1 diff --git a/Configure b/Configure
2 index 4a715dc..b4a4781 100755
5 @@ -605,6 +605,9 @@ my %table=(
6 # with itself, Applink is never engaged and can as well be omitted.
7 "mingw64", "gcc:-mno-cygwin -DL_ENDIAN -O3 -Wall -DWIN32_LEAN_AND_MEAN -DUNICODE -D_UNICODE::-D_MT:MINGW64:-lws2_32 -lgdi32 -lcrypt32:SIXTY_FOUR_BIT RC4_CHUNK_LL DES_INT EXPORT_VAR_AS_FN:${x86_64_asm}:mingw64:win32:cygwin-shared:-D_WINDLL:-mno-cygwin:.dll.a",
10 +"UEFI", "cc:-DL_ENDIAN -O:::UEFI::::",
13 "UWIN", "cc:-DTERMIOS -DL_ENDIAN -O -Wall:::UWIN::BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${no_asm}:win32",
15 @@ -1082,7 +1085,7 @@ if (defined($disabled{"tls1"}))
18 if (defined($disabled{"ec"}) || defined($disabled{"dsa"})
19 - || defined($disabled{"dh"}))
20 + || defined($disabled{"dh"}) || defined($disabled{"stdio"}))
22 $disabled{"gost"} = "forced";
24 diff --git a/apps/apps.c b/apps/apps.c
25 index 2e77805..e21e759 100644
28 @@ -2374,6 +2374,8 @@ int args_verify(char ***pargs, int *pargc,
29 flags |= X509_V_FLAG_PARTIAL_CHAIN;
30 else if (!strcmp(arg, "-no_alt_chains"))
31 flags |= X509_V_FLAG_NO_ALT_CHAINS;
32 + else if (!strcmp(arg, "-no_check_time"))
33 + flags |= X509_V_FLAG_NO_CHECK_TIME;
37 diff --git a/crypto/asn1/a_strex.c b/crypto/asn1/a_strex.c
38 index 35fd44c..9f39bff 100644
39 --- a/crypto/asn1/a_strex.c
40 +++ b/crypto/asn1/a_strex.c
41 @@ -104,6 +104,7 @@ static int send_bio_chars(void *arg, const void *buf, int len)
45 +#ifndef OPENSSL_NO_FP_API
46 static int send_fp_chars(void *arg, const void *buf, int len)
49 @@ -112,6 +113,7 @@ static int send_fp_chars(void *arg, const void *buf, int len)
55 typedef int char_io (void *arg, const void *buf, int len);
57 diff --git a/crypto/asn1/asn1_mac.h b/crypto/asn1/asn1_mac.h
58 index abc6dc3..3a672e9 100644
59 --- a/crypto/asn1/asn1_mac.h
60 +++ b/crypto/asn1/asn1_mac.h
61 @@ -70,7 +70,7 @@ extern "C" {
64 # define ASN1_MAC_H_err(f,r,line) \
65 - ERR_PUT_error(ASN1_MAC_ERR_LIB,(f),(r),__FILE__,(line))
66 + ERR_PUT_error(ASN1_MAC_ERR_LIB,(f),(r),OPENSSL_FILE,(line))
68 # define M_ASN1_D2I_vars(a,type,func) \
70 @@ -81,7 +81,7 @@ extern "C" {
71 c.error=ERR_R_NESTED_ASN1_ERROR; \
72 if ((a == NULL) || ((*a) == NULL)) \
73 { if ((ret=(type)func()) == NULL) \
74 - { c.line=__LINE__; goto err; } } \
75 + { c.line=OPENSSL_LINE; goto err; } } \
78 # define M_ASN1_D2I_Init() \
79 @@ -90,7 +90,7 @@ extern "C" {
81 # define M_ASN1_D2I_Finish_2(a) \
82 if (!asn1_const_Finish(&c)) \
83 - { c.line=__LINE__; goto err; } \
84 + { c.line=OPENSSL_LINE; goto err; } \
85 *(const unsigned char **)pp=c.p; \
86 if (a != NULL) (*a)=ret; \
88 @@ -105,7 +105,7 @@ err:\
90 # define M_ASN1_D2I_start_sequence() \
91 if (!asn1_GetSequence(&c,&length)) \
92 - { c.line=__LINE__; goto err; }
93 + { c.line=OPENSSL_LINE; goto err; }
94 /* Begin reading ASN1 without a surrounding sequence */
95 # define M_ASN1_D2I_begin() \
97 @@ -129,21 +129,21 @@ err:\
98 # define M_ASN1_D2I_get(b, func) \
100 if (func(&(b),&c.p,c.slen) == NULL) \
101 - {c.line=__LINE__; goto err; } \
102 + {c.line=OPENSSL_LINE; goto err; } \
105 /* Don't use this with d2i_ASN1_BOOLEAN() */
106 # define M_ASN1_D2I_get_x(type,b,func) \
108 if (((D2I_OF(type))func)(&(b),&c.p,c.slen) == NULL) \
109 - {c.line=__LINE__; goto err; } \
110 + {c.line=OPENSSL_LINE; goto err; } \
113 /* use this instead () */
114 # define M_ASN1_D2I_get_int(b,func) \
116 if (func(&(b),&c.p,c.slen) < 0) \
117 - {c.line=__LINE__; goto err; } \
118 + {c.line=OPENSSL_LINE; goto err; } \
121 # define M_ASN1_D2I_get_opt(b,func,type) \
122 @@ -164,7 +164,7 @@ err:\
123 M_ASN1_next=(_tmp& V_ASN1_CONSTRUCTED)|type; \
125 if (func(&(b),&c.p,c.slen) == NULL) \
126 - {c.line=__LINE__; M_ASN1_next_prev = _tmp; goto err; } \
127 + {c.line=OPENSSL_LINE; M_ASN1_next_prev = _tmp; goto err; } \
129 M_ASN1_next_prev=_tmp;
131 @@ -258,20 +258,20 @@ err:\
133 if (d2i_ASN1_SET(&(r),&c.p,c.slen,(char *(*)())func,\
134 (void (*)())free_func,a,b) == NULL) \
135 - { c.line=__LINE__; goto err; } \
136 + { c.line=OPENSSL_LINE; goto err; } \
139 # define M_ASN1_D2I_get_imp_set_type(type,r,func,free_func,a,b) \
141 if (d2i_ASN1_SET_OF_##type(&(r),&c.p,c.slen,func,\
142 free_func,a,b) == NULL) \
143 - { c.line=__LINE__; goto err; } \
144 + { c.line=OPENSSL_LINE; goto err; } \
147 # define M_ASN1_D2I_get_set_strings(r,func,a,b) \
149 if (d2i_ASN1_STRING_SET(&(r),&c.p,c.slen,a,b) == NULL) \
150 - { c.line=__LINE__; goto err; } \
151 + { c.line=OPENSSL_LINE; goto err; } \
154 # define M_ASN1_D2I_get_EXP_opt(r,func,tag) \
155 @@ -285,16 +285,16 @@ err:\
156 Tinf=ASN1_get_object(&c.p,&Tlen,&Ttag,&Tclass,c.slen); \
158 { c.error=ERR_R_BAD_ASN1_OBJECT_HEADER; \
159 - c.line=__LINE__; goto err; } \
160 + c.line=OPENSSL_LINE; goto err; } \
161 if (Tinf == (V_ASN1_CONSTRUCTED+1)) \
162 Tlen = c.slen - (c.p - c.q) - 2; \
163 if (func(&(r),&c.p,Tlen) == NULL) \
164 - { c.line=__LINE__; goto err; } \
165 + { c.line=OPENSSL_LINE; goto err; } \
166 if (Tinf == (V_ASN1_CONSTRUCTED+1)) { \
167 Tlen = c.slen - (c.p - c.q); \
168 if(!ASN1_const_check_infinite_end(&c.p, Tlen)) \
169 { c.error=ERR_R_MISSING_ASN1_EOS; \
170 - c.line=__LINE__; goto err; } \
171 + c.line=OPENSSL_LINE; goto err; } \
175 @@ -310,18 +310,18 @@ err:\
176 Tinf=ASN1_get_object(&c.p,&Tlen,&Ttag,&Tclass,c.slen); \
178 { c.error=ERR_R_BAD_ASN1_OBJECT_HEADER; \
179 - c.line=__LINE__; goto err; } \
180 + c.line=OPENSSL_LINE; goto err; } \
181 if (Tinf == (V_ASN1_CONSTRUCTED+1)) \
182 Tlen = c.slen - (c.p - c.q) - 2; \
183 if (d2i_ASN1_SET(&(r),&c.p,Tlen,(char *(*)())func, \
184 (void (*)())free_func, \
185 b,V_ASN1_UNIVERSAL) == NULL) \
186 - { c.line=__LINE__; goto err; } \
187 + { c.line=OPENSSL_LINE; goto err; } \
188 if (Tinf == (V_ASN1_CONSTRUCTED+1)) { \
189 Tlen = c.slen - (c.p - c.q); \
190 if(!ASN1_check_infinite_end(&c.p, Tlen)) \
191 { c.error=ERR_R_MISSING_ASN1_EOS; \
192 - c.line=__LINE__; goto err; } \
193 + c.line=OPENSSL_LINE; goto err; } \
197 @@ -337,17 +337,17 @@ err:\
198 Tinf=ASN1_get_object(&c.p,&Tlen,&Ttag,&Tclass,c.slen); \
200 { c.error=ERR_R_BAD_ASN1_OBJECT_HEADER; \
201 - c.line=__LINE__; goto err; } \
202 + c.line=OPENSSL_LINE; goto err; } \
203 if (Tinf == (V_ASN1_CONSTRUCTED+1)) \
204 Tlen = c.slen - (c.p - c.q) - 2; \
205 if (d2i_ASN1_SET_OF_##type(&(r),&c.p,Tlen,func, \
206 free_func,b,V_ASN1_UNIVERSAL) == NULL) \
207 - { c.line=__LINE__; goto err; } \
208 + { c.line=OPENSSL_LINE; goto err; } \
209 if (Tinf == (V_ASN1_CONSTRUCTED+1)) { \
210 Tlen = c.slen - (c.p - c.q); \
211 if(!ASN1_check_infinite_end(&c.p, Tlen)) \
212 { c.error=ERR_R_MISSING_ASN1_EOS; \
213 - c.line=__LINE__; goto err; } \
214 + c.line=OPENSSL_LINE; goto err; } \
218 @@ -355,7 +355,7 @@ err:\
220 # define M_ASN1_New_Malloc(ret,type) \
221 if ((ret=(type *)OPENSSL_malloc(sizeof(type))) == NULL) \
222 - { c.line=__LINE__; goto err2; }
223 + { c.line=OPENSSL_LINE; goto err2; }
225 # define M_ASN1_New(arg,func) \
226 if (((arg)=func()) == NULL) return(NULL)
227 diff --git a/crypto/asn1/n_pkey.c b/crypto/asn1/n_pkey.c
228 index d5a5514..bede55c 100644
229 --- a/crypto/asn1/n_pkey.c
230 +++ b/crypto/asn1/n_pkey.c
231 @@ -193,7 +193,12 @@ int i2d_RSA_NET(const RSA *a, unsigned char **pp,
232 OPENSSL_cleanse(pkey->private_key->data, rsalen);
235 +#ifndef OPENSSL_NO_UI
236 cb = EVP_read_pw_string;
241 i = cb((char *)buf, 256, "Enter Private Key password:", 1);
243 ASN1err(ASN1_F_I2D_RSA_NET, ASN1_R_BAD_PASSWORD_READ);
244 @@ -264,7 +269,11 @@ RSA *d2i_RSA_NET(RSA **a, const unsigned char **pp, long length,
248 +#ifndef OPENSSL_NO_UI
249 cb = EVP_read_pw_string;
253 if ((ret = d2i_RSA_NET_2(a, enckey->enckey->digest, cb, sgckey)) == NULL)
256 diff --git a/crypto/bn/bn_prime.c b/crypto/bn/bn_prime.c
257 index 1d25687..e933ead 100644
258 --- a/crypto/bn/bn_prime.c
259 +++ b/crypto/bn/bn_prime.c
261 static int witness(BIGNUM *w, const BIGNUM *a, const BIGNUM *a1,
262 const BIGNUM *a1_odd, int k, BN_CTX *ctx,
264 -static int probable_prime(BIGNUM *rnd, int bits);
265 +static int probable_prime(BIGNUM *rnd, int bits, prime_t *mods);
266 static int probable_prime_dh(BIGNUM *rnd, int bits,
267 const BIGNUM *add, const BIGNUM *rem,
269 @@ -166,9 +166,13 @@ int BN_generate_prime_ex(BIGNUM *ret, int bits, int safe,
274 + BN_CTX *ctx = NULL;
275 + prime_t *mods = NULL;
276 int checks = BN_prime_checks_for_size(bits);
278 + mods = OPENSSL_malloc(sizeof(*mods) * NUMPRIMES);
284 @@ -179,7 +183,7 @@ int BN_generate_prime_ex(BIGNUM *ret, int bits, int safe,
286 /* make a random number and set the top and bottom bits */
288 - if (!probable_prime(ret, bits))
289 + if (!probable_prime(ret, bits, mods))
293 @@ -230,6 +234,7 @@ int BN_generate_prime_ex(BIGNUM *ret, int bits, int safe,
294 /* we have a prime :-) */
297 + OPENSSL_free(mods);
301 @@ -375,10 +380,9 @@ static int witness(BIGNUM *w, const BIGNUM *a, const BIGNUM *a1,
305 -static int probable_prime(BIGNUM *rnd, int bits)
306 +static int probable_prime(BIGNUM *rnd, int bits, prime_t *mods)
309 - prime_t mods[NUMPRIMES];
310 BN_ULONG delta, maxdelta;
313 diff --git a/crypto/conf/conf.h b/crypto/conf/conf.h
314 index 8d926d5..41cf38e 100644
315 --- a/crypto/conf/conf.h
316 +++ b/crypto/conf/conf.h
317 @@ -118,8 +118,10 @@ typedef void conf_finish_func (CONF_IMODULE *md);
319 int CONF_set_default_method(CONF_METHOD *meth);
320 void CONF_set_nconf(CONF *conf, LHASH_OF(CONF_VALUE) *hash);
321 +# ifndef OPENSSL_NO_STDIO
322 LHASH_OF(CONF_VALUE) *CONF_load(LHASH_OF(CONF_VALUE) *conf, const char *file,
325 # ifndef OPENSSL_NO_FP_API
326 LHASH_OF(CONF_VALUE) *CONF_load_fp(LHASH_OF(CONF_VALUE) *conf, FILE *fp,
328 @@ -133,7 +135,9 @@ char *CONF_get_string(LHASH_OF(CONF_VALUE) *conf, const char *group,
329 long CONF_get_number(LHASH_OF(CONF_VALUE) *conf, const char *group,
331 void CONF_free(LHASH_OF(CONF_VALUE) *conf);
332 +#ifndef OPENSSL_NO_FP_API
333 int CONF_dump_fp(LHASH_OF(CONF_VALUE) *conf, FILE *out);
335 int CONF_dump_bio(LHASH_OF(CONF_VALUE) *conf, BIO *out);
337 void OPENSSL_config(const char *config_name);
338 @@ -160,7 +164,9 @@ CONF_METHOD *NCONF_XML(void);
339 void NCONF_free(CONF *conf);
340 void NCONF_free_data(CONF *conf);
342 +# ifndef OPENSSL_NO_STDIO
343 int NCONF_load(CONF *conf, const char *file, long *eline);
345 # ifndef OPENSSL_NO_FP_API
346 int NCONF_load_fp(CONF *conf, FILE *fp, long *eline);
348 @@ -170,7 +176,9 @@ STACK_OF(CONF_VALUE) *NCONF_get_section(const CONF *conf,
349 char *NCONF_get_string(const CONF *conf, const char *group, const char *name);
350 int NCONF_get_number_e(const CONF *conf, const char *group, const char *name,
352 +#ifndef OPENSSL_NO_FP_API
353 int NCONF_dump_fp(const CONF *conf, FILE *out);
355 int NCONF_dump_bio(const CONF *conf, BIO *out);
357 # if 0 /* The following function has no error
358 @@ -184,8 +192,10 @@ long NCONF_get_number(CONF *conf, char *group, char *name);
360 int CONF_modules_load(const CONF *cnf, const char *appname,
361 unsigned long flags);
362 +#ifndef OPENSSL_NO_STDIO
363 int CONF_modules_load_file(const char *filename, const char *appname,
364 unsigned long flags);
366 void CONF_modules_unload(int all);
367 void CONF_modules_finish(void);
368 void CONF_modules_free(void);
369 diff --git a/crypto/conf/conf_def.c b/crypto/conf/conf_def.c
370 index 68c77ce..3d308c7 100644
371 --- a/crypto/conf/conf_def.c
372 +++ b/crypto/conf/conf_def.c
373 @@ -182,6 +182,10 @@ static int def_destroy_data(CONF *conf)
375 static int def_load(CONF *conf, const char *name, long *line)
377 +#ifdef OPENSSL_NO_STDIO
378 + CONFerr(CONF_F_DEF_LOAD, ERR_R_SYS_LIB);
384 @@ -202,6 +206,7 @@ static int def_load(CONF *conf, const char *name, long *line)
391 static int def_load_bio(CONF *conf, BIO *in, long *line)
392 diff --git a/crypto/conf/conf_lib.c b/crypto/conf/conf_lib.c
393 index 5281384..952b545 100644
394 --- a/crypto/conf/conf_lib.c
395 +++ b/crypto/conf/conf_lib.c
396 @@ -90,6 +90,7 @@ int CONF_set_default_method(CONF_METHOD *meth)
400 +#ifndef OPENSSL_NO_STDIO
401 LHASH_OF(CONF_VALUE) *CONF_load(LHASH_OF(CONF_VALUE) *conf, const char *file,
404 @@ -111,6 +112,7 @@ LHASH_OF(CONF_VALUE) *CONF_load(LHASH_OF(CONF_VALUE) *conf, const char *file,
410 #ifndef OPENSSL_NO_FP_API
411 LHASH_OF(CONF_VALUE) *CONF_load_fp(LHASH_OF(CONF_VALUE) *conf, FILE *fp,
412 @@ -255,6 +257,7 @@ void NCONF_free_data(CONF *conf)
413 conf->meth->destroy_data(conf);
416 +#ifndef OPENSSL_NO_STDIO
417 int NCONF_load(CONF *conf, const char *file, long *eline)
420 @@ -264,6 +267,7 @@ int NCONF_load(CONF *conf, const char *file, long *eline)
422 return conf->meth->load(conf, file, eline);
426 #ifndef OPENSSL_NO_FP_API
427 int NCONF_load_fp(CONF *conf, FILE *fp, long *eline)
428 diff --git a/crypto/conf/conf_mod.c b/crypto/conf/conf_mod.c
429 index 9acfca4..5e0a482 100644
430 --- a/crypto/conf/conf_mod.c
431 +++ b/crypto/conf/conf_mod.c
432 @@ -159,6 +159,7 @@ int CONF_modules_load(const CONF *cnf, const char *appname,
436 +#ifndef OPENSSL_NO_STDIO
437 int CONF_modules_load_file(const char *filename, const char *appname,
440 @@ -194,6 +195,7 @@ int CONF_modules_load_file(const char *filename, const char *appname,
446 static int module_run(const CONF *cnf, char *name, char *value,
448 diff --git a/crypto/conf/conf_sap.c b/crypto/conf/conf_sap.c
449 index c042cf2..a25b636 100644
450 --- a/crypto/conf/conf_sap.c
451 +++ b/crypto/conf/conf_sap.c
452 @@ -87,9 +87,11 @@ void OPENSSL_config(const char *config_name)
453 ENGINE_load_builtin_engines();
456 +#ifndef OPENSSL_NO_STDIO
457 CONF_modules_load_file(NULL, config_name,
458 CONF_MFLAGS_DEFAULT_SECTION |
459 CONF_MFLAGS_IGNORE_MISSING_FILE);
461 openssl_configured = 1;
464 diff --git a/crypto/cryptlib.c b/crypto/cryptlib.c
465 index c9f674b..39ead7f 100644
466 --- a/crypto/cryptlib.c
467 +++ b/crypto/cryptlib.c
468 @@ -263,7 +263,7 @@ int CRYPTO_get_new_dynlockid(void)
471 pointer->references = 1;
472 - pointer->data = dynlock_create_callback(__FILE__, __LINE__);
473 + pointer->data = dynlock_create_callback(OPENSSL_FILE, OPENSSL_LINE);
474 if (pointer->data == NULL) {
475 OPENSSL_free(pointer);
476 CRYPTOerr(CRYPTO_F_CRYPTO_GET_NEW_DYNLOCKID, ERR_R_MALLOC_FAILURE);
477 @@ -289,7 +289,7 @@ int CRYPTO_get_new_dynlockid(void)
478 CRYPTO_w_unlock(CRYPTO_LOCK_DYNLOCK);
481 - dynlock_destroy_callback(pointer->data, __FILE__, __LINE__);
482 + dynlock_destroy_callback(pointer->data, OPENSSL_FILE, OPENSSL_LINE);
483 OPENSSL_free(pointer);
485 i += 1; /* to avoid 0 */
486 @@ -328,7 +328,7 @@ void CRYPTO_destroy_dynlockid(int i)
487 CRYPTO_w_unlock(CRYPTO_LOCK_DYNLOCK);
490 - dynlock_destroy_callback(pointer->data, __FILE__, __LINE__);
491 + dynlock_destroy_callback(pointer->data, OPENSSL_FILE, OPENSSL_LINE);
492 OPENSSL_free(pointer);
495 @@ -670,6 +670,7 @@ unsigned long *OPENSSL_ia32cap_loc(void)
498 # if defined(OPENSSL_CPUID_OBJ) && !defined(OPENSSL_NO_ASM) && !defined(I386_ONLY)
500 # define OPENSSL_CPUID_SETUP
502 typedef unsigned __int64 IA32CAP;
503 @@ -980,11 +981,13 @@ void OPENSSL_showfatal(const char *fmta, ...)
505 void OPENSSL_showfatal(const char *fmta, ...)
507 +#ifndef OPENSSL_NO_STDIO
511 vfprintf(stderr, fmta, ap);
516 int OPENSSL_isservice(void)
517 @@ -1011,10 +1014,12 @@ void OpenSSLDie(const char *file, int line, const char *assertion)
521 +#ifndef OPENSSL_NO_STDIO
522 void *OPENSSL_stderr(void)
528 int CRYPTO_memcmp(const void *in_a, const void *in_b, size_t len)
530 diff --git a/crypto/cryptlib.h b/crypto/cryptlib.h
531 index fba180a..3e3ea5e 100644
532 --- a/crypto/cryptlib.h
533 +++ b/crypto/cryptlib.h
534 @@ -101,7 +101,9 @@ extern "C" {
535 void OPENSSL_cpuid_setup(void);
536 extern unsigned int OPENSSL_ia32cap_P[];
537 void OPENSSL_showfatal(const char *fmta, ...);
538 +#ifndef OPENSSL_NO_STDIO
539 void *OPENSSL_stderr(void);
541 extern int OPENSSL_NONPIC_relocated;
544 diff --git a/crypto/crypto.h b/crypto/crypto.h
545 index c450d7a..063d78e 100644
546 --- a/crypto/crypto.h
547 +++ b/crypto/crypto.h
548 @@ -235,15 +235,15 @@ typedef struct openssl_item_st {
549 # ifndef OPENSSL_NO_LOCKING
550 # ifndef CRYPTO_w_lock
551 # define CRYPTO_w_lock(type) \
552 - CRYPTO_lock(CRYPTO_LOCK|CRYPTO_WRITE,type,__FILE__,__LINE__)
553 + CRYPTO_lock(CRYPTO_LOCK|CRYPTO_WRITE,type,OPENSSL_FILE,OPENSSL_LINE)
554 # define CRYPTO_w_unlock(type) \
555 - CRYPTO_lock(CRYPTO_UNLOCK|CRYPTO_WRITE,type,__FILE__,__LINE__)
556 + CRYPTO_lock(CRYPTO_UNLOCK|CRYPTO_WRITE,type,OPENSSL_FILE,OPENSSL_LINE)
557 # define CRYPTO_r_lock(type) \
558 - CRYPTO_lock(CRYPTO_LOCK|CRYPTO_READ,type,__FILE__,__LINE__)
559 + CRYPTO_lock(CRYPTO_LOCK|CRYPTO_READ,type,OPENSSL_FILE,OPENSSL_LINE)
560 # define CRYPTO_r_unlock(type) \
561 - CRYPTO_lock(CRYPTO_UNLOCK|CRYPTO_READ,type,__FILE__,__LINE__)
562 + CRYPTO_lock(CRYPTO_UNLOCK|CRYPTO_READ,type,OPENSSL_FILE,OPENSSL_LINE)
563 # define CRYPTO_add(addr,amount,type) \
564 - CRYPTO_add_lock(addr,amount,type,__FILE__,__LINE__)
565 + CRYPTO_add_lock(addr,amount,type,OPENSSL_FILE,OPENSSL_LINE)
568 # define CRYPTO_w_lock(a)
569 @@ -378,19 +378,19 @@ int CRYPTO_is_mem_check_on(void);
570 # define MemCheck_off() CRYPTO_mem_ctrl(CRYPTO_MEM_CHECK_DISABLE)
571 # define is_MemCheck_on() CRYPTO_is_mem_check_on()
573 -# define OPENSSL_malloc(num) CRYPTO_malloc((int)num,__FILE__,__LINE__)
574 -# define OPENSSL_strdup(str) CRYPTO_strdup((str),__FILE__,__LINE__)
575 +# define OPENSSL_malloc(num) CRYPTO_malloc((int)num,OPENSSL_FILE,OPENSSL_LINE)
576 +# define OPENSSL_strdup(str) CRYPTO_strdup((str),OPENSSL_FILE,OPENSSL_LINE)
577 # define OPENSSL_realloc(addr,num) \
578 - CRYPTO_realloc((char *)addr,(int)num,__FILE__,__LINE__)
579 + CRYPTO_realloc((char *)addr,(int)num,OPENSSL_FILE,OPENSSL_LINE)
580 # define OPENSSL_realloc_clean(addr,old_num,num) \
581 - CRYPTO_realloc_clean(addr,old_num,num,__FILE__,__LINE__)
582 + CRYPTO_realloc_clean(addr,old_num,num,OPENSSL_FILE,OPENSSL_LINE)
583 # define OPENSSL_remalloc(addr,num) \
584 - CRYPTO_remalloc((char **)addr,(int)num,__FILE__,__LINE__)
585 + CRYPTO_remalloc((char **)addr,(int)num,OPENSSL_FILE,OPENSSL_LINE)
586 # define OPENSSL_freeFunc CRYPTO_free
587 # define OPENSSL_free(addr) CRYPTO_free(addr)
589 # define OPENSSL_malloc_locked(num) \
590 - CRYPTO_malloc_locked((int)num,__FILE__,__LINE__)
591 + CRYPTO_malloc_locked((int)num,OPENSSL_FILE,OPENSSL_LINE)
592 # define OPENSSL_free_locked(addr) CRYPTO_free_locked(addr)
594 const char *SSLeay_version(int type);
595 @@ -545,7 +545,7 @@ void CRYPTO_set_mem_debug_options(long bits);
596 long CRYPTO_get_mem_debug_options(void);
598 # define CRYPTO_push_info(info) \
599 - CRYPTO_push_info_(info, __FILE__, __LINE__);
600 + CRYPTO_push_info_(info, OPENSSL_FILE, OPENSSL_LINE);
601 int CRYPTO_push_info_(const char *info, const char *file, int line);
602 int CRYPTO_pop_info(void);
603 int CRYPTO_remove_all_info(void);
604 @@ -588,7 +588,7 @@ void CRYPTO_mem_leaks_cb(CRYPTO_MEM_LEAK_CB *cb);
606 /* die if we have to */
607 void OpenSSLDie(const char *file, int line, const char *assertion);
608 -# define OPENSSL_assert(e) (void)((e) ? 0 : (OpenSSLDie(__FILE__, __LINE__, #e),1))
609 +# define OPENSSL_assert(e) (void)((e) ? 0 : (OpenSSLDie(OPENSSL_FILE, OPENSSL_LINE, #e),1))
611 unsigned long *OPENSSL_ia32cap_loc(void);
612 # define OPENSSL_ia32cap (*(OPENSSL_ia32cap_loc()))
613 @@ -605,14 +605,14 @@ void OPENSSL_init(void);
614 # define fips_md_init_ctx(alg, cx) \
615 int alg##_Init(cx##_CTX *c) \
617 - if (FIPS_mode()) OpenSSLDie(__FILE__, __LINE__, \
618 + if (FIPS_mode()) OpenSSLDie(OPENSSL_FILE, OPENSSL_LINE, \
619 "Low level API call to digest " #alg " forbidden in FIPS mode!"); \
620 return private_##alg##_Init(c); \
622 int private_##alg##_Init(cx##_CTX *c)
624 # define fips_cipher_abort(alg) \
625 - if (FIPS_mode()) OpenSSLDie(__FILE__, __LINE__, \
626 + if (FIPS_mode()) OpenSSLDie(OPENSSL_FILE, OPENSSL_LINE, \
627 "Low level API call to cipher " #alg " forbidden in FIPS mode!")
630 diff --git a/crypto/des/read2pwd.c b/crypto/des/read2pwd.c
631 index 01e275f..7633139 100644
632 --- a/crypto/des/read2pwd.c
633 +++ b/crypto/des/read2pwd.c
635 #include <openssl/ui.h>
636 #include <openssl/crypto.h>
642 int DES_read_password(DES_cblock *key, const char *prompt, int verify)
645 diff --git a/crypto/dh/Makefile b/crypto/dh/Makefile
646 index 46fa5ac..cc366ec 100644
647 --- a/crypto/dh/Makefile
648 +++ b/crypto/dh/Makefile
649 @@ -134,7 +134,7 @@ dh_gen.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
650 dh_gen.o: ../../include/openssl/ossl_typ.h ../../include/openssl/safestack.h
651 dh_gen.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
652 dh_gen.o: ../cryptlib.h dh_gen.c
653 -dh_kdf.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
654 +dh_kdf.o: ../../e_os.h ../../include/openssl/asn1.h ../../include/openssl/bio.h
655 dh_kdf.o: ../../include/openssl/buffer.h ../../include/openssl/cms.h
656 dh_kdf.o: ../../include/openssl/crypto.h ../../include/openssl/dh.h
657 dh_kdf.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h
658 diff --git a/crypto/dh/dh.h b/crypto/dh/dh.h
659 index 5498a9d..4a5c665 100644
662 @@ -240,11 +240,13 @@ DH *DH_get_1024_160(void);
663 DH *DH_get_2048_224(void);
664 DH *DH_get_2048_256(void);
666 +# ifndef OPENSSL_NO_CMS
668 int DH_KDF_X9_42(unsigned char *out, size_t outlen,
669 const unsigned char *Z, size_t Zlen,
670 ASN1_OBJECT *key_oid,
671 const unsigned char *ukm, size_t ukmlen, const EVP_MD *md);
674 # define EVP_PKEY_CTX_set_dh_paramgen_prime_len(ctx, len) \
675 EVP_PKEY_CTX_ctrl(ctx, EVP_PKEY_DH, EVP_PKEY_OP_PARAMGEN, \
676 @@ -337,7 +339,9 @@ int DH_KDF_X9_42(unsigned char *out, size_t outlen,
679 # define EVP_PKEY_DH_KDF_NONE 1
680 +# ifndef OPENSSL_NO_CMS
681 # define EVP_PKEY_DH_KDF_X9_42 2
684 /* BEGIN ERROR CODES */
686 diff --git a/crypto/dh/dh_kdf.c b/crypto/dh/dh_kdf.c
687 index a882cb2..4eddb9a 100644
688 --- a/crypto/dh/dh_kdf.c
689 +++ b/crypto/dh/dh_kdf.c
691 * ====================================================================
696 +#ifndef OPENSSL_NO_CMS
698 #include <openssl/dh.h>
699 #include <openssl/evp.h>
700 #include <openssl/asn1.h>
701 #include <openssl/cms.h>
704 /* Key derivation from X9.42/RFC2631 */
705 +/* Uses CMS functions, hence the #ifdef wrapper. */
707 #define DH_KDF_MAX (1L << 30)
709 @@ -185,3 +190,4 @@ int DH_KDF_X9_42(unsigned char *out, size_t outlen,
710 EVP_MD_CTX_cleanup(&mctx);
714 diff --git a/crypto/dh/dh_pmeth.c b/crypto/dh/dh_pmeth.c
715 index b58e3fa..c6288f6 100644
716 --- a/crypto/dh/dh_pmeth.c
717 +++ b/crypto/dh/dh_pmeth.c
718 @@ -207,7 +207,11 @@ static int pkey_dh_ctrl(EVP_PKEY_CTX *ctx, int type, int p1, void *p2)
719 case EVP_PKEY_CTRL_DH_KDF_TYPE:
721 return dctx->kdf_type;
722 +#ifdef OPENSSL_NO_CMS
723 + if (p1 != EVP_PKEY_DH_KDF_NONE)
725 if (p1 != EVP_PKEY_DH_KDF_NONE && p1 != EVP_PKEY_DH_KDF_X9_42)
730 @@ -448,7 +452,10 @@ static int pkey_dh_derive(EVP_PKEY_CTX *ctx, unsigned char *key,
734 - } else if (dctx->kdf_type == EVP_PKEY_DH_KDF_X9_42) {
736 +#ifndef OPENSSL_NO_CMS
737 + else if (dctx->kdf_type == EVP_PKEY_DH_KDF_X9_42) {
739 unsigned char *Z = NULL;
741 if (!dctx->kdf_outlen || !dctx->kdf_oid)
742 @@ -479,7 +486,8 @@ static int pkey_dh_derive(EVP_PKEY_CTX *ctx, unsigned char *key,
751 const EVP_PKEY_METHOD dh_pkey_meth = {
752 diff --git a/crypto/ec/ec_ameth.c b/crypto/ec/ec_ameth.c
753 index 83e208c..4869098 100644
754 --- a/crypto/ec/ec_ameth.c
755 +++ b/crypto/ec/ec_ameth.c
757 #include <openssl/asn1t.h>
758 #include "asn1_locl.h"
760 +#ifndef OPENSSL_NO_CMS
761 static int ecdh_cms_decrypt(CMS_RecipientInfo *ri);
762 static int ecdh_cms_encrypt(CMS_RecipientInfo *ri);
765 static int eckey_param2type(int *pptype, void **ppval, EC_KEY *ec_key)
767 diff --git a/crypto/engine/eng_int.h b/crypto/engine/eng_int.h
768 index 46f163b..b4a72a0 100644
769 --- a/crypto/engine/eng_int.h
770 +++ b/crypto/engine/eng_int.h
771 @@ -88,7 +88,7 @@ extern "C" {
772 (unsigned int)(e), (isfunct ? "funct" : "struct"), \
773 ((isfunct) ? ((e)->funct_ref - (diff)) : ((e)->struct_ref - (diff))), \
774 ((isfunct) ? (e)->funct_ref : (e)->struct_ref), \
775 - (__FILE__), (__LINE__));
776 + (OPENSSL_FILE), (OPENSSL_LINE));
780 @@ -136,7 +136,7 @@ ENGINE *engine_table_select(ENGINE_TABLE **table, int nid);
782 ENGINE *engine_table_select_tmp(ENGINE_TABLE **table, int nid, const char *f,
784 -# define engine_table_select(t,n) engine_table_select_tmp(t,n,__FILE__,__LINE__)
785 +# define engine_table_select(t,n) engine_table_select_tmp(t,n,OPENSSL_FILE,OPENSSL_LINE)
787 typedef void (engine_table_doall_cb) (int nid, STACK_OF(ENGINE) *sk,
788 ENGINE *def, void *arg);
789 diff --git a/crypto/engine/eng_openssl.c b/crypto/engine/eng_openssl.c
790 index 34b0029..cf622bb 100644
791 --- a/crypto/engine/eng_openssl.c
792 +++ b/crypto/engine/eng_openssl.c
794 * this is no longer automatic in ENGINE_load_builtin_engines().
796 #define TEST_ENG_OPENSSL_RC4
797 +#ifndef OPENSSL_NO_FP_API
798 #define TEST_ENG_OPENSSL_PKEY
800 /* #define TEST_ENG_OPENSSL_RC4_OTHERS */
801 #define TEST_ENG_OPENSSL_RC4_P_INIT
802 /* #define TEST_ENG_OPENSSL_RC4_P_CIPHER */
803 diff --git a/crypto/err/err.h b/crypto/err/err.h
804 index 585aa8b..04c6cfc 100644
805 --- a/crypto/err/err.h
806 +++ b/crypto/err/err.h
807 @@ -200,39 +200,39 @@ typedef struct err_state_st {
809 # define ERR_LIB_USER 128
811 -# define SYSerr(f,r) ERR_PUT_error(ERR_LIB_SYS,(f),(r),__FILE__,__LINE__)
812 -# define BNerr(f,r) ERR_PUT_error(ERR_LIB_BN,(f),(r),__FILE__,__LINE__)
813 -# define RSAerr(f,r) ERR_PUT_error(ERR_LIB_RSA,(f),(r),__FILE__,__LINE__)
814 -# define DHerr(f,r) ERR_PUT_error(ERR_LIB_DH,(f),(r),__FILE__,__LINE__)
815 -# define EVPerr(f,r) ERR_PUT_error(ERR_LIB_EVP,(f),(r),__FILE__,__LINE__)
816 -# define BUFerr(f,r) ERR_PUT_error(ERR_LIB_BUF,(f),(r),__FILE__,__LINE__)
817 -# define OBJerr(f,r) ERR_PUT_error(ERR_LIB_OBJ,(f),(r),__FILE__,__LINE__)
818 -# define PEMerr(f,r) ERR_PUT_error(ERR_LIB_PEM,(f),(r),__FILE__,__LINE__)
819 -# define DSAerr(f,r) ERR_PUT_error(ERR_LIB_DSA,(f),(r),__FILE__,__LINE__)
820 -# define X509err(f,r) ERR_PUT_error(ERR_LIB_X509,(f),(r),__FILE__,__LINE__)
821 -# define ASN1err(f,r) ERR_PUT_error(ERR_LIB_ASN1,(f),(r),__FILE__,__LINE__)
822 -# define CONFerr(f,r) ERR_PUT_error(ERR_LIB_CONF,(f),(r),__FILE__,__LINE__)
823 -# define CRYPTOerr(f,r) ERR_PUT_error(ERR_LIB_CRYPTO,(f),(r),__FILE__,__LINE__)
824 -# define ECerr(f,r) ERR_PUT_error(ERR_LIB_EC,(f),(r),__FILE__,__LINE__)
825 -# define SSLerr(f,r) ERR_PUT_error(ERR_LIB_SSL,(f),(r),__FILE__,__LINE__)
826 -# define BIOerr(f,r) ERR_PUT_error(ERR_LIB_BIO,(f),(r),__FILE__,__LINE__)
827 -# define PKCS7err(f,r) ERR_PUT_error(ERR_LIB_PKCS7,(f),(r),__FILE__,__LINE__)
828 -# define X509V3err(f,r) ERR_PUT_error(ERR_LIB_X509V3,(f),(r),__FILE__,__LINE__)
829 -# define PKCS12err(f,r) ERR_PUT_error(ERR_LIB_PKCS12,(f),(r),__FILE__,__LINE__)
830 -# define RANDerr(f,r) ERR_PUT_error(ERR_LIB_RAND,(f),(r),__FILE__,__LINE__)
831 -# define DSOerr(f,r) ERR_PUT_error(ERR_LIB_DSO,(f),(r),__FILE__,__LINE__)
832 -# define ENGINEerr(f,r) ERR_PUT_error(ERR_LIB_ENGINE,(f),(r),__FILE__,__LINE__)
833 -# define OCSPerr(f,r) ERR_PUT_error(ERR_LIB_OCSP,(f),(r),__FILE__,__LINE__)
834 -# define UIerr(f,r) ERR_PUT_error(ERR_LIB_UI,(f),(r),__FILE__,__LINE__)
835 -# define COMPerr(f,r) ERR_PUT_error(ERR_LIB_COMP,(f),(r),__FILE__,__LINE__)
836 -# define ECDSAerr(f,r) ERR_PUT_error(ERR_LIB_ECDSA,(f),(r),__FILE__,__LINE__)
837 -# define ECDHerr(f,r) ERR_PUT_error(ERR_LIB_ECDH,(f),(r),__FILE__,__LINE__)
838 -# define STOREerr(f,r) ERR_PUT_error(ERR_LIB_STORE,(f),(r),__FILE__,__LINE__)
839 -# define FIPSerr(f,r) ERR_PUT_error(ERR_LIB_FIPS,(f),(r),__FILE__,__LINE__)
840 -# define CMSerr(f,r) ERR_PUT_error(ERR_LIB_CMS,(f),(r),__FILE__,__LINE__)
841 -# define TSerr(f,r) ERR_PUT_error(ERR_LIB_TS,(f),(r),__FILE__,__LINE__)
842 -# define HMACerr(f,r) ERR_PUT_error(ERR_LIB_HMAC,(f),(r),__FILE__,__LINE__)
843 -# define JPAKEerr(f,r) ERR_PUT_error(ERR_LIB_JPAKE,(f),(r),__FILE__,__LINE__)
844 +# define SYSerr(f,r) ERR_PUT_error(ERR_LIB_SYS,(f),(r),OPENSSL_FILE,OPENSSL_LINE)
845 +# define BNerr(f,r) ERR_PUT_error(ERR_LIB_BN,(f),(r),OPENSSL_FILE,OPENSSL_LINE)
846 +# define RSAerr(f,r) ERR_PUT_error(ERR_LIB_RSA,(f),(r),OPENSSL_FILE,OPENSSL_LINE)
847 +# define DHerr(f,r) ERR_PUT_error(ERR_LIB_DH,(f),(r),OPENSSL_FILE,OPENSSL_LINE)
848 +# define EVPerr(f,r) ERR_PUT_error(ERR_LIB_EVP,(f),(r),OPENSSL_FILE,OPENSSL_LINE)
849 +# define BUFerr(f,r) ERR_PUT_error(ERR_LIB_BUF,(f),(r),OPENSSL_FILE,OPENSSL_LINE)
850 +# define OBJerr(f,r) ERR_PUT_error(ERR_LIB_OBJ,(f),(r),OPENSSL_FILE,OPENSSL_LINE)
851 +# define PEMerr(f,r) ERR_PUT_error(ERR_LIB_PEM,(f),(r),OPENSSL_FILE,OPENSSL_LINE)
852 +# define DSAerr(f,r) ERR_PUT_error(ERR_LIB_DSA,(f),(r),OPENSSL_FILE,OPENSSL_LINE)
853 +# define X509err(f,r) ERR_PUT_error(ERR_LIB_X509,(f),(r),OPENSSL_FILE,OPENSSL_LINE)
854 +# define ASN1err(f,r) ERR_PUT_error(ERR_LIB_ASN1,(f),(r),OPENSSL_FILE,OPENSSL_LINE)
855 +# define CONFerr(f,r) ERR_PUT_error(ERR_LIB_CONF,(f),(r),OPENSSL_FILE,OPENSSL_LINE)
856 +# define CRYPTOerr(f,r) ERR_PUT_error(ERR_LIB_CRYPTO,(f),(r),OPENSSL_FILE,OPENSSL_LINE)
857 +# define ECerr(f,r) ERR_PUT_error(ERR_LIB_EC,(f),(r),OPENSSL_FILE,OPENSSL_LINE)
858 +# define SSLerr(f,r) ERR_PUT_error(ERR_LIB_SSL,(f),(r),OPENSSL_FILE,OPENSSL_LINE)
859 +# define BIOerr(f,r) ERR_PUT_error(ERR_LIB_BIO,(f),(r),OPENSSL_FILE,OPENSSL_LINE)
860 +# define PKCS7err(f,r) ERR_PUT_error(ERR_LIB_PKCS7,(f),(r),OPENSSL_FILE,OPENSSL_LINE)
861 +# define X509V3err(f,r) ERR_PUT_error(ERR_LIB_X509V3,(f),(r),OPENSSL_FILE,OPENSSL_LINE)
862 +# define PKCS12err(f,r) ERR_PUT_error(ERR_LIB_PKCS12,(f),(r),OPENSSL_FILE,OPENSSL_LINE)
863 +# define RANDerr(f,r) ERR_PUT_error(ERR_LIB_RAND,(f),(r),OPENSSL_FILE,OPENSSL_LINE)
864 +# define DSOerr(f,r) ERR_PUT_error(ERR_LIB_DSO,(f),(r),OPENSSL_FILE,OPENSSL_LINE)
865 +# define ENGINEerr(f,r) ERR_PUT_error(ERR_LIB_ENGINE,(f),(r),OPENSSL_FILE,OPENSSL_LINE)
866 +# define OCSPerr(f,r) ERR_PUT_error(ERR_LIB_OCSP,(f),(r),OPENSSL_FILE,OPENSSL_LINE)
867 +# define UIerr(f,r) ERR_PUT_error(ERR_LIB_UI,(f),(r),OPENSSL_FILE,OPENSSL_LINE)
868 +# define COMPerr(f,r) ERR_PUT_error(ERR_LIB_COMP,(f),(r),OPENSSL_FILE,OPENSSL_LINE)
869 +# define ECDSAerr(f,r) ERR_PUT_error(ERR_LIB_ECDSA,(f),(r),OPENSSL_FILE,OPENSSL_LINE)
870 +# define ECDHerr(f,r) ERR_PUT_error(ERR_LIB_ECDH,(f),(r),OPENSSL_FILE,OPENSSL_LINE)
871 +# define STOREerr(f,r) ERR_PUT_error(ERR_LIB_STORE,(f),(r),OPENSSL_FILE,OPENSSL_LINE)
872 +# define FIPSerr(f,r) ERR_PUT_error(ERR_LIB_FIPS,(f),(r),OPENSSL_FILE,OPENSSL_LINE)
873 +# define CMSerr(f,r) ERR_PUT_error(ERR_LIB_CMS,(f),(r),OPENSSL_FILE,OPENSSL_LINE)
874 +# define TSerr(f,r) ERR_PUT_error(ERR_LIB_TS,(f),(r),OPENSSL_FILE,OPENSSL_LINE)
875 +# define HMACerr(f,r) ERR_PUT_error(ERR_LIB_HMAC,(f),(r),OPENSSL_FILE,OPENSSL_LINE)
876 +# define JPAKEerr(f,r) ERR_PUT_error(ERR_LIB_JPAKE,(f),(r),OPENSSL_FILE,OPENSSL_LINE)
879 * Borland C seems too stupid to be able to shift and do longs in the
880 diff --git a/crypto/evp/evp.h b/crypto/evp/evp.h
881 index 39ab793..ad1e350 100644
882 --- a/crypto/evp/evp.h
883 +++ b/crypto/evp/evp.h
884 @@ -602,11 +602,13 @@ int EVP_MD_CTX_copy(EVP_MD_CTX *out, const EVP_MD_CTX *in);
885 int EVP_DigestInit(EVP_MD_CTX *ctx, const EVP_MD *type);
886 int EVP_DigestFinal(EVP_MD_CTX *ctx, unsigned char *md, unsigned int *s);
888 +#ifndef OPENSSL_NO_UI
889 int EVP_read_pw_string(char *buf, int length, const char *prompt, int verify);
890 int EVP_read_pw_string_min(char *buf, int minlen, int maxlen,
891 const char *prompt, int verify);
892 void EVP_set_pw_prompt(const char *prompt);
893 char *EVP_get_pw_prompt(void);
896 int EVP_BytesToKey(const EVP_CIPHER *type, const EVP_MD *md,
897 const unsigned char *salt, const unsigned char *data,
898 diff --git a/crypto/evp/evp_key.c b/crypto/evp/evp_key.c
899 index 5be9e33..63c8866 100644
900 --- a/crypto/evp/evp_key.c
901 +++ b/crypto/evp/evp_key.c
903 #include <openssl/evp.h>
904 #include <openssl/ui.h>
906 +#ifndef OPENSSL_NO_UI
907 /* should be init to zeros. */
908 static char prompt_string[80];
910 @@ -117,6 +118,7 @@ int EVP_read_pw_string_min(char *buf, int min, int len, const char *prompt,
911 OPENSSL_cleanse(buff, BUFSIZ);
914 +#endif /* OPENSSL_NO_UI */
916 int EVP_BytesToKey(const EVP_CIPHER *type, const EVP_MD *md,
917 const unsigned char *salt, const unsigned char *data,
918 diff --git a/crypto/opensslconf.h.in b/crypto/opensslconf.h.in
919 index 7a1c85d..7162c0f 100644
920 --- a/crypto/opensslconf.h.in
921 +++ b/crypto/opensslconf.h.in
923 /* crypto/opensslconf.h.in */
925 +#ifndef OPENSSL_FILE
926 +#ifdef OPENSSL_NO_FILENAMES
927 +#define OPENSSL_FILE ""
928 +#define OPENSSL_LINE 0
930 +#define OPENSSL_FILE __FILE__
931 +#define OPENSSL_LINE __LINE__
935 /* Generate 80386 code? */
942 -#if defined(HEADER_BN_H) && !defined(CONFIG_HEADER_BN_H)
943 +#if defined(HEADER_BN_H) && !defined(CONFIG_HEADER_BN_H) && !defined(OPENSSL_SYSNAME_UEFI)
944 #define CONFIG_HEADER_BN_H
947 diff --git a/crypto/pem/pem.h b/crypto/pem/pem.h
948 index d3b23fc..87b0b6a 100644
949 --- a/crypto/pem/pem.h
950 +++ b/crypto/pem/pem.h
951 @@ -324,6 +324,7 @@ int PEM_write_bio_##name(BIO *bp, type *x, const EVP_CIPHER *enc, \
953 # define DECLARE_PEM_read_fp(name, type) /**/
954 # define DECLARE_PEM_write_fp(name, type) /**/
955 +# define DECLARE_PEM_write_fp_const(name, type) /**/
956 # define DECLARE_PEM_write_cb_fp(name, type) /**/
959 @@ -417,6 +418,7 @@ int PEM_X509_INFO_write_bio(BIO *bp, X509_INFO *xi, EVP_CIPHER *enc,
960 pem_password_cb *cd, void *u);
963 +#ifndef OPENSSL_NO_FP_API
964 int PEM_read(FILE *fp, char **name, char **header,
965 unsigned char **data, long *len);
966 int PEM_write(FILE *fp, const char *name, const char *hdr,
967 @@ -428,6 +430,7 @@ int PEM_ASN1_write(i2d_of_void *i2d, const char *name, FILE *fp,
968 int klen, pem_password_cb *callback, void *u);
969 STACK_OF(X509_INFO) *PEM_X509_INFO_read(FILE *fp, STACK_OF(X509_INFO) *sk,
970 pem_password_cb *cb, void *u);
973 int PEM_SealInit(PEM_ENCODE_SEAL_CTX *ctx, EVP_CIPHER *type,
974 EVP_MD *md_type, unsigned char **ek, int *ekl,
975 @@ -494,6 +497,7 @@ int i2d_PKCS8PrivateKey_nid_bio(BIO *bp, EVP_PKEY *x, int nid,
976 EVP_PKEY *d2i_PKCS8PrivateKey_bio(BIO *bp, EVP_PKEY **x, pem_password_cb *cb,
979 +#ifndef OPENSSL_NO_FP_API
980 int i2d_PKCS8PrivateKey_fp(FILE *fp, EVP_PKEY *x, const EVP_CIPHER *enc,
981 char *kstr, int klen,
982 pem_password_cb *cb, void *u);
983 @@ -510,7 +514,7 @@ EVP_PKEY *d2i_PKCS8PrivateKey_fp(FILE *fp, EVP_PKEY **x, pem_password_cb *cb,
984 int PEM_write_PKCS8PrivateKey(FILE *fp, EVP_PKEY *x, const EVP_CIPHER *enc,
985 char *kstr, int klen, pem_password_cb *cd,
989 EVP_PKEY *PEM_read_bio_Parameters(BIO *bp, EVP_PKEY **x);
990 int PEM_write_bio_Parameters(BIO *bp, EVP_PKEY *x);
992 diff --git a/crypto/pem/pem_lib.c b/crypto/pem/pem_lib.c
993 index a29821a..5525efd 100644
994 --- a/crypto/pem/pem_lib.c
995 +++ b/crypto/pem/pem_lib.c
996 @@ -84,7 +84,7 @@ int pem_check_suffix(const char *pem_str, const char *suffix);
998 int PEM_def_callback(char *buf, int num, int w, void *key)
1000 -#ifdef OPENSSL_NO_FP_API
1001 +#if defined(OPENSSL_NO_FP_API) || defined(OPENSSL_NO_UI)
1003 * We should not ever call the default callback routine from windows.
1005 diff --git a/crypto/pem/pem_pk8.c b/crypto/pem/pem_pk8.c
1006 index 5747c73..fe465cc 100644
1007 --- a/crypto/pem/pem_pk8.c
1008 +++ b/crypto/pem/pem_pk8.c
1010 static int do_pk8pkey(BIO *bp, EVP_PKEY *x, int isder,
1011 int nid, const EVP_CIPHER *enc,
1012 char *kstr, int klen, pem_password_cb *cb, void *u);
1014 +#ifndef OPENSSL_NO_FP_API
1015 static int do_pk8pkey_fp(FILE *bp, EVP_PKEY *x, int isder,
1016 int nid, const EVP_CIPHER *enc,
1017 char *kstr, int klen, pem_password_cb *cb, void *u);
1021 * These functions write a private key in PKCS#8 format: it is a "drop in"
1022 * replacement for PEM_write_bio_PrivateKey() and friends. As usual if 'enc'
1023 diff --git a/crypto/pkcs7/pk7_smime.c b/crypto/pkcs7/pk7_smime.c
1024 index c4d3724..0bc3d43 100644
1025 --- a/crypto/pkcs7/pk7_smime.c
1026 +++ b/crypto/pkcs7/pk7_smime.c
1028 #include <openssl/x509.h>
1029 #include <openssl/x509v3.h>
1032 +#define BUFFERSIZE 4096
1034 static int pkcs7_copy_existing_digest(PKCS7 *p7, PKCS7_SIGNER_INFO *si);
1036 PKCS7 *PKCS7_sign(X509 *signcert, EVP_PKEY *pkey, STACK_OF(X509) *certs,
1037 @@ -254,7 +257,7 @@ int PKCS7_verify(PKCS7 *p7, STACK_OF(X509) *certs, X509_STORE *store,
1038 STACK_OF(PKCS7_SIGNER_INFO) *sinfos;
1039 PKCS7_SIGNER_INFO *si;
1040 X509_STORE_CTX cert_ctx;
1043 int i, j = 0, k, ret = 0;
1045 BIO *tmpin = NULL, *tmpout = NULL;
1046 @@ -274,12 +277,29 @@ int PKCS7_verify(PKCS7 *p7, STACK_OF(X509) *certs, X509_STORE *store,
1047 PKCS7err(PKCS7_F_PKCS7_VERIFY, PKCS7_R_NO_CONTENT);
1052 + * NB: this test commented out because some versions of Netscape
1053 + * illegally include zero length content when signing data. Also
1054 + * Microsoft Authenticode includes a SpcIndirectDataContent data
1055 + * structure which describes the content to be protected by the
1056 + * signature, rather than directly embedding that content. So
1057 + * Authenticode implementations are also expected to use
1058 + * PKCS7_verify() with explicit external data, on non-detached
1059 + * PKCS#7 signatures.
1061 + * In OpenSSL 1.1 a new flag PKCS7_NO_DUAL_CONTENT has been
1062 + * introduced to disable this sanity check. For the 1.0.2 branch
1063 + * this change is not acceptable, so the check remains completely
1064 + * commented out (as it has been for a long time).
1067 /* Check for data and content: two sets of data */
1068 if (!PKCS7_get_detached(p7) && indata) {
1069 PKCS7err(PKCS7_F_PKCS7_VERIFY, PKCS7_R_CONTENT_AND_DATA_PRESENT);
1074 sinfos = PKCS7_get_signer_info(p7);
1076 @@ -356,8 +376,12 @@ int PKCS7_verify(PKCS7 *p7, STACK_OF(X509) *certs, X509_STORE *store,
1079 /* We now have to 'read' from p7bio to calculate digests etc. */
1080 + if ((buf = OPENSSL_malloc(BUFFERSIZE)) == NULL) {
1081 + PKCS7err(PKCS7_F_PKCS7_VERIFY, ERR_R_MALLOC_FAILURE);
1085 - i = BIO_read(p7bio, buf, sizeof(buf));
1086 + i = BIO_read(p7bio, buf, BUFFERSIZE);
1090 @@ -388,6 +412,7 @@ int PKCS7_verify(PKCS7 *p7, STACK_OF(X509) *certs, X509_STORE *store,
1094 + OPENSSL_free(buf);
1095 if (tmpin == indata) {
1098 @@ -506,7 +531,7 @@ int PKCS7_decrypt(PKCS7 *p7, EVP_PKEY *pkey, X509 *cert, BIO *data, int flags)
1106 PKCS7err(PKCS7_F_PKCS7_DECRYPT, PKCS7_R_INVALID_NULL_POINTER);
1107 @@ -550,24 +575,29 @@ int PKCS7_decrypt(PKCS7 *p7, EVP_PKEY *pkey, X509 *cert, BIO *data, int flags)
1109 BIO_free_all(bread);
1113 - i = BIO_read(tmpmem, buf, sizeof(buf));
1116 - if (BIO_method_type(tmpmem) == BIO_TYPE_CIPHER) {
1117 - if (!BIO_get_cipher_status(tmpmem))
1123 - if (BIO_write(data, buf, i) != i) {
1127 + if ((buf = OPENSSL_malloc(BUFFERSIZE)) == NULL) {
1128 + PKCS7err(PKCS7_F_PKCS7_DECRYPT, ERR_R_MALLOC_FAILURE);
1132 + i = BIO_read(tmpmem, buf, BUFFERSIZE);
1135 + if (BIO_method_type(tmpmem) == BIO_TYPE_CIPHER) {
1136 + if (!BIO_get_cipher_status(tmpmem))
1142 + if (BIO_write(data, buf, i) != i) {
1146 - BIO_free_all(tmpmem);
1150 + OPENSSL_free(buf);
1151 + BIO_free_all(tmpmem);
1154 diff --git a/crypto/rand/rand_egd.c b/crypto/rand/rand_egd.c
1155 index 737aebf..f23f348 100644
1156 --- a/crypto/rand/rand_egd.c
1157 +++ b/crypto/rand/rand_egd.c
1159 * RAND_egd() is a wrapper for RAND_egd_bytes() with numbytes=255.
1162 -#if defined(OPENSSL_SYS_WIN32) || defined(OPENSSL_SYS_VMS) || defined(OPENSSL_SYS_MSDOS) || defined(OPENSSL_SYS_VXWORKS) || defined(OPENSSL_SYS_NETWARE) || defined(OPENSSL_SYS_VOS) || defined(OPENSSL_SYS_BEOS)
1163 +#if defined(OPENSSL_SYS_WIN32) || defined(OPENSSL_SYS_VMS) || defined(OPENSSL_SYS_MSDOS) || defined(OPENSSL_SYS_VXWORKS) || defined(OPENSSL_SYS_NETWARE) || defined(OPENSSL_SYS_VOS) || defined(OPENSSL_SYS_BEOS) || defined(OPENSSL_SYS_UEFI)
1164 int RAND_query_egd_bytes(const char *path, unsigned char *buf, int bytes)
1167 diff --git a/crypto/rand/rand_unix.c b/crypto/rand/rand_unix.c
1168 index 266111e..f60fac6 100644
1169 --- a/crypto/rand/rand_unix.c
1170 +++ b/crypto/rand/rand_unix.c
1172 #include <openssl/rand.h>
1173 #include "rand_lcl.h"
1175 -#if !(defined(OPENSSL_SYS_WINDOWS) || defined(OPENSSL_SYS_WIN32) || defined(OPENSSL_SYS_VMS) || defined(OPENSSL_SYS_OS2) || defined(OPENSSL_SYS_VXWORKS) || defined(OPENSSL_SYS_NETWARE))
1176 +#if !(defined(OPENSSL_SYS_WINDOWS) || defined(OPENSSL_SYS_WIN32) || defined(OPENSSL_SYS_VMS) || defined(OPENSSL_SYS_OS2) || defined(OPENSSL_SYS_VXWORKS) || defined(OPENSSL_SYS_NETWARE) || defined(OPENSSL_SYS_UEFI))
1178 # include <sys/types.h>
1179 # include <sys/time.h>
1180 @@ -439,7 +439,7 @@ int RAND_poll(void)
1181 * defined(OPENSSL_SYS_VXWORKS) ||
1182 * defined(OPENSSL_SYS_NETWARE)) */
1184 -#if defined(OPENSSL_SYS_VXWORKS)
1185 +#if defined(OPENSSL_SYS_VXWORKS) || defined(OPENSSL_SYS_UEFI)
1189 diff --git a/crypto/rsa/rsa_ameth.c b/crypto/rsa/rsa_ameth.c
1190 index 4e06218..ddead3d 100644
1191 --- a/crypto/rsa/rsa_ameth.c
1192 +++ b/crypto/rsa/rsa_ameth.c
1195 #include "asn1_locl.h"
1197 +#ifndef OPENSSL_NO_CMS
1198 static int rsa_cms_sign(CMS_SignerInfo *si);
1199 static int rsa_cms_verify(CMS_SignerInfo *si);
1200 static int rsa_cms_decrypt(CMS_RecipientInfo *ri);
1201 static int rsa_cms_encrypt(CMS_RecipientInfo *ri);
1204 static int rsa_pub_encode(X509_PUBKEY *pk, const EVP_PKEY *pkey)
1206 @@ -665,6 +667,7 @@ static int rsa_pss_to_ctx(EVP_MD_CTX *ctx, EVP_PKEY_CTX *pkctx,
1210 +#ifndef OPENSSL_NO_CMS
1211 static int rsa_cms_verify(CMS_SignerInfo *si)
1214 @@ -683,6 +686,7 @@ static int rsa_cms_verify(CMS_SignerInfo *si)
1221 * Customised RSA item verification routine. This is called when a signature
1222 @@ -705,6 +709,7 @@ static int rsa_item_verify(EVP_MD_CTX *ctx, const ASN1_ITEM *it, void *asn,
1226 +#ifndef OPENSSL_NO_CMS
1227 static int rsa_cms_sign(CMS_SignerInfo *si)
1229 int pad_mode = RSA_PKCS1_PADDING;
1230 @@ -729,6 +734,7 @@ static int rsa_cms_sign(CMS_SignerInfo *si)
1231 X509_ALGOR_set0(alg, OBJ_nid2obj(NID_rsassaPss), V_ASN1_SEQUENCE, os);
1236 static int rsa_item_sign(EVP_MD_CTX *ctx, const ASN1_ITEM *it, void *asn,
1237 X509_ALGOR *alg1, X509_ALGOR *alg2,
1238 @@ -762,6 +768,7 @@ static int rsa_item_sign(EVP_MD_CTX *ctx, const ASN1_ITEM *it, void *asn,
1242 +#ifndef OPENSSL_NO_CMS
1243 static RSA_OAEP_PARAMS *rsa_oaep_decode(const X509_ALGOR *alg,
1244 X509_ALGOR **pmaskHash)
1246 @@ -920,6 +927,7 @@ static int rsa_cms_encrypt(CMS_RecipientInfo *ri)
1247 ASN1_STRING_free(os);
1252 const EVP_PKEY_ASN1_METHOD rsa_asn1_meths[] = {
1254 diff --git a/crypto/srp/srp.h b/crypto/srp/srp.h
1255 index d072536..73b945f 100644
1256 --- a/crypto/srp/srp.h
1257 +++ b/crypto/srp/srp.h
1258 @@ -114,7 +114,9 @@ DECLARE_STACK_OF(SRP_gN)
1260 SRP_VBASE *SRP_VBASE_new(char *seed_key);
1261 int SRP_VBASE_free(SRP_VBASE *vb);
1262 +#ifndef OPENSSL_NO_STDIO
1263 int SRP_VBASE_init(SRP_VBASE *vb, char *verifier_file);
1265 SRP_user_pwd *SRP_VBASE_get_by_user(SRP_VBASE *vb, char *username);
1266 char *SRP_create_verifier(const char *user, const char *pass, char **salt,
1267 char **verifier, const char *N, const char *g);
1268 diff --git a/crypto/srp/srp_vfy.c b/crypto/srp/srp_vfy.c
1269 index a3f1a8a..3fbb186 100644
1270 --- a/crypto/srp/srp_vfy.c
1271 +++ b/crypto/srp/srp_vfy.c
1272 @@ -225,6 +225,7 @@ static int SRP_user_pwd_set_ids(SRP_user_pwd *vinfo, const char *id,
1273 return (info == NULL || NULL != (vinfo->info = BUF_strdup(info)));
1276 +#ifndef OPENSSL_NO_STDIO
1277 static int SRP_user_pwd_set_sv(SRP_user_pwd *vinfo, const char *s,
1280 @@ -239,6 +240,7 @@ static int SRP_user_pwd_set_sv(SRP_user_pwd *vinfo, const char *s,
1281 len = t_fromb64(tmp, s);
1282 return ((vinfo->s = BN_bin2bn(tmp, len, NULL)) != NULL);
1286 static int SRP_user_pwd_set_sv_BN(SRP_user_pwd *vinfo, BIGNUM *s, BIGNUM *v)
1288 @@ -279,6 +281,7 @@ int SRP_VBASE_free(SRP_VBASE *vb)
1292 +#ifndef OPENSSL_NO_STDIO
1293 static SRP_gN_cache *SRP_gN_new_init(const char *ch)
1295 unsigned char tmp[MAX_LEN];
1296 @@ -310,6 +313,7 @@ static void SRP_gN_free(SRP_gN_cache *gN_cache)
1297 BN_free(gN_cache->bn);
1298 OPENSSL_free(gN_cache);
1302 static SRP_gN *SRP_get_gN_by_id(const char *id, STACK_OF(SRP_gN) *gN_tab)
1304 @@ -326,6 +330,7 @@ static SRP_gN *SRP_get_gN_by_id(const char *id, STACK_OF(SRP_gN) *gN_tab)
1305 return SRP_get_default_gN(id);
1308 +#ifndef OPENSSL_NO_STDIO
1309 static BIGNUM *SRP_gN_place_bn(STACK_OF(SRP_gN_cache) *gN_cache, char *ch)
1312 @@ -467,6 +472,7 @@ int SRP_VBASE_init(SRP_VBASE *vb, char *verifier_file)
1318 SRP_user_pwd *SRP_VBASE_get_by_user(SRP_VBASE *vb, char *username)
1320 diff --git a/crypto/ts/ts.h b/crypto/ts/ts.h
1321 index 16eccbb..a9fe40e 100644
1322 --- a/crypto/ts/ts.h
1323 +++ b/crypto/ts/ts.h
1324 @@ -281,8 +281,10 @@ TS_REQ *d2i_TS_REQ(TS_REQ **a, const unsigned char **pp, long length);
1326 TS_REQ *TS_REQ_dup(TS_REQ *a);
1328 +#ifndef OPENSSL_NO_FP_API
1329 TS_REQ *d2i_TS_REQ_fp(FILE *fp, TS_REQ **a);
1330 int i2d_TS_REQ_fp(FILE *fp, TS_REQ *a);
1332 TS_REQ *d2i_TS_REQ_bio(BIO *fp, TS_REQ **a);
1333 int i2d_TS_REQ_bio(BIO *fp, TS_REQ *a);
1335 @@ -294,10 +296,12 @@ TS_MSG_IMPRINT *d2i_TS_MSG_IMPRINT(TS_MSG_IMPRINT **a,
1337 TS_MSG_IMPRINT *TS_MSG_IMPRINT_dup(TS_MSG_IMPRINT *a);
1339 +#ifndef OPENSSL_NO_FP_API
1340 TS_MSG_IMPRINT *d2i_TS_MSG_IMPRINT_fp(FILE *fp, TS_MSG_IMPRINT **a);
1341 int i2d_TS_MSG_IMPRINT_fp(FILE *fp, TS_MSG_IMPRINT *a);
1342 -TS_MSG_IMPRINT *d2i_TS_MSG_IMPRINT_bio(BIO *fp, TS_MSG_IMPRINT **a);
1343 -int i2d_TS_MSG_IMPRINT_bio(BIO *fp, TS_MSG_IMPRINT *a);
1345 +TS_MSG_IMPRINT *d2i_TS_MSG_IMPRINT_bio(BIO *bio, TS_MSG_IMPRINT **a);
1346 +int i2d_TS_MSG_IMPRINT_bio(BIO *bio, TS_MSG_IMPRINT *a);
1348 TS_RESP *TS_RESP_new(void);
1349 void TS_RESP_free(TS_RESP *a);
1350 @@ -306,10 +310,12 @@ TS_RESP *d2i_TS_RESP(TS_RESP **a, const unsigned char **pp, long length);
1351 TS_TST_INFO *PKCS7_to_TS_TST_INFO(PKCS7 *token);
1352 TS_RESP *TS_RESP_dup(TS_RESP *a);
1354 +#ifndef OPENSSL_NO_FP_API
1355 TS_RESP *d2i_TS_RESP_fp(FILE *fp, TS_RESP **a);
1356 int i2d_TS_RESP_fp(FILE *fp, TS_RESP *a);
1357 -TS_RESP *d2i_TS_RESP_bio(BIO *fp, TS_RESP **a);
1358 -int i2d_TS_RESP_bio(BIO *fp, TS_RESP *a);
1360 +TS_RESP *d2i_TS_RESP_bio(BIO *bio, TS_RESP **a);
1361 +int i2d_TS_RESP_bio(BIO *bio, TS_RESP *a);
1363 TS_STATUS_INFO *TS_STATUS_INFO_new(void);
1364 void TS_STATUS_INFO_free(TS_STATUS_INFO *a);
1365 @@ -325,10 +331,12 @@ TS_TST_INFO *d2i_TS_TST_INFO(TS_TST_INFO **a, const unsigned char **pp,
1367 TS_TST_INFO *TS_TST_INFO_dup(TS_TST_INFO *a);
1369 +#ifndef OPENSSL_NO_FP_API
1370 TS_TST_INFO *d2i_TS_TST_INFO_fp(FILE *fp, TS_TST_INFO **a);
1371 int i2d_TS_TST_INFO_fp(FILE *fp, TS_TST_INFO *a);
1372 -TS_TST_INFO *d2i_TS_TST_INFO_bio(BIO *fp, TS_TST_INFO **a);
1373 -int i2d_TS_TST_INFO_bio(BIO *fp, TS_TST_INFO *a);
1375 +TS_TST_INFO *d2i_TS_TST_INFO_bio(BIO *bio, TS_TST_INFO **a);
1376 +int i2d_TS_TST_INFO_bio(BIO *bio, TS_TST_INFO *a);
1378 TS_ACCURACY *TS_ACCURACY_new(void);
1379 void TS_ACCURACY_free(TS_ACCURACY *a);
1380 @@ -728,15 +736,18 @@ int TS_MSG_IMPRINT_print_bio(BIO *bio, TS_MSG_IMPRINT *msg);
1384 +#ifndef OPENSSL_NO_STDIO
1385 X509 *TS_CONF_load_cert(const char *file);
1386 STACK_OF(X509) *TS_CONF_load_certs(const char *file);
1387 EVP_PKEY *TS_CONF_load_key(const char *file, const char *pass);
1389 const char *TS_CONF_get_tsa_section(CONF *conf, const char *section);
1390 int TS_CONF_set_serial(CONF *conf, const char *section, TS_serial_cb cb,
1392 int TS_CONF_set_crypto_device(CONF *conf, const char *section,
1393 const char *device);
1394 int TS_CONF_set_default_engine(const char *name);
1395 +#ifndef OPENSSL_NO_STDIO
1396 int TS_CONF_set_signer_cert(CONF *conf, const char *section,
1397 const char *cert, TS_RESP_CTX *ctx);
1398 int TS_CONF_set_certs(CONF *conf, const char *section, const char *certs,
1399 @@ -744,6 +755,7 @@ int TS_CONF_set_certs(CONF *conf, const char *section, const char *certs,
1400 int TS_CONF_set_signer_key(CONF *conf, const char *section,
1401 const char *key, const char *pass,
1404 int TS_CONF_set_def_policy(CONF *conf, const char *section,
1405 const char *policy, TS_RESP_CTX *ctx);
1406 int TS_CONF_set_policies(CONF *conf, const char *section, TS_RESP_CTX *ctx);
1407 @@ -784,6 +796,11 @@ void ERR_load_TS_strings(void);
1408 # define TS_F_TS_CHECK_SIGNING_CERTS 103
1409 # define TS_F_TS_CHECK_STATUS_INFO 104
1410 # define TS_F_TS_COMPUTE_IMPRINT 145
1411 +# define TS_F_TS_CONF_INVALID 151
1412 +# define TS_F_TS_CONF_LOAD_CERT 153
1413 +# define TS_F_TS_CONF_LOAD_CERTS 154
1414 +# define TS_F_TS_CONF_LOAD_KEY 155
1415 +# define TS_F_TS_CONF_LOOKUP_FAIL 152
1416 # define TS_F_TS_CONF_SET_DEFAULT_ENGINE 146
1417 # define TS_F_TS_GET_STATUS_TEXT 105
1418 # define TS_F_TS_MSG_IMPRINT_SET_ALGO 118
1419 @@ -822,6 +839,8 @@ void ERR_load_TS_strings(void);
1421 # define TS_R_BAD_PKCS7_TYPE 132
1422 # define TS_R_BAD_TYPE 133
1423 +# define TS_R_CANNOT_LOAD_CERT 137
1424 +# define TS_R_CANNOT_LOAD_KEY 138
1425 # define TS_R_CERTIFICATE_VERIFY_ERROR 100
1426 # define TS_R_COULD_NOT_SET_ENGINE 127
1427 # define TS_R_COULD_NOT_SET_TIME 115
1428 @@ -854,6 +873,8 @@ void ERR_load_TS_strings(void);
1429 # define TS_R_UNACCEPTABLE_POLICY 125
1430 # define TS_R_UNSUPPORTED_MD_ALGORITHM 126
1431 # define TS_R_UNSUPPORTED_VERSION 113
1432 +# define TS_R_VAR_BAD_VALUE 135
1433 +# define TS_R_VAR_LOOKUP_FAILURE 136
1434 # define TS_R_WRONG_CONTENT_TYPE 114
1437 diff --git a/crypto/ts/ts_conf.c b/crypto/ts/ts_conf.c
1438 index 4716b23..c4416ba 100644
1439 --- a/crypto/ts/ts_conf.c
1440 +++ b/crypto/ts/ts_conf.c
1443 /* Function definitions for certificate and key loading. */
1445 +#ifndef OPENSSL_NO_STDIO
1446 X509 *TS_CONF_load_cert(const char *file)
1449 @@ -102,7 +103,7 @@ X509 *TS_CONF_load_cert(const char *file)
1450 x = PEM_read_bio_X509_AUX(cert, NULL, NULL, NULL);
1453 - fprintf(stderr, "unable to load certificate: %s\n", file);
1454 + TSerr(TS_F_TS_CONF_LOAD_CERT, TS_R_CANNOT_LOAD_CERT);
1458 @@ -129,7 +130,7 @@ STACK_OF(X509) *TS_CONF_load_certs(const char *file)
1461 if (othercerts == NULL)
1462 - fprintf(stderr, "unable to load certificates: %s\n", file);
1463 + TSerr(TS_F_TS_CONF_LOAD_CERTS, TS_R_CANNOT_LOAD_CERT);
1464 sk_X509_INFO_pop_free(allcerts, X509_INFO_free);
1467 @@ -145,21 +146,24 @@ EVP_PKEY *TS_CONF_load_key(const char *file, const char *pass)
1468 pkey = PEM_read_bio_PrivateKey(key, NULL, NULL, (char *)pass);
1471 - fprintf(stderr, "unable to load private key: %s\n", file);
1472 + TSerr(TS_F_TS_CONF_LOAD_KEY, TS_R_CANNOT_LOAD_KEY);
1476 +#endif /* !OPENSSL_NO_STDIO */
1478 /* Function definitions for handling configuration options. */
1480 static void TS_CONF_lookup_fail(const char *name, const char *tag)
1482 - fprintf(stderr, "variable lookup failed for %s::%s\n", name, tag);
1483 + TSerr(TS_F_TS_CONF_LOOKUP_FAIL, TS_R_VAR_LOOKUP_FAILURE);
1484 + ERR_add_error_data(3, name, "::", tag);
1487 static void TS_CONF_invalid(const char *name, const char *tag)
1489 - fprintf(stderr, "invalid variable value for %s::%s\n", name, tag);
1490 + TSerr(TS_F_TS_CONF_INVALID, TS_R_VAR_BAD_VALUE);
1491 + ERR_add_error_data(3, name, "::", tag);
1494 const char *TS_CONF_get_tsa_section(CONF *conf, const char *section)
1495 @@ -237,6 +241,7 @@ int TS_CONF_set_default_engine(const char *name)
1499 +#ifndef OPENSSL_NO_STDIO
1500 int TS_CONF_set_signer_cert(CONF *conf, const char *section,
1501 const char *cert, TS_RESP_CTX *ctx)
1503 @@ -302,6 +307,7 @@ int TS_CONF_set_signer_key(CONF *conf, const char *section,
1504 EVP_PKEY_free(key_obj);
1507 +#endif /* !OPENSSL_NO_STDIO */
1509 int TS_CONF_set_def_policy(CONF *conf, const char *section,
1510 const char *policy, TS_RESP_CTX *ctx)
1511 diff --git a/crypto/ts/ts_err.c b/crypto/ts/ts_err.c
1512 index ff1abf4..3f5b78f 100644
1513 --- a/crypto/ts/ts_err.c
1514 +++ b/crypto/ts/ts_err.c
1516 /* crypto/ts/ts_err.c */
1517 /* ====================================================================
1518 - * Copyright (c) 1999-2007 The OpenSSL Project. All rights reserved.
1519 + * Copyright (c) 1999-2015 The OpenSSL Project. All rights reserved.
1521 * Redistribution and use in source and binary forms, with or without
1522 * modification, are permitted provided that the following conditions
1523 @@ -87,6 +87,11 @@ static ERR_STRING_DATA TS_str_functs[] = {
1524 {ERR_FUNC(TS_F_TS_CHECK_SIGNING_CERTS), "TS_CHECK_SIGNING_CERTS"},
1525 {ERR_FUNC(TS_F_TS_CHECK_STATUS_INFO), "TS_CHECK_STATUS_INFO"},
1526 {ERR_FUNC(TS_F_TS_COMPUTE_IMPRINT), "TS_COMPUTE_IMPRINT"},
1527 + {ERR_FUNC(TS_F_TS_CONF_INVALID), "ts_CONF_invalid"},
1528 + {ERR_FUNC(TS_F_TS_CONF_LOAD_CERT), "TS_CONF_load_cert"},
1529 + {ERR_FUNC(TS_F_TS_CONF_LOAD_CERTS), "TS_CONF_load_certs"},
1530 + {ERR_FUNC(TS_F_TS_CONF_LOAD_KEY), "TS_CONF_load_key"},
1531 + {ERR_FUNC(TS_F_TS_CONF_LOOKUP_FAIL), "ts_CONF_lookup_fail"},
1532 {ERR_FUNC(TS_F_TS_CONF_SET_DEFAULT_ENGINE), "TS_CONF_set_default_engine"},
1533 {ERR_FUNC(TS_F_TS_GET_STATUS_TEXT), "TS_GET_STATUS_TEXT"},
1534 {ERR_FUNC(TS_F_TS_MSG_IMPRINT_SET_ALGO), "TS_MSG_IMPRINT_set_algo"},
1535 @@ -132,6 +137,8 @@ static ERR_STRING_DATA TS_str_functs[] = {
1536 static ERR_STRING_DATA TS_str_reasons[] = {
1537 {ERR_REASON(TS_R_BAD_PKCS7_TYPE), "bad pkcs7 type"},
1538 {ERR_REASON(TS_R_BAD_TYPE), "bad type"},
1539 + {ERR_REASON(TS_R_CANNOT_LOAD_CERT), "cannot load certificate"},
1540 + {ERR_REASON(TS_R_CANNOT_LOAD_KEY), "cannot load private key"},
1541 {ERR_REASON(TS_R_CERTIFICATE_VERIFY_ERROR), "certificate verify error"},
1542 {ERR_REASON(TS_R_COULD_NOT_SET_ENGINE), "could not set engine"},
1543 {ERR_REASON(TS_R_COULD_NOT_SET_TIME), "could not set time"},
1544 @@ -170,6 +177,8 @@ static ERR_STRING_DATA TS_str_reasons[] = {
1545 {ERR_REASON(TS_R_UNACCEPTABLE_POLICY), "unacceptable policy"},
1546 {ERR_REASON(TS_R_UNSUPPORTED_MD_ALGORITHM), "unsupported md algorithm"},
1547 {ERR_REASON(TS_R_UNSUPPORTED_VERSION), "unsupported version"},
1548 + {ERR_REASON(TS_R_VAR_BAD_VALUE), "var bad value"},
1549 + {ERR_REASON(TS_R_VAR_LOOKUP_FAILURE), "cannot find config variable"},
1550 {ERR_REASON(TS_R_WRONG_CONTENT_TYPE), "wrong content type"},
1553 diff --git a/crypto/ui/ui_util.c b/crypto/ui/ui_util.c
1554 index 0f29011..80dd40e 100644
1555 --- a/crypto/ui/ui_util.c
1556 +++ b/crypto/ui/ui_util.c
1559 #include "ui_locl.h"
1565 int UI_UTIL_read_pw_string(char *buf, int length, const char *prompt,
1568 diff --git a/crypto/x509/by_dir.c b/crypto/x509/by_dir.c
1569 index 9ee8f8d..64b052e 100644
1570 --- a/crypto/x509/by_dir.c
1571 +++ b/crypto/x509/by_dir.c
1573 # include <sys/stat.h>
1576 +#ifndef OPENSSL_NO_STDIO
1578 #include <openssl/lhash.h>
1579 #include <openssl/x509.h>
1581 @@ -434,3 +436,5 @@ static int get_cert_by_subject(X509_LOOKUP *xl, int type, X509_NAME *name,
1586 +#endif /* OPENSSL_NO_STDIO */
1587 diff --git a/crypto/x509/x509_vfy.c b/crypto/x509/x509_vfy.c
1588 index 0429767..7ddc21c 100644
1589 --- a/crypto/x509/x509_vfy.c
1590 +++ b/crypto/x509/x509_vfy.c
1591 @@ -940,6 +940,8 @@ static int check_crl_time(X509_STORE_CTX *ctx, X509_CRL *crl, int notify)
1592 ctx->current_crl = crl;
1593 if (ctx->param->flags & X509_V_FLAG_USE_CHECK_TIME)
1594 ptime = &ctx->param->check_time;
1595 + else if (ctx->param->flags & X509_V_FLAG_NO_CHECK_TIME)
1600 @@ -1663,6 +1665,8 @@ static int check_cert_time(X509_STORE_CTX *ctx, X509 *x)
1602 if (ctx->param->flags & X509_V_FLAG_USE_CHECK_TIME)
1603 ptime = &ctx->param->check_time;
1604 + else if (ctx->param->flags & X509_V_FLAG_NO_CHECK_TIME)
1609 diff --git a/crypto/x509/x509_vfy.h b/crypto/x509/x509_vfy.h
1610 index 2663e1c..3790ef5 100644
1611 --- a/crypto/x509/x509_vfy.h
1612 +++ b/crypto/x509/x509_vfy.h
1613 @@ -438,6 +438,8 @@ void X509_STORE_CTX_set_depth(X509_STORE_CTX *ctx, int depth);
1614 * will force the behaviour to match that of previous versions.
1616 # define X509_V_FLAG_NO_ALT_CHAINS 0x100000
1617 +/* Do not check certificate/CRL validity against current time */
1618 +# define X509_V_FLAG_NO_CHECK_TIME 0x200000
1620 # define X509_VP_FLAG_DEFAULT 0x1
1621 # define X509_VP_FLAG_OVERWRITE 0x2
1622 @@ -490,9 +492,10 @@ void X509_STORE_CTX_cleanup(X509_STORE_CTX *ctx);
1623 X509_STORE *X509_STORE_CTX_get0_store(X509_STORE_CTX *ctx);
1625 X509_LOOKUP *X509_STORE_add_lookup(X509_STORE *v, X509_LOOKUP_METHOD *m);
1627 +#ifndef OPENSSL_NO_STDIO
1628 X509_LOOKUP_METHOD *X509_LOOKUP_hash_dir(void);
1629 X509_LOOKUP_METHOD *X509_LOOKUP_file(void);
1632 int X509_STORE_add_cert(X509_STORE *ctx, X509 *x);
1633 int X509_STORE_add_crl(X509_STORE *ctx, X509_CRL *x);
1634 diff --git a/crypto/x509v3/ext_dat.h b/crypto/x509v3/ext_dat.h
1635 index c3a6fce..09ebbca 100644
1636 --- a/crypto/x509v3/ext_dat.h
1637 +++ b/crypto/x509v3/ext_dat.h
1638 @@ -127,8 +127,10 @@ static const X509V3_EXT_METHOD *standard_exts[] = {
1642 +#ifndef OPENSSL_NO_SCT
1648 /* Number of standard extensions */
1649 diff --git a/crypto/x509v3/v3_pci.c b/crypto/x509v3/v3_pci.c
1650 index 34cad53..12f12a7 100644
1651 --- a/crypto/x509v3/v3_pci.c
1652 +++ b/crypto/x509v3/v3_pci.c
1653 @@ -149,6 +149,7 @@ static int process_pci_value(CONF_VALUE *val,
1656 OPENSSL_free(tmp_data2);
1657 +#ifndef OPENSSL_NO_STDIO
1658 } else if (strncmp(val->value, "file:", 5) == 0) {
1659 unsigned char buf[2048];
1661 @@ -181,6 +182,7 @@ static int process_pci_value(CONF_VALUE *val,
1662 X509V3_conf_err(val);
1665 +#endif /* !OPENSSL_NO_STDIO */
1666 } else if (strncmp(val->value, "text:", 5) == 0) {
1667 val_len = strlen(val->value + 5);
1668 tmp_data = OPENSSL_realloc((*policy)->data,
1669 diff --git a/crypto/x509v3/v3_scts.c b/crypto/x509v3/v3_scts.c
1670 index 0b7c681..1895b8f 100644
1671 --- a/crypto/x509v3/v3_scts.c
1672 +++ b/crypto/x509v3/v3_scts.c
1674 #include <openssl/asn1.h>
1675 #include <openssl/x509v3.h>
1677 +#ifndef OPENSSL_NO_SCT
1678 /* Signature and hash algorithms from RFC 5246 */
1679 #define TLSEXT_hash_sha256 4
1681 @@ -332,3 +333,4 @@ static int i2r_SCT_LIST(X509V3_EXT_METHOD *method, STACK_OF(SCT) *sct_list,
1686 diff --git a/crypto/x509v3/x509v3.h b/crypto/x509v3/x509v3.h
1687 index f5c6156..a2e78aa 100644
1688 --- a/crypto/x509v3/x509v3.h
1689 +++ b/crypto/x509v3/x509v3.h
1690 @@ -688,8 +688,9 @@ void X509V3_EXT_val_prn(BIO *out, STACK_OF(CONF_VALUE) *val, int indent,
1692 int X509V3_EXT_print(BIO *out, X509_EXTENSION *ext, unsigned long flag,
1694 +#ifndef OPENSSL_NO_FP_API
1695 int X509V3_EXT_print_fp(FILE *out, X509_EXTENSION *ext, int flag, int indent);
1698 int X509V3_extensions_print(BIO *out, char *title,
1699 STACK_OF(X509_EXTENSION) *exts,
1700 unsigned long flag, int indent);
1701 diff --git a/demos/engines/cluster_labs/hw_cluster_labs_err.h b/demos/engines/cluster_labs/hw_cluster_labs_err.h
1702 index 3300e11..e9e58d5 100644
1703 --- a/demos/engines/cluster_labs/hw_cluster_labs_err.h
1704 +++ b/demos/engines/cluster_labs/hw_cluster_labs_err.h
1705 @@ -67,7 +67,7 @@ extern "C" {
1706 static void ERR_load_CL_strings(void);
1707 static void ERR_unload_CL_strings(void);
1708 static void ERR_CL_error(int function, int reason, char *file, int line);
1709 -# define CLerr(f,r) ERR_CL_error((f),(r),__FILE__,__LINE__)
1710 +# define CLerr(f,r) ERR_CL_error((f),(r),OPENSSL_FILE,OPENSSL_LINE)
1712 /* Error codes for the CL functions. */
1714 diff --git a/demos/engines/ibmca/hw_ibmca_err.h b/demos/engines/ibmca/hw_ibmca_err.h
1715 index c17e0c9..10d0212 100644
1716 --- a/demos/engines/ibmca/hw_ibmca_err.h
1717 +++ b/demos/engines/ibmca/hw_ibmca_err.h
1718 @@ -67,7 +67,7 @@ extern "C" {
1719 static void ERR_load_IBMCA_strings(void);
1720 static void ERR_unload_IBMCA_strings(void);
1721 static void ERR_IBMCA_error(int function, int reason, char *file, int line);
1722 -# define IBMCAerr(f,r) ERR_IBMCA_error((f),(r),__FILE__,__LINE__)
1723 +# define IBMCAerr(f,r) ERR_IBMCA_error((f),(r),OPENSSL_FILE,OPENSSL_LINE)
1725 /* Error codes for the IBMCA functions. */
1727 diff --git a/demos/engines/rsaref/rsaref_err.h b/demos/engines/rsaref/rsaref_err.h
1728 index 4356815..598836f 100644
1729 --- a/demos/engines/rsaref/rsaref_err.h
1730 +++ b/demos/engines/rsaref/rsaref_err.h
1731 @@ -68,7 +68,7 @@ extern "C" {
1732 static void ERR_load_RSAREF_strings(void);
1733 static void ERR_unload_RSAREF_strings(void);
1734 static void ERR_RSAREF_error(int function, int reason, char *file, int line);
1735 -# define RSAREFerr(f,r) ERR_RSAREF_error((f),(r),__FILE__,__LINE__)
1736 +# define RSAREFerr(f,r) ERR_RSAREF_error((f),(r),OPENSSL_FILE,OPENSSL_LINE)
1737 /* Error codes for the RSAREF functions. */
1739 /* Function codes. */
1740 diff --git a/demos/engines/zencod/hw_zencod_err.h b/demos/engines/zencod/hw_zencod_err.h
1741 index f4a8358..94d3293 100644
1742 --- a/demos/engines/zencod/hw_zencod_err.h
1743 +++ b/demos/engines/zencod/hw_zencod_err.h
1744 @@ -67,7 +67,7 @@ extern "C" {
1745 static void ERR_load_ZENCOD_strings(void);
1746 static void ERR_unload_ZENCOD_strings(void);
1747 static void ERR_ZENCOD_error(int function, int reason, char *file, int line);
1748 -# define ZENCODerr(f,r) ERR_ZENCOD_error((f),(r),__FILE__,__LINE__)
1749 +# define ZENCODerr(f,r) ERR_ZENCOD_error((f),(r),OPENSSL_FILE,OPENSSL_LINE)
1751 /* Error codes for the ZENCOD functions. */
1753 diff --git a/doc/crypto/X509_VERIFY_PARAM_set_flags.pod b/doc/crypto/X509_VERIFY_PARAM_set_flags.pod
1754 index 44792f9..7f95d58 100644
1755 --- a/doc/crypto/X509_VERIFY_PARAM_set_flags.pod
1756 +++ b/doc/crypto/X509_VERIFY_PARAM_set_flags.pod
1757 @@ -203,6 +203,10 @@ chain found is not trusted, then OpenSSL will continue to check to see if an
1758 alternative chain can be found that is trusted. With this flag set the behaviour
1759 will match that of OpenSSL versions prior to 1.0.2b.
1761 +The B<X509_V_FLAG_NO_CHECK_TIME> flag suppresses checking the validity period
1762 +of certificates and CRLs against the current time. If X509_VERIFY_PARAM_set_time()
1763 +is used to specify a verification time, the check is not suppressed.
1767 The above functions should be used to manipulate verification parameters
1768 diff --git a/doc/crypto/threads.pod b/doc/crypto/threads.pod
1769 index dc0e939..fe123bb 100644
1770 --- a/doc/crypto/threads.pod
1771 +++ b/doc/crypto/threads.pod
1772 @@ -51,15 +51,15 @@ CRYPTO_destroy_dynlockid, CRYPTO_lock - OpenSSL thread support
1773 void CRYPTO_lock(int mode, int n, const char *file, int line);
1775 #define CRYPTO_w_lock(type) \
1776 - CRYPTO_lock(CRYPTO_LOCK|CRYPTO_WRITE,type,__FILE__,__LINE__)
1777 + CRYPTO_lock(CRYPTO_LOCK|CRYPTO_WRITE,type,OPENSSL_FILE,OPENSSL_LINE)
1778 #define CRYPTO_w_unlock(type) \
1779 - CRYPTO_lock(CRYPTO_UNLOCK|CRYPTO_WRITE,type,__FILE__,__LINE__)
1780 + CRYPTO_lock(CRYPTO_UNLOCK|CRYPTO_WRITE,type,OPENSSL_FILE,OPENSSL_LINE)
1781 #define CRYPTO_r_lock(type) \
1782 - CRYPTO_lock(CRYPTO_LOCK|CRYPTO_READ,type,__FILE__,__LINE__)
1783 + CRYPTO_lock(CRYPTO_LOCK|CRYPTO_READ,type,OPENSSL_FILE,OPENSSL_LINE)
1784 #define CRYPTO_r_unlock(type) \
1785 - CRYPTO_lock(CRYPTO_UNLOCK|CRYPTO_READ,type,__FILE__,__LINE__)
1786 + CRYPTO_lock(CRYPTO_UNLOCK|CRYPTO_READ,type,OPENSSL_FILE,OPENSSL_LINE)
1787 #define CRYPTO_add(addr,amount,type) \
1788 - CRYPTO_add_lock(addr,amount,type,__FILE__,__LINE__)
1789 + CRYPTO_add_lock(addr,amount,type,OPENSSL_FILE,OPENSSL_LINE)
1793 diff --git a/e_os.h b/e_os.h
1794 index 1fa36c1..3e9dae2 100644
1797 @@ -136,7 +136,7 @@ extern "C" {
1801 -# if defined(MSDOS) && !defined(GETPID_IS_MEANINGLESS)
1802 +# if (defined(MSDOS) || defined(OPENSSL_SYS_UEFI)) && !defined(GETPID_IS_MEANINGLESS)
1803 # define GETPID_IS_MEANINGLESS
1806 diff --git a/e_os2.h b/e_os2.h
1807 index 7be9989..909e22f 100644
1810 @@ -97,7 +97,14 @@ extern "C" {
1811 * For 32 bit environment, there seems to be the CygWin environment and then
1812 * all the others that try to do the same thing Microsoft does...
1814 -# if defined(OPENSSL_SYSNAME_UWIN)
1816 + * UEFI lives here because it might be built with a Microsoft toolchain and
1817 + * we need to avoid the false positive match on Windows.
1819 +# if defined(OPENSSL_SYSNAME_UEFI)
1820 +# undef OPENSSL_SYS_UNIX
1821 +# define OPENSSL_SYS_UEFI
1822 +# elif defined(OPENSSL_SYSNAME_UWIN)
1823 # undef OPENSSL_SYS_UNIX
1824 # define OPENSSL_SYS_WIN32_UWIN
1826 diff --git a/engines/ccgost/e_gost_err.h b/engines/ccgost/e_gost_err.h
1827 index a2018ec..9eacdcf 100644
1828 --- a/engines/ccgost/e_gost_err.h
1829 +++ b/engines/ccgost/e_gost_err.h
1830 @@ -67,7 +67,7 @@ extern "C" {
1831 void ERR_load_GOST_strings(void);
1832 void ERR_unload_GOST_strings(void);
1833 void ERR_GOST_error(int function, int reason, char *file, int line);
1834 -# define GOSTerr(f,r) ERR_GOST_error((f),(r),__FILE__,__LINE__)
1835 +# define GOSTerr(f,r) ERR_GOST_error((f),(r),OPENSSL_FILE,OPENSSL_LINE)
1837 /* Error codes for the GOST functions. */
1839 diff --git a/engines/e_4758cca_err.h b/engines/e_4758cca_err.h
1840 index 2f29d96..47a2635 100644
1841 --- a/engines/e_4758cca_err.h
1842 +++ b/engines/e_4758cca_err.h
1843 @@ -67,7 +67,7 @@ extern "C" {
1844 static void ERR_load_CCA4758_strings(void);
1845 static void ERR_unload_CCA4758_strings(void);
1846 static void ERR_CCA4758_error(int function, int reason, char *file, int line);
1847 -# define CCA4758err(f,r) ERR_CCA4758_error((f),(r),__FILE__,__LINE__)
1848 +# define CCA4758err(f,r) ERR_CCA4758_error((f),(r),OPENSSL_FILE,OPENSSL_LINE)
1850 /* Error codes for the CCA4758 functions. */
1852 diff --git a/engines/e_aep_err.h b/engines/e_aep_err.h
1853 index 2ed0114..1f8fa5b 100644
1854 --- a/engines/e_aep_err.h
1855 +++ b/engines/e_aep_err.h
1856 @@ -67,7 +67,7 @@ extern "C" {
1857 static void ERR_load_AEPHK_strings(void);
1858 static void ERR_unload_AEPHK_strings(void);
1859 static void ERR_AEPHK_error(int function, int reason, char *file, int line);
1860 -# define AEPHKerr(f,r) ERR_AEPHK_error((f),(r),__FILE__,__LINE__)
1861 +# define AEPHKerr(f,r) ERR_AEPHK_error((f),(r),OPENSSL_FILE,OPENSSL_LINE)
1863 /* Error codes for the AEPHK functions. */
1865 diff --git a/engines/e_atalla_err.h b/engines/e_atalla_err.h
1866 index 7b71eff..d958496 100644
1867 --- a/engines/e_atalla_err.h
1868 +++ b/engines/e_atalla_err.h
1869 @@ -67,7 +67,7 @@ extern "C" {
1870 static void ERR_load_ATALLA_strings(void);
1871 static void ERR_unload_ATALLA_strings(void);
1872 static void ERR_ATALLA_error(int function, int reason, char *file, int line);
1873 -# define ATALLAerr(f,r) ERR_ATALLA_error((f),(r),__FILE__,__LINE__)
1874 +# define ATALLAerr(f,r) ERR_ATALLA_error((f),(r),OPENSSL_FILE,OPENSSL_LINE)
1876 /* Error codes for the ATALLA functions. */
1878 diff --git a/engines/e_capi_err.h b/engines/e_capi_err.h
1879 index b5d06dc..cfe46b1 100644
1880 --- a/engines/e_capi_err.h
1881 +++ b/engines/e_capi_err.h
1882 @@ -67,7 +67,7 @@ extern "C" {
1883 static void ERR_load_CAPI_strings(void);
1884 static void ERR_unload_CAPI_strings(void);
1885 static void ERR_CAPI_error(int function, int reason, char *file, int line);
1886 -# define CAPIerr(f,r) ERR_CAPI_error((f),(r),__FILE__,__LINE__)
1887 +# define CAPIerr(f,r) ERR_CAPI_error((f),(r),OPENSSL_FILE,OPENSSL_LINE)
1889 /* Error codes for the CAPI functions. */
1891 diff --git a/engines/e_chil_err.h b/engines/e_chil_err.h
1892 index d86a4ce..3d961b9 100644
1893 --- a/engines/e_chil_err.h
1894 +++ b/engines/e_chil_err.h
1895 @@ -67,7 +67,7 @@ extern "C" {
1896 static void ERR_load_HWCRHK_strings(void);
1897 static void ERR_unload_HWCRHK_strings(void);
1898 static void ERR_HWCRHK_error(int function, int reason, char *file, int line);
1899 -# define HWCRHKerr(f,r) ERR_HWCRHK_error((f),(r),__FILE__,__LINE__)
1900 +# define HWCRHKerr(f,r) ERR_HWCRHK_error((f),(r),OPENSSL_FILE,OPENSSL_LINE)
1902 /* Error codes for the HWCRHK functions. */
1904 diff --git a/engines/e_cswift_err.h b/engines/e_cswift_err.h
1905 index fde3a82..7c20691 100644
1906 --- a/engines/e_cswift_err.h
1907 +++ b/engines/e_cswift_err.h
1908 @@ -67,7 +67,7 @@ extern "C" {
1909 static void ERR_load_CSWIFT_strings(void);
1910 static void ERR_unload_CSWIFT_strings(void);
1911 static void ERR_CSWIFT_error(int function, int reason, char *file, int line);
1912 -# define CSWIFTerr(f,r) ERR_CSWIFT_error((f),(r),__FILE__,__LINE__)
1913 +# define CSWIFTerr(f,r) ERR_CSWIFT_error((f),(r),OPENSSL_FILE,OPENSSL_LINE)
1915 /* Error codes for the CSWIFT functions. */
1917 diff --git a/engines/e_gmp_err.h b/engines/e_gmp_err.h
1918 index 637abbc..ccaf3da 100644
1919 --- a/engines/e_gmp_err.h
1920 +++ b/engines/e_gmp_err.h
1921 @@ -67,7 +67,7 @@ extern "C" {
1922 static void ERR_load_GMP_strings(void);
1923 static void ERR_unload_GMP_strings(void);
1924 static void ERR_GMP_error(int function, int reason, char *file, int line);
1925 -# define GMPerr(f,r) ERR_GMP_error((f),(r),__FILE__,__LINE__)
1926 +# define GMPerr(f,r) ERR_GMP_error((f),(r),OPENSSL_FILE,OPENSSL_LINE)
1928 /* Error codes for the GMP functions. */
1930 diff --git a/engines/e_nuron_err.h b/engines/e_nuron_err.h
1931 index aa7849c..e607d3e 100644
1932 --- a/engines/e_nuron_err.h
1933 +++ b/engines/e_nuron_err.h
1934 @@ -67,7 +67,7 @@ extern "C" {
1935 static void ERR_load_NURON_strings(void);
1936 static void ERR_unload_NURON_strings(void);
1937 static void ERR_NURON_error(int function, int reason, char *file, int line);
1938 -# define NURONerr(f,r) ERR_NURON_error((f),(r),__FILE__,__LINE__)
1939 +# define NURONerr(f,r) ERR_NURON_error((f),(r),OPENSSL_FILE,OPENSSL_LINE)
1941 /* Error codes for the NURON functions. */
1943 diff --git a/engines/e_sureware_err.h b/engines/e_sureware_err.h
1944 index bef8623..54f2848 100644
1945 --- a/engines/e_sureware_err.h
1946 +++ b/engines/e_sureware_err.h
1947 @@ -68,7 +68,7 @@ static void ERR_load_SUREWARE_strings(void);
1948 static void ERR_unload_SUREWARE_strings(void);
1949 static void ERR_SUREWARE_error(int function, int reason, char *file,
1951 -# define SUREWAREerr(f,r) ERR_SUREWARE_error((f),(r),__FILE__,__LINE__)
1952 +# define SUREWAREerr(f,r) ERR_SUREWARE_error((f),(r),OPENSSL_FILE,OPENSSL_LINE)
1954 /* Error codes for the SUREWARE functions. */
1956 diff --git a/engines/e_ubsec_err.h b/engines/e_ubsec_err.h
1957 index c8aec7c..67110ed 100644
1958 --- a/engines/e_ubsec_err.h
1959 +++ b/engines/e_ubsec_err.h
1960 @@ -67,7 +67,7 @@ extern "C" {
1961 static void ERR_load_UBSEC_strings(void);
1962 static void ERR_unload_UBSEC_strings(void);
1963 static void ERR_UBSEC_error(int function, int reason, char *file, int line);
1964 -# define UBSECerr(f,r) ERR_UBSEC_error((f),(r),__FILE__,__LINE__)
1965 +# define UBSECerr(f,r) ERR_UBSEC_error((f),(r),OPENSSL_FILE,OPENSSL_LINE)
1967 /* Error codes for the UBSEC functions. */
1969 diff --git a/makevms.com b/makevms.com
1970 index f6b3ff2..1dcbe36 100755
1973 @@ -293,6 +293,7 @@ $ CONFIG_LOGICALS := AES,-
1981 diff --git a/ssl/d1_both.c b/ssl/d1_both.c
1982 index d1fc716..d5f661a 100644
1985 @@ -1053,7 +1053,7 @@ int dtls1_send_change_cipher_spec(SSL *s, int a, int b)
1986 int dtls1_read_failed(SSL *s, int code)
1989 - fprintf(stderr, "invalid state reached %s:%d", __FILE__, __LINE__);
1990 + fprintf(stderr, "dtls1_read_failed(); invalid state reached\n");
1994 diff --git a/ssl/ssl_asn1.c b/ssl/ssl_asn1.c
1995 index 35cc27c..a1f5335 100644
1996 --- a/ssl/ssl_asn1.c
1997 +++ b/ssl/ssl_asn1.c
1998 @@ -418,7 +418,7 @@ SSL_SESSION *d2i_SSL_SESSION(SSL_SESSION **a, const unsigned char **pp,
1999 if (ssl_version == SSL2_VERSION) {
2000 if (os.length != 3) {
2001 c.error = SSL_R_CIPHER_CODE_WRONG_LENGTH;
2002 - c.line = __LINE__;
2003 + c.line = OPENSSL_LINE;
2007 @@ -429,14 +429,14 @@ SSL_SESSION *d2i_SSL_SESSION(SSL_SESSION **a, const unsigned char **pp,
2008 || ssl_version == DTLS1_BAD_VER) {
2009 if (os.length != 2) {
2010 c.error = SSL_R_CIPHER_CODE_WRONG_LENGTH;
2011 - c.line = __LINE__;
2012 + c.line = OPENSSL_LINE;
2016 ((unsigned long)os.data[0] << 8L) | (unsigned long)os.data[1];
2018 c.error = SSL_R_UNKNOWN_SSL_VERSION;
2019 - c.line = __LINE__;
2020 + c.line = OPENSSL_LINE;
2024 @@ -526,7 +526,7 @@ SSL_SESSION *d2i_SSL_SESSION(SSL_SESSION **a, const unsigned char **pp,
2025 if (os.data != NULL) {
2026 if (os.length > SSL_MAX_SID_CTX_LENGTH) {
2027 c.error = SSL_R_BAD_LENGTH;
2028 - c.line = __LINE__;
2029 + c.line = OPENSSL_LINE;
2032 ret->sid_ctx_length = os.length;
2033 diff --git a/ssl/ssl_cert.c b/ssl/ssl_cert.c
2034 index a73f866..d534c0a 100644
2035 --- a/ssl/ssl_cert.c
2036 +++ b/ssl/ssl_cert.c
2037 @@ -855,12 +855,13 @@ int SSL_CTX_add_client_CA(SSL_CTX *ctx, X509 *x)
2038 return (add_client_CA(&(ctx->client_CA), x));
2041 +#ifndef OPENSSL_NO_STDIO
2043 static int xname_cmp(const X509_NAME *const *a, const X509_NAME *const *b)
2045 return (X509_NAME_cmp(*a, *b));
2048 -#ifndef OPENSSL_NO_STDIO
2050 * Load CA certs from a file into a ::STACK. Note that it is somewhat misnamed;
2051 * it doesn't really have anything to do with clients (except that a common use
2052 @@ -928,7 +929,6 @@ STACK_OF(X509_NAME) *SSL_load_client_CA_file(const char *file)
2059 * Add a file of certs to a stack.
2060 @@ -1048,6 +1048,7 @@ int SSL_add_dir_cert_subjects_to_stack(STACK_OF(X509_NAME) *stack,
2061 CRYPTO_w_unlock(CRYPTO_LOCK_READDIR);
2064 +#endif /* !OPENSSL_NO_STDIO */
2066 /* Add a certificate to a BUF_MEM structure */
2068 diff --git a/ssl/ssl_conf.c b/ssl/ssl_conf.c
2069 index 5478840..c2ad7c9 100644
2070 --- a/ssl/ssl_conf.c
2071 +++ b/ssl/ssl_conf.c
2072 @@ -362,6 +362,7 @@ static int cmd_Options(SSL_CONF_CTX *cctx, const char *value)
2073 return CONF_parse_list(value, ',', 1, ssl_set_option_list, cctx);
2076 +#ifndef OPENSSL_NO_STDIO
2077 static int cmd_Certificate(SSL_CONF_CTX *cctx, const char *value)
2080 @@ -428,7 +429,9 @@ static int cmd_DHParameters(SSL_CONF_CTX *cctx, const char *value)
2085 +#endif /* !OPENSSL_NO_DH */
2086 +#endif /* !OPENSSL_NO_STDIO */
2089 int (*cmd) (SSL_CONF_CTX *cctx, const char *value);
2090 const char *str_file;
2091 @@ -454,12 +457,14 @@ static const ssl_conf_cmd_tbl ssl_conf_cmds[] = {
2092 SSL_CONF_CMD_STRING(CipherString, "cipher"),
2093 SSL_CONF_CMD_STRING(Protocol, NULL),
2094 SSL_CONF_CMD_STRING(Options, NULL),
2095 +#ifndef OPENSSL_NO_STDIO
2096 SSL_CONF_CMD(Certificate, "cert", SSL_CONF_TYPE_FILE),
2097 SSL_CONF_CMD(PrivateKey, "key", SSL_CONF_TYPE_FILE),
2098 SSL_CONF_CMD(ServerInfoFile, NULL, SSL_CONF_TYPE_FILE),
2099 #ifndef OPENSSL_NO_DH
2100 SSL_CONF_CMD(DHParameters, "dhparam", SSL_CONF_TYPE_FILE)
2105 static int ssl_conf_cmd_skip_prefix(SSL_CONF_CTX *cctx, const char **pcmd)
2106 diff --git a/ssl/t1_enc.c b/ssl/t1_enc.c
2107 index 514fcb3..2a54cc9 100644
2110 @@ -780,9 +780,7 @@ int tls1_enc(SSL *s, int send)
2111 * we can't write into the input stream: Can this ever
2115 - "%s:%d: rec->data != rec->input\n",
2116 - __FILE__, __LINE__);
2117 + fprintf(stderr, "tls1_enc: rec->data != rec->input\n");
2118 else if (RAND_bytes(rec->input, ivlen) <= 0)
2121 diff --git a/test/cms-test.pl b/test/cms-test.pl
2122 index baa3b59..1ee3f02 100644
2123 --- a/test/cms-test.pl
2124 +++ b/test/cms-test.pl
2125 @@ -100,6 +100,13 @@ my $no_ec2m;
2127 my $ossl8 = `$ossl_path version -v` =~ /0\.9\.8/;
2129 +system ("$ossl_path no-cms > $null_path");
2132 + print "CMS disabled\n";
2136 system ("$ossl_path no-ec > $null_path");
2139 diff --git a/util/libeay.num b/util/libeay.num
2140 index 7f7487d..13b2e3a 100755
2141 --- a/util/libeay.num
2142 +++ b/util/libeay.num
2143 @@ -4368,7 +4368,7 @@ DH_compute_key_padded 4732 EXIST::FUNCTION:DH
2144 ECDSA_METHOD_set_sign 4733 EXIST::FUNCTION:ECDSA
2145 CMS_RecipientEncryptedKey_cert_cmp 4734 EXIST:!VMS:FUNCTION:CMS
2146 CMS_RecipEncryptedKey_cert_cmp 4734 EXIST:VMS:FUNCTION:CMS
2147 -DH_KDF_X9_42 4735 EXIST::FUNCTION:DH
2148 +DH_KDF_X9_42 4735 EXIST::FUNCTION:CMS,DH
2149 RSA_OAEP_PARAMS_free 4736 EXIST::FUNCTION:RSA
2150 EVP_des_ede3_wrap 4737 EXIST::FUNCTION:DES
2151 RSA_OAEP_PARAMS_it 4738 EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:RSA
2152 diff --git a/util/mkdef.pl b/util/mkdef.pl
2153 index c57c7f7..d4c3386 100755
2156 @@ -97,6 +97,8 @@ my @known_algorithms = ( "RC2", "RC4", "RC5", "IDEA", "DES", "BF",
2157 "FP_API", "STDIO", "SOCK", "KRB5", "DGRAM",
2159 "STATIC_ENGINE", "ENGINE", "HW", "GMP",
2160 + # X.509v3 Signed Certificate Timestamps
2165 @@ -142,7 +144,7 @@ my $no_md2; my $no_md4; my $no_md5; my $no_sha; my $no_ripemd; my $no_mdc2;
2166 my $no_rsa; my $no_dsa; my $no_dh; my $no_hmac=0; my $no_aes; my $no_krb5;
2167 my $no_ec; my $no_ecdsa; my $no_ecdh; my $no_engine; my $no_hw;
2168 my $no_fp_api; my $no_static_engine=1; my $no_gmp; my $no_deprecated;
2169 -my $no_rfc3779; my $no_psk; my $no_tlsext; my $no_cms; my $no_capieng;
2170 +my $no_sct; my $no_rfc3779; my $no_psk; my $no_tlsext; my $no_cms; my $no_capieng;
2171 my $no_jpake; my $no_srp; my $no_ssl2; my $no_ec2m; my $no_nistp_gcc;
2172 my $no_nextprotoneg; my $no_sctp; my $no_srtp; my $no_ssl_trace;
2173 my $no_unit_test; my $no_ssl3_method;
2174 @@ -233,6 +235,7 @@ foreach (@ARGV, split(/ /, $options))
2175 elsif (/^no-engine$/) { $no_engine=1; }
2176 elsif (/^no-hw$/) { $no_hw=1; }
2177 elsif (/^no-gmp$/) { $no_gmp=1; }
2178 + elsif (/^no-sct$/) { $no_sct=1; }
2179 elsif (/^no-rfc3779$/) { $no_rfc3779=1; }
2180 elsif (/^no-tlsext$/) { $no_tlsext=1; }
2181 elsif (/^no-cms$/) { $no_cms=1; }
2182 @@ -1206,6 +1209,7 @@ sub is_valid
2183 if ($keyword eq "FP_API" && $no_fp_api) { return 0; }
2184 if ($keyword eq "STATIC_ENGINE" && $no_static_engine) { return 0; }
2185 if ($keyword eq "GMP" && $no_gmp) { return 0; }
2186 + if ($keyword eq "SCT" && $no_sct) { return 0; }
2187 if ($keyword eq "RFC3779" && $no_rfc3779) { return 0; }
2188 if ($keyword eq "TLSEXT" && $no_tlsext) { return 0; }
2189 if ($keyword eq "PSK" && $no_psk) { return 0; }
2190 diff --git a/util/mkerr.pl b/util/mkerr.pl
2191 index 09ebebe..cd57ade 100644
2194 @@ -89,7 +89,7 @@ Options:
2195 void ERR_load_<LIB>_strings(void);
2196 void ERR_unload_<LIB>_strings(void);
2197 void ERR_<LIB>_error(int f, int r, char *fn, int ln);
2198 - #define <LIB>err(f,r) ERR_<LIB>_error(f,r,__FILE__,__LINE__)
2199 + #define <LIB>err(f,r) ERR_<LIB>_error(f,r,OPENSSL_FILE,OPENSSL_LINE)
2200 while the code facilitates the use of these in an environment
2201 where the error support routines are dynamically loaded at
2203 @@ -474,7 +474,7 @@ EOF
2204 ${staticloader}void ERR_load_${lib}_strings(void);
2205 ${staticloader}void ERR_unload_${lib}_strings(void);
2206 ${staticloader}void ERR_${lib}_error(int function, int reason, char *file, int line);
2207 -# define ${lib}err(f,r) ERR_${lib}_error((f),(r),__FILE__,__LINE__)
2208 +# define ${lib}err(f,r) ERR_${lib}_error((f),(r),OPENSSL_FILE,OPENSSL_LINE)
projects / mirror_edk2.git / blob