1 diff --git a/Configure b/Configure
2 index 4a715dc..eb61eda 100755
5 @@ -1082,7 +1082,7 @@ if (defined($disabled{"tls1"}))
8 if (defined($disabled{"ec"}) || defined($disabled{"dsa"})
9 - || defined($disabled{"dh"}))
10 + || defined($disabled{"dh"}) || defined($disabled{"stdio"}))
12 $disabled{"gost"} = "forced";
14 diff --git a/apps/apps.c b/apps/apps.c
15 index 2e77805..e21e759 100644
18 @@ -2374,6 +2374,8 @@ int args_verify(char ***pargs, int *pargc,
19 flags |= X509_V_FLAG_PARTIAL_CHAIN;
20 else if (!strcmp(arg, "-no_alt_chains"))
21 flags |= X509_V_FLAG_NO_ALT_CHAINS;
22 + else if (!strcmp(arg, "-no_check_time"))
23 + flags |= X509_V_FLAG_NO_CHECK_TIME;
27 diff --git a/crypto/asn1/a_strex.c b/crypto/asn1/a_strex.c
28 index 35fd44c..9f39bff 100644
29 --- a/crypto/asn1/a_strex.c
30 +++ b/crypto/asn1/a_strex.c
31 @@ -104,6 +104,7 @@ static int send_bio_chars(void *arg, const void *buf, int len)
35 +#ifndef OPENSSL_NO_FP_API
36 static int send_fp_chars(void *arg, const void *buf, int len)
39 @@ -112,6 +113,7 @@ static int send_fp_chars(void *arg, const void *buf, int len)
45 typedef int char_io (void *arg, const void *buf, int len);
47 diff --git a/crypto/asn1/asn1_mac.h b/crypto/asn1/asn1_mac.h
48 index abc6dc3..3a672e9 100644
49 --- a/crypto/asn1/asn1_mac.h
50 +++ b/crypto/asn1/asn1_mac.h
51 @@ -70,7 +70,7 @@ extern "C" {
54 # define ASN1_MAC_H_err(f,r,line) \
55 - ERR_PUT_error(ASN1_MAC_ERR_LIB,(f),(r),__FILE__,(line))
56 + ERR_PUT_error(ASN1_MAC_ERR_LIB,(f),(r),OPENSSL_FILE,(line))
58 # define M_ASN1_D2I_vars(a,type,func) \
60 @@ -81,7 +81,7 @@ extern "C" {
61 c.error=ERR_R_NESTED_ASN1_ERROR; \
62 if ((a == NULL) || ((*a) == NULL)) \
63 { if ((ret=(type)func()) == NULL) \
64 - { c.line=__LINE__; goto err; } } \
65 + { c.line=OPENSSL_LINE; goto err; } } \
68 # define M_ASN1_D2I_Init() \
69 @@ -90,7 +90,7 @@ extern "C" {
71 # define M_ASN1_D2I_Finish_2(a) \
72 if (!asn1_const_Finish(&c)) \
73 - { c.line=__LINE__; goto err; } \
74 + { c.line=OPENSSL_LINE; goto err; } \
75 *(const unsigned char **)pp=c.p; \
76 if (a != NULL) (*a)=ret; \
78 @@ -105,7 +105,7 @@ err:\
80 # define M_ASN1_D2I_start_sequence() \
81 if (!asn1_GetSequence(&c,&length)) \
82 - { c.line=__LINE__; goto err; }
83 + { c.line=OPENSSL_LINE; goto err; }
84 /* Begin reading ASN1 without a surrounding sequence */
85 # define M_ASN1_D2I_begin() \
87 @@ -129,21 +129,21 @@ err:\
88 # define M_ASN1_D2I_get(b, func) \
90 if (func(&(b),&c.p,c.slen) == NULL) \
91 - {c.line=__LINE__; goto err; } \
92 + {c.line=OPENSSL_LINE; goto err; } \
95 /* Don't use this with d2i_ASN1_BOOLEAN() */
96 # define M_ASN1_D2I_get_x(type,b,func) \
98 if (((D2I_OF(type))func)(&(b),&c.p,c.slen) == NULL) \
99 - {c.line=__LINE__; goto err; } \
100 + {c.line=OPENSSL_LINE; goto err; } \
103 /* use this instead () */
104 # define M_ASN1_D2I_get_int(b,func) \
106 if (func(&(b),&c.p,c.slen) < 0) \
107 - {c.line=__LINE__; goto err; } \
108 + {c.line=OPENSSL_LINE; goto err; } \
111 # define M_ASN1_D2I_get_opt(b,func,type) \
112 @@ -164,7 +164,7 @@ err:\
113 M_ASN1_next=(_tmp& V_ASN1_CONSTRUCTED)|type; \
115 if (func(&(b),&c.p,c.slen) == NULL) \
116 - {c.line=__LINE__; M_ASN1_next_prev = _tmp; goto err; } \
117 + {c.line=OPENSSL_LINE; M_ASN1_next_prev = _tmp; goto err; } \
119 M_ASN1_next_prev=_tmp;
121 @@ -258,20 +258,20 @@ err:\
123 if (d2i_ASN1_SET(&(r),&c.p,c.slen,(char *(*)())func,\
124 (void (*)())free_func,a,b) == NULL) \
125 - { c.line=__LINE__; goto err; } \
126 + { c.line=OPENSSL_LINE; goto err; } \
129 # define M_ASN1_D2I_get_imp_set_type(type,r,func,free_func,a,b) \
131 if (d2i_ASN1_SET_OF_##type(&(r),&c.p,c.slen,func,\
132 free_func,a,b) == NULL) \
133 - { c.line=__LINE__; goto err; } \
134 + { c.line=OPENSSL_LINE; goto err; } \
137 # define M_ASN1_D2I_get_set_strings(r,func,a,b) \
139 if (d2i_ASN1_STRING_SET(&(r),&c.p,c.slen,a,b) == NULL) \
140 - { c.line=__LINE__; goto err; } \
141 + { c.line=OPENSSL_LINE; goto err; } \
144 # define M_ASN1_D2I_get_EXP_opt(r,func,tag) \
145 @@ -285,16 +285,16 @@ err:\
146 Tinf=ASN1_get_object(&c.p,&Tlen,&Ttag,&Tclass,c.slen); \
148 { c.error=ERR_R_BAD_ASN1_OBJECT_HEADER; \
149 - c.line=__LINE__; goto err; } \
150 + c.line=OPENSSL_LINE; goto err; } \
151 if (Tinf == (V_ASN1_CONSTRUCTED+1)) \
152 Tlen = c.slen - (c.p - c.q) - 2; \
153 if (func(&(r),&c.p,Tlen) == NULL) \
154 - { c.line=__LINE__; goto err; } \
155 + { c.line=OPENSSL_LINE; goto err; } \
156 if (Tinf == (V_ASN1_CONSTRUCTED+1)) { \
157 Tlen = c.slen - (c.p - c.q); \
158 if(!ASN1_const_check_infinite_end(&c.p, Tlen)) \
159 { c.error=ERR_R_MISSING_ASN1_EOS; \
160 - c.line=__LINE__; goto err; } \
161 + c.line=OPENSSL_LINE; goto err; } \
165 @@ -310,18 +310,18 @@ err:\
166 Tinf=ASN1_get_object(&c.p,&Tlen,&Ttag,&Tclass,c.slen); \
168 { c.error=ERR_R_BAD_ASN1_OBJECT_HEADER; \
169 - c.line=__LINE__; goto err; } \
170 + c.line=OPENSSL_LINE; goto err; } \
171 if (Tinf == (V_ASN1_CONSTRUCTED+1)) \
172 Tlen = c.slen - (c.p - c.q) - 2; \
173 if (d2i_ASN1_SET(&(r),&c.p,Tlen,(char *(*)())func, \
174 (void (*)())free_func, \
175 b,V_ASN1_UNIVERSAL) == NULL) \
176 - { c.line=__LINE__; goto err; } \
177 + { c.line=OPENSSL_LINE; goto err; } \
178 if (Tinf == (V_ASN1_CONSTRUCTED+1)) { \
179 Tlen = c.slen - (c.p - c.q); \
180 if(!ASN1_check_infinite_end(&c.p, Tlen)) \
181 { c.error=ERR_R_MISSING_ASN1_EOS; \
182 - c.line=__LINE__; goto err; } \
183 + c.line=OPENSSL_LINE; goto err; } \
187 @@ -337,17 +337,17 @@ err:\
188 Tinf=ASN1_get_object(&c.p,&Tlen,&Ttag,&Tclass,c.slen); \
190 { c.error=ERR_R_BAD_ASN1_OBJECT_HEADER; \
191 - c.line=__LINE__; goto err; } \
192 + c.line=OPENSSL_LINE; goto err; } \
193 if (Tinf == (V_ASN1_CONSTRUCTED+1)) \
194 Tlen = c.slen - (c.p - c.q) - 2; \
195 if (d2i_ASN1_SET_OF_##type(&(r),&c.p,Tlen,func, \
196 free_func,b,V_ASN1_UNIVERSAL) == NULL) \
197 - { c.line=__LINE__; goto err; } \
198 + { c.line=OPENSSL_LINE; goto err; } \
199 if (Tinf == (V_ASN1_CONSTRUCTED+1)) { \
200 Tlen = c.slen - (c.p - c.q); \
201 if(!ASN1_check_infinite_end(&c.p, Tlen)) \
202 { c.error=ERR_R_MISSING_ASN1_EOS; \
203 - c.line=__LINE__; goto err; } \
204 + c.line=OPENSSL_LINE; goto err; } \
208 @@ -355,7 +355,7 @@ err:\
210 # define M_ASN1_New_Malloc(ret,type) \
211 if ((ret=(type *)OPENSSL_malloc(sizeof(type))) == NULL) \
212 - { c.line=__LINE__; goto err2; }
213 + { c.line=OPENSSL_LINE; goto err2; }
215 # define M_ASN1_New(arg,func) \
216 if (((arg)=func()) == NULL) return(NULL)
217 diff --git a/crypto/bn/bn_prime.c b/crypto/bn/bn_prime.c
218 index 1d25687..e933ead 100644
219 --- a/crypto/bn/bn_prime.c
220 +++ b/crypto/bn/bn_prime.c
222 static int witness(BIGNUM *w, const BIGNUM *a, const BIGNUM *a1,
223 const BIGNUM *a1_odd, int k, BN_CTX *ctx,
225 -static int probable_prime(BIGNUM *rnd, int bits);
226 +static int probable_prime(BIGNUM *rnd, int bits, prime_t *mods);
227 static int probable_prime_dh(BIGNUM *rnd, int bits,
228 const BIGNUM *add, const BIGNUM *rem,
230 @@ -166,9 +166,13 @@ int BN_generate_prime_ex(BIGNUM *ret, int bits, int safe,
235 + BN_CTX *ctx = NULL;
236 + prime_t *mods = NULL;
237 int checks = BN_prime_checks_for_size(bits);
239 + mods = OPENSSL_malloc(sizeof(*mods) * NUMPRIMES);
245 @@ -179,7 +183,7 @@ int BN_generate_prime_ex(BIGNUM *ret, int bits, int safe,
247 /* make a random number and set the top and bottom bits */
249 - if (!probable_prime(ret, bits))
250 + if (!probable_prime(ret, bits, mods))
254 @@ -230,6 +234,7 @@ int BN_generate_prime_ex(BIGNUM *ret, int bits, int safe,
255 /* we have a prime :-) */
258 + OPENSSL_free(mods);
262 @@ -375,10 +380,9 @@ static int witness(BIGNUM *w, const BIGNUM *a, const BIGNUM *a1,
266 -static int probable_prime(BIGNUM *rnd, int bits)
267 +static int probable_prime(BIGNUM *rnd, int bits, prime_t *mods)
270 - prime_t mods[NUMPRIMES];
271 BN_ULONG delta, maxdelta;
274 diff --git a/crypto/conf/conf.h b/crypto/conf/conf.h
275 index 8d926d5..41cf38e 100644
276 --- a/crypto/conf/conf.h
277 +++ b/crypto/conf/conf.h
278 @@ -118,8 +118,10 @@ typedef void conf_finish_func (CONF_IMODULE *md);
280 int CONF_set_default_method(CONF_METHOD *meth);
281 void CONF_set_nconf(CONF *conf, LHASH_OF(CONF_VALUE) *hash);
282 +# ifndef OPENSSL_NO_STDIO
283 LHASH_OF(CONF_VALUE) *CONF_load(LHASH_OF(CONF_VALUE) *conf, const char *file,
286 # ifndef OPENSSL_NO_FP_API
287 LHASH_OF(CONF_VALUE) *CONF_load_fp(LHASH_OF(CONF_VALUE) *conf, FILE *fp,
289 @@ -133,7 +135,9 @@ char *CONF_get_string(LHASH_OF(CONF_VALUE) *conf, const char *group,
290 long CONF_get_number(LHASH_OF(CONF_VALUE) *conf, const char *group,
292 void CONF_free(LHASH_OF(CONF_VALUE) *conf);
293 +#ifndef OPENSSL_NO_FP_API
294 int CONF_dump_fp(LHASH_OF(CONF_VALUE) *conf, FILE *out);
296 int CONF_dump_bio(LHASH_OF(CONF_VALUE) *conf, BIO *out);
298 void OPENSSL_config(const char *config_name);
299 @@ -160,7 +164,9 @@ CONF_METHOD *NCONF_XML(void);
300 void NCONF_free(CONF *conf);
301 void NCONF_free_data(CONF *conf);
303 +# ifndef OPENSSL_NO_STDIO
304 int NCONF_load(CONF *conf, const char *file, long *eline);
306 # ifndef OPENSSL_NO_FP_API
307 int NCONF_load_fp(CONF *conf, FILE *fp, long *eline);
309 @@ -170,7 +176,9 @@ STACK_OF(CONF_VALUE) *NCONF_get_section(const CONF *conf,
310 char *NCONF_get_string(const CONF *conf, const char *group, const char *name);
311 int NCONF_get_number_e(const CONF *conf, const char *group, const char *name,
313 +#ifndef OPENSSL_NO_FP_API
314 int NCONF_dump_fp(const CONF *conf, FILE *out);
316 int NCONF_dump_bio(const CONF *conf, BIO *out);
318 # if 0 /* The following function has no error
319 @@ -184,8 +192,10 @@ long NCONF_get_number(CONF *conf, char *group, char *name);
321 int CONF_modules_load(const CONF *cnf, const char *appname,
322 unsigned long flags);
323 +#ifndef OPENSSL_NO_STDIO
324 int CONF_modules_load_file(const char *filename, const char *appname,
325 unsigned long flags);
327 void CONF_modules_unload(int all);
328 void CONF_modules_finish(void);
329 void CONF_modules_free(void);
330 diff --git a/crypto/conf/conf_def.c b/crypto/conf/conf_def.c
331 index 68c77ce..3d308c7 100644
332 --- a/crypto/conf/conf_def.c
333 +++ b/crypto/conf/conf_def.c
334 @@ -182,6 +182,10 @@ static int def_destroy_data(CONF *conf)
336 static int def_load(CONF *conf, const char *name, long *line)
338 +#ifdef OPENSSL_NO_STDIO
339 + CONFerr(CONF_F_DEF_LOAD, ERR_R_SYS_LIB);
345 @@ -202,6 +206,7 @@ static int def_load(CONF *conf, const char *name, long *line)
352 static int def_load_bio(CONF *conf, BIO *in, long *line)
353 diff --git a/crypto/conf/conf_lib.c b/crypto/conf/conf_lib.c
354 index 5281384..952b545 100644
355 --- a/crypto/conf/conf_lib.c
356 +++ b/crypto/conf/conf_lib.c
357 @@ -90,6 +90,7 @@ int CONF_set_default_method(CONF_METHOD *meth)
361 +#ifndef OPENSSL_NO_STDIO
362 LHASH_OF(CONF_VALUE) *CONF_load(LHASH_OF(CONF_VALUE) *conf, const char *file,
365 @@ -111,6 +112,7 @@ LHASH_OF(CONF_VALUE) *CONF_load(LHASH_OF(CONF_VALUE) *conf, const char *file,
371 #ifndef OPENSSL_NO_FP_API
372 LHASH_OF(CONF_VALUE) *CONF_load_fp(LHASH_OF(CONF_VALUE) *conf, FILE *fp,
373 @@ -255,6 +257,7 @@ void NCONF_free_data(CONF *conf)
374 conf->meth->destroy_data(conf);
377 +#ifndef OPENSSL_NO_STDIO
378 int NCONF_load(CONF *conf, const char *file, long *eline)
381 @@ -264,6 +267,7 @@ int NCONF_load(CONF *conf, const char *file, long *eline)
383 return conf->meth->load(conf, file, eline);
387 #ifndef OPENSSL_NO_FP_API
388 int NCONF_load_fp(CONF *conf, FILE *fp, long *eline)
389 diff --git a/crypto/conf/conf_mod.c b/crypto/conf/conf_mod.c
390 index 9acfca4..5e0a482 100644
391 --- a/crypto/conf/conf_mod.c
392 +++ b/crypto/conf/conf_mod.c
393 @@ -159,6 +159,7 @@ int CONF_modules_load(const CONF *cnf, const char *appname,
397 +#ifndef OPENSSL_NO_STDIO
398 int CONF_modules_load_file(const char *filename, const char *appname,
401 @@ -194,6 +195,7 @@ int CONF_modules_load_file(const char *filename, const char *appname,
407 static int module_run(const CONF *cnf, char *name, char *value,
409 diff --git a/crypto/conf/conf_sap.c b/crypto/conf/conf_sap.c
410 index c042cf2..a25b636 100644
411 --- a/crypto/conf/conf_sap.c
412 +++ b/crypto/conf/conf_sap.c
413 @@ -87,9 +87,11 @@ void OPENSSL_config(const char *config_name)
414 ENGINE_load_builtin_engines();
417 +#ifndef OPENSSL_NO_STDIO
418 CONF_modules_load_file(NULL, config_name,
419 CONF_MFLAGS_DEFAULT_SECTION |
420 CONF_MFLAGS_IGNORE_MISSING_FILE);
422 openssl_configured = 1;
425 diff --git a/crypto/cryptlib.c b/crypto/cryptlib.c
426 index c9f674b..39ead7f 100644
427 --- a/crypto/cryptlib.c
428 +++ b/crypto/cryptlib.c
429 @@ -263,7 +263,7 @@ int CRYPTO_get_new_dynlockid(void)
432 pointer->references = 1;
433 - pointer->data = dynlock_create_callback(__FILE__, __LINE__);
434 + pointer->data = dynlock_create_callback(OPENSSL_FILE, OPENSSL_LINE);
435 if (pointer->data == NULL) {
436 OPENSSL_free(pointer);
437 CRYPTOerr(CRYPTO_F_CRYPTO_GET_NEW_DYNLOCKID, ERR_R_MALLOC_FAILURE);
438 @@ -289,7 +289,7 @@ int CRYPTO_get_new_dynlockid(void)
439 CRYPTO_w_unlock(CRYPTO_LOCK_DYNLOCK);
442 - dynlock_destroy_callback(pointer->data, __FILE__, __LINE__);
443 + dynlock_destroy_callback(pointer->data, OPENSSL_FILE, OPENSSL_LINE);
444 OPENSSL_free(pointer);
446 i += 1; /* to avoid 0 */
447 @@ -328,7 +328,7 @@ void CRYPTO_destroy_dynlockid(int i)
448 CRYPTO_w_unlock(CRYPTO_LOCK_DYNLOCK);
451 - dynlock_destroy_callback(pointer->data, __FILE__, __LINE__);
452 + dynlock_destroy_callback(pointer->data, OPENSSL_FILE, OPENSSL_LINE);
453 OPENSSL_free(pointer);
456 @@ -670,6 +670,7 @@ unsigned long *OPENSSL_ia32cap_loc(void)
459 # if defined(OPENSSL_CPUID_OBJ) && !defined(OPENSSL_NO_ASM) && !defined(I386_ONLY)
461 # define OPENSSL_CPUID_SETUP
463 typedef unsigned __int64 IA32CAP;
464 @@ -980,11 +981,13 @@ void OPENSSL_showfatal(const char *fmta, ...)
466 void OPENSSL_showfatal(const char *fmta, ...)
468 +#ifndef OPENSSL_NO_STDIO
472 vfprintf(stderr, fmta, ap);
477 int OPENSSL_isservice(void)
478 @@ -1011,10 +1014,12 @@ void OpenSSLDie(const char *file, int line, const char *assertion)
482 +#ifndef OPENSSL_NO_STDIO
483 void *OPENSSL_stderr(void)
489 int CRYPTO_memcmp(const void *in_a, const void *in_b, size_t len)
491 diff --git a/crypto/cryptlib.h b/crypto/cryptlib.h
492 index fba180a..3e3ea5e 100644
493 --- a/crypto/cryptlib.h
494 +++ b/crypto/cryptlib.h
495 @@ -101,7 +101,9 @@ extern "C" {
496 void OPENSSL_cpuid_setup(void);
497 extern unsigned int OPENSSL_ia32cap_P[];
498 void OPENSSL_showfatal(const char *fmta, ...);
499 +#ifndef OPENSSL_NO_STDIO
500 void *OPENSSL_stderr(void);
502 extern int OPENSSL_NONPIC_relocated;
505 diff --git a/crypto/crypto.h b/crypto/crypto.h
506 index c450d7a..063d78e 100644
507 --- a/crypto/crypto.h
508 +++ b/crypto/crypto.h
509 @@ -235,15 +235,15 @@ typedef struct openssl_item_st {
510 # ifndef OPENSSL_NO_LOCKING
511 # ifndef CRYPTO_w_lock
512 # define CRYPTO_w_lock(type) \
513 - CRYPTO_lock(CRYPTO_LOCK|CRYPTO_WRITE,type,__FILE__,__LINE__)
514 + CRYPTO_lock(CRYPTO_LOCK|CRYPTO_WRITE,type,OPENSSL_FILE,OPENSSL_LINE)
515 # define CRYPTO_w_unlock(type) \
516 - CRYPTO_lock(CRYPTO_UNLOCK|CRYPTO_WRITE,type,__FILE__,__LINE__)
517 + CRYPTO_lock(CRYPTO_UNLOCK|CRYPTO_WRITE,type,OPENSSL_FILE,OPENSSL_LINE)
518 # define CRYPTO_r_lock(type) \
519 - CRYPTO_lock(CRYPTO_LOCK|CRYPTO_READ,type,__FILE__,__LINE__)
520 + CRYPTO_lock(CRYPTO_LOCK|CRYPTO_READ,type,OPENSSL_FILE,OPENSSL_LINE)
521 # define CRYPTO_r_unlock(type) \
522 - CRYPTO_lock(CRYPTO_UNLOCK|CRYPTO_READ,type,__FILE__,__LINE__)
523 + CRYPTO_lock(CRYPTO_UNLOCK|CRYPTO_READ,type,OPENSSL_FILE,OPENSSL_LINE)
524 # define CRYPTO_add(addr,amount,type) \
525 - CRYPTO_add_lock(addr,amount,type,__FILE__,__LINE__)
526 + CRYPTO_add_lock(addr,amount,type,OPENSSL_FILE,OPENSSL_LINE)
529 # define CRYPTO_w_lock(a)
530 @@ -378,19 +378,19 @@ int CRYPTO_is_mem_check_on(void);
531 # define MemCheck_off() CRYPTO_mem_ctrl(CRYPTO_MEM_CHECK_DISABLE)
532 # define is_MemCheck_on() CRYPTO_is_mem_check_on()
534 -# define OPENSSL_malloc(num) CRYPTO_malloc((int)num,__FILE__,__LINE__)
535 -# define OPENSSL_strdup(str) CRYPTO_strdup((str),__FILE__,__LINE__)
536 +# define OPENSSL_malloc(num) CRYPTO_malloc((int)num,OPENSSL_FILE,OPENSSL_LINE)
537 +# define OPENSSL_strdup(str) CRYPTO_strdup((str),OPENSSL_FILE,OPENSSL_LINE)
538 # define OPENSSL_realloc(addr,num) \
539 - CRYPTO_realloc((char *)addr,(int)num,__FILE__,__LINE__)
540 + CRYPTO_realloc((char *)addr,(int)num,OPENSSL_FILE,OPENSSL_LINE)
541 # define OPENSSL_realloc_clean(addr,old_num,num) \
542 - CRYPTO_realloc_clean(addr,old_num,num,__FILE__,__LINE__)
543 + CRYPTO_realloc_clean(addr,old_num,num,OPENSSL_FILE,OPENSSL_LINE)
544 # define OPENSSL_remalloc(addr,num) \
545 - CRYPTO_remalloc((char **)addr,(int)num,__FILE__,__LINE__)
546 + CRYPTO_remalloc((char **)addr,(int)num,OPENSSL_FILE,OPENSSL_LINE)
547 # define OPENSSL_freeFunc CRYPTO_free
548 # define OPENSSL_free(addr) CRYPTO_free(addr)
550 # define OPENSSL_malloc_locked(num) \
551 - CRYPTO_malloc_locked((int)num,__FILE__,__LINE__)
552 + CRYPTO_malloc_locked((int)num,OPENSSL_FILE,OPENSSL_LINE)
553 # define OPENSSL_free_locked(addr) CRYPTO_free_locked(addr)
555 const char *SSLeay_version(int type);
556 @@ -545,7 +545,7 @@ void CRYPTO_set_mem_debug_options(long bits);
557 long CRYPTO_get_mem_debug_options(void);
559 # define CRYPTO_push_info(info) \
560 - CRYPTO_push_info_(info, __FILE__, __LINE__);
561 + CRYPTO_push_info_(info, OPENSSL_FILE, OPENSSL_LINE);
562 int CRYPTO_push_info_(const char *info, const char *file, int line);
563 int CRYPTO_pop_info(void);
564 int CRYPTO_remove_all_info(void);
565 @@ -588,7 +588,7 @@ void CRYPTO_mem_leaks_cb(CRYPTO_MEM_LEAK_CB *cb);
567 /* die if we have to */
568 void OpenSSLDie(const char *file, int line, const char *assertion);
569 -# define OPENSSL_assert(e) (void)((e) ? 0 : (OpenSSLDie(__FILE__, __LINE__, #e),1))
570 +# define OPENSSL_assert(e) (void)((e) ? 0 : (OpenSSLDie(OPENSSL_FILE, OPENSSL_LINE, #e),1))
572 unsigned long *OPENSSL_ia32cap_loc(void);
573 # define OPENSSL_ia32cap (*(OPENSSL_ia32cap_loc()))
574 @@ -605,14 +605,14 @@ void OPENSSL_init(void);
575 # define fips_md_init_ctx(alg, cx) \
576 int alg##_Init(cx##_CTX *c) \
578 - if (FIPS_mode()) OpenSSLDie(__FILE__, __LINE__, \
579 + if (FIPS_mode()) OpenSSLDie(OPENSSL_FILE, OPENSSL_LINE, \
580 "Low level API call to digest " #alg " forbidden in FIPS mode!"); \
581 return private_##alg##_Init(c); \
583 int private_##alg##_Init(cx##_CTX *c)
585 # define fips_cipher_abort(alg) \
586 - if (FIPS_mode()) OpenSSLDie(__FILE__, __LINE__, \
587 + if (FIPS_mode()) OpenSSLDie(OPENSSL_FILE, OPENSSL_LINE, \
588 "Low level API call to cipher " #alg " forbidden in FIPS mode!")
591 diff --git a/crypto/des/read2pwd.c b/crypto/des/read2pwd.c
592 index 01e275f..7633139 100644
593 --- a/crypto/des/read2pwd.c
594 +++ b/crypto/des/read2pwd.c
596 #include <openssl/ui.h>
597 #include <openssl/crypto.h>
603 int DES_read_password(DES_cblock *key, const char *prompt, int verify)
606 diff --git a/crypto/dh/Makefile b/crypto/dh/Makefile
607 index 46fa5ac..cc366ec 100644
608 --- a/crypto/dh/Makefile
609 +++ b/crypto/dh/Makefile
610 @@ -134,7 +134,7 @@ dh_gen.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
611 dh_gen.o: ../../include/openssl/ossl_typ.h ../../include/openssl/safestack.h
612 dh_gen.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
613 dh_gen.o: ../cryptlib.h dh_gen.c
614 -dh_kdf.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
615 +dh_kdf.o: ../../e_os.h ../../include/openssl/asn1.h ../../include/openssl/bio.h
616 dh_kdf.o: ../../include/openssl/buffer.h ../../include/openssl/cms.h
617 dh_kdf.o: ../../include/openssl/crypto.h ../../include/openssl/dh.h
618 dh_kdf.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h
619 diff --git a/crypto/dh/dh.h b/crypto/dh/dh.h
620 index 5498a9d..4a5c665 100644
623 @@ -240,11 +240,13 @@ DH *DH_get_1024_160(void);
624 DH *DH_get_2048_224(void);
625 DH *DH_get_2048_256(void);
627 +# ifndef OPENSSL_NO_CMS
629 int DH_KDF_X9_42(unsigned char *out, size_t outlen,
630 const unsigned char *Z, size_t Zlen,
631 ASN1_OBJECT *key_oid,
632 const unsigned char *ukm, size_t ukmlen, const EVP_MD *md);
635 # define EVP_PKEY_CTX_set_dh_paramgen_prime_len(ctx, len) \
636 EVP_PKEY_CTX_ctrl(ctx, EVP_PKEY_DH, EVP_PKEY_OP_PARAMGEN, \
637 @@ -337,7 +339,9 @@ int DH_KDF_X9_42(unsigned char *out, size_t outlen,
640 # define EVP_PKEY_DH_KDF_NONE 1
641 +# ifndef OPENSSL_NO_CMS
642 # define EVP_PKEY_DH_KDF_X9_42 2
645 /* BEGIN ERROR CODES */
647 diff --git a/crypto/dh/dh_kdf.c b/crypto/dh/dh_kdf.c
648 index a882cb2..4eddb9a 100644
649 --- a/crypto/dh/dh_kdf.c
650 +++ b/crypto/dh/dh_kdf.c
652 * ====================================================================
657 +#ifndef OPENSSL_NO_CMS
659 #include <openssl/dh.h>
660 #include <openssl/evp.h>
661 #include <openssl/asn1.h>
662 #include <openssl/cms.h>
665 /* Key derivation from X9.42/RFC2631 */
666 +/* Uses CMS functions, hence the #ifdef wrapper. */
668 #define DH_KDF_MAX (1L << 30)
670 @@ -185,3 +190,4 @@ int DH_KDF_X9_42(unsigned char *out, size_t outlen,
671 EVP_MD_CTX_cleanup(&mctx);
675 diff --git a/crypto/dh/dh_pmeth.c b/crypto/dh/dh_pmeth.c
676 index b58e3fa..c6288f6 100644
677 --- a/crypto/dh/dh_pmeth.c
678 +++ b/crypto/dh/dh_pmeth.c
679 @@ -207,7 +207,11 @@ static int pkey_dh_ctrl(EVP_PKEY_CTX *ctx, int type, int p1, void *p2)
680 case EVP_PKEY_CTRL_DH_KDF_TYPE:
682 return dctx->kdf_type;
683 +#ifdef OPENSSL_NO_CMS
684 + if (p1 != EVP_PKEY_DH_KDF_NONE)
686 if (p1 != EVP_PKEY_DH_KDF_NONE && p1 != EVP_PKEY_DH_KDF_X9_42)
691 @@ -448,7 +452,10 @@ static int pkey_dh_derive(EVP_PKEY_CTX *ctx, unsigned char *key,
695 - } else if (dctx->kdf_type == EVP_PKEY_DH_KDF_X9_42) {
697 +#ifndef OPENSSL_NO_CMS
698 + else if (dctx->kdf_type == EVP_PKEY_DH_KDF_X9_42) {
700 unsigned char *Z = NULL;
702 if (!dctx->kdf_outlen || !dctx->kdf_oid)
703 @@ -479,7 +486,8 @@ static int pkey_dh_derive(EVP_PKEY_CTX *ctx, unsigned char *key,
712 const EVP_PKEY_METHOD dh_pkey_meth = {
713 diff --git a/crypto/ec/ec_ameth.c b/crypto/ec/ec_ameth.c
714 index 83e208c..4869098 100644
715 --- a/crypto/ec/ec_ameth.c
716 +++ b/crypto/ec/ec_ameth.c
718 #include <openssl/asn1t.h>
719 #include "asn1_locl.h"
721 +#ifndef OPENSSL_NO_CMS
722 static int ecdh_cms_decrypt(CMS_RecipientInfo *ri);
723 static int ecdh_cms_encrypt(CMS_RecipientInfo *ri);
726 static int eckey_param2type(int *pptype, void **ppval, EC_KEY *ec_key)
728 diff --git a/crypto/engine/eng_int.h b/crypto/engine/eng_int.h
729 index 46f163b..b4a72a0 100644
730 --- a/crypto/engine/eng_int.h
731 +++ b/crypto/engine/eng_int.h
732 @@ -88,7 +88,7 @@ extern "C" {
733 (unsigned int)(e), (isfunct ? "funct" : "struct"), \
734 ((isfunct) ? ((e)->funct_ref - (diff)) : ((e)->struct_ref - (diff))), \
735 ((isfunct) ? (e)->funct_ref : (e)->struct_ref), \
736 - (__FILE__), (__LINE__));
737 + (OPENSSL_FILE), (OPENSSL_LINE));
741 @@ -136,7 +136,7 @@ ENGINE *engine_table_select(ENGINE_TABLE **table, int nid);
743 ENGINE *engine_table_select_tmp(ENGINE_TABLE **table, int nid, const char *f,
745 -# define engine_table_select(t,n) engine_table_select_tmp(t,n,__FILE__,__LINE__)
746 +# define engine_table_select(t,n) engine_table_select_tmp(t,n,OPENSSL_FILE,OPENSSL_LINE)
748 typedef void (engine_table_doall_cb) (int nid, STACK_OF(ENGINE) *sk,
749 ENGINE *def, void *arg);
750 diff --git a/crypto/engine/eng_openssl.c b/crypto/engine/eng_openssl.c
751 index 34b0029..cf622bb 100644
752 --- a/crypto/engine/eng_openssl.c
753 +++ b/crypto/engine/eng_openssl.c
755 * this is no longer automatic in ENGINE_load_builtin_engines().
757 #define TEST_ENG_OPENSSL_RC4
758 +#ifndef OPENSSL_NO_FP_API
759 #define TEST_ENG_OPENSSL_PKEY
761 /* #define TEST_ENG_OPENSSL_RC4_OTHERS */
762 #define TEST_ENG_OPENSSL_RC4_P_INIT
763 /* #define TEST_ENG_OPENSSL_RC4_P_CIPHER */
764 diff --git a/crypto/err/err.h b/crypto/err/err.h
765 index 585aa8b..04c6cfc 100644
766 --- a/crypto/err/err.h
767 +++ b/crypto/err/err.h
768 @@ -200,39 +200,39 @@ typedef struct err_state_st {
770 # define ERR_LIB_USER 128
772 -# define SYSerr(f,r) ERR_PUT_error(ERR_LIB_SYS,(f),(r),__FILE__,__LINE__)
773 -# define BNerr(f,r) ERR_PUT_error(ERR_LIB_BN,(f),(r),__FILE__,__LINE__)
774 -# define RSAerr(f,r) ERR_PUT_error(ERR_LIB_RSA,(f),(r),__FILE__,__LINE__)
775 -# define DHerr(f,r) ERR_PUT_error(ERR_LIB_DH,(f),(r),__FILE__,__LINE__)
776 -# define EVPerr(f,r) ERR_PUT_error(ERR_LIB_EVP,(f),(r),__FILE__,__LINE__)
777 -# define BUFerr(f,r) ERR_PUT_error(ERR_LIB_BUF,(f),(r),__FILE__,__LINE__)
778 -# define OBJerr(f,r) ERR_PUT_error(ERR_LIB_OBJ,(f),(r),__FILE__,__LINE__)
779 -# define PEMerr(f,r) ERR_PUT_error(ERR_LIB_PEM,(f),(r),__FILE__,__LINE__)
780 -# define DSAerr(f,r) ERR_PUT_error(ERR_LIB_DSA,(f),(r),__FILE__,__LINE__)
781 -# define X509err(f,r) ERR_PUT_error(ERR_LIB_X509,(f),(r),__FILE__,__LINE__)
782 -# define ASN1err(f,r) ERR_PUT_error(ERR_LIB_ASN1,(f),(r),__FILE__,__LINE__)
783 -# define CONFerr(f,r) ERR_PUT_error(ERR_LIB_CONF,(f),(r),__FILE__,__LINE__)
784 -# define CRYPTOerr(f,r) ERR_PUT_error(ERR_LIB_CRYPTO,(f),(r),__FILE__,__LINE__)
785 -# define ECerr(f,r) ERR_PUT_error(ERR_LIB_EC,(f),(r),__FILE__,__LINE__)
786 -# define SSLerr(f,r) ERR_PUT_error(ERR_LIB_SSL,(f),(r),__FILE__,__LINE__)
787 -# define BIOerr(f,r) ERR_PUT_error(ERR_LIB_BIO,(f),(r),__FILE__,__LINE__)
788 -# define PKCS7err(f,r) ERR_PUT_error(ERR_LIB_PKCS7,(f),(r),__FILE__,__LINE__)
789 -# define X509V3err(f,r) ERR_PUT_error(ERR_LIB_X509V3,(f),(r),__FILE__,__LINE__)
790 -# define PKCS12err(f,r) ERR_PUT_error(ERR_LIB_PKCS12,(f),(r),__FILE__,__LINE__)
791 -# define RANDerr(f,r) ERR_PUT_error(ERR_LIB_RAND,(f),(r),__FILE__,__LINE__)
792 -# define DSOerr(f,r) ERR_PUT_error(ERR_LIB_DSO,(f),(r),__FILE__,__LINE__)
793 -# define ENGINEerr(f,r) ERR_PUT_error(ERR_LIB_ENGINE,(f),(r),__FILE__,__LINE__)
794 -# define OCSPerr(f,r) ERR_PUT_error(ERR_LIB_OCSP,(f),(r),__FILE__,__LINE__)
795 -# define UIerr(f,r) ERR_PUT_error(ERR_LIB_UI,(f),(r),__FILE__,__LINE__)
796 -# define COMPerr(f,r) ERR_PUT_error(ERR_LIB_COMP,(f),(r),__FILE__,__LINE__)
797 -# define ECDSAerr(f,r) ERR_PUT_error(ERR_LIB_ECDSA,(f),(r),__FILE__,__LINE__)
798 -# define ECDHerr(f,r) ERR_PUT_error(ERR_LIB_ECDH,(f),(r),__FILE__,__LINE__)
799 -# define STOREerr(f,r) ERR_PUT_error(ERR_LIB_STORE,(f),(r),__FILE__,__LINE__)
800 -# define FIPSerr(f,r) ERR_PUT_error(ERR_LIB_FIPS,(f),(r),__FILE__,__LINE__)
801 -# define CMSerr(f,r) ERR_PUT_error(ERR_LIB_CMS,(f),(r),__FILE__,__LINE__)
802 -# define TSerr(f,r) ERR_PUT_error(ERR_LIB_TS,(f),(r),__FILE__,__LINE__)
803 -# define HMACerr(f,r) ERR_PUT_error(ERR_LIB_HMAC,(f),(r),__FILE__,__LINE__)
804 -# define JPAKEerr(f,r) ERR_PUT_error(ERR_LIB_JPAKE,(f),(r),__FILE__,__LINE__)
805 +# define SYSerr(f,r) ERR_PUT_error(ERR_LIB_SYS,(f),(r),OPENSSL_FILE,OPENSSL_LINE)
806 +# define BNerr(f,r) ERR_PUT_error(ERR_LIB_BN,(f),(r),OPENSSL_FILE,OPENSSL_LINE)
807 +# define RSAerr(f,r) ERR_PUT_error(ERR_LIB_RSA,(f),(r),OPENSSL_FILE,OPENSSL_LINE)
808 +# define DHerr(f,r) ERR_PUT_error(ERR_LIB_DH,(f),(r),OPENSSL_FILE,OPENSSL_LINE)
809 +# define EVPerr(f,r) ERR_PUT_error(ERR_LIB_EVP,(f),(r),OPENSSL_FILE,OPENSSL_LINE)
810 +# define BUFerr(f,r) ERR_PUT_error(ERR_LIB_BUF,(f),(r),OPENSSL_FILE,OPENSSL_LINE)
811 +# define OBJerr(f,r) ERR_PUT_error(ERR_LIB_OBJ,(f),(r),OPENSSL_FILE,OPENSSL_LINE)
812 +# define PEMerr(f,r) ERR_PUT_error(ERR_LIB_PEM,(f),(r),OPENSSL_FILE,OPENSSL_LINE)
813 +# define DSAerr(f,r) ERR_PUT_error(ERR_LIB_DSA,(f),(r),OPENSSL_FILE,OPENSSL_LINE)
814 +# define X509err(f,r) ERR_PUT_error(ERR_LIB_X509,(f),(r),OPENSSL_FILE,OPENSSL_LINE)
815 +# define ASN1err(f,r) ERR_PUT_error(ERR_LIB_ASN1,(f),(r),OPENSSL_FILE,OPENSSL_LINE)
816 +# define CONFerr(f,r) ERR_PUT_error(ERR_LIB_CONF,(f),(r),OPENSSL_FILE,OPENSSL_LINE)
817 +# define CRYPTOerr(f,r) ERR_PUT_error(ERR_LIB_CRYPTO,(f),(r),OPENSSL_FILE,OPENSSL_LINE)
818 +# define ECerr(f,r) ERR_PUT_error(ERR_LIB_EC,(f),(r),OPENSSL_FILE,OPENSSL_LINE)
819 +# define SSLerr(f,r) ERR_PUT_error(ERR_LIB_SSL,(f),(r),OPENSSL_FILE,OPENSSL_LINE)
820 +# define BIOerr(f,r) ERR_PUT_error(ERR_LIB_BIO,(f),(r),OPENSSL_FILE,OPENSSL_LINE)
821 +# define PKCS7err(f,r) ERR_PUT_error(ERR_LIB_PKCS7,(f),(r),OPENSSL_FILE,OPENSSL_LINE)
822 +# define X509V3err(f,r) ERR_PUT_error(ERR_LIB_X509V3,(f),(r),OPENSSL_FILE,OPENSSL_LINE)
823 +# define PKCS12err(f,r) ERR_PUT_error(ERR_LIB_PKCS12,(f),(r),OPENSSL_FILE,OPENSSL_LINE)
824 +# define RANDerr(f,r) ERR_PUT_error(ERR_LIB_RAND,(f),(r),OPENSSL_FILE,OPENSSL_LINE)
825 +# define DSOerr(f,r) ERR_PUT_error(ERR_LIB_DSO,(f),(r),OPENSSL_FILE,OPENSSL_LINE)
826 +# define ENGINEerr(f,r) ERR_PUT_error(ERR_LIB_ENGINE,(f),(r),OPENSSL_FILE,OPENSSL_LINE)
827 +# define OCSPerr(f,r) ERR_PUT_error(ERR_LIB_OCSP,(f),(r),OPENSSL_FILE,OPENSSL_LINE)
828 +# define UIerr(f,r) ERR_PUT_error(ERR_LIB_UI,(f),(r),OPENSSL_FILE,OPENSSL_LINE)
829 +# define COMPerr(f,r) ERR_PUT_error(ERR_LIB_COMP,(f),(r),OPENSSL_FILE,OPENSSL_LINE)
830 +# define ECDSAerr(f,r) ERR_PUT_error(ERR_LIB_ECDSA,(f),(r),OPENSSL_FILE,OPENSSL_LINE)
831 +# define ECDHerr(f,r) ERR_PUT_error(ERR_LIB_ECDH,(f),(r),OPENSSL_FILE,OPENSSL_LINE)
832 +# define STOREerr(f,r) ERR_PUT_error(ERR_LIB_STORE,(f),(r),OPENSSL_FILE,OPENSSL_LINE)
833 +# define FIPSerr(f,r) ERR_PUT_error(ERR_LIB_FIPS,(f),(r),OPENSSL_FILE,OPENSSL_LINE)
834 +# define CMSerr(f,r) ERR_PUT_error(ERR_LIB_CMS,(f),(r),OPENSSL_FILE,OPENSSL_LINE)
835 +# define TSerr(f,r) ERR_PUT_error(ERR_LIB_TS,(f),(r),OPENSSL_FILE,OPENSSL_LINE)
836 +# define HMACerr(f,r) ERR_PUT_error(ERR_LIB_HMAC,(f),(r),OPENSSL_FILE,OPENSSL_LINE)
837 +# define JPAKEerr(f,r) ERR_PUT_error(ERR_LIB_JPAKE,(f),(r),OPENSSL_FILE,OPENSSL_LINE)
840 * Borland C seems too stupid to be able to shift and do longs in the
841 diff --git a/crypto/opensslconf.h.in b/crypto/opensslconf.h.in
842 index 7a1c85d..a5f51a7 100644
843 --- a/crypto/opensslconf.h.in
844 +++ b/crypto/opensslconf.h.in
846 /* crypto/opensslconf.h.in */
848 +#ifndef OPENSSL_FILE
849 +#ifdef OPENSSL_NO_FILENAMES
850 +#define OPENSSL_FILE ""
851 +#define OPENSSL_LINE 0
853 +#define OPENSSL_FILE __FILE__
854 +#define OPENSSL_LINE __LINE__
858 /* Generate 80386 code? */
861 diff --git a/crypto/pem/pem.h b/crypto/pem/pem.h
862 index d3b23fc..87b0b6a 100644
863 --- a/crypto/pem/pem.h
864 +++ b/crypto/pem/pem.h
865 @@ -324,6 +324,7 @@ int PEM_write_bio_##name(BIO *bp, type *x, const EVP_CIPHER *enc, \
867 # define DECLARE_PEM_read_fp(name, type) /**/
868 # define DECLARE_PEM_write_fp(name, type) /**/
869 +# define DECLARE_PEM_write_fp_const(name, type) /**/
870 # define DECLARE_PEM_write_cb_fp(name, type) /**/
873 @@ -417,6 +418,7 @@ int PEM_X509_INFO_write_bio(BIO *bp, X509_INFO *xi, EVP_CIPHER *enc,
874 pem_password_cb *cd, void *u);
877 +#ifndef OPENSSL_NO_FP_API
878 int PEM_read(FILE *fp, char **name, char **header,
879 unsigned char **data, long *len);
880 int PEM_write(FILE *fp, const char *name, const char *hdr,
881 @@ -428,6 +430,7 @@ int PEM_ASN1_write(i2d_of_void *i2d, const char *name, FILE *fp,
882 int klen, pem_password_cb *callback, void *u);
883 STACK_OF(X509_INFO) *PEM_X509_INFO_read(FILE *fp, STACK_OF(X509_INFO) *sk,
884 pem_password_cb *cb, void *u);
887 int PEM_SealInit(PEM_ENCODE_SEAL_CTX *ctx, EVP_CIPHER *type,
888 EVP_MD *md_type, unsigned char **ek, int *ekl,
889 @@ -494,6 +497,7 @@ int i2d_PKCS8PrivateKey_nid_bio(BIO *bp, EVP_PKEY *x, int nid,
890 EVP_PKEY *d2i_PKCS8PrivateKey_bio(BIO *bp, EVP_PKEY **x, pem_password_cb *cb,
893 +#ifndef OPENSSL_NO_FP_API
894 int i2d_PKCS8PrivateKey_fp(FILE *fp, EVP_PKEY *x, const EVP_CIPHER *enc,
895 char *kstr, int klen,
896 pem_password_cb *cb, void *u);
897 @@ -510,7 +514,7 @@ EVP_PKEY *d2i_PKCS8PrivateKey_fp(FILE *fp, EVP_PKEY **x, pem_password_cb *cb,
898 int PEM_write_PKCS8PrivateKey(FILE *fp, EVP_PKEY *x, const EVP_CIPHER *enc,
899 char *kstr, int klen, pem_password_cb *cd,
903 EVP_PKEY *PEM_read_bio_Parameters(BIO *bp, EVP_PKEY **x);
904 int PEM_write_bio_Parameters(BIO *bp, EVP_PKEY *x);
906 diff --git a/crypto/pem/pem_pk8.c b/crypto/pem/pem_pk8.c
907 index 5747c73..fe465cc 100644
908 --- a/crypto/pem/pem_pk8.c
909 +++ b/crypto/pem/pem_pk8.c
911 static int do_pk8pkey(BIO *bp, EVP_PKEY *x, int isder,
912 int nid, const EVP_CIPHER *enc,
913 char *kstr, int klen, pem_password_cb *cb, void *u);
915 +#ifndef OPENSSL_NO_FP_API
916 static int do_pk8pkey_fp(FILE *bp, EVP_PKEY *x, int isder,
917 int nid, const EVP_CIPHER *enc,
918 char *kstr, int klen, pem_password_cb *cb, void *u);
922 * These functions write a private key in PKCS#8 format: it is a "drop in"
923 * replacement for PEM_write_bio_PrivateKey() and friends. As usual if 'enc'
924 diff --git a/crypto/pkcs7/pk7_smime.c b/crypto/pkcs7/pk7_smime.c
925 index c4d3724..0bc3d43 100644
926 --- a/crypto/pkcs7/pk7_smime.c
927 +++ b/crypto/pkcs7/pk7_smime.c
929 #include <openssl/x509.h>
930 #include <openssl/x509v3.h>
933 +#define BUFFERSIZE 4096
935 static int pkcs7_copy_existing_digest(PKCS7 *p7, PKCS7_SIGNER_INFO *si);
937 PKCS7 *PKCS7_sign(X509 *signcert, EVP_PKEY *pkey, STACK_OF(X509) *certs,
938 @@ -254,7 +257,7 @@ int PKCS7_verify(PKCS7 *p7, STACK_OF(X509) *certs, X509_STORE *store,
939 STACK_OF(PKCS7_SIGNER_INFO) *sinfos;
940 PKCS7_SIGNER_INFO *si;
941 X509_STORE_CTX cert_ctx;
944 int i, j = 0, k, ret = 0;
946 BIO *tmpin = NULL, *tmpout = NULL;
947 @@ -274,12 +277,29 @@ int PKCS7_verify(PKCS7 *p7, STACK_OF(X509) *certs, X509_STORE *store,
948 PKCS7err(PKCS7_F_PKCS7_VERIFY, PKCS7_R_NO_CONTENT);
953 + * NB: this test commented out because some versions of Netscape
954 + * illegally include zero length content when signing data. Also
955 + * Microsoft Authenticode includes a SpcIndirectDataContent data
956 + * structure which describes the content to be protected by the
957 + * signature, rather than directly embedding that content. So
958 + * Authenticode implementations are also expected to use
959 + * PKCS7_verify() with explicit external data, on non-detached
960 + * PKCS#7 signatures.
962 + * In OpenSSL 1.1 a new flag PKCS7_NO_DUAL_CONTENT has been
963 + * introduced to disable this sanity check. For the 1.0.2 branch
964 + * this change is not acceptable, so the check remains completely
965 + * commented out (as it has been for a long time).
968 /* Check for data and content: two sets of data */
969 if (!PKCS7_get_detached(p7) && indata) {
970 PKCS7err(PKCS7_F_PKCS7_VERIFY, PKCS7_R_CONTENT_AND_DATA_PRESENT);
975 sinfos = PKCS7_get_signer_info(p7);
977 @@ -356,8 +376,12 @@ int PKCS7_verify(PKCS7 *p7, STACK_OF(X509) *certs, X509_STORE *store,
980 /* We now have to 'read' from p7bio to calculate digests etc. */
981 + if ((buf = OPENSSL_malloc(BUFFERSIZE)) == NULL) {
982 + PKCS7err(PKCS7_F_PKCS7_VERIFY, ERR_R_MALLOC_FAILURE);
986 - i = BIO_read(p7bio, buf, sizeof(buf));
987 + i = BIO_read(p7bio, buf, BUFFERSIZE);
991 @@ -388,6 +412,7 @@ int PKCS7_verify(PKCS7 *p7, STACK_OF(X509) *certs, X509_STORE *store,
996 if (tmpin == indata) {
999 @@ -506,7 +531,7 @@ int PKCS7_decrypt(PKCS7 *p7, EVP_PKEY *pkey, X509 *cert, BIO *data, int flags)
1007 PKCS7err(PKCS7_F_PKCS7_DECRYPT, PKCS7_R_INVALID_NULL_POINTER);
1008 @@ -550,24 +575,29 @@ int PKCS7_decrypt(PKCS7 *p7, EVP_PKEY *pkey, X509 *cert, BIO *data, int flags)
1010 BIO_free_all(bread);
1014 - i = BIO_read(tmpmem, buf, sizeof(buf));
1017 - if (BIO_method_type(tmpmem) == BIO_TYPE_CIPHER) {
1018 - if (!BIO_get_cipher_status(tmpmem))
1024 - if (BIO_write(data, buf, i) != i) {
1028 + if ((buf = OPENSSL_malloc(BUFFERSIZE)) == NULL) {
1029 + PKCS7err(PKCS7_F_PKCS7_DECRYPT, ERR_R_MALLOC_FAILURE);
1033 + i = BIO_read(tmpmem, buf, BUFFERSIZE);
1036 + if (BIO_method_type(tmpmem) == BIO_TYPE_CIPHER) {
1037 + if (!BIO_get_cipher_status(tmpmem))
1043 + if (BIO_write(data, buf, i) != i) {
1047 - BIO_free_all(tmpmem);
1051 + OPENSSL_free(buf);
1052 + BIO_free_all(tmpmem);
1055 diff --git a/crypto/rand/rand_unix.c b/crypto/rand/rand_unix.c
1056 index 266111e..f60fac6 100644
1057 --- a/crypto/rand/rand_unix.c
1058 +++ b/crypto/rand/rand_unix.c
1060 #include <openssl/rand.h>
1061 #include "rand_lcl.h"
1063 -#if !(defined(OPENSSL_SYS_WINDOWS) || defined(OPENSSL_SYS_WIN32) || defined(OPENSSL_SYS_VMS) || defined(OPENSSL_SYS_OS2) || defined(OPENSSL_SYS_VXWORKS) || defined(OPENSSL_SYS_NETWARE))
1064 +#if !(defined(OPENSSL_SYS_WINDOWS) || defined(OPENSSL_SYS_WIN32) || defined(OPENSSL_SYS_VMS) || defined(OPENSSL_SYS_OS2) || defined(OPENSSL_SYS_VXWORKS) || defined(OPENSSL_SYS_NETWARE) || defined(OPENSSL_SYS_UEFI))
1066 # include <sys/types.h>
1067 # include <sys/time.h>
1068 @@ -439,7 +439,7 @@ int RAND_poll(void)
1069 * defined(OPENSSL_SYS_VXWORKS) ||
1070 * defined(OPENSSL_SYS_NETWARE)) */
1072 -#if defined(OPENSSL_SYS_VXWORKS)
1073 +#if defined(OPENSSL_SYS_VXWORKS) || defined(OPENSSL_SYS_UEFI)
1077 diff --git a/crypto/rsa/rsa_ameth.c b/crypto/rsa/rsa_ameth.c
1078 index 4e06218..ddead3d 100644
1079 --- a/crypto/rsa/rsa_ameth.c
1080 +++ b/crypto/rsa/rsa_ameth.c
1083 #include "asn1_locl.h"
1085 +#ifndef OPENSSL_NO_CMS
1086 static int rsa_cms_sign(CMS_SignerInfo *si);
1087 static int rsa_cms_verify(CMS_SignerInfo *si);
1088 static int rsa_cms_decrypt(CMS_RecipientInfo *ri);
1089 static int rsa_cms_encrypt(CMS_RecipientInfo *ri);
1092 static int rsa_pub_encode(X509_PUBKEY *pk, const EVP_PKEY *pkey)
1094 @@ -665,6 +667,7 @@ static int rsa_pss_to_ctx(EVP_MD_CTX *ctx, EVP_PKEY_CTX *pkctx,
1098 +#ifndef OPENSSL_NO_CMS
1099 static int rsa_cms_verify(CMS_SignerInfo *si)
1102 @@ -683,6 +686,7 @@ static int rsa_cms_verify(CMS_SignerInfo *si)
1109 * Customised RSA item verification routine. This is called when a signature
1110 @@ -705,6 +709,7 @@ static int rsa_item_verify(EVP_MD_CTX *ctx, const ASN1_ITEM *it, void *asn,
1114 +#ifndef OPENSSL_NO_CMS
1115 static int rsa_cms_sign(CMS_SignerInfo *si)
1117 int pad_mode = RSA_PKCS1_PADDING;
1118 @@ -729,6 +734,7 @@ static int rsa_cms_sign(CMS_SignerInfo *si)
1119 X509_ALGOR_set0(alg, OBJ_nid2obj(NID_rsassaPss), V_ASN1_SEQUENCE, os);
1124 static int rsa_item_sign(EVP_MD_CTX *ctx, const ASN1_ITEM *it, void *asn,
1125 X509_ALGOR *alg1, X509_ALGOR *alg2,
1126 @@ -762,6 +768,7 @@ static int rsa_item_sign(EVP_MD_CTX *ctx, const ASN1_ITEM *it, void *asn,
1130 +#ifndef OPENSSL_NO_CMS
1131 static RSA_OAEP_PARAMS *rsa_oaep_decode(const X509_ALGOR *alg,
1132 X509_ALGOR **pmaskHash)
1134 @@ -920,6 +927,7 @@ static int rsa_cms_encrypt(CMS_RecipientInfo *ri)
1135 ASN1_STRING_free(os);
1140 const EVP_PKEY_ASN1_METHOD rsa_asn1_meths[] = {
1142 diff --git a/crypto/srp/srp.h b/crypto/srp/srp.h
1143 index d072536..73b945f 100644
1144 --- a/crypto/srp/srp.h
1145 +++ b/crypto/srp/srp.h
1146 @@ -114,7 +114,9 @@ DECLARE_STACK_OF(SRP_gN)
1148 SRP_VBASE *SRP_VBASE_new(char *seed_key);
1149 int SRP_VBASE_free(SRP_VBASE *vb);
1150 +#ifndef OPENSSL_NO_STDIO
1151 int SRP_VBASE_init(SRP_VBASE *vb, char *verifier_file);
1153 SRP_user_pwd *SRP_VBASE_get_by_user(SRP_VBASE *vb, char *username);
1154 char *SRP_create_verifier(const char *user, const char *pass, char **salt,
1155 char **verifier, const char *N, const char *g);
1156 diff --git a/crypto/srp/srp_vfy.c b/crypto/srp/srp_vfy.c
1157 index a3f1a8a..3fbb186 100644
1158 --- a/crypto/srp/srp_vfy.c
1159 +++ b/crypto/srp/srp_vfy.c
1160 @@ -225,6 +225,7 @@ static int SRP_user_pwd_set_ids(SRP_user_pwd *vinfo, const char *id,
1161 return (info == NULL || NULL != (vinfo->info = BUF_strdup(info)));
1164 +#ifndef OPENSSL_NO_STDIO
1165 static int SRP_user_pwd_set_sv(SRP_user_pwd *vinfo, const char *s,
1168 @@ -239,6 +240,7 @@ static int SRP_user_pwd_set_sv(SRP_user_pwd *vinfo, const char *s,
1169 len = t_fromb64(tmp, s);
1170 return ((vinfo->s = BN_bin2bn(tmp, len, NULL)) != NULL);
1174 static int SRP_user_pwd_set_sv_BN(SRP_user_pwd *vinfo, BIGNUM *s, BIGNUM *v)
1176 @@ -279,6 +281,7 @@ int SRP_VBASE_free(SRP_VBASE *vb)
1180 +#ifndef OPENSSL_NO_STDIO
1181 static SRP_gN_cache *SRP_gN_new_init(const char *ch)
1183 unsigned char tmp[MAX_LEN];
1184 @@ -310,6 +313,7 @@ static void SRP_gN_free(SRP_gN_cache *gN_cache)
1185 BN_free(gN_cache->bn);
1186 OPENSSL_free(gN_cache);
1190 static SRP_gN *SRP_get_gN_by_id(const char *id, STACK_OF(SRP_gN) *gN_tab)
1192 @@ -326,6 +330,7 @@ static SRP_gN *SRP_get_gN_by_id(const char *id, STACK_OF(SRP_gN) *gN_tab)
1193 return SRP_get_default_gN(id);
1196 +#ifndef OPENSSL_NO_STDIO
1197 static BIGNUM *SRP_gN_place_bn(STACK_OF(SRP_gN_cache) *gN_cache, char *ch)
1200 @@ -467,6 +472,7 @@ int SRP_VBASE_init(SRP_VBASE *vb, char *verifier_file)
1206 SRP_user_pwd *SRP_VBASE_get_by_user(SRP_VBASE *vb, char *username)
1208 diff --git a/crypto/ts/ts.h b/crypto/ts/ts.h
1209 index 16eccbb..a9fe40e 100644
1210 --- a/crypto/ts/ts.h
1211 +++ b/crypto/ts/ts.h
1212 @@ -281,8 +281,10 @@ TS_REQ *d2i_TS_REQ(TS_REQ **a, const unsigned char **pp, long length);
1214 TS_REQ *TS_REQ_dup(TS_REQ *a);
1216 +#ifndef OPENSSL_NO_FP_API
1217 TS_REQ *d2i_TS_REQ_fp(FILE *fp, TS_REQ **a);
1218 int i2d_TS_REQ_fp(FILE *fp, TS_REQ *a);
1220 TS_REQ *d2i_TS_REQ_bio(BIO *fp, TS_REQ **a);
1221 int i2d_TS_REQ_bio(BIO *fp, TS_REQ *a);
1223 @@ -294,10 +296,12 @@ TS_MSG_IMPRINT *d2i_TS_MSG_IMPRINT(TS_MSG_IMPRINT **a,
1225 TS_MSG_IMPRINT *TS_MSG_IMPRINT_dup(TS_MSG_IMPRINT *a);
1227 +#ifndef OPENSSL_NO_FP_API
1228 TS_MSG_IMPRINT *d2i_TS_MSG_IMPRINT_fp(FILE *fp, TS_MSG_IMPRINT **a);
1229 int i2d_TS_MSG_IMPRINT_fp(FILE *fp, TS_MSG_IMPRINT *a);
1230 -TS_MSG_IMPRINT *d2i_TS_MSG_IMPRINT_bio(BIO *fp, TS_MSG_IMPRINT **a);
1231 -int i2d_TS_MSG_IMPRINT_bio(BIO *fp, TS_MSG_IMPRINT *a);
1233 +TS_MSG_IMPRINT *d2i_TS_MSG_IMPRINT_bio(BIO *bio, TS_MSG_IMPRINT **a);
1234 +int i2d_TS_MSG_IMPRINT_bio(BIO *bio, TS_MSG_IMPRINT *a);
1236 TS_RESP *TS_RESP_new(void);
1237 void TS_RESP_free(TS_RESP *a);
1238 @@ -306,10 +310,12 @@ TS_RESP *d2i_TS_RESP(TS_RESP **a, const unsigned char **pp, long length);
1239 TS_TST_INFO *PKCS7_to_TS_TST_INFO(PKCS7 *token);
1240 TS_RESP *TS_RESP_dup(TS_RESP *a);
1242 +#ifndef OPENSSL_NO_FP_API
1243 TS_RESP *d2i_TS_RESP_fp(FILE *fp, TS_RESP **a);
1244 int i2d_TS_RESP_fp(FILE *fp, TS_RESP *a);
1245 -TS_RESP *d2i_TS_RESP_bio(BIO *fp, TS_RESP **a);
1246 -int i2d_TS_RESP_bio(BIO *fp, TS_RESP *a);
1248 +TS_RESP *d2i_TS_RESP_bio(BIO *bio, TS_RESP **a);
1249 +int i2d_TS_RESP_bio(BIO *bio, TS_RESP *a);
1251 TS_STATUS_INFO *TS_STATUS_INFO_new(void);
1252 void TS_STATUS_INFO_free(TS_STATUS_INFO *a);
1253 @@ -325,10 +331,12 @@ TS_TST_INFO *d2i_TS_TST_INFO(TS_TST_INFO **a, const unsigned char **pp,
1255 TS_TST_INFO *TS_TST_INFO_dup(TS_TST_INFO *a);
1257 +#ifndef OPENSSL_NO_FP_API
1258 TS_TST_INFO *d2i_TS_TST_INFO_fp(FILE *fp, TS_TST_INFO **a);
1259 int i2d_TS_TST_INFO_fp(FILE *fp, TS_TST_INFO *a);
1260 -TS_TST_INFO *d2i_TS_TST_INFO_bio(BIO *fp, TS_TST_INFO **a);
1261 -int i2d_TS_TST_INFO_bio(BIO *fp, TS_TST_INFO *a);
1263 +TS_TST_INFO *d2i_TS_TST_INFO_bio(BIO *bio, TS_TST_INFO **a);
1264 +int i2d_TS_TST_INFO_bio(BIO *bio, TS_TST_INFO *a);
1266 TS_ACCURACY *TS_ACCURACY_new(void);
1267 void TS_ACCURACY_free(TS_ACCURACY *a);
1268 @@ -728,15 +736,18 @@ int TS_MSG_IMPRINT_print_bio(BIO *bio, TS_MSG_IMPRINT *msg);
1272 +#ifndef OPENSSL_NO_STDIO
1273 X509 *TS_CONF_load_cert(const char *file);
1274 STACK_OF(X509) *TS_CONF_load_certs(const char *file);
1275 EVP_PKEY *TS_CONF_load_key(const char *file, const char *pass);
1277 const char *TS_CONF_get_tsa_section(CONF *conf, const char *section);
1278 int TS_CONF_set_serial(CONF *conf, const char *section, TS_serial_cb cb,
1280 int TS_CONF_set_crypto_device(CONF *conf, const char *section,
1281 const char *device);
1282 int TS_CONF_set_default_engine(const char *name);
1283 +#ifndef OPENSSL_NO_STDIO
1284 int TS_CONF_set_signer_cert(CONF *conf, const char *section,
1285 const char *cert, TS_RESP_CTX *ctx);
1286 int TS_CONF_set_certs(CONF *conf, const char *section, const char *certs,
1287 @@ -744,6 +755,7 @@ int TS_CONF_set_certs(CONF *conf, const char *section, const char *certs,
1288 int TS_CONF_set_signer_key(CONF *conf, const char *section,
1289 const char *key, const char *pass,
1292 int TS_CONF_set_def_policy(CONF *conf, const char *section,
1293 const char *policy, TS_RESP_CTX *ctx);
1294 int TS_CONF_set_policies(CONF *conf, const char *section, TS_RESP_CTX *ctx);
1295 @@ -784,6 +796,11 @@ void ERR_load_TS_strings(void);
1296 # define TS_F_TS_CHECK_SIGNING_CERTS 103
1297 # define TS_F_TS_CHECK_STATUS_INFO 104
1298 # define TS_F_TS_COMPUTE_IMPRINT 145
1299 +# define TS_F_TS_CONF_INVALID 151
1300 +# define TS_F_TS_CONF_LOAD_CERT 153
1301 +# define TS_F_TS_CONF_LOAD_CERTS 154
1302 +# define TS_F_TS_CONF_LOAD_KEY 155
1303 +# define TS_F_TS_CONF_LOOKUP_FAIL 152
1304 # define TS_F_TS_CONF_SET_DEFAULT_ENGINE 146
1305 # define TS_F_TS_GET_STATUS_TEXT 105
1306 # define TS_F_TS_MSG_IMPRINT_SET_ALGO 118
1307 @@ -822,6 +839,8 @@ void ERR_load_TS_strings(void);
1309 # define TS_R_BAD_PKCS7_TYPE 132
1310 # define TS_R_BAD_TYPE 133
1311 +# define TS_R_CANNOT_LOAD_CERT 137
1312 +# define TS_R_CANNOT_LOAD_KEY 138
1313 # define TS_R_CERTIFICATE_VERIFY_ERROR 100
1314 # define TS_R_COULD_NOT_SET_ENGINE 127
1315 # define TS_R_COULD_NOT_SET_TIME 115
1316 @@ -854,6 +873,8 @@ void ERR_load_TS_strings(void);
1317 # define TS_R_UNACCEPTABLE_POLICY 125
1318 # define TS_R_UNSUPPORTED_MD_ALGORITHM 126
1319 # define TS_R_UNSUPPORTED_VERSION 113
1320 +# define TS_R_VAR_BAD_VALUE 135
1321 +# define TS_R_VAR_LOOKUP_FAILURE 136
1322 # define TS_R_WRONG_CONTENT_TYPE 114
1325 diff --git a/crypto/ts/ts_conf.c b/crypto/ts/ts_conf.c
1326 index 4716b23..c4416ba 100644
1327 --- a/crypto/ts/ts_conf.c
1328 +++ b/crypto/ts/ts_conf.c
1331 /* Function definitions for certificate and key loading. */
1333 +#ifndef OPENSSL_NO_STDIO
1334 X509 *TS_CONF_load_cert(const char *file)
1337 @@ -102,7 +103,7 @@ X509 *TS_CONF_load_cert(const char *file)
1338 x = PEM_read_bio_X509_AUX(cert, NULL, NULL, NULL);
1341 - fprintf(stderr, "unable to load certificate: %s\n", file);
1342 + TSerr(TS_F_TS_CONF_LOAD_CERT, TS_R_CANNOT_LOAD_CERT);
1346 @@ -129,7 +130,7 @@ STACK_OF(X509) *TS_CONF_load_certs(const char *file)
1349 if (othercerts == NULL)
1350 - fprintf(stderr, "unable to load certificates: %s\n", file);
1351 + TSerr(TS_F_TS_CONF_LOAD_CERTS, TS_R_CANNOT_LOAD_CERT);
1352 sk_X509_INFO_pop_free(allcerts, X509_INFO_free);
1355 @@ -145,21 +146,24 @@ EVP_PKEY *TS_CONF_load_key(const char *file, const char *pass)
1356 pkey = PEM_read_bio_PrivateKey(key, NULL, NULL, (char *)pass);
1359 - fprintf(stderr, "unable to load private key: %s\n", file);
1360 + TSerr(TS_F_TS_CONF_LOAD_KEY, TS_R_CANNOT_LOAD_KEY);
1364 +#endif /* !OPENSSL_NO_STDIO */
1366 /* Function definitions for handling configuration options. */
1368 static void TS_CONF_lookup_fail(const char *name, const char *tag)
1370 - fprintf(stderr, "variable lookup failed for %s::%s\n", name, tag);
1371 + TSerr(TS_F_TS_CONF_LOOKUP_FAIL, TS_R_VAR_LOOKUP_FAILURE);
1372 + ERR_add_error_data(3, name, "::", tag);
1375 static void TS_CONF_invalid(const char *name, const char *tag)
1377 - fprintf(stderr, "invalid variable value for %s::%s\n", name, tag);
1378 + TSerr(TS_F_TS_CONF_INVALID, TS_R_VAR_BAD_VALUE);
1379 + ERR_add_error_data(3, name, "::", tag);
1382 const char *TS_CONF_get_tsa_section(CONF *conf, const char *section)
1383 @@ -237,6 +241,7 @@ int TS_CONF_set_default_engine(const char *name)
1387 +#ifndef OPENSSL_NO_STDIO
1388 int TS_CONF_set_signer_cert(CONF *conf, const char *section,
1389 const char *cert, TS_RESP_CTX *ctx)
1391 @@ -302,6 +307,7 @@ int TS_CONF_set_signer_key(CONF *conf, const char *section,
1392 EVP_PKEY_free(key_obj);
1395 +#endif /* !OPENSSL_NO_STDIO */
1397 int TS_CONF_set_def_policy(CONF *conf, const char *section,
1398 const char *policy, TS_RESP_CTX *ctx)
1399 diff --git a/crypto/ts/ts_err.c b/crypto/ts/ts_err.c
1400 index ff1abf4..3f5b78f 100644
1401 --- a/crypto/ts/ts_err.c
1402 +++ b/crypto/ts/ts_err.c
1404 /* crypto/ts/ts_err.c */
1405 /* ====================================================================
1406 - * Copyright (c) 1999-2007 The OpenSSL Project. All rights reserved.
1407 + * Copyright (c) 1999-2015 The OpenSSL Project. All rights reserved.
1409 * Redistribution and use in source and binary forms, with or without
1410 * modification, are permitted provided that the following conditions
1411 @@ -87,6 +87,11 @@ static ERR_STRING_DATA TS_str_functs[] = {
1412 {ERR_FUNC(TS_F_TS_CHECK_SIGNING_CERTS), "TS_CHECK_SIGNING_CERTS"},
1413 {ERR_FUNC(TS_F_TS_CHECK_STATUS_INFO), "TS_CHECK_STATUS_INFO"},
1414 {ERR_FUNC(TS_F_TS_COMPUTE_IMPRINT), "TS_COMPUTE_IMPRINT"},
1415 + {ERR_FUNC(TS_F_TS_CONF_INVALID), "ts_CONF_invalid"},
1416 + {ERR_FUNC(TS_F_TS_CONF_LOAD_CERT), "TS_CONF_load_cert"},
1417 + {ERR_FUNC(TS_F_TS_CONF_LOAD_CERTS), "TS_CONF_load_certs"},
1418 + {ERR_FUNC(TS_F_TS_CONF_LOAD_KEY), "TS_CONF_load_key"},
1419 + {ERR_FUNC(TS_F_TS_CONF_LOOKUP_FAIL), "ts_CONF_lookup_fail"},
1420 {ERR_FUNC(TS_F_TS_CONF_SET_DEFAULT_ENGINE), "TS_CONF_set_default_engine"},
1421 {ERR_FUNC(TS_F_TS_GET_STATUS_TEXT), "TS_GET_STATUS_TEXT"},
1422 {ERR_FUNC(TS_F_TS_MSG_IMPRINT_SET_ALGO), "TS_MSG_IMPRINT_set_algo"},
1423 @@ -132,6 +137,8 @@ static ERR_STRING_DATA TS_str_functs[] = {
1424 static ERR_STRING_DATA TS_str_reasons[] = {
1425 {ERR_REASON(TS_R_BAD_PKCS7_TYPE), "bad pkcs7 type"},
1426 {ERR_REASON(TS_R_BAD_TYPE), "bad type"},
1427 + {ERR_REASON(TS_R_CANNOT_LOAD_CERT), "cannot load certificate"},
1428 + {ERR_REASON(TS_R_CANNOT_LOAD_KEY), "cannot load private key"},
1429 {ERR_REASON(TS_R_CERTIFICATE_VERIFY_ERROR), "certificate verify error"},
1430 {ERR_REASON(TS_R_COULD_NOT_SET_ENGINE), "could not set engine"},
1431 {ERR_REASON(TS_R_COULD_NOT_SET_TIME), "could not set time"},
1432 @@ -170,6 +177,8 @@ static ERR_STRING_DATA TS_str_reasons[] = {
1433 {ERR_REASON(TS_R_UNACCEPTABLE_POLICY), "unacceptable policy"},
1434 {ERR_REASON(TS_R_UNSUPPORTED_MD_ALGORITHM), "unsupported md algorithm"},
1435 {ERR_REASON(TS_R_UNSUPPORTED_VERSION), "unsupported version"},
1436 + {ERR_REASON(TS_R_VAR_BAD_VALUE), "var bad value"},
1437 + {ERR_REASON(TS_R_VAR_LOOKUP_FAILURE), "cannot find config variable"},
1438 {ERR_REASON(TS_R_WRONG_CONTENT_TYPE), "wrong content type"},
1441 diff --git a/crypto/ui/ui_util.c b/crypto/ui/ui_util.c
1442 index 0f29011..80dd40e 100644
1443 --- a/crypto/ui/ui_util.c
1444 +++ b/crypto/ui/ui_util.c
1447 #include "ui_locl.h"
1453 int UI_UTIL_read_pw_string(char *buf, int length, const char *prompt,
1456 diff --git a/crypto/x509/by_dir.c b/crypto/x509/by_dir.c
1457 index 9ee8f8d..64b052e 100644
1458 --- a/crypto/x509/by_dir.c
1459 +++ b/crypto/x509/by_dir.c
1461 # include <sys/stat.h>
1464 +#ifndef OPENSSL_NO_STDIO
1466 #include <openssl/lhash.h>
1467 #include <openssl/x509.h>
1469 @@ -434,3 +436,5 @@ static int get_cert_by_subject(X509_LOOKUP *xl, int type, X509_NAME *name,
1474 +#endif /* OPENSSL_NO_STDIO */
1475 diff --git a/crypto/x509/x509_vfy.c b/crypto/x509/x509_vfy.c
1476 index 0429767..7ddc21c 100644
1477 --- a/crypto/x509/x509_vfy.c
1478 +++ b/crypto/x509/x509_vfy.c
1479 @@ -940,6 +940,8 @@ static int check_crl_time(X509_STORE_CTX *ctx, X509_CRL *crl, int notify)
1480 ctx->current_crl = crl;
1481 if (ctx->param->flags & X509_V_FLAG_USE_CHECK_TIME)
1482 ptime = &ctx->param->check_time;
1483 + else if (ctx->param->flags & X509_V_FLAG_NO_CHECK_TIME)
1488 @@ -1663,6 +1665,8 @@ static int check_cert_time(X509_STORE_CTX *ctx, X509 *x)
1490 if (ctx->param->flags & X509_V_FLAG_USE_CHECK_TIME)
1491 ptime = &ctx->param->check_time;
1492 + else if (ctx->param->flags & X509_V_FLAG_NO_CHECK_TIME)
1497 diff --git a/crypto/x509/x509_vfy.h b/crypto/x509/x509_vfy.h
1498 index 2663e1c..3790ef5 100644
1499 --- a/crypto/x509/x509_vfy.h
1500 +++ b/crypto/x509/x509_vfy.h
1501 @@ -438,6 +438,8 @@ void X509_STORE_CTX_set_depth(X509_STORE_CTX *ctx, int depth);
1502 * will force the behaviour to match that of previous versions.
1504 # define X509_V_FLAG_NO_ALT_CHAINS 0x100000
1505 +/* Do not check certificate/CRL validity against current time */
1506 +# define X509_V_FLAG_NO_CHECK_TIME 0x200000
1508 # define X509_VP_FLAG_DEFAULT 0x1
1509 # define X509_VP_FLAG_OVERWRITE 0x2
1510 @@ -490,9 +492,10 @@ void X509_STORE_CTX_cleanup(X509_STORE_CTX *ctx);
1511 X509_STORE *X509_STORE_CTX_get0_store(X509_STORE_CTX *ctx);
1513 X509_LOOKUP *X509_STORE_add_lookup(X509_STORE *v, X509_LOOKUP_METHOD *m);
1515 +#ifndef OPENSSL_NO_STDIO
1516 X509_LOOKUP_METHOD *X509_LOOKUP_hash_dir(void);
1517 X509_LOOKUP_METHOD *X509_LOOKUP_file(void);
1520 int X509_STORE_add_cert(X509_STORE *ctx, X509 *x);
1521 int X509_STORE_add_crl(X509_STORE *ctx, X509_CRL *x);
1522 diff --git a/crypto/x509v3/ext_dat.h b/crypto/x509v3/ext_dat.h
1523 index c3a6fce..09ebbca 100644
1524 --- a/crypto/x509v3/ext_dat.h
1525 +++ b/crypto/x509v3/ext_dat.h
1526 @@ -127,8 +127,10 @@ static const X509V3_EXT_METHOD *standard_exts[] = {
1530 +#ifndef OPENSSL_NO_SCT
1536 /* Number of standard extensions */
1537 diff --git a/crypto/x509v3/v3_pci.c b/crypto/x509v3/v3_pci.c
1538 index 34cad53..12f12a7 100644
1539 --- a/crypto/x509v3/v3_pci.c
1540 +++ b/crypto/x509v3/v3_pci.c
1541 @@ -149,6 +149,7 @@ static int process_pci_value(CONF_VALUE *val,
1544 OPENSSL_free(tmp_data2);
1545 +#ifndef OPENSSL_NO_STDIO
1546 } else if (strncmp(val->value, "file:", 5) == 0) {
1547 unsigned char buf[2048];
1549 @@ -181,6 +182,7 @@ static int process_pci_value(CONF_VALUE *val,
1550 X509V3_conf_err(val);
1553 +#endif /* !OPENSSL_NO_STDIO */
1554 } else if (strncmp(val->value, "text:", 5) == 0) {
1555 val_len = strlen(val->value + 5);
1556 tmp_data = OPENSSL_realloc((*policy)->data,
1557 diff --git a/crypto/x509v3/v3_scts.c b/crypto/x509v3/v3_scts.c
1558 index 0b7c681..1895b8f 100644
1559 --- a/crypto/x509v3/v3_scts.c
1560 +++ b/crypto/x509v3/v3_scts.c
1562 #include <openssl/asn1.h>
1563 #include <openssl/x509v3.h>
1565 +#ifndef OPENSSL_NO_SCT
1566 /* Signature and hash algorithms from RFC 5246 */
1567 #define TLSEXT_hash_sha256 4
1569 @@ -332,3 +333,4 @@ static int i2r_SCT_LIST(X509V3_EXT_METHOD *method, STACK_OF(SCT) *sct_list,
1574 diff --git a/crypto/x509v3/x509v3.h b/crypto/x509v3/x509v3.h
1575 index f5c6156..a2e78aa 100644
1576 --- a/crypto/x509v3/x509v3.h
1577 +++ b/crypto/x509v3/x509v3.h
1578 @@ -688,8 +688,9 @@ void X509V3_EXT_val_prn(BIO *out, STACK_OF(CONF_VALUE) *val, int indent,
1580 int X509V3_EXT_print(BIO *out, X509_EXTENSION *ext, unsigned long flag,
1582 +#ifndef OPENSSL_NO_FP_API
1583 int X509V3_EXT_print_fp(FILE *out, X509_EXTENSION *ext, int flag, int indent);
1586 int X509V3_extensions_print(BIO *out, char *title,
1587 STACK_OF(X509_EXTENSION) *exts,
1588 unsigned long flag, int indent);
1589 diff --git a/demos/engines/cluster_labs/hw_cluster_labs_err.h b/demos/engines/cluster_labs/hw_cluster_labs_err.h
1590 index 3300e11..e9e58d5 100644
1591 --- a/demos/engines/cluster_labs/hw_cluster_labs_err.h
1592 +++ b/demos/engines/cluster_labs/hw_cluster_labs_err.h
1593 @@ -67,7 +67,7 @@ extern "C" {
1594 static void ERR_load_CL_strings(void);
1595 static void ERR_unload_CL_strings(void);
1596 static void ERR_CL_error(int function, int reason, char *file, int line);
1597 -# define CLerr(f,r) ERR_CL_error((f),(r),__FILE__,__LINE__)
1598 +# define CLerr(f,r) ERR_CL_error((f),(r),OPENSSL_FILE,OPENSSL_LINE)
1600 /* Error codes for the CL functions. */
1602 diff --git a/demos/engines/ibmca/hw_ibmca_err.h b/demos/engines/ibmca/hw_ibmca_err.h
1603 index c17e0c9..10d0212 100644
1604 --- a/demos/engines/ibmca/hw_ibmca_err.h
1605 +++ b/demos/engines/ibmca/hw_ibmca_err.h
1606 @@ -67,7 +67,7 @@ extern "C" {
1607 static void ERR_load_IBMCA_strings(void);
1608 static void ERR_unload_IBMCA_strings(void);
1609 static void ERR_IBMCA_error(int function, int reason, char *file, int line);
1610 -# define IBMCAerr(f,r) ERR_IBMCA_error((f),(r),__FILE__,__LINE__)
1611 +# define IBMCAerr(f,r) ERR_IBMCA_error((f),(r),OPENSSL_FILE,OPENSSL_LINE)
1613 /* Error codes for the IBMCA functions. */
1615 diff --git a/demos/engines/rsaref/rsaref_err.h b/demos/engines/rsaref/rsaref_err.h
1616 index 4356815..598836f 100644
1617 --- a/demos/engines/rsaref/rsaref_err.h
1618 +++ b/demos/engines/rsaref/rsaref_err.h
1619 @@ -68,7 +68,7 @@ extern "C" {
1620 static void ERR_load_RSAREF_strings(void);
1621 static void ERR_unload_RSAREF_strings(void);
1622 static void ERR_RSAREF_error(int function, int reason, char *file, int line);
1623 -# define RSAREFerr(f,r) ERR_RSAREF_error((f),(r),__FILE__,__LINE__)
1624 +# define RSAREFerr(f,r) ERR_RSAREF_error((f),(r),OPENSSL_FILE,OPENSSL_LINE)
1625 /* Error codes for the RSAREF functions. */
1627 /* Function codes. */
1628 diff --git a/demos/engines/zencod/hw_zencod_err.h b/demos/engines/zencod/hw_zencod_err.h
1629 index f4a8358..94d3293 100644
1630 --- a/demos/engines/zencod/hw_zencod_err.h
1631 +++ b/demos/engines/zencod/hw_zencod_err.h
1632 @@ -67,7 +67,7 @@ extern "C" {
1633 static void ERR_load_ZENCOD_strings(void);
1634 static void ERR_unload_ZENCOD_strings(void);
1635 static void ERR_ZENCOD_error(int function, int reason, char *file, int line);
1636 -# define ZENCODerr(f,r) ERR_ZENCOD_error((f),(r),__FILE__,__LINE__)
1637 +# define ZENCODerr(f,r) ERR_ZENCOD_error((f),(r),OPENSSL_FILE,OPENSSL_LINE)
1639 /* Error codes for the ZENCOD functions. */
1641 diff --git a/doc/crypto/X509_VERIFY_PARAM_set_flags.pod b/doc/crypto/X509_VERIFY_PARAM_set_flags.pod
1642 index 44792f9..7f95d58 100644
1643 --- a/doc/crypto/X509_VERIFY_PARAM_set_flags.pod
1644 +++ b/doc/crypto/X509_VERIFY_PARAM_set_flags.pod
1645 @@ -203,6 +203,10 @@ chain found is not trusted, then OpenSSL will continue to check to see if an
1646 alternative chain can be found that is trusted. With this flag set the behaviour
1647 will match that of OpenSSL versions prior to 1.0.2b.
1649 +The B<X509_V_FLAG_NO_CHECK_TIME> flag suppresses checking the validity period
1650 +of certificates and CRLs against the current time. If X509_VERIFY_PARAM_set_time()
1651 +is used to specify a verification time, the check is not suppressed.
1655 The above functions should be used to manipulate verification parameters
1656 diff --git a/doc/crypto/threads.pod b/doc/crypto/threads.pod
1657 index dc0e939..fe123bb 100644
1658 --- a/doc/crypto/threads.pod
1659 +++ b/doc/crypto/threads.pod
1660 @@ -51,15 +51,15 @@ CRYPTO_destroy_dynlockid, CRYPTO_lock - OpenSSL thread support
1661 void CRYPTO_lock(int mode, int n, const char *file, int line);
1663 #define CRYPTO_w_lock(type) \
1664 - CRYPTO_lock(CRYPTO_LOCK|CRYPTO_WRITE,type,__FILE__,__LINE__)
1665 + CRYPTO_lock(CRYPTO_LOCK|CRYPTO_WRITE,type,OPENSSL_FILE,OPENSSL_LINE)
1666 #define CRYPTO_w_unlock(type) \
1667 - CRYPTO_lock(CRYPTO_UNLOCK|CRYPTO_WRITE,type,__FILE__,__LINE__)
1668 + CRYPTO_lock(CRYPTO_UNLOCK|CRYPTO_WRITE,type,OPENSSL_FILE,OPENSSL_LINE)
1669 #define CRYPTO_r_lock(type) \
1670 - CRYPTO_lock(CRYPTO_LOCK|CRYPTO_READ,type,__FILE__,__LINE__)
1671 + CRYPTO_lock(CRYPTO_LOCK|CRYPTO_READ,type,OPENSSL_FILE,OPENSSL_LINE)
1672 #define CRYPTO_r_unlock(type) \
1673 - CRYPTO_lock(CRYPTO_UNLOCK|CRYPTO_READ,type,__FILE__,__LINE__)
1674 + CRYPTO_lock(CRYPTO_UNLOCK|CRYPTO_READ,type,OPENSSL_FILE,OPENSSL_LINE)
1675 #define CRYPTO_add(addr,amount,type) \
1676 - CRYPTO_add_lock(addr,amount,type,__FILE__,__LINE__)
1677 + CRYPTO_add_lock(addr,amount,type,OPENSSL_FILE,OPENSSL_LINE)
1681 diff --git a/e_os.h b/e_os.h
1682 index 1fa36c1..3e9dae2 100644
1685 @@ -136,7 +136,7 @@ extern "C" {
1689 -# if defined(MSDOS) && !defined(GETPID_IS_MEANINGLESS)
1690 +# if (defined(MSDOS) || defined(OPENSSL_SYS_UEFI)) && !defined(GETPID_IS_MEANINGLESS)
1691 # define GETPID_IS_MEANINGLESS
1694 diff --git a/e_os2.h b/e_os2.h
1695 index 7be9989..909e22f 100644
1698 @@ -97,7 +97,14 @@ extern "C" {
1699 * For 32 bit environment, there seems to be the CygWin environment and then
1700 * all the others that try to do the same thing Microsoft does...
1702 -# if defined(OPENSSL_SYSNAME_UWIN)
1704 + * UEFI lives here because it might be built with a Microsoft toolchain and
1705 + * we need to avoid the false positive match on Windows.
1707 +# if defined(OPENSSL_SYSNAME_UEFI)
1708 +# undef OPENSSL_SYS_UNIX
1709 +# define OPENSSL_SYS_UEFI
1710 +# elif defined(OPENSSL_SYSNAME_UWIN)
1711 # undef OPENSSL_SYS_UNIX
1712 # define OPENSSL_SYS_WIN32_UWIN
1714 diff --git a/engines/ccgost/e_gost_err.h b/engines/ccgost/e_gost_err.h
1715 index a2018ec..9eacdcf 100644
1716 --- a/engines/ccgost/e_gost_err.h
1717 +++ b/engines/ccgost/e_gost_err.h
1718 @@ -67,7 +67,7 @@ extern "C" {
1719 void ERR_load_GOST_strings(void);
1720 void ERR_unload_GOST_strings(void);
1721 void ERR_GOST_error(int function, int reason, char *file, int line);
1722 -# define GOSTerr(f,r) ERR_GOST_error((f),(r),__FILE__,__LINE__)
1723 +# define GOSTerr(f,r) ERR_GOST_error((f),(r),OPENSSL_FILE,OPENSSL_LINE)
1725 /* Error codes for the GOST functions. */
1727 diff --git a/engines/e_4758cca_err.h b/engines/e_4758cca_err.h
1728 index 2f29d96..47a2635 100644
1729 --- a/engines/e_4758cca_err.h
1730 +++ b/engines/e_4758cca_err.h
1731 @@ -67,7 +67,7 @@ extern "C" {
1732 static void ERR_load_CCA4758_strings(void);
1733 static void ERR_unload_CCA4758_strings(void);
1734 static void ERR_CCA4758_error(int function, int reason, char *file, int line);
1735 -# define CCA4758err(f,r) ERR_CCA4758_error((f),(r),__FILE__,__LINE__)
1736 +# define CCA4758err(f,r) ERR_CCA4758_error((f),(r),OPENSSL_FILE,OPENSSL_LINE)
1738 /* Error codes for the CCA4758 functions. */
1740 diff --git a/engines/e_aep_err.h b/engines/e_aep_err.h
1741 index 2ed0114..1f8fa5b 100644
1742 --- a/engines/e_aep_err.h
1743 +++ b/engines/e_aep_err.h
1744 @@ -67,7 +67,7 @@ extern "C" {
1745 static void ERR_load_AEPHK_strings(void);
1746 static void ERR_unload_AEPHK_strings(void);
1747 static void ERR_AEPHK_error(int function, int reason, char *file, int line);
1748 -# define AEPHKerr(f,r) ERR_AEPHK_error((f),(r),__FILE__,__LINE__)
1749 +# define AEPHKerr(f,r) ERR_AEPHK_error((f),(r),OPENSSL_FILE,OPENSSL_LINE)
1751 /* Error codes for the AEPHK functions. */
1753 diff --git a/engines/e_atalla_err.h b/engines/e_atalla_err.h
1754 index 7b71eff..d958496 100644
1755 --- a/engines/e_atalla_err.h
1756 +++ b/engines/e_atalla_err.h
1757 @@ -67,7 +67,7 @@ extern "C" {
1758 static void ERR_load_ATALLA_strings(void);
1759 static void ERR_unload_ATALLA_strings(void);
1760 static void ERR_ATALLA_error(int function, int reason, char *file, int line);
1761 -# define ATALLAerr(f,r) ERR_ATALLA_error((f),(r),__FILE__,__LINE__)
1762 +# define ATALLAerr(f,r) ERR_ATALLA_error((f),(r),OPENSSL_FILE,OPENSSL_LINE)
1764 /* Error codes for the ATALLA functions. */
1766 diff --git a/engines/e_capi_err.h b/engines/e_capi_err.h
1767 index b5d06dc..cfe46b1 100644
1768 --- a/engines/e_capi_err.h
1769 +++ b/engines/e_capi_err.h
1770 @@ -67,7 +67,7 @@ extern "C" {
1771 static void ERR_load_CAPI_strings(void);
1772 static void ERR_unload_CAPI_strings(void);
1773 static void ERR_CAPI_error(int function, int reason, char *file, int line);
1774 -# define CAPIerr(f,r) ERR_CAPI_error((f),(r),__FILE__,__LINE__)
1775 +# define CAPIerr(f,r) ERR_CAPI_error((f),(r),OPENSSL_FILE,OPENSSL_LINE)
1777 /* Error codes for the CAPI functions. */
1779 diff --git a/engines/e_chil_err.h b/engines/e_chil_err.h
1780 index d86a4ce..3d961b9 100644
1781 --- a/engines/e_chil_err.h
1782 +++ b/engines/e_chil_err.h
1783 @@ -67,7 +67,7 @@ extern "C" {
1784 static void ERR_load_HWCRHK_strings(void);
1785 static void ERR_unload_HWCRHK_strings(void);
1786 static void ERR_HWCRHK_error(int function, int reason, char *file, int line);
1787 -# define HWCRHKerr(f,r) ERR_HWCRHK_error((f),(r),__FILE__,__LINE__)
1788 +# define HWCRHKerr(f,r) ERR_HWCRHK_error((f),(r),OPENSSL_FILE,OPENSSL_LINE)
1790 /* Error codes for the HWCRHK functions. */
1792 diff --git a/engines/e_cswift_err.h b/engines/e_cswift_err.h
1793 index fde3a82..7c20691 100644
1794 --- a/engines/e_cswift_err.h
1795 +++ b/engines/e_cswift_err.h
1796 @@ -67,7 +67,7 @@ extern "C" {
1797 static void ERR_load_CSWIFT_strings(void);
1798 static void ERR_unload_CSWIFT_strings(void);
1799 static void ERR_CSWIFT_error(int function, int reason, char *file, int line);
1800 -# define CSWIFTerr(f,r) ERR_CSWIFT_error((f),(r),__FILE__,__LINE__)
1801 +# define CSWIFTerr(f,r) ERR_CSWIFT_error((f),(r),OPENSSL_FILE,OPENSSL_LINE)
1803 /* Error codes for the CSWIFT functions. */
1805 diff --git a/engines/e_gmp_err.h b/engines/e_gmp_err.h
1806 index 637abbc..ccaf3da 100644
1807 --- a/engines/e_gmp_err.h
1808 +++ b/engines/e_gmp_err.h
1809 @@ -67,7 +67,7 @@ extern "C" {
1810 static void ERR_load_GMP_strings(void);
1811 static void ERR_unload_GMP_strings(void);
1812 static void ERR_GMP_error(int function, int reason, char *file, int line);
1813 -# define GMPerr(f,r) ERR_GMP_error((f),(r),__FILE__,__LINE__)
1814 +# define GMPerr(f,r) ERR_GMP_error((f),(r),OPENSSL_FILE,OPENSSL_LINE)
1816 /* Error codes for the GMP functions. */
1818 diff --git a/engines/e_nuron_err.h b/engines/e_nuron_err.h
1819 index aa7849c..e607d3e 100644
1820 --- a/engines/e_nuron_err.h
1821 +++ b/engines/e_nuron_err.h
1822 @@ -67,7 +67,7 @@ extern "C" {
1823 static void ERR_load_NURON_strings(void);
1824 static void ERR_unload_NURON_strings(void);
1825 static void ERR_NURON_error(int function, int reason, char *file, int line);
1826 -# define NURONerr(f,r) ERR_NURON_error((f),(r),__FILE__,__LINE__)
1827 +# define NURONerr(f,r) ERR_NURON_error((f),(r),OPENSSL_FILE,OPENSSL_LINE)
1829 /* Error codes for the NURON functions. */
1831 diff --git a/engines/e_sureware_err.h b/engines/e_sureware_err.h
1832 index bef8623..54f2848 100644
1833 --- a/engines/e_sureware_err.h
1834 +++ b/engines/e_sureware_err.h
1835 @@ -68,7 +68,7 @@ static void ERR_load_SUREWARE_strings(void);
1836 static void ERR_unload_SUREWARE_strings(void);
1837 static void ERR_SUREWARE_error(int function, int reason, char *file,
1839 -# define SUREWAREerr(f,r) ERR_SUREWARE_error((f),(r),__FILE__,__LINE__)
1840 +# define SUREWAREerr(f,r) ERR_SUREWARE_error((f),(r),OPENSSL_FILE,OPENSSL_LINE)
1842 /* Error codes for the SUREWARE functions. */
1844 diff --git a/engines/e_ubsec_err.h b/engines/e_ubsec_err.h
1845 index c8aec7c..67110ed 100644
1846 --- a/engines/e_ubsec_err.h
1847 +++ b/engines/e_ubsec_err.h
1848 @@ -67,7 +67,7 @@ extern "C" {
1849 static void ERR_load_UBSEC_strings(void);
1850 static void ERR_unload_UBSEC_strings(void);
1851 static void ERR_UBSEC_error(int function, int reason, char *file, int line);
1852 -# define UBSECerr(f,r) ERR_UBSEC_error((f),(r),__FILE__,__LINE__)
1853 +# define UBSECerr(f,r) ERR_UBSEC_error((f),(r),OPENSSL_FILE,OPENSSL_LINE)
1855 /* Error codes for the UBSEC functions. */
1857 diff --git a/makevms.com b/makevms.com
1858 index f6b3ff2..1dcbe36 100755
1861 @@ -293,6 +293,7 @@ $ CONFIG_LOGICALS := AES,-
1869 diff --git a/ssl/d1_both.c b/ssl/d1_both.c
1870 index d1fc716..d5f661a 100644
1873 @@ -1053,7 +1053,7 @@ int dtls1_send_change_cipher_spec(SSL *s, int a, int b)
1874 int dtls1_read_failed(SSL *s, int code)
1877 - fprintf(stderr, "invalid state reached %s:%d", __FILE__, __LINE__);
1878 + fprintf(stderr, "dtls1_read_failed(); invalid state reached\n");
1882 diff --git a/ssl/ssl_asn1.c b/ssl/ssl_asn1.c
1883 index 35cc27c..a1f5335 100644
1884 --- a/ssl/ssl_asn1.c
1885 +++ b/ssl/ssl_asn1.c
1886 @@ -418,7 +418,7 @@ SSL_SESSION *d2i_SSL_SESSION(SSL_SESSION **a, const unsigned char **pp,
1887 if (ssl_version == SSL2_VERSION) {
1888 if (os.length != 3) {
1889 c.error = SSL_R_CIPHER_CODE_WRONG_LENGTH;
1890 - c.line = __LINE__;
1891 + c.line = OPENSSL_LINE;
1895 @@ -429,14 +429,14 @@ SSL_SESSION *d2i_SSL_SESSION(SSL_SESSION **a, const unsigned char **pp,
1896 || ssl_version == DTLS1_BAD_VER) {
1897 if (os.length != 2) {
1898 c.error = SSL_R_CIPHER_CODE_WRONG_LENGTH;
1899 - c.line = __LINE__;
1900 + c.line = OPENSSL_LINE;
1904 ((unsigned long)os.data[0] << 8L) | (unsigned long)os.data[1];
1906 c.error = SSL_R_UNKNOWN_SSL_VERSION;
1907 - c.line = __LINE__;
1908 + c.line = OPENSSL_LINE;
1912 @@ -526,7 +526,7 @@ SSL_SESSION *d2i_SSL_SESSION(SSL_SESSION **a, const unsigned char **pp,
1913 if (os.data != NULL) {
1914 if (os.length > SSL_MAX_SID_CTX_LENGTH) {
1915 c.error = SSL_R_BAD_LENGTH;
1916 - c.line = __LINE__;
1917 + c.line = OPENSSL_LINE;
1920 ret->sid_ctx_length = os.length;
1921 diff --git a/ssl/ssl_cert.c b/ssl/ssl_cert.c
1922 index a73f866..d534c0a 100644
1923 --- a/ssl/ssl_cert.c
1924 +++ b/ssl/ssl_cert.c
1925 @@ -855,12 +855,13 @@ int SSL_CTX_add_client_CA(SSL_CTX *ctx, X509 *x)
1926 return (add_client_CA(&(ctx->client_CA), x));
1929 +#ifndef OPENSSL_NO_STDIO
1931 static int xname_cmp(const X509_NAME *const *a, const X509_NAME *const *b)
1933 return (X509_NAME_cmp(*a, *b));
1936 -#ifndef OPENSSL_NO_STDIO
1938 * Load CA certs from a file into a ::STACK. Note that it is somewhat misnamed;
1939 * it doesn't really have anything to do with clients (except that a common use
1940 @@ -928,7 +929,6 @@ STACK_OF(X509_NAME) *SSL_load_client_CA_file(const char *file)
1947 * Add a file of certs to a stack.
1948 @@ -1048,6 +1048,7 @@ int SSL_add_dir_cert_subjects_to_stack(STACK_OF(X509_NAME) *stack,
1949 CRYPTO_w_unlock(CRYPTO_LOCK_READDIR);
1952 +#endif /* !OPENSSL_NO_STDIO */
1954 /* Add a certificate to a BUF_MEM structure */
1956 diff --git a/ssl/ssl_conf.c b/ssl/ssl_conf.c
1957 index 5478840..c2ad7c9 100644
1958 --- a/ssl/ssl_conf.c
1959 +++ b/ssl/ssl_conf.c
1960 @@ -362,6 +362,7 @@ static int cmd_Options(SSL_CONF_CTX *cctx, const char *value)
1961 return CONF_parse_list(value, ',', 1, ssl_set_option_list, cctx);
1964 +#ifndef OPENSSL_NO_STDIO
1965 static int cmd_Certificate(SSL_CONF_CTX *cctx, const char *value)
1968 @@ -428,7 +429,9 @@ static int cmd_DHParameters(SSL_CONF_CTX *cctx, const char *value)
1973 +#endif /* !OPENSSL_NO_DH */
1974 +#endif /* !OPENSSL_NO_STDIO */
1977 int (*cmd) (SSL_CONF_CTX *cctx, const char *value);
1978 const char *str_file;
1979 @@ -454,12 +457,14 @@ static const ssl_conf_cmd_tbl ssl_conf_cmds[] = {
1980 SSL_CONF_CMD_STRING(CipherString, "cipher"),
1981 SSL_CONF_CMD_STRING(Protocol, NULL),
1982 SSL_CONF_CMD_STRING(Options, NULL),
1983 +#ifndef OPENSSL_NO_STDIO
1984 SSL_CONF_CMD(Certificate, "cert", SSL_CONF_TYPE_FILE),
1985 SSL_CONF_CMD(PrivateKey, "key", SSL_CONF_TYPE_FILE),
1986 SSL_CONF_CMD(ServerInfoFile, NULL, SSL_CONF_TYPE_FILE),
1987 #ifndef OPENSSL_NO_DH
1988 SSL_CONF_CMD(DHParameters, "dhparam", SSL_CONF_TYPE_FILE)
1993 static int ssl_conf_cmd_skip_prefix(SSL_CONF_CTX *cctx, const char **pcmd)
1994 diff --git a/ssl/t1_enc.c b/ssl/t1_enc.c
1995 index 514fcb3..2a54cc9 100644
1998 @@ -780,9 +780,7 @@ int tls1_enc(SSL *s, int send)
1999 * we can't write into the input stream: Can this ever
2003 - "%s:%d: rec->data != rec->input\n",
2004 - __FILE__, __LINE__);
2005 + fprintf(stderr, "tls1_enc: rec->data != rec->input\n");
2006 else if (RAND_bytes(rec->input, ivlen) <= 0)
2009 diff --git a/test/cms-test.pl b/test/cms-test.pl
2010 index baa3b59..1ee3f02 100644
2011 --- a/test/cms-test.pl
2012 +++ b/test/cms-test.pl
2013 @@ -100,6 +100,13 @@ my $no_ec2m;
2015 my $ossl8 = `$ossl_path version -v` =~ /0\.9\.8/;
2017 +system ("$ossl_path no-cms > $null_path");
2020 + print "CMS disabled\n";
2024 system ("$ossl_path no-ec > $null_path");
2027 diff --git a/util/libeay.num b/util/libeay.num
2028 index 7f7487d..13b2e3a 100755
2029 --- a/util/libeay.num
2030 +++ b/util/libeay.num
2031 @@ -4368,7 +4368,7 @@ DH_compute_key_padded 4732 EXIST::FUNCTION:DH
2032 ECDSA_METHOD_set_sign 4733 EXIST::FUNCTION:ECDSA
2033 CMS_RecipientEncryptedKey_cert_cmp 4734 EXIST:!VMS:FUNCTION:CMS
2034 CMS_RecipEncryptedKey_cert_cmp 4734 EXIST:VMS:FUNCTION:CMS
2035 -DH_KDF_X9_42 4735 EXIST::FUNCTION:DH
2036 +DH_KDF_X9_42 4735 EXIST::FUNCTION:CMS,DH
2037 RSA_OAEP_PARAMS_free 4736 EXIST::FUNCTION:RSA
2038 EVP_des_ede3_wrap 4737 EXIST::FUNCTION:DES
2039 RSA_OAEP_PARAMS_it 4738 EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:RSA
2040 diff --git a/util/mkdef.pl b/util/mkdef.pl
2041 index c57c7f7..d4c3386 100755
2044 @@ -97,6 +97,8 @@ my @known_algorithms = ( "RC2", "RC4", "RC5", "IDEA", "DES", "BF",
2045 "FP_API", "STDIO", "SOCK", "KRB5", "DGRAM",
2047 "STATIC_ENGINE", "ENGINE", "HW", "GMP",
2048 + # X.509v3 Signed Certificate Timestamps
2053 @@ -142,7 +144,7 @@ my $no_md2; my $no_md4; my $no_md5; my $no_sha; my $no_ripemd; my $no_mdc2;
2054 my $no_rsa; my $no_dsa; my $no_dh; my $no_hmac=0; my $no_aes; my $no_krb5;
2055 my $no_ec; my $no_ecdsa; my $no_ecdh; my $no_engine; my $no_hw;
2056 my $no_fp_api; my $no_static_engine=1; my $no_gmp; my $no_deprecated;
2057 -my $no_rfc3779; my $no_psk; my $no_tlsext; my $no_cms; my $no_capieng;
2058 +my $no_sct; my $no_rfc3779; my $no_psk; my $no_tlsext; my $no_cms; my $no_capieng;
2059 my $no_jpake; my $no_srp; my $no_ssl2; my $no_ec2m; my $no_nistp_gcc;
2060 my $no_nextprotoneg; my $no_sctp; my $no_srtp; my $no_ssl_trace;
2061 my $no_unit_test; my $no_ssl3_method;
2062 @@ -233,6 +235,7 @@ foreach (@ARGV, split(/ /, $options))
2063 elsif (/^no-engine$/) { $no_engine=1; }
2064 elsif (/^no-hw$/) { $no_hw=1; }
2065 elsif (/^no-gmp$/) { $no_gmp=1; }
2066 + elsif (/^no-sct$/) { $no_sct=1; }
2067 elsif (/^no-rfc3779$/) { $no_rfc3779=1; }
2068 elsif (/^no-tlsext$/) { $no_tlsext=1; }
2069 elsif (/^no-cms$/) { $no_cms=1; }
2070 @@ -1206,6 +1209,7 @@ sub is_valid
2071 if ($keyword eq "FP_API" && $no_fp_api) { return 0; }
2072 if ($keyword eq "STATIC_ENGINE" && $no_static_engine) { return 0; }
2073 if ($keyword eq "GMP" && $no_gmp) { return 0; }
2074 + if ($keyword eq "SCT" && $no_sct) { return 0; }
2075 if ($keyword eq "RFC3779" && $no_rfc3779) { return 0; }
2076 if ($keyword eq "TLSEXT" && $no_tlsext) { return 0; }
2077 if ($keyword eq "PSK" && $no_psk) { return 0; }
2078 diff --git a/util/mkerr.pl b/util/mkerr.pl
2079 index 09ebebe..cd57ade 100644
2082 @@ -89,7 +89,7 @@ Options:
2083 void ERR_load_<LIB>_strings(void);
2084 void ERR_unload_<LIB>_strings(void);
2085 void ERR_<LIB>_error(int f, int r, char *fn, int ln);
2086 - #define <LIB>err(f,r) ERR_<LIB>_error(f,r,__FILE__,__LINE__)
2087 + #define <LIB>err(f,r) ERR_<LIB>_error(f,r,OPENSSL_FILE,OPENSSL_LINE)
2088 while the code facilitates the use of these in an environment
2089 where the error support routines are dynamically loaded at
2091 @@ -474,7 +474,7 @@ EOF
2092 ${staticloader}void ERR_load_${lib}_strings(void);
2093 ${staticloader}void ERR_unload_${lib}_strings(void);
2094 ${staticloader}void ERR_${lib}_error(int function, int reason, char *file, int line);
2095 -# define ${lib}err(f,r) ERR_${lib}_error((f),(r),__FILE__,__LINE__)
2096 +# define ${lib}err(f,r) ERR_${lib}_error((f),(r),OPENSSL_FILE,OPENSSL_LINE)
projects / mirror_edk2.git / blob