1 diff --git a/crypto/bio/bio.h b/crypto/bio/bio.h
2 index 6e2293b..325e5d2 100644
5 @@ -650,10 +650,10 @@ int BIO_asn1_set_suffix(BIO *b, asn1_ps_func *suffix,
6 int BIO_asn1_get_suffix(BIO *b, asn1_ps_func **psuffix,
7 asn1_ps_func **psuffix_free);
9 -# ifndef OPENSSL_NO_FP_API
10 BIO_METHOD *BIO_s_file(void);
11 BIO *BIO_new_file(const char *filename, const char *mode);
12 BIO *BIO_new_fp(FILE *stream, int close_flag);
13 +# ifndef OPENSSL_NO_FP_API
14 # define BIO_s_file_internal BIO_s_file
16 BIO *BIO_new(BIO_METHOD *type);
17 diff --git a/crypto/bio/bss_file.c b/crypto/bio/bss_file.c
18 index bfba93e..4f13d1b 100644
19 --- a/crypto/bio/bss_file.c
20 +++ b/crypto/bio/bss_file.c
21 @@ -467,6 +467,23 @@ static int MS_CALLBACK file_puts(BIO *bp, const char *str)
27 +BIO_METHOD *BIO_s_file(void)
32 +BIO *BIO_new_file(const char *filename, const char *mode)
37 +BIO *BIO_new_fp(FILE *stream, int close_flag)
42 # endif /* OPENSSL_NO_STDIO */
44 #endif /* HEADER_BSS_FILE_C */
45 diff --git a/crypto/crypto.h b/crypto/crypto.h
46 index c450d7a..d6e804e 100644
49 @@ -235,15 +235,15 @@ typedef struct openssl_item_st {
50 # ifndef OPENSSL_NO_LOCKING
51 # ifndef CRYPTO_w_lock
52 # define CRYPTO_w_lock(type) \
53 - CRYPTO_lock(CRYPTO_LOCK|CRYPTO_WRITE,type,__FILE__,__LINE__)
54 + CRYPTO_lock(CRYPTO_LOCK|CRYPTO_WRITE,type,NULL,0)
55 # define CRYPTO_w_unlock(type) \
56 - CRYPTO_lock(CRYPTO_UNLOCK|CRYPTO_WRITE,type,__FILE__,__LINE__)
57 + CRYPTO_lock(CRYPTO_UNLOCK|CRYPTO_WRITE,type,NULL,0)
58 # define CRYPTO_r_lock(type) \
59 - CRYPTO_lock(CRYPTO_LOCK|CRYPTO_READ,type,__FILE__,__LINE__)
60 + CRYPTO_lock(CRYPTO_LOCK|CRYPTO_READ,type,NULL,0)
61 # define CRYPTO_r_unlock(type) \
62 - CRYPTO_lock(CRYPTO_UNLOCK|CRYPTO_READ,type,__FILE__,__LINE__)
63 + CRYPTO_lock(CRYPTO_UNLOCK|CRYPTO_READ,type,NULL,0)
64 # define CRYPTO_add(addr,amount,type) \
65 - CRYPTO_add_lock(addr,amount,type,__FILE__,__LINE__)
66 + CRYPTO_add_lock(addr,amount,type,NULL,0)
69 # define CRYPTO_w_lock(a)
70 @@ -378,19 +378,19 @@ int CRYPTO_is_mem_check_on(void);
71 # define MemCheck_off() CRYPTO_mem_ctrl(CRYPTO_MEM_CHECK_DISABLE)
72 # define is_MemCheck_on() CRYPTO_is_mem_check_on()
74 -# define OPENSSL_malloc(num) CRYPTO_malloc((int)num,__FILE__,__LINE__)
75 -# define OPENSSL_strdup(str) CRYPTO_strdup((str),__FILE__,__LINE__)
76 +# define OPENSSL_malloc(num) CRYPTO_malloc((int)num,NULL,0)
77 +# define OPENSSL_strdup(str) CRYPTO_strdup((str),NULL,0)
78 # define OPENSSL_realloc(addr,num) \
79 - CRYPTO_realloc((char *)addr,(int)num,__FILE__,__LINE__)
80 + CRYPTO_realloc((char *)addr,(int)num,NULL,0)
81 # define OPENSSL_realloc_clean(addr,old_num,num) \
82 - CRYPTO_realloc_clean(addr,old_num,num,__FILE__,__LINE__)
83 + CRYPTO_realloc_clean(addr,old_num,num,NULL,0)
84 # define OPENSSL_remalloc(addr,num) \
85 - CRYPTO_remalloc((char **)addr,(int)num,__FILE__,__LINE__)
86 + CRYPTO_remalloc((char **)addr,(int)num,NULL,0)
87 # define OPENSSL_freeFunc CRYPTO_free
88 # define OPENSSL_free(addr) CRYPTO_free(addr)
90 # define OPENSSL_malloc_locked(num) \
91 - CRYPTO_malloc_locked((int)num,__FILE__,__LINE__)
92 + CRYPTO_malloc_locked((int)num,NULL,0)
93 # define OPENSSL_free_locked(addr) CRYPTO_free_locked(addr)
95 const char *SSLeay_version(int type);
96 @@ -545,7 +545,7 @@ void CRYPTO_set_mem_debug_options(long bits);
97 long CRYPTO_get_mem_debug_options(void);
99 # define CRYPTO_push_info(info) \
100 - CRYPTO_push_info_(info, __FILE__, __LINE__);
101 + CRYPTO_push_info_(info, NULL, 0);
102 int CRYPTO_push_info_(const char *info, const char *file, int line);
103 int CRYPTO_pop_info(void);
104 int CRYPTO_remove_all_info(void);
105 @@ -588,7 +588,7 @@ void CRYPTO_mem_leaks_cb(CRYPTO_MEM_LEAK_CB *cb);
107 /* die if we have to */
108 void OpenSSLDie(const char *file, int line, const char *assertion);
109 -# define OPENSSL_assert(e) (void)((e) ? 0 : (OpenSSLDie(__FILE__, __LINE__, #e),1))
110 +# define OPENSSL_assert(e) (void)((e) ? 0 : (OpenSSLDie(NULL, 0, #e),1))
112 unsigned long *OPENSSL_ia32cap_loc(void);
113 # define OPENSSL_ia32cap (*(OPENSSL_ia32cap_loc()))
114 @@ -605,14 +605,14 @@ void OPENSSL_init(void);
115 # define fips_md_init_ctx(alg, cx) \
116 int alg##_Init(cx##_CTX *c) \
118 - if (FIPS_mode()) OpenSSLDie(__FILE__, __LINE__, \
119 + if (FIPS_mode()) OpenSSLDie(NULL, 0, \
120 "Low level API call to digest " #alg " forbidden in FIPS mode!"); \
121 return private_##alg##_Init(c); \
123 int private_##alg##_Init(cx##_CTX *c)
125 # define fips_cipher_abort(alg) \
126 - if (FIPS_mode()) OpenSSLDie(__FILE__, __LINE__, \
127 + if (FIPS_mode()) OpenSSLDie(NULL, 0, \
128 "Low level API call to cipher " #alg " forbidden in FIPS mode!")
131 diff --git a/crypto/dh/dh_pmeth.c b/crypto/dh/dh_pmeth.c
132 index b58e3fa..e5f345a 100644
133 --- a/crypto/dh/dh_pmeth.c
134 +++ b/crypto/dh/dh_pmeth.c
135 @@ -449,6 +449,9 @@ static int pkey_dh_derive(EVP_PKEY_CTX *ctx, unsigned char *key,
138 } else if (dctx->kdf_type == EVP_PKEY_DH_KDF_X9_42) {
139 +#ifdef OPENSSL_NO_CMS
142 unsigned char *Z = NULL;
144 if (!dctx->kdf_outlen || !dctx->kdf_oid)
145 @@ -478,6 +481,7 @@ static int pkey_dh_derive(EVP_PKEY_CTX *ctx, unsigned char *key,
153 diff --git a/crypto/pem/pem.h b/crypto/pem/pem.h
154 index d3b23fc..d61605b 100644
155 --- a/crypto/pem/pem.h
156 +++ b/crypto/pem/pem.h
157 @@ -324,6 +324,7 @@ int PEM_write_bio_##name(BIO *bp, type *x, const EVP_CIPHER *enc, \
159 # define DECLARE_PEM_read_fp(name, type) /**/
160 # define DECLARE_PEM_write_fp(name, type) /**/
161 +# define DECLARE_PEM_write_fp_const(name, type) /**/
162 # define DECLARE_PEM_write_cb_fp(name, type) /**/
165 diff --git a/crypto/pkcs7/pk7_smime.c b/crypto/pkcs7/pk7_smime.c
166 index c4d3724..fd531c9 100644
167 --- a/crypto/pkcs7/pk7_smime.c
168 +++ b/crypto/pkcs7/pk7_smime.c
169 @@ -254,7 +254,8 @@ int PKCS7_verify(PKCS7 *p7, STACK_OF(X509) *certs, X509_STORE *store,
170 STACK_OF(PKCS7_SIGNER_INFO) *sinfos;
171 PKCS7_SIGNER_INFO *si;
172 X509_STORE_CTX cert_ctx;
176 int i, j = 0, k, ret = 0;
178 BIO *tmpin = NULL, *tmpout = NULL;
179 @@ -274,12 +275,29 @@ int PKCS7_verify(PKCS7 *p7, STACK_OF(X509) *certs, X509_STORE *store,
180 PKCS7err(PKCS7_F_PKCS7_VERIFY, PKCS7_R_NO_CONTENT);
185 + * NB: this test commented out because some versions of Netscape
186 + * illegally include zero length content when signing data. Also
187 + * Microsoft Authenticode includes a SpcIndirectDataContent data
188 + * structure which describes the content to be protected by the
189 + * signature, rather than directly embedding that content. So
190 + * Authenticode implementations are also expected to use
191 + * PKCS7_verify() with explicit external data, on non-detached
192 + * PKCS#7 signatures.
194 + * In OpenSSL 1.1 a new flag PKCS7_NO_DUAL_CONTENT has been
195 + * introduced to disable this sanity check. For the 1.0.2 branch
196 + * this change is not acceptable, so the check remains completely
197 + * commented out (as it has been for a long time).
200 /* Check for data and content: two sets of data */
201 if (!PKCS7_get_detached(p7) && indata) {
202 PKCS7err(PKCS7_F_PKCS7_VERIFY, PKCS7_R_CONTENT_AND_DATA_PRESENT);
207 sinfos = PKCS7_get_signer_info(p7);
209 @@ -355,9 +373,14 @@ int PKCS7_verify(PKCS7 *p7, STACK_OF(X509) *certs, X509_STORE *store,
214 + buf = OPENSSL_malloc(bufsiz);
218 /* We now have to 'read' from p7bio to calculate digests etc. */
220 - i = BIO_read(p7bio, buf, sizeof(buf));
221 + i = BIO_read(p7bio, buf, bufsiz);
225 @@ -394,6 +417,9 @@ int PKCS7_verify(PKCS7 *p7, STACK_OF(X509) *certs, X509_STORE *store,
228 sk_X509_free(signers);
235 diff --git a/crypto/rand/rand_unix.c b/crypto/rand/rand_unix.c
236 index 266111e..f60fac6 100644
237 --- a/crypto/rand/rand_unix.c
238 +++ b/crypto/rand/rand_unix.c
240 #include <openssl/rand.h>
241 #include "rand_lcl.h"
243 -#if !(defined(OPENSSL_SYS_WINDOWS) || defined(OPENSSL_SYS_WIN32) || defined(OPENSSL_SYS_VMS) || defined(OPENSSL_SYS_OS2) || defined(OPENSSL_SYS_VXWORKS) || defined(OPENSSL_SYS_NETWARE))
244 +#if !(defined(OPENSSL_SYS_WINDOWS) || defined(OPENSSL_SYS_WIN32) || defined(OPENSSL_SYS_VMS) || defined(OPENSSL_SYS_OS2) || defined(OPENSSL_SYS_VXWORKS) || defined(OPENSSL_SYS_NETWARE) || defined(OPENSSL_SYS_UEFI))
246 # include <sys/types.h>
247 # include <sys/time.h>
248 @@ -439,7 +439,7 @@ int RAND_poll(void)
249 * defined(OPENSSL_SYS_VXWORKS) ||
250 * defined(OPENSSL_SYS_NETWARE)) */
252 -#if defined(OPENSSL_SYS_VXWORKS)
253 +#if defined(OPENSSL_SYS_VXWORKS) || defined(OPENSSL_SYS_UEFI)
257 diff --git a/crypto/rsa/rsa_ameth.c b/crypto/rsa/rsa_ameth.c
258 index 4e06218..f591f0f 100644
259 --- a/crypto/rsa/rsa_ameth.c
260 +++ b/crypto/rsa/rsa_ameth.c
263 #include "asn1_locl.h"
265 +#ifndef OPENSSL_NO_CMS
266 static int rsa_cms_sign(CMS_SignerInfo *si);
267 static int rsa_cms_verify(CMS_SignerInfo *si);
268 static int rsa_cms_decrypt(CMS_RecipientInfo *ri);
269 static int rsa_cms_encrypt(CMS_RecipientInfo *ri);
272 static int rsa_pub_encode(X509_PUBKEY *pk, const EVP_PKEY *pkey)
274 @@ -665,6 +667,7 @@ static int rsa_pss_to_ctx(EVP_MD_CTX *ctx, EVP_PKEY_CTX *pkctx,
278 +#ifndef OPENSSL_NO_CMS
279 static int rsa_cms_verify(CMS_SignerInfo *si)
282 @@ -683,6 +686,7 @@ static int rsa_cms_verify(CMS_SignerInfo *si)
289 * Customised RSA item verification routine. This is called when a signature
290 @@ -705,6 +709,7 @@ static int rsa_item_verify(EVP_MD_CTX *ctx, const ASN1_ITEM *it, void *asn,
294 +#ifndef OPENSSL_NO_CMS
295 static int rsa_cms_sign(CMS_SignerInfo *si)
297 int pad_mode = RSA_PKCS1_PADDING;
298 @@ -729,6 +734,7 @@ static int rsa_cms_sign(CMS_SignerInfo *si)
299 X509_ALGOR_set0(alg, OBJ_nid2obj(NID_rsassaPss), V_ASN1_SEQUENCE, os);
304 static int rsa_item_sign(EVP_MD_CTX *ctx, const ASN1_ITEM *it, void *asn,
305 X509_ALGOR *alg1, X509_ALGOR *alg2,
306 @@ -785,6 +791,7 @@ static RSA_OAEP_PARAMS *rsa_oaep_decode(const X509_ALGOR *alg,
310 +#ifndef OPENSSL_NO_CMS
311 static int rsa_cms_decrypt(CMS_RecipientInfo *ri)
314 @@ -857,7 +864,9 @@ static int rsa_cms_decrypt(CMS_RecipientInfo *ri)
315 X509_ALGOR_free(maskHash);
320 +#ifndef OPENSSL_NO_CMS
321 static int rsa_cms_encrypt(CMS_RecipientInfo *ri)
323 const EVP_MD *md, *mgf1md;
324 @@ -920,6 +929,7 @@ static int rsa_cms_encrypt(CMS_RecipientInfo *ri)
325 ASN1_STRING_free(os);
330 const EVP_PKEY_ASN1_METHOD rsa_asn1_meths[] = {
332 diff --git a/crypto/x509/x509_vfy.c b/crypto/x509/x509_vfy.c
333 index 0429767..7ddc21c 100644
334 --- a/crypto/x509/x509_vfy.c
335 +++ b/crypto/x509/x509_vfy.c
336 @@ -940,6 +940,8 @@ static int check_crl_time(X509_STORE_CTX *ctx, X509_CRL *crl, int notify)
337 ctx->current_crl = crl;
338 if (ctx->param->flags & X509_V_FLAG_USE_CHECK_TIME)
339 ptime = &ctx->param->check_time;
340 + else if (ctx->param->flags & X509_V_FLAG_NO_CHECK_TIME)
345 @@ -1663,6 +1665,8 @@ static int check_cert_time(X509_STORE_CTX *ctx, X509 *x)
347 if (ctx->param->flags & X509_V_FLAG_USE_CHECK_TIME)
348 ptime = &ctx->param->check_time;
349 + else if (ctx->param->flags & X509_V_FLAG_NO_CHECK_TIME)
354 diff --git a/crypto/x509/x509_vfy.h b/crypto/x509/x509_vfy.h
355 index 2663e1c..98d0b4c 100644
356 --- a/crypto/x509/x509_vfy.h
357 +++ b/crypto/x509/x509_vfy.h
358 @@ -438,6 +438,8 @@ void X509_STORE_CTX_set_depth(X509_STORE_CTX *ctx, int depth);
359 * will force the behaviour to match that of previous versions.
361 # define X509_V_FLAG_NO_ALT_CHAINS 0x100000
362 +/* Do not check certificate/CRL validity against current time */
363 +# define X509_V_FLAG_NO_CHECK_TIME 0x200000
365 # define X509_VP_FLAG_DEFAULT 0x1
366 # define X509_VP_FLAG_OVERWRITE 0x2
367 diff --git a/crypto/x509v3/ext_dat.h b/crypto/x509v3/ext_dat.h
368 index c3a6fce..01edd2a 100644
369 --- a/crypto/x509v3/ext_dat.h
370 +++ b/crypto/x509v3/ext_dat.h
371 @@ -127,8 +127,10 @@ static const X509V3_EXT_METHOD *standard_exts[] = {
375 +#ifndef OPENSSL_SYS_UEFI
381 /* Number of standard extensions */
382 diff --git a/e_os.h b/e_os.h
383 index 1fa36c1..3e9dae2 100644
386 @@ -136,7 +136,7 @@ extern "C" {
390 -# if defined(MSDOS) && !defined(GETPID_IS_MEANINGLESS)
391 +# if (defined(MSDOS) || defined(OPENSSL_SYS_UEFI)) && !defined(GETPID_IS_MEANINGLESS)
392 # define GETPID_IS_MEANINGLESS
395 diff --git a/e_os2.h b/e_os2.h
396 index 7be9989..909e22f 100644
399 @@ -97,7 +97,14 @@ extern "C" {
400 * For 32 bit environment, there seems to be the CygWin environment and then
401 * all the others that try to do the same thing Microsoft does...
403 -# if defined(OPENSSL_SYSNAME_UWIN)
405 + * UEFI lives here because it might be built with a Microsoft toolchain and
406 + * we need to avoid the false positive match on Windows.
408 +# if defined(OPENSSL_SYSNAME_UEFI)
409 +# undef OPENSSL_SYS_UNIX
410 +# define OPENSSL_SYS_UEFI
411 +# elif defined(OPENSSL_SYSNAME_UWIN)
412 # undef OPENSSL_SYS_UNIX
413 # define OPENSSL_SYS_WIN32_UWIN