1 diff --git a/Configure b/Configure
2 index 4a715dc..b4a4781 100755
5 @@ -605,6 +605,9 @@ my %table=(
6 # with itself, Applink is never engaged and can as well be omitted.
7 "mingw64", "gcc:-mno-cygwin -DL_ENDIAN -O3 -Wall -DWIN32_LEAN_AND_MEAN -DUNICODE -D_UNICODE::-D_MT:MINGW64:-lws2_32 -lgdi32 -lcrypt32:SIXTY_FOUR_BIT RC4_CHUNK_LL DES_INT EXPORT_VAR_AS_FN:${x86_64_asm}:mingw64:win32:cygwin-shared:-D_WINDLL:-mno-cygwin:.dll.a",
10 +"UEFI", "cc:-DL_ENDIAN -O:::UEFI::::",
13 "UWIN", "cc:-DTERMIOS -DL_ENDIAN -O -Wall:::UWIN::BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${no_asm}:win32",
15 @@ -1082,7 +1085,7 @@ if (defined($disabled{"tls1"}))
18 if (defined($disabled{"ec"}) || defined($disabled{"dsa"})
19 - || defined($disabled{"dh"}))
20 + || defined($disabled{"dh"}) || defined($disabled{"stdio"}))
22 $disabled{"gost"} = "forced";
24 diff --git a/apps/apps.c b/apps/apps.c
25 index 2e77805..e21e759 100644
28 @@ -2374,6 +2374,8 @@ int args_verify(char ***pargs, int *pargc,
29 flags |= X509_V_FLAG_PARTIAL_CHAIN;
30 else if (!strcmp(arg, "-no_alt_chains"))
31 flags |= X509_V_FLAG_NO_ALT_CHAINS;
32 + else if (!strcmp(arg, "-no_check_time"))
33 + flags |= X509_V_FLAG_NO_CHECK_TIME;
37 diff --git a/crypto/asn1/a_strex.c b/crypto/asn1/a_strex.c
38 index 35fd44c..9f39bff 100644
39 --- a/crypto/asn1/a_strex.c
40 +++ b/crypto/asn1/a_strex.c
41 @@ -104,6 +104,7 @@ static int send_bio_chars(void *arg, const void *buf, int len)
45 +#ifndef OPENSSL_NO_FP_API
46 static int send_fp_chars(void *arg, const void *buf, int len)
49 @@ -112,6 +113,7 @@ static int send_fp_chars(void *arg, const void *buf, int len)
55 typedef int char_io (void *arg, const void *buf, int len);
57 diff --git a/crypto/asn1/asn1_mac.h b/crypto/asn1/asn1_mac.h
58 index abc6dc3..3a672e9 100644
59 --- a/crypto/asn1/asn1_mac.h
60 +++ b/crypto/asn1/asn1_mac.h
61 @@ -70,7 +70,7 @@ extern "C" {
64 # define ASN1_MAC_H_err(f,r,line) \
65 - ERR_PUT_error(ASN1_MAC_ERR_LIB,(f),(r),__FILE__,(line))
66 + ERR_PUT_error(ASN1_MAC_ERR_LIB,(f),(r),OPENSSL_FILE,(line))
68 # define M_ASN1_D2I_vars(a,type,func) \
70 @@ -81,7 +81,7 @@ extern "C" {
71 c.error=ERR_R_NESTED_ASN1_ERROR; \
72 if ((a == NULL) || ((*a) == NULL)) \
73 { if ((ret=(type)func()) == NULL) \
74 - { c.line=__LINE__; goto err; } } \
75 + { c.line=OPENSSL_LINE; goto err; } } \
78 # define M_ASN1_D2I_Init() \
79 @@ -90,7 +90,7 @@ extern "C" {
81 # define M_ASN1_D2I_Finish_2(a) \
82 if (!asn1_const_Finish(&c)) \
83 - { c.line=__LINE__; goto err; } \
84 + { c.line=OPENSSL_LINE; goto err; } \
85 *(const unsigned char **)pp=c.p; \
86 if (a != NULL) (*a)=ret; \
88 @@ -105,7 +105,7 @@ err:\
90 # define M_ASN1_D2I_start_sequence() \
91 if (!asn1_GetSequence(&c,&length)) \
92 - { c.line=__LINE__; goto err; }
93 + { c.line=OPENSSL_LINE; goto err; }
94 /* Begin reading ASN1 without a surrounding sequence */
95 # define M_ASN1_D2I_begin() \
97 @@ -129,21 +129,21 @@ err:\
98 # define M_ASN1_D2I_get(b, func) \
100 if (func(&(b),&c.p,c.slen) == NULL) \
101 - {c.line=__LINE__; goto err; } \
102 + {c.line=OPENSSL_LINE; goto err; } \
105 /* Don't use this with d2i_ASN1_BOOLEAN() */
106 # define M_ASN1_D2I_get_x(type,b,func) \
108 if (((D2I_OF(type))func)(&(b),&c.p,c.slen) == NULL) \
109 - {c.line=__LINE__; goto err; } \
110 + {c.line=OPENSSL_LINE; goto err; } \
113 /* use this instead () */
114 # define M_ASN1_D2I_get_int(b,func) \
116 if (func(&(b),&c.p,c.slen) < 0) \
117 - {c.line=__LINE__; goto err; } \
118 + {c.line=OPENSSL_LINE; goto err; } \
121 # define M_ASN1_D2I_get_opt(b,func,type) \
122 @@ -164,7 +164,7 @@ err:\
123 M_ASN1_next=(_tmp& V_ASN1_CONSTRUCTED)|type; \
125 if (func(&(b),&c.p,c.slen) == NULL) \
126 - {c.line=__LINE__; M_ASN1_next_prev = _tmp; goto err; } \
127 + {c.line=OPENSSL_LINE; M_ASN1_next_prev = _tmp; goto err; } \
129 M_ASN1_next_prev=_tmp;
131 @@ -258,20 +258,20 @@ err:\
133 if (d2i_ASN1_SET(&(r),&c.p,c.slen,(char *(*)())func,\
134 (void (*)())free_func,a,b) == NULL) \
135 - { c.line=__LINE__; goto err; } \
136 + { c.line=OPENSSL_LINE; goto err; } \
139 # define M_ASN1_D2I_get_imp_set_type(type,r,func,free_func,a,b) \
141 if (d2i_ASN1_SET_OF_##type(&(r),&c.p,c.slen,func,\
142 free_func,a,b) == NULL) \
143 - { c.line=__LINE__; goto err; } \
144 + { c.line=OPENSSL_LINE; goto err; } \
147 # define M_ASN1_D2I_get_set_strings(r,func,a,b) \
149 if (d2i_ASN1_STRING_SET(&(r),&c.p,c.slen,a,b) == NULL) \
150 - { c.line=__LINE__; goto err; } \
151 + { c.line=OPENSSL_LINE; goto err; } \
154 # define M_ASN1_D2I_get_EXP_opt(r,func,tag) \
155 @@ -285,16 +285,16 @@ err:\
156 Tinf=ASN1_get_object(&c.p,&Tlen,&Ttag,&Tclass,c.slen); \
158 { c.error=ERR_R_BAD_ASN1_OBJECT_HEADER; \
159 - c.line=__LINE__; goto err; } \
160 + c.line=OPENSSL_LINE; goto err; } \
161 if (Tinf == (V_ASN1_CONSTRUCTED+1)) \
162 Tlen = c.slen - (c.p - c.q) - 2; \
163 if (func(&(r),&c.p,Tlen) == NULL) \
164 - { c.line=__LINE__; goto err; } \
165 + { c.line=OPENSSL_LINE; goto err; } \
166 if (Tinf == (V_ASN1_CONSTRUCTED+1)) { \
167 Tlen = c.slen - (c.p - c.q); \
168 if(!ASN1_const_check_infinite_end(&c.p, Tlen)) \
169 { c.error=ERR_R_MISSING_ASN1_EOS; \
170 - c.line=__LINE__; goto err; } \
171 + c.line=OPENSSL_LINE; goto err; } \
175 @@ -310,18 +310,18 @@ err:\
176 Tinf=ASN1_get_object(&c.p,&Tlen,&Ttag,&Tclass,c.slen); \
178 { c.error=ERR_R_BAD_ASN1_OBJECT_HEADER; \
179 - c.line=__LINE__; goto err; } \
180 + c.line=OPENSSL_LINE; goto err; } \
181 if (Tinf == (V_ASN1_CONSTRUCTED+1)) \
182 Tlen = c.slen - (c.p - c.q) - 2; \
183 if (d2i_ASN1_SET(&(r),&c.p,Tlen,(char *(*)())func, \
184 (void (*)())free_func, \
185 b,V_ASN1_UNIVERSAL) == NULL) \
186 - { c.line=__LINE__; goto err; } \
187 + { c.line=OPENSSL_LINE; goto err; } \
188 if (Tinf == (V_ASN1_CONSTRUCTED+1)) { \
189 Tlen = c.slen - (c.p - c.q); \
190 if(!ASN1_check_infinite_end(&c.p, Tlen)) \
191 { c.error=ERR_R_MISSING_ASN1_EOS; \
192 - c.line=__LINE__; goto err; } \
193 + c.line=OPENSSL_LINE; goto err; } \
197 @@ -337,17 +337,17 @@ err:\
198 Tinf=ASN1_get_object(&c.p,&Tlen,&Ttag,&Tclass,c.slen); \
200 { c.error=ERR_R_BAD_ASN1_OBJECT_HEADER; \
201 - c.line=__LINE__; goto err; } \
202 + c.line=OPENSSL_LINE; goto err; } \
203 if (Tinf == (V_ASN1_CONSTRUCTED+1)) \
204 Tlen = c.slen - (c.p - c.q) - 2; \
205 if (d2i_ASN1_SET_OF_##type(&(r),&c.p,Tlen,func, \
206 free_func,b,V_ASN1_UNIVERSAL) == NULL) \
207 - { c.line=__LINE__; goto err; } \
208 + { c.line=OPENSSL_LINE; goto err; } \
209 if (Tinf == (V_ASN1_CONSTRUCTED+1)) { \
210 Tlen = c.slen - (c.p - c.q); \
211 if(!ASN1_check_infinite_end(&c.p, Tlen)) \
212 { c.error=ERR_R_MISSING_ASN1_EOS; \
213 - c.line=__LINE__; goto err; } \
214 + c.line=OPENSSL_LINE; goto err; } \
218 @@ -355,7 +355,7 @@ err:\
220 # define M_ASN1_New_Malloc(ret,type) \
221 if ((ret=(type *)OPENSSL_malloc(sizeof(type))) == NULL) \
222 - { c.line=__LINE__; goto err2; }
223 + { c.line=OPENSSL_LINE; goto err2; }
225 # define M_ASN1_New(arg,func) \
226 if (((arg)=func()) == NULL) return(NULL)
227 diff --git a/crypto/bn/bn_prime.c b/crypto/bn/bn_prime.c
228 index 1d25687..e933ead 100644
229 --- a/crypto/bn/bn_prime.c
230 +++ b/crypto/bn/bn_prime.c
232 static int witness(BIGNUM *w, const BIGNUM *a, const BIGNUM *a1,
233 const BIGNUM *a1_odd, int k, BN_CTX *ctx,
235 -static int probable_prime(BIGNUM *rnd, int bits);
236 +static int probable_prime(BIGNUM *rnd, int bits, prime_t *mods);
237 static int probable_prime_dh(BIGNUM *rnd, int bits,
238 const BIGNUM *add, const BIGNUM *rem,
240 @@ -166,9 +166,13 @@ int BN_generate_prime_ex(BIGNUM *ret, int bits, int safe,
245 + BN_CTX *ctx = NULL;
246 + prime_t *mods = NULL;
247 int checks = BN_prime_checks_for_size(bits);
249 + mods = OPENSSL_malloc(sizeof(*mods) * NUMPRIMES);
255 @@ -179,7 +183,7 @@ int BN_generate_prime_ex(BIGNUM *ret, int bits, int safe,
257 /* make a random number and set the top and bottom bits */
259 - if (!probable_prime(ret, bits))
260 + if (!probable_prime(ret, bits, mods))
264 @@ -230,6 +234,7 @@ int BN_generate_prime_ex(BIGNUM *ret, int bits, int safe,
265 /* we have a prime :-) */
268 + OPENSSL_free(mods);
272 @@ -375,10 +380,9 @@ static int witness(BIGNUM *w, const BIGNUM *a, const BIGNUM *a1,
276 -static int probable_prime(BIGNUM *rnd, int bits)
277 +static int probable_prime(BIGNUM *rnd, int bits, prime_t *mods)
280 - prime_t mods[NUMPRIMES];
281 BN_ULONG delta, maxdelta;
284 diff --git a/crypto/conf/conf.h b/crypto/conf/conf.h
285 index 8d926d5..41cf38e 100644
286 --- a/crypto/conf/conf.h
287 +++ b/crypto/conf/conf.h
288 @@ -118,8 +118,10 @@ typedef void conf_finish_func (CONF_IMODULE *md);
290 int CONF_set_default_method(CONF_METHOD *meth);
291 void CONF_set_nconf(CONF *conf, LHASH_OF(CONF_VALUE) *hash);
292 +# ifndef OPENSSL_NO_STDIO
293 LHASH_OF(CONF_VALUE) *CONF_load(LHASH_OF(CONF_VALUE) *conf, const char *file,
296 # ifndef OPENSSL_NO_FP_API
297 LHASH_OF(CONF_VALUE) *CONF_load_fp(LHASH_OF(CONF_VALUE) *conf, FILE *fp,
299 @@ -133,7 +135,9 @@ char *CONF_get_string(LHASH_OF(CONF_VALUE) *conf, const char *group,
300 long CONF_get_number(LHASH_OF(CONF_VALUE) *conf, const char *group,
302 void CONF_free(LHASH_OF(CONF_VALUE) *conf);
303 +#ifndef OPENSSL_NO_FP_API
304 int CONF_dump_fp(LHASH_OF(CONF_VALUE) *conf, FILE *out);
306 int CONF_dump_bio(LHASH_OF(CONF_VALUE) *conf, BIO *out);
308 void OPENSSL_config(const char *config_name);
309 @@ -160,7 +164,9 @@ CONF_METHOD *NCONF_XML(void);
310 void NCONF_free(CONF *conf);
311 void NCONF_free_data(CONF *conf);
313 +# ifndef OPENSSL_NO_STDIO
314 int NCONF_load(CONF *conf, const char *file, long *eline);
316 # ifndef OPENSSL_NO_FP_API
317 int NCONF_load_fp(CONF *conf, FILE *fp, long *eline);
319 @@ -170,7 +176,9 @@ STACK_OF(CONF_VALUE) *NCONF_get_section(const CONF *conf,
320 char *NCONF_get_string(const CONF *conf, const char *group, const char *name);
321 int NCONF_get_number_e(const CONF *conf, const char *group, const char *name,
323 +#ifndef OPENSSL_NO_FP_API
324 int NCONF_dump_fp(const CONF *conf, FILE *out);
326 int NCONF_dump_bio(const CONF *conf, BIO *out);
328 # if 0 /* The following function has no error
329 @@ -184,8 +192,10 @@ long NCONF_get_number(CONF *conf, char *group, char *name);
331 int CONF_modules_load(const CONF *cnf, const char *appname,
332 unsigned long flags);
333 +#ifndef OPENSSL_NO_STDIO
334 int CONF_modules_load_file(const char *filename, const char *appname,
335 unsigned long flags);
337 void CONF_modules_unload(int all);
338 void CONF_modules_finish(void);
339 void CONF_modules_free(void);
340 diff --git a/crypto/conf/conf_def.c b/crypto/conf/conf_def.c
341 index 68c77ce..3d308c7 100644
342 --- a/crypto/conf/conf_def.c
343 +++ b/crypto/conf/conf_def.c
344 @@ -182,6 +182,10 @@ static int def_destroy_data(CONF *conf)
346 static int def_load(CONF *conf, const char *name, long *line)
348 +#ifdef OPENSSL_NO_STDIO
349 + CONFerr(CONF_F_DEF_LOAD, ERR_R_SYS_LIB);
355 @@ -202,6 +206,7 @@ static int def_load(CONF *conf, const char *name, long *line)
362 static int def_load_bio(CONF *conf, BIO *in, long *line)
363 diff --git a/crypto/conf/conf_lib.c b/crypto/conf/conf_lib.c
364 index 5281384..952b545 100644
365 --- a/crypto/conf/conf_lib.c
366 +++ b/crypto/conf/conf_lib.c
367 @@ -90,6 +90,7 @@ int CONF_set_default_method(CONF_METHOD *meth)
371 +#ifndef OPENSSL_NO_STDIO
372 LHASH_OF(CONF_VALUE) *CONF_load(LHASH_OF(CONF_VALUE) *conf, const char *file,
375 @@ -111,6 +112,7 @@ LHASH_OF(CONF_VALUE) *CONF_load(LHASH_OF(CONF_VALUE) *conf, const char *file,
381 #ifndef OPENSSL_NO_FP_API
382 LHASH_OF(CONF_VALUE) *CONF_load_fp(LHASH_OF(CONF_VALUE) *conf, FILE *fp,
383 @@ -255,6 +257,7 @@ void NCONF_free_data(CONF *conf)
384 conf->meth->destroy_data(conf);
387 +#ifndef OPENSSL_NO_STDIO
388 int NCONF_load(CONF *conf, const char *file, long *eline)
391 @@ -264,6 +267,7 @@ int NCONF_load(CONF *conf, const char *file, long *eline)
393 return conf->meth->load(conf, file, eline);
397 #ifndef OPENSSL_NO_FP_API
398 int NCONF_load_fp(CONF *conf, FILE *fp, long *eline)
399 diff --git a/crypto/conf/conf_mod.c b/crypto/conf/conf_mod.c
400 index 9acfca4..5e0a482 100644
401 --- a/crypto/conf/conf_mod.c
402 +++ b/crypto/conf/conf_mod.c
403 @@ -159,6 +159,7 @@ int CONF_modules_load(const CONF *cnf, const char *appname,
407 +#ifndef OPENSSL_NO_STDIO
408 int CONF_modules_load_file(const char *filename, const char *appname,
411 @@ -194,6 +195,7 @@ int CONF_modules_load_file(const char *filename, const char *appname,
417 static int module_run(const CONF *cnf, char *name, char *value,
419 diff --git a/crypto/conf/conf_sap.c b/crypto/conf/conf_sap.c
420 index c042cf2..a25b636 100644
421 --- a/crypto/conf/conf_sap.c
422 +++ b/crypto/conf/conf_sap.c
423 @@ -87,9 +87,11 @@ void OPENSSL_config(const char *config_name)
424 ENGINE_load_builtin_engines();
427 +#ifndef OPENSSL_NO_STDIO
428 CONF_modules_load_file(NULL, config_name,
429 CONF_MFLAGS_DEFAULT_SECTION |
430 CONF_MFLAGS_IGNORE_MISSING_FILE);
432 openssl_configured = 1;
435 diff --git a/crypto/cryptlib.c b/crypto/cryptlib.c
436 index c9f674b..39ead7f 100644
437 --- a/crypto/cryptlib.c
438 +++ b/crypto/cryptlib.c
439 @@ -263,7 +263,7 @@ int CRYPTO_get_new_dynlockid(void)
442 pointer->references = 1;
443 - pointer->data = dynlock_create_callback(__FILE__, __LINE__);
444 + pointer->data = dynlock_create_callback(OPENSSL_FILE, OPENSSL_LINE);
445 if (pointer->data == NULL) {
446 OPENSSL_free(pointer);
447 CRYPTOerr(CRYPTO_F_CRYPTO_GET_NEW_DYNLOCKID, ERR_R_MALLOC_FAILURE);
448 @@ -289,7 +289,7 @@ int CRYPTO_get_new_dynlockid(void)
449 CRYPTO_w_unlock(CRYPTO_LOCK_DYNLOCK);
452 - dynlock_destroy_callback(pointer->data, __FILE__, __LINE__);
453 + dynlock_destroy_callback(pointer->data, OPENSSL_FILE, OPENSSL_LINE);
454 OPENSSL_free(pointer);
456 i += 1; /* to avoid 0 */
457 @@ -328,7 +328,7 @@ void CRYPTO_destroy_dynlockid(int i)
458 CRYPTO_w_unlock(CRYPTO_LOCK_DYNLOCK);
461 - dynlock_destroy_callback(pointer->data, __FILE__, __LINE__);
462 + dynlock_destroy_callback(pointer->data, OPENSSL_FILE, OPENSSL_LINE);
463 OPENSSL_free(pointer);
466 @@ -670,6 +670,7 @@ unsigned long *OPENSSL_ia32cap_loc(void)
469 # if defined(OPENSSL_CPUID_OBJ) && !defined(OPENSSL_NO_ASM) && !defined(I386_ONLY)
471 # define OPENSSL_CPUID_SETUP
473 typedef unsigned __int64 IA32CAP;
474 @@ -980,11 +981,13 @@ void OPENSSL_showfatal(const char *fmta, ...)
476 void OPENSSL_showfatal(const char *fmta, ...)
478 +#ifndef OPENSSL_NO_STDIO
482 vfprintf(stderr, fmta, ap);
487 int OPENSSL_isservice(void)
488 @@ -1011,10 +1014,12 @@ void OpenSSLDie(const char *file, int line, const char *assertion)
492 +#ifndef OPENSSL_NO_STDIO
493 void *OPENSSL_stderr(void)
499 int CRYPTO_memcmp(const void *in_a, const void *in_b, size_t len)
501 diff --git a/crypto/cryptlib.h b/crypto/cryptlib.h
502 index fba180a..3e3ea5e 100644
503 --- a/crypto/cryptlib.h
504 +++ b/crypto/cryptlib.h
505 @@ -101,7 +101,9 @@ extern "C" {
506 void OPENSSL_cpuid_setup(void);
507 extern unsigned int OPENSSL_ia32cap_P[];
508 void OPENSSL_showfatal(const char *fmta, ...);
509 +#ifndef OPENSSL_NO_STDIO
510 void *OPENSSL_stderr(void);
512 extern int OPENSSL_NONPIC_relocated;
515 diff --git a/crypto/crypto.h b/crypto/crypto.h
516 index c450d7a..063d78e 100644
517 --- a/crypto/crypto.h
518 +++ b/crypto/crypto.h
519 @@ -235,15 +235,15 @@ typedef struct openssl_item_st {
520 # ifndef OPENSSL_NO_LOCKING
521 # ifndef CRYPTO_w_lock
522 # define CRYPTO_w_lock(type) \
523 - CRYPTO_lock(CRYPTO_LOCK|CRYPTO_WRITE,type,__FILE__,__LINE__)
524 + CRYPTO_lock(CRYPTO_LOCK|CRYPTO_WRITE,type,OPENSSL_FILE,OPENSSL_LINE)
525 # define CRYPTO_w_unlock(type) \
526 - CRYPTO_lock(CRYPTO_UNLOCK|CRYPTO_WRITE,type,__FILE__,__LINE__)
527 + CRYPTO_lock(CRYPTO_UNLOCK|CRYPTO_WRITE,type,OPENSSL_FILE,OPENSSL_LINE)
528 # define CRYPTO_r_lock(type) \
529 - CRYPTO_lock(CRYPTO_LOCK|CRYPTO_READ,type,__FILE__,__LINE__)
530 + CRYPTO_lock(CRYPTO_LOCK|CRYPTO_READ,type,OPENSSL_FILE,OPENSSL_LINE)
531 # define CRYPTO_r_unlock(type) \
532 - CRYPTO_lock(CRYPTO_UNLOCK|CRYPTO_READ,type,__FILE__,__LINE__)
533 + CRYPTO_lock(CRYPTO_UNLOCK|CRYPTO_READ,type,OPENSSL_FILE,OPENSSL_LINE)
534 # define CRYPTO_add(addr,amount,type) \
535 - CRYPTO_add_lock(addr,amount,type,__FILE__,__LINE__)
536 + CRYPTO_add_lock(addr,amount,type,OPENSSL_FILE,OPENSSL_LINE)
539 # define CRYPTO_w_lock(a)
540 @@ -378,19 +378,19 @@ int CRYPTO_is_mem_check_on(void);
541 # define MemCheck_off() CRYPTO_mem_ctrl(CRYPTO_MEM_CHECK_DISABLE)
542 # define is_MemCheck_on() CRYPTO_is_mem_check_on()
544 -# define OPENSSL_malloc(num) CRYPTO_malloc((int)num,__FILE__,__LINE__)
545 -# define OPENSSL_strdup(str) CRYPTO_strdup((str),__FILE__,__LINE__)
546 +# define OPENSSL_malloc(num) CRYPTO_malloc((int)num,OPENSSL_FILE,OPENSSL_LINE)
547 +# define OPENSSL_strdup(str) CRYPTO_strdup((str),OPENSSL_FILE,OPENSSL_LINE)
548 # define OPENSSL_realloc(addr,num) \
549 - CRYPTO_realloc((char *)addr,(int)num,__FILE__,__LINE__)
550 + CRYPTO_realloc((char *)addr,(int)num,OPENSSL_FILE,OPENSSL_LINE)
551 # define OPENSSL_realloc_clean(addr,old_num,num) \
552 - CRYPTO_realloc_clean(addr,old_num,num,__FILE__,__LINE__)
553 + CRYPTO_realloc_clean(addr,old_num,num,OPENSSL_FILE,OPENSSL_LINE)
554 # define OPENSSL_remalloc(addr,num) \
555 - CRYPTO_remalloc((char **)addr,(int)num,__FILE__,__LINE__)
556 + CRYPTO_remalloc((char **)addr,(int)num,OPENSSL_FILE,OPENSSL_LINE)
557 # define OPENSSL_freeFunc CRYPTO_free
558 # define OPENSSL_free(addr) CRYPTO_free(addr)
560 # define OPENSSL_malloc_locked(num) \
561 - CRYPTO_malloc_locked((int)num,__FILE__,__LINE__)
562 + CRYPTO_malloc_locked((int)num,OPENSSL_FILE,OPENSSL_LINE)
563 # define OPENSSL_free_locked(addr) CRYPTO_free_locked(addr)
565 const char *SSLeay_version(int type);
566 @@ -545,7 +545,7 @@ void CRYPTO_set_mem_debug_options(long bits);
567 long CRYPTO_get_mem_debug_options(void);
569 # define CRYPTO_push_info(info) \
570 - CRYPTO_push_info_(info, __FILE__, __LINE__);
571 + CRYPTO_push_info_(info, OPENSSL_FILE, OPENSSL_LINE);
572 int CRYPTO_push_info_(const char *info, const char *file, int line);
573 int CRYPTO_pop_info(void);
574 int CRYPTO_remove_all_info(void);
575 @@ -588,7 +588,7 @@ void CRYPTO_mem_leaks_cb(CRYPTO_MEM_LEAK_CB *cb);
577 /* die if we have to */
578 void OpenSSLDie(const char *file, int line, const char *assertion);
579 -# define OPENSSL_assert(e) (void)((e) ? 0 : (OpenSSLDie(__FILE__, __LINE__, #e),1))
580 +# define OPENSSL_assert(e) (void)((e) ? 0 : (OpenSSLDie(OPENSSL_FILE, OPENSSL_LINE, #e),1))
582 unsigned long *OPENSSL_ia32cap_loc(void);
583 # define OPENSSL_ia32cap (*(OPENSSL_ia32cap_loc()))
584 @@ -605,14 +605,14 @@ void OPENSSL_init(void);
585 # define fips_md_init_ctx(alg, cx) \
586 int alg##_Init(cx##_CTX *c) \
588 - if (FIPS_mode()) OpenSSLDie(__FILE__, __LINE__, \
589 + if (FIPS_mode()) OpenSSLDie(OPENSSL_FILE, OPENSSL_LINE, \
590 "Low level API call to digest " #alg " forbidden in FIPS mode!"); \
591 return private_##alg##_Init(c); \
593 int private_##alg##_Init(cx##_CTX *c)
595 # define fips_cipher_abort(alg) \
596 - if (FIPS_mode()) OpenSSLDie(__FILE__, __LINE__, \
597 + if (FIPS_mode()) OpenSSLDie(OPENSSL_FILE, OPENSSL_LINE, \
598 "Low level API call to cipher " #alg " forbidden in FIPS mode!")
601 diff --git a/crypto/des/read2pwd.c b/crypto/des/read2pwd.c
602 index 01e275f..7633139 100644
603 --- a/crypto/des/read2pwd.c
604 +++ b/crypto/des/read2pwd.c
606 #include <openssl/ui.h>
607 #include <openssl/crypto.h>
613 int DES_read_password(DES_cblock *key, const char *prompt, int verify)
616 diff --git a/crypto/dh/Makefile b/crypto/dh/Makefile
617 index 46fa5ac..cc366ec 100644
618 --- a/crypto/dh/Makefile
619 +++ b/crypto/dh/Makefile
620 @@ -134,7 +134,7 @@ dh_gen.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
621 dh_gen.o: ../../include/openssl/ossl_typ.h ../../include/openssl/safestack.h
622 dh_gen.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
623 dh_gen.o: ../cryptlib.h dh_gen.c
624 -dh_kdf.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
625 +dh_kdf.o: ../../e_os.h ../../include/openssl/asn1.h ../../include/openssl/bio.h
626 dh_kdf.o: ../../include/openssl/buffer.h ../../include/openssl/cms.h
627 dh_kdf.o: ../../include/openssl/crypto.h ../../include/openssl/dh.h
628 dh_kdf.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h
629 diff --git a/crypto/dh/dh.h b/crypto/dh/dh.h
630 index 5498a9d..4a5c665 100644
633 @@ -240,11 +240,13 @@ DH *DH_get_1024_160(void);
634 DH *DH_get_2048_224(void);
635 DH *DH_get_2048_256(void);
637 +# ifndef OPENSSL_NO_CMS
639 int DH_KDF_X9_42(unsigned char *out, size_t outlen,
640 const unsigned char *Z, size_t Zlen,
641 ASN1_OBJECT *key_oid,
642 const unsigned char *ukm, size_t ukmlen, const EVP_MD *md);
645 # define EVP_PKEY_CTX_set_dh_paramgen_prime_len(ctx, len) \
646 EVP_PKEY_CTX_ctrl(ctx, EVP_PKEY_DH, EVP_PKEY_OP_PARAMGEN, \
647 @@ -337,7 +339,9 @@ int DH_KDF_X9_42(unsigned char *out, size_t outlen,
650 # define EVP_PKEY_DH_KDF_NONE 1
651 +# ifndef OPENSSL_NO_CMS
652 # define EVP_PKEY_DH_KDF_X9_42 2
655 /* BEGIN ERROR CODES */
657 diff --git a/crypto/dh/dh_kdf.c b/crypto/dh/dh_kdf.c
658 index a882cb2..4eddb9a 100644
659 --- a/crypto/dh/dh_kdf.c
660 +++ b/crypto/dh/dh_kdf.c
662 * ====================================================================
667 +#ifndef OPENSSL_NO_CMS
669 #include <openssl/dh.h>
670 #include <openssl/evp.h>
671 #include <openssl/asn1.h>
672 #include <openssl/cms.h>
675 /* Key derivation from X9.42/RFC2631 */
676 +/* Uses CMS functions, hence the #ifdef wrapper. */
678 #define DH_KDF_MAX (1L << 30)
680 @@ -185,3 +190,4 @@ int DH_KDF_X9_42(unsigned char *out, size_t outlen,
681 EVP_MD_CTX_cleanup(&mctx);
685 diff --git a/crypto/dh/dh_pmeth.c b/crypto/dh/dh_pmeth.c
686 index b58e3fa..c6288f6 100644
687 --- a/crypto/dh/dh_pmeth.c
688 +++ b/crypto/dh/dh_pmeth.c
689 @@ -207,7 +207,11 @@ static int pkey_dh_ctrl(EVP_PKEY_CTX *ctx, int type, int p1, void *p2)
690 case EVP_PKEY_CTRL_DH_KDF_TYPE:
692 return dctx->kdf_type;
693 +#ifdef OPENSSL_NO_CMS
694 + if (p1 != EVP_PKEY_DH_KDF_NONE)
696 if (p1 != EVP_PKEY_DH_KDF_NONE && p1 != EVP_PKEY_DH_KDF_X9_42)
701 @@ -448,7 +452,10 @@ static int pkey_dh_derive(EVP_PKEY_CTX *ctx, unsigned char *key,
705 - } else if (dctx->kdf_type == EVP_PKEY_DH_KDF_X9_42) {
707 +#ifndef OPENSSL_NO_CMS
708 + else if (dctx->kdf_type == EVP_PKEY_DH_KDF_X9_42) {
710 unsigned char *Z = NULL;
712 if (!dctx->kdf_outlen || !dctx->kdf_oid)
713 @@ -479,7 +486,8 @@ static int pkey_dh_derive(EVP_PKEY_CTX *ctx, unsigned char *key,
722 const EVP_PKEY_METHOD dh_pkey_meth = {
723 diff --git a/crypto/ec/ec_ameth.c b/crypto/ec/ec_ameth.c
724 index 83e208c..4869098 100644
725 --- a/crypto/ec/ec_ameth.c
726 +++ b/crypto/ec/ec_ameth.c
728 #include <openssl/asn1t.h>
729 #include "asn1_locl.h"
731 +#ifndef OPENSSL_NO_CMS
732 static int ecdh_cms_decrypt(CMS_RecipientInfo *ri);
733 static int ecdh_cms_encrypt(CMS_RecipientInfo *ri);
736 static int eckey_param2type(int *pptype, void **ppval, EC_KEY *ec_key)
738 diff --git a/crypto/engine/eng_int.h b/crypto/engine/eng_int.h
739 index 46f163b..b4a72a0 100644
740 --- a/crypto/engine/eng_int.h
741 +++ b/crypto/engine/eng_int.h
742 @@ -88,7 +88,7 @@ extern "C" {
743 (unsigned int)(e), (isfunct ? "funct" : "struct"), \
744 ((isfunct) ? ((e)->funct_ref - (diff)) : ((e)->struct_ref - (diff))), \
745 ((isfunct) ? (e)->funct_ref : (e)->struct_ref), \
746 - (__FILE__), (__LINE__));
747 + (OPENSSL_FILE), (OPENSSL_LINE));
751 @@ -136,7 +136,7 @@ ENGINE *engine_table_select(ENGINE_TABLE **table, int nid);
753 ENGINE *engine_table_select_tmp(ENGINE_TABLE **table, int nid, const char *f,
755 -# define engine_table_select(t,n) engine_table_select_tmp(t,n,__FILE__,__LINE__)
756 +# define engine_table_select(t,n) engine_table_select_tmp(t,n,OPENSSL_FILE,OPENSSL_LINE)
758 typedef void (engine_table_doall_cb) (int nid, STACK_OF(ENGINE) *sk,
759 ENGINE *def, void *arg);
760 diff --git a/crypto/engine/eng_openssl.c b/crypto/engine/eng_openssl.c
761 index 34b0029..cf622bb 100644
762 --- a/crypto/engine/eng_openssl.c
763 +++ b/crypto/engine/eng_openssl.c
765 * this is no longer automatic in ENGINE_load_builtin_engines().
767 #define TEST_ENG_OPENSSL_RC4
768 +#ifndef OPENSSL_NO_FP_API
769 #define TEST_ENG_OPENSSL_PKEY
771 /* #define TEST_ENG_OPENSSL_RC4_OTHERS */
772 #define TEST_ENG_OPENSSL_RC4_P_INIT
773 /* #define TEST_ENG_OPENSSL_RC4_P_CIPHER */
774 diff --git a/crypto/err/err.h b/crypto/err/err.h
775 index 585aa8b..04c6cfc 100644
776 --- a/crypto/err/err.h
777 +++ b/crypto/err/err.h
778 @@ -200,39 +200,39 @@ typedef struct err_state_st {
780 # define ERR_LIB_USER 128
782 -# define SYSerr(f,r) ERR_PUT_error(ERR_LIB_SYS,(f),(r),__FILE__,__LINE__)
783 -# define BNerr(f,r) ERR_PUT_error(ERR_LIB_BN,(f),(r),__FILE__,__LINE__)
784 -# define RSAerr(f,r) ERR_PUT_error(ERR_LIB_RSA,(f),(r),__FILE__,__LINE__)
785 -# define DHerr(f,r) ERR_PUT_error(ERR_LIB_DH,(f),(r),__FILE__,__LINE__)
786 -# define EVPerr(f,r) ERR_PUT_error(ERR_LIB_EVP,(f),(r),__FILE__,__LINE__)
787 -# define BUFerr(f,r) ERR_PUT_error(ERR_LIB_BUF,(f),(r),__FILE__,__LINE__)
788 -# define OBJerr(f,r) ERR_PUT_error(ERR_LIB_OBJ,(f),(r),__FILE__,__LINE__)
789 -# define PEMerr(f,r) ERR_PUT_error(ERR_LIB_PEM,(f),(r),__FILE__,__LINE__)
790 -# define DSAerr(f,r) ERR_PUT_error(ERR_LIB_DSA,(f),(r),__FILE__,__LINE__)
791 -# define X509err(f,r) ERR_PUT_error(ERR_LIB_X509,(f),(r),__FILE__,__LINE__)
792 -# define ASN1err(f,r) ERR_PUT_error(ERR_LIB_ASN1,(f),(r),__FILE__,__LINE__)
793 -# define CONFerr(f,r) ERR_PUT_error(ERR_LIB_CONF,(f),(r),__FILE__,__LINE__)
794 -# define CRYPTOerr(f,r) ERR_PUT_error(ERR_LIB_CRYPTO,(f),(r),__FILE__,__LINE__)
795 -# define ECerr(f,r) ERR_PUT_error(ERR_LIB_EC,(f),(r),__FILE__,__LINE__)
796 -# define SSLerr(f,r) ERR_PUT_error(ERR_LIB_SSL,(f),(r),__FILE__,__LINE__)
797 -# define BIOerr(f,r) ERR_PUT_error(ERR_LIB_BIO,(f),(r),__FILE__,__LINE__)
798 -# define PKCS7err(f,r) ERR_PUT_error(ERR_LIB_PKCS7,(f),(r),__FILE__,__LINE__)
799 -# define X509V3err(f,r) ERR_PUT_error(ERR_LIB_X509V3,(f),(r),__FILE__,__LINE__)
800 -# define PKCS12err(f,r) ERR_PUT_error(ERR_LIB_PKCS12,(f),(r),__FILE__,__LINE__)
801 -# define RANDerr(f,r) ERR_PUT_error(ERR_LIB_RAND,(f),(r),__FILE__,__LINE__)
802 -# define DSOerr(f,r) ERR_PUT_error(ERR_LIB_DSO,(f),(r),__FILE__,__LINE__)
803 -# define ENGINEerr(f,r) ERR_PUT_error(ERR_LIB_ENGINE,(f),(r),__FILE__,__LINE__)
804 -# define OCSPerr(f,r) ERR_PUT_error(ERR_LIB_OCSP,(f),(r),__FILE__,__LINE__)
805 -# define UIerr(f,r) ERR_PUT_error(ERR_LIB_UI,(f),(r),__FILE__,__LINE__)
806 -# define COMPerr(f,r) ERR_PUT_error(ERR_LIB_COMP,(f),(r),__FILE__,__LINE__)
807 -# define ECDSAerr(f,r) ERR_PUT_error(ERR_LIB_ECDSA,(f),(r),__FILE__,__LINE__)
808 -# define ECDHerr(f,r) ERR_PUT_error(ERR_LIB_ECDH,(f),(r),__FILE__,__LINE__)
809 -# define STOREerr(f,r) ERR_PUT_error(ERR_LIB_STORE,(f),(r),__FILE__,__LINE__)
810 -# define FIPSerr(f,r) ERR_PUT_error(ERR_LIB_FIPS,(f),(r),__FILE__,__LINE__)
811 -# define CMSerr(f,r) ERR_PUT_error(ERR_LIB_CMS,(f),(r),__FILE__,__LINE__)
812 -# define TSerr(f,r) ERR_PUT_error(ERR_LIB_TS,(f),(r),__FILE__,__LINE__)
813 -# define HMACerr(f,r) ERR_PUT_error(ERR_LIB_HMAC,(f),(r),__FILE__,__LINE__)
814 -# define JPAKEerr(f,r) ERR_PUT_error(ERR_LIB_JPAKE,(f),(r),__FILE__,__LINE__)
815 +# define SYSerr(f,r) ERR_PUT_error(ERR_LIB_SYS,(f),(r),OPENSSL_FILE,OPENSSL_LINE)
816 +# define BNerr(f,r) ERR_PUT_error(ERR_LIB_BN,(f),(r),OPENSSL_FILE,OPENSSL_LINE)
817 +# define RSAerr(f,r) ERR_PUT_error(ERR_LIB_RSA,(f),(r),OPENSSL_FILE,OPENSSL_LINE)
818 +# define DHerr(f,r) ERR_PUT_error(ERR_LIB_DH,(f),(r),OPENSSL_FILE,OPENSSL_LINE)
819 +# define EVPerr(f,r) ERR_PUT_error(ERR_LIB_EVP,(f),(r),OPENSSL_FILE,OPENSSL_LINE)
820 +# define BUFerr(f,r) ERR_PUT_error(ERR_LIB_BUF,(f),(r),OPENSSL_FILE,OPENSSL_LINE)
821 +# define OBJerr(f,r) ERR_PUT_error(ERR_LIB_OBJ,(f),(r),OPENSSL_FILE,OPENSSL_LINE)
822 +# define PEMerr(f,r) ERR_PUT_error(ERR_LIB_PEM,(f),(r),OPENSSL_FILE,OPENSSL_LINE)
823 +# define DSAerr(f,r) ERR_PUT_error(ERR_LIB_DSA,(f),(r),OPENSSL_FILE,OPENSSL_LINE)
824 +# define X509err(f,r) ERR_PUT_error(ERR_LIB_X509,(f),(r),OPENSSL_FILE,OPENSSL_LINE)
825 +# define ASN1err(f,r) ERR_PUT_error(ERR_LIB_ASN1,(f),(r),OPENSSL_FILE,OPENSSL_LINE)
826 +# define CONFerr(f,r) ERR_PUT_error(ERR_LIB_CONF,(f),(r),OPENSSL_FILE,OPENSSL_LINE)
827 +# define CRYPTOerr(f,r) ERR_PUT_error(ERR_LIB_CRYPTO,(f),(r),OPENSSL_FILE,OPENSSL_LINE)
828 +# define ECerr(f,r) ERR_PUT_error(ERR_LIB_EC,(f),(r),OPENSSL_FILE,OPENSSL_LINE)
829 +# define SSLerr(f,r) ERR_PUT_error(ERR_LIB_SSL,(f),(r),OPENSSL_FILE,OPENSSL_LINE)
830 +# define BIOerr(f,r) ERR_PUT_error(ERR_LIB_BIO,(f),(r),OPENSSL_FILE,OPENSSL_LINE)
831 +# define PKCS7err(f,r) ERR_PUT_error(ERR_LIB_PKCS7,(f),(r),OPENSSL_FILE,OPENSSL_LINE)
832 +# define X509V3err(f,r) ERR_PUT_error(ERR_LIB_X509V3,(f),(r),OPENSSL_FILE,OPENSSL_LINE)
833 +# define PKCS12err(f,r) ERR_PUT_error(ERR_LIB_PKCS12,(f),(r),OPENSSL_FILE,OPENSSL_LINE)
834 +# define RANDerr(f,r) ERR_PUT_error(ERR_LIB_RAND,(f),(r),OPENSSL_FILE,OPENSSL_LINE)
835 +# define DSOerr(f,r) ERR_PUT_error(ERR_LIB_DSO,(f),(r),OPENSSL_FILE,OPENSSL_LINE)
836 +# define ENGINEerr(f,r) ERR_PUT_error(ERR_LIB_ENGINE,(f),(r),OPENSSL_FILE,OPENSSL_LINE)
837 +# define OCSPerr(f,r) ERR_PUT_error(ERR_LIB_OCSP,(f),(r),OPENSSL_FILE,OPENSSL_LINE)
838 +# define UIerr(f,r) ERR_PUT_error(ERR_LIB_UI,(f),(r),OPENSSL_FILE,OPENSSL_LINE)
839 +# define COMPerr(f,r) ERR_PUT_error(ERR_LIB_COMP,(f),(r),OPENSSL_FILE,OPENSSL_LINE)
840 +# define ECDSAerr(f,r) ERR_PUT_error(ERR_LIB_ECDSA,(f),(r),OPENSSL_FILE,OPENSSL_LINE)
841 +# define ECDHerr(f,r) ERR_PUT_error(ERR_LIB_ECDH,(f),(r),OPENSSL_FILE,OPENSSL_LINE)
842 +# define STOREerr(f,r) ERR_PUT_error(ERR_LIB_STORE,(f),(r),OPENSSL_FILE,OPENSSL_LINE)
843 +# define FIPSerr(f,r) ERR_PUT_error(ERR_LIB_FIPS,(f),(r),OPENSSL_FILE,OPENSSL_LINE)
844 +# define CMSerr(f,r) ERR_PUT_error(ERR_LIB_CMS,(f),(r),OPENSSL_FILE,OPENSSL_LINE)
845 +# define TSerr(f,r) ERR_PUT_error(ERR_LIB_TS,(f),(r),OPENSSL_FILE,OPENSSL_LINE)
846 +# define HMACerr(f,r) ERR_PUT_error(ERR_LIB_HMAC,(f),(r),OPENSSL_FILE,OPENSSL_LINE)
847 +# define JPAKEerr(f,r) ERR_PUT_error(ERR_LIB_JPAKE,(f),(r),OPENSSL_FILE,OPENSSL_LINE)
850 * Borland C seems too stupid to be able to shift and do longs in the
851 diff --git a/crypto/opensslconf.h.in b/crypto/opensslconf.h.in
852 index 7a1c85d..7162c0f 100644
853 --- a/crypto/opensslconf.h.in
854 +++ b/crypto/opensslconf.h.in
856 /* crypto/opensslconf.h.in */
858 +#ifndef OPENSSL_FILE
859 +#ifdef OPENSSL_NO_FILENAMES
860 +#define OPENSSL_FILE ""
861 +#define OPENSSL_LINE 0
863 +#define OPENSSL_FILE __FILE__
864 +#define OPENSSL_LINE __LINE__
868 /* Generate 80386 code? */
875 -#if defined(HEADER_BN_H) && !defined(CONFIG_HEADER_BN_H)
876 +#if defined(HEADER_BN_H) && !defined(CONFIG_HEADER_BN_H) && !defined(OPENSSL_SYSNAME_UEFI)
877 #define CONFIG_HEADER_BN_H
880 diff --git a/crypto/pem/pem.h b/crypto/pem/pem.h
881 index d3b23fc..87b0b6a 100644
882 --- a/crypto/pem/pem.h
883 +++ b/crypto/pem/pem.h
884 @@ -324,6 +324,7 @@ int PEM_write_bio_##name(BIO *bp, type *x, const EVP_CIPHER *enc, \
886 # define DECLARE_PEM_read_fp(name, type) /**/
887 # define DECLARE_PEM_write_fp(name, type) /**/
888 +# define DECLARE_PEM_write_fp_const(name, type) /**/
889 # define DECLARE_PEM_write_cb_fp(name, type) /**/
892 @@ -417,6 +418,7 @@ int PEM_X509_INFO_write_bio(BIO *bp, X509_INFO *xi, EVP_CIPHER *enc,
893 pem_password_cb *cd, void *u);
896 +#ifndef OPENSSL_NO_FP_API
897 int PEM_read(FILE *fp, char **name, char **header,
898 unsigned char **data, long *len);
899 int PEM_write(FILE *fp, const char *name, const char *hdr,
900 @@ -428,6 +430,7 @@ int PEM_ASN1_write(i2d_of_void *i2d, const char *name, FILE *fp,
901 int klen, pem_password_cb *callback, void *u);
902 STACK_OF(X509_INFO) *PEM_X509_INFO_read(FILE *fp, STACK_OF(X509_INFO) *sk,
903 pem_password_cb *cb, void *u);
906 int PEM_SealInit(PEM_ENCODE_SEAL_CTX *ctx, EVP_CIPHER *type,
907 EVP_MD *md_type, unsigned char **ek, int *ekl,
908 @@ -494,6 +497,7 @@ int i2d_PKCS8PrivateKey_nid_bio(BIO *bp, EVP_PKEY *x, int nid,
909 EVP_PKEY *d2i_PKCS8PrivateKey_bio(BIO *bp, EVP_PKEY **x, pem_password_cb *cb,
912 +#ifndef OPENSSL_NO_FP_API
913 int i2d_PKCS8PrivateKey_fp(FILE *fp, EVP_PKEY *x, const EVP_CIPHER *enc,
914 char *kstr, int klen,
915 pem_password_cb *cb, void *u);
916 @@ -510,7 +514,7 @@ EVP_PKEY *d2i_PKCS8PrivateKey_fp(FILE *fp, EVP_PKEY **x, pem_password_cb *cb,
917 int PEM_write_PKCS8PrivateKey(FILE *fp, EVP_PKEY *x, const EVP_CIPHER *enc,
918 char *kstr, int klen, pem_password_cb *cd,
922 EVP_PKEY *PEM_read_bio_Parameters(BIO *bp, EVP_PKEY **x);
923 int PEM_write_bio_Parameters(BIO *bp, EVP_PKEY *x);
925 diff --git a/crypto/pem/pem_pk8.c b/crypto/pem/pem_pk8.c
926 index 5747c73..fe465cc 100644
927 --- a/crypto/pem/pem_pk8.c
928 +++ b/crypto/pem/pem_pk8.c
930 static int do_pk8pkey(BIO *bp, EVP_PKEY *x, int isder,
931 int nid, const EVP_CIPHER *enc,
932 char *kstr, int klen, pem_password_cb *cb, void *u);
934 +#ifndef OPENSSL_NO_FP_API
935 static int do_pk8pkey_fp(FILE *bp, EVP_PKEY *x, int isder,
936 int nid, const EVP_CIPHER *enc,
937 char *kstr, int klen, pem_password_cb *cb, void *u);
941 * These functions write a private key in PKCS#8 format: it is a "drop in"
942 * replacement for PEM_write_bio_PrivateKey() and friends. As usual if 'enc'
943 diff --git a/crypto/pkcs7/pk7_smime.c b/crypto/pkcs7/pk7_smime.c
944 index c4d3724..0bc3d43 100644
945 --- a/crypto/pkcs7/pk7_smime.c
946 +++ b/crypto/pkcs7/pk7_smime.c
948 #include <openssl/x509.h>
949 #include <openssl/x509v3.h>
952 +#define BUFFERSIZE 4096
954 static int pkcs7_copy_existing_digest(PKCS7 *p7, PKCS7_SIGNER_INFO *si);
956 PKCS7 *PKCS7_sign(X509 *signcert, EVP_PKEY *pkey, STACK_OF(X509) *certs,
957 @@ -254,7 +257,7 @@ int PKCS7_verify(PKCS7 *p7, STACK_OF(X509) *certs, X509_STORE *store,
958 STACK_OF(PKCS7_SIGNER_INFO) *sinfos;
959 PKCS7_SIGNER_INFO *si;
960 X509_STORE_CTX cert_ctx;
963 int i, j = 0, k, ret = 0;
965 BIO *tmpin = NULL, *tmpout = NULL;
966 @@ -274,12 +277,29 @@ int PKCS7_verify(PKCS7 *p7, STACK_OF(X509) *certs, X509_STORE *store,
967 PKCS7err(PKCS7_F_PKCS7_VERIFY, PKCS7_R_NO_CONTENT);
972 + * NB: this test commented out because some versions of Netscape
973 + * illegally include zero length content when signing data. Also
974 + * Microsoft Authenticode includes a SpcIndirectDataContent data
975 + * structure which describes the content to be protected by the
976 + * signature, rather than directly embedding that content. So
977 + * Authenticode implementations are also expected to use
978 + * PKCS7_verify() with explicit external data, on non-detached
979 + * PKCS#7 signatures.
981 + * In OpenSSL 1.1 a new flag PKCS7_NO_DUAL_CONTENT has been
982 + * introduced to disable this sanity check. For the 1.0.2 branch
983 + * this change is not acceptable, so the check remains completely
984 + * commented out (as it has been for a long time).
987 /* Check for data and content: two sets of data */
988 if (!PKCS7_get_detached(p7) && indata) {
989 PKCS7err(PKCS7_F_PKCS7_VERIFY, PKCS7_R_CONTENT_AND_DATA_PRESENT);
994 sinfos = PKCS7_get_signer_info(p7);
996 @@ -356,8 +376,12 @@ int PKCS7_verify(PKCS7 *p7, STACK_OF(X509) *certs, X509_STORE *store,
999 /* We now have to 'read' from p7bio to calculate digests etc. */
1000 + if ((buf = OPENSSL_malloc(BUFFERSIZE)) == NULL) {
1001 + PKCS7err(PKCS7_F_PKCS7_VERIFY, ERR_R_MALLOC_FAILURE);
1005 - i = BIO_read(p7bio, buf, sizeof(buf));
1006 + i = BIO_read(p7bio, buf, BUFFERSIZE);
1010 @@ -388,6 +412,7 @@ int PKCS7_verify(PKCS7 *p7, STACK_OF(X509) *certs, X509_STORE *store,
1014 + OPENSSL_free(buf);
1015 if (tmpin == indata) {
1018 @@ -506,7 +531,7 @@ int PKCS7_decrypt(PKCS7 *p7, EVP_PKEY *pkey, X509 *cert, BIO *data, int flags)
1026 PKCS7err(PKCS7_F_PKCS7_DECRYPT, PKCS7_R_INVALID_NULL_POINTER);
1027 @@ -550,24 +575,29 @@ int PKCS7_decrypt(PKCS7 *p7, EVP_PKEY *pkey, X509 *cert, BIO *data, int flags)
1029 BIO_free_all(bread);
1033 - i = BIO_read(tmpmem, buf, sizeof(buf));
1036 - if (BIO_method_type(tmpmem) == BIO_TYPE_CIPHER) {
1037 - if (!BIO_get_cipher_status(tmpmem))
1043 - if (BIO_write(data, buf, i) != i) {
1047 + if ((buf = OPENSSL_malloc(BUFFERSIZE)) == NULL) {
1048 + PKCS7err(PKCS7_F_PKCS7_DECRYPT, ERR_R_MALLOC_FAILURE);
1052 + i = BIO_read(tmpmem, buf, BUFFERSIZE);
1055 + if (BIO_method_type(tmpmem) == BIO_TYPE_CIPHER) {
1056 + if (!BIO_get_cipher_status(tmpmem))
1062 + if (BIO_write(data, buf, i) != i) {
1066 - BIO_free_all(tmpmem);
1070 + OPENSSL_free(buf);
1071 + BIO_free_all(tmpmem);
1074 diff --git a/crypto/rand/rand_egd.c b/crypto/rand/rand_egd.c
1075 index 737aebf..f23f348 100644
1076 --- a/crypto/rand/rand_egd.c
1077 +++ b/crypto/rand/rand_egd.c
1079 * RAND_egd() is a wrapper for RAND_egd_bytes() with numbytes=255.
1082 -#if defined(OPENSSL_SYS_WIN32) || defined(OPENSSL_SYS_VMS) || defined(OPENSSL_SYS_MSDOS) || defined(OPENSSL_SYS_VXWORKS) || defined(OPENSSL_SYS_NETWARE) || defined(OPENSSL_SYS_VOS) || defined(OPENSSL_SYS_BEOS)
1083 +#if defined(OPENSSL_SYS_WIN32) || defined(OPENSSL_SYS_VMS) || defined(OPENSSL_SYS_MSDOS) || defined(OPENSSL_SYS_VXWORKS) || defined(OPENSSL_SYS_NETWARE) || defined(OPENSSL_SYS_VOS) || defined(OPENSSL_SYS_BEOS) || defined(OPENSSL_SYS_UEFI)
1084 int RAND_query_egd_bytes(const char *path, unsigned char *buf, int bytes)
1087 diff --git a/crypto/rand/rand_unix.c b/crypto/rand/rand_unix.c
1088 index 266111e..f60fac6 100644
1089 --- a/crypto/rand/rand_unix.c
1090 +++ b/crypto/rand/rand_unix.c
1092 #include <openssl/rand.h>
1093 #include "rand_lcl.h"
1095 -#if !(defined(OPENSSL_SYS_WINDOWS) || defined(OPENSSL_SYS_WIN32) || defined(OPENSSL_SYS_VMS) || defined(OPENSSL_SYS_OS2) || defined(OPENSSL_SYS_VXWORKS) || defined(OPENSSL_SYS_NETWARE))
1096 +#if !(defined(OPENSSL_SYS_WINDOWS) || defined(OPENSSL_SYS_WIN32) || defined(OPENSSL_SYS_VMS) || defined(OPENSSL_SYS_OS2) || defined(OPENSSL_SYS_VXWORKS) || defined(OPENSSL_SYS_NETWARE) || defined(OPENSSL_SYS_UEFI))
1098 # include <sys/types.h>
1099 # include <sys/time.h>
1100 @@ -439,7 +439,7 @@ int RAND_poll(void)
1101 * defined(OPENSSL_SYS_VXWORKS) ||
1102 * defined(OPENSSL_SYS_NETWARE)) */
1104 -#if defined(OPENSSL_SYS_VXWORKS)
1105 +#if defined(OPENSSL_SYS_VXWORKS) || defined(OPENSSL_SYS_UEFI)
1109 diff --git a/crypto/rsa/rsa_ameth.c b/crypto/rsa/rsa_ameth.c
1110 index 4e06218..ddead3d 100644
1111 --- a/crypto/rsa/rsa_ameth.c
1112 +++ b/crypto/rsa/rsa_ameth.c
1115 #include "asn1_locl.h"
1117 +#ifndef OPENSSL_NO_CMS
1118 static int rsa_cms_sign(CMS_SignerInfo *si);
1119 static int rsa_cms_verify(CMS_SignerInfo *si);
1120 static int rsa_cms_decrypt(CMS_RecipientInfo *ri);
1121 static int rsa_cms_encrypt(CMS_RecipientInfo *ri);
1124 static int rsa_pub_encode(X509_PUBKEY *pk, const EVP_PKEY *pkey)
1126 @@ -665,6 +667,7 @@ static int rsa_pss_to_ctx(EVP_MD_CTX *ctx, EVP_PKEY_CTX *pkctx,
1130 +#ifndef OPENSSL_NO_CMS
1131 static int rsa_cms_verify(CMS_SignerInfo *si)
1134 @@ -683,6 +686,7 @@ static int rsa_cms_verify(CMS_SignerInfo *si)
1141 * Customised RSA item verification routine. This is called when a signature
1142 @@ -705,6 +709,7 @@ static int rsa_item_verify(EVP_MD_CTX *ctx, const ASN1_ITEM *it, void *asn,
1146 +#ifndef OPENSSL_NO_CMS
1147 static int rsa_cms_sign(CMS_SignerInfo *si)
1149 int pad_mode = RSA_PKCS1_PADDING;
1150 @@ -729,6 +734,7 @@ static int rsa_cms_sign(CMS_SignerInfo *si)
1151 X509_ALGOR_set0(alg, OBJ_nid2obj(NID_rsassaPss), V_ASN1_SEQUENCE, os);
1156 static int rsa_item_sign(EVP_MD_CTX *ctx, const ASN1_ITEM *it, void *asn,
1157 X509_ALGOR *alg1, X509_ALGOR *alg2,
1158 @@ -762,6 +768,7 @@ static int rsa_item_sign(EVP_MD_CTX *ctx, const ASN1_ITEM *it, void *asn,
1162 +#ifndef OPENSSL_NO_CMS
1163 static RSA_OAEP_PARAMS *rsa_oaep_decode(const X509_ALGOR *alg,
1164 X509_ALGOR **pmaskHash)
1166 @@ -920,6 +927,7 @@ static int rsa_cms_encrypt(CMS_RecipientInfo *ri)
1167 ASN1_STRING_free(os);
1172 const EVP_PKEY_ASN1_METHOD rsa_asn1_meths[] = {
1174 diff --git a/crypto/srp/srp.h b/crypto/srp/srp.h
1175 index d072536..73b945f 100644
1176 --- a/crypto/srp/srp.h
1177 +++ b/crypto/srp/srp.h
1178 @@ -114,7 +114,9 @@ DECLARE_STACK_OF(SRP_gN)
1180 SRP_VBASE *SRP_VBASE_new(char *seed_key);
1181 int SRP_VBASE_free(SRP_VBASE *vb);
1182 +#ifndef OPENSSL_NO_STDIO
1183 int SRP_VBASE_init(SRP_VBASE *vb, char *verifier_file);
1185 SRP_user_pwd *SRP_VBASE_get_by_user(SRP_VBASE *vb, char *username);
1186 char *SRP_create_verifier(const char *user, const char *pass, char **salt,
1187 char **verifier, const char *N, const char *g);
1188 diff --git a/crypto/srp/srp_vfy.c b/crypto/srp/srp_vfy.c
1189 index a3f1a8a..3fbb186 100644
1190 --- a/crypto/srp/srp_vfy.c
1191 +++ b/crypto/srp/srp_vfy.c
1192 @@ -225,6 +225,7 @@ static int SRP_user_pwd_set_ids(SRP_user_pwd *vinfo, const char *id,
1193 return (info == NULL || NULL != (vinfo->info = BUF_strdup(info)));
1196 +#ifndef OPENSSL_NO_STDIO
1197 static int SRP_user_pwd_set_sv(SRP_user_pwd *vinfo, const char *s,
1200 @@ -239,6 +240,7 @@ static int SRP_user_pwd_set_sv(SRP_user_pwd *vinfo, const char *s,
1201 len = t_fromb64(tmp, s);
1202 return ((vinfo->s = BN_bin2bn(tmp, len, NULL)) != NULL);
1206 static int SRP_user_pwd_set_sv_BN(SRP_user_pwd *vinfo, BIGNUM *s, BIGNUM *v)
1208 @@ -279,6 +281,7 @@ int SRP_VBASE_free(SRP_VBASE *vb)
1212 +#ifndef OPENSSL_NO_STDIO
1213 static SRP_gN_cache *SRP_gN_new_init(const char *ch)
1215 unsigned char tmp[MAX_LEN];
1216 @@ -310,6 +313,7 @@ static void SRP_gN_free(SRP_gN_cache *gN_cache)
1217 BN_free(gN_cache->bn);
1218 OPENSSL_free(gN_cache);
1222 static SRP_gN *SRP_get_gN_by_id(const char *id, STACK_OF(SRP_gN) *gN_tab)
1224 @@ -326,6 +330,7 @@ static SRP_gN *SRP_get_gN_by_id(const char *id, STACK_OF(SRP_gN) *gN_tab)
1225 return SRP_get_default_gN(id);
1228 +#ifndef OPENSSL_NO_STDIO
1229 static BIGNUM *SRP_gN_place_bn(STACK_OF(SRP_gN_cache) *gN_cache, char *ch)
1232 @@ -467,6 +472,7 @@ int SRP_VBASE_init(SRP_VBASE *vb, char *verifier_file)
1238 SRP_user_pwd *SRP_VBASE_get_by_user(SRP_VBASE *vb, char *username)
1240 diff --git a/crypto/ts/ts.h b/crypto/ts/ts.h
1241 index 16eccbb..a9fe40e 100644
1242 --- a/crypto/ts/ts.h
1243 +++ b/crypto/ts/ts.h
1244 @@ -281,8 +281,10 @@ TS_REQ *d2i_TS_REQ(TS_REQ **a, const unsigned char **pp, long length);
1246 TS_REQ *TS_REQ_dup(TS_REQ *a);
1248 +#ifndef OPENSSL_NO_FP_API
1249 TS_REQ *d2i_TS_REQ_fp(FILE *fp, TS_REQ **a);
1250 int i2d_TS_REQ_fp(FILE *fp, TS_REQ *a);
1252 TS_REQ *d2i_TS_REQ_bio(BIO *fp, TS_REQ **a);
1253 int i2d_TS_REQ_bio(BIO *fp, TS_REQ *a);
1255 @@ -294,10 +296,12 @@ TS_MSG_IMPRINT *d2i_TS_MSG_IMPRINT(TS_MSG_IMPRINT **a,
1257 TS_MSG_IMPRINT *TS_MSG_IMPRINT_dup(TS_MSG_IMPRINT *a);
1259 +#ifndef OPENSSL_NO_FP_API
1260 TS_MSG_IMPRINT *d2i_TS_MSG_IMPRINT_fp(FILE *fp, TS_MSG_IMPRINT **a);
1261 int i2d_TS_MSG_IMPRINT_fp(FILE *fp, TS_MSG_IMPRINT *a);
1262 -TS_MSG_IMPRINT *d2i_TS_MSG_IMPRINT_bio(BIO *fp, TS_MSG_IMPRINT **a);
1263 -int i2d_TS_MSG_IMPRINT_bio(BIO *fp, TS_MSG_IMPRINT *a);
1265 +TS_MSG_IMPRINT *d2i_TS_MSG_IMPRINT_bio(BIO *bio, TS_MSG_IMPRINT **a);
1266 +int i2d_TS_MSG_IMPRINT_bio(BIO *bio, TS_MSG_IMPRINT *a);
1268 TS_RESP *TS_RESP_new(void);
1269 void TS_RESP_free(TS_RESP *a);
1270 @@ -306,10 +310,12 @@ TS_RESP *d2i_TS_RESP(TS_RESP **a, const unsigned char **pp, long length);
1271 TS_TST_INFO *PKCS7_to_TS_TST_INFO(PKCS7 *token);
1272 TS_RESP *TS_RESP_dup(TS_RESP *a);
1274 +#ifndef OPENSSL_NO_FP_API
1275 TS_RESP *d2i_TS_RESP_fp(FILE *fp, TS_RESP **a);
1276 int i2d_TS_RESP_fp(FILE *fp, TS_RESP *a);
1277 -TS_RESP *d2i_TS_RESP_bio(BIO *fp, TS_RESP **a);
1278 -int i2d_TS_RESP_bio(BIO *fp, TS_RESP *a);
1280 +TS_RESP *d2i_TS_RESP_bio(BIO *bio, TS_RESP **a);
1281 +int i2d_TS_RESP_bio(BIO *bio, TS_RESP *a);
1283 TS_STATUS_INFO *TS_STATUS_INFO_new(void);
1284 void TS_STATUS_INFO_free(TS_STATUS_INFO *a);
1285 @@ -325,10 +331,12 @@ TS_TST_INFO *d2i_TS_TST_INFO(TS_TST_INFO **a, const unsigned char **pp,
1287 TS_TST_INFO *TS_TST_INFO_dup(TS_TST_INFO *a);
1289 +#ifndef OPENSSL_NO_FP_API
1290 TS_TST_INFO *d2i_TS_TST_INFO_fp(FILE *fp, TS_TST_INFO **a);
1291 int i2d_TS_TST_INFO_fp(FILE *fp, TS_TST_INFO *a);
1292 -TS_TST_INFO *d2i_TS_TST_INFO_bio(BIO *fp, TS_TST_INFO **a);
1293 -int i2d_TS_TST_INFO_bio(BIO *fp, TS_TST_INFO *a);
1295 +TS_TST_INFO *d2i_TS_TST_INFO_bio(BIO *bio, TS_TST_INFO **a);
1296 +int i2d_TS_TST_INFO_bio(BIO *bio, TS_TST_INFO *a);
1298 TS_ACCURACY *TS_ACCURACY_new(void);
1299 void TS_ACCURACY_free(TS_ACCURACY *a);
1300 @@ -728,15 +736,18 @@ int TS_MSG_IMPRINT_print_bio(BIO *bio, TS_MSG_IMPRINT *msg);
1304 +#ifndef OPENSSL_NO_STDIO
1305 X509 *TS_CONF_load_cert(const char *file);
1306 STACK_OF(X509) *TS_CONF_load_certs(const char *file);
1307 EVP_PKEY *TS_CONF_load_key(const char *file, const char *pass);
1309 const char *TS_CONF_get_tsa_section(CONF *conf, const char *section);
1310 int TS_CONF_set_serial(CONF *conf, const char *section, TS_serial_cb cb,
1312 int TS_CONF_set_crypto_device(CONF *conf, const char *section,
1313 const char *device);
1314 int TS_CONF_set_default_engine(const char *name);
1315 +#ifndef OPENSSL_NO_STDIO
1316 int TS_CONF_set_signer_cert(CONF *conf, const char *section,
1317 const char *cert, TS_RESP_CTX *ctx);
1318 int TS_CONF_set_certs(CONF *conf, const char *section, const char *certs,
1319 @@ -744,6 +755,7 @@ int TS_CONF_set_certs(CONF *conf, const char *section, const char *certs,
1320 int TS_CONF_set_signer_key(CONF *conf, const char *section,
1321 const char *key, const char *pass,
1324 int TS_CONF_set_def_policy(CONF *conf, const char *section,
1325 const char *policy, TS_RESP_CTX *ctx);
1326 int TS_CONF_set_policies(CONF *conf, const char *section, TS_RESP_CTX *ctx);
1327 @@ -784,6 +796,11 @@ void ERR_load_TS_strings(void);
1328 # define TS_F_TS_CHECK_SIGNING_CERTS 103
1329 # define TS_F_TS_CHECK_STATUS_INFO 104
1330 # define TS_F_TS_COMPUTE_IMPRINT 145
1331 +# define TS_F_TS_CONF_INVALID 151
1332 +# define TS_F_TS_CONF_LOAD_CERT 153
1333 +# define TS_F_TS_CONF_LOAD_CERTS 154
1334 +# define TS_F_TS_CONF_LOAD_KEY 155
1335 +# define TS_F_TS_CONF_LOOKUP_FAIL 152
1336 # define TS_F_TS_CONF_SET_DEFAULT_ENGINE 146
1337 # define TS_F_TS_GET_STATUS_TEXT 105
1338 # define TS_F_TS_MSG_IMPRINT_SET_ALGO 118
1339 @@ -822,6 +839,8 @@ void ERR_load_TS_strings(void);
1341 # define TS_R_BAD_PKCS7_TYPE 132
1342 # define TS_R_BAD_TYPE 133
1343 +# define TS_R_CANNOT_LOAD_CERT 137
1344 +# define TS_R_CANNOT_LOAD_KEY 138
1345 # define TS_R_CERTIFICATE_VERIFY_ERROR 100
1346 # define TS_R_COULD_NOT_SET_ENGINE 127
1347 # define TS_R_COULD_NOT_SET_TIME 115
1348 @@ -854,6 +873,8 @@ void ERR_load_TS_strings(void);
1349 # define TS_R_UNACCEPTABLE_POLICY 125
1350 # define TS_R_UNSUPPORTED_MD_ALGORITHM 126
1351 # define TS_R_UNSUPPORTED_VERSION 113
1352 +# define TS_R_VAR_BAD_VALUE 135
1353 +# define TS_R_VAR_LOOKUP_FAILURE 136
1354 # define TS_R_WRONG_CONTENT_TYPE 114
1357 diff --git a/crypto/ts/ts_conf.c b/crypto/ts/ts_conf.c
1358 index 4716b23..c4416ba 100644
1359 --- a/crypto/ts/ts_conf.c
1360 +++ b/crypto/ts/ts_conf.c
1363 /* Function definitions for certificate and key loading. */
1365 +#ifndef OPENSSL_NO_STDIO
1366 X509 *TS_CONF_load_cert(const char *file)
1369 @@ -102,7 +103,7 @@ X509 *TS_CONF_load_cert(const char *file)
1370 x = PEM_read_bio_X509_AUX(cert, NULL, NULL, NULL);
1373 - fprintf(stderr, "unable to load certificate: %s\n", file);
1374 + TSerr(TS_F_TS_CONF_LOAD_CERT, TS_R_CANNOT_LOAD_CERT);
1378 @@ -129,7 +130,7 @@ STACK_OF(X509) *TS_CONF_load_certs(const char *file)
1381 if (othercerts == NULL)
1382 - fprintf(stderr, "unable to load certificates: %s\n", file);
1383 + TSerr(TS_F_TS_CONF_LOAD_CERTS, TS_R_CANNOT_LOAD_CERT);
1384 sk_X509_INFO_pop_free(allcerts, X509_INFO_free);
1387 @@ -145,21 +146,24 @@ EVP_PKEY *TS_CONF_load_key(const char *file, const char *pass)
1388 pkey = PEM_read_bio_PrivateKey(key, NULL, NULL, (char *)pass);
1391 - fprintf(stderr, "unable to load private key: %s\n", file);
1392 + TSerr(TS_F_TS_CONF_LOAD_KEY, TS_R_CANNOT_LOAD_KEY);
1396 +#endif /* !OPENSSL_NO_STDIO */
1398 /* Function definitions for handling configuration options. */
1400 static void TS_CONF_lookup_fail(const char *name, const char *tag)
1402 - fprintf(stderr, "variable lookup failed for %s::%s\n", name, tag);
1403 + TSerr(TS_F_TS_CONF_LOOKUP_FAIL, TS_R_VAR_LOOKUP_FAILURE);
1404 + ERR_add_error_data(3, name, "::", tag);
1407 static void TS_CONF_invalid(const char *name, const char *tag)
1409 - fprintf(stderr, "invalid variable value for %s::%s\n", name, tag);
1410 + TSerr(TS_F_TS_CONF_INVALID, TS_R_VAR_BAD_VALUE);
1411 + ERR_add_error_data(3, name, "::", tag);
1414 const char *TS_CONF_get_tsa_section(CONF *conf, const char *section)
1415 @@ -237,6 +241,7 @@ int TS_CONF_set_default_engine(const char *name)
1419 +#ifndef OPENSSL_NO_STDIO
1420 int TS_CONF_set_signer_cert(CONF *conf, const char *section,
1421 const char *cert, TS_RESP_CTX *ctx)
1423 @@ -302,6 +307,7 @@ int TS_CONF_set_signer_key(CONF *conf, const char *section,
1424 EVP_PKEY_free(key_obj);
1427 +#endif /* !OPENSSL_NO_STDIO */
1429 int TS_CONF_set_def_policy(CONF *conf, const char *section,
1430 const char *policy, TS_RESP_CTX *ctx)
1431 diff --git a/crypto/ts/ts_err.c b/crypto/ts/ts_err.c
1432 index ff1abf4..3f5b78f 100644
1433 --- a/crypto/ts/ts_err.c
1434 +++ b/crypto/ts/ts_err.c
1436 /* crypto/ts/ts_err.c */
1437 /* ====================================================================
1438 - * Copyright (c) 1999-2007 The OpenSSL Project. All rights reserved.
1439 + * Copyright (c) 1999-2015 The OpenSSL Project. All rights reserved.
1441 * Redistribution and use in source and binary forms, with or without
1442 * modification, are permitted provided that the following conditions
1443 @@ -87,6 +87,11 @@ static ERR_STRING_DATA TS_str_functs[] = {
1444 {ERR_FUNC(TS_F_TS_CHECK_SIGNING_CERTS), "TS_CHECK_SIGNING_CERTS"},
1445 {ERR_FUNC(TS_F_TS_CHECK_STATUS_INFO), "TS_CHECK_STATUS_INFO"},
1446 {ERR_FUNC(TS_F_TS_COMPUTE_IMPRINT), "TS_COMPUTE_IMPRINT"},
1447 + {ERR_FUNC(TS_F_TS_CONF_INVALID), "ts_CONF_invalid"},
1448 + {ERR_FUNC(TS_F_TS_CONF_LOAD_CERT), "TS_CONF_load_cert"},
1449 + {ERR_FUNC(TS_F_TS_CONF_LOAD_CERTS), "TS_CONF_load_certs"},
1450 + {ERR_FUNC(TS_F_TS_CONF_LOAD_KEY), "TS_CONF_load_key"},
1451 + {ERR_FUNC(TS_F_TS_CONF_LOOKUP_FAIL), "ts_CONF_lookup_fail"},
1452 {ERR_FUNC(TS_F_TS_CONF_SET_DEFAULT_ENGINE), "TS_CONF_set_default_engine"},
1453 {ERR_FUNC(TS_F_TS_GET_STATUS_TEXT), "TS_GET_STATUS_TEXT"},
1454 {ERR_FUNC(TS_F_TS_MSG_IMPRINT_SET_ALGO), "TS_MSG_IMPRINT_set_algo"},
1455 @@ -132,6 +137,8 @@ static ERR_STRING_DATA TS_str_functs[] = {
1456 static ERR_STRING_DATA TS_str_reasons[] = {
1457 {ERR_REASON(TS_R_BAD_PKCS7_TYPE), "bad pkcs7 type"},
1458 {ERR_REASON(TS_R_BAD_TYPE), "bad type"},
1459 + {ERR_REASON(TS_R_CANNOT_LOAD_CERT), "cannot load certificate"},
1460 + {ERR_REASON(TS_R_CANNOT_LOAD_KEY), "cannot load private key"},
1461 {ERR_REASON(TS_R_CERTIFICATE_VERIFY_ERROR), "certificate verify error"},
1462 {ERR_REASON(TS_R_COULD_NOT_SET_ENGINE), "could not set engine"},
1463 {ERR_REASON(TS_R_COULD_NOT_SET_TIME), "could not set time"},
1464 @@ -170,6 +177,8 @@ static ERR_STRING_DATA TS_str_reasons[] = {
1465 {ERR_REASON(TS_R_UNACCEPTABLE_POLICY), "unacceptable policy"},
1466 {ERR_REASON(TS_R_UNSUPPORTED_MD_ALGORITHM), "unsupported md algorithm"},
1467 {ERR_REASON(TS_R_UNSUPPORTED_VERSION), "unsupported version"},
1468 + {ERR_REASON(TS_R_VAR_BAD_VALUE), "var bad value"},
1469 + {ERR_REASON(TS_R_VAR_LOOKUP_FAILURE), "cannot find config variable"},
1470 {ERR_REASON(TS_R_WRONG_CONTENT_TYPE), "wrong content type"},
1473 diff --git a/crypto/ui/ui_util.c b/crypto/ui/ui_util.c
1474 index 0f29011..80dd40e 100644
1475 --- a/crypto/ui/ui_util.c
1476 +++ b/crypto/ui/ui_util.c
1479 #include "ui_locl.h"
1485 int UI_UTIL_read_pw_string(char *buf, int length, const char *prompt,
1488 diff --git a/crypto/x509/by_dir.c b/crypto/x509/by_dir.c
1489 index 9ee8f8d..64b052e 100644
1490 --- a/crypto/x509/by_dir.c
1491 +++ b/crypto/x509/by_dir.c
1493 # include <sys/stat.h>
1496 +#ifndef OPENSSL_NO_STDIO
1498 #include <openssl/lhash.h>
1499 #include <openssl/x509.h>
1501 @@ -434,3 +436,5 @@ static int get_cert_by_subject(X509_LOOKUP *xl, int type, X509_NAME *name,
1506 +#endif /* OPENSSL_NO_STDIO */
1507 diff --git a/crypto/x509/x509_vfy.c b/crypto/x509/x509_vfy.c
1508 index 0429767..7ddc21c 100644
1509 --- a/crypto/x509/x509_vfy.c
1510 +++ b/crypto/x509/x509_vfy.c
1511 @@ -940,6 +940,8 @@ static int check_crl_time(X509_STORE_CTX *ctx, X509_CRL *crl, int notify)
1512 ctx->current_crl = crl;
1513 if (ctx->param->flags & X509_V_FLAG_USE_CHECK_TIME)
1514 ptime = &ctx->param->check_time;
1515 + else if (ctx->param->flags & X509_V_FLAG_NO_CHECK_TIME)
1520 @@ -1663,6 +1665,8 @@ static int check_cert_time(X509_STORE_CTX *ctx, X509 *x)
1522 if (ctx->param->flags & X509_V_FLAG_USE_CHECK_TIME)
1523 ptime = &ctx->param->check_time;
1524 + else if (ctx->param->flags & X509_V_FLAG_NO_CHECK_TIME)
1529 diff --git a/crypto/x509/x509_vfy.h b/crypto/x509/x509_vfy.h
1530 index 2663e1c..3790ef5 100644
1531 --- a/crypto/x509/x509_vfy.h
1532 +++ b/crypto/x509/x509_vfy.h
1533 @@ -438,6 +438,8 @@ void X509_STORE_CTX_set_depth(X509_STORE_CTX *ctx, int depth);
1534 * will force the behaviour to match that of previous versions.
1536 # define X509_V_FLAG_NO_ALT_CHAINS 0x100000
1537 +/* Do not check certificate/CRL validity against current time */
1538 +# define X509_V_FLAG_NO_CHECK_TIME 0x200000
1540 # define X509_VP_FLAG_DEFAULT 0x1
1541 # define X509_VP_FLAG_OVERWRITE 0x2
1542 @@ -490,9 +492,10 @@ void X509_STORE_CTX_cleanup(X509_STORE_CTX *ctx);
1543 X509_STORE *X509_STORE_CTX_get0_store(X509_STORE_CTX *ctx);
1545 X509_LOOKUP *X509_STORE_add_lookup(X509_STORE *v, X509_LOOKUP_METHOD *m);
1547 +#ifndef OPENSSL_NO_STDIO
1548 X509_LOOKUP_METHOD *X509_LOOKUP_hash_dir(void);
1549 X509_LOOKUP_METHOD *X509_LOOKUP_file(void);
1552 int X509_STORE_add_cert(X509_STORE *ctx, X509 *x);
1553 int X509_STORE_add_crl(X509_STORE *ctx, X509_CRL *x);
1554 diff --git a/crypto/x509v3/ext_dat.h b/crypto/x509v3/ext_dat.h
1555 index c3a6fce..09ebbca 100644
1556 --- a/crypto/x509v3/ext_dat.h
1557 +++ b/crypto/x509v3/ext_dat.h
1558 @@ -127,8 +127,10 @@ static const X509V3_EXT_METHOD *standard_exts[] = {
1562 +#ifndef OPENSSL_NO_SCT
1568 /* Number of standard extensions */
1569 diff --git a/crypto/x509v3/v3_pci.c b/crypto/x509v3/v3_pci.c
1570 index 34cad53..12f12a7 100644
1571 --- a/crypto/x509v3/v3_pci.c
1572 +++ b/crypto/x509v3/v3_pci.c
1573 @@ -149,6 +149,7 @@ static int process_pci_value(CONF_VALUE *val,
1576 OPENSSL_free(tmp_data2);
1577 +#ifndef OPENSSL_NO_STDIO
1578 } else if (strncmp(val->value, "file:", 5) == 0) {
1579 unsigned char buf[2048];
1581 @@ -181,6 +182,7 @@ static int process_pci_value(CONF_VALUE *val,
1582 X509V3_conf_err(val);
1585 +#endif /* !OPENSSL_NO_STDIO */
1586 } else if (strncmp(val->value, "text:", 5) == 0) {
1587 val_len = strlen(val->value + 5);
1588 tmp_data = OPENSSL_realloc((*policy)->data,
1589 diff --git a/crypto/x509v3/v3_scts.c b/crypto/x509v3/v3_scts.c
1590 index 0b7c681..1895b8f 100644
1591 --- a/crypto/x509v3/v3_scts.c
1592 +++ b/crypto/x509v3/v3_scts.c
1594 #include <openssl/asn1.h>
1595 #include <openssl/x509v3.h>
1597 +#ifndef OPENSSL_NO_SCT
1598 /* Signature and hash algorithms from RFC 5246 */
1599 #define TLSEXT_hash_sha256 4
1601 @@ -332,3 +333,4 @@ static int i2r_SCT_LIST(X509V3_EXT_METHOD *method, STACK_OF(SCT) *sct_list,
1606 diff --git a/crypto/x509v3/x509v3.h b/crypto/x509v3/x509v3.h
1607 index f5c6156..a2e78aa 100644
1608 --- a/crypto/x509v3/x509v3.h
1609 +++ b/crypto/x509v3/x509v3.h
1610 @@ -688,8 +688,9 @@ void X509V3_EXT_val_prn(BIO *out, STACK_OF(CONF_VALUE) *val, int indent,
1612 int X509V3_EXT_print(BIO *out, X509_EXTENSION *ext, unsigned long flag,
1614 +#ifndef OPENSSL_NO_FP_API
1615 int X509V3_EXT_print_fp(FILE *out, X509_EXTENSION *ext, int flag, int indent);
1618 int X509V3_extensions_print(BIO *out, char *title,
1619 STACK_OF(X509_EXTENSION) *exts,
1620 unsigned long flag, int indent);
1621 diff --git a/demos/engines/cluster_labs/hw_cluster_labs_err.h b/demos/engines/cluster_labs/hw_cluster_labs_err.h
1622 index 3300e11..e9e58d5 100644
1623 --- a/demos/engines/cluster_labs/hw_cluster_labs_err.h
1624 +++ b/demos/engines/cluster_labs/hw_cluster_labs_err.h
1625 @@ -67,7 +67,7 @@ extern "C" {
1626 static void ERR_load_CL_strings(void);
1627 static void ERR_unload_CL_strings(void);
1628 static void ERR_CL_error(int function, int reason, char *file, int line);
1629 -# define CLerr(f,r) ERR_CL_error((f),(r),__FILE__,__LINE__)
1630 +# define CLerr(f,r) ERR_CL_error((f),(r),OPENSSL_FILE,OPENSSL_LINE)
1632 /* Error codes for the CL functions. */
1634 diff --git a/demos/engines/ibmca/hw_ibmca_err.h b/demos/engines/ibmca/hw_ibmca_err.h
1635 index c17e0c9..10d0212 100644
1636 --- a/demos/engines/ibmca/hw_ibmca_err.h
1637 +++ b/demos/engines/ibmca/hw_ibmca_err.h
1638 @@ -67,7 +67,7 @@ extern "C" {
1639 static void ERR_load_IBMCA_strings(void);
1640 static void ERR_unload_IBMCA_strings(void);
1641 static void ERR_IBMCA_error(int function, int reason, char *file, int line);
1642 -# define IBMCAerr(f,r) ERR_IBMCA_error((f),(r),__FILE__,__LINE__)
1643 +# define IBMCAerr(f,r) ERR_IBMCA_error((f),(r),OPENSSL_FILE,OPENSSL_LINE)
1645 /* Error codes for the IBMCA functions. */
1647 diff --git a/demos/engines/rsaref/rsaref_err.h b/demos/engines/rsaref/rsaref_err.h
1648 index 4356815..598836f 100644
1649 --- a/demos/engines/rsaref/rsaref_err.h
1650 +++ b/demos/engines/rsaref/rsaref_err.h
1651 @@ -68,7 +68,7 @@ extern "C" {
1652 static void ERR_load_RSAREF_strings(void);
1653 static void ERR_unload_RSAREF_strings(void);
1654 static void ERR_RSAREF_error(int function, int reason, char *file, int line);
1655 -# define RSAREFerr(f,r) ERR_RSAREF_error((f),(r),__FILE__,__LINE__)
1656 +# define RSAREFerr(f,r) ERR_RSAREF_error((f),(r),OPENSSL_FILE,OPENSSL_LINE)
1657 /* Error codes for the RSAREF functions. */
1659 /* Function codes. */
1660 diff --git a/demos/engines/zencod/hw_zencod_err.h b/demos/engines/zencod/hw_zencod_err.h
1661 index f4a8358..94d3293 100644
1662 --- a/demos/engines/zencod/hw_zencod_err.h
1663 +++ b/demos/engines/zencod/hw_zencod_err.h
1664 @@ -67,7 +67,7 @@ extern "C" {
1665 static void ERR_load_ZENCOD_strings(void);
1666 static void ERR_unload_ZENCOD_strings(void);
1667 static void ERR_ZENCOD_error(int function, int reason, char *file, int line);
1668 -# define ZENCODerr(f,r) ERR_ZENCOD_error((f),(r),__FILE__,__LINE__)
1669 +# define ZENCODerr(f,r) ERR_ZENCOD_error((f),(r),OPENSSL_FILE,OPENSSL_LINE)
1671 /* Error codes for the ZENCOD functions. */
1673 diff --git a/doc/crypto/X509_VERIFY_PARAM_set_flags.pod b/doc/crypto/X509_VERIFY_PARAM_set_flags.pod
1674 index 44792f9..7f95d58 100644
1675 --- a/doc/crypto/X509_VERIFY_PARAM_set_flags.pod
1676 +++ b/doc/crypto/X509_VERIFY_PARAM_set_flags.pod
1677 @@ -203,6 +203,10 @@ chain found is not trusted, then OpenSSL will continue to check to see if an
1678 alternative chain can be found that is trusted. With this flag set the behaviour
1679 will match that of OpenSSL versions prior to 1.0.2b.
1681 +The B<X509_V_FLAG_NO_CHECK_TIME> flag suppresses checking the validity period
1682 +of certificates and CRLs against the current time. If X509_VERIFY_PARAM_set_time()
1683 +is used to specify a verification time, the check is not suppressed.
1687 The above functions should be used to manipulate verification parameters
1688 diff --git a/doc/crypto/threads.pod b/doc/crypto/threads.pod
1689 index dc0e939..fe123bb 100644
1690 --- a/doc/crypto/threads.pod
1691 +++ b/doc/crypto/threads.pod
1692 @@ -51,15 +51,15 @@ CRYPTO_destroy_dynlockid, CRYPTO_lock - OpenSSL thread support
1693 void CRYPTO_lock(int mode, int n, const char *file, int line);
1695 #define CRYPTO_w_lock(type) \
1696 - CRYPTO_lock(CRYPTO_LOCK|CRYPTO_WRITE,type,__FILE__,__LINE__)
1697 + CRYPTO_lock(CRYPTO_LOCK|CRYPTO_WRITE,type,OPENSSL_FILE,OPENSSL_LINE)
1698 #define CRYPTO_w_unlock(type) \
1699 - CRYPTO_lock(CRYPTO_UNLOCK|CRYPTO_WRITE,type,__FILE__,__LINE__)
1700 + CRYPTO_lock(CRYPTO_UNLOCK|CRYPTO_WRITE,type,OPENSSL_FILE,OPENSSL_LINE)
1701 #define CRYPTO_r_lock(type) \
1702 - CRYPTO_lock(CRYPTO_LOCK|CRYPTO_READ,type,__FILE__,__LINE__)
1703 + CRYPTO_lock(CRYPTO_LOCK|CRYPTO_READ,type,OPENSSL_FILE,OPENSSL_LINE)
1704 #define CRYPTO_r_unlock(type) \
1705 - CRYPTO_lock(CRYPTO_UNLOCK|CRYPTO_READ,type,__FILE__,__LINE__)
1706 + CRYPTO_lock(CRYPTO_UNLOCK|CRYPTO_READ,type,OPENSSL_FILE,OPENSSL_LINE)
1707 #define CRYPTO_add(addr,amount,type) \
1708 - CRYPTO_add_lock(addr,amount,type,__FILE__,__LINE__)
1709 + CRYPTO_add_lock(addr,amount,type,OPENSSL_FILE,OPENSSL_LINE)
1713 diff --git a/e_os.h b/e_os.h
1714 index 1fa36c1..3e9dae2 100644
1717 @@ -136,7 +136,7 @@ extern "C" {
1721 -# if defined(MSDOS) && !defined(GETPID_IS_MEANINGLESS)
1722 +# if (defined(MSDOS) || defined(OPENSSL_SYS_UEFI)) && !defined(GETPID_IS_MEANINGLESS)
1723 # define GETPID_IS_MEANINGLESS
1726 diff --git a/e_os2.h b/e_os2.h
1727 index 7be9989..909e22f 100644
1730 @@ -97,7 +97,14 @@ extern "C" {
1731 * For 32 bit environment, there seems to be the CygWin environment and then
1732 * all the others that try to do the same thing Microsoft does...
1734 -# if defined(OPENSSL_SYSNAME_UWIN)
1736 + * UEFI lives here because it might be built with a Microsoft toolchain and
1737 + * we need to avoid the false positive match on Windows.
1739 +# if defined(OPENSSL_SYSNAME_UEFI)
1740 +# undef OPENSSL_SYS_UNIX
1741 +# define OPENSSL_SYS_UEFI
1742 +# elif defined(OPENSSL_SYSNAME_UWIN)
1743 # undef OPENSSL_SYS_UNIX
1744 # define OPENSSL_SYS_WIN32_UWIN
1746 diff --git a/engines/ccgost/e_gost_err.h b/engines/ccgost/e_gost_err.h
1747 index a2018ec..9eacdcf 100644
1748 --- a/engines/ccgost/e_gost_err.h
1749 +++ b/engines/ccgost/e_gost_err.h
1750 @@ -67,7 +67,7 @@ extern "C" {
1751 void ERR_load_GOST_strings(void);
1752 void ERR_unload_GOST_strings(void);
1753 void ERR_GOST_error(int function, int reason, char *file, int line);
1754 -# define GOSTerr(f,r) ERR_GOST_error((f),(r),__FILE__,__LINE__)
1755 +# define GOSTerr(f,r) ERR_GOST_error((f),(r),OPENSSL_FILE,OPENSSL_LINE)
1757 /* Error codes for the GOST functions. */
1759 diff --git a/engines/e_4758cca_err.h b/engines/e_4758cca_err.h
1760 index 2f29d96..47a2635 100644
1761 --- a/engines/e_4758cca_err.h
1762 +++ b/engines/e_4758cca_err.h
1763 @@ -67,7 +67,7 @@ extern "C" {
1764 static void ERR_load_CCA4758_strings(void);
1765 static void ERR_unload_CCA4758_strings(void);
1766 static void ERR_CCA4758_error(int function, int reason, char *file, int line);
1767 -# define CCA4758err(f,r) ERR_CCA4758_error((f),(r),__FILE__,__LINE__)
1768 +# define CCA4758err(f,r) ERR_CCA4758_error((f),(r),OPENSSL_FILE,OPENSSL_LINE)
1770 /* Error codes for the CCA4758 functions. */
1772 diff --git a/engines/e_aep_err.h b/engines/e_aep_err.h
1773 index 2ed0114..1f8fa5b 100644
1774 --- a/engines/e_aep_err.h
1775 +++ b/engines/e_aep_err.h
1776 @@ -67,7 +67,7 @@ extern "C" {
1777 static void ERR_load_AEPHK_strings(void);
1778 static void ERR_unload_AEPHK_strings(void);
1779 static void ERR_AEPHK_error(int function, int reason, char *file, int line);
1780 -# define AEPHKerr(f,r) ERR_AEPHK_error((f),(r),__FILE__,__LINE__)
1781 +# define AEPHKerr(f,r) ERR_AEPHK_error((f),(r),OPENSSL_FILE,OPENSSL_LINE)
1783 /* Error codes for the AEPHK functions. */
1785 diff --git a/engines/e_atalla_err.h b/engines/e_atalla_err.h
1786 index 7b71eff..d958496 100644
1787 --- a/engines/e_atalla_err.h
1788 +++ b/engines/e_atalla_err.h
1789 @@ -67,7 +67,7 @@ extern "C" {
1790 static void ERR_load_ATALLA_strings(void);
1791 static void ERR_unload_ATALLA_strings(void);
1792 static void ERR_ATALLA_error(int function, int reason, char *file, int line);
1793 -# define ATALLAerr(f,r) ERR_ATALLA_error((f),(r),__FILE__,__LINE__)
1794 +# define ATALLAerr(f,r) ERR_ATALLA_error((f),(r),OPENSSL_FILE,OPENSSL_LINE)
1796 /* Error codes for the ATALLA functions. */
1798 diff --git a/engines/e_capi_err.h b/engines/e_capi_err.h
1799 index b5d06dc..cfe46b1 100644
1800 --- a/engines/e_capi_err.h
1801 +++ b/engines/e_capi_err.h
1802 @@ -67,7 +67,7 @@ extern "C" {
1803 static void ERR_load_CAPI_strings(void);
1804 static void ERR_unload_CAPI_strings(void);
1805 static void ERR_CAPI_error(int function, int reason, char *file, int line);
1806 -# define CAPIerr(f,r) ERR_CAPI_error((f),(r),__FILE__,__LINE__)
1807 +# define CAPIerr(f,r) ERR_CAPI_error((f),(r),OPENSSL_FILE,OPENSSL_LINE)
1809 /* Error codes for the CAPI functions. */
1811 diff --git a/engines/e_chil_err.h b/engines/e_chil_err.h
1812 index d86a4ce..3d961b9 100644
1813 --- a/engines/e_chil_err.h
1814 +++ b/engines/e_chil_err.h
1815 @@ -67,7 +67,7 @@ extern "C" {
1816 static void ERR_load_HWCRHK_strings(void);
1817 static void ERR_unload_HWCRHK_strings(void);
1818 static void ERR_HWCRHK_error(int function, int reason, char *file, int line);
1819 -# define HWCRHKerr(f,r) ERR_HWCRHK_error((f),(r),__FILE__,__LINE__)
1820 +# define HWCRHKerr(f,r) ERR_HWCRHK_error((f),(r),OPENSSL_FILE,OPENSSL_LINE)
1822 /* Error codes for the HWCRHK functions. */
1824 diff --git a/engines/e_cswift_err.h b/engines/e_cswift_err.h
1825 index fde3a82..7c20691 100644
1826 --- a/engines/e_cswift_err.h
1827 +++ b/engines/e_cswift_err.h
1828 @@ -67,7 +67,7 @@ extern "C" {
1829 static void ERR_load_CSWIFT_strings(void);
1830 static void ERR_unload_CSWIFT_strings(void);
1831 static void ERR_CSWIFT_error(int function, int reason, char *file, int line);
1832 -# define CSWIFTerr(f,r) ERR_CSWIFT_error((f),(r),__FILE__,__LINE__)
1833 +# define CSWIFTerr(f,r) ERR_CSWIFT_error((f),(r),OPENSSL_FILE,OPENSSL_LINE)
1835 /* Error codes for the CSWIFT functions. */
1837 diff --git a/engines/e_gmp_err.h b/engines/e_gmp_err.h
1838 index 637abbc..ccaf3da 100644
1839 --- a/engines/e_gmp_err.h
1840 +++ b/engines/e_gmp_err.h
1841 @@ -67,7 +67,7 @@ extern "C" {
1842 static void ERR_load_GMP_strings(void);
1843 static void ERR_unload_GMP_strings(void);
1844 static void ERR_GMP_error(int function, int reason, char *file, int line);
1845 -# define GMPerr(f,r) ERR_GMP_error((f),(r),__FILE__,__LINE__)
1846 +# define GMPerr(f,r) ERR_GMP_error((f),(r),OPENSSL_FILE,OPENSSL_LINE)
1848 /* Error codes for the GMP functions. */
1850 diff --git a/engines/e_nuron_err.h b/engines/e_nuron_err.h
1851 index aa7849c..e607d3e 100644
1852 --- a/engines/e_nuron_err.h
1853 +++ b/engines/e_nuron_err.h
1854 @@ -67,7 +67,7 @@ extern "C" {
1855 static void ERR_load_NURON_strings(void);
1856 static void ERR_unload_NURON_strings(void);
1857 static void ERR_NURON_error(int function, int reason, char *file, int line);
1858 -# define NURONerr(f,r) ERR_NURON_error((f),(r),__FILE__,__LINE__)
1859 +# define NURONerr(f,r) ERR_NURON_error((f),(r),OPENSSL_FILE,OPENSSL_LINE)
1861 /* Error codes for the NURON functions. */
1863 diff --git a/engines/e_sureware_err.h b/engines/e_sureware_err.h
1864 index bef8623..54f2848 100644
1865 --- a/engines/e_sureware_err.h
1866 +++ b/engines/e_sureware_err.h
1867 @@ -68,7 +68,7 @@ static void ERR_load_SUREWARE_strings(void);
1868 static void ERR_unload_SUREWARE_strings(void);
1869 static void ERR_SUREWARE_error(int function, int reason, char *file,
1871 -# define SUREWAREerr(f,r) ERR_SUREWARE_error((f),(r),__FILE__,__LINE__)
1872 +# define SUREWAREerr(f,r) ERR_SUREWARE_error((f),(r),OPENSSL_FILE,OPENSSL_LINE)
1874 /* Error codes for the SUREWARE functions. */
1876 diff --git a/engines/e_ubsec_err.h b/engines/e_ubsec_err.h
1877 index c8aec7c..67110ed 100644
1878 --- a/engines/e_ubsec_err.h
1879 +++ b/engines/e_ubsec_err.h
1880 @@ -67,7 +67,7 @@ extern "C" {
1881 static void ERR_load_UBSEC_strings(void);
1882 static void ERR_unload_UBSEC_strings(void);
1883 static void ERR_UBSEC_error(int function, int reason, char *file, int line);
1884 -# define UBSECerr(f,r) ERR_UBSEC_error((f),(r),__FILE__,__LINE__)
1885 +# define UBSECerr(f,r) ERR_UBSEC_error((f),(r),OPENSSL_FILE,OPENSSL_LINE)
1887 /* Error codes for the UBSEC functions. */
1889 diff --git a/makevms.com b/makevms.com
1890 index f6b3ff2..1dcbe36 100755
1893 @@ -293,6 +293,7 @@ $ CONFIG_LOGICALS := AES,-
1901 diff --git a/ssl/d1_both.c b/ssl/d1_both.c
1902 index d1fc716..d5f661a 100644
1905 @@ -1053,7 +1053,7 @@ int dtls1_send_change_cipher_spec(SSL *s, int a, int b)
1906 int dtls1_read_failed(SSL *s, int code)
1909 - fprintf(stderr, "invalid state reached %s:%d", __FILE__, __LINE__);
1910 + fprintf(stderr, "dtls1_read_failed(); invalid state reached\n");
1914 diff --git a/ssl/ssl_asn1.c b/ssl/ssl_asn1.c
1915 index 35cc27c..a1f5335 100644
1916 --- a/ssl/ssl_asn1.c
1917 +++ b/ssl/ssl_asn1.c
1918 @@ -418,7 +418,7 @@ SSL_SESSION *d2i_SSL_SESSION(SSL_SESSION **a, const unsigned char **pp,
1919 if (ssl_version == SSL2_VERSION) {
1920 if (os.length != 3) {
1921 c.error = SSL_R_CIPHER_CODE_WRONG_LENGTH;
1922 - c.line = __LINE__;
1923 + c.line = OPENSSL_LINE;
1927 @@ -429,14 +429,14 @@ SSL_SESSION *d2i_SSL_SESSION(SSL_SESSION **a, const unsigned char **pp,
1928 || ssl_version == DTLS1_BAD_VER) {
1929 if (os.length != 2) {
1930 c.error = SSL_R_CIPHER_CODE_WRONG_LENGTH;
1931 - c.line = __LINE__;
1932 + c.line = OPENSSL_LINE;
1936 ((unsigned long)os.data[0] << 8L) | (unsigned long)os.data[1];
1938 c.error = SSL_R_UNKNOWN_SSL_VERSION;
1939 - c.line = __LINE__;
1940 + c.line = OPENSSL_LINE;
1944 @@ -526,7 +526,7 @@ SSL_SESSION *d2i_SSL_SESSION(SSL_SESSION **a, const unsigned char **pp,
1945 if (os.data != NULL) {
1946 if (os.length > SSL_MAX_SID_CTX_LENGTH) {
1947 c.error = SSL_R_BAD_LENGTH;
1948 - c.line = __LINE__;
1949 + c.line = OPENSSL_LINE;
1952 ret->sid_ctx_length = os.length;
1953 diff --git a/ssl/ssl_cert.c b/ssl/ssl_cert.c
1954 index a73f866..d534c0a 100644
1955 --- a/ssl/ssl_cert.c
1956 +++ b/ssl/ssl_cert.c
1957 @@ -855,12 +855,13 @@ int SSL_CTX_add_client_CA(SSL_CTX *ctx, X509 *x)
1958 return (add_client_CA(&(ctx->client_CA), x));
1961 +#ifndef OPENSSL_NO_STDIO
1963 static int xname_cmp(const X509_NAME *const *a, const X509_NAME *const *b)
1965 return (X509_NAME_cmp(*a, *b));
1968 -#ifndef OPENSSL_NO_STDIO
1970 * Load CA certs from a file into a ::STACK. Note that it is somewhat misnamed;
1971 * it doesn't really have anything to do with clients (except that a common use
1972 @@ -928,7 +929,6 @@ STACK_OF(X509_NAME) *SSL_load_client_CA_file(const char *file)
1979 * Add a file of certs to a stack.
1980 @@ -1048,6 +1048,7 @@ int SSL_add_dir_cert_subjects_to_stack(STACK_OF(X509_NAME) *stack,
1981 CRYPTO_w_unlock(CRYPTO_LOCK_READDIR);
1984 +#endif /* !OPENSSL_NO_STDIO */
1986 /* Add a certificate to a BUF_MEM structure */
1988 diff --git a/ssl/ssl_conf.c b/ssl/ssl_conf.c
1989 index 5478840..c2ad7c9 100644
1990 --- a/ssl/ssl_conf.c
1991 +++ b/ssl/ssl_conf.c
1992 @@ -362,6 +362,7 @@ static int cmd_Options(SSL_CONF_CTX *cctx, const char *value)
1993 return CONF_parse_list(value, ',', 1, ssl_set_option_list, cctx);
1996 +#ifndef OPENSSL_NO_STDIO
1997 static int cmd_Certificate(SSL_CONF_CTX *cctx, const char *value)
2000 @@ -428,7 +429,9 @@ static int cmd_DHParameters(SSL_CONF_CTX *cctx, const char *value)
2005 +#endif /* !OPENSSL_NO_DH */
2006 +#endif /* !OPENSSL_NO_STDIO */
2009 int (*cmd) (SSL_CONF_CTX *cctx, const char *value);
2010 const char *str_file;
2011 @@ -454,12 +457,14 @@ static const ssl_conf_cmd_tbl ssl_conf_cmds[] = {
2012 SSL_CONF_CMD_STRING(CipherString, "cipher"),
2013 SSL_CONF_CMD_STRING(Protocol, NULL),
2014 SSL_CONF_CMD_STRING(Options, NULL),
2015 +#ifndef OPENSSL_NO_STDIO
2016 SSL_CONF_CMD(Certificate, "cert", SSL_CONF_TYPE_FILE),
2017 SSL_CONF_CMD(PrivateKey, "key", SSL_CONF_TYPE_FILE),
2018 SSL_CONF_CMD(ServerInfoFile, NULL, SSL_CONF_TYPE_FILE),
2019 #ifndef OPENSSL_NO_DH
2020 SSL_CONF_CMD(DHParameters, "dhparam", SSL_CONF_TYPE_FILE)
2025 static int ssl_conf_cmd_skip_prefix(SSL_CONF_CTX *cctx, const char **pcmd)
2026 diff --git a/ssl/t1_enc.c b/ssl/t1_enc.c
2027 index 514fcb3..2a54cc9 100644
2030 @@ -780,9 +780,7 @@ int tls1_enc(SSL *s, int send)
2031 * we can't write into the input stream: Can this ever
2035 - "%s:%d: rec->data != rec->input\n",
2036 - __FILE__, __LINE__);
2037 + fprintf(stderr, "tls1_enc: rec->data != rec->input\n");
2038 else if (RAND_bytes(rec->input, ivlen) <= 0)
2041 diff --git a/test/cms-test.pl b/test/cms-test.pl
2042 index baa3b59..1ee3f02 100644
2043 --- a/test/cms-test.pl
2044 +++ b/test/cms-test.pl
2045 @@ -100,6 +100,13 @@ my $no_ec2m;
2047 my $ossl8 = `$ossl_path version -v` =~ /0\.9\.8/;
2049 +system ("$ossl_path no-cms > $null_path");
2052 + print "CMS disabled\n";
2056 system ("$ossl_path no-ec > $null_path");
2059 diff --git a/util/libeay.num b/util/libeay.num
2060 index 7f7487d..13b2e3a 100755
2061 --- a/util/libeay.num
2062 +++ b/util/libeay.num
2063 @@ -4368,7 +4368,7 @@ DH_compute_key_padded 4732 EXIST::FUNCTION:DH
2064 ECDSA_METHOD_set_sign 4733 EXIST::FUNCTION:ECDSA
2065 CMS_RecipientEncryptedKey_cert_cmp 4734 EXIST:!VMS:FUNCTION:CMS
2066 CMS_RecipEncryptedKey_cert_cmp 4734 EXIST:VMS:FUNCTION:CMS
2067 -DH_KDF_X9_42 4735 EXIST::FUNCTION:DH
2068 +DH_KDF_X9_42 4735 EXIST::FUNCTION:CMS,DH
2069 RSA_OAEP_PARAMS_free 4736 EXIST::FUNCTION:RSA
2070 EVP_des_ede3_wrap 4737 EXIST::FUNCTION:DES
2071 RSA_OAEP_PARAMS_it 4738 EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:RSA
2072 diff --git a/util/mkdef.pl b/util/mkdef.pl
2073 index c57c7f7..d4c3386 100755
2076 @@ -97,6 +97,8 @@ my @known_algorithms = ( "RC2", "RC4", "RC5", "IDEA", "DES", "BF",
2077 "FP_API", "STDIO", "SOCK", "KRB5", "DGRAM",
2079 "STATIC_ENGINE", "ENGINE", "HW", "GMP",
2080 + # X.509v3 Signed Certificate Timestamps
2085 @@ -142,7 +144,7 @@ my $no_md2; my $no_md4; my $no_md5; my $no_sha; my $no_ripemd; my $no_mdc2;
2086 my $no_rsa; my $no_dsa; my $no_dh; my $no_hmac=0; my $no_aes; my $no_krb5;
2087 my $no_ec; my $no_ecdsa; my $no_ecdh; my $no_engine; my $no_hw;
2088 my $no_fp_api; my $no_static_engine=1; my $no_gmp; my $no_deprecated;
2089 -my $no_rfc3779; my $no_psk; my $no_tlsext; my $no_cms; my $no_capieng;
2090 +my $no_sct; my $no_rfc3779; my $no_psk; my $no_tlsext; my $no_cms; my $no_capieng;
2091 my $no_jpake; my $no_srp; my $no_ssl2; my $no_ec2m; my $no_nistp_gcc;
2092 my $no_nextprotoneg; my $no_sctp; my $no_srtp; my $no_ssl_trace;
2093 my $no_unit_test; my $no_ssl3_method;
2094 @@ -233,6 +235,7 @@ foreach (@ARGV, split(/ /, $options))
2095 elsif (/^no-engine$/) { $no_engine=1; }
2096 elsif (/^no-hw$/) { $no_hw=1; }
2097 elsif (/^no-gmp$/) { $no_gmp=1; }
2098 + elsif (/^no-sct$/) { $no_sct=1; }
2099 elsif (/^no-rfc3779$/) { $no_rfc3779=1; }
2100 elsif (/^no-tlsext$/) { $no_tlsext=1; }
2101 elsif (/^no-cms$/) { $no_cms=1; }
2102 @@ -1206,6 +1209,7 @@ sub is_valid
2103 if ($keyword eq "FP_API" && $no_fp_api) { return 0; }
2104 if ($keyword eq "STATIC_ENGINE" && $no_static_engine) { return 0; }
2105 if ($keyword eq "GMP" && $no_gmp) { return 0; }
2106 + if ($keyword eq "SCT" && $no_sct) { return 0; }
2107 if ($keyword eq "RFC3779" && $no_rfc3779) { return 0; }
2108 if ($keyword eq "TLSEXT" && $no_tlsext) { return 0; }
2109 if ($keyword eq "PSK" && $no_psk) { return 0; }
2110 diff --git a/util/mkerr.pl b/util/mkerr.pl
2111 index 09ebebe..cd57ade 100644
2114 @@ -89,7 +89,7 @@ Options:
2115 void ERR_load_<LIB>_strings(void);
2116 void ERR_unload_<LIB>_strings(void);
2117 void ERR_<LIB>_error(int f, int r, char *fn, int ln);
2118 - #define <LIB>err(f,r) ERR_<LIB>_error(f,r,__FILE__,__LINE__)
2119 + #define <LIB>err(f,r) ERR_<LIB>_error(f,r,OPENSSL_FILE,OPENSSL_LINE)
2120 while the code facilitates the use of these in an environment
2121 where the error support routines are dynamically loaded at
2123 @@ -474,7 +474,7 @@ EOF
2124 ${staticloader}void ERR_load_${lib}_strings(void);
2125 ${staticloader}void ERR_unload_${lib}_strings(void);
2126 ${staticloader}void ERR_${lib}_error(int function, int reason, char *file, int line);
2127 -# define ${lib}err(f,r) ERR_${lib}_error((f),(r),__FILE__,__LINE__)
2128 +# define ${lib}err(f,r) ERR_${lib}_error((f),(r),OPENSSL_FILE,OPENSSL_LINE)