process_pci_value(CONF_VALUE *val,\r
1619 goto err;\r
1620 }\r
1621 OPENSSL_free(tmp_data2);\r
1622+#ifndef OPENSSL_NO_STDIO\r
1623 } else if (strncmp(val->value, "file:", 5) == 0) {\r
1624 unsigned char buf[2048];\r
1625 int n;\r
1626@@ -181,6 +182,7 @@ static int process_pci_value(CONF_VALUE *val,\r
1627 X509V3_conf_err(val);\r
1628 goto err;\r
1629 }\r
1630+#endif /* !OPENSSL_NO_STDIO */\r
1631 } else if (strncmp(val->value, "text:", 5) == 0) {\r
1632 val_len = strlen(val->value + 5);\r
1633 tmp_data = OPENSSL_realloc((*policy)->data,\r
a62a7cc7
QL		 1634diff --git a/crypto/x509v3/v3_scts.c b/crypto/x509v3/v3_scts.c\r
1635index 0b7c681..1895b8f 100644\r
1636--- a/crypto/x509v3/v3_scts.c\r
1637+++ b/crypto/x509v3/v3_scts.c\r
1638@@ -61,6 +61,7 @@\r
1639 #include <openssl/asn1.h>\r
1640 #include <openssl/x509v3.h>\r
1641 \r
1642+#ifndef OPENSSL_NO_SCT\r
1643 /* Signature and hash algorithms from RFC 5246 */\r
1644 #define TLSEXT_hash_sha256 4\r
1645 \r
1646@@ -332,3 +333,4 @@ static int i2r_SCT_LIST(X509V3_EXT_METHOD *method, STACK_OF(SCT) *sct_list,\r
1647 \r
1648 return 1;\r
1649 }\r
1650+#endif\r
ca6fa1fe
QL		 1651diff --git a/crypto/x509v3/x509v3.h b/crypto/x509v3/x509v3.h\r
1652index f5c6156..a2e78aa 100644\r
1653--- a/crypto/x509v3/x509v3.h\r
1654+++ b/crypto/x509v3/x509v3.h\r
1655@@ -688,8 +688,9 @@ void X509V3_EXT_val_prn(BIO *out, STACK_OF(CONF_VALUE) *val, int indent,\r
1656 int ml);\r
1657 int X509V3_EXT_print(BIO *out, X509_EXTENSION *ext, unsigned long flag,\r
1658 int indent);\r
1659+#ifndef OPENSSL_NO_FP_API\r
1660 int X509V3_EXT_print_fp(FILE *out, X509_EXTENSION *ext, int flag, int indent);\r
1661-\r
1662+#endif\r
1663 int X509V3_extensions_print(BIO *out, char *title,\r
1664 STACK_OF(X509_EXTENSION) *exts,\r
1665 unsigned long flag, int indent);\r
e578aa19
QL		 1666diff --git a/demos/engines/cluster_labs/hw_cluster_labs_err.h b/demos/engines/cluster_labs/hw_cluster_labs_err.h\r
1667index 3300e11..e9e58d5 100644\r
1668--- a/demos/engines/cluster_labs/hw_cluster_labs_err.h\r
1669+++ b/demos/engines/cluster_labs/hw_cluster_labs_err.h\r
1670@@ -67,7 +67,7 @@ extern "C" {\r
1671 static void ERR_load_CL_strings(void);\r
1672 static void ERR_unload_CL_strings(void);\r
1673 static void ERR_CL_error(int function, int reason, char *file, int line);\r
1674-# define CLerr(f,r) ERR_CL_error((f),(r),__FILE__,__LINE__)\r
1675+# define CLerr(f,r) ERR_CL_error((f),(r),OPENSSL_FILE,OPENSSL_LINE)\r
1676 \r
1677 /* Error codes for the CL functions. */\r
1678 \r
1679diff --git a/demos/engines/ibmca/hw_ibmca_err.h b/demos/engines/ibmca/hw_ibmca_err.h\r
1680index c17e0c9..10d0212 100644\r
1681--- a/demos/engines/ibmca/hw_ibmca_err.h\r
1682+++ b/demos/engines/ibmca/hw_ibmca_err.h\r
1683@@ -67,7 +67,7 @@ extern "C" {\r
1684 static void ERR_load_IBMCA_strings(void);\r
1685 static void ERR_unload_IBMCA_strings(void);\r
1686 static void ERR_IBMCA_error(int function, int reason, char *file, int line);\r
1687-# define IBMCAerr(f,r) ERR_IBMCA_error((f),(r),__FILE__,__LINE__)\r
1688+# define IBMCAerr(f,r) ERR_IBMCA_error((f),(r),OPENSSL_FILE,OPENSSL_LINE)\r
1689 \r
1690 /* Error codes for the IBMCA functions. */\r
1691 \r
1692diff --git a/demos/engines/rsaref/rsaref_err.h b/demos/engines/rsaref/rsaref_err.h\r
1693index 4356815..598836f 100644\r
1694--- a/demos/engines/rsaref/rsaref_err.h\r
1695+++ b/demos/engines/rsaref/rsaref_err.h\r
1696@@ -68,7 +68,7 @@ extern "C" {\r
1697 static void ERR_load_RSAREF_strings(void);\r
1698 static void ERR_unload_RSAREF_strings(void);\r
1699 static void ERR_RSAREF_error(int function, int reason, char *file, int line);\r
1700-# define RSAREFerr(f,r) ERR_RSAREF_error((f),(r),__FILE__,__LINE__)\r
1701+# define RSAREFerr(f,r) ERR_RSAREF_error((f),(r),OPENSSL_FILE,OPENSSL_LINE)\r
1702 /* Error codes for the RSAREF functions. */\r
1703 \r
1704 /* Function codes. */\r
1705diff --git a/demos/engines/zencod/hw_zencod_err.h b/demos/engines/zencod/hw_zencod_err.h\r
1706index f4a8358..94d3293 100644\r
1707--- a/demos/engines/zencod/hw_zencod_err.h\r
1708+++ b/demos/engines/zencod/hw_zencod_err.h\r
1709@@ -67,7 +67,7 @@ extern "C" {\r
1710 static void ERR_load_ZENCOD_strings(void);\r
1711 static void ERR_unload_ZENCOD_strings(void);\r
1712 static void ERR_ZENCOD_error(int function, int reason, char *file, int line);\r
1713-# define ZENCODerr(f,r) ERR_ZENCOD_error((f),(r),__FILE__,__LINE__)\r
1714+# define ZENCODerr(f,r) ERR_ZENCOD_error((f),(r),OPENSSL_FILE,OPENSSL_LINE)\r
1715 \r
1716 /* Error codes for the ZENCOD functions. */\r
1717 \r
e94546e7
QL		 1718diff --git a/doc/crypto/X509_VERIFY_PARAM_set_flags.pod b/doc/crypto/X509_VERIFY_PARAM_set_flags.pod\r
1719index 44792f9..7f95d58 100644\r
1720--- a/doc/crypto/X509_VERIFY_PARAM_set_flags.pod\r
1721+++ b/doc/crypto/X509_VERIFY_PARAM_set_flags.pod\r
1722@@ -203,6 +203,10 @@ chain found is not trusted, then OpenSSL will continue to check to see if an\r
1723 alternative chain can be found that is trusted. With this flag set the behaviour\r
1724 will match that of OpenSSL versions prior to 1.0.2b.\r
1725 \r
1726+The B<X509_V_FLAG_NO_CHECK_TIME> flag suppresses checking the validity period\r
1727+of certificates and CRLs against the current time. If X509_VERIFY_PARAM_set_time()\r
1728+is used to specify a verification time, the check is not suppressed.\r
1729+\r
1730 =head1 NOTES\r
1731 \r
1732 The above functions should be used to manipulate verification parameters\r
e578aa19
QL		 1733diff --git a/doc/crypto/threads.pod b/doc/crypto/threads.pod\r
1734index dc0e939..fe123bb 100644\r
1735--- a/doc/crypto/threads.pod\r
1736+++ b/doc/crypto/threads.pod\r
1737@@ -51,15 +51,15 @@ CRYPTO_destroy_dynlockid, CRYPTO_lock - OpenSSL thread support\r
1738 void CRYPTO_lock(int mode, int n, const char *file, int line);\r
1739 \r
1740 #define CRYPTO_w_lock(type) \\r
1741- CRYPTO_lock(CRYPTO_LOCK|CRYPTO_WRITE,type,__FILE__,__LINE__)\r
1742+ CRYPTO_lock(CRYPTO_LOCK|CRYPTO_WRITE,type,OPENSSL_FILE,OPENSSL_LINE)\r
1743 #define CRYPTO_w_unlock(type) \\r
1744- CRYPTO_lock(CRYPTO_UNLOCK|CRYPTO_WRITE,type,__FILE__,__LINE__)\r
1745+ CRYPTO_lock(CRYPTO_UNLOCK|CRYPTO_WRITE,type,OPENSSL_FILE,OPENSSL_LINE)\r
1746 #define CRYPTO_r_lock(type) \\r
1747- CRYPTO_lock(CRYPTO_LOCK|CRYPTO_READ,type,__FILE__,__LINE__)\r
1748+ CRYPTO_lock(CRYPTO_LOCK|CRYPTO_READ,type,OPENSSL_FILE,OPENSSL_LINE)\r
1749 #define CRYPTO_r_unlock(type) \\r
1750- CRYPTO_lock(CRYPTO_UNLOCK|CRYPTO_READ,type,__FILE__,__LINE__)\r
1751+ CRYPTO_lock(CRYPTO_UNLOCK|CRYPTO_READ,type,OPENSSL_FILE,OPENSSL_LINE)\r
1752 #define CRYPTO_add(addr,amount,type) \\r
1753- CRYPTO_add_lock(addr,amount,type,__FILE__,__LINE__)\r
1754+ CRYPTO_add_lock(addr,amount,type,OPENSSL_FILE,OPENSSL_LINE)\r
1755 \r
1756 =head1 DESCRIPTION\r
1757 \r
3f73ccb3
QL		 1758diff --git a/e_os.h b/e_os.h\r
1759index 1fa36c1..3e9dae2 100644\r
1760--- a/e_os.h\r
1761+++ b/e_os.h\r
1762@@ -136,7 +136,7 @@ extern "C" {\r
97468ab9
DW		 1763 # define MSDOS\r
1764 # endif\r
1765 \r
1766-# if defined(MSDOS) && !defined(GETPID_IS_MEANINGLESS)\r
1767+# if (defined(MSDOS) || defined(OPENSSL_SYS_UEFI)) && !defined(GETPID_IS_MEANINGLESS)\r
1768 # define GETPID_IS_MEANINGLESS\r
1769 # endif\r
1770 \r
3f73ccb3
QL		 1771diff --git a/e_os2.h b/e_os2.h\r
1772index 7be9989..909e22f 100644\r
1773--- a/e_os2.h\r
1774+++ b/e_os2.h\r
1775@@ -97,7 +97,14 @@ extern "C" {\r
3b21958b
DW		 1776 * For 32 bit environment, there seems to be the CygWin environment and then\r
1777 * all the others that try to do the same thing Microsoft does...\r
1778 */\r
1779-# if defined(OPENSSL_SYSNAME_UWIN)\r
1780+/*\r
1781+ * UEFI lives here because it might be built with a Microsoft toolchain and\r
1782+ * we need to avoid the false positive match on Windows.\r
1783+ */\r
1784+# if defined(OPENSSL_SYSNAME_UEFI)\r
1785+# undef OPENSSL_SYS_UNIX\r
1786+# define OPENSSL_SYS_UEFI\r
1787+# elif defined(OPENSSL_SYSNAME_UWIN)\r
1788 # undef OPENSSL_SYS_UNIX\r
1789 # define OPENSSL_SYS_WIN32_UWIN\r
1790 # else\r
e578aa19
QL		 1791diff --git a/engines/ccgost/e_gost_err.h b/engines/ccgost/e_gost_err.h\r
1792index a2018ec..9eacdcf 100644\r
1793--- a/engines/ccgost/e_gost_err.h\r
1794+++ b/engines/ccgost/e_gost_err.h\r
1795@@ -67,7 +67,7 @@ extern "C" {\r
1796 void ERR_load_GOST_strings(void);\r
1797 void ERR_unload_GOST_strings(void);\r
1798 void ERR_GOST_error(int function, int reason, char *file, int line);\r
1799-# define GOSTerr(f,r) ERR_GOST_error((f),(r),__FILE__,__LINE__)\r
1800+# define GOSTerr(f,r) ERR_GOST_error((f),(r),OPENSSL_FILE,OPENSSL_LINE)\r
1801 \r
1802 /* Error codes for the GOST functions. */\r
1803 \r
1804diff --git a/engines/e_4758cca_err.h b/engines/e_4758cca_err.h\r
1805index 2f29d96..47a2635 100644\r
1806--- a/engines/e_4758cca_err.h\r
1807+++ b/engines/e_4758cca_err.h\r
1808@@ -67,7 +67,7 @@ extern "C" {\r
1809 static void ERR_load_CCA4758_strings(void);\r
1810 static void ERR_unload_CCA4758_strings(void);\r
1811 static void ERR_CCA4758_error(int function, int reason, char *file, int line);\r
1812-# define CCA4758err(f,r) ERR_CCA4758_error((f),(r),__FILE__,__LINE__)\r
1813+# define CCA4758err(f,r) ERR_CCA4758_error((f),(r),OPENSSL_FILE,OPENSSL_LINE)\r
1814 \r
1815 /* Error codes for the CCA4758 functions. */\r
1816 \r
1817diff --git a/engines/e_aep_err.h b/engines/e_aep_err.h\r
1818index 2ed0114..1f8fa5b 100644\r
1819--- a/engines/e_aep_err.h\r
1820+++ b/engines/e_aep_err.h\r
1821@@ -67,7 +67,7 @@ extern "C" {\r
1822 static void ERR_load_AEPHK_strings(void);\r
1823 static void ERR_unload_AEPHK_strings(void);\r
1824 static void ERR_AEPHK_error(int function, int reason, char *file, int line);\r
1825-# define AEPHKerr(f,r) ERR_AEPHK_error((f),(r),__FILE__,__LINE__)\r
1826+# define AEPHKerr(f,r) ERR_AEPHK_error((f),(r),OPENSSL_FILE,OPENSSL_LINE)\r
1827 \r
1828 /* Error codes for the AEPHK functions. */\r
1829 \r
1830diff --git a/engines/e_atalla_err.h b/engines/e_atalla_err.h\r
1831index 7b71eff..d958496 100644\r
1832--- a/engines/e_atalla_err.h\r
1833+++ b/engines/e_atalla_err.h\r
1834@@ -67,7 +67,7 @@ extern "C" {\r
1835 static void ERR_load_ATALLA_strings(void);\r
1836 static void ERR_unload_ATALLA_strings(void);\r
1837 static void ERR_ATALLA_error(int function, int reason, char *file, int line);\r
1838-# define ATALLAerr(f,r) ERR_ATALLA_error((f),(r),__FILE__,__LINE__)\r
1839+# define ATALLAerr(f,r) ERR_ATALLA_error((f),(r),OPENSSL_FILE,OPENSSL_LINE)\r
1840 \r
1841 /* Error codes for the ATALLA functions. */\r
1842 \r
1843diff --git a/engines/e_capi_err.h b/engines/e_capi_err.h\r
1844index b5d06dc..cfe46b1 100644\r
1845--- a/engines/e_capi_err.h\r
1846+++ b/engines/e_capi_err.h\r
1847@@ -67,7 +67,7 @@ extern "C" {\r
1848 static void ERR_load_CAPI_strings(void);\r
1849 static void ERR_unload_CAPI_strings(void);\r
1850 static void ERR_CAPI_error(int function, int reason, char *file, int line);\r
1851-# define CAPIerr(f,r) ERR_CAPI_error((f),(r),__FILE__,__LINE__)\r
1852+# define CAPIerr(f,r) ERR_CAPI_error((f),(r),OPENSSL_FILE,OPENSSL_LINE)\r
1853 \r
1854 /* Error codes for the CAPI functions. */\r
1855 \r
1856diff --git a/engines/e_chil_err.h b/engines/e_chil_err.h\r
1857index d86a4ce..3d961b9 100644\r
1858--- a/engines/e_chil_err.h\r
1859+++ b/engines/e_chil_err.h\r
1860@@ -67,7 +67,7 @@ extern "C" {\r
1861 static void ERR_load_HWCRHK_strings(void);\r
1862 static void ERR_unload_HWCRHK_strings(void);\r
1863 static void ERR_HWCRHK_error(int function, int reason, char *file, int line);\r
1864-# define HWCRHKerr(f,r) ERR_HWCRHK_error((f),(r),__FILE__,__LINE__)\r
1865+# define HWCRHKerr(f,r) ERR_HWCRHK_error((f),(r),OPENSSL_FILE,OPENSSL_LINE)\r
1866 \r
1867 /* Error codes for the HWCRHK functions. */\r
1868 \r
1869diff --git a/engines/e_cswift_err.h b/engines/e_cswift_err.h\r
1870index fde3a82..7c20691 100644\r
1871--- a/engines/e_cswift_err.h\r
1872+++ b/engines/e_cswift_err.h\r
1873@@ -67,7 +67,7 @@ extern "C" {\r
1874 static void ERR_load_CSWIFT_strings(void);\r
1875 static void ERR_unload_CSWIFT_strings(void);\r
1876 static void ERR_CSWIFT_error(int function, int reason, char *file, int line);\r
1877-# define CSWIFTerr(f,r) ERR_CSWIFT_error((f),(r),__FILE__,__LINE__)\r
1878+# define CSWIFTerr(f,r) ERR_CSWIFT_error((f),(r),OPENSSL_FILE,OPENSSL_LINE)\r
1879 \r
1880 /* Error codes for the CSWIFT functions. */\r
1881 \r
1882diff --git a/engines/e_gmp_err.h b/engines/e_gmp_err.h\r
1883index 637abbc..ccaf3da 100644\r
1884--- a/engines/e_gmp_err.h\r
1885+++ b/engines/e_gmp_err.h\r
1886@@ -67,7 +67,7 @@ extern "C" {\r
1887 static void ERR_load_GMP_strings(void);\r
1888 static void ERR_unload_GMP_strings(void);\r
1889 static void ERR_GMP_error(int function, int reason, char *file, int line);\r
1890-# define GMPerr(f,r) ERR_GMP_error((f),(r),__FILE__,__LINE__)\r
1891+# define GMPerr(f,r) ERR_GMP_error((f),(r),OPENSSL_FILE,OPENSSL_LINE)\r
1892 \r
1893 /* Error codes for the GMP functions. */\r
1894 \r
1895diff --git a/engines/e_nuron_err.h b/engines/e_nuron_err.h\r
1896index aa7849c..e607d3e 100644\r
1897--- a/engines/e_nuron_err.h\r
1898+++ b/engines/e_nuron_err.h\r
1899@@ -67,7 +67,7 @@ extern "C" {\r
1900 static void ERR_load_NURON_strings(void);\r
1901 static void ERR_unload_NURON_strings(void);\r
1902 static void ERR_NURON_error(int function, int reason, char *file, int line);\r
1903-# define NURONerr(f,r) ERR_NURON_error((f),(r),__FILE__,__LINE__)\r
1904+# define NURONerr(f,r) ERR_NURON_error((f),(r),OPENSSL_FILE,OPENSSL_LINE)\r
1905 \r
1906 /* Error codes for the NURON functions. */\r
1907 \r
1908diff --git a/engines/e_sureware_err.h b/engines/e_sureware_err.h\r
1909index bef8623..54f2848 100644\r
1910--- a/engines/e_sureware_err.h\r
1911+++ b/engines/e_sureware_err.h\r
1912@@ -68,7 +68,7 @@ static void ERR_load_SUREWARE_strings(void);\r
1913 static void ERR_unload_SUREWARE_strings(void);\r
1914 static void ERR_SUREWARE_error(int function, int reason, char *file,\r
1915 int line);\r
1916-# define SUREWAREerr(f,r) ERR_SUREWARE_error((f),(r),__FILE__,__LINE__)\r
1917+# define SUREWAREerr(f,r) ERR_SUREWARE_error((f),(r),OPENSSL_FILE,OPENSSL_LINE)\r
1918 \r
1919 /* Error codes for the SUREWARE functions. */\r
1920 \r
1921diff --git a/engines/e_ubsec_err.h b/engines/e_ubsec_err.h\r
1922index c8aec7c..67110ed 100644\r
1923--- a/engines/e_ubsec_err.h\r
1924+++ b/engines/e_ubsec_err.h\r
1925@@ -67,7 +67,7 @@ extern "C" {\r
1926 static void ERR_load_UBSEC_strings(void);\r
1927 static void ERR_unload_UBSEC_strings(void);\r
1928 static void ERR_UBSEC_error(int function, int reason, char *file, int line);\r
1929-# define UBSECerr(f,r) ERR_UBSEC_error((f),(r),__FILE__,__LINE__)\r
1930+# define UBSECerr(f,r) ERR_UBSEC_error((f),(r),OPENSSL_FILE,OPENSSL_LINE)\r
1931 \r
1932 /* Error codes for the UBSEC functions. */\r
1933 \r
a62a7cc7
QL		 1934diff --git a/makevms.com b/makevms.com\r
1935index f6b3ff2..1dcbe36 100755\r
1936--- a/makevms.com\r
1937+++ b/makevms.com\r
1938@@ -293,6 +293,7 @@ $ CONFIG_LOGICALS := AES,-\r
1939 RFC3779,-\r
1940 RIPEMD,-\r
1941 RSA,-\r
1942+ SCT,-\r
1943 SCTP,-\r
1944 SEED,-\r
1945 SHA,-\r
e578aa19 1946diff --git a/ssl/d1_both.c b/ssl/d1_both.c\r
8ff7187c 1947index 5d26c94..ee3f49b 100644\r
e578aa19
QL		 1948--- a/ssl/d1_both.c\r
1949+++ b/ssl/d1_both.c\r
1950@@ -1053,7 +1053,7 @@ int dtls1_send_change_cipher_spec(SSL *s, int a, int b)\r
1951 int dtls1_read_failed(SSL *s, int code)\r
1952 {\r
1953 if (code > 0) {\r
1954- fprintf(stderr, "invalid state reached %s:%d", __FILE__, __LINE__);\r
1955+ fprintf(stderr, "dtls1_read_failed(); invalid state reached\n");\r
1956 return 1;\r
1957 }\r
1958 \r
1959diff --git a/ssl/ssl_asn1.c b/ssl/ssl_asn1.c\r
1960index 35cc27c..a1f5335 100644\r
1961--- a/ssl/ssl_asn1.c\r
1962+++ b/ssl/ssl_asn1.c\r
1963@@ -418,7 +418,7 @@ SSL_SESSION *d2i_SSL_SESSION(SSL_SESSION **a, const unsigned char **pp,\r
1964 if (ssl_version == SSL2_VERSION) {\r
1965 if (os.length != 3) {\r
1966 c.error = SSL_R_CIPHER_CODE_WRONG_LENGTH;\r
1967- c.line = __LINE__;\r
1968+ c.line = OPENSSL_LINE;\r
1969 goto err;\r
1970 }\r
1971 id = 0x02000000L |\r
1972@@ -429,14 +429,14 @@ SSL_SESSION *d2i_SSL_SESSION(SSL_SESSION **a, const unsigned char **pp,\r
1973 || ssl_version == DTLS1_BAD_VER) {\r
1974 if (os.length != 2) {\r
1975 c.error = SSL_R_CIPHER_CODE_WRONG_LENGTH;\r
1976- c.line = __LINE__;\r
1977+ c.line = OPENSSL_LINE;\r
1978 goto err;\r
1979 }\r
1980 id = 0x03000000L |\r
1981 ((unsigned long)os.data[0] << 8L) | (unsigned long)os.data[1];\r
1982 } else {\r
1983 c.error = SSL_R_UNKNOWN_SSL_VERSION;\r
1984- c.line = __LINE__;\r
1985+ c.line = OPENSSL_LINE;\r
1986 goto err;\r
1987 }\r
1988 \r
1989@@ -526,7 +526,7 @@ SSL_SESSION *d2i_SSL_SESSION(SSL_SESSION **a, const unsigned char **pp,\r
1990 if (os.data != NULL) {\r
1991 if (os.length > SSL_MAX_SID_CTX_LENGTH) {\r
1992 c.error = SSL_R_BAD_LENGTH;\r
1993- c.line = __LINE__;\r
1994+ c.line = OPENSSL_LINE;\r
1995 goto err;\r
1996 } else {\r
1997 ret->sid_ctx_length = os.length;\r
ca6fa1fe 1998diff --git a/ssl/ssl_cert.c b/ssl/ssl_cert.c\r
8ff7187c 1999index f48ebae..ac4f08c 100644\r
ca6fa1fe
QL		 2000--- a/ssl/ssl_cert.c\r
2001+++ b/ssl/ssl_cert.c\r
8ff7187c 2002@@ -857,12 +857,12 @@ int SSL_CTX_add_client_CA(SSL_CTX *ctx, X509 *x)\r
ca6fa1fe
QL		 2003 return (add_client_CA(&(ctx->client_CA), x));\r
2004 }\r
2005 \r
2006+#ifndef OPENSSL_NO_STDIO\r
ca6fa1fe
QL		 2007 static int xname_cmp(const X509_NAME *const *a, const X509_NAME *const *b)\r
2008 {\r
2009 return (X509_NAME_cmp(*a, *b));\r
2010 }\r
2011 \r
2012-#ifndef OPENSSL_NO_STDIO\r
2013 /**\r
2014 * Load CA certs from a file into a ::STACK. Note that it is somewhat misnamed;\r
2015 * it doesn't really have anything to do with clients (except that a common use\r
8ff7187c 2016@@ -930,7 +930,6 @@ STACK_OF(X509_NAME) *SSL_load_client_CA_file(const char *file)\r
ca6fa1fe
QL		 2017 ERR_clear_error();\r
2018 return (ret);\r
2019 }\r
2020-#endif\r
2021 \r
2022 /**\r
2023 * Add a file of certs to a stack.\r
8ff7187c 2024@@ -1050,6 +1049,7 @@ int SSL_add_dir_cert_subjects_to_stack(STACK_OF(X509_NAME) *stack,\r
ca6fa1fe
QL		 2025 CRYPTO_w_unlock(CRYPTO_LOCK_READDIR);\r
2026 return ret;\r
2027 }\r
2028+#endif /* !OPENSSL_NO_STDIO */\r
2029 \r
2030 /* Add a certificate to a BUF_MEM structure */\r
2031 \r
2032diff --git a/ssl/ssl_conf.c b/ssl/ssl_conf.c\r
ec3a1a11 2033index 8d3709d..2bb403b 100644\r
ca6fa1fe
QL		 2034--- a/ssl/ssl_conf.c\r
2035+++ b/ssl/ssl_conf.c\r
ec3a1a11 2036@@ -370,6 +370,7 @@ static int cmd_Options(SSL_CONF_CTX *cctx, const char *value)\r
ca6fa1fe
QL		 2037 return CONF_parse_list(value, ',', 1, ssl_set_option_list, cctx);\r
2038 }\r
2039 \r
2040+#ifndef OPENSSL_NO_STDIO\r
2041 static int cmd_Certificate(SSL_CONF_CTX *cctx, const char *value)\r
2042 {\r
2043 int rv = 1;\r
ec3a1a11 2044@@ -436,7 +437,9 @@ static int cmd_DHParameters(SSL_CONF_CTX *cctx, const char *value)\r
ca6fa1fe
QL		 2045 BIO_free(in);\r
2046 return rv > 0;\r
2047 }\r
2048-#endif\r
2049+#endif /* !OPENSSL_NO_DH */\r
2050+#endif /* !OPENSSL_NO_STDIO */\r
2051+\r
2052 typedef struct {\r
2053 int (*cmd) (SSL_CONF_CTX *cctx, const char *value);\r
2054 const char *str_file;\r
ec3a1a11 2055@@ -462,12 +465,14 @@ static const ssl_conf_cmd_tbl ssl_conf_cmds[] = {\r
ca6fa1fe
QL		 2056 SSL_CONF_CMD_STRING(CipherString, "cipher"),\r
2057 SSL_CONF_CMD_STRING(Protocol, NULL),\r
2058 SSL_CONF_CMD_STRING(Options, NULL),\r
2059+#ifndef OPENSSL_NO_STDIO\r
2060 SSL_CONF_CMD(Certificate, "cert", SSL_CONF_TYPE_FILE),\r
2061 SSL_CONF_CMD(PrivateKey, "key", SSL_CONF_TYPE_FILE),\r
2062 SSL_CONF_CMD(ServerInfoFile, NULL, SSL_CONF_TYPE_FILE),\r
2063 #ifndef OPENSSL_NO_DH\r
2064 SSL_CONF_CMD(DHParameters, "dhparam", SSL_CONF_TYPE_FILE)\r
2065 #endif\r
2066+#endif\r
2067 };\r
2068 \r
2069 static int ssl_conf_cmd_skip_prefix(SSL_CONF_CTX *cctx, const char **pcmd)\r
e578aa19
QL		 2070diff --git a/ssl/t1_enc.c b/ssl/t1_enc.c\r
2071index 514fcb3..2a54cc9 100644\r
2072--- a/ssl/t1_enc.c\r
2073+++ b/ssl/t1_enc.c\r
2074@@ -780,9 +780,7 @@ int tls1_enc(SSL *s, int send)\r
2075 * we can't write into the input stream: Can this ever\r
2076 * happen?? (steve)\r
2077 */\r
2078- fprintf(stderr,\r
2079- "%s:%d: rec->data != rec->input\n",\r
2080- __FILE__, __LINE__);\r
2081+ fprintf(stderr, "tls1_enc: rec->data != rec->input\n");\r
2082 else if (RAND_bytes(rec->input, ivlen) <= 0)\r
2083 return -1;\r
2084 }\r
f0e3cd19
QL		 2085diff --git a/test/cms-test.pl b/test/cms-test.pl\r
2086index baa3b59..1ee3f02 100644\r
2087--- a/test/cms-test.pl\r
2088+++ b/test/cms-test.pl\r
2089@@ -100,6 +100,13 @@ my $no_ec2m;\r
2090 my $no_ecdh;\r
2091 my $ossl8 = `$ossl_path version -v` =~ /0\.9\.8/;\r
2092 \r
2093+system ("$ossl_path no-cms > $null_path");\r
2094+if ($? == 0)\r
2095+ {\r
2096+ print "CMS disabled\n";\r
2097+ exit 0;\r
2098+ }\r
2099+\r
2100 system ("$ossl_path no-ec > $null_path");\r
2101 if ($? == 0)\r
2102 {\r
2103diff --git a/util/libeay.num b/util/libeay.num\r
8ff7187c 2104index 2094ab3..992abb2 100755\r
f0e3cd19
QL		 2105--- a/util/libeay.num\r
2106+++ b/util/libeay.num\r
ec3a1a11 2107@@ -4370,7 +4370,7 @@ DH_compute_key_padded 4732 EXIST::FUNCTION:DH\r
f0e3cd19
QL		 2108 ECDSA_METHOD_set_sign 4733 EXIST::FUNCTION:ECDSA\r
2109 CMS_RecipientEncryptedKey_cert_cmp 4734 EXIST:!VMS:FUNCTION:CMS\r
2110 CMS_RecipEncryptedKey_cert_cmp 4734 EXIST:VMS:FUNCTION:CMS\r
2111-DH_KDF_X9_42 4735 EXIST::FUNCTION:DH\r
2112+DH_KDF_X9_42 4735 EXIST::FUNCTION:CMS,DH\r
2113 RSA_OAEP_PARAMS_free 4736 EXIST::FUNCTION:RSA\r
2114 EVP_des_ede3_wrap 4737 EXIST::FUNCTION:DES\r
2115 RSA_OAEP_PARAMS_it 4738 EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:RSA\r
a62a7cc7 2116diff --git a/util/mkdef.pl b/util/mkdef.pl\r
8ff7187c 2117index b9b159a..9841498 100755\r
a62a7cc7
QL		 2118--- a/util/mkdef.pl\r
2119+++ b/util/mkdef.pl\r
2120@@ -97,6 +97,8 @@ my @known_algorithms = ( "RC2", "RC4", "RC5", "IDEA", "DES", "BF",\r
2121 "FP_API", "STDIO", "SOCK", "KRB5", "DGRAM",\r
2122 # Engines\r
2123 "STATIC_ENGINE", "ENGINE", "HW", "GMP",\r
2124+ # X.509v3 Signed Certificate Timestamps\r
2125+ "SCT",\r
2126 # RFC3779\r
2127 "RFC3779",\r
2128 # TLS\r
8ff7187c 2129@@ -144,7 +146,7 @@ my $no_md2; my $no_md4; my $no_md5; my $no_sha; my $no_ripemd; my $no_mdc2;\r
a62a7cc7
QL		 2130 my $no_rsa; my $no_dsa; my $no_dh; my $no_hmac=0; my $no_aes; my $no_krb5;\r
2131 my $no_ec; my $no_ecdsa; my $no_ecdh; my $no_engine; my $no_hw;\r
2132 my $no_fp_api; my $no_static_engine=1; my $no_gmp; my $no_deprecated;\r
2133-my $no_rfc3779; my $no_psk; my $no_tlsext; my $no_cms; my $no_capieng;\r
2134+my $no_sct; my $no_rfc3779; my $no_psk; my $no_tlsext; my $no_cms; my $no_capieng;\r
2135 my $no_jpake; my $no_srp; my $no_ssl2; my $no_ec2m; my $no_nistp_gcc; \r
2136 my $no_nextprotoneg; my $no_sctp; my $no_srtp; my $no_ssl_trace;\r
8ff7187c
QL		 2137 my $no_unit_test; my $no_ssl3_method; my $no_ssl2_method;\r
2138@@ -235,6 +237,7 @@ foreach (@ARGV, split(/ /, $options))\r
a62a7cc7
QL		 2139 elsif (/^no-engine$/) { $no_engine=1; }\r
2140 elsif (/^no-hw$/) { $no_hw=1; }\r
2141 elsif (/^no-gmp$/) { $no_gmp=1; }\r
2142+ elsif (/^no-sct$/) { $no_sct=1; }\r
2143 elsif (/^no-rfc3779$/) { $no_rfc3779=1; }\r
2144 elsif (/^no-tlsext$/) { $no_tlsext=1; }\r
2145 elsif (/^no-cms$/) { $no_cms=1; }\r
8ff7187c 2146@@ -1209,6 +1212,7 @@ sub is_valid\r
a62a7cc7
QL		 2147 if ($keyword eq "FP_API" && $no_fp_api) { return 0; }\r
2148 if ($keyword eq "STATIC_ENGINE" && $no_static_engine) { return 0; }\r
2149 if ($keyword eq "GMP" && $no_gmp) { return 0; }\r
2150+ if ($keyword eq "SCT" && $no_sct) { return 0; }\r
2151 if ($keyword eq "RFC3779" && $no_rfc3779) { return 0; }\r
2152 if ($keyword eq "TLSEXT" && $no_tlsext) { return 0; }\r
2153 if ($keyword eq "PSK" && $no_psk) { return 0; }\r
e578aa19
QL		 2154diff --git a/util/mkerr.pl b/util/mkerr.pl\r
2155index 09ebebe..cd57ade 100644\r
2156--- a/util/mkerr.pl\r
2157+++ b/util/mkerr.pl\r
2158@@ -89,7 +89,7 @@ Options:\r
2159 void ERR_load_<LIB>_strings(void);\r
2160 void ERR_unload_<LIB>_strings(void);\r
2161 void ERR_<LIB>_error(int f, int r, char *fn, int ln);\r
2162- #define <LIB>err(f,r) ERR_<LIB>_error(f,r,__FILE__,__LINE__)\r
2163+ #define <LIB>err(f,r) ERR_<LIB>_error(f,r,OPENSSL_FILE,OPENSSL_LINE)\r
2164 while the code facilitates the use of these in an environment\r
2165 where the error support routines are dynamically loaded at \r
2166 runtime.\r
2167@@ -474,7 +474,7 @@ EOF\r
2168 ${staticloader}void ERR_load_${lib}_strings(void);\r
2169 ${staticloader}void ERR_unload_${lib}_strings(void);\r
2170 ${staticloader}void ERR_${lib}_error(int function, int reason, char *file, int line);\r
2171-# define ${lib}err(f,r) ERR_${lib}_error((f),(r),__FILE__,__LINE__)\r
2172+# define ${lib}err(f,r) ERR_${lib}_error((f),(r),OPENSSL_FILE,OPENSSL_LINE)\r
2173 \r
2174 EOF\r
2175 }\r
EFI Development Kit II mirror for PVE