render / rpms / edk2

Forked from rpms/edk2 2 months ago
Clone
Blob Blame History Raw
diff --git a/Configure b/Configure
index c39f71a..98dd1d0 100755
--- a/Configure
+++ b/Configure
@@ -609,6 +609,9 @@ my %table=(
 # with itself, Applink is never engaged and can as well be omitted.
 "mingw64", "gcc:-mno-cygwin -DL_ENDIAN -O3 -Wall -DWIN32_LEAN_AND_MEAN -DUNICODE -D_UNICODE::-D_MT:MINGW64:-lws2_32 -lgdi32 -lcrypt32:SIXTY_FOUR_BIT RC4_CHUNK_LL DES_INT EXPORT_VAR_AS_FN:${x86_64_asm}:mingw64:win32:cygwin-shared:-D_WINDLL:-mno-cygwin:.dll.a",
 
+# UEFI
+"UEFI", "cc:-DL_ENDIAN -O:::UEFI::::",
+
 # UWIN 
 "UWIN", "cc:-DTERMIOS -DL_ENDIAN -O -Wall:::UWIN::BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${no_asm}:win32",
 
@@ -1083,7 +1086,7 @@ if (defined($disabled{"md5"}) || defined($disabled{"sha"})
 	}
 
 if (defined($disabled{"ec"}) || defined($disabled{"dsa"})
-    || defined($disabled{"dh"}))
+    || defined($disabled{"dh"}) || defined($disabled{"stdio"}))
 	{
 	$disabled{"gost"} = "forced";
 	}
diff --git a/apps/apps.c b/apps/apps.c
index 9fdc3e0..6c183b0 100644
--- a/apps/apps.c
+++ b/apps/apps.c
@@ -2375,6 +2375,8 @@ int args_verify(char ***pargs, int *pargc,
         flags |= X509_V_FLAG_PARTIAL_CHAIN;
     else if (!strcmp(arg, "-no_alt_chains"))
         flags |= X509_V_FLAG_NO_ALT_CHAINS;
+    else if (!strcmp(arg, "-no_check_time"))
+        flags |= X509_V_FLAG_NO_CHECK_TIME;
     else if (!strcmp(arg, "-allow_proxy_certs"))
         flags |= X509_V_FLAG_ALLOW_PROXY_CERTS;
     else
diff --git a/crypto/asn1/a_strex.c b/crypto/asn1/a_strex.c
index 2d562f9..91203b7 100644
--- a/crypto/asn1/a_strex.c
+++ b/crypto/asn1/a_strex.c
@@ -104,6 +104,7 @@ static int send_bio_chars(void *arg, const void *buf, int len)
     return 1;
 }
 
+#ifndef OPENSSL_NO_FP_API
 static int send_fp_chars(void *arg, const void *buf, int len)
 {
     if (!arg)
@@ -112,6 +113,7 @@ static int send_fp_chars(void *arg, const void *buf, int len)
         return 0;
     return 1;
 }
+#endif
 
 typedef int char_io (void *arg, const void *buf, int len);
 
diff --git a/crypto/asn1/asn1_mac.h b/crypto/asn1/asn1_mac.h
index abc6dc3..3a672e9 100644
--- a/crypto/asn1/asn1_mac.h
+++ b/crypto/asn1/asn1_mac.h
@@ -70,7 +70,7 @@ extern "C" {
 # endif
 
 # define ASN1_MAC_H_err(f,r,line) \
-        ERR_PUT_error(ASN1_MAC_ERR_LIB,(f),(r),__FILE__,(line))
+        ERR_PUT_error(ASN1_MAC_ERR_LIB,(f),(r),OPENSSL_FILE,(line))
 
 # define M_ASN1_D2I_vars(a,type,func) \
         ASN1_const_CTX c; \
@@ -81,7 +81,7 @@ extern "C" {
         c.error=ERR_R_NESTED_ASN1_ERROR; \
         if ((a == NULL) || ((*a) == NULL)) \
                 { if ((ret=(type)func()) == NULL) \
-                        { c.line=__LINE__; goto err; } } \
+                        { c.line=OPENSSL_LINE; goto err; } } \
         else    ret=(*a);
 
 # define M_ASN1_D2I_Init() \
@@ -90,7 +90,7 @@ extern "C" {
 
 # define M_ASN1_D2I_Finish_2(a) \
         if (!asn1_const_Finish(&c)) \
-                { c.line=__LINE__; goto err; } \
+                { c.line=OPENSSL_LINE; goto err; } \
         *(const unsigned char **)pp=c.p; \
         if (a != NULL) (*a)=ret; \
         return(ret);
@@ -105,7 +105,7 @@ err:\
 
 # define M_ASN1_D2I_start_sequence() \
         if (!asn1_GetSequence(&c,&length)) \
-                { c.line=__LINE__; goto err; }
+                { c.line=OPENSSL_LINE; goto err; }
 /* Begin reading ASN1 without a surrounding sequence */
 # define M_ASN1_D2I_begin() \
         c.slen = length;
@@ -129,21 +129,21 @@ err:\
 # define M_ASN1_D2I_get(b, func) \
         c.q=c.p; \
         if (func(&(b),&c.p,c.slen) == NULL) \
-                {c.line=__LINE__; goto err; } \
+                {c.line=OPENSSL_LINE; goto err; } \
         c.slen-=(c.p-c.q);
 
 /* Don't use this with d2i_ASN1_BOOLEAN() */
 # define M_ASN1_D2I_get_x(type,b,func) \
         c.q=c.p; \
         if (((D2I_OF(type))func)(&(b),&c.p,c.slen) == NULL) \
-                {c.line=__LINE__; goto err; } \
+                {c.line=OPENSSL_LINE; goto err; } \
         c.slen-=(c.p-c.q);
 
 /* use this instead () */
 # define M_ASN1_D2I_get_int(b,func) \
         c.q=c.p; \
         if (func(&(b),&c.p,c.slen) < 0) \
-                {c.line=__LINE__; goto err; } \
+                {c.line=OPENSSL_LINE; goto err; } \
         c.slen-=(c.p-c.q);
 
 # define M_ASN1_D2I_get_opt(b,func,type) \
@@ -164,7 +164,7 @@ err:\
         M_ASN1_next=(_tmp& V_ASN1_CONSTRUCTED)|type; \
         c.q=c.p; \
         if (func(&(b),&c.p,c.slen) == NULL) \
-                {c.line=__LINE__; M_ASN1_next_prev = _tmp; goto err; } \
+                {c.line=OPENSSL_LINE; M_ASN1_next_prev = _tmp; goto err; } \
         c.slen-=(c.p-c.q);\
         M_ASN1_next_prev=_tmp;
 
@@ -258,20 +258,20 @@ err:\
         c.q=c.p; \
         if (d2i_ASN1_SET(&(r),&c.p,c.slen,(char *(*)())func,\
                 (void (*)())free_func,a,b) == NULL) \
-                { c.line=__LINE__; goto err; } \
+                { c.line=OPENSSL_LINE; goto err; } \
         c.slen-=(c.p-c.q);
 
 # define M_ASN1_D2I_get_imp_set_type(type,r,func,free_func,a,b) \
         c.q=c.p; \
         if (d2i_ASN1_SET_OF_##type(&(r),&c.p,c.slen,func,\
                                    free_func,a,b) == NULL) \
-                { c.line=__LINE__; goto err; } \
+                { c.line=OPENSSL_LINE; goto err; } \
         c.slen-=(c.p-c.q);
 
 # define M_ASN1_D2I_get_set_strings(r,func,a,b) \
         c.q=c.p; \
         if (d2i_ASN1_STRING_SET(&(r),&c.p,c.slen,a,b) == NULL) \
-                { c.line=__LINE__; goto err; } \
+                { c.line=OPENSSL_LINE; goto err; } \
         c.slen-=(c.p-c.q);
 
 # define M_ASN1_D2I_get_EXP_opt(r,func,tag) \
@@ -285,16 +285,16 @@ err:\
                 Tinf=ASN1_get_object(&c.p,&Tlen,&Ttag,&Tclass,c.slen); \
                 if (Tinf & 0x80) \
                         { c.error=ERR_R_BAD_ASN1_OBJECT_HEADER; \
-                        c.line=__LINE__; goto err; } \
+                        c.line=OPENSSL_LINE; goto err; } \
                 if (Tinf == (V_ASN1_CONSTRUCTED+1)) \
                                         Tlen = c.slen - (c.p - c.q) - 2; \
                 if (func(&(r),&c.p,Tlen) == NULL) \
-                        { c.line=__LINE__; goto err; } \
+                        { c.line=OPENSSL_LINE; goto err; } \
                 if (Tinf == (V_ASN1_CONSTRUCTED+1)) { \
                         Tlen = c.slen - (c.p - c.q); \
                         if(!ASN1_const_check_infinite_end(&c.p, Tlen)) \
                                 { c.error=ERR_R_MISSING_ASN1_EOS; \
-                                c.line=__LINE__; goto err; } \
+                                c.line=OPENSSL_LINE; goto err; } \
                 }\
                 c.slen-=(c.p-c.q); \
                 }
@@ -310,18 +310,18 @@ err:\
                 Tinf=ASN1_get_object(&c.p,&Tlen,&Ttag,&Tclass,c.slen); \
                 if (Tinf & 0x80) \
                         { c.error=ERR_R_BAD_ASN1_OBJECT_HEADER; \
-                        c.line=__LINE__; goto err; } \
+                        c.line=OPENSSL_LINE; goto err; } \
                 if (Tinf == (V_ASN1_CONSTRUCTED+1)) \
                                         Tlen = c.slen - (c.p - c.q) - 2; \
                 if (d2i_ASN1_SET(&(r),&c.p,Tlen,(char *(*)())func, \
                         (void (*)())free_func, \
                         b,V_ASN1_UNIVERSAL) == NULL) \
-                        { c.line=__LINE__; goto err; } \
+                        { c.line=OPENSSL_LINE; goto err; } \
                 if (Tinf == (V_ASN1_CONSTRUCTED+1)) { \
                         Tlen = c.slen - (c.p - c.q); \
                         if(!ASN1_check_infinite_end(&c.p, Tlen)) \
                                 { c.error=ERR_R_MISSING_ASN1_EOS; \
-                                c.line=__LINE__; goto err; } \
+                                c.line=OPENSSL_LINE; goto err; } \
                 }\
                 c.slen-=(c.p-c.q); \
                 }
@@ -337,17 +337,17 @@ err:\
                 Tinf=ASN1_get_object(&c.p,&Tlen,&Ttag,&Tclass,c.slen); \
                 if (Tinf & 0x80) \
                         { c.error=ERR_R_BAD_ASN1_OBJECT_HEADER; \
-                        c.line=__LINE__; goto err; } \
+                        c.line=OPENSSL_LINE; goto err; } \
                 if (Tinf == (V_ASN1_CONSTRUCTED+1)) \
                                         Tlen = c.slen - (c.p - c.q) - 2; \
                 if (d2i_ASN1_SET_OF_##type(&(r),&c.p,Tlen,func, \
                         free_func,b,V_ASN1_UNIVERSAL) == NULL) \
-                        { c.line=__LINE__; goto err; } \
+                        { c.line=OPENSSL_LINE; goto err; } \
                 if (Tinf == (V_ASN1_CONSTRUCTED+1)) { \
                         Tlen = c.slen - (c.p - c.q); \
                         if(!ASN1_check_infinite_end(&c.p, Tlen)) \
                                 { c.error=ERR_R_MISSING_ASN1_EOS; \
-                                c.line=__LINE__; goto err; } \
+                                c.line=OPENSSL_LINE; goto err; } \
                 }\
                 c.slen-=(c.p-c.q); \
                 }
@@ -355,7 +355,7 @@ err:\
 /* New macros */
 # define M_ASN1_New_Malloc(ret,type) \
         if ((ret=(type *)OPENSSL_malloc(sizeof(type))) == NULL) \
-                { c.line=__LINE__; goto err2; }
+                { c.line=OPENSSL_LINE; goto err2; }
 
 # define M_ASN1_New(arg,func) \
         if (((arg)=func()) == NULL) return(NULL)
diff --git a/crypto/asn1/n_pkey.c b/crypto/asn1/n_pkey.c
index d5a5514..bede55c 100644
--- a/crypto/asn1/n_pkey.c
+++ b/crypto/asn1/n_pkey.c
@@ -193,7 +193,12 @@ int i2d_RSA_NET(const RSA *a, unsigned char **pp,
     OPENSSL_cleanse(pkey->private_key->data, rsalen);
 
     if (cb == NULL)
+#ifndef OPENSSL_NO_UI
         cb = EVP_read_pw_string;
+#else
+        i = 1;
+    else
+#endif
     i = cb((char *)buf, 256, "Enter Private Key password:", 1);
     if (i != 0) {
         ASN1err(ASN1_F_I2D_RSA_NET, ASN1_R_BAD_PASSWORD_READ);
@@ -264,7 +269,11 @@ RSA *d2i_RSA_NET(RSA **a, const unsigned char **pp, long length,
         goto err;
     }
     if (cb == NULL)
+#ifndef OPENSSL_NO_UI
         cb = EVP_read_pw_string;
+#else
+        goto err;
+#endif
     if ((ret = d2i_RSA_NET_2(a, enckey->enckey->digest, cb, sgckey)) == NULL)
         goto err;
 
diff --git a/crypto/bn/bn_prime.c b/crypto/bn/bn_prime.c
index 1d25687..ad641c3 100644
--- a/crypto/bn/bn_prime.c
+++ b/crypto/bn/bn_prime.c
@@ -131,7 +131,7 @@
 static int witness(BIGNUM *w, const BIGNUM *a, const BIGNUM *a1,
                    const BIGNUM *a1_odd, int k, BN_CTX *ctx,
                    BN_MONT_CTX *mont);
-static int probable_prime(BIGNUM *rnd, int bits);
+static int probable_prime(BIGNUM *rnd, int bits, prime_t *mods);
 static int probable_prime_dh(BIGNUM *rnd, int bits,
                              const BIGNUM *add, const BIGNUM *rem,
                              BN_CTX *ctx);
@@ -166,9 +166,13 @@ int BN_generate_prime_ex(BIGNUM *ret, int bits, int safe,
     BIGNUM *t;
     int found = 0;
     int i, j, c1 = 0;
-    BN_CTX *ctx;
+    BN_CTX *ctx = NULL;
+    prime_t *mods = NULL;
     int checks = BN_prime_checks_for_size(bits);
 
+    mods = OPENSSL_malloc(sizeof(*mods) * NUMPRIMES);
+    if (mods == NULL)
+        goto err;
     ctx = BN_CTX_new();
     if (ctx == NULL)
         goto err;
@@ -179,7 +183,7 @@ int BN_generate_prime_ex(BIGNUM *ret, int bits, int safe,
  loop:
     /* make a random number and set the top and bottom bits */
     if (add == NULL) {
-        if (!probable_prime(ret, bits))
+        if (!probable_prime(ret, bits, mods))
             goto err;
     } else {
         if (safe) {
@@ -230,6 +234,7 @@ int BN_generate_prime_ex(BIGNUM *ret, int bits, int safe,
     /* we have a prime :-) */
     found = 1;
  err:
+    OPENSSL_free(mods);
     if (ctx != NULL) {
         BN_CTX_end(ctx);
         BN_CTX_free(ctx);
@@ -375,10 +380,9 @@ static int witness(BIGNUM *w, const BIGNUM *a, const BIGNUM *a1,
     return 1;
 }
 
-static int probable_prime(BIGNUM *rnd, int bits)
+static int probable_prime(BIGNUM *rnd, int bits, prime_t *mods)
 {
     int i;
-    prime_t mods[NUMPRIMES];
     BN_ULONG delta, maxdelta;
 
  again:
diff --git a/crypto/conf/conf.h b/crypto/conf/conf.h
index 8d926d5..c29e97d 100644
--- a/crypto/conf/conf.h
+++ b/crypto/conf/conf.h
@@ -118,8 +118,10 @@ typedef void conf_finish_func (CONF_IMODULE *md);
 
 int CONF_set_default_method(CONF_METHOD *meth);
 void CONF_set_nconf(CONF *conf, LHASH_OF(CONF_VALUE) *hash);
+# ifndef OPENSSL_NO_STDIO
 LHASH_OF(CONF_VALUE) *CONF_load(LHASH_OF(CONF_VALUE) *conf, const char *file,
                                 long *eline);
+# endif
 # ifndef OPENSSL_NO_FP_API
 LHASH_OF(CONF_VALUE) *CONF_load_fp(LHASH_OF(CONF_VALUE) *conf, FILE *fp,
                                    long *eline);
@@ -133,7 +135,9 @@ char *CONF_get_string(LHASH_OF(CONF_VALUE) *conf, const char *group,
 long CONF_get_number(LHASH_OF(CONF_VALUE) *conf, const char *group,
                      const char *name);
 void CONF_free(LHASH_OF(CONF_VALUE) *conf);
+# ifndef OPENSSL_NO_FP_API
 int CONF_dump_fp(LHASH_OF(CONF_VALUE) *conf, FILE *out);
+# endif
 int CONF_dump_bio(LHASH_OF(CONF_VALUE) *conf, BIO *out);
 
 void OPENSSL_config(const char *config_name);
@@ -160,7 +164,9 @@ CONF_METHOD *NCONF_XML(void);
 void NCONF_free(CONF *conf);
 void NCONF_free_data(CONF *conf);
 
+# ifndef OPENSSL_NO_STDIO
 int NCONF_load(CONF *conf, const char *file, long *eline);
+# endif
 # ifndef OPENSSL_NO_FP_API
 int NCONF_load_fp(CONF *conf, FILE *fp, long *eline);
 # endif
@@ -170,7 +176,9 @@ STACK_OF(CONF_VALUE) *NCONF_get_section(const CONF *conf,
 char *NCONF_get_string(const CONF *conf, const char *group, const char *name);
 int NCONF_get_number_e(const CONF *conf, const char *group, const char *name,
                        long *result);
+# ifndef OPENSSL_NO_FP_API
 int NCONF_dump_fp(const CONF *conf, FILE *out);
+# endif
 int NCONF_dump_bio(const CONF *conf, BIO *out);
 
 # if 0                          /* The following function has no error
@@ -184,8 +192,10 @@ long NCONF_get_number(CONF *conf, char *group, char *name);
 
 int CONF_modules_load(const CONF *cnf, const char *appname,
                       unsigned long flags);
+# ifndef OPENSSL_NO_STDIO
 int CONF_modules_load_file(const char *filename, const char *appname,
                            unsigned long flags);
+# endif
 void CONF_modules_unload(int all);
 void CONF_modules_finish(void);
 void CONF_modules_free(void);
diff --git a/crypto/conf/conf_def.c b/crypto/conf/conf_def.c
index 68c77ce..3d308c7 100644
--- a/crypto/conf/conf_def.c
+++ b/crypto/conf/conf_def.c
@@ -182,6 +182,10 @@ static int def_destroy_data(CONF *conf)
 
 static int def_load(CONF *conf, const char *name, long *line)
 {
+#ifdef OPENSSL_NO_STDIO
+    CONFerr(CONF_F_DEF_LOAD, ERR_R_SYS_LIB);
+    return 0;
+#else
     int ret;
     BIO *in = NULL;
 
@@ -202,6 +206,7 @@ static int def_load(CONF *conf, const char *name, long *line)
     BIO_free(in);
 
     return ret;
+#endif
 }
 
 static int def_load_bio(CONF *conf, BIO *in, long *line)
diff --git a/crypto/conf/conf_lib.c b/crypto/conf/conf_lib.c
index 5281384..952b545 100644
--- a/crypto/conf/conf_lib.c
+++ b/crypto/conf/conf_lib.c
@@ -90,6 +90,7 @@ int CONF_set_default_method(CONF_METHOD *meth)
     return 1;
 }
 
+#ifndef OPENSSL_NO_STDIO
 LHASH_OF(CONF_VALUE) *CONF_load(LHASH_OF(CONF_VALUE) *conf, const char *file,
                                 long *eline)
 {
@@ -111,6 +112,7 @@ LHASH_OF(CONF_VALUE) *CONF_load(LHASH_OF(CONF_VALUE) *conf, const char *file,
 
     return ltmp;
 }
+#endif
 
 #ifndef OPENSSL_NO_FP_API
 LHASH_OF(CONF_VALUE) *CONF_load_fp(LHASH_OF(CONF_VALUE) *conf, FILE *fp,
@@ -255,6 +257,7 @@ void NCONF_free_data(CONF *conf)
     conf->meth->destroy_data(conf);
 }
 
+#ifndef OPENSSL_NO_STDIO
 int NCONF_load(CONF *conf, const char *file, long *eline)
 {
     if (conf == NULL) {
@@ -264,6 +267,7 @@ int NCONF_load(CONF *conf, const char *file, long *eline)
 
     return conf->meth->load(conf, file, eline);
 }
+#endif
 
 #ifndef OPENSSL_NO_FP_API
 int NCONF_load_fp(CONF *conf, FILE *fp, long *eline)
diff --git a/crypto/conf/conf_mod.c b/crypto/conf/conf_mod.c
index e0c9a67..13d93ea 100644
--- a/crypto/conf/conf_mod.c
+++ b/crypto/conf/conf_mod.c
@@ -159,6 +159,7 @@ int CONF_modules_load(const CONF *cnf, const char *appname,
 
 }
 
+#ifndef OPENSSL_NO_STDIO
 int CONF_modules_load_file(const char *filename, const char *appname,
                            unsigned long flags)
 {
@@ -194,6 +195,7 @@ int CONF_modules_load_file(const char *filename, const char *appname,
 
     return ret;
 }
+#endif
 
 static int module_run(const CONF *cnf, char *name, char *value,
                       unsigned long flags)
diff --git a/crypto/conf/conf_sap.c b/crypto/conf/conf_sap.c
index c042cf2..a25b636 100644
--- a/crypto/conf/conf_sap.c
+++ b/crypto/conf/conf_sap.c
@@ -87,9 +87,11 @@ void OPENSSL_config(const char *config_name)
     ENGINE_load_builtin_engines();
 #endif
     ERR_clear_error();
+#ifndef OPENSSL_NO_STDIO
     CONF_modules_load_file(NULL, config_name,
                                CONF_MFLAGS_DEFAULT_SECTION |
                                CONF_MFLAGS_IGNORE_MISSING_FILE);
+#endif
     openssl_configured = 1;
 }
 
diff --git a/crypto/cryptlib.c b/crypto/cryptlib.c
index 1925428..da4b34d 100644
--- a/crypto/cryptlib.c
+++ b/crypto/cryptlib.c
@@ -263,7 +263,7 @@ int CRYPTO_get_new_dynlockid(void)
         return (0);
     }
     pointer->references = 1;
-    pointer->data = dynlock_create_callback(__FILE__, __LINE__);
+    pointer->data = dynlock_create_callback(OPENSSL_FILE, OPENSSL_LINE);
     if (pointer->data == NULL) {
         OPENSSL_free(pointer);
         CRYPTOerr(CRYPTO_F_CRYPTO_GET_NEW_DYNLOCKID, ERR_R_MALLOC_FAILURE);
@@ -289,7 +289,7 @@ int CRYPTO_get_new_dynlockid(void)
     CRYPTO_w_unlock(CRYPTO_LOCK_DYNLOCK);
 
     if (i == -1) {
-        dynlock_destroy_callback(pointer->data, __FILE__, __LINE__);
+        dynlock_destroy_callback(pointer->data, OPENSSL_FILE, OPENSSL_LINE);
         OPENSSL_free(pointer);
     } else
         i += 1;                 /* to avoid 0 */
@@ -328,7 +328,7 @@ void CRYPTO_destroy_dynlockid(int i)
     CRYPTO_w_unlock(CRYPTO_LOCK_DYNLOCK);
 
     if (pointer) {
-        dynlock_destroy_callback(pointer->data, __FILE__, __LINE__);
+        dynlock_destroy_callback(pointer->data, OPENSSL_FILE, OPENSSL_LINE);
         OPENSSL_free(pointer);
     }
 }
@@ -670,6 +670,7 @@ unsigned long *OPENSSL_ia32cap_loc(void)
 }
 
 # if defined(OPENSSL_CPUID_OBJ) && !defined(OPENSSL_NO_ASM) && !defined(I386_ONLY)
+#include <stdio.h>
 #  define OPENSSL_CPUID_SETUP
 #  if defined(_WIN32)
 typedef unsigned __int64 IA32CAP;
@@ -980,11 +981,13 @@ void OPENSSL_showfatal(const char *fmta, ...)
 #else
 void OPENSSL_showfatal(const char *fmta, ...)
 {
+#ifndef OPENSSL_NO_STDIO
     va_list ap;
 
     va_start(ap, fmta);
     vfprintf(stderr, fmta, ap);
     va_end(ap);
+#endif
 }
 
 int OPENSSL_isservice(void)
@@ -1011,10 +1014,12 @@ void OpenSSLDie(const char *file, int line, const char *assertion)
 #endif
 }
 
+#ifndef OPENSSL_NO_STDIO
 void *OPENSSL_stderr(void)
 {
     return stderr;
 }
+#endif
 
 int CRYPTO_memcmp(const volatile void *in_a, const volatile void *in_b, size_t len)
 {
diff --git a/crypto/cryptlib.h b/crypto/cryptlib.h
index fba180a..3e3ea5e 100644
--- a/crypto/cryptlib.h
+++ b/crypto/cryptlib.h
@@ -101,7 +101,9 @@ extern "C" {
 void OPENSSL_cpuid_setup(void);
 extern unsigned int OPENSSL_ia32cap_P[];
 void OPENSSL_showfatal(const char *fmta, ...);
+#ifndef OPENSSL_NO_STDIO
 void *OPENSSL_stderr(void);
+#endif
 extern int OPENSSL_NONPIC_relocated;
 
 #ifdef  __cplusplus
diff --git a/crypto/crypto.h b/crypto/crypto.h
index 6c644ce..bea4ca1 100644
--- a/crypto/crypto.h
+++ b/crypto/crypto.h
@@ -235,15 +235,15 @@ typedef struct openssl_item_st {
 # ifndef OPENSSL_NO_LOCKING
 #  ifndef CRYPTO_w_lock
 #   define CRYPTO_w_lock(type)     \
-        CRYPTO_lock(CRYPTO_LOCK|CRYPTO_WRITE,type,__FILE__,__LINE__)
+        CRYPTO_lock(CRYPTO_LOCK|CRYPTO_WRITE,type,OPENSSL_FILE,OPENSSL_LINE)
 #   define CRYPTO_w_unlock(type)   \
-        CRYPTO_lock(CRYPTO_UNLOCK|CRYPTO_WRITE,type,__FILE__,__LINE__)
+        CRYPTO_lock(CRYPTO_UNLOCK|CRYPTO_WRITE,type,OPENSSL_FILE,OPENSSL_LINE)
 #   define CRYPTO_r_lock(type)     \
-        CRYPTO_lock(CRYPTO_LOCK|CRYPTO_READ,type,__FILE__,__LINE__)
+        CRYPTO_lock(CRYPTO_LOCK|CRYPTO_READ,type,OPENSSL_FILE,OPENSSL_LINE)
 #   define CRYPTO_r_unlock(type)   \
-        CRYPTO_lock(CRYPTO_UNLOCK|CRYPTO_READ,type,__FILE__,__LINE__)
+        CRYPTO_lock(CRYPTO_UNLOCK|CRYPTO_READ,type,OPENSSL_FILE,OPENSSL_LINE)
 #   define CRYPTO_add(addr,amount,type)    \
-        CRYPTO_add_lock(addr,amount,type,__FILE__,__LINE__)
+        CRYPTO_add_lock(addr,amount,type,OPENSSL_FILE,OPENSSL_LINE)
 #  endif
 # else
 #  define CRYPTO_w_lock(a)
@@ -378,19 +378,19 @@ int CRYPTO_is_mem_check_on(void);
 # define MemCheck_off()  CRYPTO_mem_ctrl(CRYPTO_MEM_CHECK_DISABLE)
 # define is_MemCheck_on() CRYPTO_is_mem_check_on()
 
-# define OPENSSL_malloc(num)     CRYPTO_malloc((int)num,__FILE__,__LINE__)
-# define OPENSSL_strdup(str)     CRYPTO_strdup((str),__FILE__,__LINE__)
+# define OPENSSL_malloc(num)     CRYPTO_malloc((int)num,OPENSSL_FILE,OPENSSL_LINE)
+# define OPENSSL_strdup(str)     CRYPTO_strdup((str),OPENSSL_FILE,OPENSSL_LINE)
 # define OPENSSL_realloc(addr,num) \
-        CRYPTO_realloc((char *)addr,(int)num,__FILE__,__LINE__)
+        CRYPTO_realloc((char *)addr,(int)num,OPENSSL_FILE,OPENSSL_LINE)
 # define OPENSSL_realloc_clean(addr,old_num,num) \
-        CRYPTO_realloc_clean(addr,old_num,num,__FILE__,__LINE__)
+        CRYPTO_realloc_clean(addr,old_num,num,OPENSSL_FILE,OPENSSL_LINE)
 # define OPENSSL_remalloc(addr,num) \
-        CRYPTO_remalloc((char **)addr,(int)num,__FILE__,__LINE__)
+        CRYPTO_remalloc((char **)addr,(int)num,OPENSSL_FILE,OPENSSL_LINE)
 # define OPENSSL_freeFunc        CRYPTO_free
 # define OPENSSL_free(addr)      CRYPTO_free(addr)
 
 # define OPENSSL_malloc_locked(num) \
-        CRYPTO_malloc_locked((int)num,__FILE__,__LINE__)
+        CRYPTO_malloc_locked((int)num,OPENSSL_FILE,OPENSSL_LINE)
 # define OPENSSL_free_locked(addr) CRYPTO_free_locked(addr)
 
 const char *SSLeay_version(int type);
@@ -545,7 +545,7 @@ void CRYPTO_set_mem_debug_options(long bits);
 long CRYPTO_get_mem_debug_options(void);
 
 # define CRYPTO_push_info(info) \
-        CRYPTO_push_info_(info, __FILE__, __LINE__);
+        CRYPTO_push_info_(info, OPENSSL_FILE, OPENSSL_LINE);
 int CRYPTO_push_info_(const char *info, const char *file, int line);
 int CRYPTO_pop_info(void);
 int CRYPTO_remove_all_info(void);
@@ -588,7 +588,7 @@ void CRYPTO_mem_leaks_cb(CRYPTO_MEM_LEAK_CB *cb);
 
 /* die if we have to */
 void OpenSSLDie(const char *file, int line, const char *assertion);
-# define OPENSSL_assert(e)       (void)((e) ? 0 : (OpenSSLDie(__FILE__, __LINE__, #e),1))
+# define OPENSSL_assert(e)       (void)((e) ? 0 : (OpenSSLDie(OPENSSL_FILE, OPENSSL_LINE, #e),1))
 
 unsigned long *OPENSSL_ia32cap_loc(void);
 # define OPENSSL_ia32cap (*(OPENSSL_ia32cap_loc()))
@@ -605,14 +605,14 @@ void OPENSSL_init(void);
 #  define fips_md_init_ctx(alg, cx) \
         int alg##_Init(cx##_CTX *c) \
         { \
-        if (FIPS_mode()) OpenSSLDie(__FILE__, __LINE__, \
+        if (FIPS_mode()) OpenSSLDie(OPENSSL_FILE, OPENSSL_LINE, \
                 "Low level API call to digest " #alg " forbidden in FIPS mode!"); \
         return private_##alg##_Init(c); \
         } \
         int private_##alg##_Init(cx##_CTX *c)
 
 #  define fips_cipher_abort(alg) \
-        if (FIPS_mode()) OpenSSLDie(__FILE__, __LINE__, \
+        if (FIPS_mode()) OpenSSLDie(OPENSSL_FILE, OPENSSL_LINE, \
                 "Low level API call to cipher " #alg " forbidden in FIPS mode!")
 
 # else
diff --git a/crypto/des/read2pwd.c b/crypto/des/read2pwd.c
index 01e275f..7633139 100644
--- a/crypto/des/read2pwd.c
+++ b/crypto/des/read2pwd.c
@@ -114,6 +114,10 @@
 #include <openssl/ui.h>
 #include <openssl/crypto.h>
 
+#ifndef BUFSIZ
+#define BUFSIZ 256
+#endif
+
 int DES_read_password(DES_cblock *key, const char *prompt, int verify)
 {
     int ok;
diff --git a/crypto/dh/Makefile b/crypto/dh/Makefile
index 46fa5ac..cc366ec 100644
--- a/crypto/dh/Makefile
+++ b/crypto/dh/Makefile
@@ -134,7 +134,7 @@ dh_gen.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
 dh_gen.o: ../../include/openssl/ossl_typ.h ../../include/openssl/safestack.h
 dh_gen.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
 dh_gen.o: ../cryptlib.h dh_gen.c
-dh_kdf.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
+dh_kdf.o: ../../e_os.h ../../include/openssl/asn1.h ../../include/openssl/bio.h
 dh_kdf.o: ../../include/openssl/buffer.h ../../include/openssl/cms.h
 dh_kdf.o: ../../include/openssl/crypto.h ../../include/openssl/dh.h
 dh_kdf.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h
diff --git a/crypto/dh/dh.h b/crypto/dh/dh.h
index a5bd901..6488879 100644
--- a/crypto/dh/dh.h
+++ b/crypto/dh/dh.h
@@ -240,11 +240,13 @@ DH *DH_get_1024_160(void);
 DH *DH_get_2048_224(void);
 DH *DH_get_2048_256(void);
 
+# ifndef OPENSSL_NO_CMS
 /* RFC2631 KDF */
 int DH_KDF_X9_42(unsigned char *out, size_t outlen,
                  const unsigned char *Z, size_t Zlen,
                  ASN1_OBJECT *key_oid,
                  const unsigned char *ukm, size_t ukmlen, const EVP_MD *md);
+# endif
 
 # define EVP_PKEY_CTX_set_dh_paramgen_prime_len(ctx, len) \
         EVP_PKEY_CTX_ctrl(ctx, EVP_PKEY_DH, EVP_PKEY_OP_PARAMGEN, \
@@ -337,7 +339,9 @@ int DH_KDF_X9_42(unsigned char *out, size_t outlen,
 
 /* KDF types */
 # define EVP_PKEY_DH_KDF_NONE                            1
+# ifndef OPENSSL_NO_CMS
 # define EVP_PKEY_DH_KDF_X9_42                           2
+# endif
 
 /* BEGIN ERROR CODES */
 /*
diff --git a/crypto/dh/dh_kdf.c b/crypto/dh/dh_kdf.c
index a882cb2..aace5fb 100644
--- a/crypto/dh/dh_kdf.c
+++ b/crypto/dh/dh_kdf.c
@@ -51,6 +51,9 @@
  * ====================================================================
  */
 
+#include <e_os.h>
+
+#ifndef OPENSSL_NO_CMS
 #include <string.h>
 #include <openssl/dh.h>
 #include <openssl/evp.h>
@@ -58,6 +61,7 @@
 #include <openssl/cms.h>
 
 /* Key derivation from X9.42/RFC2631 */
+/* Uses CMS functions, hence the #ifdef wrapper. */
 
 #define DH_KDF_MAX      (1L << 30)
 
@@ -185,3 +189,4 @@ int DH_KDF_X9_42(unsigned char *out, size_t outlen,
     EVP_MD_CTX_cleanup(&mctx);
     return rv;
 }
+#endif
diff --git a/crypto/dh/dh_pmeth.c b/crypto/dh/dh_pmeth.c
index b58e3fa..926be98 100644
--- a/crypto/dh/dh_pmeth.c
+++ b/crypto/dh/dh_pmeth.c
@@ -207,7 +207,11 @@ static int pkey_dh_ctrl(EVP_PKEY_CTX *ctx, int type, int p1, void *p2)
     case EVP_PKEY_CTRL_DH_KDF_TYPE:
         if (p1 == -2)
             return dctx->kdf_type;
+#ifdef OPENSSL_NO_CMS
+        if (p1 != EVP_PKEY_DH_KDF_NONE)
+#else
         if (p1 != EVP_PKEY_DH_KDF_NONE && p1 != EVP_PKEY_DH_KDF_X9_42)
+#endif
             return -2;
         dctx->kdf_type = p1;
         return 1;
@@ -448,7 +452,9 @@ static int pkey_dh_derive(EVP_PKEY_CTX *ctx, unsigned char *key,
             return ret;
         *keylen = ret;
         return 1;
-    } else if (dctx->kdf_type == EVP_PKEY_DH_KDF_X9_42) {
+    }
+#ifndef OPENSSL_NO_CMS
+    else if (dctx->kdf_type == EVP_PKEY_DH_KDF_X9_42) {
         unsigned char *Z = NULL;
         size_t Zlen = 0;
         if (!dctx->kdf_outlen || !dctx->kdf_oid)
@@ -479,7 +485,8 @@ static int pkey_dh_derive(EVP_PKEY_CTX *ctx, unsigned char *key,
         }
         return ret;
     }
-    return 1;
+#endif
+    return 0;
 }
 
 const EVP_PKEY_METHOD dh_pkey_meth = {
diff --git a/crypto/engine/eng_int.h b/crypto/engine/eng_int.h
index 46f163b..b4a72a0 100644
--- a/crypto/engine/eng_int.h
+++ b/crypto/engine/eng_int.h
@@ -88,7 +88,7 @@ extern "C" {
                 (unsigned int)(e), (isfunct ? "funct" : "struct"), \
                 ((isfunct) ? ((e)->funct_ref - (diff)) : ((e)->struct_ref - (diff))), \
                 ((isfunct) ? (e)->funct_ref : (e)->struct_ref), \
-                (__FILE__), (__LINE__));
+                (OPENSSL_FILE), (OPENSSL_LINE));
 
 # else
 
@@ -136,7 +136,7 @@ ENGINE *engine_table_select(ENGINE_TABLE **table, int nid);
 # else
 ENGINE *engine_table_select_tmp(ENGINE_TABLE **table, int nid, const char *f,
                                 int l);
-#  define engine_table_select(t,n) engine_table_select_tmp(t,n,__FILE__,__LINE__)
+#  define engine_table_select(t,n) engine_table_select_tmp(t,n,OPENSSL_FILE,OPENSSL_LINE)
 # endif
 typedef void (engine_table_doall_cb) (int nid, STACK_OF(ENGINE) *sk,
                                       ENGINE *def, void *arg);
diff --git a/crypto/engine/eng_openssl.c b/crypto/engine/eng_openssl.c
index 34b0029..cf622bb 100644
--- a/crypto/engine/eng_openssl.c
+++ b/crypto/engine/eng_openssl.c
@@ -86,7 +86,9 @@
  * this is no longer automatic in ENGINE_load_builtin_engines().
  */
 #define TEST_ENG_OPENSSL_RC4
+#ifndef OPENSSL_NO_FP_API
 #define TEST_ENG_OPENSSL_PKEY
+#endif
 /* #define TEST_ENG_OPENSSL_RC4_OTHERS */
 #define TEST_ENG_OPENSSL_RC4_P_INIT
 /* #define TEST_ENG_OPENSSL_RC4_P_CIPHER */
diff --git a/crypto/err/err.h b/crypto/err/err.h
index 585aa8b..04c6cfc 100644
--- a/crypto/err/err.h
+++ b/crypto/err/err.h
@@ -200,39 +200,39 @@ typedef struct err_state_st {
 
 # define ERR_LIB_USER            128
 
-# define SYSerr(f,r)  ERR_PUT_error(ERR_LIB_SYS,(f),(r),__FILE__,__LINE__)
-# define BNerr(f,r)   ERR_PUT_error(ERR_LIB_BN,(f),(r),__FILE__,__LINE__)
-# define RSAerr(f,r)  ERR_PUT_error(ERR_LIB_RSA,(f),(r),__FILE__,__LINE__)
-# define DHerr(f,r)   ERR_PUT_error(ERR_LIB_DH,(f),(r),__FILE__,__LINE__)
-# define EVPerr(f,r)  ERR_PUT_error(ERR_LIB_EVP,(f),(r),__FILE__,__LINE__)
-# define BUFerr(f,r)  ERR_PUT_error(ERR_LIB_BUF,(f),(r),__FILE__,__LINE__)
-# define OBJerr(f,r)  ERR_PUT_error(ERR_LIB_OBJ,(f),(r),__FILE__,__LINE__)
-# define PEMerr(f,r)  ERR_PUT_error(ERR_LIB_PEM,(f),(r),__FILE__,__LINE__)
-# define DSAerr(f,r)  ERR_PUT_error(ERR_LIB_DSA,(f),(r),__FILE__,__LINE__)
-# define X509err(f,r) ERR_PUT_error(ERR_LIB_X509,(f),(r),__FILE__,__LINE__)
-# define ASN1err(f,r) ERR_PUT_error(ERR_LIB_ASN1,(f),(r),__FILE__,__LINE__)
-# define CONFerr(f,r) ERR_PUT_error(ERR_LIB_CONF,(f),(r),__FILE__,__LINE__)
-# define CRYPTOerr(f,r) ERR_PUT_error(ERR_LIB_CRYPTO,(f),(r),__FILE__,__LINE__)
-# define ECerr(f,r)   ERR_PUT_error(ERR_LIB_EC,(f),(r),__FILE__,__LINE__)
-# define SSLerr(f,r)  ERR_PUT_error(ERR_LIB_SSL,(f),(r),__FILE__,__LINE__)
-# define BIOerr(f,r)  ERR_PUT_error(ERR_LIB_BIO,(f),(r),__FILE__,__LINE__)
-# define PKCS7err(f,r) ERR_PUT_error(ERR_LIB_PKCS7,(f),(r),__FILE__,__LINE__)
-# define X509V3err(f,r) ERR_PUT_error(ERR_LIB_X509V3,(f),(r),__FILE__,__LINE__)
-# define PKCS12err(f,r) ERR_PUT_error(ERR_LIB_PKCS12,(f),(r),__FILE__,__LINE__)
-# define RANDerr(f,r) ERR_PUT_error(ERR_LIB_RAND,(f),(r),__FILE__,__LINE__)
-# define DSOerr(f,r) ERR_PUT_error(ERR_LIB_DSO,(f),(r),__FILE__,__LINE__)
-# define ENGINEerr(f,r) ERR_PUT_error(ERR_LIB_ENGINE,(f),(r),__FILE__,__LINE__)
-# define OCSPerr(f,r) ERR_PUT_error(ERR_LIB_OCSP,(f),(r),__FILE__,__LINE__)
-# define UIerr(f,r) ERR_PUT_error(ERR_LIB_UI,(f),(r),__FILE__,__LINE__)
-# define COMPerr(f,r) ERR_PUT_error(ERR_LIB_COMP,(f),(r),__FILE__,__LINE__)
-# define ECDSAerr(f,r)  ERR_PUT_error(ERR_LIB_ECDSA,(f),(r),__FILE__,__LINE__)
-# define ECDHerr(f,r)  ERR_PUT_error(ERR_LIB_ECDH,(f),(r),__FILE__,__LINE__)
-# define STOREerr(f,r) ERR_PUT_error(ERR_LIB_STORE,(f),(r),__FILE__,__LINE__)
-# define FIPSerr(f,r) ERR_PUT_error(ERR_LIB_FIPS,(f),(r),__FILE__,__LINE__)
-# define CMSerr(f,r) ERR_PUT_error(ERR_LIB_CMS,(f),(r),__FILE__,__LINE__)
-# define TSerr(f,r) ERR_PUT_error(ERR_LIB_TS,(f),(r),__FILE__,__LINE__)
-# define HMACerr(f,r) ERR_PUT_error(ERR_LIB_HMAC,(f),(r),__FILE__,__LINE__)
-# define JPAKEerr(f,r) ERR_PUT_error(ERR_LIB_JPAKE,(f),(r),__FILE__,__LINE__)
+# define SYSerr(f,r)  ERR_PUT_error(ERR_LIB_SYS,(f),(r),OPENSSL_FILE,OPENSSL_LINE)
+# define BNerr(f,r)   ERR_PUT_error(ERR_LIB_BN,(f),(r),OPENSSL_FILE,OPENSSL_LINE)
+# define RSAerr(f,r)  ERR_PUT_error(ERR_LIB_RSA,(f),(r),OPENSSL_FILE,OPENSSL_LINE)
+# define DHerr(f,r)   ERR_PUT_error(ERR_LIB_DH,(f),(r),OPENSSL_FILE,OPENSSL_LINE)
+# define EVPerr(f,r)  ERR_PUT_error(ERR_LIB_EVP,(f),(r),OPENSSL_FILE,OPENSSL_LINE)
+# define BUFerr(f,r)  ERR_PUT_error(ERR_LIB_BUF,(f),(r),OPENSSL_FILE,OPENSSL_LINE)
+# define OBJerr(f,r)  ERR_PUT_error(ERR_LIB_OBJ,(f),(r),OPENSSL_FILE,OPENSSL_LINE)
+# define PEMerr(f,r)  ERR_PUT_error(ERR_LIB_PEM,(f),(r),OPENSSL_FILE,OPENSSL_LINE)
+# define DSAerr(f,r)  ERR_PUT_error(ERR_LIB_DSA,(f),(r),OPENSSL_FILE,OPENSSL_LINE)
+# define X509err(f,r) ERR_PUT_error(ERR_LIB_X509,(f),(r),OPENSSL_FILE,OPENSSL_LINE)
+# define ASN1err(f,r) ERR_PUT_error(ERR_LIB_ASN1,(f),(r),OPENSSL_FILE,OPENSSL_LINE)
+# define CONFerr(f,r) ERR_PUT_error(ERR_LIB_CONF,(f),(r),OPENSSL_FILE,OPENSSL_LINE)
+# define CRYPTOerr(f,r) ERR_PUT_error(ERR_LIB_CRYPTO,(f),(r),OPENSSL_FILE,OPENSSL_LINE)
+# define ECerr(f,r)   ERR_PUT_error(ERR_LIB_EC,(f),(r),OPENSSL_FILE,OPENSSL_LINE)
+# define SSLerr(f,r)  ERR_PUT_error(ERR_LIB_SSL,(f),(r),OPENSSL_FILE,OPENSSL_LINE)
+# define BIOerr(f,r)  ERR_PUT_error(ERR_LIB_BIO,(f),(r),OPENSSL_FILE,OPENSSL_LINE)
+# define PKCS7err(f,r) ERR_PUT_error(ERR_LIB_PKCS7,(f),(r),OPENSSL_FILE,OPENSSL_LINE)
+# define X509V3err(f,r) ERR_PUT_error(ERR_LIB_X509V3,(f),(r),OPENSSL_FILE,OPENSSL_LINE)
+# define PKCS12err(f,r) ERR_PUT_error(ERR_LIB_PKCS12,(f),(r),OPENSSL_FILE,OPENSSL_LINE)
+# define RANDerr(f,r) ERR_PUT_error(ERR_LIB_RAND,(f),(r),OPENSSL_FILE,OPENSSL_LINE)
+# define DSOerr(f,r) ERR_PUT_error(ERR_LIB_DSO,(f),(r),OPENSSL_FILE,OPENSSL_LINE)
+# define ENGINEerr(f,r) ERR_PUT_error(ERR_LIB_ENGINE,(f),(r),OPENSSL_FILE,OPENSSL_LINE)
+# define OCSPerr(f,r) ERR_PUT_error(ERR_LIB_OCSP,(f),(r),OPENSSL_FILE,OPENSSL_LINE)
+# define UIerr(f,r) ERR_PUT_error(ERR_LIB_UI,(f),(r),OPENSSL_FILE,OPENSSL_LINE)
+# define COMPerr(f,r) ERR_PUT_error(ERR_LIB_COMP,(f),(r),OPENSSL_FILE,OPENSSL_LINE)
+# define ECDSAerr(f,r)  ERR_PUT_error(ERR_LIB_ECDSA,(f),(r),OPENSSL_FILE,OPENSSL_LINE)
+# define ECDHerr(f,r)  ERR_PUT_error(ERR_LIB_ECDH,(f),(r),OPENSSL_FILE,OPENSSL_LINE)
+# define STOREerr(f,r) ERR_PUT_error(ERR_LIB_STORE,(f),(r),OPENSSL_FILE,OPENSSL_LINE)
+# define FIPSerr(f,r) ERR_PUT_error(ERR_LIB_FIPS,(f),(r),OPENSSL_FILE,OPENSSL_LINE)
+# define CMSerr(f,r) ERR_PUT_error(ERR_LIB_CMS,(f),(r),OPENSSL_FILE,OPENSSL_LINE)
+# define TSerr(f,r) ERR_PUT_error(ERR_LIB_TS,(f),(r),OPENSSL_FILE,OPENSSL_LINE)
+# define HMACerr(f,r) ERR_PUT_error(ERR_LIB_HMAC,(f),(r),OPENSSL_FILE,OPENSSL_LINE)
+# define JPAKEerr(f,r) ERR_PUT_error(ERR_LIB_JPAKE,(f),(r),OPENSSL_FILE,OPENSSL_LINE)
 
 /*
  * Borland C seems too stupid to be able to shift and do longs in the
diff --git a/crypto/evp/evp.h b/crypto/evp/evp.h
index 39ab793..ad1e350 100644
--- a/crypto/evp/evp.h
+++ b/crypto/evp/evp.h
@@ -602,11 +602,13 @@ int EVP_MD_CTX_copy(EVP_MD_CTX *out, const EVP_MD_CTX *in);
 int EVP_DigestInit(EVP_MD_CTX *ctx, const EVP_MD *type);
 int EVP_DigestFinal(EVP_MD_CTX *ctx, unsigned char *md, unsigned int *s);
 
+#ifndef OPENSSL_NO_UI
 int EVP_read_pw_string(char *buf, int length, const char *prompt, int verify);
 int EVP_read_pw_string_min(char *buf, int minlen, int maxlen,
                            const char *prompt, int verify);
 void EVP_set_pw_prompt(const char *prompt);
 char *EVP_get_pw_prompt(void);
+#endif
 
 int EVP_BytesToKey(const EVP_CIPHER *type, const EVP_MD *md,
                    const unsigned char *salt, const unsigned char *data,
diff --git a/crypto/evp/evp_key.c b/crypto/evp/evp_key.c
index 5be9e33..63c8866 100644
--- a/crypto/evp/evp_key.c
+++ b/crypto/evp/evp_key.c
@@ -63,6 +63,7 @@
 #include <openssl/evp.h>
 #include <openssl/ui.h>
 
+#ifndef OPENSSL_NO_UI
 /* should be init to zeros. */
 static char prompt_string[80];
 
@@ -117,6 +118,7 @@ int EVP_read_pw_string_min(char *buf, int min, int len, const char *prompt,
     OPENSSL_cleanse(buff, BUFSIZ);
     return ret;
 }
+#endif /* OPENSSL_NO_UI */
 
 int EVP_BytesToKey(const EVP_CIPHER *type, const EVP_MD *md,
                    const unsigned char *salt, const unsigned char *data,
diff --git a/crypto/opensslconf.h.in b/crypto/opensslconf.h.in
index 7a1c85d..7162c0f 100644
--- a/crypto/opensslconf.h.in
+++ b/crypto/opensslconf.h.in
@@ -1,5 +1,15 @@
 /* crypto/opensslconf.h.in */
 
+#ifndef OPENSSL_FILE
+#ifdef OPENSSL_NO_FILENAMES
+#define OPENSSL_FILE ""
+#define OPENSSL_LINE 0
+#else
+#define OPENSSL_FILE __FILE__
+#define OPENSSL_LINE __LINE__
+#endif
+#endif
+
 /* Generate 80386 code? */
 #undef I386_ONLY
 
@@ -56,7 +66,7 @@
 #endif
 #endif
 
-#if defined(HEADER_BN_H) && !defined(CONFIG_HEADER_BN_H)
+#if defined(HEADER_BN_H) && !defined(CONFIG_HEADER_BN_H) && !defined(OPENSSL_SYSNAME_UEFI)
 #define CONFIG_HEADER_BN_H
 #undef BN_LLONG
 
diff --git a/crypto/pem/pem.h b/crypto/pem/pem.h
index aac72fb..d271ec8 100644
--- a/crypto/pem/pem.h
+++ b/crypto/pem/pem.h
@@ -324,6 +324,7 @@ int PEM_write_bio_##name(BIO *bp, type *x, const EVP_CIPHER *enc, \
 
 #  define DECLARE_PEM_read_fp(name, type) /**/
 #  define DECLARE_PEM_write_fp(name, type) /**/
+#  define DECLARE_PEM_write_fp_const(name, type) /**/
 #  define DECLARE_PEM_write_cb_fp(name, type) /**/
 # else
 
@@ -417,6 +418,7 @@ int PEM_X509_INFO_write_bio(BIO *bp, X509_INFO *xi, EVP_CIPHER *enc,
                             pem_password_cb *cd, void *u);
 # endif
 
+#ifndef OPENSSL_NO_FP_API
 int PEM_read(FILE *fp, char **name, char **header,
              unsigned char **data, long *len);
 int PEM_write(FILE *fp, const char *name, const char *hdr,
@@ -428,6 +430,7 @@ int PEM_ASN1_write(i2d_of_void *i2d, const char *name, FILE *fp,
                    int klen, pem_password_cb *callback, void *u);
 STACK_OF(X509_INFO) *PEM_X509_INFO_read(FILE *fp, STACK_OF(X509_INFO) *sk,
                                         pem_password_cb *cb, void *u);
+#endif
 
 int PEM_SealInit(PEM_ENCODE_SEAL_CTX *ctx, EVP_CIPHER *type,
                  EVP_MD *md_type, unsigned char **ek, int *ekl,
@@ -494,6 +497,7 @@ int i2d_PKCS8PrivateKey_nid_bio(BIO *bp, EVP_PKEY *x, int nid,
 EVP_PKEY *d2i_PKCS8PrivateKey_bio(BIO *bp, EVP_PKEY **x, pem_password_cb *cb,
                                   void *u);
 
+#ifndef OPENSSL_NO_FP_API
 int i2d_PKCS8PrivateKey_fp(FILE *fp, EVP_PKEY *x, const EVP_CIPHER *enc,
                            char *kstr, int klen,
                            pem_password_cb *cb, void *u);
@@ -510,6 +514,7 @@ EVP_PKEY *d2i_PKCS8PrivateKey_fp(FILE *fp, EVP_PKEY **x, pem_password_cb *cb,
 int PEM_write_PKCS8PrivateKey(FILE *fp, EVP_PKEY *x, const EVP_CIPHER *enc,
                               char *kstr, int klen, pem_password_cb *cd,
                               void *u);
+#endif
 
 EVP_PKEY *PEM_read_bio_Parameters(BIO *bp, EVP_PKEY **x);
 int PEM_write_bio_Parameters(BIO *bp, EVP_PKEY *x);
diff --git a/crypto/pem/pem_lib.c b/crypto/pem/pem_lib.c
index c82b3c0..56c77b1 100644
--- a/crypto/pem/pem_lib.c
+++ b/crypto/pem/pem_lib.c
@@ -84,7 +84,7 @@ int pem_check_suffix(const char *pem_str, const char *suffix);
 
 int PEM_def_callback(char *buf, int num, int w, void *key)
 {
-#ifdef OPENSSL_NO_FP_API
+#if defined(OPENSSL_NO_FP_API) || defined(OPENSSL_NO_UI)
     /*
      * We should not ever call the default callback routine from windows.
      */
diff --git a/crypto/pem/pem_pk8.c b/crypto/pem/pem_pk8.c
index 5747c73..9edca4d 100644
--- a/crypto/pem/pem_pk8.c
+++ b/crypto/pem/pem_pk8.c
@@ -69,9 +69,11 @@
 static int do_pk8pkey(BIO *bp, EVP_PKEY *x, int isder,
                       int nid, const EVP_CIPHER *enc,
                       char *kstr, int klen, pem_password_cb *cb, void *u);
+#ifndef OPENSSL_NO_FP_API
 static int do_pk8pkey_fp(FILE *bp, EVP_PKEY *x, int isder,
                          int nid, const EVP_CIPHER *enc,
                          char *kstr, int klen, pem_password_cb *cb, void *u);
+#endif
 
 /*
  * These functions write a private key in PKCS#8 format: it is a "drop in"
diff --git a/crypto/pkcs7/pk7_smime.c b/crypto/pkcs7/pk7_smime.c
index dc9b484..e75c4b2 100644
--- a/crypto/pkcs7/pk7_smime.c
+++ b/crypto/pkcs7/pk7_smime.c
@@ -64,6 +64,8 @@
 #include <openssl/x509.h>
 #include <openssl/x509v3.h>
 
+#define BUFFERSIZE 4096
+
 static int pkcs7_copy_existing_digest(PKCS7 *p7, PKCS7_SIGNER_INFO *si);
 
 PKCS7 *PKCS7_sign(X509 *signcert, EVP_PKEY *pkey, STACK_OF(X509) *certs,
@@ -254,7 +256,7 @@ int PKCS7_verify(PKCS7 *p7, STACK_OF(X509) *certs, X509_STORE *store,
     STACK_OF(PKCS7_SIGNER_INFO) *sinfos;
     PKCS7_SIGNER_INFO *si;
     X509_STORE_CTX cert_ctx;
-    char buf[4096];
+    char *buf = NULL;
     int i, j = 0, k, ret = 0;
     BIO *p7bio = NULL;
     BIO *tmpin = NULL, *tmpout = NULL;
@@ -373,8 +375,12 @@ int PKCS7_verify(PKCS7 *p7, STACK_OF(X509) *certs, X509_STORE *store,
         tmpout = out;
 
     /* We now have to 'read' from p7bio to calculate digests etc. */
+    if ((buf = OPENSSL_malloc(BUFFERSIZE)) == NULL) {
+        PKCS7err(PKCS7_F_PKCS7_VERIFY, ERR_R_MALLOC_FAILURE);
+        goto err;
+    }
     for (;;) {
-        i = BIO_read(p7bio, buf, sizeof(buf));
+        i = BIO_read(p7bio, buf, BUFFERSIZE);
         if (i <= 0)
             break;
         if (tmpout)
@@ -405,6 +411,7 @@ int PKCS7_verify(PKCS7 *p7, STACK_OF(X509) *certs, X509_STORE *store,
     ret = 1;
 
  err:
+    OPENSSL_free(buf);
     if (tmpin == indata) {
         if (indata)
             BIO_pop(p7bio);
@@ -523,7 +530,7 @@ int PKCS7_decrypt(PKCS7 *p7, EVP_PKEY *pkey, X509 *cert, BIO *data, int flags)
 {
     BIO *tmpmem;
     int ret, i;
-    char buf[4096];
+    char *buf = NULL;
 
     if (!p7) {
         PKCS7err(PKCS7_F_PKCS7_DECRYPT, PKCS7_R_INVALID_NULL_POINTER);
@@ -567,24 +574,30 @@ int PKCS7_decrypt(PKCS7 *p7, EVP_PKEY *pkey, X509 *cert, BIO *data, int flags)
         }
         BIO_free_all(bread);
         return ret;
-    } else {
-        for (;;) {
-            i = BIO_read(tmpmem, buf, sizeof(buf));
-            if (i <= 0) {
-                ret = 1;
-                if (BIO_method_type(tmpmem) == BIO_TYPE_CIPHER) {
-                    if (!BIO_get_cipher_status(tmpmem))
-                        ret = 0;
-                }
-
-                break;
-            }
-            if (BIO_write(data, buf, i) != i) {
-                ret = 0;
-                break;
+    }
+    if ((buf = OPENSSL_malloc(BUFFERSIZE)) == NULL) {
+        PKCS7err(PKCS7_F_PKCS7_DECRYPT, ERR_R_MALLOC_FAILURE);
+        goto err;
+    }
+    for (;;) {
+        i = BIO_read(tmpmem, buf, BUFFERSIZE);
+        if (i <= 0) {
+            ret = 1;
+            if (BIO_method_type(tmpmem) == BIO_TYPE_CIPHER) {
+                if (!BIO_get_cipher_status(tmpmem))
+                    ret = 0;
             }
+
+            break;
+        }
+        if (BIO_write(data, buf, i) != i) {
+            ret = 0;
+            break;
         }
-        BIO_free_all(tmpmem);
-        return ret;
     }
+
+err:
+    OPENSSL_free(buf);
+    BIO_free_all(tmpmem);
+    return ret;
 }
diff --git a/crypto/rand/rand_egd.c b/crypto/rand/rand_egd.c
index 737aebf..f23f348 100644
--- a/crypto/rand/rand_egd.c
+++ b/crypto/rand/rand_egd.c
@@ -95,7 +95,7 @@
  *   RAND_egd() is a wrapper for RAND_egd_bytes() with numbytes=255.
  */
 
-#if defined(OPENSSL_SYS_WIN32) || defined(OPENSSL_SYS_VMS) || defined(OPENSSL_SYS_MSDOS) || defined(OPENSSL_SYS_VXWORKS) || defined(OPENSSL_SYS_NETWARE) || defined(OPENSSL_SYS_VOS) || defined(OPENSSL_SYS_BEOS)
+#if defined(OPENSSL_SYS_WIN32) || defined(OPENSSL_SYS_VMS) || defined(OPENSSL_SYS_MSDOS) || defined(OPENSSL_SYS_VXWORKS) || defined(OPENSSL_SYS_NETWARE) || defined(OPENSSL_SYS_VOS) || defined(OPENSSL_SYS_BEOS) || defined(OPENSSL_SYS_UEFI)
 int RAND_query_egd_bytes(const char *path, unsigned char *buf, int bytes)
 {
     return (-1);
diff --git a/crypto/rand/rand_unix.c b/crypto/rand/rand_unix.c
index 6c5b65d..11ee152 100644
--- a/crypto/rand/rand_unix.c
+++ b/crypto/rand/rand_unix.c
@@ -116,7 +116,7 @@
 #include <openssl/rand.h>
 #include "rand_lcl.h"
 
-#if !(defined(OPENSSL_SYS_WINDOWS) || defined(OPENSSL_SYS_WIN32) || defined(OPENSSL_SYS_VMS) || defined(OPENSSL_SYS_OS2) || defined(OPENSSL_SYS_VXWORKS) || defined(OPENSSL_SYS_NETWARE))
+#if !(defined(OPENSSL_SYS_WINDOWS) || defined(OPENSSL_SYS_WIN32) || defined(OPENSSL_SYS_VMS) || defined(OPENSSL_SYS_OS2) || defined(OPENSSL_SYS_VXWORKS) || defined(OPENSSL_SYS_NETWARE) || defined(OPENSSL_SYS_UEFI))
 
 # include <sys/types.h>
 # include <sys/time.h>
@@ -439,7 +439,7 @@ int RAND_poll(void)
                                  * defined(OPENSSL_SYS_VXWORKS) ||
                                  * defined(OPENSSL_SYS_NETWARE)) */
 
-#if defined(OPENSSL_SYS_VXWORKS)
+#if defined(OPENSSL_SYS_VXWORKS) || defined(OPENSSL_SYS_UEFI)
 int RAND_poll(void)
 {
     return 0;
diff --git a/crypto/ts/ts.h b/crypto/ts/ts.h
index 2daa1b2..5205bc5 100644
--- a/crypto/ts/ts.h
+++ b/crypto/ts/ts.h
@@ -281,8 +281,10 @@ TS_REQ *d2i_TS_REQ(TS_REQ **a, const unsigned char **pp, long length);
 
 TS_REQ *TS_REQ_dup(TS_REQ *a);
 
+#ifndef OPENSSL_NO_FP_API
 TS_REQ *d2i_TS_REQ_fp(FILE *fp, TS_REQ **a);
 int i2d_TS_REQ_fp(FILE *fp, TS_REQ *a);
+#endif
 TS_REQ *d2i_TS_REQ_bio(BIO *fp, TS_REQ **a);
 int i2d_TS_REQ_bio(BIO *fp, TS_REQ *a);
 
@@ -294,10 +296,12 @@ TS_MSG_IMPRINT *d2i_TS_MSG_IMPRINT(TS_MSG_IMPRINT **a,
 
 TS_MSG_IMPRINT *TS_MSG_IMPRINT_dup(TS_MSG_IMPRINT *a);
 
+#ifndef OPENSSL_NO_FP_API
 TS_MSG_IMPRINT *d2i_TS_MSG_IMPRINT_fp(FILE *fp, TS_MSG_IMPRINT **a);
 int i2d_TS_MSG_IMPRINT_fp(FILE *fp, TS_MSG_IMPRINT *a);
-TS_MSG_IMPRINT *d2i_TS_MSG_IMPRINT_bio(BIO *fp, TS_MSG_IMPRINT **a);
-int i2d_TS_MSG_IMPRINT_bio(BIO *fp, TS_MSG_IMPRINT *a);
+#endif
+TS_MSG_IMPRINT *d2i_TS_MSG_IMPRINT_bio(BIO *bio, TS_MSG_IMPRINT **a);
+int i2d_TS_MSG_IMPRINT_bio(BIO *bio, TS_MSG_IMPRINT *a);
 
 TS_RESP *TS_RESP_new(void);
 void TS_RESP_free(TS_RESP *a);
@@ -306,10 +310,12 @@ TS_RESP *d2i_TS_RESP(TS_RESP **a, const unsigned char **pp, long length);
 TS_TST_INFO *PKCS7_to_TS_TST_INFO(PKCS7 *token);
 TS_RESP *TS_RESP_dup(TS_RESP *a);
 
+#ifndef OPENSSL_NO_FP_API
 TS_RESP *d2i_TS_RESP_fp(FILE *fp, TS_RESP **a);
 int i2d_TS_RESP_fp(FILE *fp, TS_RESP *a);
-TS_RESP *d2i_TS_RESP_bio(BIO *fp, TS_RESP **a);
-int i2d_TS_RESP_bio(BIO *fp, TS_RESP *a);
+#endif
+TS_RESP *d2i_TS_RESP_bio(BIO *bio, TS_RESP **a);
+int i2d_TS_RESP_bio(BIO *bio, TS_RESP *a);
 
 TS_STATUS_INFO *TS_STATUS_INFO_new(void);
 void TS_STATUS_INFO_free(TS_STATUS_INFO *a);
@@ -325,10 +331,12 @@ TS_TST_INFO *d2i_TS_TST_INFO(TS_TST_INFO **a, const unsigned char **pp,
                              long length);
 TS_TST_INFO *TS_TST_INFO_dup(TS_TST_INFO *a);
 
+#ifndef OPENSSL_NO_FP_API
 TS_TST_INFO *d2i_TS_TST_INFO_fp(FILE *fp, TS_TST_INFO **a);
 int i2d_TS_TST_INFO_fp(FILE *fp, TS_TST_INFO *a);
-TS_TST_INFO *d2i_TS_TST_INFO_bio(BIO *fp, TS_TST_INFO **a);
-int i2d_TS_TST_INFO_bio(BIO *fp, TS_TST_INFO *a);
+#endif
+TS_TST_INFO *d2i_TS_TST_INFO_bio(BIO *bio, TS_TST_INFO **a);
+int i2d_TS_TST_INFO_bio(BIO *bio, TS_TST_INFO *a);
 
 TS_ACCURACY *TS_ACCURACY_new(void);
 void TS_ACCURACY_free(TS_ACCURACY *a);
@@ -731,15 +739,18 @@ int TS_MSG_IMPRINT_print_bio(BIO *bio, TS_MSG_IMPRINT *msg);
  * ts/ts_conf.c
  */
 
+#ifndef OPENSSL_NO_STDIO
 X509 *TS_CONF_load_cert(const char *file);
 STACK_OF(X509) *TS_CONF_load_certs(const char *file);
 EVP_PKEY *TS_CONF_load_key(const char *file, const char *pass);
+#endif
 const char *TS_CONF_get_tsa_section(CONF *conf, const char *section);
 int TS_CONF_set_serial(CONF *conf, const char *section, TS_serial_cb cb,
                        TS_RESP_CTX *ctx);
 int TS_CONF_set_crypto_device(CONF *conf, const char *section,
                               const char *device);
 int TS_CONF_set_default_engine(const char *name);
+#ifndef OPENSSL_NO_STDIO
 int TS_CONF_set_signer_cert(CONF *conf, const char *section,
                             const char *cert, TS_RESP_CTX *ctx);
 int TS_CONF_set_certs(CONF *conf, const char *section, const char *certs,
@@ -747,6 +758,7 @@ int TS_CONF_set_certs(CONF *conf, const char *section, const char *certs,
 int TS_CONF_set_signer_key(CONF *conf, const char *section,
                            const char *key, const char *pass,
                            TS_RESP_CTX *ctx);
+#endif
 int TS_CONF_set_def_policy(CONF *conf, const char *section,
                            const char *policy, TS_RESP_CTX *ctx);
 int TS_CONF_set_policies(CONF *conf, const char *section, TS_RESP_CTX *ctx);
@@ -787,6 +799,11 @@ void ERR_load_TS_strings(void);
 # define TS_F_TS_CHECK_SIGNING_CERTS                      103
 # define TS_F_TS_CHECK_STATUS_INFO                        104
 # define TS_F_TS_COMPUTE_IMPRINT                          145
+# define TS_F_TS_CONF_INVALID                             151
+# define TS_F_TS_CONF_LOAD_CERT                           153
+# define TS_F_TS_CONF_LOAD_CERTS                          154
+# define TS_F_TS_CONF_LOAD_KEY                            155
+# define TS_F_TS_CONF_LOOKUP_FAIL                         152
 # define TS_F_TS_CONF_SET_DEFAULT_ENGINE                  146
 # define TS_F_TS_GET_STATUS_TEXT                          105
 # define TS_F_TS_MSG_IMPRINT_SET_ALGO                     118
@@ -825,6 +842,8 @@ void ERR_load_TS_strings(void);
 /* Reason codes. */
 # define TS_R_BAD_PKCS7_TYPE                              132
 # define TS_R_BAD_TYPE                                    133
+# define TS_R_CANNOT_LOAD_CERT                            137
+# define TS_R_CANNOT_LOAD_KEY                             138
 # define TS_R_CERTIFICATE_VERIFY_ERROR                    100
 # define TS_R_COULD_NOT_SET_ENGINE                        127
 # define TS_R_COULD_NOT_SET_TIME                          115
@@ -857,6 +876,8 @@ void ERR_load_TS_strings(void);
 # define TS_R_UNACCEPTABLE_POLICY                         125
 # define TS_R_UNSUPPORTED_MD_ALGORITHM                    126
 # define TS_R_UNSUPPORTED_VERSION                         113
+# define TS_R_VAR_BAD_VALUE                               135
+# define TS_R_VAR_LOOKUP_FAILURE                          136
 # define TS_R_WRONG_CONTENT_TYPE                          114
 
 #ifdef  __cplusplus
diff --git a/crypto/ts/ts_conf.c b/crypto/ts/ts_conf.c
index 4716b23..c4416ba 100644
--- a/crypto/ts/ts_conf.c
+++ b/crypto/ts/ts_conf.c
@@ -92,6 +92,7 @@
 
 /* Function definitions for certificate and key loading. */
 
+#ifndef OPENSSL_NO_STDIO
 X509 *TS_CONF_load_cert(const char *file)
 {
     BIO *cert = NULL;
@@ -102,7 +103,7 @@ X509 *TS_CONF_load_cert(const char *file)
     x = PEM_read_bio_X509_AUX(cert, NULL, NULL, NULL);
  end:
     if (x == NULL)
-        fprintf(stderr, "unable to load certificate: %s\n", file);
+        TSerr(TS_F_TS_CONF_LOAD_CERT, TS_R_CANNOT_LOAD_CERT);
     BIO_free(cert);
     return x;
 }
@@ -129,7 +130,7 @@ STACK_OF(X509) *TS_CONF_load_certs(const char *file)
     }
  end:
     if (othercerts == NULL)
-        fprintf(stderr, "unable to load certificates: %s\n", file);
+        TSerr(TS_F_TS_CONF_LOAD_CERTS, TS_R_CANNOT_LOAD_CERT);
     sk_X509_INFO_pop_free(allcerts, X509_INFO_free);
     BIO_free(certs);
     return othercerts;
@@ -145,21 +146,24 @@ EVP_PKEY *TS_CONF_load_key(const char *file, const char *pass)
     pkey = PEM_read_bio_PrivateKey(key, NULL, NULL, (char *)pass);
  end:
     if (pkey == NULL)
-        fprintf(stderr, "unable to load private key: %s\n", file);
+        TSerr(TS_F_TS_CONF_LOAD_KEY, TS_R_CANNOT_LOAD_KEY);
     BIO_free(key);
     return pkey;
 }
+#endif /* !OPENSSL_NO_STDIO */
 
 /* Function definitions for handling configuration options. */
 
 static void TS_CONF_lookup_fail(const char *name, const char *tag)
 {
-    fprintf(stderr, "variable lookup failed for %s::%s\n", name, tag);
+    TSerr(TS_F_TS_CONF_LOOKUP_FAIL, TS_R_VAR_LOOKUP_FAILURE);
+    ERR_add_error_data(3, name, "::", tag);
 }
 
 static void TS_CONF_invalid(const char *name, const char *tag)
 {
-    fprintf(stderr, "invalid variable value for %s::%s\n", name, tag);
+    TSerr(TS_F_TS_CONF_INVALID, TS_R_VAR_BAD_VALUE);
+    ERR_add_error_data(3, name, "::", tag);
 }
 
 const char *TS_CONF_get_tsa_section(CONF *conf, const char *section)
@@ -237,6 +241,7 @@ int TS_CONF_set_default_engine(const char *name)
 
 #endif
 
+#ifndef OPENSSL_NO_STDIO
 int TS_CONF_set_signer_cert(CONF *conf, const char *section,
                             const char *cert, TS_RESP_CTX *ctx)
 {
@@ -302,6 +307,7 @@ int TS_CONF_set_signer_key(CONF *conf, const char *section,
     EVP_PKEY_free(key_obj);
     return ret;
 }
+#endif /* !OPENSSL_NO_STDIO */
 
 int TS_CONF_set_def_policy(CONF *conf, const char *section,
                            const char *policy, TS_RESP_CTX *ctx)
diff --git a/crypto/ts/ts_err.c b/crypto/ts/ts_err.c
index ff1abf4..3f5b78f 100644
--- a/crypto/ts/ts_err.c
+++ b/crypto/ts/ts_err.c
@@ -1,6 +1,6 @@
 /* crypto/ts/ts_err.c */
 /* ====================================================================
- * Copyright (c) 1999-2007 The OpenSSL Project.  All rights reserved.
+ * Copyright (c) 1999-2015 The OpenSSL Project.  All rights reserved.
  *
  * Redistribution and use in source and binary forms, with or without
  * modification, are permitted provided that the following conditions
@@ -87,6 +87,11 @@ static ERR_STRING_DATA TS_str_functs[] = {
     {ERR_FUNC(TS_F_TS_CHECK_SIGNING_CERTS), "TS_CHECK_SIGNING_CERTS"},
     {ERR_FUNC(TS_F_TS_CHECK_STATUS_INFO), "TS_CHECK_STATUS_INFO"},
     {ERR_FUNC(TS_F_TS_COMPUTE_IMPRINT), "TS_COMPUTE_IMPRINT"},
+    {ERR_FUNC(TS_F_TS_CONF_INVALID), "ts_CONF_invalid"},
+    {ERR_FUNC(TS_F_TS_CONF_LOAD_CERT), "TS_CONF_load_cert"},
+    {ERR_FUNC(TS_F_TS_CONF_LOAD_CERTS), "TS_CONF_load_certs"},
+    {ERR_FUNC(TS_F_TS_CONF_LOAD_KEY), "TS_CONF_load_key"},
+    {ERR_FUNC(TS_F_TS_CONF_LOOKUP_FAIL), "ts_CONF_lookup_fail"},
     {ERR_FUNC(TS_F_TS_CONF_SET_DEFAULT_ENGINE), "TS_CONF_set_default_engine"},
     {ERR_FUNC(TS_F_TS_GET_STATUS_TEXT), "TS_GET_STATUS_TEXT"},
     {ERR_FUNC(TS_F_TS_MSG_IMPRINT_SET_ALGO), "TS_MSG_IMPRINT_set_algo"},
@@ -132,6 +137,8 @@ static ERR_STRING_DATA TS_str_functs[] = {
 static ERR_STRING_DATA TS_str_reasons[] = {
     {ERR_REASON(TS_R_BAD_PKCS7_TYPE), "bad pkcs7 type"},
     {ERR_REASON(TS_R_BAD_TYPE), "bad type"},
+    {ERR_REASON(TS_R_CANNOT_LOAD_CERT), "cannot load certificate"},
+    {ERR_REASON(TS_R_CANNOT_LOAD_KEY), "cannot load private key"},
     {ERR_REASON(TS_R_CERTIFICATE_VERIFY_ERROR), "certificate verify error"},
     {ERR_REASON(TS_R_COULD_NOT_SET_ENGINE), "could not set engine"},
     {ERR_REASON(TS_R_COULD_NOT_SET_TIME), "could not set time"},
@@ -170,6 +177,8 @@ static ERR_STRING_DATA TS_str_reasons[] = {
     {ERR_REASON(TS_R_UNACCEPTABLE_POLICY), "unacceptable policy"},
     {ERR_REASON(TS_R_UNSUPPORTED_MD_ALGORITHM), "unsupported md algorithm"},
     {ERR_REASON(TS_R_UNSUPPORTED_VERSION), "unsupported version"},
+    {ERR_REASON(TS_R_VAR_BAD_VALUE), "var bad value"},
+    {ERR_REASON(TS_R_VAR_LOOKUP_FAILURE), "cannot find config variable"},
     {ERR_REASON(TS_R_WRONG_CONTENT_TYPE), "wrong content type"},
     {0, NULL}
 };
diff --git a/crypto/ui/ui_util.c b/crypto/ui/ui_util.c
index 0f29011..80dd40e 100644
--- a/crypto/ui/ui_util.c
+++ b/crypto/ui/ui_util.c
@@ -56,6 +56,10 @@
 #include <string.h>
 #include "ui_locl.h"
 
+#ifndef BUFSIZ
+#define BUFSIZ 256
+#endif
+
 int UI_UTIL_read_pw_string(char *buf, int length, const char *prompt,
                            int verify)
 {
diff --git a/crypto/x509/by_dir.c b/crypto/x509/by_dir.c
index bbc3189..29695f9 100644
--- a/crypto/x509/by_dir.c
+++ b/crypto/x509/by_dir.c
@@ -69,6 +69,8 @@
 # include <sys/stat.h>
 #endif
 
+#ifndef OPENSSL_NO_STDIO
+
 #include <openssl/lhash.h>
 #include <openssl/x509.h>
 
@@ -438,3 +440,5 @@ static int get_cert_by_subject(X509_LOOKUP *xl, int type, X509_NAME *name,
         BUF_MEM_free(b);
     return (ok);
 }
+
+#endif /* OPENSSL_NO_STDIO */
diff --git a/crypto/x509/x509_vfy.c b/crypto/x509/x509_vfy.c
index 8334b3f..d075f66 100644
--- a/crypto/x509/x509_vfy.c
+++ b/crypto/x509/x509_vfy.c
@@ -1064,6 +1064,8 @@ static int check_crl_time(X509_STORE_CTX *ctx, X509_CRL *crl, int notify)
         ctx->current_crl = crl;
     if (ctx->param->flags & X509_V_FLAG_USE_CHECK_TIME)
         ptime = &ctx->param->check_time;
+    else if (ctx->param->flags & X509_V_FLAG_NO_CHECK_TIME)
+        return 1;
     else
         ptime = NULL;
 
@@ -1805,6 +1807,8 @@ static int check_cert_time(X509_STORE_CTX *ctx, X509 *x)
 
     if (ctx->param->flags & X509_V_FLAG_USE_CHECK_TIME)
         ptime = &ctx->param->check_time;
+    else if (ctx->param->flags & X509_V_FLAG_NO_CHECK_TIME)
+        return 1;
     else
         ptime = NULL;
 
diff --git a/crypto/x509/x509_vfy.h b/crypto/x509/x509_vfy.h
index 5062682..e90d931 100644
--- a/crypto/x509/x509_vfy.h
+++ b/crypto/x509/x509_vfy.h
@@ -443,6 +443,8 @@ void X509_STORE_CTX_set_depth(X509_STORE_CTX *ctx, int depth);
  * will force the behaviour to match that of previous versions.
  */
 # define X509_V_FLAG_NO_ALT_CHAINS               0x100000
+/* Do not check certificate/CRL validity against current time */
+# define X509_V_FLAG_NO_CHECK_TIME               0x200000
 
 # define X509_VP_FLAG_DEFAULT                    0x1
 # define X509_VP_FLAG_OVERWRITE                  0x2
@@ -496,8 +498,10 @@ X509_STORE *X509_STORE_CTX_get0_store(X509_STORE_CTX *ctx);
 
 X509_LOOKUP *X509_STORE_add_lookup(X509_STORE *v, X509_LOOKUP_METHOD *m);
 
+#ifndef OPENSSL_NO_STDIO
 X509_LOOKUP_METHOD *X509_LOOKUP_hash_dir(void);
 X509_LOOKUP_METHOD *X509_LOOKUP_file(void);
+#endif
 
 int X509_STORE_add_cert(X509_STORE *ctx, X509 *x);
 int X509_STORE_add_crl(X509_STORE *ctx, X509_CRL *x);
diff --git a/crypto/x509v3/ext_dat.h b/crypto/x509v3/ext_dat.h
index c3a6fce..09ebbca 100644
--- a/crypto/x509v3/ext_dat.h
+++ b/crypto/x509v3/ext_dat.h
@@ -127,8 +127,10 @@ static const X509V3_EXT_METHOD *standard_exts[] = {
     &v3_idp,
     &v3_alt[2],
     &v3_freshest_crl,
+#ifndef OPENSSL_NO_SCT
     &v3_ct_scts[0],
     &v3_ct_scts[1],
+#endif
 };
 
 /* Number of standard extensions */
diff --git a/crypto/x509v3/v3_pci.c b/crypto/x509v3/v3_pci.c
index 34cad53..12f12a7 100644
--- a/crypto/x509v3/v3_pci.c
+++ b/crypto/x509v3/v3_pci.c
@@ -149,6 +149,7 @@ static int process_pci_value(CONF_VALUE *val,
                 goto err;
             }
             OPENSSL_free(tmp_data2);
+#ifndef OPENSSL_NO_STDIO
         } else if (strncmp(val->value, "file:", 5) == 0) {
             unsigned char buf[2048];
             int n;
@@ -181,6 +182,7 @@ static int process_pci_value(CONF_VALUE *val,
                 X509V3_conf_err(val);
                 goto err;
             }
+#endif /* !OPENSSL_NO_STDIO */
         } else if (strncmp(val->value, "text:", 5) == 0) {
             val_len = strlen(val->value + 5);
             tmp_data = OPENSSL_realloc((*policy)->data,
diff --git a/crypto/x509v3/v3_scts.c b/crypto/x509v3/v3_scts.c
index 0b7c681..1895b8f 100644
--- a/crypto/x509v3/v3_scts.c
+++ b/crypto/x509v3/v3_scts.c
@@ -61,6 +61,7 @@
 #include <openssl/asn1.h>
 #include <openssl/x509v3.h>
 
+#ifndef OPENSSL_NO_SCT
 /* Signature and hash algorithms from RFC 5246 */
 #define TLSEXT_hash_sha256                              4
 
@@ -332,3 +333,4 @@ static int i2r_SCT_LIST(X509V3_EXT_METHOD *method, STACK_OF(SCT) *sct_list,
 
     return 1;
 }
+#endif
diff --git a/crypto/x509v3/x509v3.h b/crypto/x509v3/x509v3.h
index f5c6156..a2e78aa 100644
--- a/crypto/x509v3/x509v3.h
+++ b/crypto/x509v3/x509v3.h
@@ -688,8 +688,9 @@ void X509V3_EXT_val_prn(BIO *out, STACK_OF(CONF_VALUE) *val, int indent,
                         int ml);
 int X509V3_EXT_print(BIO *out, X509_EXTENSION *ext, unsigned long flag,
                      int indent);
+#ifndef OPENSSL_NO_FP_API
 int X509V3_EXT_print_fp(FILE *out, X509_EXTENSION *ext, int flag, int indent);
-
+#endif
 int X509V3_extensions_print(BIO *out, char *title,
                             STACK_OF(X509_EXTENSION) *exts,
                             unsigned long flag, int indent);
diff --git a/demos/engines/cluster_labs/hw_cluster_labs_err.h b/demos/engines/cluster_labs/hw_cluster_labs_err.h
index 3300e11..e9e58d5 100644
--- a/demos/engines/cluster_labs/hw_cluster_labs_err.h
+++ b/demos/engines/cluster_labs/hw_cluster_labs_err.h
@@ -67,7 +67,7 @@ extern "C" {
 static void ERR_load_CL_strings(void);
 static void ERR_unload_CL_strings(void);
 static void ERR_CL_error(int function, int reason, char *file, int line);
-# define CLerr(f,r) ERR_CL_error((f),(r),__FILE__,__LINE__)
+# define CLerr(f,r) ERR_CL_error((f),(r),OPENSSL_FILE,OPENSSL_LINE)
 
 /* Error codes for the CL functions. */
 
diff --git a/demos/engines/ibmca/hw_ibmca_err.h b/demos/engines/ibmca/hw_ibmca_err.h
index c17e0c9..10d0212 100644
--- a/demos/engines/ibmca/hw_ibmca_err.h
+++ b/demos/engines/ibmca/hw_ibmca_err.h
@@ -67,7 +67,7 @@ extern "C" {
 static void ERR_load_IBMCA_strings(void);
 static void ERR_unload_IBMCA_strings(void);
 static void ERR_IBMCA_error(int function, int reason, char *file, int line);
-# define IBMCAerr(f,r) ERR_IBMCA_error((f),(r),__FILE__,__LINE__)
+# define IBMCAerr(f,r) ERR_IBMCA_error((f),(r),OPENSSL_FILE,OPENSSL_LINE)
 
 /* Error codes for the IBMCA functions. */
 
diff --git a/demos/engines/rsaref/rsaref_err.h b/demos/engines/rsaref/rsaref_err.h
index 4356815..598836f 100644
--- a/demos/engines/rsaref/rsaref_err.h
+++ b/demos/engines/rsaref/rsaref_err.h
@@ -68,7 +68,7 @@ extern "C" {
 static void ERR_load_RSAREF_strings(void);
 static void ERR_unload_RSAREF_strings(void);
 static void ERR_RSAREF_error(int function, int reason, char *file, int line);
-# define RSAREFerr(f,r) ERR_RSAREF_error((f),(r),__FILE__,__LINE__)
+# define RSAREFerr(f,r) ERR_RSAREF_error((f),(r),OPENSSL_FILE,OPENSSL_LINE)
 /* Error codes for the RSAREF functions. */
 
 /* Function codes. */
diff --git a/demos/engines/zencod/hw_zencod_err.h b/demos/engines/zencod/hw_zencod_err.h
index f4a8358..94d3293 100644
--- a/demos/engines/zencod/hw_zencod_err.h
+++ b/demos/engines/zencod/hw_zencod_err.h
@@ -67,7 +67,7 @@ extern "C" {
 static void ERR_load_ZENCOD_strings(void);
 static void ERR_unload_ZENCOD_strings(void);
 static void ERR_ZENCOD_error(int function, int reason, char *file, int line);
-# define ZENCODerr(f,r) ERR_ZENCOD_error((f),(r),__FILE__,__LINE__)
+# define ZENCODerr(f,r) ERR_ZENCOD_error((f),(r),OPENSSL_FILE,OPENSSL_LINE)
 
 /* Error codes for the ZENCOD functions. */
 
diff --git a/doc/crypto/X509_VERIFY_PARAM_set_flags.pod b/doc/crypto/X509_VERIFY_PARAM_set_flags.pod
index 44792f9..7f95d58 100644
--- a/doc/crypto/X509_VERIFY_PARAM_set_flags.pod
+++ b/doc/crypto/X509_VERIFY_PARAM_set_flags.pod
@@ -203,6 +203,10 @@ chain found is not trusted, then OpenSSL will continue to check to see if an
 alternative chain can be found that is trusted. With this flag set the behaviour
 will match that of OpenSSL versions prior to 1.0.2b.
 
+The B<X509_V_FLAG_NO_CHECK_TIME> flag suppresses checking the validity period
+of certificates and CRLs against the current time. If X509_VERIFY_PARAM_set_time()
+is used to specify a verification time, the check is not suppressed.
+
 =head1 NOTES
 
 The above functions should be used to manipulate verification parameters
diff --git a/doc/crypto/threads.pod b/doc/crypto/threads.pod
index dc0e939..fe123bb 100644
--- a/doc/crypto/threads.pod
+++ b/doc/crypto/threads.pod
@@ -51,15 +51,15 @@ CRYPTO_destroy_dynlockid, CRYPTO_lock - OpenSSL thread support
  void CRYPTO_lock(int mode, int n, const char *file, int line);
 
  #define CRYPTO_w_lock(type)	\
-	CRYPTO_lock(CRYPTO_LOCK|CRYPTO_WRITE,type,__FILE__,__LINE__)
+	CRYPTO_lock(CRYPTO_LOCK|CRYPTO_WRITE,type,OPENSSL_FILE,OPENSSL_LINE)
  #define CRYPTO_w_unlock(type)	\
-	CRYPTO_lock(CRYPTO_UNLOCK|CRYPTO_WRITE,type,__FILE__,__LINE__)
+	CRYPTO_lock(CRYPTO_UNLOCK|CRYPTO_WRITE,type,OPENSSL_FILE,OPENSSL_LINE)
  #define CRYPTO_r_lock(type)	\
-	CRYPTO_lock(CRYPTO_LOCK|CRYPTO_READ,type,__FILE__,__LINE__)
+	CRYPTO_lock(CRYPTO_LOCK|CRYPTO_READ,type,OPENSSL_FILE,OPENSSL_LINE)
  #define CRYPTO_r_unlock(type)	\
-	CRYPTO_lock(CRYPTO_UNLOCK|CRYPTO_READ,type,__FILE__,__LINE__)
+	CRYPTO_lock(CRYPTO_UNLOCK|CRYPTO_READ,type,OPENSSL_FILE,OPENSSL_LINE)
  #define CRYPTO_add(addr,amount,type)	\
-	CRYPTO_add_lock(addr,amount,type,__FILE__,__LINE__)
+	CRYPTO_add_lock(addr,amount,type,OPENSSL_FILE,OPENSSL_LINE)
 
 =head1 DESCRIPTION
 
diff --git a/e_os.h b/e_os.h
index 1fa36c1..3e9dae2 100644
--- a/e_os.h
+++ b/e_os.h
@@ -136,7 +136,7 @@ extern "C" {
 #  define MSDOS
 # endif
 
-# if defined(MSDOS) && !defined(GETPID_IS_MEANINGLESS)
+# if (defined(MSDOS) || defined(OPENSSL_SYS_UEFI)) && !defined(GETPID_IS_MEANINGLESS)
 #  define GETPID_IS_MEANINGLESS
 # endif
 
diff --git a/e_os2.h b/e_os2.h
index 7be9989..909e22f 100644
--- a/e_os2.h
+++ b/e_os2.h
@@ -97,7 +97,14 @@ extern "C" {
  * For 32 bit environment, there seems to be the CygWin environment and then
  * all the others that try to do the same thing Microsoft does...
  */
-# if defined(OPENSSL_SYSNAME_UWIN)
+/*
+ * UEFI lives here because it might be built with a Microsoft toolchain and
+ * we need to avoid the false positive match on Windows.
+ */
+# if defined(OPENSSL_SYSNAME_UEFI)
+#  undef OPENSSL_SYS_UNIX
+#  define OPENSSL_SYS_UEFI
+# elif defined(OPENSSL_SYSNAME_UWIN)
 #  undef OPENSSL_SYS_UNIX
 #  define OPENSSL_SYS_WIN32_UWIN
 # else
diff --git a/engines/ccgost/e_gost_err.h b/engines/ccgost/e_gost_err.h
index a2018ec..9eacdcf 100644
--- a/engines/ccgost/e_gost_err.h
+++ b/engines/ccgost/e_gost_err.h
@@ -67,7 +67,7 @@ extern "C" {
 void ERR_load_GOST_strings(void);
 void ERR_unload_GOST_strings(void);
 void ERR_GOST_error(int function, int reason, char *file, int line);
-# define GOSTerr(f,r) ERR_GOST_error((f),(r),__FILE__,__LINE__)
+# define GOSTerr(f,r) ERR_GOST_error((f),(r),OPENSSL_FILE,OPENSSL_LINE)
 
 /* Error codes for the GOST functions. */
 
diff --git a/engines/e_4758cca_err.h b/engines/e_4758cca_err.h
index 2f29d96..47a2635 100644
--- a/engines/e_4758cca_err.h
+++ b/engines/e_4758cca_err.h
@@ -67,7 +67,7 @@ extern "C" {
 static void ERR_load_CCA4758_strings(void);
 static void ERR_unload_CCA4758_strings(void);
 static void ERR_CCA4758_error(int function, int reason, char *file, int line);
-# define CCA4758err(f,r) ERR_CCA4758_error((f),(r),__FILE__,__LINE__)
+# define CCA4758err(f,r) ERR_CCA4758_error((f),(r),OPENSSL_FILE,OPENSSL_LINE)
 
 /* Error codes for the CCA4758 functions. */
 
diff --git a/engines/e_aep_err.h b/engines/e_aep_err.h
index 2ed0114..1f8fa5b 100644
--- a/engines/e_aep_err.h
+++ b/engines/e_aep_err.h
@@ -67,7 +67,7 @@ extern "C" {
 static void ERR_load_AEPHK_strings(void);
 static void ERR_unload_AEPHK_strings(void);
 static void ERR_AEPHK_error(int function, int reason, char *file, int line);
-# define AEPHKerr(f,r) ERR_AEPHK_error((f),(r),__FILE__,__LINE__)
+# define AEPHKerr(f,r) ERR_AEPHK_error((f),(r),OPENSSL_FILE,OPENSSL_LINE)
 
 /* Error codes for the AEPHK functions. */
 
diff --git a/engines/e_atalla_err.h b/engines/e_atalla_err.h
index 7b71eff..d958496 100644
--- a/engines/e_atalla_err.h
+++ b/engines/e_atalla_err.h
@@ -67,7 +67,7 @@ extern "C" {
 static void ERR_load_ATALLA_strings(void);
 static void ERR_unload_ATALLA_strings(void);
 static void ERR_ATALLA_error(int function, int reason, char *file, int line);
-# define ATALLAerr(f,r) ERR_ATALLA_error((f),(r),__FILE__,__LINE__)
+# define ATALLAerr(f,r) ERR_ATALLA_error((f),(r),OPENSSL_FILE,OPENSSL_LINE)
 
 /* Error codes for the ATALLA functions. */
 
diff --git a/engines/e_capi_err.h b/engines/e_capi_err.h
index b5d06dc..cfe46b1 100644
--- a/engines/e_capi_err.h
+++ b/engines/e_capi_err.h
@@ -67,7 +67,7 @@ extern "C" {
 static void ERR_load_CAPI_strings(void);
 static void ERR_unload_CAPI_strings(void);
 static void ERR_CAPI_error(int function, int reason, char *file, int line);
-# define CAPIerr(f,r) ERR_CAPI_error((f),(r),__FILE__,__LINE__)
+# define CAPIerr(f,r) ERR_CAPI_error((f),(r),OPENSSL_FILE,OPENSSL_LINE)
 
 /* Error codes for the CAPI functions. */
 
diff --git a/engines/e_chil_err.h b/engines/e_chil_err.h
index d86a4ce..3d961b9 100644
--- a/engines/e_chil_err.h
+++ b/engines/e_chil_err.h
@@ -67,7 +67,7 @@ extern "C" {
 static void ERR_load_HWCRHK_strings(void);
 static void ERR_unload_HWCRHK_strings(void);
 static void ERR_HWCRHK_error(int function, int reason, char *file, int line);
-# define HWCRHKerr(f,r) ERR_HWCRHK_error((f),(r),__FILE__,__LINE__)
+# define HWCRHKerr(f,r) ERR_HWCRHK_error((f),(r),OPENSSL_FILE,OPENSSL_LINE)
 
 /* Error codes for the HWCRHK functions. */
 
diff --git a/engines/e_cswift_err.h b/engines/e_cswift_err.h
index fde3a82..7c20691 100644
--- a/engines/e_cswift_err.h
+++ b/engines/e_cswift_err.h
@@ -67,7 +67,7 @@ extern "C" {
 static void ERR_load_CSWIFT_strings(void);
 static void ERR_unload_CSWIFT_strings(void);
 static void ERR_CSWIFT_error(int function, int reason, char *file, int line);
-# define CSWIFTerr(f,r) ERR_CSWIFT_error((f),(r),__FILE__,__LINE__)
+# define CSWIFTerr(f,r) ERR_CSWIFT_error((f),(r),OPENSSL_FILE,OPENSSL_LINE)
 
 /* Error codes for the CSWIFT functions. */
 
diff --git a/engines/e_gmp_err.h b/engines/e_gmp_err.h
index 637abbc..ccaf3da 100644
--- a/engines/e_gmp_err.h
+++ b/engines/e_gmp_err.h
@@ -67,7 +67,7 @@ extern "C" {
 static void ERR_load_GMP_strings(void);
 static void ERR_unload_GMP_strings(void);
 static void ERR_GMP_error(int function, int reason, char *file, int line);
-# define GMPerr(f,r) ERR_GMP_error((f),(r),__FILE__,__LINE__)
+# define GMPerr(f,r) ERR_GMP_error((f),(r),OPENSSL_FILE,OPENSSL_LINE)
 
 /* Error codes for the GMP functions. */
 
diff --git a/engines/e_nuron_err.h b/engines/e_nuron_err.h
index aa7849c..e607d3e 100644
--- a/engines/e_nuron_err.h
+++ b/engines/e_nuron_err.h
@@ -67,7 +67,7 @@ extern "C" {
 static void ERR_load_NURON_strings(void);
 static void ERR_unload_NURON_strings(void);
 static void ERR_NURON_error(int function, int reason, char *file, int line);
-# define NURONerr(f,r) ERR_NURON_error((f),(r),__FILE__,__LINE__)
+# define NURONerr(f,r) ERR_NURON_error((f),(r),OPENSSL_FILE,OPENSSL_LINE)
 
 /* Error codes for the NURON functions. */
 
diff --git a/engines/e_sureware_err.h b/engines/e_sureware_err.h
index bef8623..54f2848 100644
--- a/engines/e_sureware_err.h
+++ b/engines/e_sureware_err.h
@@ -68,7 +68,7 @@ static void ERR_load_SUREWARE_strings(void);
 static void ERR_unload_SUREWARE_strings(void);
 static void ERR_SUREWARE_error(int function, int reason, char *file,
                                int line);
-# define SUREWAREerr(f,r) ERR_SUREWARE_error((f),(r),__FILE__,__LINE__)
+# define SUREWAREerr(f,r) ERR_SUREWARE_error((f),(r),OPENSSL_FILE,OPENSSL_LINE)
 
 /* Error codes for the SUREWARE functions. */
 
diff --git a/engines/e_ubsec_err.h b/engines/e_ubsec_err.h
index c8aec7c..67110ed 100644
--- a/engines/e_ubsec_err.h
+++ b/engines/e_ubsec_err.h
@@ -67,7 +67,7 @@ extern "C" {
 static void ERR_load_UBSEC_strings(void);
 static void ERR_unload_UBSEC_strings(void);
 static void ERR_UBSEC_error(int function, int reason, char *file, int line);
-# define UBSECerr(f,r) ERR_UBSEC_error((f),(r),__FILE__,__LINE__)
+# define UBSECerr(f,r) ERR_UBSEC_error((f),(r),OPENSSL_FILE,OPENSSL_LINE)
 
 /* Error codes for the UBSEC functions. */
 
diff --git a/makevms.com b/makevms.com
index f6b3ff2..1dcbe36 100755
--- a/makevms.com
+++ b/makevms.com
@@ -293,6 +293,7 @@ $ CONFIG_LOGICALS := AES,-
 		     RFC3779,-
 		     RIPEMD,-
 		     RSA,-
+		     SCT,-
 		     SCTP,-
 		     SEED,-
 		     SHA,-
diff --git a/ssl/d1_both.c b/ssl/d1_both.c
index 9bc6153..b5648eb 100644
--- a/ssl/d1_both.c
+++ b/ssl/d1_both.c
@@ -1068,7 +1068,7 @@ int dtls1_send_change_cipher_spec(SSL *s, int a, int b)
 int dtls1_read_failed(SSL *s, int code)
 {
     if (code > 0) {
-        fprintf(stderr, "invalid state reached %s:%d", __FILE__, __LINE__);
+        fprintf(stderr, "dtls1_read_failed(); invalid state reached\n");
         return 1;
     }
 
diff --git a/ssl/ssl_asn1.c b/ssl/ssl_asn1.c
index 499f0e8..5672f99 100644
--- a/ssl/ssl_asn1.c
+++ b/ssl/ssl_asn1.c
@@ -418,7 +418,7 @@ SSL_SESSION *d2i_SSL_SESSION(SSL_SESSION **a, const unsigned char **pp,
     if (ssl_version == SSL2_VERSION) {
         if (os.length != 3) {
             c.error = SSL_R_CIPHER_CODE_WRONG_LENGTH;
-            c.line = __LINE__;
+            c.line = OPENSSL_LINE;
             goto err;
         }
         id = 0x02000000L |
@@ -429,14 +429,14 @@ SSL_SESSION *d2i_SSL_SESSION(SSL_SESSION **a, const unsigned char **pp,
         || ssl_version == DTLS1_BAD_VER) {
         if (os.length != 2) {
             c.error = SSL_R_CIPHER_CODE_WRONG_LENGTH;
-            c.line = __LINE__;
+            c.line = OPENSSL_LINE;
             goto err;
         }
         id = 0x03000000L |
             ((unsigned long)os.data[0] << 8L) | (unsigned long)os.data[1];
     } else {
         c.error = SSL_R_UNKNOWN_SSL_VERSION;
-        c.line = __LINE__;
+        c.line = OPENSSL_LINE;
         goto err;
     }
 
@@ -526,7 +526,7 @@ SSL_SESSION *d2i_SSL_SESSION(SSL_SESSION **a, const unsigned char **pp,
     if (os.data != NULL) {
         if (os.length > SSL_MAX_SID_CTX_LENGTH) {
             c.error = SSL_R_BAD_LENGTH;
-            c.line = __LINE__;
+            c.line = OPENSSL_LINE;
             OPENSSL_free(os.data);
             os.data = NULL;
             os.length = 0;
diff --git a/ssl/ssl_cert.c b/ssl/ssl_cert.c
index f48ebae..ac4f08c 100644
--- a/ssl/ssl_cert.c
+++ b/ssl/ssl_cert.c
@@ -857,12 +857,12 @@ int SSL_CTX_add_client_CA(SSL_CTX *ctx, X509 *x)
     return (add_client_CA(&(ctx->client_CA), x));
 }
 
+#ifndef OPENSSL_NO_STDIO
 static int xname_cmp(const X509_NAME *const *a, const X509_NAME *const *b)
 {
     return (X509_NAME_cmp(*a, *b));
 }
 
-#ifndef OPENSSL_NO_STDIO
 /**
  * Load CA certs from a file into a ::STACK. Note that it is somewhat misnamed;
  * it doesn't really have anything to do with clients (except that a common use
@@ -930,7 +930,6 @@ STACK_OF(X509_NAME) *SSL_load_client_CA_file(const char *file)
         ERR_clear_error();
     return (ret);
 }
-#endif
 
 /**
  * Add a file of certs to a stack.
@@ -1050,6 +1049,7 @@ int SSL_add_dir_cert_subjects_to_stack(STACK_OF(X509_NAME) *stack,
     CRYPTO_w_unlock(CRYPTO_LOCK_READDIR);
     return ret;
 }
+#endif /* !OPENSSL_NO_STDIO */
 
 /* Add a certificate to a BUF_MEM structure */
 
diff --git a/ssl/ssl_conf.c b/ssl/ssl_conf.c
index 8d3709d..2bb403b 100644
--- a/ssl/ssl_conf.c
+++ b/ssl/ssl_conf.c
@@ -370,6 +370,7 @@ static int cmd_Options(SSL_CONF_CTX *cctx, const char *value)
     return CONF_parse_list(value, ',', 1, ssl_set_option_list, cctx);
 }
 
+#ifndef OPENSSL_NO_STDIO
 static int cmd_Certificate(SSL_CONF_CTX *cctx, const char *value)
 {
     int rv = 1;
@@ -436,7 +437,9 @@ static int cmd_DHParameters(SSL_CONF_CTX *cctx, const char *value)
         BIO_free(in);
     return rv > 0;
 }
-#endif
+#endif /* !OPENSSL_NO_DH */
+#endif /* !OPENSSL_NO_STDIO */
+
 typedef struct {
     int (*cmd) (SSL_CONF_CTX *cctx, const char *value);
     const char *str_file;
@@ -462,12 +465,14 @@ static const ssl_conf_cmd_tbl ssl_conf_cmds[] = {
     SSL_CONF_CMD_STRING(CipherString, "cipher"),
     SSL_CONF_CMD_STRING(Protocol, NULL),
     SSL_CONF_CMD_STRING(Options, NULL),
+#ifndef OPENSSL_NO_STDIO
     SSL_CONF_CMD(Certificate, "cert", SSL_CONF_TYPE_FILE),
     SSL_CONF_CMD(PrivateKey, "key", SSL_CONF_TYPE_FILE),
     SSL_CONF_CMD(ServerInfoFile, NULL, SSL_CONF_TYPE_FILE),
 #ifndef OPENSSL_NO_DH
     SSL_CONF_CMD(DHParameters, "dhparam", SSL_CONF_TYPE_FILE)
 #endif
+#endif
 };
 
 static int ssl_conf_cmd_skip_prefix(SSL_CONF_CTX *cctx, const char **pcmd)
diff --git a/ssl/t1_enc.c b/ssl/t1_enc.c
index b6d1ee9..75f38cd 100644
--- a/ssl/t1_enc.c
+++ b/ssl/t1_enc.c
@@ -779,9 +779,7 @@ int tls1_enc(SSL *s, int send)
                      * we can't write into the input stream: Can this ever
                      * happen?? (steve)
                      */
-                    fprintf(stderr,
-                            "%s:%d: rec->data != rec->input\n",
-                            __FILE__, __LINE__);
+                    fprintf(stderr, "tls1_enc: rec->data != rec->input\n");
                 else if (RAND_bytes(rec->input, ivlen) <= 0)
                     return -1;
             }
diff --git a/test/cms-test.pl b/test/cms-test.pl
index baa3b59..1ee3f02 100644
--- a/test/cms-test.pl
+++ b/test/cms-test.pl
@@ -100,6 +100,13 @@ my $no_ec2m;
 my $no_ecdh;
 my $ossl8 = `$ossl_path version -v` =~ /0\.9\.8/;
 
+system ("$ossl_path no-cms > $null_path");
+if ($? == 0)
+        {
+        print "CMS disabled\n";
+        exit 0;
+        }
+
 system ("$ossl_path no-ec > $null_path");
 if ($? == 0)
 	{
diff --git a/util/libeay.num b/util/libeay.num
index 2094ab3..992abb2 100755
--- a/util/libeay.num
+++ b/util/libeay.num
@@ -4370,7 +4370,7 @@ DH_compute_key_padded                   4732	EXIST::FUNCTION:DH
 ECDSA_METHOD_set_sign                   4733	EXIST::FUNCTION:ECDSA
 CMS_RecipientEncryptedKey_cert_cmp      4734	EXIST:!VMS:FUNCTION:CMS
 CMS_RecipEncryptedKey_cert_cmp          4734	EXIST:VMS:FUNCTION:CMS
-DH_KDF_X9_42                            4735	EXIST::FUNCTION:DH
+DH_KDF_X9_42                            4735	EXIST::FUNCTION:CMS,DH
 RSA_OAEP_PARAMS_free                    4736	EXIST::FUNCTION:RSA
 EVP_des_ede3_wrap                       4737	EXIST::FUNCTION:DES
 RSA_OAEP_PARAMS_it                      4738	EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:RSA
diff --git a/util/mkdef.pl b/util/mkdef.pl
index b9b159a..9841498 100755
--- a/util/mkdef.pl
+++ b/util/mkdef.pl
@@ -97,6 +97,8 @@ my @known_algorithms = ( "RC2", "RC4", "RC5", "IDEA", "DES", "BF",
 			 "FP_API", "STDIO", "SOCK", "KRB5", "DGRAM",
 			 # Engines
 			 "STATIC_ENGINE", "ENGINE", "HW", "GMP",
+			 # X.509v3 Signed Certificate Timestamps
+			 "SCT",
 			 # RFC3779
 			 "RFC3779",
 			 # TLS
@@ -144,7 +146,7 @@ my $no_md2; my $no_md4; my $no_md5; my $no_sha; my $no_ripemd; my $no_mdc2;
 my $no_rsa; my $no_dsa; my $no_dh; my $no_hmac=0; my $no_aes; my $no_krb5;
 my $no_ec; my $no_ecdsa; my $no_ecdh; my $no_engine; my $no_hw;
 my $no_fp_api; my $no_static_engine=1; my $no_gmp; my $no_deprecated;
-my $no_rfc3779; my $no_psk; my $no_tlsext; my $no_cms; my $no_capieng;
+my $no_sct; my $no_rfc3779; my $no_psk; my $no_tlsext; my $no_cms; my $no_capieng;
 my $no_jpake; my $no_srp; my $no_ssl2; my $no_ec2m; my $no_nistp_gcc; 
 my $no_nextprotoneg; my $no_sctp; my $no_srtp; my $no_ssl_trace;
 my $no_unit_test; my $no_ssl3_method; my $no_ssl2_method;
@@ -235,6 +237,7 @@ foreach (@ARGV, split(/ /, $options))
 	elsif (/^no-engine$/)	{ $no_engine=1; }
 	elsif (/^no-hw$/)	{ $no_hw=1; }
 	elsif (/^no-gmp$/)	{ $no_gmp=1; }
+	elsif (/^no-sct$/)	{ $no_sct=1; }
 	elsif (/^no-rfc3779$/)	{ $no_rfc3779=1; }
 	elsif (/^no-tlsext$/)	{ $no_tlsext=1; }
 	elsif (/^no-cms$/)	{ $no_cms=1; }
@@ -1209,6 +1212,7 @@ sub is_valid
 			if ($keyword eq "FP_API" && $no_fp_api) { return 0; }
 			if ($keyword eq "STATIC_ENGINE" && $no_static_engine) { return 0; }
 			if ($keyword eq "GMP" && $no_gmp) { return 0; }
+			if ($keyword eq "SCT" && $no_sct) { return 0; }
 			if ($keyword eq "RFC3779" && $no_rfc3779) { return 0; }
 			if ($keyword eq "TLSEXT" && $no_tlsext) { return 0; }
 			if ($keyword eq "PSK" && $no_psk) { return 0; }
diff --git a/util/mkerr.pl b/util/mkerr.pl
index c197f3a..97b295c 100644
--- a/util/mkerr.pl
+++ b/util/mkerr.pl
@@ -89,7 +89,7 @@ Options:
                   void ERR_load_<LIB>_strings(void);
                   void ERR_unload_<LIB>_strings(void);
                   void ERR_<LIB>_error(int f, int r, char *fn, int ln);
-                  #define <LIB>err(f,r) ERR_<LIB>_error(f,r,__FILE__,__LINE__)
+                  #define <LIB>err(f,r) ERR_<LIB>_error(f,r,OPENSSL_FILE,OPENSSL_LINE)
                 while the code facilitates the use of these in an environment
                 where the error support routines are dynamically loaded at 
                 runtime.
@@ -482,7 +482,7 @@ EOF
 ${staticloader}void ERR_load_${lib}_strings(void);
 ${staticloader}void ERR_unload_${lib}_strings(void);
 ${staticloader}void ERR_${lib}_error(int function, int reason, char *file, int line);
-# define ${lib}err(f,r) ERR_${lib}_error((f),(r),__FILE__,__LINE__)
+# define ${lib}err(f,r) ERR_${lib}_error((f),(r),OPENSSL_FILE,OPENSSL_LINE)
 
 EOF
 	}