diff --git a/Configure b/Configure index c39f71a..98dd1d0 100755 --- a/Configure +++ b/Configure @@ -609,6 +609,9 @@ my %table=( # with itself, Applink is never engaged and can as well be omitted. "mingw64", "gcc:-mno-cygwin -DL_ENDIAN -O3 -Wall -DWIN32_LEAN_AND_MEAN -DUNICODE -D_UNICODE::-D_MT:MINGW64:-lws2_32 -lgdi32 -lcrypt32:SIXTY_FOUR_BIT RC4_CHUNK_LL DES_INT EXPORT_VAR_AS_FN:${x86_64_asm}:mingw64:win32:cygwin-shared:-D_WINDLL:-mno-cygwin:.dll.a", +# UEFI +"UEFI", "cc:-DL_ENDIAN -O:::UEFI::::", + # UWIN "UWIN", "cc:-DTERMIOS -DL_ENDIAN -O -Wall:::UWIN::BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${no_asm}:win32", @@ -1083,7 +1086,7 @@ if (defined($disabled{"md5"}) || defined($disabled{"sha"}) } if (defined($disabled{"ec"}) || defined($disabled{"dsa"}) - || defined($disabled{"dh"})) + || defined($disabled{"dh"}) || defined($disabled{"stdio"})) { $disabled{"gost"} = "forced"; } diff --git a/apps/apps.c b/apps/apps.c index 9fdc3e0..6c183b0 100644 --- a/apps/apps.c +++ b/apps/apps.c @@ -2375,6 +2375,8 @@ int args_verify(char ***pargs, int *pargc, flags |= X509_V_FLAG_PARTIAL_CHAIN; else if (!strcmp(arg, "-no_alt_chains")) flags |= X509_V_FLAG_NO_ALT_CHAINS; + else if (!strcmp(arg, "-no_check_time")) + flags |= X509_V_FLAG_NO_CHECK_TIME; else if (!strcmp(arg, "-allow_proxy_certs")) flags |= X509_V_FLAG_ALLOW_PROXY_CERTS; else diff --git a/crypto/asn1/a_strex.c b/crypto/asn1/a_strex.c index 2d562f9..91203b7 100644 --- a/crypto/asn1/a_strex.c +++ b/crypto/asn1/a_strex.c @@ -104,6 +104,7 @@ static int send_bio_chars(void *arg, const void *buf, int len) return 1; } +#ifndef OPENSSL_NO_FP_API static int send_fp_chars(void *arg, const void *buf, int len) { if (!arg) @@ -112,6 +113,7 @@ static int send_fp_chars(void *arg, const void *buf, int len) return 0; return 1; } +#endif typedef int char_io (void *arg, const void *buf, int len); diff --git a/crypto/asn1/asn1_mac.h b/crypto/asn1/asn1_mac.h index abc6dc3..3a672e9 100644 --- a/crypto/asn1/asn1_mac.h +++ b/crypto/asn1/asn1_mac.h @@ -70,7 +70,7 @@ extern "C" { # endif # define ASN1_MAC_H_err(f,r,line) \ - ERR_PUT_error(ASN1_MAC_ERR_LIB,(f),(r),__FILE__,(line)) + ERR_PUT_error(ASN1_MAC_ERR_LIB,(f),(r),OPENSSL_FILE,(line)) # define M_ASN1_D2I_vars(a,type,func) \ ASN1_const_CTX c; \ @@ -81,7 +81,7 @@ extern "C" { c.error=ERR_R_NESTED_ASN1_ERROR; \ if ((a == NULL) || ((*a) == NULL)) \ { if ((ret=(type)func()) == NULL) \ - { c.line=__LINE__; goto err; } } \ + { c.line=OPENSSL_LINE; goto err; } } \ else ret=(*a); # define M_ASN1_D2I_Init() \ @@ -90,7 +90,7 @@ extern "C" { # define M_ASN1_D2I_Finish_2(a) \ if (!asn1_const_Finish(&c)) \ - { c.line=__LINE__; goto err; } \ + { c.line=OPENSSL_LINE; goto err; } \ *(const unsigned char **)pp=c.p; \ if (a != NULL) (*a)=ret; \ return(ret); @@ -105,7 +105,7 @@ err:\ # define M_ASN1_D2I_start_sequence() \ if (!asn1_GetSequence(&c,&length)) \ - { c.line=__LINE__; goto err; } + { c.line=OPENSSL_LINE; goto err; } /* Begin reading ASN1 without a surrounding sequence */ # define M_ASN1_D2I_begin() \ c.slen = length; @@ -129,21 +129,21 @@ err:\ # define M_ASN1_D2I_get(b, func) \ c.q=c.p; \ if (func(&(b),&c.p,c.slen) == NULL) \ - {c.line=__LINE__; goto err; } \ + {c.line=OPENSSL_LINE; goto err; } \ c.slen-=(c.p-c.q); /* Don't use this with d2i_ASN1_BOOLEAN() */ # define M_ASN1_D2I_get_x(type,b,func) \ c.q=c.p; \ if (((D2I_OF(type))func)(&(b),&c.p,c.slen) == NULL) \ - {c.line=__LINE__; goto err; } \ + {c.line=OPENSSL_LINE; goto err; } \ c.slen-=(c.p-c.q); /* use this instead () */ # define M_ASN1_D2I_get_int(b,func) \ c.q=c.p; \ if (func(&(b),&c.p,c.slen) < 0) \ - {c.line=__LINE__; goto err; } \ + {c.line=OPENSSL_LINE; goto err; } \ c.slen-=(c.p-c.q); # define M_ASN1_D2I_get_opt(b,func,type) \ @@ -164,7 +164,7 @@ err:\ M_ASN1_next=(_tmp& V_ASN1_CONSTRUCTED)|type; \ c.q=c.p; \ if (func(&(b),&c.p,c.slen) == NULL) \ - {c.line=__LINE__; M_ASN1_next_prev = _tmp; goto err; } \ + {c.line=OPENSSL_LINE; M_ASN1_next_prev = _tmp; goto err; } \ c.slen-=(c.p-c.q);\ M_ASN1_next_prev=_tmp; @@ -258,20 +258,20 @@ err:\ c.q=c.p; \ if (d2i_ASN1_SET(&(r),&c.p,c.slen,(char *(*)())func,\ (void (*)())free_func,a,b) == NULL) \ - { c.line=__LINE__; goto err; } \ + { c.line=OPENSSL_LINE; goto err; } \ c.slen-=(c.p-c.q); # define M_ASN1_D2I_get_imp_set_type(type,r,func,free_func,a,b) \ c.q=c.p; \ if (d2i_ASN1_SET_OF_##type(&(r),&c.p,c.slen,func,\ free_func,a,b) == NULL) \ - { c.line=__LINE__; goto err; } \ + { c.line=OPENSSL_LINE; goto err; } \ c.slen-=(c.p-c.q); # define M_ASN1_D2I_get_set_strings(r,func,a,b) \ c.q=c.p; \ if (d2i_ASN1_STRING_SET(&(r),&c.p,c.slen,a,b) == NULL) \ - { c.line=__LINE__; goto err; } \ + { c.line=OPENSSL_LINE; goto err; } \ c.slen-=(c.p-c.q); # define M_ASN1_D2I_get_EXP_opt(r,func,tag) \ @@ -285,16 +285,16 @@ err:\ Tinf=ASN1_get_object(&c.p,&Tlen,&Ttag,&Tclass,c.slen); \ if (Tinf & 0x80) \ { c.error=ERR_R_BAD_ASN1_OBJECT_HEADER; \ - c.line=__LINE__; goto err; } \ + c.line=OPENSSL_LINE; goto err; } \ if (Tinf == (V_ASN1_CONSTRUCTED+1)) \ Tlen = c.slen - (c.p - c.q) - 2; \ if (func(&(r),&c.p,Tlen) == NULL) \ - { c.line=__LINE__; goto err; } \ + { c.line=OPENSSL_LINE; goto err; } \ if (Tinf == (V_ASN1_CONSTRUCTED+1)) { \ Tlen = c.slen - (c.p - c.q); \ if(!ASN1_const_check_infinite_end(&c.p, Tlen)) \ { c.error=ERR_R_MISSING_ASN1_EOS; \ - c.line=__LINE__; goto err; } \ + c.line=OPENSSL_LINE; goto err; } \ }\ c.slen-=(c.p-c.q); \ } @@ -310,18 +310,18 @@ err:\ Tinf=ASN1_get_object(&c.p,&Tlen,&Ttag,&Tclass,c.slen); \ if (Tinf & 0x80) \ { c.error=ERR_R_BAD_ASN1_OBJECT_HEADER; \ - c.line=__LINE__; goto err; } \ + c.line=OPENSSL_LINE; goto err; } \ if (Tinf == (V_ASN1_CONSTRUCTED+1)) \ Tlen = c.slen - (c.p - c.q) - 2; \ if (d2i_ASN1_SET(&(r),&c.p,Tlen,(char *(*)())func, \ (void (*)())free_func, \ b,V_ASN1_UNIVERSAL) == NULL) \ - { c.line=__LINE__; goto err; } \ + { c.line=OPENSSL_LINE; goto err; } \ if (Tinf == (V_ASN1_CONSTRUCTED+1)) { \ Tlen = c.slen - (c.p - c.q); \ if(!ASN1_check_infinite_end(&c.p, Tlen)) \ { c.error=ERR_R_MISSING_ASN1_EOS; \ - c.line=__LINE__; goto err; } \ + c.line=OPENSSL_LINE; goto err; } \ }\ c.slen-=(c.p-c.q); \ } @@ -337,17 +337,17 @@ err:\ Tinf=ASN1_get_object(&c.p,&Tlen,&Ttag,&Tclass,c.slen); \ if (Tinf & 0x80) \ { c.error=ERR_R_BAD_ASN1_OBJECT_HEADER; \ - c.line=__LINE__; goto err; } \ + c.line=OPENSSL_LINE; goto err; } \ if (Tinf == (V_ASN1_CONSTRUCTED+1)) \ Tlen = c.slen - (c.p - c.q) - 2; \ if (d2i_ASN1_SET_OF_##type(&(r),&c.p,Tlen,func, \ free_func,b,V_ASN1_UNIVERSAL) == NULL) \ - { c.line=__LINE__; goto err; } \ + { c.line=OPENSSL_LINE; goto err; } \ if (Tinf == (V_ASN1_CONSTRUCTED+1)) { \ Tlen = c.slen - (c.p - c.q); \ if(!ASN1_check_infinite_end(&c.p, Tlen)) \ { c.error=ERR_R_MISSING_ASN1_EOS; \ - c.line=__LINE__; goto err; } \ + c.line=OPENSSL_LINE; goto err; } \ }\ c.slen-=(c.p-c.q); \ } @@ -355,7 +355,7 @@ err:\ /* New macros */ # define M_ASN1_New_Malloc(ret,type) \ if ((ret=(type *)OPENSSL_malloc(sizeof(type))) == NULL) \ - { c.line=__LINE__; goto err2; } + { c.line=OPENSSL_LINE; goto err2; } # define M_ASN1_New(arg,func) \ if (((arg)=func()) == NULL) return(NULL) diff --git a/crypto/asn1/n_pkey.c b/crypto/asn1/n_pkey.c index d5a5514..bede55c 100644 --- a/crypto/asn1/n_pkey.c +++ b/crypto/asn1/n_pkey.c @@ -193,7 +193,12 @@ int i2d_RSA_NET(const RSA *a, unsigned char **pp, OPENSSL_cleanse(pkey->private_key->data, rsalen); if (cb == NULL) +#ifndef OPENSSL_NO_UI cb = EVP_read_pw_string; +#else + i = 1; + else +#endif i = cb((char *)buf, 256, "Enter Private Key password:", 1); if (i != 0) { ASN1err(ASN1_F_I2D_RSA_NET, ASN1_R_BAD_PASSWORD_READ); @@ -264,7 +269,11 @@ RSA *d2i_RSA_NET(RSA **a, const unsigned char **pp, long length, goto err; } if (cb == NULL) +#ifndef OPENSSL_NO_UI cb = EVP_read_pw_string; +#else + goto err; +#endif if ((ret = d2i_RSA_NET_2(a, enckey->enckey->digest, cb, sgckey)) == NULL) goto err; diff --git a/crypto/bn/bn_prime.c b/crypto/bn/bn_prime.c index 1d25687..ad641c3 100644 --- a/crypto/bn/bn_prime.c +++ b/crypto/bn/bn_prime.c @@ -131,7 +131,7 @@ static int witness(BIGNUM *w, const BIGNUM *a, const BIGNUM *a1, const BIGNUM *a1_odd, int k, BN_CTX *ctx, BN_MONT_CTX *mont); -static int probable_prime(BIGNUM *rnd, int bits); +static int probable_prime(BIGNUM *rnd, int bits, prime_t *mods); static int probable_prime_dh(BIGNUM *rnd, int bits, const BIGNUM *add, const BIGNUM *rem, BN_CTX *ctx); @@ -166,9 +166,13 @@ int BN_generate_prime_ex(BIGNUM *ret, int bits, int safe, BIGNUM *t; int found = 0; int i, j, c1 = 0; - BN_CTX *ctx; + BN_CTX *ctx = NULL; + prime_t *mods = NULL; int checks = BN_prime_checks_for_size(bits); + mods = OPENSSL_malloc(sizeof(*mods) * NUMPRIMES); + if (mods == NULL) + goto err; ctx = BN_CTX_new(); if (ctx == NULL) goto err; @@ -179,7 +183,7 @@ int BN_generate_prime_ex(BIGNUM *ret, int bits, int safe, loop: /* make a random number and set the top and bottom bits */ if (add == NULL) { - if (!probable_prime(ret, bits)) + if (!probable_prime(ret, bits, mods)) goto err; } else { if (safe) { @@ -230,6 +234,7 @@ int BN_generate_prime_ex(BIGNUM *ret, int bits, int safe, /* we have a prime :-) */ found = 1; err: + OPENSSL_free(mods); if (ctx != NULL) { BN_CTX_end(ctx); BN_CTX_free(ctx); @@ -375,10 +380,9 @@ static int witness(BIGNUM *w, const BIGNUM *a, const BIGNUM *a1, return 1; } -static int probable_prime(BIGNUM *rnd, int bits) +static int probable_prime(BIGNUM *rnd, int bits, prime_t *mods) { int i; - prime_t mods[NUMPRIMES]; BN_ULONG delta, maxdelta; again: diff --git a/crypto/conf/conf.h b/crypto/conf/conf.h index 8d926d5..c29e97d 100644 --- a/crypto/conf/conf.h +++ b/crypto/conf/conf.h @@ -118,8 +118,10 @@ typedef void conf_finish_func (CONF_IMODULE *md); int CONF_set_default_method(CONF_METHOD *meth); void CONF_set_nconf(CONF *conf, LHASH_OF(CONF_VALUE) *hash); +# ifndef OPENSSL_NO_STDIO LHASH_OF(CONF_VALUE) *CONF_load(LHASH_OF(CONF_VALUE) *conf, const char *file, long *eline); +# endif # ifndef OPENSSL_NO_FP_API LHASH_OF(CONF_VALUE) *CONF_load_fp(LHASH_OF(CONF_VALUE) *conf, FILE *fp, long *eline); @@ -133,7 +135,9 @@ char *CONF_get_string(LHASH_OF(CONF_VALUE) *conf, const char *group, long CONF_get_number(LHASH_OF(CONF_VALUE) *conf, const char *group, const char *name); void CONF_free(LHASH_OF(CONF_VALUE) *conf); +# ifndef OPENSSL_NO_FP_API int CONF_dump_fp(LHASH_OF(CONF_VALUE) *conf, FILE *out); +# endif int CONF_dump_bio(LHASH_OF(CONF_VALUE) *conf, BIO *out); void OPENSSL_config(const char *config_name); @@ -160,7 +164,9 @@ CONF_METHOD *NCONF_XML(void); void NCONF_free(CONF *conf); void NCONF_free_data(CONF *conf); +# ifndef OPENSSL_NO_STDIO int NCONF_load(CONF *conf, const char *file, long *eline); +# endif # ifndef OPENSSL_NO_FP_API int NCONF_load_fp(CONF *conf, FILE *fp, long *eline); # endif @@ -170,7 +176,9 @@ STACK_OF(CONF_VALUE) *NCONF_get_section(const CONF *conf, char *NCONF_get_string(const CONF *conf, const char *group, const char *name); int NCONF_get_number_e(const CONF *conf, const char *group, const char *name, long *result); +# ifndef OPENSSL_NO_FP_API int NCONF_dump_fp(const CONF *conf, FILE *out); +# endif int NCONF_dump_bio(const CONF *conf, BIO *out); # if 0 /* The following function has no error @@ -184,8 +192,10 @@ long NCONF_get_number(CONF *conf, char *group, char *name); int CONF_modules_load(const CONF *cnf, const char *appname, unsigned long flags); +# ifndef OPENSSL_NO_STDIO int CONF_modules_load_file(const char *filename, const char *appname, unsigned long flags); +# endif void CONF_modules_unload(int all); void CONF_modules_finish(void); void CONF_modules_free(void); diff --git a/crypto/conf/conf_def.c b/crypto/conf/conf_def.c index 68c77ce..3d308c7 100644 --- a/crypto/conf/conf_def.c +++ b/crypto/conf/conf_def.c @@ -182,6 +182,10 @@ static int def_destroy_data(CONF *conf) static int def_load(CONF *conf, const char *name, long *line) { +#ifdef OPENSSL_NO_STDIO + CONFerr(CONF_F_DEF_LOAD, ERR_R_SYS_LIB); + return 0; +#else int ret; BIO *in = NULL; @@ -202,6 +206,7 @@ static int def_load(CONF *conf, const char *name, long *line) BIO_free(in); return ret; +#endif } static int def_load_bio(CONF *conf, BIO *in, long *line) diff --git a/crypto/conf/conf_lib.c b/crypto/conf/conf_lib.c index 5281384..952b545 100644 --- a/crypto/conf/conf_lib.c +++ b/crypto/conf/conf_lib.c @@ -90,6 +90,7 @@ int CONF_set_default_method(CONF_METHOD *meth) return 1; } +#ifndef OPENSSL_NO_STDIO LHASH_OF(CONF_VALUE) *CONF_load(LHASH_OF(CONF_VALUE) *conf, const char *file, long *eline) { @@ -111,6 +112,7 @@ LHASH_OF(CONF_VALUE) *CONF_load(LHASH_OF(CONF_VALUE) *conf, const char *file, return ltmp; } +#endif #ifndef OPENSSL_NO_FP_API LHASH_OF(CONF_VALUE) *CONF_load_fp(LHASH_OF(CONF_VALUE) *conf, FILE *fp, @@ -255,6 +257,7 @@ void NCONF_free_data(CONF *conf) conf->meth->destroy_data(conf); } +#ifndef OPENSSL_NO_STDIO int NCONF_load(CONF *conf, const char *file, long *eline) { if (conf == NULL) { @@ -264,6 +267,7 @@ int NCONF_load(CONF *conf, const char *file, long *eline) return conf->meth->load(conf, file, eline); } +#endif #ifndef OPENSSL_NO_FP_API int NCONF_load_fp(CONF *conf, FILE *fp, long *eline) diff --git a/crypto/conf/conf_mod.c b/crypto/conf/conf_mod.c index e0c9a67..13d93ea 100644 --- a/crypto/conf/conf_mod.c +++ b/crypto/conf/conf_mod.c @@ -159,6 +159,7 @@ int CONF_modules_load(const CONF *cnf, const char *appname, } +#ifndef OPENSSL_NO_STDIO int CONF_modules_load_file(const char *filename, const char *appname, unsigned long flags) { @@ -194,6 +195,7 @@ int CONF_modules_load_file(const char *filename, const char *appname, return ret; } +#endif static int module_run(const CONF *cnf, char *name, char *value, unsigned long flags) diff --git a/crypto/conf/conf_sap.c b/crypto/conf/conf_sap.c index c042cf2..a25b636 100644 --- a/crypto/conf/conf_sap.c +++ b/crypto/conf/conf_sap.c @@ -87,9 +87,11 @@ void OPENSSL_config(const char *config_name) ENGINE_load_builtin_engines(); #endif ERR_clear_error(); +#ifndef OPENSSL_NO_STDIO CONF_modules_load_file(NULL, config_name, CONF_MFLAGS_DEFAULT_SECTION | CONF_MFLAGS_IGNORE_MISSING_FILE); +#endif openssl_configured = 1; } diff --git a/crypto/cryptlib.c b/crypto/cryptlib.c index 1925428..da4b34d 100644 --- a/crypto/cryptlib.c +++ b/crypto/cryptlib.c @@ -263,7 +263,7 @@ int CRYPTO_get_new_dynlockid(void) return (0); } pointer->references = 1; - pointer->data = dynlock_create_callback(__FILE__, __LINE__); + pointer->data = dynlock_create_callback(OPENSSL_FILE, OPENSSL_LINE); if (pointer->data == NULL) { OPENSSL_free(pointer); CRYPTOerr(CRYPTO_F_CRYPTO_GET_NEW_DYNLOCKID, ERR_R_MALLOC_FAILURE); @@ -289,7 +289,7 @@ int CRYPTO_get_new_dynlockid(void) CRYPTO_w_unlock(CRYPTO_LOCK_DYNLOCK); if (i == -1) { - dynlock_destroy_callback(pointer->data, __FILE__, __LINE__); + dynlock_destroy_callback(pointer->data, OPENSSL_FILE, OPENSSL_LINE); OPENSSL_free(pointer); } else i += 1; /* to avoid 0 */ @@ -328,7 +328,7 @@ void CRYPTO_destroy_dynlockid(int i) CRYPTO_w_unlock(CRYPTO_LOCK_DYNLOCK); if (pointer) { - dynlock_destroy_callback(pointer->data, __FILE__, __LINE__); + dynlock_destroy_callback(pointer->data, OPENSSL_FILE, OPENSSL_LINE); OPENSSL_free(pointer); } } @@ -670,6 +670,7 @@ unsigned long *OPENSSL_ia32cap_loc(void) } # if defined(OPENSSL_CPUID_OBJ) && !defined(OPENSSL_NO_ASM) && !defined(I386_ONLY) +#include # define OPENSSL_CPUID_SETUP # if defined(_WIN32) typedef unsigned __int64 IA32CAP; @@ -980,11 +981,13 @@ void OPENSSL_showfatal(const char *fmta, ...) #else void OPENSSL_showfatal(const char *fmta, ...) { +#ifndef OPENSSL_NO_STDIO va_list ap; va_start(ap, fmta); vfprintf(stderr, fmta, ap); va_end(ap); +#endif } int OPENSSL_isservice(void) @@ -1011,10 +1014,12 @@ void OpenSSLDie(const char *file, int line, const char *assertion) #endif } +#ifndef OPENSSL_NO_STDIO void *OPENSSL_stderr(void) { return stderr; } +#endif int CRYPTO_memcmp(const volatile void *in_a, const volatile void *in_b, size_t len) { diff --git a/crypto/cryptlib.h b/crypto/cryptlib.h index fba180a..3e3ea5e 100644 --- a/crypto/cryptlib.h +++ b/crypto/cryptlib.h @@ -101,7 +101,9 @@ extern "C" { void OPENSSL_cpuid_setup(void); extern unsigned int OPENSSL_ia32cap_P[]; void OPENSSL_showfatal(const char *fmta, ...); +#ifndef OPENSSL_NO_STDIO void *OPENSSL_stderr(void); +#endif extern int OPENSSL_NONPIC_relocated; #ifdef __cplusplus diff --git a/crypto/crypto.h b/crypto/crypto.h index 6c644ce..bea4ca1 100644 --- a/crypto/crypto.h +++ b/crypto/crypto.h @@ -235,15 +235,15 @@ typedef struct openssl_item_st { # ifndef OPENSSL_NO_LOCKING # ifndef CRYPTO_w_lock # define CRYPTO_w_lock(type) \ - CRYPTO_lock(CRYPTO_LOCK|CRYPTO_WRITE,type,__FILE__,__LINE__) + CRYPTO_lock(CRYPTO_LOCK|CRYPTO_WRITE,type,OPENSSL_FILE,OPENSSL_LINE) # define CRYPTO_w_unlock(type) \ - CRYPTO_lock(CRYPTO_UNLOCK|CRYPTO_WRITE,type,__FILE__,__LINE__) + CRYPTO_lock(CRYPTO_UNLOCK|CRYPTO_WRITE,type,OPENSSL_FILE,OPENSSL_LINE) # define CRYPTO_r_lock(type) \ - CRYPTO_lock(CRYPTO_LOCK|CRYPTO_READ,type,__FILE__,__LINE__) + CRYPTO_lock(CRYPTO_LOCK|CRYPTO_READ,type,OPENSSL_FILE,OPENSSL_LINE) # define CRYPTO_r_unlock(type) \ - CRYPTO_lock(CRYPTO_UNLOCK|CRYPTO_READ,type,__FILE__,__LINE__) + CRYPTO_lock(CRYPTO_UNLOCK|CRYPTO_READ,type,OPENSSL_FILE,OPENSSL_LINE) # define CRYPTO_add(addr,amount,type) \ - CRYPTO_add_lock(addr,amount,type,__FILE__,__LINE__) + CRYPTO_add_lock(addr,amount,type,OPENSSL_FILE,OPENSSL_LINE) # endif # else # define CRYPTO_w_lock(a) @@ -378,19 +378,19 @@ int CRYPTO_is_mem_check_on(void); # define MemCheck_off() CRYPTO_mem_ctrl(CRYPTO_MEM_CHECK_DISABLE) # define is_MemCheck_on() CRYPTO_is_mem_check_on() -# define OPENSSL_malloc(num) CRYPTO_malloc((int)num,__FILE__,__LINE__) -# define OPENSSL_strdup(str) CRYPTO_strdup((str),__FILE__,__LINE__) +# define OPENSSL_malloc(num) CRYPTO_malloc((int)num,OPENSSL_FILE,OPENSSL_LINE) +# define OPENSSL_strdup(str) CRYPTO_strdup((str),OPENSSL_FILE,OPENSSL_LINE) # define OPENSSL_realloc(addr,num) \ - CRYPTO_realloc((char *)addr,(int)num,__FILE__,__LINE__) + CRYPTO_realloc((char *)addr,(int)num,OPENSSL_FILE,OPENSSL_LINE) # define OPENSSL_realloc_clean(addr,old_num,num) \ - CRYPTO_realloc_clean(addr,old_num,num,__FILE__,__LINE__) + CRYPTO_realloc_clean(addr,old_num,num,OPENSSL_FILE,OPENSSL_LINE) # define OPENSSL_remalloc(addr,num) \ - CRYPTO_remalloc((char **)addr,(int)num,__FILE__,__LINE__) + CRYPTO_remalloc((char **)addr,(int)num,OPENSSL_FILE,OPENSSL_LINE) # define OPENSSL_freeFunc CRYPTO_free # define OPENSSL_free(addr) CRYPTO_free(addr) # define OPENSSL_malloc_locked(num) \ - CRYPTO_malloc_locked((int)num,__FILE__,__LINE__) + CRYPTO_malloc_locked((int)num,OPENSSL_FILE,OPENSSL_LINE) # define OPENSSL_free_locked(addr) CRYPTO_free_locked(addr) const char *SSLeay_version(int type); @@ -545,7 +545,7 @@ void CRYPTO_set_mem_debug_options(long bits); long CRYPTO_get_mem_debug_options(void); # define CRYPTO_push_info(info) \ - CRYPTO_push_info_(info, __FILE__, __LINE__); + CRYPTO_push_info_(info, OPENSSL_FILE, OPENSSL_LINE); int CRYPTO_push_info_(const char *info, const char *file, int line); int CRYPTO_pop_info(void); int CRYPTO_remove_all_info(void); @@ -588,7 +588,7 @@ void CRYPTO_mem_leaks_cb(CRYPTO_MEM_LEAK_CB *cb); /* die if we have to */ void OpenSSLDie(const char *file, int line, const char *assertion); -# define OPENSSL_assert(e) (void)((e) ? 0 : (OpenSSLDie(__FILE__, __LINE__, #e),1)) +# define OPENSSL_assert(e) (void)((e) ? 0 : (OpenSSLDie(OPENSSL_FILE, OPENSSL_LINE, #e),1)) unsigned long *OPENSSL_ia32cap_loc(void); # define OPENSSL_ia32cap (*(OPENSSL_ia32cap_loc())) @@ -605,14 +605,14 @@ void OPENSSL_init(void); # define fips_md_init_ctx(alg, cx) \ int alg##_Init(cx##_CTX *c) \ { \ - if (FIPS_mode()) OpenSSLDie(__FILE__, __LINE__, \ + if (FIPS_mode()) OpenSSLDie(OPENSSL_FILE, OPENSSL_LINE, \ "Low level API call to digest " #alg " forbidden in FIPS mode!"); \ return private_##alg##_Init(c); \ } \ int private_##alg##_Init(cx##_CTX *c) # define fips_cipher_abort(alg) \ - if (FIPS_mode()) OpenSSLDie(__FILE__, __LINE__, \ + if (FIPS_mode()) OpenSSLDie(OPENSSL_FILE, OPENSSL_LINE, \ "Low level API call to cipher " #alg " forbidden in FIPS mode!") # else diff --git a/crypto/des/read2pwd.c b/crypto/des/read2pwd.c index 01e275f..7633139 100644 --- a/crypto/des/read2pwd.c +++ b/crypto/des/read2pwd.c @@ -114,6 +114,10 @@ #include #include +#ifndef BUFSIZ +#define BUFSIZ 256 +#endif + int DES_read_password(DES_cblock *key, const char *prompt, int verify) { int ok; diff --git a/crypto/dh/Makefile b/crypto/dh/Makefile index 46fa5ac..cc366ec 100644 --- a/crypto/dh/Makefile +++ b/crypto/dh/Makefile @@ -134,7 +134,7 @@ dh_gen.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h dh_gen.o: ../../include/openssl/ossl_typ.h ../../include/openssl/safestack.h dh_gen.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h dh_gen.o: ../cryptlib.h dh_gen.c -dh_kdf.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h +dh_kdf.o: ../../e_os.h ../../include/openssl/asn1.h ../../include/openssl/bio.h dh_kdf.o: ../../include/openssl/buffer.h ../../include/openssl/cms.h dh_kdf.o: ../../include/openssl/crypto.h ../../include/openssl/dh.h dh_kdf.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h diff --git a/crypto/dh/dh.h b/crypto/dh/dh.h index a5bd901..6488879 100644 --- a/crypto/dh/dh.h +++ b/crypto/dh/dh.h @@ -240,11 +240,13 @@ DH *DH_get_1024_160(void); DH *DH_get_2048_224(void); DH *DH_get_2048_256(void); +# ifndef OPENSSL_NO_CMS /* RFC2631 KDF */ int DH_KDF_X9_42(unsigned char *out, size_t outlen, const unsigned char *Z, size_t Zlen, ASN1_OBJECT *key_oid, const unsigned char *ukm, size_t ukmlen, const EVP_MD *md); +# endif # define EVP_PKEY_CTX_set_dh_paramgen_prime_len(ctx, len) \ EVP_PKEY_CTX_ctrl(ctx, EVP_PKEY_DH, EVP_PKEY_OP_PARAMGEN, \ @@ -337,7 +339,9 @@ int DH_KDF_X9_42(unsigned char *out, size_t outlen, /* KDF types */ # define EVP_PKEY_DH_KDF_NONE 1 +# ifndef OPENSSL_NO_CMS # define EVP_PKEY_DH_KDF_X9_42 2 +# endif /* BEGIN ERROR CODES */ /* diff --git a/crypto/dh/dh_kdf.c b/crypto/dh/dh_kdf.c index a882cb2..aace5fb 100644 --- a/crypto/dh/dh_kdf.c +++ b/crypto/dh/dh_kdf.c @@ -51,6 +51,9 @@ * ==================================================================== */ +#include + +#ifndef OPENSSL_NO_CMS #include #include #include @@ -58,6 +61,7 @@ #include /* Key derivation from X9.42/RFC2631 */ +/* Uses CMS functions, hence the #ifdef wrapper. */ #define DH_KDF_MAX (1L << 30) @@ -185,3 +189,4 @@ int DH_KDF_X9_42(unsigned char *out, size_t outlen, EVP_MD_CTX_cleanup(&mctx); return rv; } +#endif diff --git a/crypto/dh/dh_pmeth.c b/crypto/dh/dh_pmeth.c index b58e3fa..926be98 100644 --- a/crypto/dh/dh_pmeth.c +++ b/crypto/dh/dh_pmeth.c @@ -207,7 +207,11 @@ static int pkey_dh_ctrl(EVP_PKEY_CTX *ctx, int type, int p1, void *p2) case EVP_PKEY_CTRL_DH_KDF_TYPE: if (p1 == -2) return dctx->kdf_type; +#ifdef OPENSSL_NO_CMS + if (p1 != EVP_PKEY_DH_KDF_NONE) +#else if (p1 != EVP_PKEY_DH_KDF_NONE && p1 != EVP_PKEY_DH_KDF_X9_42) +#endif return -2; dctx->kdf_type = p1; return 1; @@ -448,7 +452,9 @@ static int pkey_dh_derive(EVP_PKEY_CTX *ctx, unsigned char *key, return ret; *keylen = ret; return 1; - } else if (dctx->kdf_type == EVP_PKEY_DH_KDF_X9_42) { + } +#ifndef OPENSSL_NO_CMS + else if (dctx->kdf_type == EVP_PKEY_DH_KDF_X9_42) { unsigned char *Z = NULL; size_t Zlen = 0; if (!dctx->kdf_outlen || !dctx->kdf_oid) @@ -479,7 +485,8 @@ static int pkey_dh_derive(EVP_PKEY_CTX *ctx, unsigned char *key, } return ret; } - return 1; +#endif + return 0; } const EVP_PKEY_METHOD dh_pkey_meth = { diff --git a/crypto/engine/eng_int.h b/crypto/engine/eng_int.h index 46f163b..b4a72a0 100644 --- a/crypto/engine/eng_int.h +++ b/crypto/engine/eng_int.h @@ -88,7 +88,7 @@ extern "C" { (unsigned int)(e), (isfunct ? "funct" : "struct"), \ ((isfunct) ? ((e)->funct_ref - (diff)) : ((e)->struct_ref - (diff))), \ ((isfunct) ? (e)->funct_ref : (e)->struct_ref), \ - (__FILE__), (__LINE__)); + (OPENSSL_FILE), (OPENSSL_LINE)); # else @@ -136,7 +136,7 @@ ENGINE *engine_table_select(ENGINE_TABLE **table, int nid); # else ENGINE *engine_table_select_tmp(ENGINE_TABLE **table, int nid, const char *f, int l); -# define engine_table_select(t,n) engine_table_select_tmp(t,n,__FILE__,__LINE__) +# define engine_table_select(t,n) engine_table_select_tmp(t,n,OPENSSL_FILE,OPENSSL_LINE) # endif typedef void (engine_table_doall_cb) (int nid, STACK_OF(ENGINE) *sk, ENGINE *def, void *arg); diff --git a/crypto/engine/eng_openssl.c b/crypto/engine/eng_openssl.c index 34b0029..cf622bb 100644 --- a/crypto/engine/eng_openssl.c +++ b/crypto/engine/eng_openssl.c @@ -86,7 +86,9 @@ * this is no longer automatic in ENGINE_load_builtin_engines(). */ #define TEST_ENG_OPENSSL_RC4 +#ifndef OPENSSL_NO_FP_API #define TEST_ENG_OPENSSL_PKEY +#endif /* #define TEST_ENG_OPENSSL_RC4_OTHERS */ #define TEST_ENG_OPENSSL_RC4_P_INIT /* #define TEST_ENG_OPENSSL_RC4_P_CIPHER */ diff --git a/crypto/err/err.h b/crypto/err/err.h index 585aa8b..04c6cfc 100644 --- a/crypto/err/err.h +++ b/crypto/err/err.h @@ -200,39 +200,39 @@ typedef struct err_state_st { # define ERR_LIB_USER 128 -# define SYSerr(f,r) ERR_PUT_error(ERR_LIB_SYS,(f),(r),__FILE__,__LINE__) -# define BNerr(f,r) ERR_PUT_error(ERR_LIB_BN,(f),(r),__FILE__,__LINE__) -# define RSAerr(f,r) ERR_PUT_error(ERR_LIB_RSA,(f),(r),__FILE__,__LINE__) -# define DHerr(f,r) ERR_PUT_error(ERR_LIB_DH,(f),(r),__FILE__,__LINE__) -# define EVPerr(f,r) ERR_PUT_error(ERR_LIB_EVP,(f),(r),__FILE__,__LINE__) -# define BUFerr(f,r) ERR_PUT_error(ERR_LIB_BUF,(f),(r),__FILE__,__LINE__) -# define OBJerr(f,r) ERR_PUT_error(ERR_LIB_OBJ,(f),(r),__FILE__,__LINE__) -# define PEMerr(f,r) ERR_PUT_error(ERR_LIB_PEM,(f),(r),__FILE__,__LINE__) -# define DSAerr(f,r) ERR_PUT_error(ERR_LIB_DSA,(f),(r),__FILE__,__LINE__) -# define X509err(f,r) ERR_PUT_error(ERR_LIB_X509,(f),(r),__FILE__,__LINE__) -# define ASN1err(f,r) ERR_PUT_error(ERR_LIB_ASN1,(f),(r),__FILE__,__LINE__) -# define CONFerr(f,r) ERR_PUT_error(ERR_LIB_CONF,(f),(r),__FILE__,__LINE__) -# define CRYPTOerr(f,r) ERR_PUT_error(ERR_LIB_CRYPTO,(f),(r),__FILE__,__LINE__) -# define ECerr(f,r) ERR_PUT_error(ERR_LIB_EC,(f),(r),__FILE__,__LINE__) -# define SSLerr(f,r) ERR_PUT_error(ERR_LIB_SSL,(f),(r),__FILE__,__LINE__) -# define BIOerr(f,r) ERR_PUT_error(ERR_LIB_BIO,(f),(r),__FILE__,__LINE__) -# define PKCS7err(f,r) ERR_PUT_error(ERR_LIB_PKCS7,(f),(r),__FILE__,__LINE__) -# define X509V3err(f,r) ERR_PUT_error(ERR_LIB_X509V3,(f),(r),__FILE__,__LINE__) -# define PKCS12err(f,r) ERR_PUT_error(ERR_LIB_PKCS12,(f),(r),__FILE__,__LINE__) -# define RANDerr(f,r) ERR_PUT_error(ERR_LIB_RAND,(f),(r),__FILE__,__LINE__) -# define DSOerr(f,r) ERR_PUT_error(ERR_LIB_DSO,(f),(r),__FILE__,__LINE__) -# define ENGINEerr(f,r) ERR_PUT_error(ERR_LIB_ENGINE,(f),(r),__FILE__,__LINE__) -# define OCSPerr(f,r) ERR_PUT_error(ERR_LIB_OCSP,(f),(r),__FILE__,__LINE__) -# define UIerr(f,r) ERR_PUT_error(ERR_LIB_UI,(f),(r),__FILE__,__LINE__) -# define COMPerr(f,r) ERR_PUT_error(ERR_LIB_COMP,(f),(r),__FILE__,__LINE__) -# define ECDSAerr(f,r) ERR_PUT_error(ERR_LIB_ECDSA,(f),(r),__FILE__,__LINE__) -# define ECDHerr(f,r) ERR_PUT_error(ERR_LIB_ECDH,(f),(r),__FILE__,__LINE__) -# define STOREerr(f,r) ERR_PUT_error(ERR_LIB_STORE,(f),(r),__FILE__,__LINE__) -# define FIPSerr(f,r) ERR_PUT_error(ERR_LIB_FIPS,(f),(r),__FILE__,__LINE__) -# define CMSerr(f,r) ERR_PUT_error(ERR_LIB_CMS,(f),(r),__FILE__,__LINE__) -# define TSerr(f,r) ERR_PUT_error(ERR_LIB_TS,(f),(r),__FILE__,__LINE__) -# define HMACerr(f,r) ERR_PUT_error(ERR_LIB_HMAC,(f),(r),__FILE__,__LINE__) -# define JPAKEerr(f,r) ERR_PUT_error(ERR_LIB_JPAKE,(f),(r),__FILE__,__LINE__) +# define SYSerr(f,r) ERR_PUT_error(ERR_LIB_SYS,(f),(r),OPENSSL_FILE,OPENSSL_LINE) +# define BNerr(f,r) ERR_PUT_error(ERR_LIB_BN,(f),(r),OPENSSL_FILE,OPENSSL_LINE) +# define RSAerr(f,r) ERR_PUT_error(ERR_LIB_RSA,(f),(r),OPENSSL_FILE,OPENSSL_LINE) +# define DHerr(f,r) ERR_PUT_error(ERR_LIB_DH,(f),(r),OPENSSL_FILE,OPENSSL_LINE) +# define EVPerr(f,r) ERR_PUT_error(ERR_LIB_EVP,(f),(r),OPENSSL_FILE,OPENSSL_LINE) +# define BUFerr(f,r) ERR_PUT_error(ERR_LIB_BUF,(f),(r),OPENSSL_FILE,OPENSSL_LINE) +# define OBJerr(f,r) ERR_PUT_error(ERR_LIB_OBJ,(f),(r),OPENSSL_FILE,OPENSSL_LINE) +# define PEMerr(f,r) ERR_PUT_error(ERR_LIB_PEM,(f),(r),OPENSSL_FILE,OPENSSL_LINE) +# define DSAerr(f,r) ERR_PUT_error(ERR_LIB_DSA,(f),(r),OPENSSL_FILE,OPENSSL_LINE) +# define X509err(f,r) ERR_PUT_error(ERR_LIB_X509,(f),(r),OPENSSL_FILE,OPENSSL_LINE) +# define ASN1err(f,r) ERR_PUT_error(ERR_LIB_ASN1,(f),(r),OPENSSL_FILE,OPENSSL_LINE) +# define CONFerr(f,r) ERR_PUT_error(ERR_LIB_CONF,(f),(r),OPENSSL_FILE,OPENSSL_LINE) +# define CRYPTOerr(f,r) ERR_PUT_error(ERR_LIB_CRYPTO,(f),(r),OPENSSL_FILE,OPENSSL_LINE) +# define ECerr(f,r) ERR_PUT_error(ERR_LIB_EC,(f),(r),OPENSSL_FILE,OPENSSL_LINE) +# define SSLerr(f,r) ERR_PUT_error(ERR_LIB_SSL,(f),(r),OPENSSL_FILE,OPENSSL_LINE) +# define BIOerr(f,r) ERR_PUT_error(ERR_LIB_BIO,(f),(r),OPENSSL_FILE,OPENSSL_LINE) +# define PKCS7err(f,r) ERR_PUT_error(ERR_LIB_PKCS7,(f),(r),OPENSSL_FILE,OPENSSL_LINE) +# define X509V3err(f,r) ERR_PUT_error(ERR_LIB_X509V3,(f),(r),OPENSSL_FILE,OPENSSL_LINE) +# define PKCS12err(f,r) ERR_PUT_error(ERR_LIB_PKCS12,(f),(r),OPENSSL_FILE,OPENSSL_LINE) +# define RANDerr(f,r) ERR_PUT_error(ERR_LIB_RAND,(f),(r),OPENSSL_FILE,OPENSSL_LINE) +# define DSOerr(f,r) ERR_PUT_error(ERR_LIB_DSO,(f),(r),OPENSSL_FILE,OPENSSL_LINE) +# define ENGINEerr(f,r) ERR_PUT_error(ERR_LIB_ENGINE,(f),(r),OPENSSL_FILE,OPENSSL_LINE) +# define OCSPerr(f,r) ERR_PUT_error(ERR_LIB_OCSP,(f),(r),OPENSSL_FILE,OPENSSL_LINE) +# define UIerr(f,r) ERR_PUT_error(ERR_LIB_UI,(f),(r),OPENSSL_FILE,OPENSSL_LINE) +# define COMPerr(f,r) ERR_PUT_error(ERR_LIB_COMP,(f),(r),OPENSSL_FILE,OPENSSL_LINE) +# define ECDSAerr(f,r) ERR_PUT_error(ERR_LIB_ECDSA,(f),(r),OPENSSL_FILE,OPENSSL_LINE) +# define ECDHerr(f,r) ERR_PUT_error(ERR_LIB_ECDH,(f),(r),OPENSSL_FILE,OPENSSL_LINE) +# define STOREerr(f,r) ERR_PUT_error(ERR_LIB_STORE,(f),(r),OPENSSL_FILE,OPENSSL_LINE) +# define FIPSerr(f,r) ERR_PUT_error(ERR_LIB_FIPS,(f),(r),OPENSSL_FILE,OPENSSL_LINE) +# define CMSerr(f,r) ERR_PUT_error(ERR_LIB_CMS,(f),(r),OPENSSL_FILE,OPENSSL_LINE) +# define TSerr(f,r) ERR_PUT_error(ERR_LIB_TS,(f),(r),OPENSSL_FILE,OPENSSL_LINE) +# define HMACerr(f,r) ERR_PUT_error(ERR_LIB_HMAC,(f),(r),OPENSSL_FILE,OPENSSL_LINE) +# define JPAKEerr(f,r) ERR_PUT_error(ERR_LIB_JPAKE,(f),(r),OPENSSL_FILE,OPENSSL_LINE) /* * Borland C seems too stupid to be able to shift and do longs in the diff --git a/crypto/evp/evp.h b/crypto/evp/evp.h index 39ab793..ad1e350 100644 --- a/crypto/evp/evp.h +++ b/crypto/evp/evp.h @@ -602,11 +602,13 @@ int EVP_MD_CTX_copy(EVP_MD_CTX *out, const EVP_MD_CTX *in); int EVP_DigestInit(EVP_MD_CTX *ctx, const EVP_MD *type); int EVP_DigestFinal(EVP_MD_CTX *ctx, unsigned char *md, unsigned int *s); +#ifndef OPENSSL_NO_UI int EVP_read_pw_string(char *buf, int length, const char *prompt, int verify); int EVP_read_pw_string_min(char *buf, int minlen, int maxlen, const char *prompt, int verify); void EVP_set_pw_prompt(const char *prompt); char *EVP_get_pw_prompt(void); +#endif int EVP_BytesToKey(const EVP_CIPHER *type, const EVP_MD *md, const unsigned char *salt, const unsigned char *data, diff --git a/crypto/evp/evp_key.c b/crypto/evp/evp_key.c index 5be9e33..63c8866 100644 --- a/crypto/evp/evp_key.c +++ b/crypto/evp/evp_key.c @@ -63,6 +63,7 @@ #include #include +#ifndef OPENSSL_NO_UI /* should be init to zeros. */ static char prompt_string[80]; @@ -117,6 +118,7 @@ int EVP_read_pw_string_min(char *buf, int min, int len, const char *prompt, OPENSSL_cleanse(buff, BUFSIZ); return ret; } +#endif /* OPENSSL_NO_UI */ int EVP_BytesToKey(const EVP_CIPHER *type, const EVP_MD *md, const unsigned char *salt, const unsigned char *data, diff --git a/crypto/opensslconf.h.in b/crypto/opensslconf.h.in index 7a1c85d..7162c0f 100644 --- a/crypto/opensslconf.h.in +++ b/crypto/opensslconf.h.in @@ -1,5 +1,15 @@ /* crypto/opensslconf.h.in */ +#ifndef OPENSSL_FILE +#ifdef OPENSSL_NO_FILENAMES +#define OPENSSL_FILE "" +#define OPENSSL_LINE 0 +#else +#define OPENSSL_FILE __FILE__ +#define OPENSSL_LINE __LINE__ +#endif +#endif + /* Generate 80386 code? */ #undef I386_ONLY @@ -56,7 +66,7 @@ #endif #endif -#if defined(HEADER_BN_H) && !defined(CONFIG_HEADER_BN_H) +#if defined(HEADER_BN_H) && !defined(CONFIG_HEADER_BN_H) && !defined(OPENSSL_SYSNAME_UEFI) #define CONFIG_HEADER_BN_H #undef BN_LLONG diff --git a/crypto/pem/pem.h b/crypto/pem/pem.h index aac72fb..d271ec8 100644 --- a/crypto/pem/pem.h +++ b/crypto/pem/pem.h @@ -324,6 +324,7 @@ int PEM_write_bio_##name(BIO *bp, type *x, const EVP_CIPHER *enc, \ # define DECLARE_PEM_read_fp(name, type) /**/ # define DECLARE_PEM_write_fp(name, type) /**/ +# define DECLARE_PEM_write_fp_const(name, type) /**/ # define DECLARE_PEM_write_cb_fp(name, type) /**/ # else @@ -417,6 +418,7 @@ int PEM_X509_INFO_write_bio(BIO *bp, X509_INFO *xi, EVP_CIPHER *enc, pem_password_cb *cd, void *u); # endif +#ifndef OPENSSL_NO_FP_API int PEM_read(FILE *fp, char **name, char **header, unsigned char **data, long *len); int PEM_write(FILE *fp, const char *name, const char *hdr, @@ -428,6 +430,7 @@ int PEM_ASN1_write(i2d_of_void *i2d, const char *name, FILE *fp, int klen, pem_password_cb *callback, void *u); STACK_OF(X509_INFO) *PEM_X509_INFO_read(FILE *fp, STACK_OF(X509_INFO) *sk, pem_password_cb *cb, void *u); +#endif int PEM_SealInit(PEM_ENCODE_SEAL_CTX *ctx, EVP_CIPHER *type, EVP_MD *md_type, unsigned char **ek, int *ekl, @@ -494,6 +497,7 @@ int i2d_PKCS8PrivateKey_nid_bio(BIO *bp, EVP_PKEY *x, int nid, EVP_PKEY *d2i_PKCS8PrivateKey_bio(BIO *bp, EVP_PKEY **x, pem_password_cb *cb, void *u); +#ifndef OPENSSL_NO_FP_API int i2d_PKCS8PrivateKey_fp(FILE *fp, EVP_PKEY *x, const EVP_CIPHER *enc, char *kstr, int klen, pem_password_cb *cb, void *u); @@ -510,6 +514,7 @@ EVP_PKEY *d2i_PKCS8PrivateKey_fp(FILE *fp, EVP_PKEY **x, pem_password_cb *cb, int PEM_write_PKCS8PrivateKey(FILE *fp, EVP_PKEY *x, const EVP_CIPHER *enc, char *kstr, int klen, pem_password_cb *cd, void *u); +#endif EVP_PKEY *PEM_read_bio_Parameters(BIO *bp, EVP_PKEY **x); int PEM_write_bio_Parameters(BIO *bp, EVP_PKEY *x); diff --git a/crypto/pem/pem_lib.c b/crypto/pem/pem_lib.c index c82b3c0..56c77b1 100644 --- a/crypto/pem/pem_lib.c +++ b/crypto/pem/pem_lib.c @@ -84,7 +84,7 @@ int pem_check_suffix(const char *pem_str, const char *suffix); int PEM_def_callback(char *buf, int num, int w, void *key) { -#ifdef OPENSSL_NO_FP_API +#if defined(OPENSSL_NO_FP_API) || defined(OPENSSL_NO_UI) /* * We should not ever call the default callback routine from windows. */ diff --git a/crypto/pem/pem_pk8.c b/crypto/pem/pem_pk8.c index 5747c73..9edca4d 100644 --- a/crypto/pem/pem_pk8.c +++ b/crypto/pem/pem_pk8.c @@ -69,9 +69,11 @@ static int do_pk8pkey(BIO *bp, EVP_PKEY *x, int isder, int nid, const EVP_CIPHER *enc, char *kstr, int klen, pem_password_cb *cb, void *u); +#ifndef OPENSSL_NO_FP_API static int do_pk8pkey_fp(FILE *bp, EVP_PKEY *x, int isder, int nid, const EVP_CIPHER *enc, char *kstr, int klen, pem_password_cb *cb, void *u); +#endif /* * These functions write a private key in PKCS#8 format: it is a "drop in" diff --git a/crypto/pkcs7/pk7_smime.c b/crypto/pkcs7/pk7_smime.c index dc9b484..e75c4b2 100644 --- a/crypto/pkcs7/pk7_smime.c +++ b/crypto/pkcs7/pk7_smime.c @@ -64,6 +64,8 @@ #include #include +#define BUFFERSIZE 4096 + static int pkcs7_copy_existing_digest(PKCS7 *p7, PKCS7_SIGNER_INFO *si); PKCS7 *PKCS7_sign(X509 *signcert, EVP_PKEY *pkey, STACK_OF(X509) *certs, @@ -254,7 +256,7 @@ int PKCS7_verify(PKCS7 *p7, STACK_OF(X509) *certs, X509_STORE *store, STACK_OF(PKCS7_SIGNER_INFO) *sinfos; PKCS7_SIGNER_INFO *si; X509_STORE_CTX cert_ctx; - char buf[4096]; + char *buf = NULL; int i, j = 0, k, ret = 0; BIO *p7bio = NULL; BIO *tmpin = NULL, *tmpout = NULL; @@ -373,8 +375,12 @@ int PKCS7_verify(PKCS7 *p7, STACK_OF(X509) *certs, X509_STORE *store, tmpout = out; /* We now have to 'read' from p7bio to calculate digests etc. */ + if ((buf = OPENSSL_malloc(BUFFERSIZE)) == NULL) { + PKCS7err(PKCS7_F_PKCS7_VERIFY, ERR_R_MALLOC_FAILURE); + goto err; + } for (;;) { - i = BIO_read(p7bio, buf, sizeof(buf)); + i = BIO_read(p7bio, buf, BUFFERSIZE); if (i <= 0) break; if (tmpout) @@ -405,6 +411,7 @@ int PKCS7_verify(PKCS7 *p7, STACK_OF(X509) *certs, X509_STORE *store, ret = 1; err: + OPENSSL_free(buf); if (tmpin == indata) { if (indata) BIO_pop(p7bio); @@ -523,7 +530,7 @@ int PKCS7_decrypt(PKCS7 *p7, EVP_PKEY *pkey, X509 *cert, BIO *data, int flags) { BIO *tmpmem; int ret, i; - char buf[4096]; + char *buf = NULL; if (!p7) { PKCS7err(PKCS7_F_PKCS7_DECRYPT, PKCS7_R_INVALID_NULL_POINTER); @@ -567,24 +574,30 @@ int PKCS7_decrypt(PKCS7 *p7, EVP_PKEY *pkey, X509 *cert, BIO *data, int flags) } BIO_free_all(bread); return ret; - } else { - for (;;) { - i = BIO_read(tmpmem, buf, sizeof(buf)); - if (i <= 0) { - ret = 1; - if (BIO_method_type(tmpmem) == BIO_TYPE_CIPHER) { - if (!BIO_get_cipher_status(tmpmem)) - ret = 0; - } - - break; - } - if (BIO_write(data, buf, i) != i) { - ret = 0; - break; + } + if ((buf = OPENSSL_malloc(BUFFERSIZE)) == NULL) { + PKCS7err(PKCS7_F_PKCS7_DECRYPT, ERR_R_MALLOC_FAILURE); + goto err; + } + for (;;) { + i = BIO_read(tmpmem, buf, BUFFERSIZE); + if (i <= 0) { + ret = 1; + if (BIO_method_type(tmpmem) == BIO_TYPE_CIPHER) { + if (!BIO_get_cipher_status(tmpmem)) + ret = 0; } + + break; + } + if (BIO_write(data, buf, i) != i) { + ret = 0; + break; } - BIO_free_all(tmpmem); - return ret; } + +err: + OPENSSL_free(buf); + BIO_free_all(tmpmem); + return ret; } diff --git a/crypto/rand/rand_egd.c b/crypto/rand/rand_egd.c index 737aebf..f23f348 100644 --- a/crypto/rand/rand_egd.c +++ b/crypto/rand/rand_egd.c @@ -95,7 +95,7 @@ * RAND_egd() is a wrapper for RAND_egd_bytes() with numbytes=255. */ -#if defined(OPENSSL_SYS_WIN32) || defined(OPENSSL_SYS_VMS) || defined(OPENSSL_SYS_MSDOS) || defined(OPENSSL_SYS_VXWORKS) || defined(OPENSSL_SYS_NETWARE) || defined(OPENSSL_SYS_VOS) || defined(OPENSSL_SYS_BEOS) +#if defined(OPENSSL_SYS_WIN32) || defined(OPENSSL_SYS_VMS) || defined(OPENSSL_SYS_MSDOS) || defined(OPENSSL_SYS_VXWORKS) || defined(OPENSSL_SYS_NETWARE) || defined(OPENSSL_SYS_VOS) || defined(OPENSSL_SYS_BEOS) || defined(OPENSSL_SYS_UEFI) int RAND_query_egd_bytes(const char *path, unsigned char *buf, int bytes) { return (-1); diff --git a/crypto/rand/rand_unix.c b/crypto/rand/rand_unix.c index 6c5b65d..11ee152 100644 --- a/crypto/rand/rand_unix.c +++ b/crypto/rand/rand_unix.c @@ -116,7 +116,7 @@ #include #include "rand_lcl.h" -#if !(defined(OPENSSL_SYS_WINDOWS) || defined(OPENSSL_SYS_WIN32) || defined(OPENSSL_SYS_VMS) || defined(OPENSSL_SYS_OS2) || defined(OPENSSL_SYS_VXWORKS) || defined(OPENSSL_SYS_NETWARE)) +#if !(defined(OPENSSL_SYS_WINDOWS) || defined(OPENSSL_SYS_WIN32) || defined(OPENSSL_SYS_VMS) || defined(OPENSSL_SYS_OS2) || defined(OPENSSL_SYS_VXWORKS) || defined(OPENSSL_SYS_NETWARE) || defined(OPENSSL_SYS_UEFI)) # include # include @@ -439,7 +439,7 @@ int RAND_poll(void) * defined(OPENSSL_SYS_VXWORKS) || * defined(OPENSSL_SYS_NETWARE)) */ -#if defined(OPENSSL_SYS_VXWORKS) +#if defined(OPENSSL_SYS_VXWORKS) || defined(OPENSSL_SYS_UEFI) int RAND_poll(void) { return 0; diff --git a/crypto/ts/ts.h b/crypto/ts/ts.h index 2daa1b2..5205bc5 100644 --- a/crypto/ts/ts.h +++ b/crypto/ts/ts.h @@ -281,8 +281,10 @@ TS_REQ *d2i_TS_REQ(TS_REQ **a, const unsigned char **pp, long length); TS_REQ *TS_REQ_dup(TS_REQ *a); +#ifndef OPENSSL_NO_FP_API TS_REQ *d2i_TS_REQ_fp(FILE *fp, TS_REQ **a); int i2d_TS_REQ_fp(FILE *fp, TS_REQ *a); +#endif TS_REQ *d2i_TS_REQ_bio(BIO *fp, TS_REQ **a); int i2d_TS_REQ_bio(BIO *fp, TS_REQ *a); @@ -294,10 +296,12 @@ TS_MSG_IMPRINT *d2i_TS_MSG_IMPRINT(TS_MSG_IMPRINT **a, TS_MSG_IMPRINT *TS_MSG_IMPRINT_dup(TS_MSG_IMPRINT *a); +#ifndef OPENSSL_NO_FP_API TS_MSG_IMPRINT *d2i_TS_MSG_IMPRINT_fp(FILE *fp, TS_MSG_IMPRINT **a); int i2d_TS_MSG_IMPRINT_fp(FILE *fp, TS_MSG_IMPRINT *a); -TS_MSG_IMPRINT *d2i_TS_MSG_IMPRINT_bio(BIO *fp, TS_MSG_IMPRINT **a); -int i2d_TS_MSG_IMPRINT_bio(BIO *fp, TS_MSG_IMPRINT *a); +#endif +TS_MSG_IMPRINT *d2i_TS_MSG_IMPRINT_bio(BIO *bio, TS_MSG_IMPRINT **a); +int i2d_TS_MSG_IMPRINT_bio(BIO *bio, TS_MSG_IMPRINT *a); TS_RESP *TS_RESP_new(void); void TS_RESP_free(TS_RESP *a); @@ -306,10 +310,12 @@ TS_RESP *d2i_TS_RESP(TS_RESP **a, const unsigned char **pp, long length); TS_TST_INFO *PKCS7_to_TS_TST_INFO(PKCS7 *token); TS_RESP *TS_RESP_dup(TS_RESP *a); +#ifndef OPENSSL_NO_FP_API TS_RESP *d2i_TS_RESP_fp(FILE *fp, TS_RESP **a); int i2d_TS_RESP_fp(FILE *fp, TS_RESP *a); -TS_RESP *d2i_TS_RESP_bio(BIO *fp, TS_RESP **a); -int i2d_TS_RESP_bio(BIO *fp, TS_RESP *a); +#endif +TS_RESP *d2i_TS_RESP_bio(BIO *bio, TS_RESP **a); +int i2d_TS_RESP_bio(BIO *bio, TS_RESP *a); TS_STATUS_INFO *TS_STATUS_INFO_new(void); void TS_STATUS_INFO_free(TS_STATUS_INFO *a); @@ -325,10 +331,12 @@ TS_TST_INFO *d2i_TS_TST_INFO(TS_TST_INFO **a, const unsigned char **pp, long length); TS_TST_INFO *TS_TST_INFO_dup(TS_TST_INFO *a); +#ifndef OPENSSL_NO_FP_API TS_TST_INFO *d2i_TS_TST_INFO_fp(FILE *fp, TS_TST_INFO **a); int i2d_TS_TST_INFO_fp(FILE *fp, TS_TST_INFO *a); -TS_TST_INFO *d2i_TS_TST_INFO_bio(BIO *fp, TS_TST_INFO **a); -int i2d_TS_TST_INFO_bio(BIO *fp, TS_TST_INFO *a); +#endif +TS_TST_INFO *d2i_TS_TST_INFO_bio(BIO *bio, TS_TST_INFO **a); +int i2d_TS_TST_INFO_bio(BIO *bio, TS_TST_INFO *a); TS_ACCURACY *TS_ACCURACY_new(void); void TS_ACCURACY_free(TS_ACCURACY *a); @@ -731,15 +739,18 @@ int TS_MSG_IMPRINT_print_bio(BIO *bio, TS_MSG_IMPRINT *msg); * ts/ts_conf.c */ +#ifndef OPENSSL_NO_STDIO X509 *TS_CONF_load_cert(const char *file); STACK_OF(X509) *TS_CONF_load_certs(const char *file); EVP_PKEY *TS_CONF_load_key(const char *file, const char *pass); +#endif const char *TS_CONF_get_tsa_section(CONF *conf, const char *section); int TS_CONF_set_serial(CONF *conf, const char *section, TS_serial_cb cb, TS_RESP_CTX *ctx); int TS_CONF_set_crypto_device(CONF *conf, const char *section, const char *device); int TS_CONF_set_default_engine(const char *name); +#ifndef OPENSSL_NO_STDIO int TS_CONF_set_signer_cert(CONF *conf, const char *section, const char *cert, TS_RESP_CTX *ctx); int TS_CONF_set_certs(CONF *conf, const char *section, const char *certs, @@ -747,6 +758,7 @@ int TS_CONF_set_certs(CONF *conf, const char *section, const char *certs, int TS_CONF_set_signer_key(CONF *conf, const char *section, const char *key, const char *pass, TS_RESP_CTX *ctx); +#endif int TS_CONF_set_def_policy(CONF *conf, const char *section, const char *policy, TS_RESP_CTX *ctx); int TS_CONF_set_policies(CONF *conf, const char *section, TS_RESP_CTX *ctx); @@ -787,6 +799,11 @@ void ERR_load_TS_strings(void); # define TS_F_TS_CHECK_SIGNING_CERTS 103 # define TS_F_TS_CHECK_STATUS_INFO 104 # define TS_F_TS_COMPUTE_IMPRINT 145 +# define TS_F_TS_CONF_INVALID 151 +# define TS_F_TS_CONF_LOAD_CERT 153 +# define TS_F_TS_CONF_LOAD_CERTS 154 +# define TS_F_TS_CONF_LOAD_KEY 155 +# define TS_F_TS_CONF_LOOKUP_FAIL 152 # define TS_F_TS_CONF_SET_DEFAULT_ENGINE 146 # define TS_F_TS_GET_STATUS_TEXT 105 # define TS_F_TS_MSG_IMPRINT_SET_ALGO 118 @@ -825,6 +842,8 @@ void ERR_load_TS_strings(void); /* Reason codes. */ # define TS_R_BAD_PKCS7_TYPE 132 # define TS_R_BAD_TYPE 133 +# define TS_R_CANNOT_LOAD_CERT 137 +# define TS_R_CANNOT_LOAD_KEY 138 # define TS_R_CERTIFICATE_VERIFY_ERROR 100 # define TS_R_COULD_NOT_SET_ENGINE 127 # define TS_R_COULD_NOT_SET_TIME 115 @@ -857,6 +876,8 @@ void ERR_load_TS_strings(void); # define TS_R_UNACCEPTABLE_POLICY 125 # define TS_R_UNSUPPORTED_MD_ALGORITHM 126 # define TS_R_UNSUPPORTED_VERSION 113 +# define TS_R_VAR_BAD_VALUE 135 +# define TS_R_VAR_LOOKUP_FAILURE 136 # define TS_R_WRONG_CONTENT_TYPE 114 #ifdef __cplusplus diff --git a/crypto/ts/ts_conf.c b/crypto/ts/ts_conf.c index 4716b23..c4416ba 100644 --- a/crypto/ts/ts_conf.c +++ b/crypto/ts/ts_conf.c @@ -92,6 +92,7 @@ /* Function definitions for certificate and key loading. */ +#ifndef OPENSSL_NO_STDIO X509 *TS_CONF_load_cert(const char *file) { BIO *cert = NULL; @@ -102,7 +103,7 @@ X509 *TS_CONF_load_cert(const char *file) x = PEM_read_bio_X509_AUX(cert, NULL, NULL, NULL); end: if (x == NULL) - fprintf(stderr, "unable to load certificate: %s\n", file); + TSerr(TS_F_TS_CONF_LOAD_CERT, TS_R_CANNOT_LOAD_CERT); BIO_free(cert); return x; } @@ -129,7 +130,7 @@ STACK_OF(X509) *TS_CONF_load_certs(const char *file) } end: if (othercerts == NULL) - fprintf(stderr, "unable to load certificates: %s\n", file); + TSerr(TS_F_TS_CONF_LOAD_CERTS, TS_R_CANNOT_LOAD_CERT); sk_X509_INFO_pop_free(allcerts, X509_INFO_free); BIO_free(certs); return othercerts; @@ -145,21 +146,24 @@ EVP_PKEY *TS_CONF_load_key(const char *file, const char *pass) pkey = PEM_read_bio_PrivateKey(key, NULL, NULL, (char *)pass); end: if (pkey == NULL) - fprintf(stderr, "unable to load private key: %s\n", file); + TSerr(TS_F_TS_CONF_LOAD_KEY, TS_R_CANNOT_LOAD_KEY); BIO_free(key); return pkey; } +#endif /* !OPENSSL_NO_STDIO */ /* Function definitions for handling configuration options. */ static void TS_CONF_lookup_fail(const char *name, const char *tag) { - fprintf(stderr, "variable lookup failed for %s::%s\n", name, tag); + TSerr(TS_F_TS_CONF_LOOKUP_FAIL, TS_R_VAR_LOOKUP_FAILURE); + ERR_add_error_data(3, name, "::", tag); } static void TS_CONF_invalid(const char *name, const char *tag) { - fprintf(stderr, "invalid variable value for %s::%s\n", name, tag); + TSerr(TS_F_TS_CONF_INVALID, TS_R_VAR_BAD_VALUE); + ERR_add_error_data(3, name, "::", tag); } const char *TS_CONF_get_tsa_section(CONF *conf, const char *section) @@ -237,6 +241,7 @@ int TS_CONF_set_default_engine(const char *name) #endif +#ifndef OPENSSL_NO_STDIO int TS_CONF_set_signer_cert(CONF *conf, const char *section, const char *cert, TS_RESP_CTX *ctx) { @@ -302,6 +307,7 @@ int TS_CONF_set_signer_key(CONF *conf, const char *section, EVP_PKEY_free(key_obj); return ret; } +#endif /* !OPENSSL_NO_STDIO */ int TS_CONF_set_def_policy(CONF *conf, const char *section, const char *policy, TS_RESP_CTX *ctx) diff --git a/crypto/ts/ts_err.c b/crypto/ts/ts_err.c index ff1abf4..3f5b78f 100644 --- a/crypto/ts/ts_err.c +++ b/crypto/ts/ts_err.c @@ -1,6 +1,6 @@ /* crypto/ts/ts_err.c */ /* ==================================================================== - * Copyright (c) 1999-2007 The OpenSSL Project. All rights reserved. + * Copyright (c) 1999-2015 The OpenSSL Project. All rights reserved. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions @@ -87,6 +87,11 @@ static ERR_STRING_DATA TS_str_functs[] = { {ERR_FUNC(TS_F_TS_CHECK_SIGNING_CERTS), "TS_CHECK_SIGNING_CERTS"}, {ERR_FUNC(TS_F_TS_CHECK_STATUS_INFO), "TS_CHECK_STATUS_INFO"}, {ERR_FUNC(TS_F_TS_COMPUTE_IMPRINT), "TS_COMPUTE_IMPRINT"}, + {ERR_FUNC(TS_F_TS_CONF_INVALID), "ts_CONF_invalid"}, + {ERR_FUNC(TS_F_TS_CONF_LOAD_CERT), "TS_CONF_load_cert"}, + {ERR_FUNC(TS_F_TS_CONF_LOAD_CERTS), "TS_CONF_load_certs"}, + {ERR_FUNC(TS_F_TS_CONF_LOAD_KEY), "TS_CONF_load_key"}, + {ERR_FUNC(TS_F_TS_CONF_LOOKUP_FAIL), "ts_CONF_lookup_fail"}, {ERR_FUNC(TS_F_TS_CONF_SET_DEFAULT_ENGINE), "TS_CONF_set_default_engine"}, {ERR_FUNC(TS_F_TS_GET_STATUS_TEXT), "TS_GET_STATUS_TEXT"}, {ERR_FUNC(TS_F_TS_MSG_IMPRINT_SET_ALGO), "TS_MSG_IMPRINT_set_algo"}, @@ -132,6 +137,8 @@ static ERR_STRING_DATA TS_str_functs[] = { static ERR_STRING_DATA TS_str_reasons[] = { {ERR_REASON(TS_R_BAD_PKCS7_TYPE), "bad pkcs7 type"}, {ERR_REASON(TS_R_BAD_TYPE), "bad type"}, + {ERR_REASON(TS_R_CANNOT_LOAD_CERT), "cannot load certificate"}, + {ERR_REASON(TS_R_CANNOT_LOAD_KEY), "cannot load private key"}, {ERR_REASON(TS_R_CERTIFICATE_VERIFY_ERROR), "certificate verify error"}, {ERR_REASON(TS_R_COULD_NOT_SET_ENGINE), "could not set engine"}, {ERR_REASON(TS_R_COULD_NOT_SET_TIME), "could not set time"}, @@ -170,6 +177,8 @@ static ERR_STRING_DATA TS_str_reasons[] = { {ERR_REASON(TS_R_UNACCEPTABLE_POLICY), "unacceptable policy"}, {ERR_REASON(TS_R_UNSUPPORTED_MD_ALGORITHM), "unsupported md algorithm"}, {ERR_REASON(TS_R_UNSUPPORTED_VERSION), "unsupported version"}, + {ERR_REASON(TS_R_VAR_BAD_VALUE), "var bad value"}, + {ERR_REASON(TS_R_VAR_LOOKUP_FAILURE), "cannot find config variable"}, {ERR_REASON(TS_R_WRONG_CONTENT_TYPE), "wrong content type"}, {0, NULL} }; diff --git a/crypto/ui/ui_util.c b/crypto/ui/ui_util.c index 0f29011..80dd40e 100644 --- a/crypto/ui/ui_util.c +++ b/crypto/ui/ui_util.c @@ -56,6 +56,10 @@ #include #include "ui_locl.h" +#ifndef BUFSIZ +#define BUFSIZ 256 +#endif + int UI_UTIL_read_pw_string(char *buf, int length, const char *prompt, int verify) { diff --git a/crypto/x509/by_dir.c b/crypto/x509/by_dir.c index bbc3189..29695f9 100644 --- a/crypto/x509/by_dir.c +++ b/crypto/x509/by_dir.c @@ -69,6 +69,8 @@ # include #endif +#ifndef OPENSSL_NO_STDIO + #include #include @@ -438,3 +440,5 @@ static int get_cert_by_subject(X509_LOOKUP *xl, int type, X509_NAME *name, BUF_MEM_free(b); return (ok); } + +#endif /* OPENSSL_NO_STDIO */ diff --git a/crypto/x509/x509_vfy.c b/crypto/x509/x509_vfy.c index 8334b3f..d075f66 100644 --- a/crypto/x509/x509_vfy.c +++ b/crypto/x509/x509_vfy.c @@ -1064,6 +1064,8 @@ static int check_crl_time(X509_STORE_CTX *ctx, X509_CRL *crl, int notify) ctx->current_crl = crl; if (ctx->param->flags & X509_V_FLAG_USE_CHECK_TIME) ptime = &ctx->param->check_time; + else if (ctx->param->flags & X509_V_FLAG_NO_CHECK_TIME) + return 1; else ptime = NULL; @@ -1805,6 +1807,8 @@ static int check_cert_time(X509_STORE_CTX *ctx, X509 *x) if (ctx->param->flags & X509_V_FLAG_USE_CHECK_TIME) ptime = &ctx->param->check_time; + else if (ctx->param->flags & X509_V_FLAG_NO_CHECK_TIME) + return 1; else ptime = NULL; diff --git a/crypto/x509/x509_vfy.h b/crypto/x509/x509_vfy.h index 5062682..e90d931 100644 --- a/crypto/x509/x509_vfy.h +++ b/crypto/x509/x509_vfy.h @@ -443,6 +443,8 @@ void X509_STORE_CTX_set_depth(X509_STORE_CTX *ctx, int depth); * will force the behaviour to match that of previous versions. */ # define X509_V_FLAG_NO_ALT_CHAINS 0x100000 +/* Do not check certificate/CRL validity against current time */ +# define X509_V_FLAG_NO_CHECK_TIME 0x200000 # define X509_VP_FLAG_DEFAULT 0x1 # define X509_VP_FLAG_OVERWRITE 0x2 @@ -496,8 +498,10 @@ X509_STORE *X509_STORE_CTX_get0_store(X509_STORE_CTX *ctx); X509_LOOKUP *X509_STORE_add_lookup(X509_STORE *v, X509_LOOKUP_METHOD *m); +#ifndef OPENSSL_NO_STDIO X509_LOOKUP_METHOD *X509_LOOKUP_hash_dir(void); X509_LOOKUP_METHOD *X509_LOOKUP_file(void); +#endif int X509_STORE_add_cert(X509_STORE *ctx, X509 *x); int X509_STORE_add_crl(X509_STORE *ctx, X509_CRL *x); diff --git a/crypto/x509v3/ext_dat.h b/crypto/x509v3/ext_dat.h index c3a6fce..09ebbca 100644 --- a/crypto/x509v3/ext_dat.h +++ b/crypto/x509v3/ext_dat.h @@ -127,8 +127,10 @@ static const X509V3_EXT_METHOD *standard_exts[] = { &v3_idp, &v3_alt[2], &v3_freshest_crl, +#ifndef OPENSSL_NO_SCT &v3_ct_scts[0], &v3_ct_scts[1], +#endif }; /* Number of standard extensions */ diff --git a/crypto/x509v3/v3_pci.c b/crypto/x509v3/v3_pci.c index 34cad53..12f12a7 100644 --- a/crypto/x509v3/v3_pci.c +++ b/crypto/x509v3/v3_pci.c @@ -149,6 +149,7 @@ static int process_pci_value(CONF_VALUE *val, goto err; } OPENSSL_free(tmp_data2); +#ifndef OPENSSL_NO_STDIO } else if (strncmp(val->value, "file:", 5) == 0) { unsigned char buf[2048]; int n; @@ -181,6 +182,7 @@ static int process_pci_value(CONF_VALUE *val, X509V3_conf_err(val); goto err; } +#endif /* !OPENSSL_NO_STDIO */ } else if (strncmp(val->value, "text:", 5) == 0) { val_len = strlen(val->value + 5); tmp_data = OPENSSL_realloc((*policy)->data, diff --git a/crypto/x509v3/v3_scts.c b/crypto/x509v3/v3_scts.c index 0b7c681..1895b8f 100644 --- a/crypto/x509v3/v3_scts.c +++ b/crypto/x509v3/v3_scts.c @@ -61,6 +61,7 @@ #include #include +#ifndef OPENSSL_NO_SCT /* Signature and hash algorithms from RFC 5246 */ #define TLSEXT_hash_sha256 4 @@ -332,3 +333,4 @@ static int i2r_SCT_LIST(X509V3_EXT_METHOD *method, STACK_OF(SCT) *sct_list, return 1; } +#endif diff --git a/crypto/x509v3/x509v3.h b/crypto/x509v3/x509v3.h index f5c6156..a2e78aa 100644 --- a/crypto/x509v3/x509v3.h +++ b/crypto/x509v3/x509v3.h @@ -688,8 +688,9 @@ void X509V3_EXT_val_prn(BIO *out, STACK_OF(CONF_VALUE) *val, int indent, int ml); int X509V3_EXT_print(BIO *out, X509_EXTENSION *ext, unsigned long flag, int indent); +#ifndef OPENSSL_NO_FP_API int X509V3_EXT_print_fp(FILE *out, X509_EXTENSION *ext, int flag, int indent); - +#endif int X509V3_extensions_print(BIO *out, char *title, STACK_OF(X509_EXTENSION) *exts, unsigned long flag, int indent); diff --git a/demos/engines/cluster_labs/hw_cluster_labs_err.h b/demos/engines/cluster_labs/hw_cluster_labs_err.h index 3300e11..e9e58d5 100644 --- a/demos/engines/cluster_labs/hw_cluster_labs_err.h +++ b/demos/engines/cluster_labs/hw_cluster_labs_err.h @@ -67,7 +67,7 @@ extern "C" { static void ERR_load_CL_strings(void); static void ERR_unload_CL_strings(void); static void ERR_CL_error(int function, int reason, char *file, int line); -# define CLerr(f,r) ERR_CL_error((f),(r),__FILE__,__LINE__) +# define CLerr(f,r) ERR_CL_error((f),(r),OPENSSL_FILE,OPENSSL_LINE) /* Error codes for the CL functions. */ diff --git a/demos/engines/ibmca/hw_ibmca_err.h b/demos/engines/ibmca/hw_ibmca_err.h index c17e0c9..10d0212 100644 --- a/demos/engines/ibmca/hw_ibmca_err.h +++ b/demos/engines/ibmca/hw_ibmca_err.h @@ -67,7 +67,7 @@ extern "C" { static void ERR_load_IBMCA_strings(void); static void ERR_unload_IBMCA_strings(void); static void ERR_IBMCA_error(int function, int reason, char *file, int line); -# define IBMCAerr(f,r) ERR_IBMCA_error((f),(r),__FILE__,__LINE__) +# define IBMCAerr(f,r) ERR_IBMCA_error((f),(r),OPENSSL_FILE,OPENSSL_LINE) /* Error codes for the IBMCA functions. */ diff --git a/demos/engines/rsaref/rsaref_err.h b/demos/engines/rsaref/rsaref_err.h index 4356815..598836f 100644 --- a/demos/engines/rsaref/rsaref_err.h +++ b/demos/engines/rsaref/rsaref_err.h @@ -68,7 +68,7 @@ extern "C" { static void ERR_load_RSAREF_strings(void); static void ERR_unload_RSAREF_strings(void); static void ERR_RSAREF_error(int function, int reason, char *file, int line); -# define RSAREFerr(f,r) ERR_RSAREF_error((f),(r),__FILE__,__LINE__) +# define RSAREFerr(f,r) ERR_RSAREF_error((f),(r),OPENSSL_FILE,OPENSSL_LINE) /* Error codes for the RSAREF functions. */ /* Function codes. */ diff --git a/demos/engines/zencod/hw_zencod_err.h b/demos/engines/zencod/hw_zencod_err.h index f4a8358..94d3293 100644 --- a/demos/engines/zencod/hw_zencod_err.h +++ b/demos/engines/zencod/hw_zencod_err.h @@ -67,7 +67,7 @@ extern "C" { static void ERR_load_ZENCOD_strings(void); static void ERR_unload_ZENCOD_strings(void); static void ERR_ZENCOD_error(int function, int reason, char *file, int line); -# define ZENCODerr(f,r) ERR_ZENCOD_error((f),(r),__FILE__,__LINE__) +# define ZENCODerr(f,r) ERR_ZENCOD_error((f),(r),OPENSSL_FILE,OPENSSL_LINE) /* Error codes for the ZENCOD functions. */ diff --git a/doc/crypto/X509_VERIFY_PARAM_set_flags.pod b/doc/crypto/X509_VERIFY_PARAM_set_flags.pod index 44792f9..7f95d58 100644 --- a/doc/crypto/X509_VERIFY_PARAM_set_flags.pod +++ b/doc/crypto/X509_VERIFY_PARAM_set_flags.pod @@ -203,6 +203,10 @@ chain found is not trusted, then OpenSSL will continue to check to see if an alternative chain can be found that is trusted. With this flag set the behaviour will match that of OpenSSL versions prior to 1.0.2b. +The B flag suppresses checking the validity period +of certificates and CRLs against the current time. If X509_VERIFY_PARAM_set_time() +is used to specify a verification time, the check is not suppressed. + =head1 NOTES The above functions should be used to manipulate verification parameters diff --git a/doc/crypto/threads.pod b/doc/crypto/threads.pod index dc0e939..fe123bb 100644 --- a/doc/crypto/threads.pod +++ b/doc/crypto/threads.pod @@ -51,15 +51,15 @@ CRYPTO_destroy_dynlockid, CRYPTO_lock - OpenSSL thread support void CRYPTO_lock(int mode, int n, const char *file, int line); #define CRYPTO_w_lock(type) \ - CRYPTO_lock(CRYPTO_LOCK|CRYPTO_WRITE,type,__FILE__,__LINE__) + CRYPTO_lock(CRYPTO_LOCK|CRYPTO_WRITE,type,OPENSSL_FILE,OPENSSL_LINE) #define CRYPTO_w_unlock(type) \ - CRYPTO_lock(CRYPTO_UNLOCK|CRYPTO_WRITE,type,__FILE__,__LINE__) + CRYPTO_lock(CRYPTO_UNLOCK|CRYPTO_WRITE,type,OPENSSL_FILE,OPENSSL_LINE) #define CRYPTO_r_lock(type) \ - CRYPTO_lock(CRYPTO_LOCK|CRYPTO_READ,type,__FILE__,__LINE__) + CRYPTO_lock(CRYPTO_LOCK|CRYPTO_READ,type,OPENSSL_FILE,OPENSSL_LINE) #define CRYPTO_r_unlock(type) \ - CRYPTO_lock(CRYPTO_UNLOCK|CRYPTO_READ,type,__FILE__,__LINE__) + CRYPTO_lock(CRYPTO_UNLOCK|CRYPTO_READ,type,OPENSSL_FILE,OPENSSL_LINE) #define CRYPTO_add(addr,amount,type) \ - CRYPTO_add_lock(addr,amount,type,__FILE__,__LINE__) + CRYPTO_add_lock(addr,amount,type,OPENSSL_FILE,OPENSSL_LINE) =head1 DESCRIPTION diff --git a/e_os.h b/e_os.h index 1fa36c1..3e9dae2 100644 --- a/e_os.h +++ b/e_os.h @@ -136,7 +136,7 @@ extern "C" { # define MSDOS # endif -# if defined(MSDOS) && !defined(GETPID_IS_MEANINGLESS) +# if (defined(MSDOS) || defined(OPENSSL_SYS_UEFI)) && !defined(GETPID_IS_MEANINGLESS) # define GETPID_IS_MEANINGLESS # endif diff --git a/e_os2.h b/e_os2.h index 7be9989..909e22f 100644 --- a/e_os2.h +++ b/e_os2.h @@ -97,7 +97,14 @@ extern "C" { * For 32 bit environment, there seems to be the CygWin environment and then * all the others that try to do the same thing Microsoft does... */ -# if defined(OPENSSL_SYSNAME_UWIN) +/* + * UEFI lives here because it might be built with a Microsoft toolchain and + * we need to avoid the false positive match on Windows. + */ +# if defined(OPENSSL_SYSNAME_UEFI) +# undef OPENSSL_SYS_UNIX +# define OPENSSL_SYS_UEFI +# elif defined(OPENSSL_SYSNAME_UWIN) # undef OPENSSL_SYS_UNIX # define OPENSSL_SYS_WIN32_UWIN # else diff --git a/engines/ccgost/e_gost_err.h b/engines/ccgost/e_gost_err.h index a2018ec..9eacdcf 100644 --- a/engines/ccgost/e_gost_err.h +++ b/engines/ccgost/e_gost_err.h @@ -67,7 +67,7 @@ extern "C" { void ERR_load_GOST_strings(void); void ERR_unload_GOST_strings(void); void ERR_GOST_error(int function, int reason, char *file, int line); -# define GOSTerr(f,r) ERR_GOST_error((f),(r),__FILE__,__LINE__) +# define GOSTerr(f,r) ERR_GOST_error((f),(r),OPENSSL_FILE,OPENSSL_LINE) /* Error codes for the GOST functions. */ diff --git a/engines/e_4758cca_err.h b/engines/e_4758cca_err.h index 2f29d96..47a2635 100644 --- a/engines/e_4758cca_err.h +++ b/engines/e_4758cca_err.h @@ -67,7 +67,7 @@ extern "C" { static void ERR_load_CCA4758_strings(void); static void ERR_unload_CCA4758_strings(void); static void ERR_CCA4758_error(int function, int reason, char *file, int line); -# define CCA4758err(f,r) ERR_CCA4758_error((f),(r),__FILE__,__LINE__) +# define CCA4758err(f,r) ERR_CCA4758_error((f),(r),OPENSSL_FILE,OPENSSL_LINE) /* Error codes for the CCA4758 functions. */ diff --git a/engines/e_aep_err.h b/engines/e_aep_err.h index 2ed0114..1f8fa5b 100644 --- a/engines/e_aep_err.h +++ b/engines/e_aep_err.h @@ -67,7 +67,7 @@ extern "C" { static void ERR_load_AEPHK_strings(void); static void ERR_unload_AEPHK_strings(void); static void ERR_AEPHK_error(int function, int reason, char *file, int line); -# define AEPHKerr(f,r) ERR_AEPHK_error((f),(r),__FILE__,__LINE__) +# define AEPHKerr(f,r) ERR_AEPHK_error((f),(r),OPENSSL_FILE,OPENSSL_LINE) /* Error codes for the AEPHK functions. */ diff --git a/engines/e_atalla_err.h b/engines/e_atalla_err.h index 7b71eff..d958496 100644 --- a/engines/e_atalla_err.h +++ b/engines/e_atalla_err.h @@ -67,7 +67,7 @@ extern "C" { static void ERR_load_ATALLA_strings(void); static void ERR_unload_ATALLA_strings(void); static void ERR_ATALLA_error(int function, int reason, char *file, int line); -# define ATALLAerr(f,r) ERR_ATALLA_error((f),(r),__FILE__,__LINE__) +# define ATALLAerr(f,r) ERR_ATALLA_error((f),(r),OPENSSL_FILE,OPENSSL_LINE) /* Error codes for the ATALLA functions. */ diff --git a/engines/e_capi_err.h b/engines/e_capi_err.h index b5d06dc..cfe46b1 100644 --- a/engines/e_capi_err.h +++ b/engines/e_capi_err.h @@ -67,7 +67,7 @@ extern "C" { static void ERR_load_CAPI_strings(void); static void ERR_unload_CAPI_strings(void); static void ERR_CAPI_error(int function, int reason, char *file, int line); -# define CAPIerr(f,r) ERR_CAPI_error((f),(r),__FILE__,__LINE__) +# define CAPIerr(f,r) ERR_CAPI_error((f),(r),OPENSSL_FILE,OPENSSL_LINE) /* Error codes for the CAPI functions. */ diff --git a/engines/e_chil_err.h b/engines/e_chil_err.h index d86a4ce..3d961b9 100644 --- a/engines/e_chil_err.h +++ b/engines/e_chil_err.h @@ -67,7 +67,7 @@ extern "C" { static void ERR_load_HWCRHK_strings(void); static void ERR_unload_HWCRHK_strings(void); static void ERR_HWCRHK_error(int function, int reason, char *file, int line); -# define HWCRHKerr(f,r) ERR_HWCRHK_error((f),(r),__FILE__,__LINE__) +# define HWCRHKerr(f,r) ERR_HWCRHK_error((f),(r),OPENSSL_FILE,OPENSSL_LINE) /* Error codes for the HWCRHK functions. */ diff --git a/engines/e_cswift_err.h b/engines/e_cswift_err.h index fde3a82..7c20691 100644 --- a/engines/e_cswift_err.h +++ b/engines/e_cswift_err.h @@ -67,7 +67,7 @@ extern "C" { static void ERR_load_CSWIFT_strings(void); static void ERR_unload_CSWIFT_strings(void); static void ERR_CSWIFT_error(int function, int reason, char *file, int line); -# define CSWIFTerr(f,r) ERR_CSWIFT_error((f),(r),__FILE__,__LINE__) +# define CSWIFTerr(f,r) ERR_CSWIFT_error((f),(r),OPENSSL_FILE,OPENSSL_LINE) /* Error codes for the CSWIFT functions. */ diff --git a/engines/e_gmp_err.h b/engines/e_gmp_err.h index 637abbc..ccaf3da 100644 --- a/engines/e_gmp_err.h +++ b/engines/e_gmp_err.h @@ -67,7 +67,7 @@ extern "C" { static void ERR_load_GMP_strings(void); static void ERR_unload_GMP_strings(void); static void ERR_GMP_error(int function, int reason, char *file, int line); -# define GMPerr(f,r) ERR_GMP_error((f),(r),__FILE__,__LINE__) +# define GMPerr(f,r) ERR_GMP_error((f),(r),OPENSSL_FILE,OPENSSL_LINE) /* Error codes for the GMP functions. */ diff --git a/engines/e_nuron_err.h b/engines/e_nuron_err.h index aa7849c..e607d3e 100644 --- a/engines/e_nuron_err.h +++ b/engines/e_nuron_err.h @@ -67,7 +67,7 @@ extern "C" { static void ERR_load_NURON_strings(void); static void ERR_unload_NURON_strings(void); static void ERR_NURON_error(int function, int reason, char *file, int line); -# define NURONerr(f,r) ERR_NURON_error((f),(r),__FILE__,__LINE__) +# define NURONerr(f,r) ERR_NURON_error((f),(r),OPENSSL_FILE,OPENSSL_LINE) /* Error codes for the NURON functions. */ diff --git a/engines/e_sureware_err.h b/engines/e_sureware_err.h index bef8623..54f2848 100644 --- a/engines/e_sureware_err.h +++ b/engines/e_sureware_err.h @@ -68,7 +68,7 @@ static void ERR_load_SUREWARE_strings(void); static void ERR_unload_SUREWARE_strings(void); static void ERR_SUREWARE_error(int function, int reason, char *file, int line); -# define SUREWAREerr(f,r) ERR_SUREWARE_error((f),(r),__FILE__,__LINE__) +# define SUREWAREerr(f,r) ERR_SUREWARE_error((f),(r),OPENSSL_FILE,OPENSSL_LINE) /* Error codes for the SUREWARE functions. */ diff --git a/engines/e_ubsec_err.h b/engines/e_ubsec_err.h index c8aec7c..67110ed 100644 --- a/engines/e_ubsec_err.h +++ b/engines/e_ubsec_err.h @@ -67,7 +67,7 @@ extern "C" { static void ERR_load_UBSEC_strings(void); static void ERR_unload_UBSEC_strings(void); static void ERR_UBSEC_error(int function, int reason, char *file, int line); -# define UBSECerr(f,r) ERR_UBSEC_error((f),(r),__FILE__,__LINE__) +# define UBSECerr(f,r) ERR_UBSEC_error((f),(r),OPENSSL_FILE,OPENSSL_LINE) /* Error codes for the UBSEC functions. */ diff --git a/makevms.com b/makevms.com index f6b3ff2..1dcbe36 100755 --- a/makevms.com +++ b/makevms.com @@ -293,6 +293,7 @@ $ CONFIG_LOGICALS := AES,- RFC3779,- RIPEMD,- RSA,- + SCT,- SCTP,- SEED,- SHA,- diff --git a/ssl/d1_both.c b/ssl/d1_both.c index 9bc6153..b5648eb 100644 --- a/ssl/d1_both.c +++ b/ssl/d1_both.c @@ -1068,7 +1068,7 @@ int dtls1_send_change_cipher_spec(SSL *s, int a, int b) int dtls1_read_failed(SSL *s, int code) { if (code > 0) { - fprintf(stderr, "invalid state reached %s:%d", __FILE__, __LINE__); + fprintf(stderr, "dtls1_read_failed(); invalid state reached\n"); return 1; } diff --git a/ssl/ssl_asn1.c b/ssl/ssl_asn1.c index 499f0e8..5672f99 100644 --- a/ssl/ssl_asn1.c +++ b/ssl/ssl_asn1.c @@ -418,7 +418,7 @@ SSL_SESSION *d2i_SSL_SESSION(SSL_SESSION **a, const unsigned char **pp, if (ssl_version == SSL2_VERSION) { if (os.length != 3) { c.error = SSL_R_CIPHER_CODE_WRONG_LENGTH; - c.line = __LINE__; + c.line = OPENSSL_LINE; goto err; } id = 0x02000000L | @@ -429,14 +429,14 @@ SSL_SESSION *d2i_SSL_SESSION(SSL_SESSION **a, const unsigned char **pp, || ssl_version == DTLS1_BAD_VER) { if (os.length != 2) { c.error = SSL_R_CIPHER_CODE_WRONG_LENGTH; - c.line = __LINE__; + c.line = OPENSSL_LINE; goto err; } id = 0x03000000L | ((unsigned long)os.data[0] << 8L) | (unsigned long)os.data[1]; } else { c.error = SSL_R_UNKNOWN_SSL_VERSION; - c.line = __LINE__; + c.line = OPENSSL_LINE; goto err; } @@ -526,7 +526,7 @@ SSL_SESSION *d2i_SSL_SESSION(SSL_SESSION **a, const unsigned char **pp, if (os.data != NULL) { if (os.length > SSL_MAX_SID_CTX_LENGTH) { c.error = SSL_R_BAD_LENGTH; - c.line = __LINE__; + c.line = OPENSSL_LINE; OPENSSL_free(os.data); os.data = NULL; os.length = 0; diff --git a/ssl/ssl_cert.c b/ssl/ssl_cert.c index f48ebae..ac4f08c 100644 --- a/ssl/ssl_cert.c +++ b/ssl/ssl_cert.c @@ -857,12 +857,12 @@ int SSL_CTX_add_client_CA(SSL_CTX *ctx, X509 *x) return (add_client_CA(&(ctx->client_CA), x)); } +#ifndef OPENSSL_NO_STDIO static int xname_cmp(const X509_NAME *const *a, const X509_NAME *const *b) { return (X509_NAME_cmp(*a, *b)); } -#ifndef OPENSSL_NO_STDIO /** * Load CA certs from a file into a ::STACK. Note that it is somewhat misnamed; * it doesn't really have anything to do with clients (except that a common use @@ -930,7 +930,6 @@ STACK_OF(X509_NAME) *SSL_load_client_CA_file(const char *file) ERR_clear_error(); return (ret); } -#endif /** * Add a file of certs to a stack. @@ -1050,6 +1049,7 @@ int SSL_add_dir_cert_subjects_to_stack(STACK_OF(X509_NAME) *stack, CRYPTO_w_unlock(CRYPTO_LOCK_READDIR); return ret; } +#endif /* !OPENSSL_NO_STDIO */ /* Add a certificate to a BUF_MEM structure */ diff --git a/ssl/ssl_conf.c b/ssl/ssl_conf.c index 8d3709d..2bb403b 100644 --- a/ssl/ssl_conf.c +++ b/ssl/ssl_conf.c @@ -370,6 +370,7 @@ static int cmd_Options(SSL_CONF_CTX *cctx, const char *value) return CONF_parse_list(value, ',', 1, ssl_set_option_list, cctx); } +#ifndef OPENSSL_NO_STDIO static int cmd_Certificate(SSL_CONF_CTX *cctx, const char *value) { int rv = 1; @@ -436,7 +437,9 @@ static int cmd_DHParameters(SSL_CONF_CTX *cctx, const char *value) BIO_free(in); return rv > 0; } -#endif +#endif /* !OPENSSL_NO_DH */ +#endif /* !OPENSSL_NO_STDIO */ + typedef struct { int (*cmd) (SSL_CONF_CTX *cctx, const char *value); const char *str_file; @@ -462,12 +465,14 @@ static const ssl_conf_cmd_tbl ssl_conf_cmds[] = { SSL_CONF_CMD_STRING(CipherString, "cipher"), SSL_CONF_CMD_STRING(Protocol, NULL), SSL_CONF_CMD_STRING(Options, NULL), +#ifndef OPENSSL_NO_STDIO SSL_CONF_CMD(Certificate, "cert", SSL_CONF_TYPE_FILE), SSL_CONF_CMD(PrivateKey, "key", SSL_CONF_TYPE_FILE), SSL_CONF_CMD(ServerInfoFile, NULL, SSL_CONF_TYPE_FILE), #ifndef OPENSSL_NO_DH SSL_CONF_CMD(DHParameters, "dhparam", SSL_CONF_TYPE_FILE) #endif +#endif }; static int ssl_conf_cmd_skip_prefix(SSL_CONF_CTX *cctx, const char **pcmd) diff --git a/ssl/t1_enc.c b/ssl/t1_enc.c index b6d1ee9..75f38cd 100644 --- a/ssl/t1_enc.c +++ b/ssl/t1_enc.c @@ -779,9 +779,7 @@ int tls1_enc(SSL *s, int send) * we can't write into the input stream: Can this ever * happen?? (steve) */ - fprintf(stderr, - "%s:%d: rec->data != rec->input\n", - __FILE__, __LINE__); + fprintf(stderr, "tls1_enc: rec->data != rec->input\n"); else if (RAND_bytes(rec->input, ivlen) <= 0) return -1; } diff --git a/test/cms-test.pl b/test/cms-test.pl index baa3b59..1ee3f02 100644 --- a/test/cms-test.pl +++ b/test/cms-test.pl @@ -100,6 +100,13 @@ my $no_ec2m; my $no_ecdh; my $ossl8 = `$ossl_path version -v` =~ /0\.9\.8/; +system ("$ossl_path no-cms > $null_path"); +if ($? == 0) + { + print "CMS disabled\n"; + exit 0; + } + system ("$ossl_path no-ec > $null_path"); if ($? == 0) { diff --git a/util/libeay.num b/util/libeay.num index 2094ab3..992abb2 100755 --- a/util/libeay.num +++ b/util/libeay.num @@ -4370,7 +4370,7 @@ DH_compute_key_padded 4732 EXIST::FUNCTION:DH ECDSA_METHOD_set_sign 4733 EXIST::FUNCTION:ECDSA CMS_RecipientEncryptedKey_cert_cmp 4734 EXIST:!VMS:FUNCTION:CMS CMS_RecipEncryptedKey_cert_cmp 4734 EXIST:VMS:FUNCTION:CMS -DH_KDF_X9_42 4735 EXIST::FUNCTION:DH +DH_KDF_X9_42 4735 EXIST::FUNCTION:CMS,DH RSA_OAEP_PARAMS_free 4736 EXIST::FUNCTION:RSA EVP_des_ede3_wrap 4737 EXIST::FUNCTION:DES RSA_OAEP_PARAMS_it 4738 EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:RSA diff --git a/util/mkdef.pl b/util/mkdef.pl index b9b159a..9841498 100755 --- a/util/mkdef.pl +++ b/util/mkdef.pl @@ -97,6 +97,8 @@ my @known_algorithms = ( "RC2", "RC4", "RC5", "IDEA", "DES", "BF", "FP_API", "STDIO", "SOCK", "KRB5", "DGRAM", # Engines "STATIC_ENGINE", "ENGINE", "HW", "GMP", + # X.509v3 Signed Certificate Timestamps + "SCT", # RFC3779 "RFC3779", # TLS @@ -144,7 +146,7 @@ my $no_md2; my $no_md4; my $no_md5; my $no_sha; my $no_ripemd; my $no_mdc2; my $no_rsa; my $no_dsa; my $no_dh; my $no_hmac=0; my $no_aes; my $no_krb5; my $no_ec; my $no_ecdsa; my $no_ecdh; my $no_engine; my $no_hw; my $no_fp_api; my $no_static_engine=1; my $no_gmp; my $no_deprecated; -my $no_rfc3779; my $no_psk; my $no_tlsext; my $no_cms; my $no_capieng; +my $no_sct; my $no_rfc3779; my $no_psk; my $no_tlsext; my $no_cms; my $no_capieng; my $no_jpake; my $no_srp; my $no_ssl2; my $no_ec2m; my $no_nistp_gcc; my $no_nextprotoneg; my $no_sctp; my $no_srtp; my $no_ssl_trace; my $no_unit_test; my $no_ssl3_method; my $no_ssl2_method; @@ -235,6 +237,7 @@ foreach (@ARGV, split(/ /, $options)) elsif (/^no-engine$/) { $no_engine=1; } elsif (/^no-hw$/) { $no_hw=1; } elsif (/^no-gmp$/) { $no_gmp=1; } + elsif (/^no-sct$/) { $no_sct=1; } elsif (/^no-rfc3779$/) { $no_rfc3779=1; } elsif (/^no-tlsext$/) { $no_tlsext=1; } elsif (/^no-cms$/) { $no_cms=1; } @@ -1209,6 +1212,7 @@ sub is_valid if ($keyword eq "FP_API" && $no_fp_api) { return 0; } if ($keyword eq "STATIC_ENGINE" && $no_static_engine) { return 0; } if ($keyword eq "GMP" && $no_gmp) { return 0; } + if ($keyword eq "SCT" && $no_sct) { return 0; } if ($keyword eq "RFC3779" && $no_rfc3779) { return 0; } if ($keyword eq "TLSEXT" && $no_tlsext) { return 0; } if ($keyword eq "PSK" && $no_psk) { return 0; } diff --git a/util/mkerr.pl b/util/mkerr.pl index c197f3a..97b295c 100644 --- a/util/mkerr.pl +++ b/util/mkerr.pl @@ -89,7 +89,7 @@ Options: void ERR_load__strings(void); void ERR_unload__strings(void); void ERR__error(int f, int r, char *fn, int ln); - #define err(f,r) ERR__error(f,r,__FILE__,__LINE__) + #define err(f,r) ERR__error(f,r,OPENSSL_FILE,OPENSSL_LINE) while the code facilitates the use of these in an environment where the error support routines are dynamically loaded at runtime. @@ -482,7 +482,7 @@ EOF ${staticloader}void ERR_load_${lib}_strings(void); ${staticloader}void ERR_unload_${lib}_strings(void); ${staticloader}void ERR_${lib}_error(int function, int reason, char *file, int line); -# define ${lib}err(f,r) ERR_${lib}_error((f),(r),__FILE__,__LINE__) +# define ${lib}err(f,r) ERR_${lib}_error((f),(r),OPENSSL_FILE,OPENSSL_LINE) EOF }