14 files changed, 77 insertions, 55 deletions

diff --git a/Cryptlib/OpenSSL/crypto/asn1/asn_mime.c b/Cryptlib/OpenSSL/crypto/asn1/asn_mime.c
index 5170906c..017be9d9 100644
--- a/Cryptlib/OpenSSL/crypto/asn1/asn_mime.c
+++ b/Cryptlib/OpenSSL/crypto/asn1/asn_mime.c
@@ -843,6 +843,10 @@ static int mime_hdr_addparam(MIME_HEADER *mhdr, char *name, char *value)
     char *tmpname, *tmpval, *p;
     int c;
     MIME_PARAM *mparam;
+
+    if (!mhdr)
+        return 0;
+
     if (name) {
         tmpname = BUF_strdup(name);
         if (!tmpname)
diff --git a/Cryptlib/OpenSSL/crypto/asn1/t_req.c b/Cryptlib/OpenSSL/crypto/asn1/t_req.c
index 70aba4cc..c32241c2 100644
--- a/Cryptlib/OpenSSL/crypto/asn1/t_req.c
+++ b/Cryptlib/OpenSSL/crypto/asn1/t_req.c
@@ -195,10 +195,11 @@ int X509_REQ_print_ex(BIO *bp, X509_REQ *x, unsigned long nmflags,
                         goto err;
                 if (BIO_puts(bp, ":") <= 0)
                     goto err;
-                if ((type == V_ASN1_PRINTABLESTRING) ||
+                if (bs != NULL && (
+                    (type == V_ASN1_PRINTABLESTRING) ||
                     (type == V_ASN1_UTF8STRING) ||
                     (type == V_ASN1_T61STRING) ||
-                    (type == V_ASN1_IA5STRING)) {
+                    (type == V_ASN1_IA5STRING))) {
                     if (BIO_write(bp, (char *)bs->data, bs->length)
                         != bs->length)
                         goto err;
diff --git a/Cryptlib/OpenSSL/crypto/bio/b_print.c b/Cryptlib/OpenSSL/crypto/bio/b_print.c
index fea73864..29da9036 100644
--- a/Cryptlib/OpenSSL/crypto/bio/b_print.c
+++ b/Cryptlib/OpenSSL/crypto/bio/b_print.c
@@ -134,9 +134,9 @@ static int fmtfp(char **, char **, size_t *, size_t *,
                  LDOUBLE, int, int, int);
 #endif
 static int doapr_outch(char **, char **, size_t *, size_t *, int);
-static int _dopr(char **sbuffer, char **buffer,
-                 size_t *maxlen, size_t *retlen, int *truncated,
-                 const char *format, va_list args);
+static int EFIAPI _dopr(char **sbuffer, char **buffer,
+			size_t *maxlen, size_t *retlen, int *truncated,
+			const char *format, ms_va_list args);
 
 /* format read states */
 #define DP_S_DEFAULT    0
@@ -167,11 +167,11 @@ static int _dopr(char **sbuffer, char **buffer,
 #define char_to_int(p) (p - '0')
 #define OSSL_MAX(p,q) ((p >= q) ? p : q)
 
-static int
+static int EFIAPI
 _dopr(char **sbuffer,
       char **buffer,
       size_t *maxlen,
-      size_t *retlen, int *truncated, const char *format, va_list args)
+      size_t *retlen, int *truncated, const char *format, ms_va_list args)
 {
     char ch;
     LLONG value;
@@ -236,7 +236,7 @@ _dopr(char **sbuffer,
                 min = 10 * min + char_to_int(ch);
                 ch = *format++;
             } else if (ch == '*') {
-                min = va_arg(args, int);
+                min = ms_va_arg(args, int);
                 ch = *format++;
                 state = DP_S_DOT;
             } else
@@ -256,7 +256,7 @@ _dopr(char **sbuffer,
                 max = 10 * max + char_to_int(ch);
                 ch = *format++;
             } else if (ch == '*') {
-                max = va_arg(args, int);
+                max = ms_va_arg(args, int);
                 ch = *format++;
                 state = DP_S_MOD;
             } else
@@ -297,16 +297,16 @@ _dopr(char **sbuffer,
             case 'i':
                 switch (cflags) {
                 case DP_C_SHORT:
-                    value = (short int)va_arg(args, int);
+                    value = (short int)ms_va_arg(args, int);
                     break;
                 case DP_C_LONG:
-                    value = va_arg(args, long int);
+                    value = ms_va_arg(args, long int);
                     break;
                 case DP_C_LLONG:
-                    value = va_arg(args, LLONG);
+                    value = ms_va_arg(args, LLONG);
                     break;
                 default:
-                    value = va_arg(args, int);
+                    value = ms_va_arg(args, int);
                     break;
                 }
                 if (!fmtint(sbuffer, buffer, &currlen, maxlen, value, 10, min,
@@ -322,16 +322,16 @@ _dopr(char **sbuffer,
                 flags |= DP_F_UNSIGNED;
                 switch (cflags) {
                 case DP_C_SHORT:
-                    value = (unsigned short int)va_arg(args, unsigned int);
+                    value = (unsigned short int)ms_va_arg(args, unsigned int);
                     break;
                 case DP_C_LONG:
-                    value = (LLONG) va_arg(args, unsigned long int);
+                    value = (LLONG) ms_va_arg(args, unsigned long int);
                     break;
                 case DP_C_LLONG:
-                    value = va_arg(args, unsigned LLONG);
+                    value = ms_va_arg(args, unsigned LLONG);
                     break;
                 default:
-                    value = (LLONG) va_arg(args, unsigned int);
+                    value = (LLONG) ms_va_arg(args, unsigned int);
                     break;
                 }
                 if (!fmtint(sbuffer, buffer, &currlen, maxlen, value,
@@ -342,9 +342,9 @@ _dopr(char **sbuffer,
 #ifndef OPENSSL_SYS_UEFI
             case 'f':
                 if (cflags == DP_C_LDOUBLE)
-                    fvalue = va_arg(args, LDOUBLE);
+                    fvalue = ms_va_arg(args, LDOUBLE);
                 else
-                    fvalue = va_arg(args, double);
+                    fvalue = ms_va_arg(args, double);
                 if (!fmtfp(sbuffer, buffer, &currlen, maxlen, fvalue, min, max,
                            flags))
                     return 0;
@@ -353,26 +353,26 @@ _dopr(char **sbuffer,
                 flags |= DP_F_UP;
             case 'e':
                 if (cflags == DP_C_LDOUBLE)
-                    fvalue = va_arg(args, LDOUBLE);
+                    fvalue = ms_va_arg(args, LDOUBLE);
                 else
-                    fvalue = va_arg(args, double);
+                    fvalue = ms_va_arg(args, double);
                 break;
             case 'G':
                 flags |= DP_F_UP;
             case 'g':
                 if (cflags == DP_C_LDOUBLE)
-                    fvalue = va_arg(args, LDOUBLE);
+                    fvalue = ms_va_arg(args, LDOUBLE);
                 else
-                    fvalue = va_arg(args, double);
+                    fvalue = ms_va_arg(args, double);
                 break;
 #endif
             case 'c':
                 if(!doapr_outch(sbuffer, buffer, &currlen, maxlen,
-                            va_arg(args, int)))
+                            ms_va_arg(args, int)))
                     return 0;
                 break;
             case 's':
-                strvalue = va_arg(args, char *);
+                strvalue = ms_va_arg(args, char *);
                 if (max < 0) {
                     if (buffer)
                         max = INT_MAX;
@@ -384,7 +384,7 @@ _dopr(char **sbuffer,
                     return 0;
                 break;
             case 'p':
-                value = (long)va_arg(args, void *);
+                value = (long)ms_va_arg(args, void *);
                 if (!fmtint(sbuffer, buffer, &currlen, maxlen,
                             value, 16, min, max, flags | DP_F_NUM))
                     return 0;
@@ -392,19 +392,19 @@ _dopr(char **sbuffer,
             case 'n':          /* XXX */
                 if (cflags == DP_C_SHORT) {
                     short int *num;
-                    num = va_arg(args, short int *);
+                    num = ms_va_arg(args, short int *);
                     *num = currlen;
                 } else if (cflags == DP_C_LONG) { /* XXX */
                     long int *num;
-                    num = va_arg(args, long int *);
+                    num = ms_va_arg(args, long int *);
                     *num = (long int)currlen;
                 } else if (cflags == DP_C_LLONG) { /* XXX */
                     LLONG *num;
-                    num = va_arg(args, LLONG *);
+                    num = ms_va_arg(args, LLONG *);
                     *num = (LLONG) currlen;
                 } else {
                     int *num;
-                    num = va_arg(args, int *);
+                    num = ms_va_arg(args, int *);
                     *num = currlen;
                 }
                 break;
@@ -797,20 +797,20 @@ doapr_outch(char **sbuffer,
 
 /***************************************************************************/
 
-int BIO_printf(BIO *bio, const char *format, ...)
+int EFIAPI BIO_printf(BIO *bio, const char *format, ...)
 {
-    va_list args;
+    ms_va_list args;
     int ret;
 
-    va_start(args, format);
+    ms_va_start(args, format);
 
     ret = BIO_vprintf(bio, format, args);
 
-    va_end(args);
+    ms_va_end(args);
     return (ret);
 }
 
-int BIO_vprintf(BIO *bio, const char *format, va_list args)
+int EFIAPI BIO_vprintf(BIO *bio, const char *format, ms_va_list args)
 {
     int ret;
     size_t retlen;
@@ -845,20 +845,20 @@ int BIO_vprintf(BIO *bio, const char *format, va_list args)
  * closely related to BIO_printf, and we need *some* name prefix ... (XXX the
  * function should be renamed, but to what?)
  */
-int BIO_snprintf(char *buf, size_t n, const char *format, ...)
+int EFIAPI BIO_snprintf(char *buf, size_t n, const char *format, ...)
 {
-    va_list args;
+    ms_va_list args;
     int ret;
 
-    va_start(args, format);
+    ms_va_start(args, format);
 
     ret = BIO_vsnprintf(buf, n, format, args);
 
-    va_end(args);
+    ms_va_end(args);
     return (ret);
 }
 
-int BIO_vsnprintf(char *buf, size_t n, const char *format, va_list args)
+int EFIAPI BIO_vsnprintf(char *buf, size_t n, const char *format, ms_va_list args)
 {
     size_t retlen;
     int truncated;
diff --git a/Cryptlib/OpenSSL/crypto/bn/bn_lib.c b/Cryptlib/OpenSSL/crypto/bn/bn_lib.c
index 10b78f51..2671f35c 100644
--- a/Cryptlib/OpenSSL/crypto/bn/bn_lib.c
+++ b/Cryptlib/OpenSSL/crypto/bn/bn_lib.c
@@ -496,6 +496,9 @@ BIGNUM *BN_copy(BIGNUM *a, const BIGNUM *b)
     if (bn_wexpand(a, b->top) == NULL)
         return (NULL);
 
+    if (!a || !b || !a->d || !b->d)
+        return (NULL);
+
 #if 1
     A = a->d;
     B = b->d;
diff --git a/Cryptlib/OpenSSL/crypto/conf/conf_lib.c b/Cryptlib/OpenSSL/crypto/conf/conf_lib.c
index 952b5452..b3b29adb 100644
--- a/Cryptlib/OpenSSL/crypto/conf/conf_lib.c
+++ b/Cryptlib/OpenSSL/crypto/conf/conf_lib.c
@@ -340,6 +340,9 @@ int NCONF_get_number_e(const CONF *conf, const char *group, const char *name,
         return 0;
     }
 
+    if (conf == NULL)
+        return 0;
+
     str = NCONF_get_string(conf, group, name);
 
     if (str == NULL)
diff --git a/Cryptlib/OpenSSL/crypto/cryptlib.c b/Cryptlib/OpenSSL/crypto/cryptlib.c
index da4b34dc..23f58fa9 100644
--- a/Cryptlib/OpenSSL/crypto/cryptlib.c
+++ b/Cryptlib/OpenSSL/crypto/cryptlib.c
@@ -866,7 +866,7 @@ int OPENSSL_isservice(void)
 }
 # endif
 
-void OPENSSL_showfatal(const char *fmta, ...)
+void EFIAPI OPENSSL_showfatal(const char *fmta, ...)
 {
     va_list ap;
     TCHAR buf[256];
@@ -979,7 +979,7 @@ void OPENSSL_showfatal(const char *fmta, ...)
         MessageBox(NULL, buf, _T("OpenSSL: FATAL"), MB_OK | MB_ICONERROR);
 }
 #else
-void OPENSSL_showfatal(const char *fmta, ...)
+void EFIAPI OPENSSL_showfatal(const char *fmta, ...)
 {
 #ifndef OPENSSL_NO_STDIO
     va_list ap;
diff --git a/Cryptlib/OpenSSL/crypto/cryptlib.h b/Cryptlib/OpenSSL/crypto/cryptlib.h
index 3e3ea5e3..2bce19ff 100644
--- a/Cryptlib/OpenSSL/crypto/cryptlib.h
+++ b/Cryptlib/OpenSSL/crypto/cryptlib.h
@@ -100,7 +100,7 @@ extern "C" {
 
 void OPENSSL_cpuid_setup(void);
 extern unsigned int OPENSSL_ia32cap_P[];
-void OPENSSL_showfatal(const char *fmta, ...);
+void EFIAPI OPENSSL_showfatal(const char *fmta, ...);
 #ifndef OPENSSL_NO_STDIO
 void *OPENSSL_stderr(void);
 #endif
diff --git a/Cryptlib/OpenSSL/crypto/err/err.c b/Cryptlib/OpenSSL/crypto/err/err.c
index 52dc9a5d..e2251454 100644
--- a/Cryptlib/OpenSSL/crypto/err/err.c
+++ b/Cryptlib/OpenSSL/crypto/err/err.c
@@ -1075,15 +1075,15 @@ void ERR_set_error_data(char *data, int flags)
     es->err_data_flags[i] = flags;
 }
 
-void ERR_add_error_data(int num, ...)
+void EFIAPI ERR_add_error_data(int num, ...)
 {
-    va_list args;
-    va_start(args, num);
+    ms_va_list args;
+    ms_va_start(args, num);
     ERR_add_error_vdata(num, args);
-    va_end(args);
+    ms_va_end(args);
 }
 
-void ERR_add_error_vdata(int num, va_list args)
+void EFIAPI ERR_add_error_vdata(int num, ms_va_list args)
 {
     int i, n, s;
     char *str, *p, *a;
@@ -1096,7 +1096,7 @@ void ERR_add_error_vdata(int num, va_list args)
 
     n = 0;
     for (i = 0; i < num; i++) {
-        a = va_arg(args, char *);
+        a = ms_va_arg(args, char *);
         /* ignore NULLs, thanks to Bob Beck <beck@obtuse.com> */
         if (a != NULL) {
             n += strlen(a);
diff --git a/Cryptlib/OpenSSL/crypto/mem_dbg.c b/Cryptlib/OpenSSL/crypto/mem_dbg.c
index 8525ded7..c98c1b88 100644
--- a/Cryptlib/OpenSSL/crypto/mem_dbg.c
+++ b/Cryptlib/OpenSSL/crypto/mem_dbg.c
@@ -640,8 +640,13 @@ static void print_leak_doall_arg(const MEM *m, MEM_LEAK *l)
     if (m->addr == (char *)l->bio)
         return;
 
+    if (!bufp)
+        return;
+
     if (options & V_CRYPTO_MDEBUG_TIME) {
         lcl = localtime(&m->time);
+	if (!lcl)
+		return;
 
         BIO_snprintf(bufp, BUF_REMAIN, "[%02d:%02d:%02d] ",
                      lcl->tm_hour, lcl->tm_min, lcl->tm_sec);
diff --git a/Cryptlib/OpenSSL/crypto/pkcs7/pk7_doit.c b/Cryptlib/OpenSSL/crypto/pkcs7/pk7_doit.c
index 6cf8253b..e6a44f40 100644
--- a/Cryptlib/OpenSSL/crypto/pkcs7/pk7_doit.c
+++ b/Cryptlib/OpenSSL/crypto/pkcs7/pk7_doit.c
@@ -654,7 +654,7 @@ BIO *PKCS7_dataDecode(PKCS7 *p7, EVP_PKEY *pkey, BIO *in_bio, X509 *pcert)
         if (data_body->length > 0)
             BIO_write(bio, (char *)data_body->data, data_body->length);
 # else
-        if (data_body->length > 0)
+        if (data_body != NULL && data_body->length > 0)
             bio = BIO_new_mem_buf(data_body->data, data_body->length);
         else {
             bio = BIO_new(BIO_s_mem());
diff --git a/Cryptlib/OpenSSL/crypto/pkcs7/pk7_smime.c b/Cryptlib/OpenSSL/crypto/pkcs7/pk7_smime.c
index 1269a146..b27b0f68 100644
--- a/Cryptlib/OpenSSL/crypto/pkcs7/pk7_smime.c
+++ b/Cryptlib/OpenSSL/crypto/pkcs7/pk7_smime.c
@@ -530,7 +530,8 @@ PKCS7 *PKCS7_encrypt(STACK_OF(X509) *certs, BIO *in, const EVP_CIPHER *cipher,
 int PKCS7_decrypt(PKCS7 *p7, EVP_PKEY *pkey, X509 *cert, BIO *data, int flags)
 {
     BIO *tmpmem;
-    int ret, i;
+    int ret = 0; /* current openssl sets 'ret' to zero here */
+    int i;
     char *buf = NULL;
 
     if (!p7) {
diff --git a/Cryptlib/OpenSSL/crypto/rsa/rsa_ameth.c b/Cryptlib/OpenSSL/crypto/rsa/rsa_ameth.c
index 951e1d5c..ddead3d7 100644
--- a/Cryptlib/OpenSSL/crypto/rsa/rsa_ameth.c
+++ b/Cryptlib/OpenSSL/crypto/rsa/rsa_ameth.c
@@ -768,6 +768,7 @@ static int rsa_item_sign(EVP_MD_CTX *ctx, const ASN1_ITEM *it, void *asn,
     return 2;
 }
 
+#ifndef OPENSSL_NO_CMS
 static RSA_OAEP_PARAMS *rsa_oaep_decode(const X509_ALGOR *alg,
                                         X509_ALGOR **pmaskHash)
 {
@@ -791,7 +792,6 @@ static RSA_OAEP_PARAMS *rsa_oaep_decode(const X509_ALGOR *alg,
     return pss;
 }
 
-#ifndef OPENSSL_NO_CMS
 static int rsa_cms_decrypt(CMS_RecipientInfo *ri)
 {
     EVP_PKEY_CTX *pkctx;
diff --git a/Cryptlib/OpenSSL/crypto/x509/x509_trs.c b/Cryptlib/OpenSSL/crypto/x509/x509_trs.c
index 11e07634..2fa33823 100644
--- a/Cryptlib/OpenSSL/crypto/x509/x509_trs.c
+++ b/Cryptlib/OpenSSL/crypto/x509/x509_trs.c
@@ -131,6 +131,8 @@ int X509_check_trust(X509 *x, int id, int flags)
     if (idx == -1)
         return default_trust(id, x, flags);
     pt = X509_TRUST_get0(idx);
+    if (!pt)
+        return default_trust(id, x, flags);
     return pt->check_trust(pt, x, flags);
 }
 
@@ -195,8 +197,10 @@ int X509_TRUST_add(int id, int flags, int (*ck) (X509_TRUST *, X509 *, int),
             return 0;
         }
         trtmp->flags = X509_TRUST_DYNAMIC;
-    } else
-        trtmp = X509_TRUST_get0(idx);
+    } else if (!(trtmp = X509_TRUST_get0(idx))) {
+        X509err(X509_F_X509_TRUST_ADD, ERR_R_MALLOC_FAILURE);
+        return 0;
+    }
 
     /* OPENSSL_free existing name if dynamic */
     if (trtmp->flags & X509_TRUST_DYNAMIC_NAME)
diff --git a/Cryptlib/OpenSSL/crypto/x509/x509_vfy.c b/Cryptlib/OpenSSL/crypto/x509/x509_vfy.c
index 5bf3f07a..96f306b2 100644
--- a/Cryptlib/OpenSSL/crypto/x509/x509_vfy.c
+++ b/Cryptlib/OpenSSL/crypto/x509/x509_vfy.c
@@ -984,7 +984,8 @@ static int check_cert(X509_STORE_CTX *ctx)
 {
     X509_CRL *crl = NULL, *dcrl = NULL;
     X509 *x;
-    int ok, cnum;
+    int ok = 0; /* current openssl sets 'ok' to zero here */
+    int cnum;
     unsigned int last_reasons;
     cnum = ctx->error_depth;
     x = sk_X509_value(ctx->chain, cnum);