* [jethro][PATCH] Forklift OpenSSL 1.0.k to Jethro
@ 2017-03-06 3:20 Rebecca Chang Swee Fun
2017-03-06 3:20 ` [jethro][PATCH] openssl: upgrade 1.0.2h -> 1.0.2k Rebecca Chang Swee Fun
2017-03-06 16:01 ` [jethro][PATCH] Forklift OpenSSL 1.0.k to Jethro akuster808
0 siblings, 2 replies; 4+ messages in thread
From: Rebecca Chang Swee Fun @ 2017-03-06 3:20 UTC (permalink / raw)
To: openembedded-core, Rebecca Chang Swee Fun
From: "Chang, Rebecca Swee Fun" <rebecca.swee.fun.chang@intel.com>
Hi all,
This is an version upgrade for OpenSSL from 1.0.2h to 1.0.2k.
The upgrade was forklifted from OE-Core master branch to
Jethro branch and remove upstream dependencies to new bbclasses.
The details of CVEs are mentioned in the patch commit message.
The main purpose of this forklifting effort is to make sure
OpenSSL shipped in BSPs is updated. Due to OpenSSL version
fork in Jethro, it is difficult to do purely "git cherry-pick"
and resolving conflicts everywhere.
This is main reason I opted for forklifting approach.
This is the first time I did an upgrade for OpenSSL. Please
help to review and provide feedbacks if this approach is not
feasible. I'm looking forward to learn from everyone of you.
Thank you very much.
Regards,
Rebecca
Chang, Rebecca Swee Fun (1):
openssl: upgrade 1.0.2h -> 1.0.2k
meta/recipes-connectivity/openssl/openssl.inc | 104 +-
.../openssl/openssl/0002-CVE-2017-3731.patch | 53 +
.../openssl/openssl/CVE-2016-2177.patch | 286 --
.../openssl/openssl/CVE-2016-2178.patch | 51 -
.../openssl/openssl/CVE-2016-2179.patch | 255 --
.../openssl/openssl/CVE-2016-2180.patch | 44 -
.../openssl/openssl/CVE-2016-2181_p1.patch | 91 -
.../openssl/openssl/CVE-2016-2181_p2.patch | 239 -
.../openssl/openssl/CVE-2016-2181_p3.patch | 30 -
.../openssl/openssl/CVE-2016-2182.patch | 70 -
.../openssl/openssl/CVE-2016-6302.patch | 53 -
.../openssl/openssl/CVE-2016-6303.patch | 36 -
.../openssl/openssl/CVE-2016-6304.patch | 75 -
.../openssl/openssl/CVE-2016-6306.patch | 71 -
.../openssl/openssl/CVE-2016-8610.patch | 124 -
.../Use-SHA256-not-MD5-as-default-digest.patch | 69 +
.../openssl/crypto_use_bigint_in_x86-64_perl.patch | 33 -
.../openssl/openssl/debian/ca.patch | 2 +-
.../openssl/openssl/debian/version-script.patch | 4663 ++++++++++++++++++++
.../openssl/debian1.0.2/version-script.patch | 31 +-
.../openssl/openssl/fix-cipher-des-ede3-cfb1.patch | 2 +-
.../openssl/openssl/openssl-c_rehash.sh | 222 +
.../openssl/openssl-util-perlpath.pl-cwd.patch | 34 +
.../openssl/openssl/openssl_fix_for_x32.patch | 4 +-
.../openssl/openssl/parallel.patch | 17 +-
.../recipes-connectivity/openssl/openssl_1.0.2h.bb | 82 -
.../recipes-connectivity/openssl/openssl_1.0.2k.bb | 64 +
27 files changed, 5200 insertions(+), 1605 deletions(-)
create mode 100644 meta/recipes-connectivity/openssl/openssl/0002-CVE-2017-3731.patch
delete mode 100644 meta/recipes-connectivity/openssl/openssl/CVE-2016-2177.patch
delete mode 100644 meta/recipes-connectivity/openssl/openssl/CVE-2016-2178.patch
delete mode 100644 meta/recipes-connectivity/openssl/openssl/CVE-2016-2179.patch
delete mode 100644 meta/recipes-connectivity/openssl/openssl/CVE-2016-2180.patch
delete mode 100644 meta/recipes-connectivity/openssl/openssl/CVE-2016-2181_p1.patch
delete mode 100644 meta/recipes-connectivity/openssl/openssl/CVE-2016-2181_p2.patch
delete mode 100644 meta/recipes-connectivity/openssl/openssl/CVE-2016-2181_p3.patch
delete mode 100644 meta/recipes-connectivity/openssl/openssl/CVE-2016-2182.patch
delete mode 100644 meta/recipes-connectivity/openssl/openssl/CVE-2016-6302.patch
delete mode 100644 meta/recipes-connectivity/openssl/openssl/CVE-2016-6303.patch
delete mode 100644 meta/recipes-connectivity/openssl/openssl/CVE-2016-6304.patch
delete mode 100644 meta/recipes-connectivity/openssl/openssl/CVE-2016-6306.patch
delete mode 100644 meta/recipes-connectivity/openssl/openssl/CVE-2016-8610.patch
create mode 100644 meta/recipes-connectivity/openssl/openssl/Use-SHA256-not-MD5-as-default-digest.patch
delete mode 100644 meta/recipes-connectivity/openssl/openssl/crypto_use_bigint_in_x86-64_perl.patch
create mode 100644 meta/recipes-connectivity/openssl/openssl/debian/version-script.patch
create mode 100644 meta/recipes-connectivity/openssl/openssl/openssl-c_rehash.sh
create mode 100644 meta/recipes-connectivity/openssl/openssl/openssl-util-perlpath.pl-cwd.patch
delete mode 100644 meta/recipes-connectivity/openssl/openssl_1.0.2h.bb
create mode 100644 meta/recipes-connectivity/openssl/openssl_1.0.2k.bb
--
2.7.4
^ permalink raw reply [flat|nested] 4+ messages in thread
* [jethro][PATCH] openssl: upgrade 1.0.2h -> 1.0.2k
2017-03-06 3:20 [jethro][PATCH] Forklift OpenSSL 1.0.k to Jethro Rebecca Chang Swee Fun
@ 2017-03-06 3:20 ` Rebecca Chang Swee Fun
2017-03-06 15:02 ` Leonardo Sandoval
2017-03-06 16:01 ` [jethro][PATCH] Forklift OpenSSL 1.0.k to Jethro akuster808
1 sibling, 1 reply; 4+ messages in thread
From: Rebecca Chang Swee Fun @ 2017-03-06 3:20 UTC (permalink / raw)
To: openembedded-core, Rebecca Chang Swee Fun
From: "Chang, Rebecca Swee Fun" <rebecca.swee.fun.chang@intel.com>
This upgrade fixes several security CVEs:
* Carry propagating bug in Montgomery multiplication (CVE-2016-7055)
* Truncated packet could crash via OOB read (CVE-2017-3731p1)
* BN_mod_exp may produce incorrect results on x86_64 (CVE-2017-3732)
Backported 0002-CVE-2017-3731.patch for CVE-2017-3731p2 from:
OE-Core rev: 1fe1cb3e6e03b4f7f0d30b2b67edc8809a18fe70
This upgrade includes several bug fixes from OE-Core master:
* openssl: Add Shell-Script based c_rehash utility
(From OE-Core rev: cb6150f1a779e356f120d5e45c91fda75789970a)
* openssl: use subdir= instead of moving files in do_configure_prepend()
(From OE-Core rev: a960b6024f1b17994b0f4683a4e70fd2a079bd90)
* openssl: enable parallel make
(From OE-Core rev: ea89857f17a374b6095371ebe2422d2e83735cee)
* openssl: fix ptest issues
(From OE-Core rev: 928adfc807d3c812fcd748e2cf65f392eebd852c)
* openssl.inc: avoid random ptest failures
(From OE-Core rev: 101e2a5e0b7822ca3de3d3a73369405c05ab3c5b)
* openssl: Add support for many MIPS configurations
(From OE-Core rev: cd1f6fbf9a2113cf510c25de2eb3895468e79149)
* openssl: fix mips64 configure support
(From OE-Core rev: 245113ca1075bc3f0c47952e80b437229f855080)
* openssl: Use linux-aarch64 target for aarch64
(From OE-Core rev: 13e9a692510151383bc3243c3917154896b0e049)
* openssl: Ensure SSL certificates are stored on sysconfdir
(From OE-Core rev: 50d63fa346bbb05dafffc0cb55e21e1092272d95)
* openssl.inc: minor packaging cleanup
(From OE-Core rev: 3f81b516e2f23683ce6129bb79bcc08263cb7fe1)
* openssl: don't move libcrypto to base_libdir
(From OE-Core rev: 0be2ab32f690a2fcba0e821abe11460958bbc6dc)
* openssl: fix add missing dependencies building for test directory
(From OE-Core rev: 030142d0410bec85aeacfff6be27d5fed41ce808)
* openssl: fix add missing `make depend` command before `make` library
(From OE-Core rev: e3c251427a305780d3257a011260bd978de273d5)
The following CVEs has been fixed in 1.0.2k.
Hence, removing the patchset from this layer.
* CVE-2016-2177, CVE-2016-2178, CVE-2016-2179,
* CVE-2016-2180, CVE-2016-2181, CVE-2016-2182,
* CVE-2016-6302, CVE-2016-6303, CVE-2016-6304,
* CVE-2016-6306, CVE-2016-8610
Signed-off-by: Chang, Rebecca Swee Fun <rebecca.swee.fun.chang@intel.com>
---
meta/recipes-connectivity/openssl/openssl.inc | 104 +-
.../openssl/openssl/0002-CVE-2017-3731.patch | 53 +
.../openssl/openssl/CVE-2016-2177.patch | 286 --
.../openssl/openssl/CVE-2016-2178.patch | 51 -
.../openssl/openssl/CVE-2016-2179.patch | 255 --
.../openssl/openssl/CVE-2016-2180.patch | 44 -
.../openssl/openssl/CVE-2016-2181_p1.patch | 91 -
.../openssl/openssl/CVE-2016-2181_p2.patch | 239 -
.../openssl/openssl/CVE-2016-2181_p3.patch | 30 -
.../openssl/openssl/CVE-2016-2182.patch | 70 -
.../openssl/openssl/CVE-2016-6302.patch | 53 -
.../openssl/openssl/CVE-2016-6303.patch | 36 -
.../openssl/openssl/CVE-2016-6304.patch | 75 -
.../openssl/openssl/CVE-2016-6306.patch | 71 -
.../openssl/openssl/CVE-2016-8610.patch | 124 -
.../Use-SHA256-not-MD5-as-default-digest.patch | 69 +
.../openssl/crypto_use_bigint_in_x86-64_perl.patch | 33 -
.../openssl/openssl/debian/ca.patch | 2 +-
.../openssl/openssl/debian/version-script.patch | 4663 ++++++++++++++++++++
.../openssl/debian1.0.2/version-script.patch | 31 +-
.../openssl/openssl/fix-cipher-des-ede3-cfb1.patch | 2 +-
.../openssl/openssl/openssl-c_rehash.sh | 222 +
.../openssl/openssl-util-perlpath.pl-cwd.patch | 34 +
.../openssl/openssl/openssl_fix_for_x32.patch | 4 +-
.../openssl/openssl/parallel.patch | 17 +-
.../recipes-connectivity/openssl/openssl_1.0.2h.bb | 82 -
.../recipes-connectivity/openssl/openssl_1.0.2k.bb | 64 +
27 files changed, 5200 insertions(+), 1605 deletions(-)
create mode 100644 meta/recipes-connectivity/openssl/openssl/0002-CVE-2017-3731.patch
delete mode 100644 meta/recipes-connectivity/openssl/openssl/CVE-2016-2177.patch
delete mode 100644 meta/recipes-connectivity/openssl/openssl/CVE-2016-2178.patch
delete mode 100644 meta/recipes-connectivity/openssl/openssl/CVE-2016-2179.patch
delete mode 100644 meta/recipes-connectivity/openssl/openssl/CVE-2016-2180.patch
delete mode 100644 meta/recipes-connectivity/openssl/openssl/CVE-2016-2181_p1.patch
delete mode 100644 meta/recipes-connectivity/openssl/openssl/CVE-2016-2181_p2.patch
delete mode 100644 meta/recipes-connectivity/openssl/openssl/CVE-2016-2181_p3.patch
delete mode 100644 meta/recipes-connectivity/openssl/openssl/CVE-2016-2182.patch
delete mode 100644 meta/recipes-connectivity/openssl/openssl/CVE-2016-6302.patch
delete mode 100644 meta/recipes-connectivity/openssl/openssl/CVE-2016-6303.patch
delete mode 100644 meta/recipes-connectivity/openssl/openssl/CVE-2016-6304.patch
delete mode 100644 meta/recipes-connectivity/openssl/openssl/CVE-2016-6306.patch
delete mode 100644 meta/recipes-connectivity/openssl/openssl/CVE-2016-8610.patch
create mode 100644 meta/recipes-connectivity/openssl/openssl/Use-SHA256-not-MD5-as-default-digest.patch
delete mode 100644 meta/recipes-connectivity/openssl/openssl/crypto_use_bigint_in_x86-64_perl.patch
create mode 100644 meta/recipes-connectivity/openssl/openssl/debian/version-script.patch
create mode 100644 meta/recipes-connectivity/openssl/openssl/openssl-c_rehash.sh
create mode 100644 meta/recipes-connectivity/openssl/openssl/openssl-util-perlpath.pl-cwd.patch
delete mode 100644 meta/recipes-connectivity/openssl/openssl_1.0.2h.bb
create mode 100644 meta/recipes-connectivity/openssl/openssl_1.0.2k.bb
diff --git a/meta/recipes-connectivity/openssl/openssl.inc b/meta/recipes-connectivity/openssl/openssl.inc
index 8af423f..c728272 100644
--- a/meta/recipes-connectivity/openssl/openssl.inc
+++ b/meta/recipes-connectivity/openssl/openssl.inc
@@ -8,7 +8,7 @@ SECTION = "libs/network"
LICENSE = "openssl"
LIC_FILES_CHKSUM = "file://LICENSE;md5=f9a8f968107345e0b75aa8c2ecaa7ec8"
-DEPENDS = "perl-native-runtime"
+DEPENDS = "makedepend-native perl-native-runtime"
DEPENDS_append_class-target = " openssl-native"
SRC_URI = "http://www.openssl.org/source/openssl-${PV}.tar.gz \
@@ -18,35 +18,31 @@ S = "${WORKDIR}/openssl-${PV}"
PACKAGECONFIG[perl] = ",,,"
AR_append = " r"
-# Avoid binaries being marked as requiring an executable stack since it
+# Avoid binaries being marked as requiring an executable stack since it
# doesn't(which causes and this causes issues with SELinux
CFLAG = "${@base_conditional('SITEINFO_ENDIANNESS', 'le', '-DL_ENDIAN', '-DB_ENDIAN', d)} \
- -DTERMIO ${CFLAGS} -Wall -Wa,--noexecstack"
-
-# -02 does not work on mipsel: ssh hangs when it tries to read /dev/urandom
-CFLAG_mtx-1 := "${@'${CFLAG}'.replace('-O2', '')}"
-CFLAG_mtx-2 := "${@'${CFLAG}'.replace('-O2', '')}"
+ -DTERMIO ${CFLAGS} -Wall -Wa,--noexecstack"
export DIRS = "crypto ssl apps"
export EX_LIBS = "-lgcc -ldl"
export AS = "${CC} -c"
+EXTRA_OEMAKE = "-e MAKEFLAGS="
inherit pkgconfig siteinfo multilib_header ptest
PACKAGES =+ "libcrypto libssl ${PN}-misc openssl-conf"
-FILES_libcrypto = "${base_libdir}/libcrypto${SOLIBS}"
-FILES_libssl = "${libdir}/libssl.so.*"
+FILES_libcrypto = "${libdir}/libcrypto${SOLIBS}"
+FILES_libssl = "${libdir}/libssl${SOLIBS}"
FILES_${PN} =+ " ${libdir}/ssl/*"
-FILES_${PN}-misc = "${libdir}/ssl/misc ${bindir}/c_rehash"
+FILES_${PN}-misc = "${libdir}/ssl/misc"
RDEPENDS_${PN}-misc = "${@bb.utils.contains('PACKAGECONFIG', 'perl', 'perl', '', d)}"
-FILES_${PN}-dev += "${base_libdir}/libcrypto${SOLIBSDEV}"
# Add the openssl.cnf file to the openssl-conf package. Make the libcrypto
# package RRECOMMENDS on this package. This will enable the configuration
# file to be installed for both the base openssl package and the libcrypto
# package since the base openssl package depends on the libcrypto package.
-FILES_openssl-conf = "${libdir}/ssl/openssl.cnf"
-CONFFILES_openssl-conf = "${libdir}/ssl/openssl.cnf"
+FILES_openssl-conf = "${sysconfdir}/ssl/openssl.cnf"
+CONFFILES_openssl-conf = "${sysconfdir}/ssl/openssl.cnf"
RRECOMMENDS_libcrypto += "openssl-conf"
RDEPENDS_${PN}-ptest += "${PN}-misc make perl perl-module-filehandle bc"
@@ -86,7 +82,7 @@ do_configure () {
target=linux-elf-armeb
;;
linux-aarch64*)
- target=linux-generic64
+ target=linux-aarch64
;;
linux-sh3)
target=debian-sh3
@@ -109,15 +105,24 @@ do_configure () {
linux-gnu64-x86_64)
target=linux-x86_64
;;
- linux-mips)
- target=debian-mips
+ linux-gnun32-mips*el)
+ target=debian-mipsn32el
+ ;;
+ linux-gnun32-mips*)
+ target=debian-mipsn32
;;
- linux-mipsel)
+ linux-mips*64*el)
+ target=debian-mips64el
+ ;;
+ linux-mips*64*)
+ target=debian-mips64
+ ;;
+ linux-mips*el)
target=debian-mipsel
;;
- linux-*-mips64)
- target=linux-mips
- ;;
+ linux-mips*)
+ target=debian-mips
+ ;;
linux-microblaze*|linux-nios2*)
target=linux-generic32
;;
@@ -142,7 +147,7 @@ do_configure () {
useprefix=${prefix}
if [ "x$useprefix" = "x" ]; then
useprefix=/
- fi
+ fi
perl ./Configure ${EXTRA_OECONF} shared --prefix=$useprefix --openssldir=${libdir}/ssl --libdir=`basename ${libdir}` $target
}
@@ -151,10 +156,14 @@ do_compile_prepend_class-target () {
}
do_compile () {
+ oe_runmake depend
oe_runmake
}
do_compile_ptest () {
+ # build dependencies for test directory too
+ export DIRS="$DIRS test"
+ oe_runmake depend
oe_runmake buildtest
}
@@ -167,40 +176,63 @@ do_install () {
oe_libinstall -so libcrypto ${D}${libdir}
oe_libinstall -so libssl ${D}${libdir}
- # Moving libcrypto to /lib
- if [ ! ${D}${libdir} -ef ${D}${base_libdir} ]; then
- mkdir -p ${D}/${base_libdir}/
- mv ${D}${libdir}/libcrypto* ${D}${base_libdir}/
- sed -i s#libdir=\$\{exec_prefix\}\/lib#libdir=${base_libdir}# ${D}/${libdir}/pkgconfig/libcrypto.pc
- fi
-
install -d ${D}${includedir}
cp --dereference -R include/openssl ${D}${includedir}
+ install -Dm 0755 ${WORKDIR}/openssl-c_rehash.sh ${D}${bindir}/c_rehash
+ sed -i -e 's,/etc/openssl,${sysconfdir}/ssl,g' ${D}${bindir}/c_rehash
+
oe_multilib_header openssl/opensslconf.h
if [ "${@bb.utils.contains('PACKAGECONFIG', 'perl', 'perl', '', d)}" = "perl" ]; then
- install -m 0755 ${S}/tools/c_rehash ${D}${bindir}
- sed -i -e '1s,.*,#!${bindir}/env perl,' ${D}${bindir}/c_rehash
sed -i -e '1s,.*,#!${bindir}/env perl,' ${D}${libdir}/ssl/misc/CA.pl
sed -i -e '1s,.*,#!${bindir}/env perl,' ${D}${libdir}/ssl/misc/tsget
- # The c_rehash utility isn't installed by the normal installation process.
else
- rm -f ${D}${bindir}/c_rehash
rm -f ${D}${libdir}/ssl/misc/CA.pl ${D}${libdir}/ssl/misc/tsget
fi
+
+ # Create SSL structure
+ install -d ${D}${sysconfdir}/ssl/
+ mv ${D}${libdir}/ssl/openssl.cnf \
+ ${D}${libdir}/ssl/certs \
+ ${D}${libdir}/ssl/private \
+ \
+ ${D}${sysconfdir}/ssl/
+ ln -sf ${sysconfdir}/ssl/certs ${D}${libdir}/ssl/certs
+ ln -sf ${sysconfdir}/ssl/private ${D}${libdir}/ssl/private
+ ln -sf ${sysconfdir}/ssl/openssl.cnf ${D}${libdir}/ssl/openssl.cnf
}
do_install_ptest () {
- cp -r Makefile test ${D}${PTEST_PATH}
+ cp -r -L Makefile.org Makefile test ${D}${PTEST_PATH}
+ cp Configure config e_os.h ${D}${PTEST_PATH}
+ cp -r -L include ${D}${PTEST_PATH}
+ ln -sf ${libdir}/libcrypto.a ${D}${PTEST_PATH}
+ ln -sf ${libdir}/libssl.a ${D}${PTEST_PATH}
+ mkdir -p ${D}${PTEST_PATH}/crypto
+ cp crypto/constant_time_locl.h ${D}${PTEST_PATH}/crypto
cp -r certs ${D}${PTEST_PATH}
mkdir -p ${D}${PTEST_PATH}/apps
- ln -sf /usr/lib/ssl/misc/CA.sh ${D}${PTEST_PATH}/apps
- ln -sf /usr/lib/ssl/openssl.cnf ${D}${PTEST_PATH}/apps
- ln -sf /usr/bin/openssl ${D}${PTEST_PATH}/apps
+ ln -sf ${libdir}/ssl/misc/CA.sh ${D}${PTEST_PATH}/apps
+ ln -sf ${sysconfdir}/ssl/openssl.cnf ${D}${PTEST_PATH}/apps
+ ln -sf ${bindir}/openssl ${D}${PTEST_PATH}/apps
+ cp apps/server.pem ${D}${PTEST_PATH}/apps
cp apps/server2.pem ${D}${PTEST_PATH}/apps
mkdir -p ${D}${PTEST_PATH}/util
install util/opensslwrap.sh ${D}${PTEST_PATH}/util
install util/shlib_wrap.sh ${D}${PTEST_PATH}/util
+ # Time stamps are relevant for "make alltests", otherwise
+ # make may try to recompile binaries. Not only must the
+ # binary files be newer than the sources, they also must
+ # be more recent than the header files in /usr/include.
+ #
+ # Using "cp -a" is not sufficient, because do_install
+ # does not preserve the original time stamps.
+ #
+ # So instead of using the original file stamps, we set
+ # the current time for all files. Binaries will get
+ # modified again later when stripping them, but that's okay.
+ touch ${D}${PTEST_PATH}
+ find ${D}${PTEST_PATH} -type f -print0 | xargs --verbose -0 touch -r ${D}${PTEST_PATH}
}
do_install_append_class-native() {
diff --git a/meta/recipes-connectivity/openssl/openssl/0002-CVE-2017-3731.patch b/meta/recipes-connectivity/openssl/openssl/0002-CVE-2017-3731.patch
new file mode 100644
index 0000000..b56b2d5
--- /dev/null
+++ b/meta/recipes-connectivity/openssl/openssl/0002-CVE-2017-3731.patch
@@ -0,0 +1,53 @@
+From 6427f1accc54b515bb899370f1a662bfcb1caa52 Mon Sep 17 00:00:00 2001
+From: Alexandru Moise <alexandru.moise@windriver.com>
+Date: Tue, 7 Feb 2017 11:16:13 +0200
+Subject: [PATCH 2/2] crypto/evp: harden AEAD ciphers.
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
+Originally a crash in 32-bit build was reported CHACHA20-POLY1305
+cipher. The crash is triggered by truncated packet and is result
+of excessive hashing to the edge of accessible memory. Since hash
+operation is read-only it is not considered to be exploitable
+beyond a DoS condition. Other ciphers were hardened.
+
+Thanks to Robert Święcki for report.
+
+CVE-2017-3731
+
+Backported from upstream commit:
+2198b3a55de681e1f3c23edb0586afe13f438051
+
+Upstream-Status: Backport
+
+Reviewed-by: Rich Salz <rsalz@openssl.org>
+Signed-off-by: Alexandru Moise <alexandru.moise@windriver.com>
+---
+ crypto/evp/e_aes.c | 7 ++++++-
+ 1 file changed, 6 insertions(+), 1 deletion(-)
+
+diff --git a/crypto/evp/e_aes.c b/crypto/evp/e_aes.c
+index 1734a82..16dcd10 100644
+--- a/crypto/evp/e_aes.c
++++ b/crypto/evp/e_aes.c
+@@ -1235,10 +1235,15 @@ static int aes_gcm_ctrl(EVP_CIPHER_CTX *c, int type, int arg, void *ptr)
+ {
+ unsigned int len = c->buf[arg - 2] << 8 | c->buf[arg - 1];
+ /* Correct length for explicit IV */
++ if (len < EVP_GCM_TLS_EXPLICIT_IV_LEN)
++ return 0;
+ len -= EVP_GCM_TLS_EXPLICIT_IV_LEN;
+ /* If decrypting correct for tag too */
+- if (!c->encrypt)
++ if (!c->encrypt) {
++ if (len < EVP_GCM_TLS_TAG_LEN)
++ return 0;
+ len -= EVP_GCM_TLS_TAG_LEN;
++ }
+ c->buf[arg - 2] = len >> 8;
+ c->buf[arg - 1] = len & 0xff;
+ }
+--
+2.10.2
+
diff --git a/meta/recipes-connectivity/openssl/openssl/CVE-2016-2177.patch b/meta/recipes-connectivity/openssl/openssl/CVE-2016-2177.patch
deleted file mode 100644
index df36d5f..0000000
--- a/meta/recipes-connectivity/openssl/openssl/CVE-2016-2177.patch
+++ /dev/null
@@ -1,286 +0,0 @@
-From a004e72b95835136d3f1ea90517f706c24c03da7 Mon Sep 17 00:00:00 2001
-From: Matt Caswell <matt@openssl.org>
-Date: Thu, 5 May 2016 11:10:26 +0100
-Subject: [PATCH] Avoid some undefined pointer arithmetic
-
-A common idiom in the codebase is:
-
-if (p + len > limit)
-{
- return; /* Too long */
-}
-
-Where "p" points to some malloc'd data of SIZE bytes and
-limit == p + SIZE
-
-"len" here could be from some externally supplied data (e.g. from a TLS
-message).
-
-The rules of C pointer arithmetic are such that "p + len" is only well
-defined where len <= SIZE. Therefore the above idiom is actually
-undefined behaviour.
-
-For example this could cause problems if some malloc implementation
-provides an address for "p" such that "p + len" actually overflows for
-values of len that are too big and therefore p + len < limit!
-
-Issue reported by Guido Vranken.
-
-CVE-2016-2177
-
-Reviewed-by: Rich Salz <rsalz@openssl.org>
-
-Upstream-Status: Backport
-CVE: CVE-2016-2177
-
-Signed-off-by: Armin Kuster <akuster@mvista.com>
-
-
----
- ssl/s3_srvr.c | 14 +++++++-------
- ssl/ssl_sess.c | 2 +-
- ssl/t1_lib.c | 56 ++++++++++++++++++++++++++++++--------------------------
- 3 files changed, 38 insertions(+), 34 deletions(-)
-
-diff --git a/ssl/s3_srvr.c b/ssl/s3_srvr.c
-index ab28702..ab7f690 100644
---- a/ssl/s3_srvr.c
-+++ b/ssl/s3_srvr.c
-@@ -980,7 +980,7 @@ int ssl3_get_client_hello(SSL *s)
-
- session_length = *(p + SSL3_RANDOM_SIZE);
-
-- if (p + SSL3_RANDOM_SIZE + session_length + 1 >= d + n) {
-+ if (SSL3_RANDOM_SIZE + session_length + 1 >= (d + n) - p) {
- al = SSL_AD_DECODE_ERROR;
- SSLerr(SSL_F_SSL3_GET_CLIENT_HELLO, SSL_R_LENGTH_TOO_SHORT);
- goto f_err;
-@@ -998,7 +998,7 @@ int ssl3_get_client_hello(SSL *s)
- /* get the session-id */
- j = *(p++);
-
-- if (p + j > d + n) {
-+ if ((d + n) - p < j) {
- al = SSL_AD_DECODE_ERROR;
- SSLerr(SSL_F_SSL3_GET_CLIENT_HELLO, SSL_R_LENGTH_TOO_SHORT);
- goto f_err;
-@@ -1054,14 +1054,14 @@ int ssl3_get_client_hello(SSL *s)
-
- if (SSL_IS_DTLS(s)) {
- /* cookie stuff */
-- if (p + 1 > d + n) {
-+ if ((d + n) - p < 1) {
- al = SSL_AD_DECODE_ERROR;
- SSLerr(SSL_F_SSL3_GET_CLIENT_HELLO, SSL_R_LENGTH_TOO_SHORT);
- goto f_err;
- }
- cookie_len = *(p++);
-
-- if (p + cookie_len > d + n) {
-+ if ((d + n ) - p < cookie_len) {
- al = SSL_AD_DECODE_ERROR;
- SSLerr(SSL_F_SSL3_GET_CLIENT_HELLO, SSL_R_LENGTH_TOO_SHORT);
- goto f_err;
-@@ -1131,7 +1131,7 @@ int ssl3_get_client_hello(SSL *s)
- }
- }
-
-- if (p + 2 > d + n) {
-+ if ((d + n ) - p < 2) {
- al = SSL_AD_DECODE_ERROR;
- SSLerr(SSL_F_SSL3_GET_CLIENT_HELLO, SSL_R_LENGTH_TOO_SHORT);
- goto f_err;
-@@ -1145,7 +1145,7 @@ int ssl3_get_client_hello(SSL *s)
- }
-
- /* i bytes of cipher data + 1 byte for compression length later */
-- if ((p + i + 1) > (d + n)) {
-+ if ((d + n) - p < i + 1) {
- /* not enough data */
- al = SSL_AD_DECODE_ERROR;
- SSLerr(SSL_F_SSL3_GET_CLIENT_HELLO, SSL_R_LENGTH_MISMATCH);
-@@ -1211,7 +1211,7 @@ int ssl3_get_client_hello(SSL *s)
-
- /* compression */
- i = *(p++);
-- if ((p + i) > (d + n)) {
-+ if ((d + n) - p < i) {
- /* not enough data */
- al = SSL_AD_DECODE_ERROR;
- SSLerr(SSL_F_SSL3_GET_CLIENT_HELLO, SSL_R_LENGTH_MISMATCH);
-diff --git a/ssl/ssl_sess.c b/ssl/ssl_sess.c
-index b182998..54ee783 100644
---- a/ssl/ssl_sess.c
-+++ b/ssl/ssl_sess.c
-@@ -573,7 +573,7 @@ int ssl_get_prev_session(SSL *s, unsigned char *session_id, int len,
- int r;
- #endif
-
-- if (session_id + len > limit) {
-+ if (limit - session_id < len) {
- fatal = 1;
- goto err;
- }
-diff --git a/ssl/t1_lib.c b/ssl/t1_lib.c
-index fb64607..cdac011 100644
---- a/ssl/t1_lib.c
-+++ b/ssl/t1_lib.c
-@@ -1867,11 +1867,11 @@ static void ssl_check_for_safari(SSL *s, const unsigned char *data,
- 0x02, 0x03, /* SHA-1/ECDSA */
- };
-
-- if (data >= (limit - 2))
-+ if (limit - data <= 2)
- return;
- data += 2;
-
-- if (data > (limit - 4))
-+ if (limit - data < 4)
- return;
- n2s(data, type);
- n2s(data, size);
-@@ -1879,7 +1879,7 @@ static void ssl_check_for_safari(SSL *s, const unsigned char *data,
- if (type != TLSEXT_TYPE_server_name)
- return;
-
-- if (data + size > limit)
-+ if (limit - data < size)
- return;
- data += size;
-
-@@ -1887,7 +1887,7 @@ static void ssl_check_for_safari(SSL *s, const unsigned char *data,
- const size_t len1 = sizeof(kSafariExtensionsBlock);
- const size_t len2 = sizeof(kSafariTLS12ExtensionsBlock);
-
-- if (data + len1 + len2 != limit)
-+ if (limit - data != (int)(len1 + len2))
- return;
- if (memcmp(data, kSafariExtensionsBlock, len1) != 0)
- return;
-@@ -1896,7 +1896,7 @@ static void ssl_check_for_safari(SSL *s, const unsigned char *data,
- } else {
- const size_t len = sizeof(kSafariExtensionsBlock);
-
-- if (data + len != limit)
-+ if (limit - data != (int)(len))
- return;
- if (memcmp(data, kSafariExtensionsBlock, len) != 0)
- return;
-@@ -2053,19 +2053,19 @@ static int ssl_scan_clienthello_tlsext(SSL *s, unsigned char **p,
- if (data == limit)
- goto ri_check;
-
-- if (data > (limit - 2))
-+ if (limit - data < 2)
- goto err;
-
- n2s(data, len);
-
-- if (data + len != limit)
-+ if (limit - data != len)
- goto err;
-
-- while (data <= (limit - 4)) {
-+ while (limit - data >= 4) {
- n2s(data, type);
- n2s(data, size);
-
-- if (data + size > (limit))
-+ if (limit - data < size)
- goto err;
- # if 0
- fprintf(stderr, "Received extension type %d size %d\n", type, size);
-@@ -2472,18 +2472,18 @@ static int ssl_scan_clienthello_custom_tlsext(SSL *s,
- if (s->hit || s->cert->srv_ext.meths_count == 0)
- return 1;
-
-- if (data >= limit - 2)
-+ if (limit - data <= 2)
- return 1;
- n2s(data, len);
-
-- if (data > limit - len)
-+ if (limit - data < len)
- return 1;
-
-- while (data <= limit - 4) {
-+ while (limit - data >= 4) {
- n2s(data, type);
- n2s(data, size);
-
-- if (data + size > limit)
-+ if (limit - data < size)
- return 1;
- if (custom_ext_parse(s, 1 /* server */ , type, data, size, al) <= 0)
- return 0;
-@@ -2569,20 +2569,20 @@ static int ssl_scan_serverhello_tlsext(SSL *s, unsigned char **p,
- SSL_TLSEXT_HB_DONT_SEND_REQUESTS);
- # endif
-
-- if (data >= (d + n - 2))
-+ if ((d + n) - data <= 2)
- goto ri_check;
-
- n2s(data, length);
-- if (data + length != d + n) {
-+ if ((d + n) - data != length) {
- *al = SSL_AD_DECODE_ERROR;
- return 0;
- }
-
-- while (data <= (d + n - 4)) {
-+ while ((d + n) - data >= 4) {
- n2s(data, type);
- n2s(data, size);
-
-- if (data + size > (d + n))
-+ if ((d + n) - data < size)
- goto ri_check;
-
- if (s->tlsext_debug_cb)
-@@ -3307,29 +3307,33 @@ int tls1_process_ticket(SSL *s, unsigned char *session_id, int len,
- /* Skip past DTLS cookie */
- if (SSL_IS_DTLS(s)) {
- i = *(p++);
-- p += i;
-- if (p >= limit)
-+
-+ if (limit - p <= i)
- return -1;
-+
-+ p += i;
- }
- /* Skip past cipher list */
- n2s(p, i);
-- p += i;
-- if (p >= limit)
-+ if (limit - p <= i)
- return -1;
-+ p += i;
-+
- /* Skip past compression algorithm list */
- i = *(p++);
-- p += i;
-- if (p > limit)
-+ if (limit - p < i)
- return -1;
-+ p += i;
-+
- /* Now at start of extensions */
-- if ((p + 2) >= limit)
-+ if (limit - p <= 2)
- return 0;
- n2s(p, i);
-- while ((p + 4) <= limit) {
-+ while (limit - p >= 4) {
- unsigned short type, size;
- n2s(p, type);
- n2s(p, size);
-- if (p + size > limit)
-+ if (limit - p < size)
- return 0;
- if (type == TLSEXT_TYPE_session_ticket) {
- int r;
---
-2.3.5
-
diff --git a/meta/recipes-connectivity/openssl/openssl/CVE-2016-2178.patch b/meta/recipes-connectivity/openssl/openssl/CVE-2016-2178.patch
deleted file mode 100644
index 27ade4e..0000000
--- a/meta/recipes-connectivity/openssl/openssl/CVE-2016-2178.patch
+++ /dev/null
@@ -1,51 +0,0 @@
-From 399944622df7bd81af62e67ea967c470534090e2 Mon Sep 17 00:00:00 2001
-From: Cesar Pereida <cesar.pereida@aalto.fi>
-Date: Mon, 23 May 2016 12:45:25 +0300
-Subject: [PATCH] Fix DSA, preserve BN_FLG_CONSTTIME
-
-Operations in the DSA signing algorithm should run in constant time in
-order to avoid side channel attacks. A flaw in the OpenSSL DSA
-implementation means that a non-constant time codepath is followed for
-certain operations. This has been demonstrated through a cache-timing
-attack to be sufficient for an attacker to recover the private DSA key.
-
-CVE-2016-2178
-
-Reviewed-by: Richard Levitte <levitte@openssl.org>
-Reviewed-by: Matt Caswell <matt@openssl.org>
-
-Upstream-Status: Backport
-CVE: CVE-2016-2178
-
-Signed-off-by: Armin Kuster <akuster@mvista.com>
-
----
- crypto/dsa/dsa_ossl.c | 9 +++++----
- 1 file changed, 5 insertions(+), 4 deletions(-)
-
-Index: openssl-1.0.2h/crypto/dsa/dsa_ossl.c
-===================================================================
---- openssl-1.0.2h.orig/crypto/dsa/dsa_ossl.c
-+++ openssl-1.0.2h/crypto/dsa/dsa_ossl.c
-@@ -248,9 +248,6 @@ static int dsa_sign_setup(DSA *dsa, BN_C
- if (!BN_rand_range(&k, dsa->q))
- goto err;
- while (BN_is_zero(&k)) ;
-- if ((dsa->flags & DSA_FLAG_NO_EXP_CONSTTIME) == 0) {
-- BN_set_flags(&k, BN_FLG_CONSTTIME);
-- }
-
- if (dsa->flags & DSA_FLAG_CACHE_MONT_P) {
- if (!BN_MONT_CTX_set_locked(&dsa->method_mont_p,
-@@ -282,6 +279,11 @@ static int dsa_sign_setup(DSA *dsa, BN_C
- } else {
- K = &k;
- }
-+
-+ if ((dsa->flags & DSA_FLAG_NO_EXP_CONSTTIME) == 0) {
-+ BN_set_flags(K, BN_FLG_CONSTTIME);
-+ }
-+
- DSA_BN_MOD_EXP(goto err, dsa, r, dsa->g, K, dsa->p, ctx,
- dsa->method_mont_p);
- if (!BN_mod(r, r, dsa->q, ctx))
diff --git a/meta/recipes-connectivity/openssl/openssl/CVE-2016-2179.patch b/meta/recipes-connectivity/openssl/openssl/CVE-2016-2179.patch
deleted file mode 100644
index d1cf7f8..0000000
--- a/meta/recipes-connectivity/openssl/openssl/CVE-2016-2179.patch
+++ /dev/null
@@ -1,255 +0,0 @@
-From 00a4c1421407b6ac796688871b0a49a179c694d9 Mon Sep 17 00:00:00 2001
-From: Matt Caswell <matt@openssl.org>
-Date: Thu, 30 Jun 2016 13:17:08 +0100
-Subject: [PATCH] Fix DTLS buffered message DoS attack
-
-DTLS can handle out of order record delivery. Additionally since
-handshake messages can be bigger than will fit into a single packet, the
-messages can be fragmented across multiple records (as with normal TLS).
-That means that the messages can arrive mixed up, and we have to
-reassemble them. We keep a queue of buffered messages that are "from the
-future", i.e. messages we're not ready to deal with yet but have arrived
-early. The messages held there may not be full yet - they could be one
-or more fragments that are still in the process of being reassembled.
-
-The code assumes that we will eventually complete the reassembly and
-when that occurs the complete message is removed from the queue at the
-point that we need to use it.
-
-However, DTLS is also tolerant of packet loss. To get around that DTLS
-messages can be retransmitted. If we receive a full (non-fragmented)
-message from the peer after previously having received a fragment of
-that message, then we ignore the message in the queue and just use the
-non-fragmented version. At that point the queued message will never get
-removed.
-
-Additionally the peer could send "future" messages that we never get to
-in order to complete the handshake. Each message has a sequence number
-(starting from 0). We will accept a message fragment for the current
-message sequence number, or for any sequence up to 10 into the future.
-However if the Finished message has a sequence number of 2, anything
-greater than that in the queue is just left there.
-
-So, in those two ways we can end up with "orphaned" data in the queue
-that will never get removed - except when the connection is closed. At
-that point all the queues are flushed.
-
-An attacker could seek to exploit this by filling up the queues with
-lots of large messages that are never going to be used in order to
-attempt a DoS by memory exhaustion.
-
-I will assume that we are only concerned with servers here. It does not
-seem reasonable to be concerned about a memory exhaustion attack on a
-client. They are unlikely to process enough connections for this to be
-an issue.
-
-A "long" handshake with many messages might be 5 messages long (in the
-incoming direction), e.g. ClientHello, Certificate, ClientKeyExchange,
-CertificateVerify, Finished. So this would be message sequence numbers 0
-to 4. Additionally we can buffer up to 10 messages in the future.
-Therefore the maximum number of messages that an attacker could send
-that could get orphaned would typically be 15.
-
-The maximum size that a DTLS message is allowed to be is defined by
-max_cert_list, which by default is 100k. Therefore the maximum amount of
-"orphaned" memory per connection is 1500k.
-
-Message sequence numbers get reset after the Finished message, so
-renegotiation will not extend the maximum number of messages that can be
-orphaned per connection.
-
-As noted above, the queues do get cleared when the connection is closed.
-Therefore in order to mount an effective attack, an attacker would have
-to open many simultaneous connections.
-
-Issue reported by Quan Luo.
-
-CVE-2016-2179
-
-Reviewed-by: Richard Levitte <levitte@openssl.org>
-
-Upstream-Status: Backport
-CVE: CVE-2106-2179
-Signed-off-by: Armin Kuster <akuster@mvista.com>
-
----
- ssl/d1_both.c | 32 ++++++++++++++++----------------
- ssl/d1_clnt.c | 1 +
- ssl/d1_lib.c | 37 ++++++++++++++++++++++++++-----------
- ssl/d1_srvr.c | 3 ++-
- ssl/ssl_locl.h | 3 ++-
- 5 files changed, 47 insertions(+), 29 deletions(-)
-
-Index: openssl-1.0.2h/ssl/d1_both.c
-===================================================================
---- openssl-1.0.2h.orig/ssl/d1_both.c
-+++ openssl-1.0.2h/ssl/d1_both.c
-@@ -618,11 +618,23 @@ static int dtls1_retrieve_buffered_fragm
- int al;
-
- *ok = 0;
-- item = pqueue_peek(s->d1->buffered_messages);
-- if (item == NULL)
-- return 0;
-+ do {
-+ item = pqueue_peek(s->d1->buffered_messages);
-+ if (item == NULL)
-+ return 0;
-+
-+ frag = (hm_fragment *)item->data;
-+
-+ if (frag->msg_header.seq < s->d1->handshake_read_seq) {
-+ /* This is a stale message that has been buffered so clear it */
-+ pqueue_pop(s->d1->buffered_messages);
-+ dtls1_hm_fragment_free(frag);
-+ pitem_free(item);
-+ item = NULL;
-+ frag = NULL;
-+ }
-+ } while (item == NULL);
-
-- frag = (hm_fragment *)item->data;
-
- /* Don't return if reassembly still in progress */
- if (frag->reassembly != NULL)
-@@ -1296,18 +1308,6 @@ dtls1_retransmit_message(SSL *s, unsigne
- return ret;
- }
-
--/* call this function when the buffered messages are no longer needed */
--void dtls1_clear_record_buffer(SSL *s)
--{
-- pitem *item;
--
-- for (item = pqueue_pop(s->d1->sent_messages);
-- item != NULL; item = pqueue_pop(s->d1->sent_messages)) {
-- dtls1_hm_fragment_free((hm_fragment *)item->data);
-- pitem_free(item);
-- }
--}
--
- unsigned char *dtls1_set_message_header(SSL *s, unsigned char *p,
- unsigned char mt, unsigned long len,
- unsigned long frag_off,
-Index: openssl-1.0.2h/ssl/d1_clnt.c
-===================================================================
---- openssl-1.0.2h.orig/ssl/d1_clnt.c
-+++ openssl-1.0.2h/ssl/d1_clnt.c
-@@ -769,6 +769,7 @@ int dtls1_connect(SSL *s)
- /* done with handshaking */
- s->d1->handshake_read_seq = 0;
- s->d1->next_handshake_write_seq = 0;
-+ dtls1_clear_received_buffer(s);
- goto end;
- /* break; */
-
-Index: openssl-1.0.2h/ssl/d1_lib.c
-===================================================================
---- openssl-1.0.2h.orig/ssl/d1_lib.c
-+++ openssl-1.0.2h/ssl/d1_lib.c
-@@ -170,7 +170,6 @@ int dtls1_new(SSL *s)
- static void dtls1_clear_queues(SSL *s)
- {
- pitem *item = NULL;
-- hm_fragment *frag = NULL;
- DTLS1_RECORD_DATA *rdata;
-
- while ((item = pqueue_pop(s->d1->unprocessed_rcds.q)) != NULL) {
-@@ -191,28 +190,44 @@ static void dtls1_clear_queues(SSL *s)
- pitem_free(item);
- }
-
-+ while ((item = pqueue_pop(s->d1->buffered_app_data.q)) != NULL) {
-+ rdata = (DTLS1_RECORD_DATA *)item->data;
-+ if (rdata->rbuf.buf) {
-+ OPENSSL_free(rdata->rbuf.buf);
-+ }
-+ OPENSSL_free(item->data);
-+ pitem_free(item);
-+ }
-+
-+ dtls1_clear_received_buffer(s);
-+ dtls1_clear_sent_buffer(s);
-+}
-+
-+void dtls1_clear_received_buffer(SSL *s)
-+{
-+ pitem *item = NULL;
-+ hm_fragment *frag = NULL;
-+
- while ((item = pqueue_pop(s->d1->buffered_messages)) != NULL) {
- frag = (hm_fragment *)item->data;
- dtls1_hm_fragment_free(frag);
- pitem_free(item);
- }
-+}
-+
-+void dtls1_clear_sent_buffer(SSL *s)
-+{
-+ pitem *item = NULL;
-+ hm_fragment *frag = NULL;
-
- while ((item = pqueue_pop(s->d1->sent_messages)) != NULL) {
- frag = (hm_fragment *)item->data;
- dtls1_hm_fragment_free(frag);
- pitem_free(item);
- }
--
-- while ((item = pqueue_pop(s->d1->buffered_app_data.q)) != NULL) {
-- rdata = (DTLS1_RECORD_DATA *)item->data;
-- if (rdata->rbuf.buf) {
-- OPENSSL_free(rdata->rbuf.buf);
-- }
-- OPENSSL_free(item->data);
-- pitem_free(item);
-- }
- }
-
-+
- void dtls1_free(SSL *s)
- {
- ssl3_free(s);
-@@ -456,7 +471,7 @@ void dtls1_stop_timer(SSL *s)
- BIO_ctrl(SSL_get_rbio(s), BIO_CTRL_DGRAM_SET_NEXT_TIMEOUT, 0,
- &(s->d1->next_timeout));
- /* Clear retransmission buffer */
-- dtls1_clear_record_buffer(s);
-+ dtls1_clear_sent_buffer(s);
- }
-
- int dtls1_check_timeout_num(SSL *s)
-Index: openssl-1.0.2h/ssl/d1_srvr.c
-===================================================================
---- openssl-1.0.2h.orig/ssl/d1_srvr.c
-+++ openssl-1.0.2h/ssl/d1_srvr.c
-@@ -313,7 +313,7 @@ int dtls1_accept(SSL *s)
- case SSL3_ST_SW_HELLO_REQ_B:
-
- s->shutdown = 0;
-- dtls1_clear_record_buffer(s);
-+ dtls1_clear_sent_buffer(s);
- dtls1_start_timer(s);
- ret = ssl3_send_hello_request(s);
- if (ret <= 0)
-@@ -894,6 +894,7 @@ int dtls1_accept(SSL *s)
- /* next message is server hello */
- s->d1->handshake_write_seq = 0;
- s->d1->next_handshake_write_seq = 0;
-+ dtls1_clear_received_buffer(s);
- goto end;
- /* break; */
-
-Index: openssl-1.0.2h/ssl/ssl_locl.h
-===================================================================
---- openssl-1.0.2h.orig/ssl/ssl_locl.h
-+++ openssl-1.0.2h/ssl/ssl_locl.h
-@@ -1242,7 +1242,8 @@ int dtls1_retransmit_message(SSL *s, uns
- unsigned long frag_off, int *found);
- int dtls1_get_queue_priority(unsigned short seq, int is_ccs);
- int dtls1_retransmit_buffered_messages(SSL *s);
--void dtls1_clear_record_buffer(SSL *s);
-+void dtls1_clear_received_buffer(SSL *s);
-+void dtls1_clear_sent_buffer(SSL *s);
- void dtls1_get_message_header(unsigned char *data,
- struct hm_header_st *msg_hdr);
- void dtls1_get_ccs_header(unsigned char *data, struct ccs_header_st *ccs_hdr);
diff --git a/meta/recipes-connectivity/openssl/openssl/CVE-2016-2180.patch b/meta/recipes-connectivity/openssl/openssl/CVE-2016-2180.patch
deleted file mode 100644
index c71aaa5..0000000
--- a/meta/recipes-connectivity/openssl/openssl/CVE-2016-2180.patch
+++ /dev/null
@@ -1,44 +0,0 @@
-From b746aa3fe05b5b5f7126df247ac3eceeb995e2a0 Mon Sep 17 00:00:00 2001
-From: "Dr. Stephen Henson" <steve@openssl.org>
-Date: Thu, 21 Jul 2016 15:24:16 +0100
-Subject: [PATCH] Fix OOB read in TS_OBJ_print_bio().
-
-TS_OBJ_print_bio() misuses OBJ_txt2obj: it should print the result
-as a null terminated buffer. The length value returned is the total
-length the complete text reprsentation would need not the amount of
-data written.
-
-CVE-2016-2180
-
-Thanks to Shi Lei for reporting this bug.
-
-Reviewed-by: Matt Caswell <matt@openssl.org>
-(cherry picked from commit 0ed26acce328ec16a3aa635f1ca37365e8c7403a)
-
-Upstream-Status: Backport
-CVE: CVE-2016-2180
-Signed-off-by: Armin Kuster <akuster@mvista.com>
-
----
- crypto/ts/ts_lib.c | 5 ++---
- 1 file changed, 2 insertions(+), 3 deletions(-)
-
-diff --git a/crypto/ts/ts_lib.c b/crypto/ts/ts_lib.c
-index c51538a..e0f1063 100644
---- a/crypto/ts/ts_lib.c
-+++ b/crypto/ts/ts_lib.c
-@@ -90,9 +90,8 @@ int TS_OBJ_print_bio(BIO *bio, const ASN1_OBJECT *obj)
- {
- char obj_txt[128];
-
-- int len = OBJ_obj2txt(obj_txt, sizeof(obj_txt), obj, 0);
-- BIO_write(bio, obj_txt, len);
-- BIO_write(bio, "\n", 1);
-+ OBJ_obj2txt(obj_txt, sizeof(obj_txt), obj, 0);
-+ BIO_printf(bio, "%s\n", obj_txt);
-
- return 1;
- }
---
-2.7.4
-
diff --git a/meta/recipes-connectivity/openssl/openssl/CVE-2016-2181_p1.patch b/meta/recipes-connectivity/openssl/openssl/CVE-2016-2181_p1.patch
deleted file mode 100644
index 9149dbe..0000000
--- a/meta/recipes-connectivity/openssl/openssl/CVE-2016-2181_p1.patch
+++ /dev/null
@@ -1,91 +0,0 @@
-From 20744f6b40b5ded059a848f66d6ba922f2a62eb3 Mon Sep 17 00:00:00 2001
-From: Matt Caswell <matt@openssl.org>
-Date: Tue, 5 Jul 2016 11:46:26 +0100
-Subject: [PATCH] Fix DTLS unprocessed records bug
-
-During a DTLS handshake we may get records destined for the next epoch
-arrive before we have processed the CCS. In that case we can't decrypt or
-verify the record yet, so we buffer it for later use. When we do receive
-the CCS we work through the queue of unprocessed records and process them.
-
-Unfortunately the act of processing wipes out any existing packet data
-that we were still working through. This includes any records from the new
-epoch that were in the same packet as the CCS. We should only process the
-buffered records if we've not got any data left.
-
-Reviewed-by: Richard Levitte <levitte@openssl.org>
-
-Upstream-Status: Backport
-CVE: CVE-2016-2180 patch 1
-Signed-off-by: Armin Kuster <akuster@mvista.com>
-
----
- ssl/d1_pkt.c | 23 +++++++++++++++++++++--
- 1 file changed, 21 insertions(+), 2 deletions(-)
-
-diff --git a/ssl/d1_pkt.c b/ssl/d1_pkt.c
-index fe30ec7..1fb119d 100644
---- a/ssl/d1_pkt.c
-+++ b/ssl/d1_pkt.c
-@@ -319,6 +319,7 @@ static int dtls1_retrieve_buffered_record(SSL *s, record_pqueue *queue)
- static int dtls1_process_buffered_records(SSL *s)
- {
- pitem *item;
-+ SSL3_BUFFER *rb;
-
- item = pqueue_peek(s->d1->unprocessed_rcds.q);
- if (item) {
-@@ -326,6 +327,19 @@ static int dtls1_process_buffered_records(SSL *s)
- if (s->d1->unprocessed_rcds.epoch != s->d1->r_epoch)
- return (1); /* Nothing to do. */
-
-+ rb = &s->s3->rbuf;
-+
-+ if (rb->left > 0) {
-+ /*
-+ * We've still got data from the current packet to read. There could
-+ * be a record from the new epoch in it - so don't overwrite it
-+ * with the unprocessed records yet (we'll do it when we've
-+ * finished reading the current packet).
-+ */
-+ return 1;
-+ }
-+
-+
- /* Process all the records. */
- while (pqueue_peek(s->d1->unprocessed_rcds.q)) {
- dtls1_get_unprocessed_record(s);
-@@ -581,6 +595,7 @@ int dtls1_get_record(SSL *s)
-
- rr = &(s->s3->rrec);
-
-+ again:
- /*
- * The epoch may have changed. If so, process all the pending records.
- * This is a non-blocking operation.
-@@ -593,7 +608,6 @@ int dtls1_get_record(SSL *s)
- return 1;
-
- /* get something from the wire */
-- again:
- /* check if we have the header */
- if ((s->rstate != SSL_ST_READ_BODY) ||
- (s->packet_length < DTLS1_RT_HEADER_LENGTH)) {
-@@ -1830,8 +1844,13 @@ static DTLS1_BITMAP *dtls1_get_bitmap(SSL *s, SSL3_RECORD *rr,
- if (rr->epoch == s->d1->r_epoch)
- return &s->d1->bitmap;
-
-- /* Only HM and ALERT messages can be from the next epoch */
-+ /*
-+ * Only HM and ALERT messages can be from the next epoch and only if we
-+ * have already processed all of the unprocessed records from the last
-+ * epoch
-+ */
- else if (rr->epoch == (unsigned long)(s->d1->r_epoch + 1) &&
-+ s->d1->unprocessed_rcds.epoch != s->d1->r_epoch &&
- (rr->type == SSL3_RT_HANDSHAKE || rr->type == SSL3_RT_ALERT)) {
- *is_next_epoch = 1;
- return &s->d1->next_bitmap;
---
-2.7.4
-
diff --git a/meta/recipes-connectivity/openssl/openssl/CVE-2016-2181_p2.patch b/meta/recipes-connectivity/openssl/openssl/CVE-2016-2181_p2.patch
deleted file mode 100644
index ecf138a..0000000
--- a/meta/recipes-connectivity/openssl/openssl/CVE-2016-2181_p2.patch
+++ /dev/null
@@ -1,239 +0,0 @@
-From 3884b47b7c255c2e94d9b387ee83c7e8bb981258 Mon Sep 17 00:00:00 2001
-From: Matt Caswell <matt@openssl.org>
-Date: Tue, 5 Jul 2016 12:04:37 +0100
-Subject: [PATCH] Fix DTLS replay protection
-
-The DTLS implementation provides some protection against replay attacks
-in accordance with RFC6347 section 4.1.2.6.
-
-A sliding "window" of valid record sequence numbers is maintained with
-the "right" hand edge of the window set to the highest sequence number we
-have received so far. Records that arrive that are off the "left" hand
-edge of the window are rejected. Records within the window are checked
-against a list of records received so far. If we already received it then
-we also reject the new record.
-
-If we have not already received the record, or the sequence number is off
-the right hand edge of the window then we verify the MAC of the record.
-If MAC verification fails then we discard the record. Otherwise we mark
-the record as received. If the sequence number was off the right hand edge
-of the window, then we slide the window along so that the right hand edge
-is in line with the newly received sequence number.
-
-Records may arrive for future epochs, i.e. a record from after a CCS being
-sent, can arrive before the CCS does if the packets get re-ordered. As we
-have not yet received the CCS we are not yet in a position to decrypt or
-validate the MAC of those records. OpenSSL places those records on an
-unprocessed records queue. It additionally updates the window immediately,
-even though we have not yet verified the MAC. This will only occur if
-currently in a handshake/renegotiation.
-
-This could be exploited by an attacker by sending a record for the next
-epoch (which does not have to decrypt or have a valid MAC), with a very
-large sequence number. This means the right hand edge of the window is
-moved very far to the right, and all subsequent legitimate packets are
-dropped causing a denial of service.
-
-A similar effect can be achieved during the initial handshake. In this
-case there is no MAC key negotiated yet. Therefore an attacker can send a
-message for the current epoch with a very large sequence number. The code
-will process the record as normal. If the hanshake message sequence number
-(as opposed to the record sequence number that we have been talking about
-so far) is in the future then the injected message is bufferred to be
-handled later, but the window is still updated. Therefore all subsequent
-legitimate handshake records are dropped. This aspect is not considered a
-security issue because there are many ways for an attacker to disrupt the
-initial handshake and prevent it from completing successfully (e.g.
-injection of a handshake message will cause the Finished MAC to fail and
-the handshake to be aborted). This issue comes about as a result of trying
-to do replay protection, but having no integrity mechanism in place yet.
-Does it even make sense to have replay protection in epoch 0? That
-issue isn't addressed here though.
-
-This addressed an OCAP Audit issue.
-
-CVE-2016-2181
-
-Upstream-Status: Backport
-CVE: CVE-2016-2181 patch2
-Signed-off-by: Armin Kuster <akuster@mvista.com>
-
-
-Reviewed-by: Richard Levitte <levitte@openssl.org>
----
- ssl/d1_pkt.c | 60 +++++++++++++++++++++++++++++++++++++++++++++++------------
- ssl/ssl.h | 1 +
- ssl/ssl_err.c | 4 +++-
- 3 files changed, 52 insertions(+), 13 deletions(-)
-
-Index: openssl-1.0.2h/ssl/d1_pkt.c
-===================================================================
---- openssl-1.0.2h.orig/ssl/d1_pkt.c
-+++ openssl-1.0.2h/ssl/d1_pkt.c
-@@ -194,7 +194,7 @@ static int dtls1_record_needs_buffering(
- #endif
- static int dtls1_buffer_record(SSL *s, record_pqueue *q,
- unsigned char *priority);
--static int dtls1_process_record(SSL *s);
-+static int dtls1_process_record(SSL *s, DTLS1_BITMAP *bitmap);
-
- /* copy buffered record into SSL structure */
- static int dtls1_copy_record(SSL *s, pitem *item)
-@@ -320,13 +320,18 @@ static int dtls1_process_buffered_record
- {
- pitem *item;
- SSL3_BUFFER *rb;
-+ SSL3_RECORD *rr;
-+ DTLS1_BITMAP *bitmap;
-+ unsigned int is_next_epoch;
-+ int replayok = 1;
-
- item = pqueue_peek(s->d1->unprocessed_rcds.q);
- if (item) {
- /* Check if epoch is current. */
- if (s->d1->unprocessed_rcds.epoch != s->d1->r_epoch)
-- return (1); /* Nothing to do. */
-+ return 1; /* Nothing to do. */
-
-+ rr = &s->s3->rrec;
- rb = &s->s3->rbuf;
-
- if (rb->left > 0) {
-@@ -343,11 +348,41 @@ static int dtls1_process_buffered_record
- /* Process all the records. */
- while (pqueue_peek(s->d1->unprocessed_rcds.q)) {
- dtls1_get_unprocessed_record(s);
-- if (!dtls1_process_record(s))
-- return (0);
-+ bitmap = dtls1_get_bitmap(s, rr, &is_next_epoch);
-+ if (bitmap == NULL) {
-+ /*
-+ * Should not happen. This will only ever be NULL when the
-+ * current record is from a different epoch. But that cannot
-+ * be the case because we already checked the epoch above
-+ */
-+ SSLerr(SSL_F_DTLS1_PROCESS_BUFFERED_RECORDS,
-+ ERR_R_INTERNAL_ERROR);
-+ return 0;
-+ }
-+#ifndef OPENSSL_NO_SCTP
-+ /* Only do replay check if no SCTP bio */
-+ if (!BIO_dgram_is_sctp(SSL_get_rbio(s)))
-+#endif
-+ {
-+ /*
-+ * Check whether this is a repeat, or aged record. We did this
-+ * check once already when we first received the record - but
-+ * we might have updated the window since then due to
-+ * records we subsequently processed.
-+ */
-+ replayok = dtls1_record_replay_check(s, bitmap);
-+ }
-+
-+ if (!replayok || !dtls1_process_record(s, bitmap)) {
-+ /* dump this record */
-+ rr->length = 0;
-+ s->packet_length = 0;
-+ continue;
-+ }
-+
- if (dtls1_buffer_record(s, &(s->d1->processed_rcds),
- s->s3->rrec.seq_num) < 0)
-- return -1;
-+ return 0;
- }
- }
-
-@@ -358,7 +393,7 @@ static int dtls1_process_buffered_record
- s->d1->processed_rcds.epoch = s->d1->r_epoch;
- s->d1->unprocessed_rcds.epoch = s->d1->r_epoch + 1;
-
-- return (1);
-+ return 1;
- }
-
- #if 0
-@@ -405,7 +440,7 @@ static int dtls1_get_buffered_record(SSL
-
- #endif
-
--static int dtls1_process_record(SSL *s)
-+static int dtls1_process_record(SSL *s, DTLS1_BITMAP *bitmap)
- {
- int i, al;
- int enc_err;
-@@ -565,6 +600,10 @@ static int dtls1_process_record(SSL *s)
-
- /* we have pulled in a full packet so zero things */
- s->packet_length = 0;
-+
-+ /* Mark receipt of record. */
-+ dtls1_record_bitmap_update(s, bitmap);
-+
- return (1);
-
- f_err:
-@@ -600,7 +639,7 @@ int dtls1_get_record(SSL *s)
- * The epoch may have changed. If so, process all the pending records.
- * This is a non-blocking operation.
- */
-- if (dtls1_process_buffered_records(s) < 0)
-+ if (!dtls1_process_buffered_records(s))
- return -1;
-
- /* if we're renegotiating, then there may be buffered records */
-@@ -735,20 +774,17 @@ int dtls1_get_record(SSL *s)
- if (dtls1_buffer_record
- (s, &(s->d1->unprocessed_rcds), rr->seq_num) < 0)
- return -1;
-- /* Mark receipt of record. */
-- dtls1_record_bitmap_update(s, bitmap);
- }
- rr->length = 0;
- s->packet_length = 0;
- goto again;
- }
-
-- if (!dtls1_process_record(s)) {
-+ if (!dtls1_process_record(s, bitmap)) {
- rr->length = 0;
- s->packet_length = 0; /* dump this record */
- goto again; /* get another record */
- }
-- dtls1_record_bitmap_update(s, bitmap); /* Mark receipt of record. */
-
- return (1);
-
-Index: openssl-1.0.2h/ssl/ssl.h
-===================================================================
---- openssl-1.0.2h.orig/ssl/ssl.h
-+++ openssl-1.0.2h/ssl/ssl.h
-@@ -2623,6 +2623,7 @@ void ERR_load_SSL_strings(void);
- # define SSL_F_DTLS1_HEARTBEAT 305
- # define SSL_F_DTLS1_OUTPUT_CERT_CHAIN 255
- # define SSL_F_DTLS1_PREPROCESS_FRAGMENT 288
-+# define SSL_F_DTLS1_PROCESS_BUFFERED_RECORDS 404
- # define SSL_F_DTLS1_PROCESS_OUT_OF_SEQ_MESSAGE 256
- # define SSL_F_DTLS1_PROCESS_RECORD 257
- # define SSL_F_DTLS1_READ_BYTES 258
-Index: openssl-1.0.2h/ssl/ssl_err.c
-===================================================================
---- openssl-1.0.2h.orig/ssl/ssl_err.c
-+++ openssl-1.0.2h/ssl/ssl_err.c
-@@ -1,6 +1,6 @@
- /* ssl/ssl_err.c */
- /* ====================================================================
-- * Copyright (c) 1999-2015 The OpenSSL Project. All rights reserved.
-+ * Copyright (c) 1999-2016 The OpenSSL Project. All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
-@@ -93,6 +93,8 @@ static ERR_STRING_DATA SSL_str_functs[]
- {ERR_FUNC(SSL_F_DTLS1_HEARTBEAT), "dtls1_heartbeat"},
- {ERR_FUNC(SSL_F_DTLS1_OUTPUT_CERT_CHAIN), "dtls1_output_cert_chain"},
- {ERR_FUNC(SSL_F_DTLS1_PREPROCESS_FRAGMENT), "DTLS1_PREPROCESS_FRAGMENT"},
-+ {ERR_FUNC(SSL_F_DTLS1_PROCESS_BUFFERED_RECORDS),
-+ "DTLS1_PROCESS_BUFFERED_RECORDS"},
- {ERR_FUNC(SSL_F_DTLS1_PROCESS_OUT_OF_SEQ_MESSAGE),
- "DTLS1_PROCESS_OUT_OF_SEQ_MESSAGE"},
- {ERR_FUNC(SSL_F_DTLS1_PROCESS_RECORD), "DTLS1_PROCESS_RECORD"},
diff --git a/meta/recipes-connectivity/openssl/openssl/CVE-2016-2181_p3.patch b/meta/recipes-connectivity/openssl/openssl/CVE-2016-2181_p3.patch
deleted file mode 100644
index a752f89..0000000
--- a/meta/recipes-connectivity/openssl/openssl/CVE-2016-2181_p3.patch
+++ /dev/null
@@ -1,30 +0,0 @@
-From 26aebca74e38ae09f673c2045cc8e2ef762d265a Mon Sep 17 00:00:00 2001
-From: Matt Caswell <matt@openssl.org>
-Date: Wed, 17 Aug 2016 17:55:36 +0100
-Subject: [PATCH] Update function error code
-
-A function error code needed updating due to merge issues.
-
-Reviewed-by: Richard Levitte <levitte@openssl.org>
-
-Upstream-Status: Backport
-CVE: CVE-2016-2181 patch 3
-Signed-off-by: Armin Kuster <akuster@mvista.com>
-
----
- ssl/ssl.h | 2 +-
- 1 file changed, 1 insertion(+), 1 deletion(-)
-
-Index: openssl-1.0.2h/ssl/ssl.h
-===================================================================
---- openssl-1.0.2h.orig/ssl/ssl.h
-+++ openssl-1.0.2h/ssl/ssl.h
-@@ -2623,7 +2623,7 @@ void ERR_load_SSL_strings(void);
- # define SSL_F_DTLS1_HEARTBEAT 305
- # define SSL_F_DTLS1_OUTPUT_CERT_CHAIN 255
- # define SSL_F_DTLS1_PREPROCESS_FRAGMENT 288
--# define SSL_F_DTLS1_PROCESS_BUFFERED_RECORDS 404
-+# define SSL_F_DTLS1_PROCESS_BUFFERED_RECORDS 424
- # define SSL_F_DTLS1_PROCESS_OUT_OF_SEQ_MESSAGE 256
- # define SSL_F_DTLS1_PROCESS_RECORD 257
- # define SSL_F_DTLS1_READ_BYTES 258
diff --git a/meta/recipes-connectivity/openssl/openssl/CVE-2016-2182.patch b/meta/recipes-connectivity/openssl/openssl/CVE-2016-2182.patch
deleted file mode 100644
index 5995cbe..0000000
--- a/meta/recipes-connectivity/openssl/openssl/CVE-2016-2182.patch
+++ /dev/null
@@ -1,70 +0,0 @@
-From e36f27ddb80a48e579783bc29fb3758988342b71 Mon Sep 17 00:00:00 2001
-From: "Dr. Stephen Henson" <steve@openssl.org>
-Date: Fri, 5 Aug 2016 14:26:03 +0100
-Subject: [PATCH] Check for errors in BN_bn2dec()
-
-If an oversize BIGNUM is presented to BN_bn2dec() it can cause
-BN_div_word() to fail and not reduce the value of 't' resulting
-in OOB writes to the bn_data buffer and eventually crashing.
-
-Fix by checking return value of BN_div_word() and checking writes
-don't overflow buffer.
-
-Thanks to Shi Lei for reporting this bug.
-
-CVE-2016-2182
-
-Reviewed-by: Tim Hudson <tjh@openssl.org>
-(cherry picked from commit 07bed46f332fce8c1d157689a2cdf915a982ae34)
-
-Conflicts:
- crypto/bn/bn_print.c
-
-Upstream-Status: Backport
-CVE: CVE-2016-2182
-Signed-off-by: Armin Kuster <akuster@mvista.com>
-
----
- crypto/bn/bn_print.c | 11 ++++++++---
- 1 file changed, 8 insertions(+), 3 deletions(-)
-
-diff --git a/crypto/bn/bn_print.c b/crypto/bn/bn_print.c
-index bfa31ef..b44403e 100644
---- a/crypto/bn/bn_print.c
-+++ b/crypto/bn/bn_print.c
-@@ -111,6 +111,7 @@ char *BN_bn2dec(const BIGNUM *a)
- char *p;
- BIGNUM *t = NULL;
- BN_ULONG *bn_data = NULL, *lp;
-+ int bn_data_num;
-
- /*-
- * get an upper bound for the length of the decimal integer
-@@ -120,9 +121,9 @@ char *BN_bn2dec(const BIGNUM *a)
- */
- i = BN_num_bits(a) * 3;
- num = (i / 10 + i / 1000 + 1) + 1;
-- bn_data =
-- (BN_ULONG *)OPENSSL_malloc((num / BN_DEC_NUM + 1) * sizeof(BN_ULONG));
-- buf = (char *)OPENSSL_malloc(num + 3);
-+ bn_data_num = num / BN_DEC_NUM + 1;
-+ bn_data = OPENSSL_malloc(bn_data_num * sizeof(BN_ULONG));
-+ buf = OPENSSL_malloc(num + 3);
- if ((buf == NULL) || (bn_data == NULL)) {
- BNerr(BN_F_BN_BN2DEC, ERR_R_MALLOC_FAILURE);
- goto err;
-@@ -143,7 +144,11 @@ char *BN_bn2dec(const BIGNUM *a)
- i = 0;
- while (!BN_is_zero(t)) {
- *lp = BN_div_word(t, BN_DEC_CONV);
-+ if (*lp == (BN_ULONG)-1)
-+ goto err;
- lp++;
-+ if (lp - bn_data >= bn_data_num)
-+ goto err;
- }
- lp--;
- /*
---
-2.7.4
-
diff --git a/meta/recipes-connectivity/openssl/openssl/CVE-2016-6302.patch b/meta/recipes-connectivity/openssl/openssl/CVE-2016-6302.patch
deleted file mode 100644
index a72ee70..0000000
--- a/meta/recipes-connectivity/openssl/openssl/CVE-2016-6302.patch
+++ /dev/null
@@ -1,53 +0,0 @@
-From baaabfd8fdcec04a691695fad9a664bea43202b6 Mon Sep 17 00:00:00 2001
-From: "Dr. Stephen Henson" <steve@openssl.org>
-Date: Tue, 23 Aug 2016 18:14:54 +0100
-Subject: [PATCH] Sanity check ticket length.
-
-If a ticket callback changes the HMAC digest to SHA512 the existing
-sanity checks are not sufficient and an attacker could perform a DoS
-attack with a malformed ticket. Add additional checks based on
-HMAC size.
-
-Thanks to Shi Lei for reporting this bug.
-
-CVE-2016-6302
-
-Reviewed-by: Rich Salz <rsalz@openssl.org>
-
-Upstream-Status: Backport
-CVE: CVE-2016-6302
-Signed-off-by: Armin Kuster <akuster@mvista.com>
-
----
- ssl/t1_lib.c | 11 ++++++++---
- 1 file changed, 8 insertions(+), 3 deletions(-)
-
-Index: openssl-1.0.2h/ssl/t1_lib.c
-===================================================================
---- openssl-1.0.2h.orig/ssl/t1_lib.c
-+++ openssl-1.0.2h/ssl/t1_lib.c
-@@ -3397,9 +3397,7 @@ static int tls_decrypt_ticket(SSL *s, co
- HMAC_CTX hctx;
- EVP_CIPHER_CTX ctx;
- SSL_CTX *tctx = s->initial_ctx;
-- /* Need at least keyname + iv + some encrypted data */
-- if (eticklen < 48)
-- return 2;
-+
- /* Initialize session ticket encryption and HMAC contexts */
- HMAC_CTX_init(&hctx);
- EVP_CIPHER_CTX_init(&ctx);
-@@ -3433,6 +3431,13 @@ static int tls_decrypt_ticket(SSL *s, co
- if (mlen < 0) {
- goto err;
- }
-+ /* Sanity check ticket length: must exceed keyname + IV + HMAC */
-+ if (eticklen <= 16 + EVP_CIPHER_CTX_iv_length(&ctx) + mlen) {
-+ HMAC_CTX_cleanup(&hctx);
-+ EVP_CIPHER_CTX_cleanup(&ctx);
-+ return 2;
-+ }
-+
- eticklen -= mlen;
- /* Check HMAC of encrypted ticket */
- if (HMAC_Update(&hctx, etick, eticklen) <= 0
diff --git a/meta/recipes-connectivity/openssl/openssl/CVE-2016-6303.patch b/meta/recipes-connectivity/openssl/openssl/CVE-2016-6303.patch
deleted file mode 100644
index 95bdec4..0000000
--- a/meta/recipes-connectivity/openssl/openssl/CVE-2016-6303.patch
+++ /dev/null
@@ -1,36 +0,0 @@
-From 1027ad4f34c30b8585592764b9a670ba36888269 Mon Sep 17 00:00:00 2001
-From: "Dr. Stephen Henson" <steve@openssl.org>
-Date: Fri, 19 Aug 2016 23:28:29 +0100
-Subject: [PATCH] Avoid overflow in MDC2_Update()
-
-Thanks to Shi Lei for reporting this issue.
-
-CVE-2016-6303
-
-Reviewed-by: Matt Caswell <matt@openssl.org>
-(cherry picked from commit 55d83bf7c10c7b205fffa23fa7c3977491e56c07)
-
-Upstream-Status: Backport
-CVE: CVE-2016-6303
-Signed-off-by: Armin Kuster <akuster@mvista.com>
-
----
- crypto/mdc2/mdc2dgst.c | 2 +-
- 1 file changed, 1 insertion(+), 1 deletion(-)
-
-diff --git a/crypto/mdc2/mdc2dgst.c b/crypto/mdc2/mdc2dgst.c
-index 6615cf8..2dce493 100644
---- a/crypto/mdc2/mdc2dgst.c
-+++ b/crypto/mdc2/mdc2dgst.c
-@@ -91,7 +91,7 @@ int MDC2_Update(MDC2_CTX *c, const unsigned char *in, size_t len)
-
- i = c->num;
- if (i != 0) {
-- if (i + len < MDC2_BLOCK) {
-+ if (len < MDC2_BLOCK - i) {
- /* partial block */
- memcpy(&(c->data[i]), in, len);
- c->num += (int)len;
---
-2.7.4
-
diff --git a/meta/recipes-connectivity/openssl/openssl/CVE-2016-6304.patch b/meta/recipes-connectivity/openssl/openssl/CVE-2016-6304.patch
deleted file mode 100644
index 64508b5..0000000
--- a/meta/recipes-connectivity/openssl/openssl/CVE-2016-6304.patch
+++ /dev/null
@@ -1,75 +0,0 @@
-From ea39b16b71e4e72a228a4535bd6d6a02c5edbc1f Mon Sep 17 00:00:00 2001
-From: Matt Caswell <matt@openssl.org>
-Date: Fri, 9 Sep 2016 10:08:45 +0100
-Subject: [PATCH] Fix OCSP Status Request extension unbounded memory growth
-
-A malicious client can send an excessively large OCSP Status Request
-extension. If that client continually requests renegotiation,
-sending a large OCSP Status Request extension each time, then there will
-be unbounded memory growth on the server. This will eventually lead to a
-Denial Of Service attack through memory exhaustion. Servers with a
-default configuration are vulnerable even if they do not support OCSP.
-Builds using the "no-ocsp" build time option are not affected.
-
-I have also checked other extensions to see if they suffer from a similar
-problem but I could not find any other issues.
-
-CVE-2016-6304
-
-Issue reported by Shi Lei.
-
-Reviewed-by: Rich Salz <rsalz@openssl.org>
-
-Upstream-Status: Backport
-CVE: CVE-2016-6304
-Signed-off-by: Armin Kuster <akuster@mvista.com>
-
----
- ssl/t1_lib.c | 24 +++++++++++++++++-------
- 1 file changed, 17 insertions(+), 7 deletions(-)
-
-diff --git a/ssl/t1_lib.c b/ssl/t1_lib.c
-index fbcf2e6..e4b4e27 100644
---- a/ssl/t1_lib.c
-+++ b/ssl/t1_lib.c
-@@ -2316,6 +2316,23 @@ static int ssl_scan_clienthello_tlsext(SSL *s, unsigned char **p,
- size -= 2;
- if (dsize > size)
- goto err;
-+
-+ /*
-+ * We remove any OCSP_RESPIDs from a previous handshake
-+ * to prevent unbounded memory growth - CVE-2016-6304
-+ */
-+ sk_OCSP_RESPID_pop_free(s->tlsext_ocsp_ids,
-+ OCSP_RESPID_free);
-+ if (dsize > 0) {
-+ s->tlsext_ocsp_ids = sk_OCSP_RESPID_new_null();
-+ if (s->tlsext_ocsp_ids == NULL) {
-+ *al = SSL_AD_INTERNAL_ERROR;
-+ return 0;
-+ }
-+ } else {
-+ s->tlsext_ocsp_ids = NULL;
-+ }
-+
- while (dsize > 0) {
- OCSP_RESPID *id;
- int idsize;
-@@ -2335,13 +2352,6 @@ static int ssl_scan_clienthello_tlsext(SSL *s, unsigned char **p,
- OCSP_RESPID_free(id);
- goto err;
- }
-- if (!s->tlsext_ocsp_ids
-- && !(s->tlsext_ocsp_ids =
-- sk_OCSP_RESPID_new_null())) {
-- OCSP_RESPID_free(id);
-- *al = SSL_AD_INTERNAL_ERROR;
-- return 0;
-- }
- if (!sk_OCSP_RESPID_push(s->tlsext_ocsp_ids, id)) {
- OCSP_RESPID_free(id);
- *al = SSL_AD_INTERNAL_ERROR;
---
-2.7.4
-
diff --git a/meta/recipes-connectivity/openssl/openssl/CVE-2016-6306.patch b/meta/recipes-connectivity/openssl/openssl/CVE-2016-6306.patch
deleted file mode 100644
index 9e7d576..0000000
--- a/meta/recipes-connectivity/openssl/openssl/CVE-2016-6306.patch
+++ /dev/null
@@ -1,71 +0,0 @@
-From ff553f837172ecb2b5c8eca257ec3c5619a4b299 Mon Sep 17 00:00:00 2001
-From: "Dr. Stephen Henson" <steve@openssl.org>
-Date: Sat, 17 Sep 2016 12:36:58 +0100
-Subject: [PATCH] Fix small OOB reads.
-
-In ssl3_get_client_certificate, ssl3_get_server_certificate and
-ssl3_get_certificate_request check we have enough room
-before reading a length.
-
-Thanks to Shi Lei (Gear Team, Qihoo 360 Inc.) for reporting these bugs.
-
-CVE-2016-6306
-
-Reviewed-by: Richard Levitte <levitte@openssl.org>
-Reviewed-by: Matt Caswell <matt@openssl.org>
-
-Upstream-Status: Backport
-CVE: CVE-2016-6306
-Signed-off-by: Armin Kuster <akuster@mvista.com>
-
----
- ssl/s3_clnt.c | 11 +++++++++++
- ssl/s3_srvr.c | 6 ++++++
- 2 files changed, 17 insertions(+)
-
-Index: openssl-1.0.2h/ssl/s3_clnt.c
-===================================================================
---- openssl-1.0.2h.orig/ssl/s3_clnt.c
-+++ openssl-1.0.2h/ssl/s3_clnt.c
-@@ -1216,6 +1216,12 @@ int ssl3_get_server_certificate(SSL *s)
- goto f_err;
- }
- for (nc = 0; nc < llen;) {
-+ if (nc + 3 > llen) {
-+ al = SSL_AD_DECODE_ERROR;
-+ SSLerr(SSL_F_SSL3_GET_SERVER_CERTIFICATE,
-+ SSL_R_CERT_LENGTH_MISMATCH);
-+ goto f_err;
-+ }
- n2l3(p, l);
- if ((l + nc + 3) > llen) {
- al = SSL_AD_DECODE_ERROR;
-@@ -2167,6 +2173,11 @@ int ssl3_get_certificate_request(SSL *s)
- }
-
- for (nc = 0; nc < llen;) {
-+ if (nc + 2 > llen) {
-+ ssl3_send_alert(s, SSL3_AL_FATAL, SSL_AD_DECODE_ERROR);
-+ SSLerr(SSL_F_SSL3_GET_CERTIFICATE_REQUEST, SSL_R_CA_DN_TOO_LONG);
-+ goto err;
-+ }
- n2s(p, l);
- if ((l + nc + 2) > llen) {
- if ((s->options & SSL_OP_NETSCAPE_CA_DN_BUG))
-Index: openssl-1.0.2h/ssl/s3_srvr.c
-===================================================================
---- openssl-1.0.2h.orig/ssl/s3_srvr.c
-+++ openssl-1.0.2h/ssl/s3_srvr.c
-@@ -3213,6 +3213,12 @@ int ssl3_get_client_certificate(SSL *s)
- goto f_err;
- }
- for (nc = 0; nc < llen;) {
-+ if (nc + 3 > llen) {
-+ al = SSL_AD_DECODE_ERROR;
-+ SSLerr(SSL_F_SSL3_GET_CLIENT_CERTIFICATE,
-+ SSL_R_CERT_LENGTH_MISMATCH);
-+ goto f_err;
-+ }
- n2l3(p, l);
- if ((l + nc + 3) > llen) {
- al = SSL_AD_DECODE_ERROR;
diff --git a/meta/recipes-connectivity/openssl/openssl/CVE-2016-8610.patch b/meta/recipes-connectivity/openssl/openssl/CVE-2016-8610.patch
deleted file mode 100644
index c2af589..0000000
--- a/meta/recipes-connectivity/openssl/openssl/CVE-2016-8610.patch
+++ /dev/null
@@ -1,124 +0,0 @@
-From 22646a075e75991b4e8f5d67171e45a6aead5b48 Mon Sep 17 00:00:00 2001
-From: Matt Caswell <matt@openssl.org>
-Date: Wed, 21 Sep 2016 14:48:16 +0100
-Subject: [PATCH] Don't allow too many consecutive warning alerts
-
-Certain warning alerts are ignored if they are received. This can mean that
-no progress will be made if one peer continually sends those warning alerts.
-Implement a count so that we abort the connection if we receive too many.
-
-Issue reported by Shi Lei.
-
-Reviewed-by: Rich Salz <rsalz@openssl.org>
-
-Upstream-Status: Backport
-CVE: CVE-2016-8610
-Signed-off-by: Armin Kuster <akuster@mvista.com>
-
----
- ssl/d1_pkt.c | 15 +++++++++++++++
- ssl/s3_pkt.c | 15 +++++++++++++++
- ssl/ssl.h | 1 +
- ssl/ssl_locl.h | 4 ++++
- 4 files changed, 35 insertions(+)
-
-Index: openssl-1.0.2h/ssl/d1_pkt.c
-===================================================================
---- openssl-1.0.2h.orig/ssl/d1_pkt.c
-+++ openssl-1.0.2h/ssl/d1_pkt.c
-@@ -928,6 +928,13 @@ int dtls1_read_bytes(SSL *s, int type, u
- goto start;
- }
-
-+ /*
-+ * Reset the count of consecutive warning alerts if we've got a non-empty
-+ * record that isn't an alert.
-+ */
-+ if (rr->type != SSL3_RT_ALERT && rr->length != 0)
-+ s->cert->alert_count = 0;
-+
- /* we now have a packet which can be read and processed */
-
- if (s->s3->change_cipher_spec /* set when we receive ChangeCipherSpec,
-@@ -1194,6 +1201,14 @@ int dtls1_read_bytes(SSL *s, int type, u
-
- if (alert_level == SSL3_AL_WARNING) {
- s->s3->warn_alert = alert_descr;
-+
-+ s->cert->alert_count++;
-+ if (s->cert->alert_count == MAX_WARN_ALERT_COUNT) {
-+ al = SSL_AD_UNEXPECTED_MESSAGE;
-+ SSLerr(SSL_F_DTLS1_READ_BYTES, SSL_R_TOO_MANY_WARN_ALERTS);
-+ goto f_err;
-+ }
-+
- if (alert_descr == SSL_AD_CLOSE_NOTIFY) {
- #ifndef OPENSSL_NO_SCTP
- /*
-Index: openssl-1.0.2h/ssl/s3_pkt.c
-===================================================================
---- openssl-1.0.2h.orig/ssl/s3_pkt.c
-+++ openssl-1.0.2h/ssl/s3_pkt.c
-@@ -1229,6 +1229,13 @@ int ssl3_read_bytes(SSL *s, int type, un
- return (ret);
- }
-
-+ /*
-+ * Reset the count of consecutive warning alerts if we've got a non-empty
-+ * record that isn't an alert.
-+ */
-+ if (rr->type != SSL3_RT_ALERT && rr->length != 0)
-+ s->cert->alert_count = 0;
-+
- /* we now have a packet which can be read and processed */
-
- if (s->s3->change_cipher_spec /* set when we receive ChangeCipherSpec,
-@@ -1443,6 +1450,14 @@ int ssl3_read_bytes(SSL *s, int type, un
-
- if (alert_level == SSL3_AL_WARNING) {
- s->s3->warn_alert = alert_descr;
-+
-+ s->cert->alert_count++;
-+ if (s->cert->alert_count == MAX_WARN_ALERT_COUNT) {
-+ al = SSL_AD_UNEXPECTED_MESSAGE;
-+ SSLerr(SSL_F_SSL3_READ_BYTES, SSL_R_TOO_MANY_WARN_ALERTS);
-+ goto f_err;
-+ }
-+
- if (alert_descr == SSL_AD_CLOSE_NOTIFY) {
- s->shutdown |= SSL_RECEIVED_SHUTDOWN;
- return (0);
-Index: openssl-1.0.2h/ssl/ssl.h
-===================================================================
---- openssl-1.0.2h.orig/ssl/ssl.h
-+++ openssl-1.0.2h/ssl/ssl.h
-@@ -3115,6 +3115,7 @@ void ERR_load_SSL_strings(void);
- # define SSL_R_TLS_INVALID_ECPOINTFORMAT_LIST 157
- # define SSL_R_TLS_PEER_DID_NOT_RESPOND_WITH_CERTIFICATE_LIST 233
- # define SSL_R_TLS_RSA_ENCRYPTED_VALUE_LENGTH_IS_WRONG 234
-+# define SSL_R_TOO_MANY_WARN_ALERTS 409
- # define SSL_R_TRIED_TO_USE_UNSUPPORTED_CIPHER 235
- # define SSL_R_UNABLE_TO_DECODE_DH_CERTS 236
- # define SSL_R_UNABLE_TO_DECODE_ECDH_CERTS 313
-Index: openssl-1.0.2h/ssl/ssl_locl.h
-===================================================================
---- openssl-1.0.2h.orig/ssl/ssl_locl.h
-+++ openssl-1.0.2h/ssl/ssl_locl.h
-@@ -585,6 +585,8 @@ typedef struct {
- */
- # define SSL_EXT_FLAG_SENT 0x2
-
-+# define MAX_WARN_ALERT_COUNT 5
-+
- typedef struct {
- custom_ext_method *meths;
- size_t meths_count;
-@@ -692,6 +694,8 @@ typedef struct cert_st {
- unsigned char *alpn_proposed; /* server */
- unsigned int alpn_proposed_len;
- int alpn_sent; /* client */
-+ /* Count of the number of consecutive warning alerts received */
-+ unsigned int alert_count;
- } CERT;
-
- typedef struct sess_cert_st {
diff --git a/meta/recipes-connectivity/openssl/openssl/Use-SHA256-not-MD5-as-default-digest.patch b/meta/recipes-connectivity/openssl/openssl/Use-SHA256-not-MD5-as-default-digest.patch
new file mode 100644
index 0000000..58c9ee7
--- /dev/null
+++ b/meta/recipes-connectivity/openssl/openssl/Use-SHA256-not-MD5-as-default-digest.patch
@@ -0,0 +1,69 @@
+From d795f5f20a29adecf92c09459a3ee07ffac01a99 Mon Sep 17 00:00:00 2001
+From: Rich Salz <rsalz@akamai.com>
+Date: Sat, 13 Jun 2015 17:03:39 -0400
+Subject: [PATCH] Use SHA256 not MD5 as default digest.
+
+Commit f8547f62c212837dbf44fb7e2755e5774a59a57b upstream.
+
+Upstream-Status: Backport
+Backport from OpenSSL 2.0 to OpenSSL 1.0.2
+Commit f8547f62c212837dbf44fb7e2755e5774a59a57b
+
+CVE: CVE-2004-2761
+
+ The MD5 Message-Digest Algorithm is not collision resistant,
+ which makes it easier for context-dependent attackers to
+ conduct spoofing attacks, as demonstrated by attacks on the
+ use of MD5 in the signature algorithm of an X.509 certificate.
+
+Reviewed-by: Viktor Dukhovni <viktor@openssl.org>
+Signed-off-by: Zhang Xiao <xiao.zhang@windriver.com>
+Signed-off-by: T.O. Radzy Radzykewycz <radzy@windriver.com>
+---
+ apps/ca.c | 2 +-
+ apps/dgst.c | 2 +-
+ apps/enc.c | 2 +-
+ 3 files changed, 3 insertions(+), 3 deletions(-)
+
+diff --git a/apps/ca.c b/apps/ca.c
+index 3b7336c..8f3a84b 100644
+--- a/apps/ca.c
++++ b/apps/ca.c
+@@ -1612,7 +1612,7 @@ static int certify_cert(X509 **xret, char *infile, EVP_PKEY *pkey, X509 *x509,
+ } else
+ BIO_printf(bio_err, "Signature ok\n");
+
+- if ((rreq = X509_to_X509_REQ(req, NULL, EVP_md5())) == NULL)
++ if ((rreq = X509_to_X509_REQ(req, NULL, NULL)) == NULL)
+ goto err;
+
+ ok = do_body(xret, pkey, x509, dgst, sigopts, policy, db, serial, subj,
+diff --git a/apps/dgst.c b/apps/dgst.c
+index 95e5fa3..0d1529f 100644
+--- a/apps/dgst.c
++++ b/apps/dgst.c
+@@ -442,7 +442,7 @@ int MAIN(int argc, char **argv)
+ goto end;
+ }
+ if (md == NULL)
+- md = EVP_md5();
++ md = EVP_sha256();
+ if (!EVP_DigestInit_ex(mctx, md, impl)) {
+ BIO_printf(bio_err, "Error setting digest %s\n", pname);
+ ERR_print_errors(bio_err);
+diff --git a/apps/enc.c b/apps/enc.c
+index 7b7c70b..a7d944c 100644
+--- a/apps/enc.c
++++ b/apps/enc.c
+@@ -344,7 +344,7 @@ int MAIN(int argc, char **argv)
+ }
+
+ if (dgst == NULL) {
+- dgst = EVP_md5();
++ dgst = EVP_sha256();
+ }
+
+ if (bufsize != NULL) {
+--
+1.9.1
+
diff --git a/meta/recipes-connectivity/openssl/openssl/crypto_use_bigint_in_x86-64_perl.patch b/meta/recipes-connectivity/openssl/openssl/crypto_use_bigint_in_x86-64_perl.patch
deleted file mode 100644
index 7ba9eab..0000000
--- a/meta/recipes-connectivity/openssl/openssl/crypto_use_bigint_in_x86-64_perl.patch
+++ /dev/null
@@ -1,33 +0,0 @@
-Upsteram Status: Backport
-
-When building on x32 systems where the default type is 32bit, make sure
-we can transparently represent 64bit integers. Otherwise we end up with
-build errors like:
-/usr/bin/perl asm/ghash-x86_64.pl elf > ghash-x86_64.s
-Integer overflow in hexadecimal number at asm/../../perlasm/x86_64-xlate.pl line 201, <> line 890.
-...
-ghash-x86_64.s: Assembler messages:
-ghash-x86_64.s:890: Error: junk '.15473355479995e+19' after expression
-
-We don't enable this globally as there are some cases where we'd get
-32bit values interpreted as unsigned when we need them as signed.
-
-Reported-by: Bertrand Jacquin <bertrand@jacquin.bzh>
-URL: https://bugs.gentoo.org/542618
-
-Signed-off-By: Armin Kuster <akuster@mvista.com>
-
-diff --git a/crypto/perlasm/x86_64-xlate.pl b/crypto/perlasm/x86_64-xlate.pl
---- a/crypto/perlasm/x86_64-xlate.pl
-+++ b/crypto/perlasm/x86_64-xlate.pl
-@@ -196,6 +196,10 @@ my %globals;
- my $self = shift;
-
- $self->{value} =~ s/\b(0b[0-1]+)/oct($1)/eig;
-+ # When building on x32 ABIs, the expanded hex value might be too
-+ # big to fit into 32bits. Enable transparent 64bit support here
-+ # so we can safely print it out.
-+ use bigint;
- if ($gas) {
- # Solaris /usr/ccs/bin/as can't handle multiplications
- # in $self->{value}
diff --git a/meta/recipes-connectivity/openssl/openssl/debian/ca.patch b/meta/recipes-connectivity/openssl/openssl/debian/ca.patch
index aba4d42..fb745e4 100644
--- a/meta/recipes-connectivity/openssl/openssl/debian/ca.patch
+++ b/meta/recipes-connectivity/openssl/openssl/debian/ca.patch
@@ -7,7 +7,7 @@ Index: openssl-0.9.8m/apps/CA.pl.in
@@ -65,6 +65,7 @@
foreach (@ARGV) {
if ( /^(-\?|-h|-help)$/ ) {
- print STDERR "usage: CA -newcert|-newreq|-newreq-nodes|-newca|-sign|-verify\n";
+ print STDERR "usage: CA -newcert|-newreq|-newreq-nodes|-newca|-sign|-signcert|-verify\n";
+ print STDERR "usage: CA -signcert certfile keyfile|-newcert|-newreq|-newca|-sign|-verify\n";
exit 0;
} elsif (/^-newcert$/) {
diff --git a/meta/recipes-connectivity/openssl/openssl/debian/version-script.patch b/meta/recipes-connectivity/openssl/openssl/debian/version-script.patch
new file mode 100644
index 0000000..a249180
--- /dev/null
+++ b/meta/recipes-connectivity/openssl/openssl/debian/version-script.patch
@@ -0,0 +1,4663 @@
+Index: openssl-1.0.2~beta1.obsolete.0.0498436515490575/Configure
+===================================================================
+--- openssl-1.0.2~beta1.obsolete.0.0498436515490575.orig/Configure 2014-02-24 21:02:30.000000000 +0100
++++ openssl-1.0.2~beta1.obsolete.0.0498436515490575/Configure 2014-02-24 21:02:30.000000000 +0100
+@@ -1651,6 +1651,8 @@
+ }
+ }
+
++$shared_ldflag .= " -Wl,--version-script=openssl.ld";
++
+ open(IN,'<Makefile.org') || die "unable to read Makefile.org:$!\n";
+ unlink("$Makefile.new") || die "unable to remove old $Makefile.new:$!\n" if -e "$Makefile.new";
+ open(OUT,">$Makefile.new") || die "unable to create $Makefile.new:$!\n";
+Index: openssl-1.0.2~beta1.obsolete.0.0498436515490575/openssl.ld
+===================================================================
+--- /dev/null 1970-01-01 00:00:00.000000000 +0000
++++ openssl-1.0.2~beta1.obsolete.0.0498436515490575/openssl.ld 2014-02-24 22:19:08.601827266 +0100
+@@ -0,0 +1,4615 @@
++OPENSSL_1.0.0 {
++ global:
++ BIO_f_ssl;
++ BIO_new_buffer_ssl_connect;
++ BIO_new_ssl;
++ BIO_new_ssl_connect;
++ BIO_proxy_ssl_copy_session_id;
++ BIO_ssl_copy_session_id;
++ BIO_ssl_shutdown;
++ d2i_SSL_SESSION;
++ DTLSv1_client_method;
++ DTLSv1_method;
++ DTLSv1_server_method;
++ ERR_load_SSL_strings;
++ i2d_SSL_SESSION;
++ kssl_build_principal_2;
++ kssl_cget_tkt;
++ kssl_check_authent;
++ kssl_ctx_free;
++ kssl_ctx_new;
++ kssl_ctx_setkey;
++ kssl_ctx_setprinc;
++ kssl_ctx_setstring;
++ kssl_ctx_show;
++ kssl_err_set;
++ kssl_krb5_free_data_contents;
++ kssl_sget_tkt;
++ kssl_skip_confound;
++ kssl_validate_times;
++ PEM_read_bio_SSL_SESSION;
++ PEM_read_SSL_SESSION;
++ PEM_write_bio_SSL_SESSION;
++ PEM_write_SSL_SESSION;
++ SSL_accept;
++ SSL_add_client_CA;
++ SSL_add_dir_cert_subjects_to_stack;
++ SSL_add_dir_cert_subjs_to_stk;
++ SSL_add_file_cert_subjects_to_stack;
++ SSL_add_file_cert_subjs_to_stk;
++ SSL_alert_desc_string;
++ SSL_alert_desc_string_long;
++ SSL_alert_type_string;
++ SSL_alert_type_string_long;
++ SSL_callback_ctrl;
++ SSL_check_private_key;
++ SSL_CIPHER_description;
++ SSL_CIPHER_get_bits;
++ SSL_CIPHER_get_name;
++ SSL_CIPHER_get_version;
++ SSL_clear;
++ SSL_COMP_add_compression_method;
++ SSL_COMP_get_compression_methods;
++ SSL_COMP_get_compress_methods;
++ SSL_COMP_get_name;
++ SSL_connect;
++ SSL_copy_session_id;
++ SSL_ctrl;
++ SSL_CTX_add_client_CA;
++ SSL_CTX_add_session;
++ SSL_CTX_callback_ctrl;
++ SSL_CTX_check_private_key;
++ SSL_CTX_ctrl;
++ SSL_CTX_flush_sessions;
++ SSL_CTX_free;
++ SSL_CTX_get_cert_store;
++ SSL_CTX_get_client_CA_list;
++ SSL_CTX_get_client_cert_cb;
++ SSL_CTX_get_ex_data;
++ SSL_CTX_get_ex_new_index;
++ SSL_CTX_get_info_callback;
++ SSL_CTX_get_quiet_shutdown;
++ SSL_CTX_get_timeout;
++ SSL_CTX_get_verify_callback;
++ SSL_CTX_get_verify_depth;
++ SSL_CTX_get_verify_mode;
++ SSL_CTX_load_verify_locations;
++ SSL_CTX_new;
++ SSL_CTX_remove_session;
++ SSL_CTX_sess_get_get_cb;
++ SSL_CTX_sess_get_new_cb;
++ SSL_CTX_sess_get_remove_cb;
++ SSL_CTX_sessions;
++ SSL_CTX_sess_set_get_cb;
++ SSL_CTX_sess_set_new_cb;
++ SSL_CTX_sess_set_remove_cb;
++ SSL_CTX_set1_param;
++ SSL_CTX_set_cert_store;
++ SSL_CTX_set_cert_verify_callback;
++ SSL_CTX_set_cert_verify_cb;
++ SSL_CTX_set_cipher_list;
++ SSL_CTX_set_client_CA_list;
++ SSL_CTX_set_client_cert_cb;
++ SSL_CTX_set_client_cert_engine;
++ SSL_CTX_set_cookie_generate_cb;
++ SSL_CTX_set_cookie_verify_cb;
++ SSL_CTX_set_default_passwd_cb;
++ SSL_CTX_set_default_passwd_cb_userdata;
++ SSL_CTX_set_default_verify_paths;
++ SSL_CTX_set_def_passwd_cb_ud;
++ SSL_CTX_set_def_verify_paths;
++ SSL_CTX_set_ex_data;
++ SSL_CTX_set_generate_session_id;
++ SSL_CTX_set_info_callback;
++ SSL_CTX_set_msg_callback;
++ SSL_CTX_set_psk_client_callback;
++ SSL_CTX_set_psk_server_callback;
++ SSL_CTX_set_purpose;
++ SSL_CTX_set_quiet_shutdown;
++ SSL_CTX_set_session_id_context;
++ SSL_CTX_set_ssl_version;
++ SSL_CTX_set_timeout;
++ SSL_CTX_set_tmp_dh_callback;
++ SSL_CTX_set_tmp_ecdh_callback;
++ SSL_CTX_set_tmp_rsa_callback;
++ SSL_CTX_set_trust;
++ SSL_CTX_set_verify;
++ SSL_CTX_set_verify_depth;
++ SSL_CTX_use_cert_chain_file;
++ SSL_CTX_use_certificate;
++ SSL_CTX_use_certificate_ASN1;
++ SSL_CTX_use_certificate_chain_file;
++ SSL_CTX_use_certificate_file;
++ SSL_CTX_use_PrivateKey;
++ SSL_CTX_use_PrivateKey_ASN1;
++ SSL_CTX_use_PrivateKey_file;
++ SSL_CTX_use_psk_identity_hint;
++ SSL_CTX_use_RSAPrivateKey;
++ SSL_CTX_use_RSAPrivateKey_ASN1;
++ SSL_CTX_use_RSAPrivateKey_file;
++ SSL_do_handshake;
++ SSL_dup;
++ SSL_dup_CA_list;
++ SSLeay_add_ssl_algorithms;
++ SSL_free;
++ SSL_get1_session;
++ SSL_get_certificate;
++ SSL_get_cipher_list;
++ SSL_get_ciphers;
++ SSL_get_client_CA_list;
++ SSL_get_current_cipher;
++ SSL_get_current_compression;
++ SSL_get_current_expansion;
++ SSL_get_default_timeout;
++ SSL_get_error;
++ SSL_get_ex_data;
++ SSL_get_ex_data_X509_STORE_CTX_idx;
++ SSL_get_ex_d_X509_STORE_CTX_idx;
++ SSL_get_ex_new_index;
++ SSL_get_fd;
++ SSL_get_finished;
++ SSL_get_info_callback;
++ SSL_get_peer_cert_chain;
++ SSL_get_peer_certificate;
++ SSL_get_peer_finished;
++ SSL_get_privatekey;
++ SSL_get_psk_identity;
++ SSL_get_psk_identity_hint;
++ SSL_get_quiet_shutdown;
++ SSL_get_rbio;
++ SSL_get_read_ahead;
++ SSL_get_rfd;
++ SSL_get_servername;
++ SSL_get_servername_type;
++ SSL_get_session;
++ SSL_get_shared_ciphers;
++ SSL_get_shutdown;
++ SSL_get_SSL_CTX;
++ SSL_get_ssl_method;
++ SSL_get_verify_callback;
++ SSL_get_verify_depth;
++ SSL_get_verify_mode;
++ SSL_get_verify_result;
++ SSL_get_version;
++ SSL_get_wbio;
++ SSL_get_wfd;
++ SSL_has_matching_session_id;
++ SSL_library_init;
++ SSL_load_client_CA_file;
++ SSL_load_error_strings;
++ SSL_new;
++ SSL_peek;
++ SSL_pending;
++ SSL_read;
++ SSL_renegotiate;
++ SSL_renegotiate_pending;
++ SSL_rstate_string;
++ SSL_rstate_string_long;
++ SSL_SESSION_cmp;
++ SSL_SESSION_free;
++ SSL_SESSION_get_ex_data;
++ SSL_SESSION_get_ex_new_index;
++ SSL_SESSION_get_id;
++ SSL_SESSION_get_time;
++ SSL_SESSION_get_timeout;
++ SSL_SESSION_hash;
++ SSL_SESSION_new;
++ SSL_SESSION_print;
++ SSL_SESSION_print_fp;
++ SSL_SESSION_set_ex_data;
++ SSL_SESSION_set_time;
++ SSL_SESSION_set_timeout;
++ SSL_set1_param;
++ SSL_set_accept_state;
++ SSL_set_bio;
++ SSL_set_cipher_list;
++ SSL_set_client_CA_list;
++ SSL_set_connect_state;
++ SSL_set_ex_data;
++ SSL_set_fd;
++ SSL_set_generate_session_id;
++ SSL_set_info_callback;
++ SSL_set_msg_callback;
++ SSL_set_psk_client_callback;
++ SSL_set_psk_server_callback;
++ SSL_set_purpose;
++ SSL_set_quiet_shutdown;
++ SSL_set_read_ahead;
++ SSL_set_rfd;
++ SSL_set_session;
++ SSL_set_session_id_context;
++ SSL_set_session_secret_cb;
++ SSL_set_session_ticket_ext;
++ SSL_set_session_ticket_ext_cb;
++ SSL_set_shutdown;
++ SSL_set_SSL_CTX;
++ SSL_set_ssl_method;
++ SSL_set_tmp_dh_callback;
++ SSL_set_tmp_ecdh_callback;
++ SSL_set_tmp_rsa_callback;
++ SSL_set_trust;
++ SSL_set_verify;
++ SSL_set_verify_depth;
++ SSL_set_verify_result;
++ SSL_set_wfd;
++ SSL_shutdown;
++ SSL_state;
++ SSL_state_string;
++ SSL_state_string_long;
++ SSL_use_certificate;
++ SSL_use_certificate_ASN1;
++ SSL_use_certificate_file;
++ SSL_use_PrivateKey;
++ SSL_use_PrivateKey_ASN1;
++ SSL_use_PrivateKey_file;
++ SSL_use_psk_identity_hint;
++ SSL_use_RSAPrivateKey;
++ SSL_use_RSAPrivateKey_ASN1;
++ SSL_use_RSAPrivateKey_file;
++ SSLv23_client_method;
++ SSLv23_method;
++ SSLv23_server_method;
++ SSLv2_client_method;
++ SSLv2_method;
++ SSLv2_server_method;
++ SSLv3_client_method;
++ SSLv3_method;
++ SSLv3_server_method;
++ SSL_version;
++ SSL_want;
++ SSL_write;
++ TLSv1_client_method;
++ TLSv1_method;
++ TLSv1_server_method;
++
++
++ SSLeay;
++ SSLeay_version;
++ ASN1_BIT_STRING_asn1_meth;
++ ASN1_HEADER_free;
++ ASN1_HEADER_new;
++ ASN1_IA5STRING_asn1_meth;
++ ASN1_INTEGER_get;
++ ASN1_INTEGER_set;
++ ASN1_INTEGER_to_BN;
++ ASN1_OBJECT_create;
++ ASN1_OBJECT_free;
++ ASN1_OBJECT_new;
++ ASN1_PRINTABLE_type;
++ ASN1_STRING_cmp;
++ ASN1_STRING_dup;
++ ASN1_STRING_free;
++ ASN1_STRING_new;
++ ASN1_STRING_print;
++ ASN1_STRING_set;
++ ASN1_STRING_type_new;
++ ASN1_TYPE_free;
++ ASN1_TYPE_new;
++ ASN1_UNIVERSALSTRING_to_string;
++ ASN1_UTCTIME_check;
++ ASN1_UTCTIME_print;
++ ASN1_UTCTIME_set;
++ ASN1_check_infinite_end;
++ ASN1_d2i_bio;
++ ASN1_d2i_fp;
++ ASN1_digest;
++ ASN1_dup;
++ ASN1_get_object;
++ ASN1_i2d_bio;
++ ASN1_i2d_fp;
++ ASN1_object_size;
++ ASN1_parse;
++ ASN1_put_object;
++ ASN1_sign;
++ ASN1_verify;
++ BF_cbc_encrypt;
++ BF_cfb64_encrypt;
++ BF_ecb_encrypt;
++ BF_encrypt;
++ BF_ofb64_encrypt;
++ BF_options;
++ BF_set_key;
++ BIO_CONNECT_free;
++ BIO_CONNECT_new;
++ BIO_accept;
++ BIO_ctrl;
++ BIO_int_ctrl;
++ BIO_debug_callback;
++ BIO_dump;
++ BIO_dup_chain;
++ BIO_f_base64;
++ BIO_f_buffer;
++ BIO_f_cipher;
++ BIO_f_md;
++ BIO_f_null;
++ BIO_f_proxy_server;
++ BIO_fd_non_fatal_error;
++ BIO_fd_should_retry;
++ BIO_find_type;
++ BIO_free;
++ BIO_free_all;
++ BIO_get_accept_socket;
++ BIO_get_filter_bio;
++ BIO_get_host_ip;
++ BIO_get_port;
++ BIO_get_retry_BIO;
++ BIO_get_retry_reason;
++ BIO_gethostbyname;
++ BIO_gets;
++ BIO_new;
++ BIO_new_accept;
++ BIO_new_connect;
++ BIO_new_fd;
++ BIO_new_file;
++ BIO_new_fp;
++ BIO_new_socket;
++ BIO_pop;
++ BIO_printf;
++ BIO_push;
++ BIO_puts;
++ BIO_read;
++ BIO_s_accept;
++ BIO_s_connect;
++ BIO_s_fd;
++ BIO_s_file;
++ BIO_s_mem;
++ BIO_s_null;
++ BIO_s_proxy_client;
++ BIO_s_socket;
++ BIO_set;
++ BIO_set_cipher;
++ BIO_set_tcp_ndelay;
++ BIO_sock_cleanup;
++ BIO_sock_error;
++ BIO_sock_init;
++ BIO_sock_non_fatal_error;
++ BIO_sock_should_retry;
++ BIO_socket_ioctl;
++ BIO_write;
++ BN_CTX_free;
++ BN_CTX_new;
++ BN_MONT_CTX_free;
++ BN_MONT_CTX_new;
++ BN_MONT_CTX_set;
++ BN_add;
++ BN_add_word;
++ BN_hex2bn;
++ BN_bin2bn;
++ BN_bn2hex;
++ BN_bn2bin;
++ BN_clear;
++ BN_clear_bit;
++ BN_clear_free;
++ BN_cmp;
++ BN_copy;
++ BN_div;
++ BN_div_word;
++ BN_dup;
++ BN_free;
++ BN_from_montgomery;
++ BN_gcd;
++ BN_generate_prime;
++ BN_get_word;
++ BN_is_bit_set;
++ BN_is_prime;
++ BN_lshift;
++ BN_lshift1;
++ BN_mask_bits;
++ BN_mod;
++ BN_mod_exp;
++ BN_mod_exp_mont;
++ BN_mod_exp_simple;
++ BN_mod_inverse;
++ BN_mod_mul;
++ BN_mod_mul_montgomery;
++ BN_mod_word;
++ BN_mul;
++ BN_new;
++ BN_num_bits;
++ BN_num_bits_word;
++ BN_options;
++ BN_print;
++ BN_print_fp;
++ BN_rand;
++ BN_reciprocal;
++ BN_rshift;
++ BN_rshift1;
++ BN_set_bit;
++ BN_set_word;
++ BN_sqr;
++ BN_sub;
++ BN_to_ASN1_INTEGER;
++ BN_ucmp;
++ BN_value_one;
++ BUF_MEM_free;
++ BUF_MEM_grow;
++ BUF_MEM_new;
++ BUF_strdup;
++ CONF_free;
++ CONF_get_number;
++ CONF_get_section;
++ CONF_get_string;
++ CONF_load;
++ CRYPTO_add_lock;
++ CRYPTO_dbg_free;
++ CRYPTO_dbg_malloc;
++ CRYPTO_dbg_realloc;
++ CRYPTO_dbg_remalloc;
++ CRYPTO_free;
++ CRYPTO_get_add_lock_callback;
++ CRYPTO_get_id_callback;
++ CRYPTO_get_lock_name;
++ CRYPTO_get_locking_callback;
++ CRYPTO_get_mem_functions;
++ CRYPTO_lock;
++ CRYPTO_malloc;
++ CRYPTO_mem_ctrl;
++ CRYPTO_mem_leaks;
++ CRYPTO_mem_leaks_cb;
++ CRYPTO_mem_leaks_fp;
++ CRYPTO_realloc;
++ CRYPTO_remalloc;
++ CRYPTO_set_add_lock_callback;
++ CRYPTO_set_id_callback;
++ CRYPTO_set_locking_callback;
++ CRYPTO_set_mem_functions;
++ CRYPTO_thread_id;
++ DH_check;
++ DH_compute_key;
++ DH_free;
++ DH_generate_key;
++ DH_generate_parameters;
++ DH_new;
++ DH_size;
++ DHparams_print;
++ DHparams_print_fp;
++ DSA_free;
++ DSA_generate_key;
++ DSA_generate_parameters;
++ DSA_is_prime;
++ DSA_new;
++ DSA_print;
++ DSA_print_fp;
++ DSA_sign;
++ DSA_sign_setup;
++ DSA_size;
++ DSA_verify;
++ DSAparams_print;
++ DSAparams_print_fp;
++ ERR_clear_error;
++ ERR_error_string;
++ ERR_free_strings;
++ ERR_func_error_string;
++ ERR_get_err_state_table;
++ ERR_get_error;
++ ERR_get_error_line;
++ ERR_get_state;
++ ERR_get_string_table;
++ ERR_lib_error_string;
++ ERR_load_ASN1_strings;
++ ERR_load_BIO_strings;
++ ERR_load_BN_strings;
++ ERR_load_BUF_strings;
++ ERR_load_CONF_strings;
++ ERR_load_DH_strings;
++ ERR_load_DSA_strings;
++ ERR_load_ERR_strings;
++ ERR_load_EVP_strings;
++ ERR_load_OBJ_strings;
++ ERR_load_PEM_strings;
++ ERR_load_PROXY_strings;
++ ERR_load_RSA_strings;
++ ERR_load_X509_strings;
++ ERR_load_crypto_strings;
++ ERR_load_strings;
++ ERR_peek_error;
++ ERR_peek_error_line;
++ ERR_print_errors;
++ ERR_print_errors_fp;
++ ERR_put_error;
++ ERR_reason_error_string;
++ ERR_remove_state;
++ EVP_BytesToKey;
++ EVP_CIPHER_CTX_cleanup;
++ EVP_CipherFinal;
++ EVP_CipherInit;
++ EVP_CipherUpdate;
++ EVP_DecodeBlock;
++ EVP_DecodeFinal;
++ EVP_DecodeInit;
++ EVP_DecodeUpdate;
++ EVP_DecryptFinal;
++ EVP_DecryptInit;
++ EVP_DecryptUpdate;
++ EVP_DigestFinal;
++ EVP_DigestInit;
++ EVP_DigestUpdate;
++ EVP_EncodeBlock;
++ EVP_EncodeFinal;
++ EVP_EncodeInit;
++ EVP_EncodeUpdate;
++ EVP_EncryptFinal;
++ EVP_EncryptInit;
++ EVP_EncryptUpdate;
++ EVP_OpenFinal;
++ EVP_OpenInit;
++ EVP_PKEY_assign;
++ EVP_PKEY_copy_parameters;
++ EVP_PKEY_free;
++ EVP_PKEY_missing_parameters;
++ EVP_PKEY_new;
++ EVP_PKEY_save_parameters;
++ EVP_PKEY_size;
++ EVP_PKEY_type;
++ EVP_SealFinal;
++ EVP_SealInit;
++ EVP_SignFinal;
++ EVP_VerifyFinal;
++ EVP_add_alias;
++ EVP_add_cipher;
++ EVP_add_digest;
++ EVP_bf_cbc;
++ EVP_bf_cfb64;
++ EVP_bf_ecb;
++ EVP_bf_ofb;
++ EVP_cleanup;
++ EVP_des_cbc;
++ EVP_des_cfb64;
++ EVP_des_ecb;
++ EVP_des_ede;
++ EVP_des_ede3;
++ EVP_des_ede3_cbc;
++ EVP_des_ede3_cfb64;
++ EVP_des_ede3_ofb;
++ EVP_des_ede_cbc;
++ EVP_des_ede_cfb64;
++ EVP_des_ede_ofb;
++ EVP_des_ofb;
++ EVP_desx_cbc;
++ EVP_dss;
++ EVP_dss1;
++ EVP_enc_null;
++ EVP_get_cipherbyname;
++ EVP_get_digestbyname;
++ EVP_get_pw_prompt;
++ EVP_idea_cbc;
++ EVP_idea_cfb64;
++ EVP_idea_ecb;
++ EVP_idea_ofb;
++ EVP_md2;
++ EVP_md5;
++ EVP_md_null;
++ EVP_rc2_cbc;
++ EVP_rc2_cfb64;
++ EVP_rc2_ecb;
++ EVP_rc2_ofb;
++ EVP_rc4;
++ EVP_read_pw_string;
++ EVP_set_pw_prompt;
++ EVP_sha;
++ EVP_sha1;
++ MD2;
++ MD2_Final;
++ MD2_Init;
++ MD2_Update;
++ MD2_options;
++ MD5;
++ MD5_Final;
++ MD5_Init;
++ MD5_Update;
++ MDC2;
++ MDC2_Final;
++ MDC2_Init;
++ MDC2_Update;
++ NETSCAPE_SPKAC_free;
++ NETSCAPE_SPKAC_new;
++ NETSCAPE_SPKI_free;
++ NETSCAPE_SPKI_new;
++ NETSCAPE_SPKI_sign;
++ NETSCAPE_SPKI_verify;
++ OBJ_add_object;
++ OBJ_bsearch;
++ OBJ_cleanup;
++ OBJ_cmp;
++ OBJ_create;
++ OBJ_dup;
++ OBJ_ln2nid;
++ OBJ_new_nid;
++ OBJ_nid2ln;
++ OBJ_nid2obj;
++ OBJ_nid2sn;
++ OBJ_obj2nid;
++ OBJ_sn2nid;
++ OBJ_txt2nid;
++ PEM_ASN1_read;
++ PEM_ASN1_read_bio;
++ PEM_ASN1_write;
++ PEM_ASN1_write_bio;
++ PEM_SealFinal;
++ PEM_SealInit;
++ PEM_SealUpdate;
++ PEM_SignFinal;
++ PEM_SignInit;
++ PEM_SignUpdate;
++ PEM_X509_INFO_read;
++ PEM_X509_INFO_read_bio;
++ PEM_X509_INFO_write_bio;
++ PEM_dek_info;
++ PEM_do_header;
++ PEM_get_EVP_CIPHER_INFO;
++ PEM_proc_type;
++ PEM_read;
++ PEM_read_DHparams;
++ PEM_read_DSAPrivateKey;
++ PEM_read_DSAparams;
++ PEM_read_PKCS7;
++ PEM_read_PrivateKey;
++ PEM_read_RSAPrivateKey;
++ PEM_read_X509;
++ PEM_read_X509_CRL;
++ PEM_read_X509_REQ;
++ PEM_read_bio;
++ PEM_read_bio_DHparams;
++ PEM_read_bio_DSAPrivateKey;
++ PEM_read_bio_DSAparams;
++ PEM_read_bio_PKCS7;
++ PEM_read_bio_PrivateKey;
++ PEM_read_bio_RSAPrivateKey;
++ PEM_read_bio_X509;
++ PEM_read_bio_X509_CRL;
++ PEM_read_bio_X509_REQ;
++ PEM_write;
++ PEM_write_DHparams;
++ PEM_write_DSAPrivateKey;
++ PEM_write_DSAparams;
++ PEM_write_PKCS7;
++ PEM_write_PrivateKey;
++ PEM_write_RSAPrivateKey;
++ PEM_write_X509;
++ PEM_write_X509_CRL;
++ PEM_write_X509_REQ;
++ PEM_write_bio;
++ PEM_write_bio_DHparams;
++ PEM_write_bio_DSAPrivateKey;
++ PEM_write_bio_DSAparams;
++ PEM_write_bio_PKCS7;
++ PEM_write_bio_PrivateKey;
++ PEM_write_bio_RSAPrivateKey;
++ PEM_write_bio_X509;
++ PEM_write_bio_X509_CRL;
++ PEM_write_bio_X509_REQ;
++ PKCS7_DIGEST_free;
++ PKCS7_DIGEST_new;
++ PKCS7_ENCRYPT_free;
++ PKCS7_ENCRYPT_new;
++ PKCS7_ENC_CONTENT_free;
++ PKCS7_ENC_CONTENT_new;
++ PKCS7_ENVELOPE_free;
++ PKCS7_ENVELOPE_new;
++ PKCS7_ISSUER_AND_SERIAL_digest;
++ PKCS7_ISSUER_AND_SERIAL_free;
++ PKCS7_ISSUER_AND_SERIAL_new;
++ PKCS7_RECIP_INFO_free;
++ PKCS7_RECIP_INFO_new;
++ PKCS7_SIGNED_free;
++ PKCS7_SIGNED_new;
++ PKCS7_SIGNER_INFO_free;
++ PKCS7_SIGNER_INFO_new;
++ PKCS7_SIGN_ENVELOPE_free;
++ PKCS7_SIGN_ENVELOPE_new;
++ PKCS7_dup;
++ PKCS7_free;
++ PKCS7_new;
++ PROXY_ENTRY_add_noproxy;
++ PROXY_ENTRY_clear_noproxy;
++ PROXY_ENTRY_free;
++ PROXY_ENTRY_get_noproxy;
++ PROXY_ENTRY_new;
++ PROXY_ENTRY_set_server;
++ PROXY_add_noproxy;
++ PROXY_add_server;
++ PROXY_check_by_host;
++ PROXY_check_url;
++ PROXY_clear_noproxy;
++ PROXY_free;
++ PROXY_get_noproxy;
++ PROXY_get_proxies;
++ PROXY_get_proxy_entry;
++ PROXY_load_conf;
++ PROXY_new;
++ PROXY_print;
++ RAND_bytes;
++ RAND_cleanup;
++ RAND_file_name;
++ RAND_load_file;
++ RAND_screen;
++ RAND_seed;
++ RAND_write_file;
++ RC2_cbc_encrypt;
++ RC2_cfb64_encrypt;
++ RC2_ecb_encrypt;
++ RC2_encrypt;
++ RC2_ofb64_encrypt;
++ RC2_set_key;
++ RC4;
++ RC4_options;
++ RC4_set_key;
++ RSAPrivateKey_asn1_meth;
++ RSAPrivateKey_dup;
++ RSAPublicKey_dup;
++ RSA_PKCS1_SSLeay;
++ RSA_free;
++ RSA_generate_key;
++ RSA_new;
++ RSA_new_method;
++ RSA_print;
++ RSA_print_fp;
++ RSA_private_decrypt;
++ RSA_private_encrypt;
++ RSA_public_decrypt;
++ RSA_public_encrypt;
++ RSA_set_default_method;
++ RSA_sign;
++ RSA_sign_ASN1_OCTET_STRING;
++ RSA_size;
++ RSA_verify;
++ RSA_verify_ASN1_OCTET_STRING;
++ SHA;
++ SHA1;
++ SHA1_Final;
++ SHA1_Init;
++ SHA1_Update;
++ SHA_Final;
++ SHA_Init;
++ SHA_Update;
++ OpenSSL_add_all_algorithms;
++ OpenSSL_add_all_ciphers;
++ OpenSSL_add_all_digests;
++ TXT_DB_create_index;
++ TXT_DB_free;
++ TXT_DB_get_by_index;
++ TXT_DB_insert;
++ TXT_DB_read;
++ TXT_DB_write;
++ X509_ALGOR_free;
++ X509_ALGOR_new;
++ X509_ATTRIBUTE_free;
++ X509_ATTRIBUTE_new;
++ X509_CINF_free;
++ X509_CINF_new;
++ X509_CRL_INFO_free;
++ X509_CRL_INFO_new;
++ X509_CRL_add_ext;
++ X509_CRL_cmp;
++ X509_CRL_delete_ext;
++ X509_CRL_dup;
++ X509_CRL_free;
++ X509_CRL_get_ext;
++ X509_CRL_get_ext_by_NID;
++ X509_CRL_get_ext_by_OBJ;
++ X509_CRL_get_ext_by_critical;
++ X509_CRL_get_ext_count;
++ X509_CRL_new;
++ X509_CRL_sign;
++ X509_CRL_verify;
++ X509_EXTENSION_create_by_NID;
++ X509_EXTENSION_create_by_OBJ;
++ X509_EXTENSION_dup;
++ X509_EXTENSION_free;
++ X509_EXTENSION_get_critical;
++ X509_EXTENSION_get_data;
++ X509_EXTENSION_get_object;
++ X509_EXTENSION_new;
++ X509_EXTENSION_set_critical;
++ X509_EXTENSION_set_data;
++ X509_EXTENSION_set_object;
++ X509_INFO_free;
++ X509_INFO_new;
++ X509_LOOKUP_by_alias;
++ X509_LOOKUP_by_fingerprint;
++ X509_LOOKUP_by_issuer_serial;
++ X509_LOOKUP_by_subject;
++ X509_LOOKUP_ctrl;
++ X509_LOOKUP_file;
++ X509_LOOKUP_free;
++ X509_LOOKUP_hash_dir;
++ X509_LOOKUP_init;
++ X509_LOOKUP_new;
++ X509_LOOKUP_shutdown;
++ X509_NAME_ENTRY_create_by_NID;
++ X509_NAME_ENTRY_create_by_OBJ;
++ X509_NAME_ENTRY_dup;
++ X509_NAME_ENTRY_free;
++ X509_NAME_ENTRY_get_data;
++ X509_NAME_ENTRY_get_object;
++ X509_NAME_ENTRY_new;
++ X509_NAME_ENTRY_set_data;
++ X509_NAME_ENTRY_set_object;
++ X509_NAME_add_entry;
++ X509_NAME_cmp;
++ X509_NAME_delete_entry;
++ X509_NAME_digest;
++ X509_NAME_dup;
++ X509_NAME_entry_count;
++ X509_NAME_free;
++ X509_NAME_get_entry;
++ X509_NAME_get_index_by_NID;
++ X509_NAME_get_index_by_OBJ;
++ X509_NAME_get_text_by_NID;
++ X509_NAME_get_text_by_OBJ;
++ X509_NAME_hash;
++ X509_NAME_new;
++ X509_NAME_oneline;
++ X509_NAME_print;
++ X509_NAME_set;
++ X509_OBJECT_free_contents;
++ X509_OBJECT_retrieve_by_subject;
++ X509_OBJECT_up_ref_count;
++ X509_PKEY_free;
++ X509_PKEY_new;
++ X509_PUBKEY_free;
++ X509_PUBKEY_get;
++ X509_PUBKEY_new;
++ X509_PUBKEY_set;
++ X509_REQ_INFO_free;
++ X509_REQ_INFO_new;
++ X509_REQ_dup;
++ X509_REQ_free;
++ X509_REQ_get_pubkey;
++ X509_REQ_new;
++ X509_REQ_print;
++ X509_REQ_print_fp;
++ X509_REQ_set_pubkey;
++ X509_REQ_set_subject_name;
++ X509_REQ_set_version;
++ X509_REQ_sign;
++ X509_REQ_to_X509;
++ X509_REQ_verify;
++ X509_REVOKED_add_ext;
++ X509_REVOKED_delete_ext;
++ X509_REVOKED_free;
++ X509_REVOKED_get_ext;
++ X509_REVOKED_get_ext_by_NID;
++ X509_REVOKED_get_ext_by_OBJ;
++ X509_REVOKED_get_ext_by_critical;
++ X509_REVOKED_get_ext_by_critic;
++ X509_REVOKED_get_ext_count;
++ X509_REVOKED_new;
++ X509_SIG_free;
++ X509_SIG_new;
++ X509_STORE_CTX_cleanup;
++ X509_STORE_CTX_init;
++ X509_STORE_add_cert;
++ X509_STORE_add_lookup;
++ X509_STORE_free;
++ X509_STORE_get_by_subject;
++ X509_STORE_load_locations;
++ X509_STORE_new;
++ X509_STORE_set_default_paths;
++ X509_VAL_free;
++ X509_VAL_new;
++ X509_add_ext;
++ X509_asn1_meth;
++ X509_certificate_type;
++ X509_check_private_key;
++ X509_cmp_current_time;
++ X509_delete_ext;
++ X509_digest;
++ X509_dup;
++ X509_free;
++ X509_get_default_cert_area;
++ X509_get_default_cert_dir;
++ X509_get_default_cert_dir_env;
++ X509_get_default_cert_file;
++ X509_get_default_cert_file_env;
++ X509_get_default_private_dir;
++ X509_get_ext;
++ X509_get_ext_by_NID;
++ X509_get_ext_by_OBJ;
++ X509_get_ext_by_critical;
++ X509_get_ext_count;
++ X509_get_issuer_name;
++ X509_get_pubkey;
++ X509_get_pubkey_parameters;
++ X509_get_serialNumber;
++ X509_get_subject_name;
++ X509_gmtime_adj;
++ X509_issuer_and_serial_cmp;
++ X509_issuer_and_serial_hash;
++ X509_issuer_name_cmp;
++ X509_issuer_name_hash;
++ X509_load_cert_file;
++ X509_new;
++ X509_print;
++ X509_print_fp;
++ X509_set_issuer_name;
++ X509_set_notAfter;
++ X509_set_notBefore;
++ X509_set_pubkey;
++ X509_set_serialNumber;
++ X509_set_subject_name;
++ X509_set_version;
++ X509_sign;
++ X509_subject_name_cmp;
++ X509_subject_name_hash;
++ X509_to_X509_REQ;
++ X509_verify;
++ X509_verify_cert;
++ X509_verify_cert_error_string;
++ X509v3_add_ext;
++ X509v3_add_extension;
++ X509v3_add_netscape_extensions;
++ X509v3_add_standard_extensions;
++ X509v3_cleanup_extensions;
++ X509v3_data_type_by_NID;
++ X509v3_data_type_by_OBJ;
++ X509v3_delete_ext;
++ X509v3_get_ext;
++ X509v3_get_ext_by_NID;
++ X509v3_get_ext_by_OBJ;
++ X509v3_get_ext_by_critical;
++ X509v3_get_ext_count;
++ X509v3_pack_string;
++ X509v3_pack_type_by_NID;
++ X509v3_pack_type_by_OBJ;
++ X509v3_unpack_string;
++ _des_crypt;
++ a2d_ASN1_OBJECT;
++ a2i_ASN1_INTEGER;
++ a2i_ASN1_STRING;
++ asn1_Finish;
++ asn1_GetSequence;
++ bn_div_words;
++ bn_expand2;
++ bn_mul_add_words;
++ bn_mul_words;
++ BN_uadd;
++ BN_usub;
++ bn_sqr_words;
++ _ossl_old_crypt;
++ d2i_ASN1_BIT_STRING;
++ d2i_ASN1_BOOLEAN;
++ d2i_ASN1_HEADER;
++ d2i_ASN1_IA5STRING;
++ d2i_ASN1_INTEGER;
++ d2i_ASN1_OBJECT;
++ d2i_ASN1_OCTET_STRING;
++ d2i_ASN1_PRINTABLE;
++ d2i_ASN1_PRINTABLESTRING;
++ d2i_ASN1_SET;
++ d2i_ASN1_T61STRING;
++ d2i_ASN1_TYPE;
++ d2i_ASN1_UTCTIME;
++ d2i_ASN1_bytes;
++ d2i_ASN1_type_bytes;
++ d2i_DHparams;
++ d2i_DSAPrivateKey;
++ d2i_DSAPrivateKey_bio;
++ d2i_DSAPrivateKey_fp;
++ d2i_DSAPublicKey;
++ d2i_DSAparams;
++ d2i_NETSCAPE_SPKAC;
++ d2i_NETSCAPE_SPKI;
++ d2i_Netscape_RSA;
++ d2i_PKCS7;
++ d2i_PKCS7_DIGEST;
++ d2i_PKCS7_ENCRYPT;
++ d2i_PKCS7_ENC_CONTENT;
++ d2i_PKCS7_ENVELOPE;
++ d2i_PKCS7_ISSUER_AND_SERIAL;
++ d2i_PKCS7_RECIP_INFO;
++ d2i_PKCS7_SIGNED;
++ d2i_PKCS7_SIGNER_INFO;
++ d2i_PKCS7_SIGN_ENVELOPE;
++ d2i_PKCS7_bio;
++ d2i_PKCS7_fp;
++ d2i_PrivateKey;
++ d2i_PublicKey;
++ d2i_RSAPrivateKey;
++ d2i_RSAPrivateKey_bio;
++ d2i_RSAPrivateKey_fp;
++ d2i_RSAPublicKey;
++ d2i_X509;
++ d2i_X509_ALGOR;
++ d2i_X509_ATTRIBUTE;
++ d2i_X509_CINF;
++ d2i_X509_CRL;
++ d2i_X509_CRL_INFO;
++ d2i_X509_CRL_bio;
++ d2i_X509_CRL_fp;
++ d2i_X509_EXTENSION;
++ d2i_X509_NAME;
++ d2i_X509_NAME_ENTRY;
++ d2i_X509_PKEY;
++ d2i_X509_PUBKEY;
++ d2i_X509_REQ;
++ d2i_X509_REQ_INFO;
++ d2i_X509_REQ_bio;
++ d2i_X509_REQ_fp;
++ d2i_X509_REVOKED;
++ d2i_X509_SIG;
++ d2i_X509_VAL;
++ d2i_X509_bio;
++ d2i_X509_fp;
++ DES_cbc_cksum;
++ DES_cbc_encrypt;
++ DES_cblock_print_file;
++ DES_cfb64_encrypt;
++ DES_cfb_encrypt;
++ DES_decrypt3;
++ DES_ecb3_encrypt;
++ DES_ecb_encrypt;
++ DES_ede3_cbc_encrypt;
++ DES_ede3_cfb64_encrypt;
++ DES_ede3_ofb64_encrypt;
++ DES_enc_read;
++ DES_enc_write;
++ DES_encrypt1;
++ DES_encrypt2;
++ DES_encrypt3;
++ DES_fcrypt;
++ DES_is_weak_key;
++ DES_key_sched;
++ DES_ncbc_encrypt;
++ DES_ofb64_encrypt;
++ DES_ofb_encrypt;
++ DES_options;
++ DES_pcbc_encrypt;
++ DES_quad_cksum;
++ DES_random_key;
++ _ossl_old_des_random_seed;
++ _ossl_old_des_read_2passwords;
++ _ossl_old_des_read_password;
++ _ossl_old_des_read_pw;
++ _ossl_old_des_read_pw_string;
++ DES_set_key;
++ DES_set_odd_parity;
++ DES_string_to_2keys;
++ DES_string_to_key;
++ DES_xcbc_encrypt;
++ DES_xwhite_in2out;
++ fcrypt_body;
++ i2a_ASN1_INTEGER;
++ i2a_ASN1_OBJECT;
++ i2a_ASN1_STRING;
++ i2d_ASN1_BIT_STRING;
++ i2d_ASN1_BOOLEAN;
++ i2d_ASN1_HEADER;
++ i2d_ASN1_IA5STRING;
++ i2d_ASN1_INTEGER;
++ i2d_ASN1_OBJECT;
++ i2d_ASN1_OCTET_STRING;
++ i2d_ASN1_PRINTABLE;
++ i2d_ASN1_SET;
++ i2d_ASN1_TYPE;
++ i2d_ASN1_UTCTIME;
++ i2d_ASN1_bytes;
++ i2d_DHparams;
++ i2d_DSAPrivateKey;
++ i2d_DSAPrivateKey_bio;
++ i2d_DSAPrivateKey_fp;
++ i2d_DSAPublicKey;
++ i2d_DSAparams;
++ i2d_NETSCAPE_SPKAC;
++ i2d_NETSCAPE_SPKI;
++ i2d_Netscape_RSA;
++ i2d_PKCS7;
++ i2d_PKCS7_DIGEST;
++ i2d_PKCS7_ENCRYPT;
++ i2d_PKCS7_ENC_CONTENT;
++ i2d_PKCS7_ENVELOPE;
++ i2d_PKCS7_ISSUER_AND_SERIAL;
++ i2d_PKCS7_RECIP_INFO;
++ i2d_PKCS7_SIGNED;
++ i2d_PKCS7_SIGNER_INFO;
++ i2d_PKCS7_SIGN_ENVELOPE;
++ i2d_PKCS7_bio;
++ i2d_PKCS7_fp;
++ i2d_PrivateKey;
++ i2d_PublicKey;
++ i2d_RSAPrivateKey;
++ i2d_RSAPrivateKey_bio;
++ i2d_RSAPrivateKey_fp;
++ i2d_RSAPublicKey;
++ i2d_X509;
++ i2d_X509_ALGOR;
++ i2d_X509_ATTRIBUTE;
++ i2d_X509_CINF;
++ i2d_X509_CRL;
++ i2d_X509_CRL_INFO;
++ i2d_X509_CRL_bio;
++ i2d_X509_CRL_fp;
++ i2d_X509_EXTENSION;
++ i2d_X509_NAME;
++ i2d_X509_NAME_ENTRY;
++ i2d_X509_PKEY;
++ i2d_X509_PUBKEY;
++ i2d_X509_REQ;
++ i2d_X509_REQ_INFO;
++ i2d_X509_REQ_bio;
++ i2d_X509_REQ_fp;
++ i2d_X509_REVOKED;
++ i2d_X509_SIG;
++ i2d_X509_VAL;
++ i2d_X509_bio;
++ i2d_X509_fp;
++ idea_cbc_encrypt;
++ idea_cfb64_encrypt;
++ idea_ecb_encrypt;
++ idea_encrypt;
++ idea_ofb64_encrypt;
++ idea_options;
++ idea_set_decrypt_key;
++ idea_set_encrypt_key;
++ lh_delete;
++ lh_doall;
++ lh_doall_arg;
++ lh_free;
++ lh_insert;
++ lh_new;
++ lh_node_stats;
++ lh_node_stats_bio;
++ lh_node_usage_stats;
++ lh_node_usage_stats_bio;
++ lh_retrieve;
++ lh_stats;
++ lh_stats_bio;
++ lh_strhash;
++ sk_delete;
++ sk_delete_ptr;
++ sk_dup;
++ sk_find;
++ sk_free;
++ sk_insert;
++ sk_new;
++ sk_pop;
++ sk_pop_free;
++ sk_push;
++ sk_set_cmp_func;
++ sk_shift;
++ sk_unshift;
++ sk_zero;
++ BIO_f_nbio_test;
++ ASN1_TYPE_get;
++ ASN1_TYPE_set;
++ PKCS7_content_free;
++ ERR_load_PKCS7_strings;
++ X509_find_by_issuer_and_serial;
++ X509_find_by_subject;
++ PKCS7_ctrl;
++ PKCS7_set_type;
++ PKCS7_set_content;
++ PKCS7_SIGNER_INFO_set;
++ PKCS7_add_signer;
++ PKCS7_add_certificate;
++ PKCS7_add_crl;
++ PKCS7_content_new;
++ PKCS7_dataSign;
++ PKCS7_dataVerify;
++ PKCS7_dataInit;
++ PKCS7_add_signature;
++ PKCS7_cert_from_signer_info;
++ PKCS7_get_signer_info;
++ EVP_delete_alias;
++ EVP_mdc2;
++ PEM_read_bio_RSAPublicKey;
++ PEM_write_bio_RSAPublicKey;
++ d2i_RSAPublicKey_bio;
++ i2d_RSAPublicKey_bio;
++ PEM_read_RSAPublicKey;
++ PEM_write_RSAPublicKey;
++ d2i_RSAPublicKey_fp;
++ i2d_RSAPublicKey_fp;
++ BIO_copy_next_retry;
++ RSA_flags;
++ X509_STORE_add_crl;
++ X509_load_crl_file;
++ EVP_rc2_40_cbc;
++ EVP_rc4_40;
++ EVP_CIPHER_CTX_init;
++ HMAC;
++ HMAC_Init;
++ HMAC_Update;
++ HMAC_Final;
++ ERR_get_next_error_library;
++ EVP_PKEY_cmp_parameters;
++ HMAC_cleanup;
++ BIO_ptr_ctrl;
++ BIO_new_file_internal;
++ BIO_new_fp_internal;
++ BIO_s_file_internal;
++ BN_BLINDING_convert;
++ BN_BLINDING_invert;
++ BN_BLINDING_update;
++ RSA_blinding_on;
++ RSA_blinding_off;
++ i2t_ASN1_OBJECT;
++ BN_BLINDING_new;
++ BN_BLINDING_free;
++ EVP_cast5_cbc;
++ EVP_cast5_cfb64;
++ EVP_cast5_ecb;
++ EVP_cast5_ofb;
++ BF_decrypt;
++ CAST_set_key;
++ CAST_encrypt;
++ CAST_decrypt;
++ CAST_ecb_encrypt;
++ CAST_cbc_encrypt;
++ CAST_cfb64_encrypt;
++ CAST_ofb64_encrypt;
++ RC2_decrypt;
++ OBJ_create_objects;
++ BN_exp;
++ BN_mul_word;
++ BN_sub_word;
++ BN_dec2bn;
++ BN_bn2dec;
++ BIO_ghbn_ctrl;
++ CRYPTO_free_ex_data;
++ CRYPTO_get_ex_data;
++ CRYPTO_set_ex_data;
++ ERR_load_CRYPTO_strings;
++ ERR_load_CRYPTOlib_strings;
++ EVP_PKEY_bits;
++ MD5_Transform;
++ SHA1_Transform;
++ SHA_Transform;
++ X509_STORE_CTX_get_chain;
++ X509_STORE_CTX_get_current_cert;
++ X509_STORE_CTX_get_error;
++ X509_STORE_CTX_get_error_depth;
++ X509_STORE_CTX_get_ex_data;
++ X509_STORE_CTX_set_cert;
++ X509_STORE_CTX_set_chain;
++ X509_STORE_CTX_set_error;
++ X509_STORE_CTX_set_ex_data;
++ CRYPTO_dup_ex_data;
++ CRYPTO_get_new_lockid;
++ CRYPTO_new_ex_data;
++ RSA_set_ex_data;
++ RSA_get_ex_data;
++ RSA_get_ex_new_index;
++ RSA_padding_add_PKCS1_type_1;
++ RSA_padding_add_PKCS1_type_2;
++ RSA_padding_add_SSLv23;
++ RSA_padding_add_none;
++ RSA_padding_check_PKCS1_type_1;
++ RSA_padding_check_PKCS1_type_2;
++ RSA_padding_check_SSLv23;
++ RSA_padding_check_none;
++ bn_add_words;
++ d2i_Netscape_RSA_2;
++ CRYPTO_get_ex_new_index;
++ RIPEMD160_Init;
++ RIPEMD160_Update;
++ RIPEMD160_Final;
++ RIPEMD160;
++ RIPEMD160_Transform;
++ RC5_32_set_key;
++ RC5_32_ecb_encrypt;
++ RC5_32_encrypt;
++ RC5_32_decrypt;
++ RC5_32_cbc_encrypt;
++ RC5_32_cfb64_encrypt;
++ RC5_32_ofb64_encrypt;
++ BN_bn2mpi;
++ BN_mpi2bn;
++ ASN1_BIT_STRING_get_bit;
++ ASN1_BIT_STRING_set_bit;
++ BIO_get_ex_data;
++ BIO_get_ex_new_index;
++ BIO_set_ex_data;
++ X509v3_get_key_usage;
++ X509v3_set_key_usage;
++ a2i_X509v3_key_usage;
++ i2a_X509v3_key_usage;
++ EVP_PKEY_decrypt;
++ EVP_PKEY_encrypt;
++ PKCS7_RECIP_INFO_set;
++ PKCS7_add_recipient;
++ PKCS7_add_recipient_info;
++ PKCS7_set_cipher;
++ ASN1_TYPE_get_int_octetstring;
++ ASN1_TYPE_get_octetstring;
++ ASN1_TYPE_set_int_octetstring;
++ ASN1_TYPE_set_octetstring;
++ ASN1_UTCTIME_set_string;
++ ERR_add_error_data;
++ ERR_set_error_data;
++ EVP_CIPHER_asn1_to_param;
++ EVP_CIPHER_param_to_asn1;
++ EVP_CIPHER_get_asn1_iv;
++ EVP_CIPHER_set_asn1_iv;
++ EVP_rc5_32_12_16_cbc;
++ EVP_rc5_32_12_16_cfb64;
++ EVP_rc5_32_12_16_ecb;
++ EVP_rc5_32_12_16_ofb;
++ asn1_add_error;
++ d2i_ASN1_BMPSTRING;
++ i2d_ASN1_BMPSTRING;
++ BIO_f_ber;
++ BN_init;
++ COMP_CTX_new;
++ COMP_CTX_free;
++ COMP_CTX_compress_block;
++ COMP_CTX_expand_block;
++ X509_STORE_CTX_get_ex_new_index;
++ OBJ_NAME_add;
++ BIO_socket_nbio;
++ EVP_rc2_64_cbc;
++ OBJ_NAME_cleanup;
++ OBJ_NAME_get;
++ OBJ_NAME_init;
++ OBJ_NAME_new_index;
++ OBJ_NAME_remove;
++ BN_MONT_CTX_copy;
++ BIO_new_socks4a_connect;
++ BIO_s_socks4a_connect;
++ PROXY_set_connect_mode;
++ RAND_SSLeay;
++ RAND_set_rand_method;
++ RSA_memory_lock;
++ bn_sub_words;
++ bn_mul_normal;
++ bn_mul_comba8;
++ bn_mul_comba4;
++ bn_sqr_normal;
++ bn_sqr_comba8;
++ bn_sqr_comba4;
++ bn_cmp_words;
++ bn_mul_recursive;
++ bn_mul_part_recursive;
++ bn_sqr_recursive;
++ bn_mul_low_normal;
++ BN_RECP_CTX_init;
++ BN_RECP_CTX_new;
++ BN_RECP_CTX_free;
++ BN_RECP_CTX_set;
++ BN_mod_mul_reciprocal;
++ BN_mod_exp_recp;
++ BN_div_recp;
++ BN_CTX_init;
++ BN_MONT_CTX_init;
++ RAND_get_rand_method;
++ PKCS7_add_attribute;
++ PKCS7_add_signed_attribute;
++ PKCS7_digest_from_attributes;
++ PKCS7_get_attribute;
++ PKCS7_get_issuer_and_serial;
++ PKCS7_get_signed_attribute;
++ COMP_compress_block;
++ COMP_expand_block;
++ COMP_rle;
++ COMP_zlib;
++ ms_time_diff;
++ ms_time_new;
++ ms_time_free;
++ ms_time_cmp;
++ ms_time_get;
++ PKCS7_set_attributes;
++ PKCS7_set_signed_attributes;
++ X509_ATTRIBUTE_create;
++ X509_ATTRIBUTE_dup;
++ ASN1_GENERALIZEDTIME_check;
++ ASN1_GENERALIZEDTIME_print;
++ ASN1_GENERALIZEDTIME_set;
++ ASN1_GENERALIZEDTIME_set_string;
++ ASN1_TIME_print;
++ BASIC_CONSTRAINTS_free;
++ BASIC_CONSTRAINTS_new;
++ ERR_load_X509V3_strings;
++ NETSCAPE_CERT_SEQUENCE_free;
++ NETSCAPE_CERT_SEQUENCE_new;
++ OBJ_txt2obj;
++ PEM_read_NETSCAPE_CERT_SEQUENCE;
++ PEM_read_NS_CERT_SEQ;
++ PEM_read_bio_NETSCAPE_CERT_SEQUENCE;
++ PEM_read_bio_NS_CERT_SEQ;
++ PEM_write_NETSCAPE_CERT_SEQUENCE;
++ PEM_write_NS_CERT_SEQ;
++ PEM_write_bio_NETSCAPE_CERT_SEQUENCE;
++ PEM_write_bio_NS_CERT_SEQ;
++ X509V3_EXT_add;
++ X509V3_EXT_add_alias;
++ X509V3_EXT_add_conf;
++ X509V3_EXT_cleanup;
++ X509V3_EXT_conf;
++ X509V3_EXT_conf_nid;
++ X509V3_EXT_get;
++ X509V3_EXT_get_nid;
++ X509V3_EXT_print;
++ X509V3_EXT_print_fp;
++ X509V3_add_standard_extensions;
++ X509V3_add_value;
++ X509V3_add_value_bool;
++ X509V3_add_value_int;
++ X509V3_conf_free;
++ X509V3_get_value_bool;
++ X509V3_get_value_int;
++ X509V3_parse_list;
++ d2i_ASN1_GENERALIZEDTIME;
++ d2i_ASN1_TIME;
++ d2i_BASIC_CONSTRAINTS;
++ d2i_NETSCAPE_CERT_SEQUENCE;
++ d2i_ext_ku;
++ ext_ku_free;
++ ext_ku_new;
++ i2d_ASN1_GENERALIZEDTIME;
++ i2d_ASN1_TIME;
++ i2d_BASIC_CONSTRAINTS;
++ i2d_NETSCAPE_CERT_SEQUENCE;
++ i2d_ext_ku;
++ EVP_MD_CTX_copy;
++ i2d_ASN1_ENUMERATED;
++ d2i_ASN1_ENUMERATED;
++ ASN1_ENUMERATED_set;
++ ASN1_ENUMERATED_get;
++ BN_to_ASN1_ENUMERATED;
++ ASN1_ENUMERATED_to_BN;
++ i2a_ASN1_ENUMERATED;
++ a2i_ASN1_ENUMERATED;
++ i2d_GENERAL_NAME;
++ d2i_GENERAL_NAME;
++ GENERAL_NAME_new;
++ GENERAL_NAME_free;
++ GENERAL_NAMES_new;
++ GENERAL_NAMES_free;
++ d2i_GENERAL_NAMES;
++ i2d_GENERAL_NAMES;
++ i2v_GENERAL_NAMES;
++ i2s_ASN1_OCTET_STRING;
++ s2i_ASN1_OCTET_STRING;
++ X509V3_EXT_check_conf;
++ hex_to_string;
++ string_to_hex;
++ DES_ede3_cbcm_encrypt;
++ RSA_padding_add_PKCS1_OAEP;
++ RSA_padding_check_PKCS1_OAEP;
++ X509_CRL_print_fp;
++ X509_CRL_print;
++ i2v_GENERAL_NAME;
++ v2i_GENERAL_NAME;
++ i2d_PKEY_USAGE_PERIOD;
++ d2i_PKEY_USAGE_PERIOD;
++ PKEY_USAGE_PERIOD_new;
++ PKEY_USAGE_PERIOD_free;
++ v2i_GENERAL_NAMES;
++ i2s_ASN1_INTEGER;
++ X509V3_EXT_d2i;
++ name_cmp;
++ str_dup;
++ i2s_ASN1_ENUMERATED;
++ i2s_ASN1_ENUMERATED_TABLE;
++ BIO_s_log;
++ BIO_f_reliable;
++ PKCS7_dataFinal;
++ PKCS7_dataDecode;
++ X509V3_EXT_CRL_add_conf;
++ BN_set_params;
++ BN_get_params;
++ BIO_get_ex_num;
++ BIO_set_ex_free_func;
++ EVP_ripemd160;
++ ASN1_TIME_set;
++ i2d_AUTHORITY_KEYID;
++ d2i_AUTHORITY_KEYID;
++ AUTHORITY_KEYID_new;
++ AUTHORITY_KEYID_free;
++ ASN1_seq_unpack;
++ ASN1_seq_pack;
++ ASN1_unpack_string;
++ ASN1_pack_string;
++ PKCS12_pack_safebag;
++ PKCS12_MAKE_KEYBAG;
++ PKCS8_encrypt;
++ PKCS12_MAKE_SHKEYBAG;
++ PKCS12_pack_p7data;
++ PKCS12_pack_p7encdata;
++ PKCS12_add_localkeyid;
++ PKCS12_add_friendlyname_asc;
++ PKCS12_add_friendlyname_uni;
++ PKCS12_get_friendlyname;
++ PKCS12_pbe_crypt;
++ PKCS12_decrypt_d2i;
++ PKCS12_i2d_encrypt;
++ PKCS12_init;
++ PKCS12_key_gen_asc;
++ PKCS12_key_gen_uni;
++ PKCS12_gen_mac;
++ PKCS12_verify_mac;
++ PKCS12_set_mac;
++ PKCS12_setup_mac;
++ OPENSSL_asc2uni;
++ OPENSSL_uni2asc;
++ i2d_PKCS12_BAGS;
++ PKCS12_BAGS_new;
++ d2i_PKCS12_BAGS;
++ PKCS12_BAGS_free;
++ i2d_PKCS12;
++ d2i_PKCS12;
++ PKCS12_new;
++ PKCS12_free;
++ i2d_PKCS12_MAC_DATA;
++ PKCS12_MAC_DATA_new;
++ d2i_PKCS12_MAC_DATA;
++ PKCS12_MAC_DATA_free;
++ i2d_PKCS12_SAFEBAG;
++ PKCS12_SAFEBAG_new;
++ d2i_PKCS12_SAFEBAG;
++ PKCS12_SAFEBAG_free;
++ ERR_load_PKCS12_strings;
++ PKCS12_PBE_add;
++ PKCS8_add_keyusage;
++ PKCS12_get_attr_gen;
++ PKCS12_parse;
++ PKCS12_create;
++ i2d_PKCS12_bio;
++ i2d_PKCS12_fp;
++ d2i_PKCS12_bio;
++ d2i_PKCS12_fp;
++ i2d_PBEPARAM;
++ PBEPARAM_new;
++ d2i_PBEPARAM;
++ PBEPARAM_free;
++ i2d_PKCS8_PRIV_KEY_INFO;
++ PKCS8_PRIV_KEY_INFO_new;
++ d2i_PKCS8_PRIV_KEY_INFO;
++ PKCS8_PRIV_KEY_INFO_free;
++ EVP_PKCS82PKEY;
++ EVP_PKEY2PKCS8;
++ PKCS8_set_broken;
++ EVP_PBE_ALGOR_CipherInit;
++ EVP_PBE_alg_add;
++ PKCS5_pbe_set;
++ EVP_PBE_cleanup;
++ i2d_SXNET;
++ d2i_SXNET;
++ SXNET_new;
++ SXNET_free;
++ i2d_SXNETID;
++ d2i_SXNETID;
++ SXNETID_new;
++ SXNETID_free;
++ DSA_SIG_new;
++ DSA_SIG_free;
++ DSA_do_sign;
++ DSA_do_verify;
++ d2i_DSA_SIG;
++ i2d_DSA_SIG;
++ i2d_ASN1_VISIBLESTRING;
++ d2i_ASN1_VISIBLESTRING;
++ i2d_ASN1_UTF8STRING;
++ d2i_ASN1_UTF8STRING;
++ i2d_DIRECTORYSTRING;
++ d2i_DIRECTORYSTRING;
++ i2d_DISPLAYTEXT;
++ d2i_DISPLAYTEXT;
++ d2i_ASN1_SET_OF_X509;
++ i2d_ASN1_SET_OF_X509;
++ i2d_PBKDF2PARAM;
++ PBKDF2PARAM_new;
++ d2i_PBKDF2PARAM;
++ PBKDF2PARAM_free;
++ i2d_PBE2PARAM;
++ PBE2PARAM_new;
++ d2i_PBE2PARAM;
++ PBE2PARAM_free;
++ d2i_ASN1_SET_OF_GENERAL_NAME;
++ i2d_ASN1_SET_OF_GENERAL_NAME;
++ d2i_ASN1_SET_OF_SXNETID;
++ i2d_ASN1_SET_OF_SXNETID;
++ d2i_ASN1_SET_OF_POLICYQUALINFO;
++ i2d_ASN1_SET_OF_POLICYQUALINFO;
++ d2i_ASN1_SET_OF_POLICYINFO;
++ i2d_ASN1_SET_OF_POLICYINFO;
++ SXNET_add_id_asc;
++ SXNET_add_id_ulong;
++ SXNET_add_id_INTEGER;
++ SXNET_get_id_asc;
++ SXNET_get_id_ulong;
++ SXNET_get_id_INTEGER;
++ X509V3_set_conf_lhash;
++ i2d_CERTIFICATEPOLICIES;
++ CERTIFICATEPOLICIES_new;
++ CERTIFICATEPOLICIES_free;
++ d2i_CERTIFICATEPOLICIES;
++ i2d_POLICYINFO;
++ POLICYINFO_new;
++ d2i_POLICYINFO;
++ POLICYINFO_free;
++ i2d_POLICYQUALINFO;
++ POLICYQUALINFO_new;
++ d2i_POLICYQUALINFO;
++ POLICYQUALINFO_free;
++ i2d_USERNOTICE;
++ USERNOTICE_new;
++ d2i_USERNOTICE;
++ USERNOTICE_free;
++ i2d_NOTICEREF;
++ NOTICEREF_new;
++ d2i_NOTICEREF;
++ NOTICEREF_free;
++ X509V3_get_string;
++ X509V3_get_section;
++ X509V3_string_free;
++ X509V3_section_free;
++ X509V3_set_ctx;
++ s2i_ASN1_INTEGER;
++ CRYPTO_set_locked_mem_functions;
++ CRYPTO_get_locked_mem_functions;
++ CRYPTO_malloc_locked;
++ CRYPTO_free_locked;
++ BN_mod_exp2_mont;
++ ERR_get_error_line_data;
++ ERR_peek_error_line_data;
++ PKCS12_PBE_keyivgen;
++ X509_ALGOR_dup;
++ d2i_ASN1_SET_OF_DIST_POINT;
++ i2d_ASN1_SET_OF_DIST_POINT;
++ i2d_CRL_DIST_POINTS;
++ CRL_DIST_POINTS_new;
++ CRL_DIST_POINTS_free;
++ d2i_CRL_DIST_POINTS;
++ i2d_DIST_POINT;
++ DIST_POINT_new;
++ d2i_DIST_POINT;
++ DIST_POINT_free;
++ i2d_DIST_POINT_NAME;
++ DIST_POINT_NAME_new;
++ DIST_POINT_NAME_free;
++ d2i_DIST_POINT_NAME;
++ X509V3_add_value_uchar;
++ d2i_ASN1_SET_OF_X509_ATTRIBUTE;
++ i2d_ASN1_SET_OF_ASN1_TYPE;
++ d2i_ASN1_SET_OF_X509_EXTENSION;
++ d2i_ASN1_SET_OF_X509_NAME_ENTRY;
++ d2i_ASN1_SET_OF_ASN1_TYPE;
++ i2d_ASN1_SET_OF_X509_ATTRIBUTE;
++ i2d_ASN1_SET_OF_X509_EXTENSION;
++ i2d_ASN1_SET_OF_X509_NAME_ENTRY;
++ X509V3_EXT_i2d;
++ X509V3_EXT_val_prn;
++ X509V3_EXT_add_list;
++ EVP_CIPHER_type;
++ EVP_PBE_CipherInit;
++ X509V3_add_value_bool_nf;
++ d2i_ASN1_UINTEGER;
++ sk_value;
++ sk_num;
++ sk_set;
++ i2d_ASN1_SET_OF_X509_REVOKED;
++ sk_sort;
++ d2i_ASN1_SET_OF_X509_REVOKED;
++ i2d_ASN1_SET_OF_X509_ALGOR;
++ i2d_ASN1_SET_OF_X509_CRL;
++ d2i_ASN1_SET_OF_X509_ALGOR;
++ d2i_ASN1_SET_OF_X509_CRL;
++ i2d_ASN1_SET_OF_PKCS7_SIGNER_INFO;
++ i2d_ASN1_SET_OF_PKCS7_RECIP_INFO;
++ d2i_ASN1_SET_OF_PKCS7_SIGNER_INFO;
++ d2i_ASN1_SET_OF_PKCS7_RECIP_INFO;
++ PKCS5_PBE_add;
++ PEM_write_bio_PKCS8;
++ i2d_PKCS8_fp;
++ PEM_read_bio_PKCS8_PRIV_KEY_INFO;
++ PEM_read_bio_P8_PRIV_KEY_INFO;
++ d2i_PKCS8_bio;
++ d2i_PKCS8_PRIV_KEY_INFO_fp;
++ PEM_write_bio_PKCS8_PRIV_KEY_INFO;
++ PEM_write_bio_P8_PRIV_KEY_INFO;
++ PEM_read_PKCS8;
++ d2i_PKCS8_PRIV_KEY_INFO_bio;
++ d2i_PKCS8_fp;
++ PEM_write_PKCS8;
++ PEM_read_PKCS8_PRIV_KEY_INFO;
++ PEM_read_P8_PRIV_KEY_INFO;
++ PEM_read_bio_PKCS8;
++ PEM_write_PKCS8_PRIV_KEY_INFO;
++ PEM_write_P8_PRIV_KEY_INFO;
++ PKCS5_PBE_keyivgen;
++ i2d_PKCS8_bio;
++ i2d_PKCS8_PRIV_KEY_INFO_fp;
++ i2d_PKCS8_PRIV_KEY_INFO_bio;
++ BIO_s_bio;
++ PKCS5_pbe2_set;
++ PKCS5_PBKDF2_HMAC_SHA1;
++ PKCS5_v2_PBE_keyivgen;
++ PEM_write_bio_PKCS8PrivateKey;
++ PEM_write_PKCS8PrivateKey;
++ BIO_ctrl_get_read_request;
++ BIO_ctrl_pending;
++ BIO_ctrl_wpending;
++ BIO_new_bio_pair;
++ BIO_ctrl_get_write_guarantee;
++ CRYPTO_num_locks;
++ CONF_load_bio;
++ CONF_load_fp;
++ i2d_ASN1_SET_OF_ASN1_OBJECT;
++ d2i_ASN1_SET_OF_ASN1_OBJECT;
++ PKCS7_signatureVerify;
++ RSA_set_method;
++ RSA_get_method;
++ RSA_get_default_method;
++ RSA_check_key;
++ OBJ_obj2txt;
++ DSA_dup_DH;
++ X509_REQ_get_extensions;
++ X509_REQ_set_extension_nids;
++ BIO_nwrite;
++ X509_REQ_extension_nid;
++ BIO_nread;
++ X509_REQ_get_extension_nids;
++ BIO_nwrite0;
++ X509_REQ_add_extensions_nid;
++ BIO_nread0;
++ X509_REQ_add_extensions;
++ BIO_new_mem_buf;
++ DH_set_ex_data;
++ DH_set_method;
++ DSA_OpenSSL;
++ DH_get_ex_data;
++ DH_get_ex_new_index;
++ DSA_new_method;
++ DH_new_method;
++ DH_OpenSSL;
++ DSA_get_ex_new_index;
++ DH_get_default_method;
++ DSA_set_ex_data;
++ DH_set_default_method;
++ DSA_get_ex_data;
++ X509V3_EXT_REQ_add_conf;
++ NETSCAPE_SPKI_print;
++ NETSCAPE_SPKI_set_pubkey;
++ NETSCAPE_SPKI_b64_encode;
++ NETSCAPE_SPKI_get_pubkey;
++ NETSCAPE_SPKI_b64_decode;
++ UTF8_putc;
++ UTF8_getc;
++ RSA_null_method;
++ ASN1_tag2str;
++ BIO_ctrl_reset_read_request;
++ DISPLAYTEXT_new;
++ ASN1_GENERALIZEDTIME_free;
++ X509_REVOKED_get_ext_d2i;
++ X509_set_ex_data;
++ X509_reject_set_bit_asc;
++ X509_NAME_add_entry_by_txt;
++ X509_NAME_add_entry_by_NID;
++ X509_PURPOSE_get0;
++ PEM_read_X509_AUX;
++ d2i_AUTHORITY_INFO_ACCESS;
++ PEM_write_PUBKEY;
++ ACCESS_DESCRIPTION_new;
++ X509_CERT_AUX_free;
++ d2i_ACCESS_DESCRIPTION;
++ X509_trust_clear;
++ X509_TRUST_add;
++ ASN1_VISIBLESTRING_new;
++ X509_alias_set1;
++ ASN1_PRINTABLESTRING_free;
++ EVP_PKEY_get1_DSA;
++ ASN1_BMPSTRING_new;
++ ASN1_mbstring_copy;
++ ASN1_UTF8STRING_new;
++ DSA_get_default_method;
++ i2d_ASN1_SET_OF_ACCESS_DESCRIPTION;
++ ASN1_T61STRING_free;
++ DSA_set_method;
++ X509_get_ex_data;
++ ASN1_STRING_type;
++ X509_PURPOSE_get_by_sname;
++ ASN1_TIME_free;
++ ASN1_OCTET_STRING_cmp;
++ ASN1_BIT_STRING_new;
++ X509_get_ext_d2i;
++ PEM_read_bio_X509_AUX;
++ ASN1_STRING_set_default_mask_asc;
++ ASN1_STRING_set_def_mask_asc;
++ PEM_write_bio_RSA_PUBKEY;
++ ASN1_INTEGER_cmp;
++ d2i_RSA_PUBKEY_fp;
++ X509_trust_set_bit_asc;
++ PEM_write_bio_DSA_PUBKEY;
++ X509_STORE_CTX_free;
++ EVP_PKEY_set1_DSA;
++ i2d_DSA_PUBKEY_fp;
++ X509_load_cert_crl_file;
++ ASN1_TIME_new;
++ i2d_RSA_PUBKEY;
++ X509_STORE_CTX_purpose_inherit;
++ PEM_read_RSA_PUBKEY;
++ d2i_X509_AUX;
++ i2d_DSA_PUBKEY;
++ X509_CERT_AUX_print;
++ PEM_read_DSA_PUBKEY;
++ i2d_RSA_PUBKEY_bio;
++ ASN1_BIT_STRING_num_asc;
++ i2d_PUBKEY;
++ ASN1_UTCTIME_free;
++ DSA_set_default_method;
++ X509_PURPOSE_get_by_id;
++ ACCESS_DESCRIPTION_free;
++ PEM_read_bio_PUBKEY;
++ ASN1_STRING_set_by_NID;
++ X509_PURPOSE_get_id;
++ DISPLAYTEXT_free;
++ OTHERNAME_new;
++ X509_CERT_AUX_new;
++ X509_TRUST_cleanup;
++ X509_NAME_add_entry_by_OBJ;
++ X509_CRL_get_ext_d2i;
++ X509_PURPOSE_get0_name;
++ PEM_read_PUBKEY;
++ i2d_DSA_PUBKEY_bio;
++ i2d_OTHERNAME;
++ ASN1_OCTET_STRING_free;
++ ASN1_BIT_STRING_set_asc;
++ X509_get_ex_new_index;
++ ASN1_STRING_TABLE_cleanup;
++ X509_TRUST_get_by_id;
++ X509_PURPOSE_get_trust;
++ ASN1_STRING_length;
++ d2i_ASN1_SET_OF_ACCESS_DESCRIPTION;
++ ASN1_PRINTABLESTRING_new;
++ X509V3_get_d2i;
++ ASN1_ENUMERATED_free;
++ i2d_X509_CERT_AUX;
++ X509_STORE_CTX_set_trust;
++ ASN1_STRING_set_default_mask;
++ X509_STORE_CTX_new;
++ EVP_PKEY_get1_RSA;
++ DIRECTORYSTRING_free;
++ PEM_write_X509_AUX;
++ ASN1_OCTET_STRING_set;
++ d2i_DSA_PUBKEY_fp;
++ d2i_RSA_PUBKEY;
++ X509_TRUST_get0_name;
++ X509_TRUST_get0;
++ AUTHORITY_INFO_ACCESS_free;
++ ASN1_IA5STRING_new;
++ d2i_DSA_PUBKEY;
++ X509_check_purpose;
++ ASN1_ENUMERATED_new;
++ d2i_RSA_PUBKEY_bio;
++ d2i_PUBKEY;
++ X509_TRUST_get_trust;
++ X509_TRUST_get_flags;
++ ASN1_BMPSTRING_free;
++ ASN1_T61STRING_new;
++ ASN1_UTCTIME_new;
++ i2d_AUTHORITY_INFO_ACCESS;
++ EVP_PKEY_set1_RSA;
++ X509_STORE_CTX_set_purpose;
++ ASN1_IA5STRING_free;
++ PEM_write_bio_X509_AUX;
++ X509_PURPOSE_get_count;
++ CRYPTO_add_info;
++ X509_NAME_ENTRY_create_by_txt;
++ ASN1_STRING_get_default_mask;
++ X509_alias_get0;
++ ASN1_STRING_data;
++ i2d_ACCESS_DESCRIPTION;
++ X509_trust_set_bit;
++ ASN1_BIT_STRING_free;
++ PEM_read_bio_RSA_PUBKEY;
++ X509_add1_reject_object;
++ X509_check_trust;
++ PEM_read_bio_DSA_PUBKEY;
++ X509_PURPOSE_add;
++ ASN1_STRING_TABLE_get;
++ ASN1_UTF8STRING_free;
++ d2i_DSA_PUBKEY_bio;
++ PEM_write_RSA_PUBKEY;
++ d2i_OTHERNAME;
++ X509_reject_set_bit;
++ PEM_write_DSA_PUBKEY;
++ X509_PURPOSE_get0_sname;
++ EVP_PKEY_set1_DH;
++ ASN1_OCTET_STRING_dup;
++ ASN1_BIT_STRING_set;
++ X509_TRUST_get_count;
++ ASN1_INTEGER_free;
++ OTHERNAME_free;
++ i2d_RSA_PUBKEY_fp;
++ ASN1_INTEGER_dup;
++ d2i_X509_CERT_AUX;
++ PEM_write_bio_PUBKEY;
++ ASN1_VISIBLESTRING_free;
++ X509_PURPOSE_cleanup;
++ ASN1_mbstring_ncopy;
++ ASN1_GENERALIZEDTIME_new;
++ EVP_PKEY_get1_DH;
++ ASN1_OCTET_STRING_new;
++ ASN1_INTEGER_new;
++ i2d_X509_AUX;
++ ASN1_BIT_STRING_name_print;
++ X509_cmp;
++ ASN1_STRING_length_set;
++ DIRECTORYSTRING_new;
++ X509_add1_trust_object;
++ PKCS12_newpass;
++ SMIME_write_PKCS7;
++ SMIME_read_PKCS7;
++ DES_set_key_checked;
++ PKCS7_verify;
++ PKCS7_encrypt;
++ DES_set_key_unchecked;
++ SMIME_crlf_copy;
++ i2d_ASN1_PRINTABLESTRING;
++ PKCS7_get0_signers;
++ PKCS7_decrypt;
++ SMIME_text;
++ PKCS7_simple_smimecap;
++ PKCS7_get_smimecap;
++ PKCS7_sign;
++ PKCS7_add_attrib_smimecap;
++ CRYPTO_dbg_set_options;
++ CRYPTO_remove_all_info;
++ CRYPTO_get_mem_debug_functions;
++ CRYPTO_is_mem_check_on;
++ CRYPTO_set_mem_debug_functions;
++ CRYPTO_pop_info;
++ CRYPTO_push_info_;
++ CRYPTO_set_mem_debug_options;
++ PEM_write_PKCS8PrivateKey_nid;
++ PEM_write_bio_PKCS8PrivateKey_nid;
++ PEM_write_bio_PKCS8PrivKey_nid;
++ d2i_PKCS8PrivateKey_bio;
++ ASN1_NULL_free;
++ d2i_ASN1_NULL;
++ ASN1_NULL_new;
++ i2d_PKCS8PrivateKey_bio;
++ i2d_PKCS8PrivateKey_fp;
++ i2d_ASN1_NULL;
++ i2d_PKCS8PrivateKey_nid_fp;
++ d2i_PKCS8PrivateKey_fp;
++ i2d_PKCS8PrivateKey_nid_bio;
++ i2d_PKCS8PrivateKeyInfo_fp;
++ i2d_PKCS8PrivateKeyInfo_bio;
++ PEM_cb;
++ i2d_PrivateKey_fp;
++ d2i_PrivateKey_bio;
++ d2i_PrivateKey_fp;
++ i2d_PrivateKey_bio;
++ X509_reject_clear;
++ X509_TRUST_set_default;
++ d2i_AutoPrivateKey;
++ X509_ATTRIBUTE_get0_type;
++ X509_ATTRIBUTE_set1_data;
++ X509at_get_attr;
++ X509at_get_attr_count;
++ X509_ATTRIBUTE_create_by_NID;
++ X509_ATTRIBUTE_set1_object;
++ X509_ATTRIBUTE_count;
++ X509_ATTRIBUTE_create_by_OBJ;
++ X509_ATTRIBUTE_get0_object;
++ X509at_get_attr_by_NID;
++ X509at_add1_attr;
++ X509_ATTRIBUTE_get0_data;
++ X509at_delete_attr;
++ X509at_get_attr_by_OBJ;
++ RAND_add;
++ BIO_number_written;
++ BIO_number_read;
++ X509_STORE_CTX_get1_chain;
++ ERR_load_RAND_strings;
++ RAND_pseudo_bytes;
++ X509_REQ_get_attr_by_NID;
++ X509_REQ_get_attr;
++ X509_REQ_add1_attr_by_NID;
++ X509_REQ_get_attr_by_OBJ;
++ X509at_add1_attr_by_NID;
++ X509_REQ_add1_attr_by_OBJ;
++ X509_REQ_get_attr_count;
++ X509_REQ_add1_attr;
++ X509_REQ_delete_attr;
++ X509at_add1_attr_by_OBJ;
++ X509_REQ_add1_attr_by_txt;
++ X509_ATTRIBUTE_create_by_txt;
++ X509at_add1_attr_by_txt;
++ BN_pseudo_rand;
++ BN_is_prime_fasttest;
++ BN_CTX_end;
++ BN_CTX_start;
++ BN_CTX_get;
++ EVP_PKEY2PKCS8_broken;
++ ASN1_STRING_TABLE_add;
++ CRYPTO_dbg_get_options;
++ AUTHORITY_INFO_ACCESS_new;
++ CRYPTO_get_mem_debug_options;
++ DES_crypt;
++ PEM_write_bio_X509_REQ_NEW;
++ PEM_write_X509_REQ_NEW;
++ BIO_callback_ctrl;
++ RAND_egd;
++ RAND_status;
++ bn_dump1;
++ DES_check_key_parity;
++ lh_num_items;
++ RAND_event;
++ DSO_new;
++ DSO_new_method;
++ DSO_free;
++ DSO_flags;
++ DSO_up;
++ DSO_set_default_method;
++ DSO_get_default_method;
++ DSO_get_method;
++ DSO_set_method;
++ DSO_load;
++ DSO_bind_var;
++ DSO_METHOD_null;
++ DSO_METHOD_openssl;
++ DSO_METHOD_dlfcn;
++ DSO_METHOD_win32;
++ ERR_load_DSO_strings;
++ DSO_METHOD_dl;
++ NCONF_load;
++ NCONF_load_fp;
++ NCONF_new;
++ NCONF_get_string;
++ NCONF_free;
++ NCONF_get_number;
++ CONF_dump_fp;
++ NCONF_load_bio;
++ NCONF_dump_fp;
++ NCONF_get_section;
++ NCONF_dump_bio;
++ CONF_dump_bio;
++ NCONF_free_data;
++ CONF_set_default_method;
++ ERR_error_string_n;
++ BIO_snprintf;
++ DSO_ctrl;
++ i2d_ASN1_SET_OF_ASN1_INTEGER;
++ i2d_ASN1_SET_OF_PKCS12_SAFEBAG;
++ i2d_ASN1_SET_OF_PKCS7;
++ BIO_vfree;
++ d2i_ASN1_SET_OF_ASN1_INTEGER;
++ d2i_ASN1_SET_OF_PKCS12_SAFEBAG;
++ ASN1_UTCTIME_get;
++ X509_REQ_digest;
++ X509_CRL_digest;
++ d2i_ASN1_SET_OF_PKCS7;
++ EVP_CIPHER_CTX_set_key_length;
++ EVP_CIPHER_CTX_ctrl;
++ BN_mod_exp_mont_word;
++ RAND_egd_bytes;
++ X509_REQ_get1_email;
++ X509_get1_email;
++ X509_email_free;
++ i2d_RSA_NET;
++ d2i_RSA_NET_2;
++ d2i_RSA_NET;
++ DSO_bind_func;
++ CRYPTO_get_new_dynlockid;
++ sk_new_null;
++ CRYPTO_set_dynlock_destroy_callback;
++ CRYPTO_set_dynlock_destroy_cb;
++ CRYPTO_destroy_dynlockid;
++ CRYPTO_set_dynlock_size;
++ CRYPTO_set_dynlock_create_callback;
++ CRYPTO_set_dynlock_create_cb;
++ CRYPTO_set_dynlock_lock_callback;
++ CRYPTO_set_dynlock_lock_cb;
++ CRYPTO_get_dynlock_lock_callback;
++ CRYPTO_get_dynlock_lock_cb;
++ CRYPTO_get_dynlock_destroy_callback;
++ CRYPTO_get_dynlock_destroy_cb;
++ CRYPTO_get_dynlock_value;
++ CRYPTO_get_dynlock_create_callback;
++ CRYPTO_get_dynlock_create_cb;
++ c2i_ASN1_BIT_STRING;
++ i2c_ASN1_BIT_STRING;
++ RAND_poll;
++ c2i_ASN1_INTEGER;
++ i2c_ASN1_INTEGER;
++ BIO_dump_indent;
++ ASN1_parse_dump;
++ c2i_ASN1_OBJECT;
++ X509_NAME_print_ex_fp;
++ ASN1_STRING_print_ex_fp;
++ X509_NAME_print_ex;
++ ASN1_STRING_print_ex;
++ MD4;
++ MD4_Transform;
++ MD4_Final;
++ MD4_Update;
++ MD4_Init;
++ EVP_md4;
++ i2d_PUBKEY_bio;
++ i2d_PUBKEY_fp;
++ d2i_PUBKEY_bio;
++ ASN1_STRING_to_UTF8;
++ BIO_vprintf;
++ BIO_vsnprintf;
++ d2i_PUBKEY_fp;
++ X509_cmp_time;
++ X509_STORE_CTX_set_time;
++ X509_STORE_CTX_get1_issuer;
++ X509_OBJECT_retrieve_match;
++ X509_OBJECT_idx_by_subject;
++ X509_STORE_CTX_set_flags;
++ X509_STORE_CTX_trusted_stack;
++ X509_time_adj;
++ X509_check_issued;
++ ASN1_UTCTIME_cmp_time_t;
++ DES_set_weak_key_flag;
++ DES_check_key;
++ DES_rw_mode;
++ RSA_PKCS1_RSAref;
++ X509_keyid_set1;
++ BIO_next;
++ DSO_METHOD_vms;
++ BIO_f_linebuffer;
++ BN_bntest_rand;
++ OPENSSL_issetugid;
++ BN_rand_range;
++ ERR_load_ENGINE_strings;
++ ENGINE_set_DSA;
++ ENGINE_get_finish_function;
++ ENGINE_get_default_RSA;
++ ENGINE_get_BN_mod_exp;
++ DSA_get_default_openssl_method;
++ ENGINE_set_DH;
++ ENGINE_set_def_BN_mod_exp_crt;
++ ENGINE_set_default_BN_mod_exp_crt;
++ ENGINE_init;
++ DH_get_default_openssl_method;
++ RSA_set_default_openssl_method;
++ ENGINE_finish;
++ ENGINE_load_public_key;
++ ENGINE_get_DH;
++ ENGINE_ctrl;
++ ENGINE_get_init_function;
++ ENGINE_set_init_function;
++ ENGINE_set_default_DSA;
++ ENGINE_get_name;
++ ENGINE_get_last;
++ ENGINE_get_prev;
++ ENGINE_get_default_DH;
++ ENGINE_get_RSA;
++ ENGINE_set_default;
++ ENGINE_get_RAND;
++ ENGINE_get_first;
++ ENGINE_by_id;
++ ENGINE_set_finish_function;
++ ENGINE_get_def_BN_mod_exp_crt;
++ ENGINE_get_default_BN_mod_exp_crt;
++ RSA_get_default_openssl_method;
++ ENGINE_set_RSA;
++ ENGINE_load_private_key;
++ ENGINE_set_default_RAND;
++ ENGINE_set_BN_mod_exp;
++ ENGINE_remove;
++ ENGINE_free;
++ ENGINE_get_BN_mod_exp_crt;
++ ENGINE_get_next;
++ ENGINE_set_name;
++ ENGINE_get_default_DSA;
++ ENGINE_set_default_BN_mod_exp;
++ ENGINE_set_default_RSA;
++ ENGINE_get_default_RAND;
++ ENGINE_get_default_BN_mod_exp;
++ ENGINE_set_RAND;
++ ENGINE_set_id;
++ ENGINE_set_BN_mod_exp_crt;
++ ENGINE_set_default_DH;
++ ENGINE_new;
++ ENGINE_get_id;
++ DSA_set_default_openssl_method;
++ ENGINE_add;
++ DH_set_default_openssl_method;
++ ENGINE_get_DSA;
++ ENGINE_get_ctrl_function;
++ ENGINE_set_ctrl_function;
++ BN_pseudo_rand_range;
++ X509_STORE_CTX_set_verify_cb;
++ ERR_load_COMP_strings;
++ PKCS12_item_decrypt_d2i;
++ ASN1_UTF8STRING_it;
++ ENGINE_unregister_ciphers;
++ ENGINE_get_ciphers;
++ d2i_OCSP_BASICRESP;
++ KRB5_CHECKSUM_it;
++ EC_POINT_add;
++ ASN1_item_ex_i2d;
++ OCSP_CERTID_it;
++ d2i_OCSP_RESPBYTES;
++ X509V3_add1_i2d;
++ PKCS7_ENVELOPE_it;
++ UI_add_input_boolean;
++ ENGINE_unregister_RSA;
++ X509V3_EXT_nconf;
++ ASN1_GENERALSTRING_free;
++ d2i_OCSP_CERTSTATUS;
++ X509_REVOKED_set_serialNumber;
++ X509_print_ex;
++ OCSP_ONEREQ_get1_ext_d2i;
++ ENGINE_register_all_RAND;
++ ENGINE_load_dynamic;
++ PBKDF2PARAM_it;
++ EXTENDED_KEY_USAGE_new;
++ EC_GROUP_clear_free;
++ OCSP_sendreq_bio;
++ ASN1_item_digest;
++ OCSP_BASICRESP_delete_ext;
++ OCSP_SIGNATURE_it;
++ X509_CRL_it;
++ OCSP_BASICRESP_add_ext;
++ KRB5_ENCKEY_it;
++ UI_method_set_closer;
++ X509_STORE_set_purpose;
++ i2d_ASN1_GENERALSTRING;
++ OCSP_response_status;
++ i2d_OCSP_SERVICELOC;
++ ENGINE_get_digest_engine;
++ EC_GROUP_set_curve_GFp;
++ OCSP_REQUEST_get_ext_by_OBJ;
++ _ossl_old_des_random_key;
++ ASN1_T61STRING_it;
++ EC_GROUP_method_of;
++ i2d_KRB5_APREQ;
++ _ossl_old_des_encrypt;
++ ASN1_PRINTABLE_new;
++ HMAC_Init_ex;
++ d2i_KRB5_AUTHENT;
++ OCSP_archive_cutoff_new;
++ EC_POINT_set_Jprojective_coordinates_GFp;
++ EC_POINT_set_Jproj_coords_GFp;
++ _ossl_old_des_is_weak_key;
++ OCSP_BASICRESP_get_ext_by_OBJ;
++ EC_POINT_oct2point;
++ OCSP_SINGLERESP_get_ext_count;
++ UI_ctrl;
++ _shadow_DES_rw_mode;
++ asn1_do_adb;
++ ASN1_template_i2d;
++ ENGINE_register_DH;
++ UI_construct_prompt;
++ X509_STORE_set_trust;
++ UI_dup_input_string;
++ d2i_KRB5_APREQ;
++ EVP_MD_CTX_copy_ex;
++ OCSP_request_is_signed;
++ i2d_OCSP_REQINFO;
++ KRB5_ENCKEY_free;
++ OCSP_resp_get0;
++ GENERAL_NAME_it;
++ ASN1_GENERALIZEDTIME_it;
++ X509_STORE_set_flags;
++ EC_POINT_set_compressed_coordinates_GFp;
++ EC_POINT_set_compr_coords_GFp;
++ OCSP_response_status_str;
++ d2i_OCSP_REVOKEDINFO;
++ OCSP_basic_add1_cert;
++ ERR_get_implementation;
++ EVP_CipherFinal_ex;
++ OCSP_CERTSTATUS_new;
++ CRYPTO_cleanup_all_ex_data;
++ OCSP_resp_find;
++ BN_nnmod;
++ X509_CRL_sort;
++ X509_REVOKED_set_revocationDate;
++ ENGINE_register_RAND;
++ OCSP_SERVICELOC_new;
++ EC_POINT_set_affine_coordinates_GFp;
++ EC_POINT_set_affine_coords_GFp;
++ _ossl_old_des_options;
++ SXNET_it;
++ UI_dup_input_boolean;
++ PKCS12_add_CSPName_asc;
++ EC_POINT_is_at_infinity;
++ ENGINE_load_cryptodev;
++ DSO_convert_filename;
++ POLICYQUALINFO_it;
++ ENGINE_register_ciphers;
++ BN_mod_lshift_quick;
++ DSO_set_filename;
++ ASN1_item_free;
++ KRB5_TKTBODY_free;
++ AUTHORITY_KEYID_it;
++ KRB5_APREQBODY_new;
++ X509V3_EXT_REQ_add_nconf;
++ ENGINE_ctrl_cmd_string;
++ i2d_OCSP_RESPDATA;
++ EVP_MD_CTX_init;
++ EXTENDED_KEY_USAGE_free;
++ PKCS7_ATTR_SIGN_it;
++ UI_add_error_string;
++ KRB5_CHECKSUM_free;
++ OCSP_REQUEST_get_ext;
++ ENGINE_load_ubsec;
++ ENGINE_register_all_digests;
++ PKEY_USAGE_PERIOD_it;
++ PKCS12_unpack_authsafes;
++ ASN1_item_unpack;
++ NETSCAPE_SPKAC_it;
++ X509_REVOKED_it;
++ ASN1_STRING_encode;
++ EVP_aes_128_ecb;
++ KRB5_AUTHENT_free;
++ OCSP_BASICRESP_get_ext_by_critical;
++ OCSP_BASICRESP_get_ext_by_crit;
++ OCSP_cert_status_str;
++ d2i_OCSP_REQUEST;
++ UI_dup_info_string;
++ _ossl_old_des_xwhite_in2out;
++ PKCS12_it;
++ OCSP_SINGLERESP_get_ext_by_critical;
++ OCSP_SINGLERESP_get_ext_by_crit;
++ OCSP_CERTSTATUS_free;
++ _ossl_old_des_crypt;
++ ASN1_item_i2d;
++ EVP_DecryptFinal_ex;
++ ENGINE_load_openssl;
++ ENGINE_get_cmd_defns;
++ ENGINE_set_load_privkey_function;
++ ENGINE_set_load_privkey_fn;
++ EVP_EncryptFinal_ex;
++ ENGINE_set_default_digests;
++ X509_get0_pubkey_bitstr;
++ asn1_ex_i2c;
++ ENGINE_register_RSA;
++ ENGINE_unregister_DSA;
++ _ossl_old_des_key_sched;
++ X509_EXTENSION_it;
++ i2d_KRB5_AUTHENT;
++ SXNETID_it;
++ d2i_OCSP_SINGLERESP;
++ EDIPARTYNAME_new;
++ PKCS12_certbag2x509;
++ _ossl_old_des_ofb64_encrypt;
++ d2i_EXTENDED_KEY_USAGE;
++ ERR_print_errors_cb;
++ ENGINE_set_ciphers;
++ d2i_KRB5_APREQBODY;
++ UI_method_get_flusher;
++ X509_PUBKEY_it;
++ _ossl_old_des_enc_read;
++ PKCS7_ENCRYPT_it;
++ i2d_OCSP_RESPONSE;
++ EC_GROUP_get_cofactor;
++ PKCS12_unpack_p7data;
++ d2i_KRB5_AUTHDATA;
++ OCSP_copy_nonce;
++ KRB5_AUTHDATA_new;
++ OCSP_RESPDATA_new;
++ EC_GFp_mont_method;
++ OCSP_REVOKEDINFO_free;
++ UI_get_ex_data;
++ KRB5_APREQBODY_free;
++ EC_GROUP_get0_generator;
++ UI_get_default_method;
++ X509V3_set_nconf;
++ PKCS12_item_i2d_encrypt;
++ X509_add1_ext_i2d;
++ PKCS7_SIGNER_INFO_it;
++ KRB5_PRINCNAME_new;
++ PKCS12_SAFEBAG_it;
++ EC_GROUP_get_order;
++ d2i_OCSP_RESPID;
++ OCSP_request_verify;
++ NCONF_get_number_e;
++ _ossl_old_des_decrypt3;
++ X509_signature_print;
++ OCSP_SINGLERESP_free;
++ ENGINE_load_builtin_engines;
++ i2d_OCSP_ONEREQ;
++ OCSP_REQUEST_add_ext;
++ OCSP_RESPBYTES_new;
++ EVP_MD_CTX_create;
++ OCSP_resp_find_status;
++ X509_ALGOR_it;
++ ASN1_TIME_it;
++ OCSP_request_set1_name;
++ OCSP_ONEREQ_get_ext_count;
++ UI_get0_result;
++ PKCS12_AUTHSAFES_it;
++ EVP_aes_256_ecb;
++ PKCS12_pack_authsafes;
++ ASN1_IA5STRING_it;
++ UI_get_input_flags;
++ EC_GROUP_set_generator;
++ _ossl_old_des_string_to_2keys;
++ OCSP_CERTID_free;
++ X509_CERT_AUX_it;
++ CERTIFICATEPOLICIES_it;
++ _ossl_old_des_ede3_cbc_encrypt;
++ RAND_set_rand_engine;
++ DSO_get_loaded_filename;
++ X509_ATTRIBUTE_it;
++ OCSP_ONEREQ_get_ext_by_NID;
++ PKCS12_decrypt_skey;
++ KRB5_AUTHENT_it;
++ UI_dup_error_string;
++ RSAPublicKey_it;
++ i2d_OCSP_REQUEST;
++ PKCS12_x509crl2certbag;
++ OCSP_SERVICELOC_it;
++ ASN1_item_sign;
++ X509_CRL_set_issuer_name;
++ OBJ_NAME_do_all_sorted;
++ i2d_OCSP_BASICRESP;
++ i2d_OCSP_RESPBYTES;
++ PKCS12_unpack_p7encdata;
++ HMAC_CTX_init;
++ ENGINE_get_digest;
++ OCSP_RESPONSE_print;
++ KRB5_TKTBODY_it;
++ ACCESS_DESCRIPTION_it;
++ PKCS7_ISSUER_AND_SERIAL_it;
++ PBE2PARAM_it;
++ PKCS12_certbag2x509crl;
++ PKCS7_SIGNED_it;
++ ENGINE_get_cipher;
++ i2d_OCSP_CRLID;
++ OCSP_SINGLERESP_new;
++ ENGINE_cmd_is_executable;
++ RSA_up_ref;
++ ASN1_GENERALSTRING_it;
++ ENGINE_register_DSA;
++ X509V3_EXT_add_nconf_sk;
++ ENGINE_set_load_pubkey_function;
++ PKCS8_decrypt;
++ PEM_bytes_read_bio;
++ DIRECTORYSTRING_it;
++ d2i_OCSP_CRLID;
++ EC_POINT_is_on_curve;
++ CRYPTO_set_locked_mem_ex_functions;
++ CRYPTO_set_locked_mem_ex_funcs;
++ d2i_KRB5_CHECKSUM;
++ ASN1_item_dup;
++ X509_it;
++ BN_mod_add;
++ KRB5_AUTHDATA_free;
++ _ossl_old_des_cbc_cksum;
++ ASN1_item_verify;
++ CRYPTO_set_mem_ex_functions;
++ EC_POINT_get_Jprojective_coordinates_GFp;
++ EC_POINT_get_Jproj_coords_GFp;
++ ZLONG_it;
++ CRYPTO_get_locked_mem_ex_functions;
++ CRYPTO_get_locked_mem_ex_funcs;
++ ASN1_TIME_check;
++ UI_get0_user_data;
++ HMAC_CTX_cleanup;
++ DSA_up_ref;
++ _ossl_old_des_ede3_cfb64_encrypt;
++ _ossl_odes_ede3_cfb64_encrypt;
++ ASN1_BMPSTRING_it;
++ ASN1_tag2bit;
++ UI_method_set_flusher;
++ X509_ocspid_print;
++ KRB5_ENCDATA_it;
++ ENGINE_get_load_pubkey_function;
++ UI_add_user_data;
++ OCSP_REQUEST_delete_ext;
++ UI_get_method;
++ OCSP_ONEREQ_free;
++ ASN1_PRINTABLESTRING_it;
++ X509_CRL_set_nextUpdate;
++ OCSP_REQUEST_it;
++ OCSP_BASICRESP_it;
++ AES_ecb_encrypt;
++ BN_mod_sqr;
++ NETSCAPE_CERT_SEQUENCE_it;
++ GENERAL_NAMES_it;
++ AUTHORITY_INFO_ACCESS_it;
++ ASN1_FBOOLEAN_it;
++ UI_set_ex_data;
++ _ossl_old_des_string_to_key;
++ ENGINE_register_all_RSA;
++ d2i_KRB5_PRINCNAME;
++ OCSP_RESPBYTES_it;
++ X509_CINF_it;
++ ENGINE_unregister_digests;
++ d2i_EDIPARTYNAME;
++ d2i_OCSP_SERVICELOC;
++ ENGINE_get_digests;
++ _ossl_old_des_set_odd_parity;
++ OCSP_RESPDATA_free;
++ d2i_KRB5_TICKET;
++ OTHERNAME_it;
++ EVP_MD_CTX_cleanup;
++ d2i_ASN1_GENERALSTRING;
++ X509_CRL_set_version;
++ BN_mod_sub;
++ OCSP_SINGLERESP_get_ext_by_NID;
++ ENGINE_get_ex_new_index;
++ OCSP_REQUEST_free;
++ OCSP_REQUEST_add1_ext_i2d;
++ X509_VAL_it;
++ EC_POINTs_make_affine;
++ EC_POINT_mul;
++ X509V3_EXT_add_nconf;
++ X509_TRUST_set;
++ X509_CRL_add1_ext_i2d;
++ _ossl_old_des_fcrypt;
++ DISPLAYTEXT_it;
++ X509_CRL_set_lastUpdate;
++ OCSP_BASICRESP_free;
++ OCSP_BASICRESP_add1_ext_i2d;
++ d2i_KRB5_AUTHENTBODY;
++ CRYPTO_set_ex_data_implementation;
++ CRYPTO_set_ex_data_impl;
++ KRB5_ENCDATA_new;
++ DSO_up_ref;
++ OCSP_crl_reason_str;
++ UI_get0_result_string;
++ ASN1_GENERALSTRING_new;
++ X509_SIG_it;
++ ERR_set_implementation;
++ ERR_load_EC_strings;
++ UI_get0_action_string;
++ OCSP_ONEREQ_get_ext;
++ EC_POINT_method_of;
++ i2d_KRB5_APREQBODY;
++ _ossl_old_des_ecb3_encrypt;
++ CRYPTO_get_mem_ex_functions;
++ ENGINE_get_ex_data;
++ UI_destroy_method;
++ ASN1_item_i2d_bio;
++ OCSP_ONEREQ_get_ext_by_OBJ;
++ ASN1_primitive_new;
++ ASN1_PRINTABLE_it;
++ EVP_aes_192_ecb;
++ OCSP_SIGNATURE_new;
++ LONG_it;
++ ASN1_VISIBLESTRING_it;
++ OCSP_SINGLERESP_add1_ext_i2d;
++ d2i_OCSP_CERTID;
++ ASN1_item_d2i_fp;
++ CRL_DIST_POINTS_it;
++ GENERAL_NAME_print;
++ OCSP_SINGLERESP_delete_ext;
++ PKCS12_SAFEBAGS_it;
++ d2i_OCSP_SIGNATURE;
++ OCSP_request_add1_nonce;
++ ENGINE_set_cmd_defns;
++ OCSP_SERVICELOC_free;
++ EC_GROUP_free;
++ ASN1_BIT_STRING_it;
++ X509_REQ_it;
++ _ossl_old_des_cbc_encrypt;
++ ERR_unload_strings;
++ PKCS7_SIGN_ENVELOPE_it;
++ EDIPARTYNAME_free;
++ OCSP_REQINFO_free;
++ EC_GROUP_new_curve_GFp;
++ OCSP_REQUEST_get1_ext_d2i;
++ PKCS12_item_pack_safebag;
++ asn1_ex_c2i;
++ ENGINE_register_digests;
++ i2d_OCSP_REVOKEDINFO;
++ asn1_enc_restore;
++ UI_free;
++ UI_new_method;
++ EVP_EncryptInit_ex;
++ X509_pubkey_digest;
++ EC_POINT_invert;
++ OCSP_basic_sign;
++ i2d_OCSP_RESPID;
++ OCSP_check_nonce;
++ ENGINE_ctrl_cmd;
++ d2i_KRB5_ENCKEY;
++ OCSP_parse_url;
++ OCSP_SINGLERESP_get_ext;
++ OCSP_CRLID_free;
++ OCSP_BASICRESP_get1_ext_d2i;
++ RSAPrivateKey_it;
++ ENGINE_register_all_DH;
++ i2d_EDIPARTYNAME;
++ EC_POINT_get_affine_coordinates_GFp;
++ EC_POINT_get_affine_coords_GFp;
++ OCSP_CRLID_new;
++ ENGINE_get_flags;
++ OCSP_ONEREQ_it;
++ UI_process;
++ ASN1_INTEGER_it;
++ EVP_CipherInit_ex;
++ UI_get_string_type;
++ ENGINE_unregister_DH;
++ ENGINE_register_all_DSA;
++ OCSP_ONEREQ_get_ext_by_critical;
++ bn_dup_expand;
++ OCSP_cert_id_new;
++ BASIC_CONSTRAINTS_it;
++ BN_mod_add_quick;
++ EC_POINT_new;
++ EVP_MD_CTX_destroy;
++ OCSP_RESPBYTES_free;
++ EVP_aes_128_cbc;
++ OCSP_SINGLERESP_get1_ext_d2i;
++ EC_POINT_free;
++ DH_up_ref;
++ X509_NAME_ENTRY_it;
++ UI_get_ex_new_index;
++ BN_mod_sub_quick;
++ OCSP_ONEREQ_add_ext;
++ OCSP_request_sign;
++ EVP_DigestFinal_ex;
++ ENGINE_set_digests;
++ OCSP_id_issuer_cmp;
++ OBJ_NAME_do_all;
++ EC_POINTs_mul;
++ ENGINE_register_complete;
++ X509V3_EXT_nconf_nid;
++ ASN1_SEQUENCE_it;
++ UI_set_default_method;
++ RAND_query_egd_bytes;
++ UI_method_get_writer;
++ UI_OpenSSL;
++ PEM_def_callback;
++ ENGINE_cleanup;
++ DIST_POINT_it;
++ OCSP_SINGLERESP_it;
++ d2i_KRB5_TKTBODY;
++ EC_POINT_cmp;
++ OCSP_REVOKEDINFO_new;
++ i2d_OCSP_CERTSTATUS;
++ OCSP_basic_add1_nonce;
++ ASN1_item_ex_d2i;
++ BN_mod_lshift1_quick;
++ UI_set_method;
++ OCSP_id_get0_info;
++ BN_mod_sqrt;
++ EC_GROUP_copy;
++ KRB5_ENCDATA_free;
++ _ossl_old_des_cfb_encrypt;
++ OCSP_SINGLERESP_get_ext_by_OBJ;
++ OCSP_cert_to_id;
++ OCSP_RESPID_new;
++ OCSP_RESPDATA_it;
++ d2i_OCSP_RESPDATA;
++ ENGINE_register_all_complete;
++ OCSP_check_validity;
++ PKCS12_BAGS_it;
++ OCSP_url_svcloc_new;
++ ASN1_template_free;
++ OCSP_SINGLERESP_add_ext;
++ KRB5_AUTHENTBODY_it;
++ X509_supported_extension;
++ i2d_KRB5_AUTHDATA;
++ UI_method_get_opener;
++ ENGINE_set_ex_data;
++ OCSP_REQUEST_print;
++ CBIGNUM_it;
++ KRB5_TICKET_new;
++ KRB5_APREQ_new;
++ EC_GROUP_get_curve_GFp;
++ KRB5_ENCKEY_new;
++ ASN1_template_d2i;
++ _ossl_old_des_quad_cksum;
++ OCSP_single_get0_status;
++ BN_swap;
++ POLICYINFO_it;
++ ENGINE_set_destroy_function;
++ asn1_enc_free;
++ OCSP_RESPID_it;
++ EC_GROUP_new;
++ EVP_aes_256_cbc;
++ i2d_KRB5_PRINCNAME;
++ _ossl_old_des_encrypt2;
++ _ossl_old_des_encrypt3;
++ PKCS8_PRIV_KEY_INFO_it;
++ OCSP_REQINFO_it;
++ PBEPARAM_it;
++ KRB5_AUTHENTBODY_new;
++ X509_CRL_add0_revoked;
++ EDIPARTYNAME_it;
++ NETSCAPE_SPKI_it;
++ UI_get0_test_string;
++ ENGINE_get_cipher_engine;
++ ENGINE_register_all_ciphers;
++ EC_POINT_copy;
++ BN_kronecker;
++ _ossl_old_des_ede3_ofb64_encrypt;
++ _ossl_odes_ede3_ofb64_encrypt;
++ UI_method_get_reader;
++ OCSP_BASICRESP_get_ext_count;
++ ASN1_ENUMERATED_it;
++ UI_set_result;
++ i2d_KRB5_TICKET;
++ X509_print_ex_fp;
++ EVP_CIPHER_CTX_set_padding;
++ d2i_OCSP_RESPONSE;
++ ASN1_UTCTIME_it;
++ _ossl_old_des_enc_write;
++ OCSP_RESPONSE_new;
++ AES_set_encrypt_key;
++ OCSP_resp_count;
++ KRB5_CHECKSUM_new;
++ ENGINE_load_cswift;
++ OCSP_onereq_get0_id;
++ ENGINE_set_default_ciphers;
++ NOTICEREF_it;
++ X509V3_EXT_CRL_add_nconf;
++ OCSP_REVOKEDINFO_it;
++ AES_encrypt;
++ OCSP_REQUEST_new;
++ ASN1_ANY_it;
++ CRYPTO_ex_data_new_class;
++ _ossl_old_des_ncbc_encrypt;
++ i2d_KRB5_TKTBODY;
++ EC_POINT_clear_free;
++ AES_decrypt;
++ asn1_enc_init;
++ UI_get_result_maxsize;
++ OCSP_CERTID_new;
++ ENGINE_unregister_RAND;
++ UI_method_get_closer;
++ d2i_KRB5_ENCDATA;
++ OCSP_request_onereq_count;
++ OCSP_basic_verify;
++ KRB5_AUTHENTBODY_free;
++ ASN1_item_d2i;
++ ASN1_primitive_free;
++ i2d_EXTENDED_KEY_USAGE;
++ i2d_OCSP_SIGNATURE;
++ asn1_enc_save;
++ ENGINE_load_nuron;
++ _ossl_old_des_pcbc_encrypt;
++ PKCS12_MAC_DATA_it;
++ OCSP_accept_responses_new;
++ asn1_do_lock;
++ PKCS7_ATTR_VERIFY_it;
++ KRB5_APREQBODY_it;
++ i2d_OCSP_SINGLERESP;
++ ASN1_item_ex_new;
++ UI_add_verify_string;
++ _ossl_old_des_set_key;
++ KRB5_PRINCNAME_it;
++ EVP_DecryptInit_ex;
++ i2d_OCSP_CERTID;
++ ASN1_item_d2i_bio;
++ EC_POINT_dbl;
++ asn1_get_choice_selector;
++ i2d_KRB5_CHECKSUM;
++ ENGINE_set_table_flags;
++ AES_options;
++ ENGINE_load_chil;
++ OCSP_id_cmp;
++ OCSP_BASICRESP_new;
++ OCSP_REQUEST_get_ext_by_NID;
++ KRB5_APREQ_it;
++ ENGINE_get_destroy_function;
++ CONF_set_nconf;
++ ASN1_PRINTABLE_free;
++ OCSP_BASICRESP_get_ext_by_NID;
++ DIST_POINT_NAME_it;
++ X509V3_extensions_print;
++ _ossl_old_des_cfb64_encrypt;
++ X509_REVOKED_add1_ext_i2d;
++ _ossl_old_des_ofb_encrypt;
++ KRB5_TKTBODY_new;
++ ASN1_OCTET_STRING_it;
++ ERR_load_UI_strings;
++ i2d_KRB5_ENCKEY;
++ ASN1_template_new;
++ OCSP_SIGNATURE_free;
++ ASN1_item_i2d_fp;
++ KRB5_PRINCNAME_free;
++ PKCS7_RECIP_INFO_it;
++ EXTENDED_KEY_USAGE_it;
++ EC_GFp_simple_method;
++ EC_GROUP_precompute_mult;
++ OCSP_request_onereq_get0;
++ UI_method_set_writer;
++ KRB5_AUTHENT_new;
++ X509_CRL_INFO_it;
++ DSO_set_name_converter;
++ AES_set_decrypt_key;
++ PKCS7_DIGEST_it;
++ PKCS12_x5092certbag;
++ EVP_DigestInit_ex;
++ i2a_ACCESS_DESCRIPTION;
++ OCSP_RESPONSE_it;
++ PKCS7_ENC_CONTENT_it;
++ OCSP_request_add0_id;
++ EC_POINT_make_affine;
++ DSO_get_filename;
++ OCSP_CERTSTATUS_it;
++ OCSP_request_add1_cert;
++ UI_get0_output_string;
++ UI_dup_verify_string;
++ BN_mod_lshift;
++ KRB5_AUTHDATA_it;
++ asn1_set_choice_selector;
++ OCSP_basic_add1_status;
++ OCSP_RESPID_free;
++ asn1_get_field_ptr;
++ UI_add_input_string;
++ OCSP_CRLID_it;
++ i2d_KRB5_AUTHENTBODY;
++ OCSP_REQUEST_get_ext_count;
++ ENGINE_load_atalla;
++ X509_NAME_it;
++ USERNOTICE_it;
++ OCSP_REQINFO_new;
++ OCSP_BASICRESP_get_ext;
++ CRYPTO_get_ex_data_implementation;
++ CRYPTO_get_ex_data_impl;
++ ASN1_item_pack;
++ i2d_KRB5_ENCDATA;
++ X509_PURPOSE_set;
++ X509_REQ_INFO_it;
++ UI_method_set_opener;
++ ASN1_item_ex_free;
++ ASN1_BOOLEAN_it;
++ ENGINE_get_table_flags;
++ UI_create_method;
++ OCSP_ONEREQ_add1_ext_i2d;
++ _shadow_DES_check_key;
++ d2i_OCSP_REQINFO;
++ UI_add_info_string;
++ UI_get_result_minsize;
++ ASN1_NULL_it;
++ BN_mod_lshift1;
++ d2i_OCSP_ONEREQ;
++ OCSP_ONEREQ_new;
++ KRB5_TICKET_it;
++ EVP_aes_192_cbc;
++ KRB5_TICKET_free;
++ UI_new;
++ OCSP_response_create;
++ _ossl_old_des_xcbc_encrypt;
++ PKCS7_it;
++ OCSP_REQUEST_get_ext_by_critical;
++ OCSP_REQUEST_get_ext_by_crit;
++ ENGINE_set_flags;
++ _ossl_old_des_ecb_encrypt;
++ OCSP_response_get1_basic;
++ EVP_Digest;
++ OCSP_ONEREQ_delete_ext;
++ ASN1_TBOOLEAN_it;
++ ASN1_item_new;
++ ASN1_TIME_to_generalizedtime;
++ BIGNUM_it;
++ AES_cbc_encrypt;
++ ENGINE_get_load_privkey_function;
++ ENGINE_get_load_privkey_fn;
++ OCSP_RESPONSE_free;
++ UI_method_set_reader;
++ i2d_ASN1_T61STRING;
++ EC_POINT_set_to_infinity;
++ ERR_load_OCSP_strings;
++ EC_POINT_point2oct;
++ KRB5_APREQ_free;
++ ASN1_OBJECT_it;
++ OCSP_crlID_new;
++ OCSP_crlID2_new;
++ CONF_modules_load_file;
++ CONF_imodule_set_usr_data;
++ ENGINE_set_default_string;
++ CONF_module_get_usr_data;
++ ASN1_add_oid_module;
++ CONF_modules_finish;
++ OPENSSL_config;
++ CONF_modules_unload;
++ CONF_imodule_get_value;
++ CONF_module_set_usr_data;
++ CONF_parse_list;
++ CONF_module_add;
++ CONF_get1_default_config_file;
++ CONF_imodule_get_flags;
++ CONF_imodule_get_module;
++ CONF_modules_load;
++ CONF_imodule_get_name;
++ ERR_peek_top_error;
++ CONF_imodule_get_usr_data;
++ CONF_imodule_set_flags;
++ ENGINE_add_conf_module;
++ ERR_peek_last_error_line;
++ ERR_peek_last_error_line_data;
++ ERR_peek_last_error;
++ DES_read_2passwords;
++ DES_read_password;
++ UI_UTIL_read_pw;
++ UI_UTIL_read_pw_string;
++ ENGINE_load_aep;
++ ENGINE_load_sureware;
++ OPENSSL_add_all_algorithms_noconf;
++ OPENSSL_add_all_algo_noconf;
++ OPENSSL_add_all_algorithms_conf;
++ OPENSSL_add_all_algo_conf;
++ OPENSSL_load_builtin_modules;
++ AES_ofb128_encrypt;
++ AES_ctr128_encrypt;
++ AES_cfb128_encrypt;
++ ENGINE_load_4758cca;
++ _ossl_096_des_random_seed;
++ EVP_aes_256_ofb;
++ EVP_aes_192_ofb;
++ EVP_aes_128_cfb128;
++ EVP_aes_256_cfb128;
++ EVP_aes_128_ofb;
++ EVP_aes_192_cfb128;
++ CONF_modules_free;
++ NCONF_default;
++ OPENSSL_no_config;
++ NCONF_WIN32;
++ ASN1_UNIVERSALSTRING_new;
++ EVP_des_ede_ecb;
++ i2d_ASN1_UNIVERSALSTRING;
++ ASN1_UNIVERSALSTRING_free;
++ ASN1_UNIVERSALSTRING_it;
++ d2i_ASN1_UNIVERSALSTRING;
++ EVP_des_ede3_ecb;
++ X509_REQ_print_ex;
++ ENGINE_up_ref;
++ BUF_MEM_grow_clean;
++ CRYPTO_realloc_clean;
++ BUF_strlcat;
++ BIO_indent;
++ BUF_strlcpy;
++ OpenSSLDie;
++ OPENSSL_cleanse;
++ ENGINE_setup_bsd_cryptodev;
++ ERR_release_err_state_table;
++ EVP_aes_128_cfb8;
++ FIPS_corrupt_rsa;
++ FIPS_selftest_des;
++ EVP_aes_128_cfb1;
++ EVP_aes_192_cfb8;
++ FIPS_mode_set;
++ FIPS_selftest_dsa;
++ EVP_aes_256_cfb8;
++ FIPS_allow_md5;
++ DES_ede3_cfb_encrypt;
++ EVP_des_ede3_cfb8;
++ FIPS_rand_seeded;
++ AES_cfbr_encrypt_block;
++ AES_cfb8_encrypt;
++ FIPS_rand_seed;
++ FIPS_corrupt_des;
++ EVP_aes_192_cfb1;
++ FIPS_selftest_aes;
++ FIPS_set_prng_key;
++ EVP_des_cfb8;
++ FIPS_corrupt_dsa;
++ FIPS_test_mode;
++ FIPS_rand_method;
++ EVP_aes_256_cfb1;
++ ERR_load_FIPS_strings;
++ FIPS_corrupt_aes;
++ FIPS_selftest_sha1;
++ FIPS_selftest_rsa;
++ FIPS_corrupt_sha1;
++ EVP_des_cfb1;
++ FIPS_dsa_check;
++ AES_cfb1_encrypt;
++ EVP_des_ede3_cfb1;
++ FIPS_rand_check;
++ FIPS_md5_allowed;
++ FIPS_mode;
++ FIPS_selftest_failed;
++ sk_is_sorted;
++ X509_check_ca;
++ HMAC_CTX_set_flags;
++ d2i_PROXY_CERT_INFO_EXTENSION;
++ PROXY_POLICY_it;
++ i2d_PROXY_POLICY;
++ i2d_PROXY_CERT_INFO_EXTENSION;
++ d2i_PROXY_POLICY;
++ PROXY_CERT_INFO_EXTENSION_new;
++ PROXY_CERT_INFO_EXTENSION_free;
++ PROXY_CERT_INFO_EXTENSION_it;
++ PROXY_POLICY_free;
++ PROXY_POLICY_new;
++ BN_MONT_CTX_set_locked;
++ FIPS_selftest_rng;
++ EVP_sha384;
++ EVP_sha512;
++ EVP_sha224;
++ EVP_sha256;
++ FIPS_selftest_hmac;
++ FIPS_corrupt_rng;
++ BN_mod_exp_mont_consttime;
++ RSA_X931_hash_id;
++ RSA_padding_check_X931;
++ RSA_verify_PKCS1_PSS;
++ RSA_padding_add_X931;
++ RSA_padding_add_PKCS1_PSS;
++ PKCS1_MGF1;
++ BN_X931_generate_Xpq;
++ RSA_X931_generate_key;
++ BN_X931_derive_prime;
++ BN_X931_generate_prime;
++ RSA_X931_derive;
++ BIO_new_dgram;
++ BN_get0_nist_prime_384;
++ ERR_set_mark;
++ X509_STORE_CTX_set0_crls;
++ ENGINE_set_STORE;
++ ENGINE_register_ECDSA;
++ STORE_meth_set_list_start_fn;
++ STORE_method_set_list_start_function;
++ BN_BLINDING_invert_ex;
++ NAME_CONSTRAINTS_free;
++ STORE_ATTR_INFO_set_number;
++ BN_BLINDING_get_thread_id;
++ X509_STORE_CTX_set0_param;
++ POLICY_MAPPING_it;
++ STORE_parse_attrs_start;
++ POLICY_CONSTRAINTS_free;
++ EVP_PKEY_add1_attr_by_NID;
++ BN_nist_mod_192;
++ EC_GROUP_get_trinomial_basis;
++ STORE_set_method;
++ GENERAL_SUBTREE_free;
++ NAME_CONSTRAINTS_it;
++ ECDH_get_default_method;
++ PKCS12_add_safe;
++ EC_KEY_new_by_curve_name;
++ STORE_meth_get_update_store_fn;
++ STORE_method_get_update_store_function;
++ ENGINE_register_ECDH;
++ SHA512_Update;
++ i2d_ECPrivateKey;
++ BN_get0_nist_prime_192;
++ STORE_modify_certificate;
++ EC_POINT_set_affine_coordinates_GF2m;
++ EC_POINT_set_affine_coords_GF2m;
++ BN_GF2m_mod_exp_arr;
++ STORE_ATTR_INFO_modify_number;
++ X509_keyid_get0;
++ ENGINE_load_gmp;
++ pitem_new;
++ BN_GF2m_mod_mul_arr;
++ STORE_list_public_key_endp;
++ o2i_ECPublicKey;
++ EC_KEY_copy;
++ BIO_dump_fp;
++ X509_policy_node_get0_parent;
++ EC_GROUP_check_discriminant;
++ i2o_ECPublicKey;
++ EC_KEY_precompute_mult;
++ a2i_IPADDRESS;
++ STORE_meth_set_initialise_fn;
++ STORE_method_set_initialise_function;
++ X509_STORE_CTX_set_depth;
++ X509_VERIFY_PARAM_inherit;
++ EC_POINT_point2bn;
++ STORE_ATTR_INFO_set_dn;
++ X509_policy_tree_get0_policies;
++ EC_GROUP_new_curve_GF2m;
++ STORE_destroy_method;
++ ENGINE_unregister_STORE;
++ EVP_PKEY_get1_EC_KEY;
++ STORE_ATTR_INFO_get0_number;
++ ENGINE_get_default_ECDH;
++ EC_KEY_get_conv_form;
++ ASN1_OCTET_STRING_NDEF_it;
++ STORE_delete_public_key;
++ STORE_get_public_key;
++ STORE_modify_arbitrary;
++ ENGINE_get_static_state;
++ pqueue_iterator;
++ ECDSA_SIG_new;
++ OPENSSL_DIR_end;
++ BN_GF2m_mod_sqr;
++ EC_POINT_bn2point;
++ X509_VERIFY_PARAM_set_depth;
++ EC_KEY_set_asn1_flag;
++ STORE_get_method;
++ EC_KEY_get_key_method_data;
++ ECDSA_sign_ex;
++ STORE_parse_attrs_end;
++ EC_GROUP_get_point_conversion_form;
++ EC_GROUP_get_point_conv_form;
++ STORE_method_set_store_function;
++ STORE_ATTR_INFO_in;
++ PEM_read_bio_ECPKParameters;
++ EC_GROUP_get_pentanomial_basis;
++ EVP_PKEY_add1_attr_by_txt;
++ BN_BLINDING_set_flags;
++ X509_VERIFY_PARAM_set1_policies;
++ X509_VERIFY_PARAM_set1_name;
++ X509_VERIFY_PARAM_set_purpose;
++ STORE_get_number;
++ ECDSA_sign_setup;
++ BN_GF2m_mod_solve_quad_arr;
++ EC_KEY_up_ref;
++ POLICY_MAPPING_free;
++ BN_GF2m_mod_div;
++ X509_VERIFY_PARAM_set_flags;
++ EC_KEY_free;
++ STORE_meth_set_list_next_fn;
++ STORE_method_set_list_next_function;
++ PEM_write_bio_ECPrivateKey;
++ d2i_EC_PUBKEY;
++ STORE_meth_get_generate_fn;
++ STORE_method_get_generate_function;
++ STORE_meth_set_list_end_fn;
++ STORE_method_set_list_end_function;
++ pqueue_print;
++ EC_GROUP_have_precompute_mult;
++ EC_KEY_print_fp;
++ BN_GF2m_mod_arr;
++ PEM_write_bio_X509_CERT_PAIR;
++ EVP_PKEY_cmp;
++ X509_policy_level_node_count;
++ STORE_new_engine;
++ STORE_list_public_key_start;
++ X509_VERIFY_PARAM_new;
++ ECDH_get_ex_data;
++ EVP_PKEY_get_attr;
++ ECDSA_do_sign;
++ ENGINE_unregister_ECDH;
++ ECDH_OpenSSL;
++ EC_KEY_set_conv_form;
++ EC_POINT_dup;
++ GENERAL_SUBTREE_new;
++ STORE_list_crl_endp;
++ EC_get_builtin_curves;
++ X509_policy_node_get0_qualifiers;
++ X509_pcy_node_get0_qualifiers;
++ STORE_list_crl_end;
++ EVP_PKEY_set1_EC_KEY;
++ BN_GF2m_mod_sqrt_arr;
++ i2d_ECPrivateKey_bio;
++ ECPKParameters_print_fp;
++ pqueue_find;
++ ECDSA_SIG_free;
++ PEM_write_bio_ECPKParameters;
++ STORE_method_set_ctrl_function;
++ STORE_list_public_key_end;
++ EC_KEY_set_private_key;
++ pqueue_peek;
++ STORE_get_arbitrary;
++ STORE_store_crl;
++ X509_policy_node_get0_policy;
++ PKCS12_add_safes;
++ BN_BLINDING_convert_ex;
++ X509_policy_tree_free;
++ OPENSSL_ia32cap_loc;
++ BN_GF2m_poly2arr;
++ STORE_ctrl;
++ STORE_ATTR_INFO_compare;
++ BN_get0_nist_prime_224;
++ i2d_ECParameters;
++ i2d_ECPKParameters;
++ BN_GENCB_call;
++ d2i_ECPKParameters;
++ STORE_meth_set_generate_fn;
++ STORE_method_set_generate_function;
++ ENGINE_set_ECDH;
++ NAME_CONSTRAINTS_new;
++ SHA256_Init;
++ EC_KEY_get0_public_key;
++ PEM_write_bio_EC_PUBKEY;
++ STORE_ATTR_INFO_set_cstr;
++ STORE_list_crl_next;
++ STORE_ATTR_INFO_in_range;
++ ECParameters_print;
++ STORE_meth_set_delete_fn;
++ STORE_method_set_delete_function;
++ STORE_list_certificate_next;
++ ASN1_generate_nconf;
++ BUF_memdup;
++ BN_GF2m_mod_mul;
++ STORE_meth_get_list_next_fn;
++ STORE_method_get_list_next_function;
++ STORE_ATTR_INFO_get0_dn;
++ STORE_list_private_key_next;
++ EC_GROUP_set_seed;
++ X509_VERIFY_PARAM_set_trust;
++ STORE_ATTR_INFO_free;
++ STORE_get_private_key;
++ EVP_PKEY_get_attr_count;
++ STORE_ATTR_INFO_new;
++ EC_GROUP_get_curve_GF2m;
++ STORE_meth_set_revoke_fn;
++ STORE_method_set_revoke_function;
++ STORE_store_number;
++ BN_is_prime_ex;
++ STORE_revoke_public_key;
++ X509_STORE_CTX_get0_param;
++ STORE_delete_arbitrary;
++ PEM_read_X509_CERT_PAIR;
++ X509_STORE_set_depth;
++ ECDSA_get_ex_data;
++ SHA224;
++ BIO_dump_indent_fp;
++ EC_KEY_set_group;
++ BUF_strndup;
++ STORE_list_certificate_start;
++ BN_GF2m_mod;
++ X509_REQ_check_private_key;
++ EC_GROUP_get_seed_len;
++ ERR_load_STORE_strings;
++ PEM_read_bio_EC_PUBKEY;
++ STORE_list_private_key_end;
++ i2d_EC_PUBKEY;
++ ECDSA_get_default_method;
++ ASN1_put_eoc;
++ X509_STORE_CTX_get_explicit_policy;
++ X509_STORE_CTX_get_expl_policy;
++ X509_VERIFY_PARAM_table_cleanup;
++ STORE_modify_private_key;
++ X509_VERIFY_PARAM_free;
++ EC_METHOD_get_field_type;
++ EC_GFp_nist_method;
++ STORE_meth_set_modify_fn;
++ STORE_method_set_modify_function;
++ STORE_parse_attrs_next;
++ ENGINE_load_padlock;
++ EC_GROUP_set_curve_name;
++ X509_CERT_PAIR_it;
++ STORE_meth_get_revoke_fn;
++ STORE_method_get_revoke_function;
++ STORE_method_set_get_function;
++ STORE_modify_number;
++ STORE_method_get_store_function;
++ STORE_store_private_key;
++ BN_GF2m_mod_sqr_arr;
++ RSA_setup_blinding;
++ BIO_s_datagram;
++ STORE_Memory;
++ sk_find_ex;
++ EC_GROUP_set_curve_GF2m;
++ ENGINE_set_default_ECDSA;
++ POLICY_CONSTRAINTS_new;
++ BN_GF2m_mod_sqrt;
++ ECDH_set_default_method;
++ EC_KEY_generate_key;
++ SHA384_Update;
++ BN_GF2m_arr2poly;
++ STORE_method_get_get_function;
++ STORE_meth_set_cleanup_fn;
++ STORE_method_set_cleanup_function;
++ EC_GROUP_check;
++ d2i_ECPrivateKey_bio;
++ EC_KEY_insert_key_method_data;
++ STORE_meth_get_lock_store_fn;
++ STORE_method_get_lock_store_function;
++ X509_VERIFY_PARAM_get_depth;
++ SHA224_Final;
++ STORE_meth_set_update_store_fn;
++ STORE_method_set_update_store_function;
++ SHA224_Update;
++ d2i_ECPrivateKey;
++ ASN1_item_ndef_i2d;
++ STORE_delete_private_key;
++ ERR_pop_to_mark;
++ ENGINE_register_all_STORE;
++ X509_policy_level_get0_node;
++ i2d_PKCS7_NDEF;
++ EC_GROUP_get_degree;
++ ASN1_generate_v3;
++ STORE_ATTR_INFO_modify_cstr;
++ X509_policy_tree_level_count;
++ BN_GF2m_add;
++ EC_KEY_get0_group;
++ STORE_generate_crl;
++ STORE_store_public_key;
++ X509_CERT_PAIR_free;
++ STORE_revoke_private_key;
++ BN_nist_mod_224;
++ SHA512_Final;
++ STORE_ATTR_INFO_modify_dn;
++ STORE_meth_get_initialise_fn;
++ STORE_method_get_initialise_function;
++ STORE_delete_number;
++ i2d_EC_PUBKEY_bio;
++ BIO_dgram_non_fatal_error;
++ EC_GROUP_get_asn1_flag;
++ STORE_ATTR_INFO_in_ex;
++ STORE_list_crl_start;
++ ECDH_get_ex_new_index;
++ STORE_meth_get_modify_fn;
++ STORE_method_get_modify_function;
++ v2i_ASN1_BIT_STRING;
++ STORE_store_certificate;
++ OBJ_bsearch_ex;
++ X509_STORE_CTX_set_default;
++ STORE_ATTR_INFO_set_sha1str;
++ BN_GF2m_mod_inv;
++ BN_GF2m_mod_exp;
++ STORE_modify_public_key;
++ STORE_meth_get_list_start_fn;
++ STORE_method_get_list_start_function;
++ EC_GROUP_get0_seed;
++ STORE_store_arbitrary;
++ STORE_meth_set_unlock_store_fn;
++ STORE_method_set_unlock_store_function;
++ BN_GF2m_mod_div_arr;
++ ENGINE_set_ECDSA;
++ STORE_create_method;
++ ECPKParameters_print;
++ EC_KEY_get0_private_key;
++ PEM_write_EC_PUBKEY;
++ X509_VERIFY_PARAM_set1;
++ ECDH_set_method;
++ v2i_GENERAL_NAME_ex;
++ ECDH_set_ex_data;
++ STORE_generate_key;
++ BN_nist_mod_521;
++ X509_policy_tree_get0_level;
++ EC_GROUP_set_point_conversion_form;
++ EC_GROUP_set_point_conv_form;
++ PEM_read_EC_PUBKEY;
++ i2d_ECDSA_SIG;
++ ECDSA_OpenSSL;
++ STORE_delete_crl;
++ EC_KEY_get_enc_flags;
++ ASN1_const_check_infinite_end;
++ EVP_PKEY_delete_attr;
++ ECDSA_set_default_method;
++ EC_POINT_set_compressed_coordinates_GF2m;
++ EC_POINT_set_compr_coords_GF2m;
++ EC_GROUP_cmp;
++ STORE_revoke_certificate;
++ BN_get0_nist_prime_256;
++ STORE_meth_get_delete_fn;
++ STORE_method_get_delete_function;
++ SHA224_Init;
++ PEM_read_ECPrivateKey;
++ SHA512_Init;
++ STORE_parse_attrs_endp;
++ BN_set_negative;
++ ERR_load_ECDSA_strings;
++ EC_GROUP_get_basis_type;
++ STORE_list_public_key_next;
++ i2v_ASN1_BIT_STRING;
++ STORE_OBJECT_free;
++ BN_nist_mod_384;
++ i2d_X509_CERT_PAIR;
++ PEM_write_ECPKParameters;
++ ECDH_compute_key;
++ STORE_ATTR_INFO_get0_sha1str;
++ ENGINE_register_all_ECDH;
++ pqueue_pop;
++ STORE_ATTR_INFO_get0_cstr;
++ POLICY_CONSTRAINTS_it;
++ STORE_get_ex_new_index;
++ EVP_PKEY_get_attr_by_OBJ;
++ X509_VERIFY_PARAM_add0_policy;
++ BN_GF2m_mod_solve_quad;
++ SHA256;
++ i2d_ECPrivateKey_fp;
++ X509_policy_tree_get0_user_policies;
++ X509_pcy_tree_get0_usr_policies;
++ OPENSSL_DIR_read;
++ ENGINE_register_all_ECDSA;
++ X509_VERIFY_PARAM_lookup;
++ EC_POINT_get_affine_coordinates_GF2m;
++ EC_POINT_get_affine_coords_GF2m;
++ EC_GROUP_dup;
++ ENGINE_get_default_ECDSA;
++ EC_KEY_new;
++ SHA256_Transform;
++ EC_KEY_set_enc_flags;
++ ECDSA_verify;
++ EC_POINT_point2hex;
++ ENGINE_get_STORE;
++ SHA512;
++ STORE_get_certificate;
++ ECDSA_do_sign_ex;
++ ECDSA_do_verify;
++ d2i_ECPrivateKey_fp;
++ STORE_delete_certificate;
++ SHA512_Transform;
++ X509_STORE_set1_param;
++ STORE_method_get_ctrl_function;
++ STORE_free;
++ PEM_write_ECPrivateKey;
++ STORE_meth_get_unlock_store_fn;
++ STORE_method_get_unlock_store_function;
++ STORE_get_ex_data;
++ EC_KEY_set_public_key;
++ PEM_read_ECPKParameters;
++ X509_CERT_PAIR_new;
++ ENGINE_register_STORE;
++ RSA_generate_key_ex;
++ DSA_generate_parameters_ex;
++ ECParameters_print_fp;
++ X509V3_NAME_from_section;
++ EVP_PKEY_add1_attr;
++ STORE_modify_crl;
++ STORE_list_private_key_start;
++ POLICY_MAPPINGS_it;
++ GENERAL_SUBTREE_it;
++ EC_GROUP_get_curve_name;
++ PEM_write_X509_CERT_PAIR;
++ BIO_dump_indent_cb;
++ d2i_X509_CERT_PAIR;
++ STORE_list_private_key_endp;
++ asn1_const_Finish;
++ i2d_EC_PUBKEY_fp;
++ BN_nist_mod_256;
++ X509_VERIFY_PARAM_add0_table;
++ pqueue_free;
++ BN_BLINDING_create_param;
++ ECDSA_size;
++ d2i_EC_PUBKEY_bio;
++ BN_get0_nist_prime_521;
++ STORE_ATTR_INFO_modify_sha1str;
++ BN_generate_prime_ex;
++ EC_GROUP_new_by_curve_name;
++ SHA256_Final;
++ DH_generate_parameters_ex;
++ PEM_read_bio_ECPrivateKey;
++ STORE_meth_get_cleanup_fn;
++ STORE_method_get_cleanup_function;
++ ENGINE_get_ECDH;
++ d2i_ECDSA_SIG;
++ BN_is_prime_fasttest_ex;
++ ECDSA_sign;
++ X509_policy_check;
++ EVP_PKEY_get_attr_by_NID;
++ STORE_set_ex_data;
++ ENGINE_get_ECDSA;
++ EVP_ecdsa;
++ BN_BLINDING_get_flags;
++ PKCS12_add_cert;
++ STORE_OBJECT_new;
++ ERR_load_ECDH_strings;
++ EC_KEY_dup;
++ EVP_CIPHER_CTX_rand_key;
++ ECDSA_set_method;
++ a2i_IPADDRESS_NC;
++ d2i_ECParameters;
++ STORE_list_certificate_end;
++ STORE_get_crl;
++ X509_POLICY_NODE_print;
++ SHA384_Init;
++ EC_GF2m_simple_method;
++ ECDSA_set_ex_data;
++ SHA384_Final;
++ PKCS7_set_digest;
++ EC_KEY_print;
++ STORE_meth_set_lock_store_fn;
++ STORE_method_set_lock_store_function;
++ ECDSA_get_ex_new_index;
++ SHA384;
++ POLICY_MAPPING_new;
++ STORE_list_certificate_endp;
++ X509_STORE_CTX_get0_policy_tree;
++ EC_GROUP_set_asn1_flag;
++ EC_KEY_check_key;
++ d2i_EC_PUBKEY_fp;
++ PKCS7_set0_type_other;
++ PEM_read_bio_X509_CERT_PAIR;
++ pqueue_next;
++ STORE_meth_get_list_end_fn;
++ STORE_method_get_list_end_function;
++ EVP_PKEY_add1_attr_by_OBJ;
++ X509_VERIFY_PARAM_set_time;
++ pqueue_new;
++ ENGINE_set_default_ECDH;
++ STORE_new_method;
++ PKCS12_add_key;
++ DSO_merge;
++ EC_POINT_hex2point;
++ BIO_dump_cb;
++ SHA256_Update;
++ pqueue_insert;
++ pitem_free;
++ BN_GF2m_mod_inv_arr;
++ ENGINE_unregister_ECDSA;
++ BN_BLINDING_set_thread_id;
++ get_rfc3526_prime_8192;
++ X509_VERIFY_PARAM_clear_flags;
++ get_rfc2409_prime_1024;
++ DH_check_pub_key;
++ get_rfc3526_prime_2048;
++ get_rfc3526_prime_6144;
++ get_rfc3526_prime_1536;
++ get_rfc3526_prime_3072;
++ get_rfc3526_prime_4096;
++ get_rfc2409_prime_768;
++ X509_VERIFY_PARAM_get_flags;
++ EVP_CIPHER_CTX_new;
++ EVP_CIPHER_CTX_free;
++ Camellia_cbc_encrypt;
++ Camellia_cfb128_encrypt;
++ Camellia_cfb1_encrypt;
++ Camellia_cfb8_encrypt;
++ Camellia_ctr128_encrypt;
++ Camellia_cfbr_encrypt_block;
++ Camellia_decrypt;
++ Camellia_ecb_encrypt;
++ Camellia_encrypt;
++ Camellia_ofb128_encrypt;
++ Camellia_set_key;
++ EVP_camellia_128_cbc;
++ EVP_camellia_128_cfb128;
++ EVP_camellia_128_cfb1;
++ EVP_camellia_128_cfb8;
++ EVP_camellia_128_ecb;
++ EVP_camellia_128_ofb;
++ EVP_camellia_192_cbc;
++ EVP_camellia_192_cfb128;
++ EVP_camellia_192_cfb1;
++ EVP_camellia_192_cfb8;
++ EVP_camellia_192_ecb;
++ EVP_camellia_192_ofb;
++ EVP_camellia_256_cbc;
++ EVP_camellia_256_cfb128;
++ EVP_camellia_256_cfb1;
++ EVP_camellia_256_cfb8;
++ EVP_camellia_256_ecb;
++ EVP_camellia_256_ofb;
++ a2i_ipadd;
++ ASIdentifiers_free;
++ i2d_ASIdOrRange;
++ EVP_CIPHER_block_size;
++ v3_asid_is_canonical;
++ IPAddressChoice_free;
++ EVP_CIPHER_CTX_set_app_data;
++ BIO_set_callback_arg;
++ v3_addr_add_prefix;
++ IPAddressOrRange_it;
++ BIO_set_flags;
++ ASIdentifiers_it;
++ v3_addr_get_range;
++ BIO_method_type;
++ v3_addr_inherits;
++ IPAddressChoice_it;
++ AES_ige_encrypt;
++ v3_addr_add_range;
++ EVP_CIPHER_CTX_nid;
++ d2i_ASRange;
++ v3_addr_add_inherit;
++ v3_asid_add_id_or_range;
++ v3_addr_validate_resource_set;
++ EVP_CIPHER_iv_length;
++ EVP_MD_type;
++ v3_asid_canonize;
++ IPAddressRange_free;
++ v3_asid_add_inherit;
++ EVP_CIPHER_CTX_key_length;
++ IPAddressRange_new;
++ ASIdOrRange_new;
++ EVP_MD_size;
++ EVP_MD_CTX_test_flags;
++ BIO_clear_flags;
++ i2d_ASRange;
++ IPAddressRange_it;
++ IPAddressChoice_new;
++ ASIdentifierChoice_new;
++ ASRange_free;
++ EVP_MD_pkey_type;
++ EVP_MD_CTX_clear_flags;
++ IPAddressFamily_free;
++ i2d_IPAddressFamily;
++ IPAddressOrRange_new;
++ EVP_CIPHER_flags;
++ v3_asid_validate_resource_set;
++ d2i_IPAddressRange;
++ AES_bi_ige_encrypt;
++ BIO_get_callback;
++ IPAddressOrRange_free;
++ v3_addr_subset;
++ d2i_IPAddressFamily;
++ v3_asid_subset;
++ BIO_test_flags;
++ i2d_ASIdentifierChoice;
++ ASRange_it;
++ d2i_ASIdentifiers;
++ ASRange_new;
++ d2i_IPAddressChoice;
++ v3_addr_get_afi;
++ EVP_CIPHER_key_length;
++ EVP_Cipher;
++ i2d_IPAddressOrRange;
++ ASIdOrRange_it;
++ EVP_CIPHER_nid;
++ i2d_IPAddressChoice;
++ EVP_CIPHER_CTX_block_size;
++ ASIdentifiers_new;
++ v3_addr_validate_path;
++ IPAddressFamily_new;
++ EVP_MD_CTX_set_flags;
++ v3_addr_is_canonical;
++ i2d_IPAddressRange;
++ IPAddressFamily_it;
++ v3_asid_inherits;
++ EVP_CIPHER_CTX_cipher;
++ EVP_CIPHER_CTX_get_app_data;
++ EVP_MD_block_size;
++ EVP_CIPHER_CTX_flags;
++ v3_asid_validate_path;
++ d2i_IPAddressOrRange;
++ v3_addr_canonize;
++ ASIdentifierChoice_it;
++ EVP_MD_CTX_md;
++ d2i_ASIdentifierChoice;
++ BIO_method_name;
++ EVP_CIPHER_CTX_iv_length;
++ ASIdOrRange_free;
++ ASIdentifierChoice_free;
++ BIO_get_callback_arg;
++ BIO_set_callback;
++ d2i_ASIdOrRange;
++ i2d_ASIdentifiers;
++ SEED_decrypt;
++ SEED_encrypt;
++ SEED_cbc_encrypt;
++ EVP_seed_ofb;
++ SEED_cfb128_encrypt;
++ SEED_ofb128_encrypt;
++ EVP_seed_cbc;
++ SEED_ecb_encrypt;
++ EVP_seed_ecb;
++ SEED_set_key;
++ EVP_seed_cfb128;
++ X509_EXTENSIONS_it;
++ X509_get1_ocsp;
++ OCSP_REQ_CTX_free;
++ i2d_X509_EXTENSIONS;
++ OCSP_sendreq_nbio;
++ OCSP_sendreq_new;
++ d2i_X509_EXTENSIONS;
++ X509_ALGORS_it;
++ X509_ALGOR_get0;
++ X509_ALGOR_set0;
++ AES_unwrap_key;
++ AES_wrap_key;
++ X509at_get0_data_by_OBJ;
++ ASN1_TYPE_set1;
++ ASN1_STRING_set0;
++ i2d_X509_ALGORS;
++ BIO_f_zlib;
++ COMP_zlib_cleanup;
++ d2i_X509_ALGORS;
++ CMS_ReceiptRequest_free;
++ PEM_write_CMS;
++ CMS_add0_CertificateChoices;
++ CMS_unsigned_add1_attr_by_OBJ;
++ ERR_load_CMS_strings;
++ CMS_sign_receipt;
++ i2d_CMS_ContentInfo;
++ CMS_signed_delete_attr;
++ d2i_CMS_bio;
++ CMS_unsigned_get_attr_by_NID;
++ CMS_verify;
++ SMIME_read_CMS;
++ CMS_decrypt_set1_key;
++ CMS_SignerInfo_get0_algs;
++ CMS_add1_cert;
++ CMS_set_detached;
++ CMS_encrypt;
++ CMS_EnvelopedData_create;
++ CMS_uncompress;
++ CMS_add0_crl;
++ CMS_SignerInfo_verify_content;
++ CMS_unsigned_get0_data_by_OBJ;
++ PEM_write_bio_CMS;
++ CMS_unsigned_get_attr;
++ CMS_RecipientInfo_ktri_cert_cmp;
++ CMS_RecipientInfo_ktri_get0_algs;
++ CMS_RecipInfo_ktri_get0_algs;
++ CMS_ContentInfo_free;
++ CMS_final;
++ CMS_add_simple_smimecap;
++ CMS_SignerInfo_verify;
++ CMS_data;
++ CMS_ContentInfo_it;
++ d2i_CMS_ReceiptRequest;
++ CMS_compress;
++ CMS_digest_create;
++ CMS_SignerInfo_cert_cmp;
++ CMS_SignerInfo_sign;
++ CMS_data_create;
++ i2d_CMS_bio;
++ CMS_EncryptedData_set1_key;
++ CMS_decrypt;
++ int_smime_write_ASN1;
++ CMS_unsigned_delete_attr;
++ CMS_unsigned_get_attr_count;
++ CMS_add_smimecap;
++ PEM_read_CMS;
++ CMS_signed_get_attr_by_OBJ;
++ d2i_CMS_ContentInfo;
++ CMS_add_standard_smimecap;
++ CMS_ContentInfo_new;
++ CMS_RecipientInfo_type;
++ CMS_get0_type;
++ CMS_is_detached;
++ CMS_sign;
++ CMS_signed_add1_attr;
++ CMS_unsigned_get_attr_by_OBJ;
++ SMIME_write_CMS;
++ CMS_EncryptedData_decrypt;
++ CMS_get0_RecipientInfos;
++ CMS_add0_RevocationInfoChoice;
++ CMS_decrypt_set1_pkey;
++ CMS_SignerInfo_set1_signer_cert;
++ CMS_get0_signers;
++ CMS_ReceiptRequest_get0_values;
++ CMS_signed_get0_data_by_OBJ;
++ CMS_get0_SignerInfos;
++ CMS_add0_cert;
++ CMS_EncryptedData_encrypt;
++ CMS_digest_verify;
++ CMS_set1_signers_certs;
++ CMS_signed_get_attr;
++ CMS_RecipientInfo_set0_key;
++ CMS_SignedData_init;
++ CMS_RecipientInfo_kekri_get0_id;
++ CMS_verify_receipt;
++ CMS_ReceiptRequest_it;
++ PEM_read_bio_CMS;
++ CMS_get1_crls;
++ CMS_add0_recipient_key;
++ SMIME_read_ASN1;
++ CMS_ReceiptRequest_new;
++ CMS_get0_content;
++ CMS_get1_ReceiptRequest;
++ CMS_signed_add1_attr_by_OBJ;
++ CMS_RecipientInfo_kekri_id_cmp;
++ CMS_add1_ReceiptRequest;
++ CMS_SignerInfo_get0_signer_id;
++ CMS_unsigned_add1_attr_by_NID;
++ CMS_unsigned_add1_attr;
++ CMS_signed_get_attr_by_NID;
++ CMS_get1_certs;
++ CMS_signed_add1_attr_by_NID;
++ CMS_unsigned_add1_attr_by_txt;
++ CMS_dataFinal;
++ CMS_RecipientInfo_ktri_get0_signer_id;
++ CMS_RecipInfo_ktri_get0_sigr_id;
++ i2d_CMS_ReceiptRequest;
++ CMS_add1_recipient_cert;
++ CMS_dataInit;
++ CMS_signed_add1_attr_by_txt;
++ CMS_RecipientInfo_decrypt;
++ CMS_signed_get_attr_count;
++ CMS_get0_eContentType;
++ CMS_set1_eContentType;
++ CMS_ReceiptRequest_create0;
++ CMS_add1_signer;
++ CMS_RecipientInfo_set0_pkey;
++ ENGINE_set_load_ssl_client_cert_function;
++ ENGINE_set_ld_ssl_clnt_cert_fn;
++ ENGINE_get_ssl_client_cert_function;
++ ENGINE_get_ssl_client_cert_fn;
++ ENGINE_load_ssl_client_cert;
++ ENGINE_load_capi;
++ OPENSSL_isservice;
++ FIPS_dsa_sig_decode;
++ EVP_CIPHER_CTX_clear_flags;
++ FIPS_rand_status;
++ FIPS_rand_set_key;
++ CRYPTO_set_mem_info_functions;
++ RSA_X931_generate_key_ex;
++ int_ERR_set_state_func;
++ int_EVP_MD_set_engine_callbacks;
++ int_CRYPTO_set_do_dynlock_callback;
++ FIPS_rng_stick;
++ EVP_CIPHER_CTX_set_flags;
++ BN_X931_generate_prime_ex;
++ FIPS_selftest_check;
++ FIPS_rand_set_dt;
++ CRYPTO_dbg_pop_info;
++ FIPS_dsa_free;
++ RSA_X931_derive_ex;
++ FIPS_rsa_new;
++ FIPS_rand_bytes;
++ fips_cipher_test;
++ EVP_CIPHER_CTX_test_flags;
++ CRYPTO_malloc_debug_init;
++ CRYPTO_dbg_push_info;
++ FIPS_corrupt_rsa_keygen;
++ FIPS_dh_new;
++ FIPS_corrupt_dsa_keygen;
++ FIPS_dh_free;
++ fips_pkey_signature_test;
++ EVP_add_alg_module;
++ int_RAND_init_engine_callbacks;
++ int_EVP_CIPHER_set_engine_callbacks;
++ int_EVP_MD_init_engine_callbacks;
++ FIPS_rand_test_mode;
++ FIPS_rand_reset;
++ FIPS_dsa_new;
++ int_RAND_set_callbacks;
++ BN_X931_derive_prime_ex;
++ int_ERR_lib_init;
++ int_EVP_CIPHER_init_engine_callbacks;
++ FIPS_rsa_free;
++ FIPS_dsa_sig_encode;
++ CRYPTO_dbg_remove_all_info;
++ OPENSSL_init;
++ CRYPTO_strdup;
++ JPAKE_STEP3A_process;
++ JPAKE_STEP1_release;
++ JPAKE_get_shared_key;
++ JPAKE_STEP3B_init;
++ JPAKE_STEP1_generate;
++ JPAKE_STEP1_init;
++ JPAKE_STEP3B_process;
++ JPAKE_STEP2_generate;
++ JPAKE_CTX_new;
++ JPAKE_CTX_free;
++ JPAKE_STEP3B_release;
++ JPAKE_STEP3A_release;
++ JPAKE_STEP2_process;
++ JPAKE_STEP3B_generate;
++ JPAKE_STEP1_process;
++ JPAKE_STEP3A_generate;
++ JPAKE_STEP2_release;
++ JPAKE_STEP3A_init;
++ ERR_load_JPAKE_strings;
++ JPAKE_STEP2_init;
++ pqueue_size;
++ i2d_TS_ACCURACY;
++ i2d_TS_MSG_IMPRINT_fp;
++ i2d_TS_MSG_IMPRINT;
++ EVP_PKEY_print_public;
++ EVP_PKEY_CTX_new;
++ i2d_TS_TST_INFO;
++ EVP_PKEY_asn1_find;
++ DSO_METHOD_beos;
++ TS_CONF_load_cert;
++ TS_REQ_get_ext;
++ EVP_PKEY_sign_init;
++ ASN1_item_print;
++ TS_TST_INFO_set_nonce;
++ TS_RESP_dup;
++ ENGINE_register_pkey_meths;
++ EVP_PKEY_asn1_add0;
++ PKCS7_add0_attrib_signing_time;
++ i2d_TS_TST_INFO_fp;
++ BIO_asn1_get_prefix;
++ TS_TST_INFO_set_time;
++ EVP_PKEY_meth_set_decrypt;
++ EVP_PKEY_set_type_str;
++ EVP_PKEY_CTX_get_keygen_info;
++ TS_REQ_set_policy_id;
++ d2i_TS_RESP_fp;
++ ENGINE_get_pkey_asn1_meth_engine;
++ ENGINE_get_pkey_asn1_meth_eng;
++ WHIRLPOOL_Init;
++ TS_RESP_set_status_info;
++ EVP_PKEY_keygen;
++ EVP_DigestSignInit;
++ TS_ACCURACY_set_millis;
++ TS_REQ_dup;
++ GENERAL_NAME_dup;
++ ASN1_SEQUENCE_ANY_it;
++ WHIRLPOOL;
++ X509_STORE_get1_crls;
++ ENGINE_get_pkey_asn1_meth;
++ EVP_PKEY_asn1_new;
++ BIO_new_NDEF;
++ ENGINE_get_pkey_meth;
++ TS_MSG_IMPRINT_set_algo;
++ i2d_TS_TST_INFO_bio;
++ TS_TST_INFO_set_ordering;
++ TS_TST_INFO_get_ext_by_OBJ;
++ CRYPTO_THREADID_set_pointer;
++ TS_CONF_get_tsa_section;
++ SMIME_write_ASN1;
++ TS_RESP_CTX_set_signer_key;
++ EVP_PKEY_encrypt_old;
++ EVP_PKEY_encrypt_init;
++ CRYPTO_THREADID_cpy;
++ ASN1_PCTX_get_cert_flags;
++ i2d_ESS_SIGNING_CERT;
++ TS_CONF_load_key;
++ i2d_ASN1_SEQUENCE_ANY;
++ d2i_TS_MSG_IMPRINT_bio;
++ EVP_PKEY_asn1_set_public;
++ b2i_PublicKey_bio;
++ BIO_asn1_set_prefix;
++ EVP_PKEY_new_mac_key;
++ BIO_new_CMS;
++ CRYPTO_THREADID_cmp;
++ TS_REQ_ext_free;
++ EVP_PKEY_asn1_set_free;
++ EVP_PKEY_get0_asn1;
++ d2i_NETSCAPE_X509;
++ EVP_PKEY_verify_recover_init;
++ EVP_PKEY_CTX_set_data;
++ EVP_PKEY_keygen_init;
++ TS_RESP_CTX_set_status_info;
++ TS_MSG_IMPRINT_get_algo;
++ TS_REQ_print_bio;
++ EVP_PKEY_CTX_ctrl_str;
++ EVP_PKEY_get_default_digest_nid;
++ PEM_write_bio_PKCS7_stream;
++ TS_MSG_IMPRINT_print_bio;
++ BN_asc2bn;
++ TS_REQ_get_policy_id;
++ ENGINE_set_default_pkey_asn1_meths;
++ ENGINE_set_def_pkey_asn1_meths;
++ d2i_TS_ACCURACY;
++ DSO_global_lookup;
++ TS_CONF_set_tsa_name;
++ i2d_ASN1_SET_ANY;
++ ENGINE_load_gost;
++ WHIRLPOOL_BitUpdate;
++ ASN1_PCTX_get_flags;
++ TS_TST_INFO_get_ext_by_NID;
++ TS_RESP_new;
++ ESS_CERT_ID_dup;
++ TS_STATUS_INFO_dup;
++ TS_REQ_delete_ext;
++ EVP_DigestVerifyFinal;
++ EVP_PKEY_print_params;
++ i2d_CMS_bio_stream;
++ TS_REQ_get_msg_imprint;
++ OBJ_find_sigid_by_algs;
++ TS_TST_INFO_get_serial;
++ TS_REQ_get_nonce;
++ X509_PUBKEY_set0_param;
++ EVP_PKEY_CTX_set0_keygen_info;
++ DIST_POINT_set_dpname;
++ i2d_ISSUING_DIST_POINT;
++ ASN1_SET_ANY_it;
++ EVP_PKEY_CTX_get_data;
++ TS_STATUS_INFO_print_bio;
++ EVP_PKEY_derive_init;
++ d2i_TS_TST_INFO;
++ EVP_PKEY_asn1_add_alias;
++ d2i_TS_RESP_bio;
++ OTHERNAME_cmp;
++ GENERAL_NAME_set0_value;
++ PKCS7_RECIP_INFO_get0_alg;
++ TS_RESP_CTX_new;
++ TS_RESP_set_tst_info;
++ PKCS7_final;
++ EVP_PKEY_base_id;
++ TS_RESP_CTX_set_signer_cert;
++ TS_REQ_set_msg_imprint;
++ EVP_PKEY_CTX_ctrl;
++ TS_CONF_set_digests;
++ d2i_TS_MSG_IMPRINT;
++ EVP_PKEY_meth_set_ctrl;
++ TS_REQ_get_ext_by_NID;
++ PKCS5_pbe_set0_algor;
++ BN_BLINDING_thread_id;
++ TS_ACCURACY_new;
++ X509_CRL_METHOD_free;
++ ASN1_PCTX_get_nm_flags;
++ EVP_PKEY_meth_set_sign;
++ CRYPTO_THREADID_current;
++ EVP_PKEY_decrypt_init;
++ NETSCAPE_X509_free;
++ i2b_PVK_bio;
++ EVP_PKEY_print_private;
++ GENERAL_NAME_get0_value;
++ b2i_PVK_bio;
++ ASN1_UTCTIME_adj;
++ TS_TST_INFO_new;
++ EVP_MD_do_all_sorted;
++ TS_CONF_set_default_engine;
++ TS_ACCURACY_set_seconds;
++ TS_TST_INFO_get_time;
++ PKCS8_pkey_get0;
++ EVP_PKEY_asn1_get0;
++ OBJ_add_sigid;
++ PKCS7_SIGNER_INFO_sign;
++ EVP_PKEY_paramgen_init;
++ EVP_PKEY_sign;
++ OBJ_sigid_free;
++ EVP_PKEY_meth_set_init;
++ d2i_ESS_ISSUER_SERIAL;
++ ISSUING_DIST_POINT_new;
++ ASN1_TIME_adj;
++ TS_OBJ_print_bio;
++ EVP_PKEY_meth_set_verify_recover;
++ EVP_PKEY_meth_set_vrfy_recover;
++ TS_RESP_get_status_info;
++ CMS_stream;
++ EVP_PKEY_CTX_set_cb;
++ PKCS7_to_TS_TST_INFO;
++ ASN1_PCTX_get_oid_flags;
++ TS_TST_INFO_add_ext;
++ EVP_PKEY_meth_set_derive;
++ i2d_TS_RESP_fp;
++ i2d_TS_MSG_IMPRINT_bio;
++ TS_RESP_CTX_set_accuracy;
++ TS_REQ_set_nonce;
++ ESS_CERT_ID_new;
++ ENGINE_pkey_asn1_find_str;
++ TS_REQ_get_ext_count;
++ BUF_reverse;
++ TS_TST_INFO_print_bio;
++ d2i_ISSUING_DIST_POINT;
++ ENGINE_get_pkey_meths;
++ i2b_PrivateKey_bio;
++ i2d_TS_RESP;
++ b2i_PublicKey;
++ TS_VERIFY_CTX_cleanup;
++ TS_STATUS_INFO_free;
++ TS_RESP_verify_token;
++ OBJ_bsearch_ex_;
++ ASN1_bn_print;
++ EVP_PKEY_asn1_get_count;
++ ENGINE_register_pkey_asn1_meths;
++ ASN1_PCTX_set_nm_flags;
++ EVP_DigestVerifyInit;
++ ENGINE_set_default_pkey_meths;
++ TS_TST_INFO_get_policy_id;
++ TS_REQ_get_cert_req;
++ X509_CRL_set_meth_data;
++ PKCS8_pkey_set0;
++ ASN1_STRING_copy;
++ d2i_TS_TST_INFO_fp;
++ X509_CRL_match;
++ EVP_PKEY_asn1_set_private;
++ TS_TST_INFO_get_ext_d2i;
++ TS_RESP_CTX_add_policy;
++ d2i_TS_RESP;
++ TS_CONF_load_certs;
++ TS_TST_INFO_get_msg_imprint;
++ ERR_load_TS_strings;
++ TS_TST_INFO_get_version;
++ EVP_PKEY_CTX_dup;
++ EVP_PKEY_meth_set_verify;
++ i2b_PublicKey_bio;
++ TS_CONF_set_certs;
++ EVP_PKEY_asn1_get0_info;
++ TS_VERIFY_CTX_free;
++ TS_REQ_get_ext_by_critical;
++ TS_RESP_CTX_set_serial_cb;
++ X509_CRL_get_meth_data;
++ TS_RESP_CTX_set_time_cb;
++ TS_MSG_IMPRINT_get_msg;
++ TS_TST_INFO_ext_free;
++ TS_REQ_get_version;
++ TS_REQ_add_ext;
++ EVP_PKEY_CTX_set_app_data;
++ OBJ_bsearch_;
++ EVP_PKEY_meth_set_verifyctx;
++ i2d_PKCS7_bio_stream;
++ CRYPTO_THREADID_set_numeric;
++ PKCS7_sign_add_signer;
++ d2i_TS_TST_INFO_bio;
++ TS_TST_INFO_get_ordering;
++ TS_RESP_print_bio;
++ TS_TST_INFO_get_exts;
++ HMAC_CTX_copy;
++ PKCS5_pbe2_set_iv;
++ ENGINE_get_pkey_asn1_meths;
++ b2i_PrivateKey;
++ EVP_PKEY_CTX_get_app_data;
++ TS_REQ_set_cert_req;
++ CRYPTO_THREADID_set_callback;
++ TS_CONF_set_serial;
++ TS_TST_INFO_free;
++ d2i_TS_REQ_fp;
++ TS_RESP_verify_response;
++ i2d_ESS_ISSUER_SERIAL;
++ TS_ACCURACY_get_seconds;
++ EVP_CIPHER_do_all;
++ b2i_PrivateKey_bio;
++ OCSP_CERTID_dup;
++ X509_PUBKEY_get0_param;
++ TS_MSG_IMPRINT_dup;
++ PKCS7_print_ctx;
++ i2d_TS_REQ_bio;
++ EVP_whirlpool;
++ EVP_PKEY_asn1_set_param;
++ EVP_PKEY_meth_set_encrypt;
++ ASN1_PCTX_set_flags;
++ i2d_ESS_CERT_ID;
++ TS_VERIFY_CTX_new;
++ TS_RESP_CTX_set_extension_cb;
++ ENGINE_register_all_pkey_meths;
++ TS_RESP_CTX_set_status_info_cond;
++ TS_RESP_CTX_set_stat_info_cond;
++ EVP_PKEY_verify;
++ WHIRLPOOL_Final;
++ X509_CRL_METHOD_new;
++ EVP_DigestSignFinal;
++ TS_RESP_CTX_set_def_policy;
++ NETSCAPE_X509_it;
++ TS_RESP_create_response;
++ PKCS7_SIGNER_INFO_get0_algs;
++ TS_TST_INFO_get_nonce;
++ EVP_PKEY_decrypt_old;
++ TS_TST_INFO_set_policy_id;
++ TS_CONF_set_ess_cert_id_chain;
++ EVP_PKEY_CTX_get0_pkey;
++ d2i_TS_REQ;
++ EVP_PKEY_asn1_find_str;
++ BIO_f_asn1;
++ ESS_SIGNING_CERT_new;
++ EVP_PBE_find;
++ X509_CRL_get0_by_cert;
++ EVP_PKEY_derive;
++ i2d_TS_REQ;
++ TS_TST_INFO_delete_ext;
++ ESS_ISSUER_SERIAL_free;
++ ASN1_PCTX_set_str_flags;
++ ENGINE_get_pkey_asn1_meth_str;
++ TS_CONF_set_signer_key;
++ TS_ACCURACY_get_millis;
++ TS_RESP_get_token;
++ TS_ACCURACY_dup;
++ ENGINE_register_all_pkey_asn1_meths;
++ ENGINE_reg_all_pkey_asn1_meths;
++ X509_CRL_set_default_method;
++ CRYPTO_THREADID_hash;
++ CMS_ContentInfo_print_ctx;
++ TS_RESP_free;
++ ISSUING_DIST_POINT_free;
++ ESS_ISSUER_SERIAL_new;
++ CMS_add1_crl;
++ PKCS7_add1_attrib_digest;
++ TS_RESP_CTX_add_md;
++ TS_TST_INFO_dup;
++ ENGINE_set_pkey_asn1_meths;
++ PEM_write_bio_Parameters;
++ TS_TST_INFO_get_accuracy;
++ X509_CRL_get0_by_serial;
++ TS_TST_INFO_set_version;
++ TS_RESP_CTX_get_tst_info;
++ TS_RESP_verify_signature;
++ CRYPTO_THREADID_get_callback;
++ TS_TST_INFO_get_tsa;
++ TS_STATUS_INFO_new;
++ EVP_PKEY_CTX_get_cb;
++ TS_REQ_get_ext_d2i;
++ GENERAL_NAME_set0_othername;
++ TS_TST_INFO_get_ext_count;
++ TS_RESP_CTX_get_request;
++ i2d_NETSCAPE_X509;
++ ENGINE_get_pkey_meth_engine;
++ EVP_PKEY_meth_set_signctx;
++ EVP_PKEY_asn1_copy;
++ ASN1_TYPE_cmp;
++ EVP_CIPHER_do_all_sorted;
++ EVP_PKEY_CTX_free;
++ ISSUING_DIST_POINT_it;
++ d2i_TS_MSG_IMPRINT_fp;
++ X509_STORE_get1_certs;
++ EVP_PKEY_CTX_get_operation;
++ d2i_ESS_SIGNING_CERT;
++ TS_CONF_set_ordering;
++ EVP_PBE_alg_add_type;
++ TS_REQ_set_version;
++ EVP_PKEY_get0;
++ BIO_asn1_set_suffix;
++ i2d_TS_STATUS_INFO;
++ EVP_MD_do_all;
++ TS_TST_INFO_set_accuracy;
++ PKCS7_add_attrib_content_type;
++ ERR_remove_thread_state;
++ EVP_PKEY_meth_add0;
++ TS_TST_INFO_set_tsa;
++ EVP_PKEY_meth_new;
++ WHIRLPOOL_Update;
++ TS_CONF_set_accuracy;
++ ASN1_PCTX_set_oid_flags;
++ ESS_SIGNING_CERT_dup;
++ d2i_TS_REQ_bio;
++ X509_time_adj_ex;
++ TS_RESP_CTX_add_flags;
++ d2i_TS_STATUS_INFO;
++ TS_MSG_IMPRINT_set_msg;
++ BIO_asn1_get_suffix;
++ TS_REQ_free;
++ EVP_PKEY_meth_free;
++ TS_REQ_get_exts;
++ TS_RESP_CTX_set_clock_precision_digits;
++ TS_RESP_CTX_set_clk_prec_digits;
++ TS_RESP_CTX_add_failure_info;
++ i2d_TS_RESP_bio;
++ EVP_PKEY_CTX_get0_peerkey;
++ PEM_write_bio_CMS_stream;
++ TS_REQ_new;
++ TS_MSG_IMPRINT_new;
++ EVP_PKEY_meth_find;
++ EVP_PKEY_id;
++ TS_TST_INFO_set_serial;
++ a2i_GENERAL_NAME;
++ TS_CONF_set_crypto_device;
++ EVP_PKEY_verify_init;
++ TS_CONF_set_policies;
++ ASN1_PCTX_new;
++ ESS_CERT_ID_free;
++ ENGINE_unregister_pkey_meths;
++ TS_MSG_IMPRINT_free;
++ TS_VERIFY_CTX_init;
++ PKCS7_stream;
++ TS_RESP_CTX_set_certs;
++ TS_CONF_set_def_policy;
++ ASN1_GENERALIZEDTIME_adj;
++ NETSCAPE_X509_new;
++ TS_ACCURACY_free;
++ TS_RESP_get_tst_info;
++ EVP_PKEY_derive_set_peer;
++ PEM_read_bio_Parameters;
++ TS_CONF_set_clock_precision_digits;
++ TS_CONF_set_clk_prec_digits;
++ ESS_ISSUER_SERIAL_dup;
++ TS_ACCURACY_get_micros;
++ ASN1_PCTX_get_str_flags;
++ NAME_CONSTRAINTS_check;
++ ASN1_BIT_STRING_check;
++ X509_check_akid;
++ ENGINE_unregister_pkey_asn1_meths;
++ ENGINE_unreg_pkey_asn1_meths;
++ ASN1_PCTX_free;
++ PEM_write_bio_ASN1_stream;
++ i2d_ASN1_bio_stream;
++ TS_X509_ALGOR_print_bio;
++ EVP_PKEY_meth_set_cleanup;
++ EVP_PKEY_asn1_free;
++ ESS_SIGNING_CERT_free;
++ TS_TST_INFO_set_msg_imprint;
++ GENERAL_NAME_cmp;
++ d2i_ASN1_SET_ANY;
++ ENGINE_set_pkey_meths;
++ i2d_TS_REQ_fp;
++ d2i_ASN1_SEQUENCE_ANY;
++ GENERAL_NAME_get0_otherName;
++ d2i_ESS_CERT_ID;
++ OBJ_find_sigid_algs;
++ EVP_PKEY_meth_set_keygen;
++ PKCS5_PBKDF2_HMAC;
++ EVP_PKEY_paramgen;
++ EVP_PKEY_meth_set_paramgen;
++ BIO_new_PKCS7;
++ EVP_PKEY_verify_recover;
++ TS_ext_print_bio;
++ TS_ASN1_INTEGER_print_bio;
++ check_defer;
++ DSO_pathbyaddr;
++ EVP_PKEY_set_type;
++ TS_ACCURACY_set_micros;
++ TS_REQ_to_TS_VERIFY_CTX;
++ EVP_PKEY_meth_set_copy;
++ ASN1_PCTX_set_cert_flags;
++ TS_TST_INFO_get_ext;
++ EVP_PKEY_asn1_set_ctrl;
++ TS_TST_INFO_get_ext_by_critical;
++ EVP_PKEY_CTX_new_id;
++ TS_REQ_get_ext_by_OBJ;
++ TS_CONF_set_signer_cert;
++ X509_NAME_hash_old;
++ ASN1_TIME_set_string;
++ EVP_MD_flags;
++ TS_RESP_CTX_free;
++ DSAparams_dup;
++ DHparams_dup;
++ OCSP_REQ_CTX_add1_header;
++ OCSP_REQ_CTX_set1_req;
++ X509_STORE_set_verify_cb;
++ X509_STORE_CTX_get0_current_crl;
++ X509_STORE_CTX_get0_parent_ctx;
++ X509_STORE_CTX_get0_current_issuer;
++ X509_STORE_CTX_get0_cur_issuer;
++ X509_issuer_name_hash_old;
++ X509_subject_name_hash_old;
++ EVP_CIPHER_CTX_copy;
++ UI_method_get_prompt_constructor;
++ UI_method_get_prompt_constructr;
++ UI_method_set_prompt_constructor;
++ UI_method_set_prompt_constructr;
++ EVP_read_pw_string_min;
++ CRYPTO_cts128_encrypt;
++ CRYPTO_cts128_decrypt_block;
++ CRYPTO_cfb128_1_encrypt;
++ CRYPTO_cbc128_encrypt;
++ CRYPTO_ctr128_encrypt;
++ CRYPTO_ofb128_encrypt;
++ CRYPTO_cts128_decrypt;
++ CRYPTO_cts128_encrypt_block;
++ CRYPTO_cbc128_decrypt;
++ CRYPTO_cfb128_encrypt;
++ CRYPTO_cfb128_8_encrypt;
++
++ local:
++ *;
++};
++
++
++OPENSSL_1.0.1 {
++ global:
++ SSL_renegotiate_abbreviated;
++ TLSv1_1_method;
++ TLSv1_1_client_method;
++ TLSv1_1_server_method;
++ SSL_CTX_set_srp_client_pwd_callback;
++ SSL_CTX_set_srp_client_pwd_cb;
++ SSL_get_srp_g;
++ SSL_CTX_set_srp_username_callback;
++ SSL_CTX_set_srp_un_cb;
++ SSL_get_srp_userinfo;
++ SSL_set_srp_server_param;
++ SSL_set_srp_server_param_pw;
++ SSL_get_srp_N;
++ SSL_get_srp_username;
++ SSL_CTX_set_srp_password;
++ SSL_CTX_set_srp_strength;
++ SSL_CTX_set_srp_verify_param_callback;
++ SSL_CTX_set_srp_vfy_param_cb;
++ SSL_CTX_set_srp_cb_arg;
++ SSL_CTX_set_srp_username;
++ SSL_CTX_SRP_CTX_init;
++ SSL_SRP_CTX_init;
++ SRP_Calc_A_param;
++ SRP_generate_server_master_secret;
++ SRP_gen_server_master_secret;
++ SSL_CTX_SRP_CTX_free;
++ SRP_generate_client_master_secret;
++ SRP_gen_client_master_secret;
++ SSL_srp_server_param_with_username;
++ SSL_srp_server_param_with_un;
++ SSL_SRP_CTX_free;
++ SSL_set_debug;
++ SSL_SESSION_get0_peer;
++ TLSv1_2_client_method;
++ SSL_SESSION_set1_id_context;
++ TLSv1_2_server_method;
++ SSL_cache_hit;
++ SSL_get0_kssl_ctx;
++ SSL_set0_kssl_ctx;
++ SSL_set_state;
++ SSL_CIPHER_get_id;
++ TLSv1_2_method;
++ kssl_ctx_get0_client_princ;
++ SSL_export_keying_material;
++ SSL_set_tlsext_use_srtp;
++ SSL_CTX_set_next_protos_advertised_cb;
++ SSL_CTX_set_next_protos_adv_cb;
++ SSL_get0_next_proto_negotiated;
++ SSL_get_selected_srtp_profile;
++ SSL_CTX_set_tlsext_use_srtp;
++ SSL_select_next_proto;
++ SSL_get_srtp_profiles;
++ SSL_CTX_set_next_proto_select_cb;
++ SSL_CTX_set_next_proto_sel_cb;
++ SSL_SESSION_get_compress_id;
++
++ SRP_VBASE_get_by_user;
++ SRP_Calc_server_key;
++ SRP_create_verifier;
++ SRP_create_verifier_BN;
++ SRP_Calc_u;
++ SRP_VBASE_free;
++ SRP_Calc_client_key;
++ SRP_get_default_gN;
++ SRP_Calc_x;
++ SRP_Calc_B;
++ SRP_VBASE_new;
++ SRP_check_known_gN_param;
++ SRP_Calc_A;
++ SRP_Verify_A_mod_N;
++ SRP_VBASE_init;
++ SRP_Verify_B_mod_N;
++ EC_KEY_set_public_key_affine_coordinates;
++ EC_KEY_set_pub_key_aff_coords;
++ EVP_aes_192_ctr;
++ EVP_PKEY_meth_get0_info;
++ EVP_PKEY_meth_copy;
++ ERR_add_error_vdata;
++ EVP_aes_128_ctr;
++ EVP_aes_256_ctr;
++ EC_GFp_nistp224_method;
++ EC_KEY_get_flags;
++ RSA_padding_add_PKCS1_PSS_mgf1;
++ EVP_aes_128_xts;
++ EVP_aes_256_xts;
++ EVP_aes_128_gcm;
++ EC_KEY_clear_flags;
++ EC_KEY_set_flags;
++ EVP_aes_256_ccm;
++ RSA_verify_PKCS1_PSS_mgf1;
++ EVP_aes_128_ccm;
++ EVP_aes_192_gcm;
++ X509_ALGOR_set_md;
++ RAND_init_fips;
++ EVP_aes_256_gcm;
++ EVP_aes_192_ccm;
++ CMAC_CTX_copy;
++ CMAC_CTX_free;
++ CMAC_CTX_get0_cipher_ctx;
++ CMAC_CTX_cleanup;
++ CMAC_Init;
++ CMAC_Update;
++ CMAC_resume;
++ CMAC_CTX_new;
++ CMAC_Final;
++ CRYPTO_ctr128_encrypt_ctr32;
++ CRYPTO_gcm128_release;
++ CRYPTO_ccm128_decrypt_ccm64;
++ CRYPTO_ccm128_encrypt;
++ CRYPTO_gcm128_encrypt;
++ CRYPTO_xts128_encrypt;
++ EVP_rc4_hmac_md5;
++ CRYPTO_nistcts128_decrypt_block;
++ CRYPTO_gcm128_setiv;
++ CRYPTO_nistcts128_encrypt;
++ EVP_aes_128_cbc_hmac_sha1;
++ CRYPTO_gcm128_tag;
++ CRYPTO_ccm128_encrypt_ccm64;
++ ENGINE_load_rdrand;
++ CRYPTO_ccm128_setiv;
++ CRYPTO_nistcts128_encrypt_block;
++ CRYPTO_gcm128_aad;
++ CRYPTO_ccm128_init;
++ CRYPTO_nistcts128_decrypt;
++ CRYPTO_gcm128_new;
++ CRYPTO_ccm128_tag;
++ CRYPTO_ccm128_decrypt;
++ CRYPTO_ccm128_aad;
++ CRYPTO_gcm128_init;
++ CRYPTO_gcm128_decrypt;
++ ENGINE_load_rsax;
++ CRYPTO_gcm128_decrypt_ctr32;
++ CRYPTO_gcm128_encrypt_ctr32;
++ CRYPTO_gcm128_finish;
++ EVP_aes_256_cbc_hmac_sha1;
++ PKCS5_pbkdf2_set;
++ CMS_add0_recipient_password;
++ CMS_decrypt_set1_password;
++ CMS_RecipientInfo_set0_password;
++ RAND_set_fips_drbg_type;
++ X509_REQ_sign_ctx;
++ RSA_PSS_PARAMS_new;
++ X509_CRL_sign_ctx;
++ X509_signature_dump;
++ d2i_RSA_PSS_PARAMS;
++ RSA_PSS_PARAMS_it;
++ RSA_PSS_PARAMS_free;
++ X509_sign_ctx;
++ i2d_RSA_PSS_PARAMS;
++ ASN1_item_sign_ctx;
++ EC_GFp_nistp521_method;
++ EC_GFp_nistp256_method;
++ OPENSSL_stderr;
++ OPENSSL_cpuid_setup;
++ OPENSSL_showfatal;
++ BIO_new_dgram_sctp;
++ BIO_dgram_sctp_msg_waiting;
++ BIO_dgram_sctp_wait_for_dry;
++ BIO_s_datagram_sctp;
++ BIO_dgram_is_sctp;
++ BIO_dgram_sctp_notification_cb;
++} OPENSSL_1.0.0;
++
++OPENSSL_1.0.1d {
++ global:
++ CRYPTO_memcmp;
++} OPENSSL_1.0.1;
++
++OPENSSL_1.0.2 {
++ global:
++ SSL_CTX_set_alpn_protos;
++ SSL_set_alpn_protos;
++ SSL_CTX_set_alpn_select_cb;
++ SSL_get0_alpn_selected;
++ SSL_CTX_set_custom_cli_ext;
++ SSL_CTX_set_custom_srv_ext;
++ SSL_CTX_set_srv_supp_data;
++ SSL_CTX_set_cli_supp_data;
++ SSL_set_cert_cb;
++ SSL_CTX_use_serverinfo;
++ SSL_CTX_use_serverinfo_file;
++ SSL_CTX_set_cert_cb;
++ SSL_CTX_get0_param;
++ SSL_get0_param;
++ SSL_certs_clear;
++ DTLSv1_2_method;
++ DTLSv1_2_server_method;
++ DTLSv1_2_client_method;
++ DTLS_method;
++ DTLS_server_method;
++ DTLS_client_method;
++ SSL_CTX_get_ssl_method;
++ SSL_CTX_get0_certificate;
++ SSL_CTX_get0_privatekey;
++ SSL_COMP_set0_compression_methods;
++ SSL_COMP_free_compression_methods;
++ SSL_CIPHER_find;
++ SSL_is_server;
++ SSL_CONF_CTX_new;
++ SSL_CONF_CTX_finish;
++ SSL_CONF_CTX_free;
++ SSL_CONF_CTX_set_flags;
++ SSL_CONF_CTX_clear_flags;
++ SSL_CONF_CTX_set1_prefix;
++ SSL_CONF_CTX_set_ssl;
++ SSL_CONF_CTX_set_ssl_ctx;
++ SSL_CONF_cmd;
++ SSL_CONF_cmd_argv;
++ SSL_CONF_cmd_value_type;
++ SSL_trace;
++ SSL_CIPHER_standard_name;
++ SSL_get_tlsa_record_byname;
++ ASN1_TIME_diff;
++ BIO_hex_string;
++ CMS_RecipientInfo_get0_pkey_ctx;
++ CMS_RecipientInfo_encrypt;
++ CMS_SignerInfo_get0_pkey_ctx;
++ CMS_SignerInfo_get0_md_ctx;
++ CMS_SignerInfo_get0_signature;
++ CMS_RecipientInfo_kari_get0_alg;
++ CMS_RecipientInfo_kari_get0_reks;
++ CMS_RecipientInfo_kari_get0_orig_id;
++ CMS_RecipientInfo_kari_orig_id_cmp;
++ CMS_RecipientEncryptedKey_get0_id;
++ CMS_RecipientEncryptedKey_cert_cmp;
++ CMS_RecipientInfo_kari_set0_pkey;
++ CMS_RecipientInfo_kari_get0_ctx;
++ CMS_RecipientInfo_kari_decrypt;
++ CMS_SharedInfo_encode;
++ DH_compute_key_padded;
++ d2i_DHxparams;
++ i2d_DHxparams;
++ DH_get_1024_160;
++ DH_get_2048_224;
++ DH_get_2048_256;
++ DH_KDF_X9_42;
++ ECDH_KDF_X9_62;
++ ECDSA_METHOD_new;
++ ECDSA_METHOD_free;
++ ECDSA_METHOD_set_app_data;
++ ECDSA_METHOD_get_app_data;
++ ECDSA_METHOD_set_sign;
++ ECDSA_METHOD_set_sign_setup;
++ ECDSA_METHOD_set_verify;
++ ECDSA_METHOD_set_flags;
++ ECDSA_METHOD_set_name;
++ EVP_des_ede3_wrap;
++ EVP_aes_128_wrap;
++ EVP_aes_192_wrap;
++ EVP_aes_256_wrap;
++ EVP_aes_128_cbc_hmac_sha256;
++ EVP_aes_256_cbc_hmac_sha256;
++ CRYPTO_128_wrap;
++ CRYPTO_128_unwrap;
++ OCSP_REQ_CTX_nbio;
++ OCSP_REQ_CTX_new;
++ OCSP_set_max_response_length;
++ OCSP_REQ_CTX_i2d;
++ OCSP_REQ_CTX_nbio_d2i;
++ OCSP_REQ_CTX_get0_mem_bio;
++ OCSP_REQ_CTX_http;
++ RSA_padding_add_PKCS1_OAEP_mgf1;
++ RSA_padding_check_PKCS1_OAEP_mgf1;
++ RSA_OAEP_PARAMS_free;
++ RSA_OAEP_PARAMS_it;
++ RSA_OAEP_PARAMS_new;
++ SSL_get_sigalgs;
++ SSL_get_shared_sigalgs;
++ SSL_check_chain;
++ X509_chain_up_ref;
++ X509_http_nbio;
++ X509_CRL_http_nbio;
++ X509_REVOKED_dup;
++ i2d_re_X509_tbs;
++ X509_get0_signature;
++ X509_get_signature_nid;
++ X509_CRL_diff;
++ X509_chain_check_suiteb;
++ X509_CRL_check_suiteb;
++ X509_check_host;
++ X509_check_email;
++ X509_check_ip;
++ X509_check_ip_asc;
++ X509_STORE_set_lookup_crls_cb;
++ X509_STORE_CTX_get0_store;
++ X509_VERIFY_PARAM_set1_host;
++ X509_VERIFY_PARAM_add1_host;
++ X509_VERIFY_PARAM_set_hostflags;
++ X509_VERIFY_PARAM_get0_peername;
++ X509_VERIFY_PARAM_set1_email;
++ X509_VERIFY_PARAM_set1_ip;
++ X509_VERIFY_PARAM_set1_ip_asc;
++ X509_VERIFY_PARAM_get0_name;
++ X509_VERIFY_PARAM_get_count;
++ X509_VERIFY_PARAM_get0;
++ X509V3_EXT_free;
++ EC_GROUP_get_mont_data;
++ EC_curve_nid2nist;
++ EC_curve_nist2nid;
++ PEM_write_bio_DHxparams;
++ PEM_write_DHxparams;
++ SSL_CTX_add_client_custom_ext;
++ SSL_CTX_add_server_custom_ext;
++ SSL_extension_supported;
++ BUF_strnlen;
++ sk_deep_copy;
++ SSL_test_functions;
++} OPENSSL_1.0.1d;
++
+Index: openssl-1.0.2~beta1.obsolete.0.0498436515490575/engines/openssl.ld
+===================================================================
+--- /dev/null 1970-01-01 00:00:00.000000000 +0000
++++ openssl-1.0.2~beta1.obsolete.0.0498436515490575/engines/openssl.ld 2014-02-24 21:02:30.000000000 +0100
+@@ -0,0 +1,10 @@
++OPENSSL_1.0.0 {
++ global:
++ bind_engine;
++ v_check;
++ OPENSSL_init;
++ OPENSSL_finish;
++ local:
++ *;
++};
++
+Index: openssl-1.0.2~beta1.obsolete.0.0498436515490575/engines/ccgost/openssl.ld
+===================================================================
+--- /dev/null 1970-01-01 00:00:00.000000000 +0000
++++ openssl-1.0.2~beta1.obsolete.0.0498436515490575/engines/ccgost/openssl.ld 2014-02-24 21:02:30.000000000 +0100
+@@ -0,0 +1,10 @@
++OPENSSL_1.0.0 {
++ global:
++ bind_engine;
++ v_check;
++ OPENSSL_init;
++ OPENSSL_finish;
++ local:
++ *;
++};
++
diff --git a/meta/recipes-connectivity/openssl/openssl/debian1.0.2/version-script.patch b/meta/recipes-connectivity/openssl/openssl/debian1.0.2/version-script.patch
index f53efdb..29f11a2 100644
--- a/meta/recipes-connectivity/openssl/openssl/debian1.0.2/version-script.patch
+++ b/meta/recipes-connectivity/openssl/openssl/debian1.0.2/version-script.patch
@@ -15,8 +15,8 @@ Index: openssl-1.0.2~beta1.obsolete.0.0498436515490575/openssl.ld
===================================================================
--- /dev/null 1970-01-01 00:00:00.000000000 +0000
+++ openssl-1.0.2~beta1.obsolete.0.0498436515490575/openssl.ld 2014-02-24 22:19:08.601827266 +0100
-@@ -0,0 +1,4621 @@
-+OPENSSL_1.0.0 {
+@@ -0,0 +1,4608 @@
++OPENSSL_1.0.2d {
+ global:
+ BIO_f_ssl;
+ BIO_new_buffer_ssl_connect;
@@ -4314,14 +4314,6 @@ Index: openssl-1.0.2~beta1.obsolete.0.0498436515490575/openssl.ld
+ CRYPTO_cbc128_decrypt;
+ CRYPTO_cfb128_encrypt;
+ CRYPTO_cfb128_8_encrypt;
-+
-+ local:
-+ *;
-+};
-+
-+
-+OPENSSL_1.0.1 {
-+ global:
+ SSL_renegotiate_abbreviated;
+ TLSv1_1_method;
+ TLSv1_1_client_method;
@@ -4483,15 +4475,7 @@ Index: openssl-1.0.2~beta1.obsolete.0.0498436515490575/openssl.ld
+ BIO_s_datagram_sctp;
+ BIO_dgram_is_sctp;
+ BIO_dgram_sctp_notification_cb;
-+} OPENSSL_1.0.0;
-+
-+OPENSSL_1.0.1d {
-+ global:
+ CRYPTO_memcmp;
-+} OPENSSL_1.0.1;
-+
-+OPENSSL_1.0.2 {
-+ global:
+ SSL_CTX_set_alpn_protos;
+ SSL_set_alpn_protos;
+ SSL_CTX_set_alpn_select_cb;
@@ -4629,20 +4613,23 @@ Index: openssl-1.0.2~beta1.obsolete.0.0498436515490575/openssl.ld
+ BUF_strnlen;
+ sk_deep_copy;
+ SSL_test_functions;
-+} OPENSSL_1.0.1d;
++
++ local:
++ *;
++};
+
+OPENSSL_1.0.2g {
+ global:
+ SRP_VBASE_get1_by_user;
+ SRP_user_pwd_free;
-+} OPENSSL_1.0.2;
++} OPENSSL_1.0.2d;
+
Index: openssl-1.0.2~beta1.obsolete.0.0498436515490575/engines/openssl.ld
===================================================================
--- /dev/null 1970-01-01 00:00:00.000000000 +0000
+++ openssl-1.0.2~beta1.obsolete.0.0498436515490575/engines/openssl.ld 2014-02-24 21:02:30.000000000 +0100
@@ -0,0 +1,10 @@
-+OPENSSL_1.0.0 {
++OPENSSL_1.0.2 {
+ global:
+ bind_engine;
+ v_check;
@@ -4657,7 +4644,7 @@ Index: openssl-1.0.2~beta1.obsolete.0.0498436515490575/engines/ccgost/openssl.ld
--- /dev/null 1970-01-01 00:00:00.000000000 +0000
+++ openssl-1.0.2~beta1.obsolete.0.0498436515490575/engines/ccgost/openssl.ld 2014-02-24 21:02:30.000000000 +0100
@@ -0,0 +1,10 @@
-+OPENSSL_1.0.0 {
++OPENSSL_1.0.2 {
+ global:
+ bind_engine;
+ v_check;
diff --git a/meta/recipes-connectivity/openssl/openssl/fix-cipher-des-ede3-cfb1.patch b/meta/recipes-connectivity/openssl/openssl/fix-cipher-des-ede3-cfb1.patch
index 06d1ea6..2a318a4 100644
--- a/meta/recipes-connectivity/openssl/openssl/fix-cipher-des-ede3-cfb1.patch
+++ b/meta/recipes-connectivity/openssl/openssl/fix-cipher-des-ede3-cfb1.patch
@@ -4,7 +4,7 @@ This patch adds the fix for one of the ciphers used in openssl, namely
the cipher des-ede3-cfb1. Complete bug log and patch is present here:
http://rt.openssl.org/Ticket/Display.html?id=2867
-Signed-Off-By: Muhammad Shakeel <muhammad_shakeel@mentor.com>
+Signed-off-by: Muhammad Shakeel <muhammad_shakeel@mentor.com>
Index: openssl-1.0.2/crypto/evp/e_des3.c
===================================================================
diff --git a/meta/recipes-connectivity/openssl/openssl/openssl-c_rehash.sh b/meta/recipes-connectivity/openssl/openssl/openssl-c_rehash.sh
new file mode 100644
index 0000000..6620fdc
--- /dev/null
+++ b/meta/recipes-connectivity/openssl/openssl/openssl-c_rehash.sh
@@ -0,0 +1,222 @@
+#!/bin/sh
+#
+# Ben Secrest <blsecres@gmail.com>
+#
+# sh c_rehash script, scan all files in a directory
+# and add symbolic links to their hash values.
+#
+# based on the c_rehash perl script distributed with openssl
+#
+# LICENSE: See OpenSSL license
+# ^^acceptable?^^
+#
+
+# default certificate location
+DIR=/etc/openssl
+
+# for filetype bitfield
+IS_CERT=$(( 1 << 0 ))
+IS_CRL=$(( 1 << 1 ))
+
+
+# check to see if a file is a certificate file or a CRL file
+# arguments:
+# 1. the filename to be scanned
+# returns:
+# bitfield of file type; uses ${IS_CERT} and ${IS_CRL}
+#
+check_file()
+{
+ local IS_TYPE=0
+
+ # make IFS a newline so we can process grep output line by line
+ local OLDIFS=${IFS}
+ IFS=$( printf "\n" )
+
+ # XXX: could be more efficient to have two 'grep -m' but is -m portable?
+ for LINE in $( grep '^-----BEGIN .*-----' ${1} )
+ do
+ if echo ${LINE} \
+ | grep -q -E '^-----BEGIN (X509 |TRUSTED )?CERTIFICATE-----'
+ then
+ IS_TYPE=$(( ${IS_TYPE} | ${IS_CERT} ))
+
+ if [ $(( ${IS_TYPE} & ${IS_CRL} )) -ne 0 ]
+ then
+ break
+ fi
+ elif echo ${LINE} | grep -q '^-----BEGIN X509 CRL-----'
+ then
+ IS_TYPE=$(( ${IS_TYPE} | ${IS_CRL} ))
+
+ if [ $(( ${IS_TYPE} & ${IS_CERT} )) -ne 0 ]
+ then
+ break
+ fi
+ fi
+ done
+
+ # restore IFS
+ IFS=${OLDIFS}
+
+ return ${IS_TYPE}
+}
+
+
+#
+# use openssl to fingerprint a file
+# arguments:
+# 1. the filename to fingerprint
+# 2. the method to use (x509, crl)
+# returns:
+# none
+# assumptions:
+# user will capture output from last stage of pipeline
+#
+fingerprint()
+{
+ ${SSL_CMD} ${2} -fingerprint -noout -in ${1} | sed 's/^.*=//' | tr -d ':'
+}
+
+
+#
+# link_hash - create links to certificate files
+# arguments:
+# 1. the filename to create a link for
+# 2. the type of certificate being linked (x509, crl)
+# returns:
+# 0 on success, 1 otherwise
+#
+link_hash()
+{
+ local FINGERPRINT=$( fingerprint ${1} ${2} )
+ local HASH=$( ${SSL_CMD} ${2} -hash -noout -in ${1} )
+ local SUFFIX=0
+ local LINKFILE=''
+ local TAG=''
+
+ if [ ${2} = "crl" ]
+ then
+ TAG='r'
+ fi
+
+ LINKFILE=${HASH}.${TAG}${SUFFIX}
+
+ while [ -f ${LINKFILE} ]
+ do
+ if [ ${FINGERPRINT} = $( fingerprint ${LINKFILE} ${2} ) ]
+ then
+ echo "NOTE: Skipping duplicate file ${1}" >&2
+ return 1
+ fi
+
+ SUFFIX=$(( ${SUFFIX} + 1 ))
+ LINKFILE=${HASH}.${TAG}${SUFFIX}
+ done
+
+ echo "${3} => ${LINKFILE}"
+
+ # assume any system with a POSIX shell will either support symlinks or
+ # do something to handle this gracefully
+ ln -s ${3} ${LINKFILE}
+
+ return 0
+}
+
+
+# hash_dir create hash links in a given directory
+hash_dir()
+{
+ echo "Doing ${1}"
+
+ cd ${1}
+
+ ls -1 * 2>/dev/null | while read FILE
+ do
+ if echo ${FILE} | grep -q -E '^[[:xdigit:]]{8}\.r?[[:digit:]]+$' \
+ && [ -h "${FILE}" ]
+ then
+ rm ${FILE}
+ fi
+ done
+
+ ls -1 *.pem *.cer *.crt *.crl 2>/dev/null | while read FILE
+ do
+ REAL_FILE=${FILE}
+ # if we run on build host then get to the real files in rootfs
+ if [ -n "${SYSROOT}" -a -h ${FILE} ]
+ then
+ FILE=$( readlink ${FILE} )
+ # check the symlink is absolute (or dangling in other word)
+ if [ "x/" = "x$( echo ${FILE} | cut -c1 -)" ]
+ then
+ REAL_FILE=${SYSROOT}/${FILE}
+ fi
+ fi
+
+ check_file ${REAL_FILE}
+ local FILE_TYPE=${?}
+ local TYPE_STR=''
+
+ if [ $(( ${FILE_TYPE} & ${IS_CERT} )) -ne 0 ]
+ then
+ TYPE_STR='x509'
+ elif [ $(( ${FILE_TYPE} & ${IS_CRL} )) -ne 0 ]
+ then
+ TYPE_STR='crl'
+ else
+ echo "NOTE: ${FILE} does not contain a certificate or CRL: skipping" >&2
+ continue
+ fi
+
+ link_hash ${REAL_FILE} ${TYPE_STR} ${FILE}
+ done
+}
+
+
+# choose the name of an ssl application
+if [ -n "${OPENSSL}" ]
+then
+ SSL_CMD=$(which ${OPENSSL} 2>/dev/null)
+else
+ SSL_CMD=/usr/bin/openssl
+ OPENSSL=${SSL_CMD}
+ export OPENSSL
+fi
+
+# fix paths
+PATH=${PATH}:${DIR}/bin
+export PATH
+
+# confirm existance/executability of ssl command
+if ! [ -x ${SSL_CMD} ]
+then
+ echo "${0}: rehashing skipped ('openssl' program not available)" >&2
+ exit 0
+fi
+
+# determine which directories to process
+old_IFS=$IFS
+if [ ${#} -gt 0 ]
+then
+ IFS=':'
+ DIRLIST=${*}
+elif [ -n "${SSL_CERT_DIR}" ]
+then
+ DIRLIST=$SSL_CERT_DIR
+else
+ DIRLIST=${DIR}/certs
+fi
+
+IFS=':'
+
+# process directories
+for CERT_DIR in ${DIRLIST}
+do
+ if [ -d ${CERT_DIR} -a -w ${CERT_DIR} ]
+ then
+ IFS=$old_IFS
+ hash_dir ${CERT_DIR}
+ IFS=':'
+ fi
+done
diff --git a/meta/recipes-connectivity/openssl/openssl/openssl-util-perlpath.pl-cwd.patch b/meta/recipes-connectivity/openssl/openssl/openssl-util-perlpath.pl-cwd.patch
new file mode 100644
index 0000000..065b9b1
--- /dev/null
+++ b/meta/recipes-connectivity/openssl/openssl/openssl-util-perlpath.pl-cwd.patch
@@ -0,0 +1,34 @@
+From e427748f3bb5d37e78dc8d70a558c373aa8ababb Mon Sep 17 00:00:00 2001
+From: Robert Yang <liezhi.yang@windriver.com>
+Date: Mon, 19 Sep 2016 22:06:28 -0700
+Subject: [PATCH] util/perlpath.pl: make it work when cwd is not in @INC
+
+Fixed when building on Debian-testing:
+| Can't locate find.pl in @INC (@INC contains: /etc/perl /usr/local/lib/x86_64-linux-gnu/perl/5.22.2 /usr/local/share/perl/5.22.2 /usr/lib/x86_64-linux-gnu/perl5/5.22 /usr/share/perl5 /usr/lib/x86_64-linux-gnu/perl/5.22 /usr/share/perl/5.22 /usr/local/lib/site_perl /usr/lib/x86_64-linux-gnu/perl-base) at perlpath.pl line 7.
+
+The find.pl is added by oe-core, so once openssl/find.pl is removed,
+then this patch can be dropped.
+
+Upstream-Status: Inappropriate [OE-Specific]
+
+Signed-off-by: Robert Yang <liezhi.yang@windriver.com>
+---
+ util/perlpath.pl | 2 ++
+ 1 file changed, 2 insertions(+)
+
+diff --git a/util/perlpath.pl b/util/perlpath.pl
+index a1f236b..5599892 100755
+--- a/util/perlpath.pl
++++ b/util/perlpath.pl
+@@ -4,6 +4,8 @@
+ # line in all scripts that rely on perl.
+ #
+
++BEGIN { unshift @INC, "."; }
++
+ require "find.pl";
+
+ $#ARGV == 0 || print STDERR "usage: perlpath newpath (eg /usr/bin)\n";
+--
+2.9.0
+
diff --git a/meta/recipes-connectivity/openssl/openssl/openssl_fix_for_x32.patch b/meta/recipes-connectivity/openssl/openssl/openssl_fix_for_x32.patch
index cbce32c..0f08a64 100644
--- a/meta/recipes-connectivity/openssl/openssl/openssl_fix_for_x32.patch
+++ b/meta/recipes-connectivity/openssl/openssl/openssl_fix_for_x32.patch
@@ -2,10 +2,10 @@ Upstream-Status: Pending
Received from H J Liu @ Intel
Make the assembly syntax compatible with x32 gcc. Othewise x32 gcc throws errors.
-Signed-Off-By: Nitin A Kamble <nitin.a.kamble@intel.com> 2011/07/13
+Signed-off-by: Nitin A Kamble <nitin.a.kamble@intel.com> 2011/07/13
ported the patch to the 1.0.0e version
-Signed-Off-By: Nitin A Kamble <nitin.a.kamble@intel.com> 2011/12/01
+Signed-off-by: Nitin A Kamble <nitin.a.kamble@intel.com> 2011/12/01
Index: openssl-1.0.2/crypto/bn/bn.h
===================================================================
--- openssl-1.0.2.orig/crypto/bn/bn.h
diff --git a/meta/recipes-connectivity/openssl/openssl/parallel.patch b/meta/recipes-connectivity/openssl/openssl/parallel.patch
index b6c2c14..f3f4c99 100644
--- a/meta/recipes-connectivity/openssl/openssl/parallel.patch
+++ b/meta/recipes-connectivity/openssl/openssl/parallel.patch
@@ -6,6 +6,9 @@ https://gitweb.gentoo.org/repo/gentoo.git/plain/dev-libs/openssl/files/openssl-1
Upstream-Status: Pending
Signed-off-by: Ross Burton <ross.burton@intel.com>
+Refreshed for 1.0.2i
+Signed-off-by: Patrick Ohly <patrick.ohly@intel.com>
+
--- openssl-1.0.2g/crypto/Makefile
+++ openssl-1.0.2g/crypto/Makefile
@@ -85,11 +85,11 @@
@@ -133,7 +136,7 @@ Signed-off-by: Ross Burton <ross.burton@intel.com>
fi; \
--- openssl-1.0.2g/test/Makefile
+++ openssl-1.0.2g/test/Makefile
-@@ -139,7 +139,7 @@
+@@ -144,7 +144,7 @@
tags:
ctags $(SRC)
@@ -142,7 +145,7 @@ Signed-off-by: Ross Burton <ross.burton@intel.com>
apps:
@(cd ..; $(MAKE) DIRS=apps all)
-@@ -421,130 +421,130 @@
+@@ -438,136 +438,136 @@
link_app.$${shlib_target}
$(RSATEST)$(EXE_EXT): $(RSATEST).o $(DLIBCRYPTO)
@@ -309,13 +312,21 @@ Signed-off-by: Ross Burton <ross.burton@intel.com>
- @target=$(CLIENTHELLOTEST) $(BUILD_CMD)
+ +@target=$(CLIENTHELLOTEST) $(BUILD_CMD)
+ $(BADDTLSTEST)$(EXE_EXT): $(BADDTLSTEST).o
+- @target=$(BADDTLSTEST) $(BUILD_CMD)
++ +@target=$(BADDTLSTEST) $(BUILD_CMD)
+
$(SSLV2CONFTEST)$(EXE_EXT): $(SSLV2CONFTEST).o
- @target=$(SSLV2CONFTEST) $(BUILD_CMD)
+ +@target=$(SSLV2CONFTEST) $(BUILD_CMD)
+ $(DTLSTEST)$(EXE_EXT): $(DTLSTEST).o ssltestlib.o $(DLIBSSL) $(DLIBCRYPTO)
+- @target=$(DTLSTEST); exobj=ssltestlib.o; $(BUILD_CMD)
++ +@target=$(DTLSTEST); exobj=ssltestlib.o; $(BUILD_CMD)
+
#$(AESTEST).o: $(AESTEST).c
# $(CC) -c $(CFLAGS) -DINTERMEDIATE_VALUE_KAT -DTRACE_KAT_MCT $(AESTEST).c
-@@ -557,7 +557,7 @@
+@@ -580,6 +580,6 @@
# fi
dummytest$(EXE_EXT): dummytest.o $(DLIBCRYPTO)
diff --git a/meta/recipes-connectivity/openssl/openssl_1.0.2h.bb b/meta/recipes-connectivity/openssl/openssl_1.0.2h.bb
deleted file mode 100644
index 26bc6be..0000000
--- a/meta/recipes-connectivity/openssl/openssl_1.0.2h.bb
+++ /dev/null
@@ -1,82 +0,0 @@
-require openssl.inc
-
-# For target side versions of openssl enable support for OCF Linux driver
-# if they are available.
-DEPENDS += "cryptodev-linux"
-
-CFLAG += "-DHAVE_CRYPTODEV -DUSE_CRYPTODEV_DIGESTS"
-
-LIC_FILES_CHKSUM = "file://LICENSE;md5=27ffa5d74bb5a337056c14b2ef93fbf6"
-
-export DIRS = "crypto ssl apps engines"
-export OE_LDFLAGS="${LDFLAGS}"
-
-SRC_URI += "file://configure-targets.patch \
- file://shared-libs.patch \
- file://oe-ldflags.patch \
- file://engines-install-in-libdir-ssl.patch \
- file://debian1.0.2/block_diginotar.patch \
- file://debian1.0.2/block_digicert_malaysia.patch \
- file://debian/ca.patch \
- file://debian/c_rehash-compat.patch \
- file://debian/debian-targets.patch \
- file://debian/man-dir.patch \
- file://debian/man-section.patch \
- file://debian/no-rpath.patch \
- file://debian/no-symbolic.patch \
- file://debian/pic.patch \
- file://debian1.0.2/version-script.patch \
- file://openssl_fix_for_x32.patch \
- file://fix-cipher-des-ede3-cfb1.patch \
- file://openssl-avoid-NULL-pointer-dereference-in-EVP_DigestInit_ex.patch \
- file://find.pl \
- file://openssl-fix-des.pod-error.patch \
- file://Makefiles-ptest.patch \
- file://ptest-deps.patch \
- file://run-ptest \
- file://crypto_use_bigint_in_x86-64_perl.patch \
- file://openssl-1.0.2a-x32-asm.patch \
- file://ptest_makefile_deps.patch \
- file://parallel.patch \
- file://CVE-2016-2177.patch \
- file://CVE-2016-2178.patch \
- file://CVE-2016-2180.patch \
- file://CVE-2016-2181_p1.patch \
- file://CVE-2016-2181_p2.patch \
- file://CVE-2016-2181_p3.patch \
- file://CVE-2016-2182.patch \
- file://CVE-2016-6302.patch \
- file://CVE-2016-6303.patch \
- file://CVE-2016-6304.patch \
- file://CVE-2016-6306.patch \
- file://CVE-2016-2179.patch \
- file://CVE-2016-8610.patch \
- "
-
-SRC_URI[md5sum] = "9392e65072ce4b614c1392eefc1f23d0"
-SRC_URI[sha256sum] = "1d4007e53aad94a5b2002fe045ee7bb0b3d98f1a47f8b2bc851dcd1c74332919"
-
-PACKAGES =+ " \
- ${PN}-engines \
- ${PN}-engines-dbg \
- "
-
-FILES_${PN}-engines = "${libdir}/ssl/engines/*.so ${libdir}/engines"
-FILES_${PN}-engines-dbg = "${libdir}/ssl/engines/.debug"
-
-PARALLEL_MAKE = ""
-PARALLEL_MAKEINST = ""
-
-do_configure_prepend() {
- cp ${WORKDIR}/find.pl ${S}/util/find.pl
-}
-
-# The crypto_use_bigint patch means that perl's bignum module needs to be
-# installed, but some distributions (for example Fedora 23) don't ship it by
-# default. As the resulting error is very misleading check for bignum before
-# building.
-do_configure_prepend() {
- if ! perl -Mbigint -e true; then
- bbfatal "The perl module 'bignum' was not found but this is required to build openssl. Please install this module (often packaged as perl-bignum) and re-run bitbake."
- fi
-}
diff --git a/meta/recipes-connectivity/openssl/openssl_1.0.2k.bb b/meta/recipes-connectivity/openssl/openssl_1.0.2k.bb
new file mode 100644
index 0000000..f333c8f
--- /dev/null
+++ b/meta/recipes-connectivity/openssl/openssl_1.0.2k.bb
@@ -0,0 +1,64 @@
+require openssl.inc
+
+# For target side versions of openssl enable support for OCF Linux driver
+# if they are available.
+DEPENDS += "cryptodev-linux"
+
+CFLAG += "-DHAVE_CRYPTODEV -DUSE_CRYPTODEV_DIGESTS"
+CFLAG_append_class-native = " -fPIC"
+
+LIC_FILES_CHKSUM = "file://LICENSE;md5=27ffa5d74bb5a337056c14b2ef93fbf6"
+
+export DIRS = "crypto ssl apps engines"
+export OE_LDFLAGS="${LDFLAGS}"
+
+SRC_URI += "file://find.pl;subdir=${BP}/util/ \
+ file://run-ptest \
+ file://openssl-c_rehash.sh \
+ file://configure-targets.patch \
+ file://shared-libs.patch \
+ file://oe-ldflags.patch \
+ file://engines-install-in-libdir-ssl.patch \
+ file://debian1.0.2/block_diginotar.patch \
+ file://debian1.0.2/block_digicert_malaysia.patch \
+ file://debian/ca.patch \
+ file://debian/c_rehash-compat.patch \
+ file://debian/debian-targets.patch \
+ file://debian/man-dir.patch \
+ file://debian/man-section.patch \
+ file://debian/no-rpath.patch \
+ file://debian/no-symbolic.patch \
+ file://debian/pic.patch \
+ file://debian1.0.2/version-script.patch \
+ file://openssl_fix_for_x32.patch \
+ file://fix-cipher-des-ede3-cfb1.patch \
+ file://openssl-avoid-NULL-pointer-dereference-in-EVP_DigestInit_ex.patch \
+ file://openssl-fix-des.pod-error.patch \
+ file://Makefiles-ptest.patch \
+ file://ptest-deps.patch \
+ file://openssl-1.0.2a-x32-asm.patch \
+ file://ptest_makefile_deps.patch \
+ file://parallel.patch \
+ file://openssl-util-perlpath.pl-cwd.patch \
+ file://0002-CVE-2017-3731.patch \
+ "
+SRC_URI[md5sum] = "f965fc0bf01bf882b31314b61391ae65"
+SRC_URI[sha256sum] = "6b3977c61f2aedf0f96367dcfb5c6e578cf37e7b8d913b4ecb6643c3cb88d8c0"
+
+PACKAGES =+ " \
+ ${PN}-engines \
+ ${PN}-engines-dbg \
+ "
+
+FILES_${PN}-engines = "${libdir}/ssl/engines/*.so ${libdir}/engines"
+FILES_${PN}-engines-dbg = "${libdir}/ssl/engines/.debug"
+
+# The crypto_use_bigint patch means that perl's bignum module needs to be
+# installed, but some distributions (for example Fedora 23) don't ship it by
+# default. As the resulting error is very misleading check for bignum before
+# building.
+do_configure_prepend() {
+ if ! perl -Mbigint -e true; then
+ bbfatal "The perl module 'bignum' was not found but this is required to build openssl. Please install this module (often packaged as perl-bignum) and re-run bitbake."
+ fi
+}
--
2.7.4
^ permalink raw reply related [flat|nested] 4+ messages in thread
* Re: [jethro][PATCH] openssl: upgrade 1.0.2h -> 1.0.2k
2017-03-06 3:20 ` [jethro][PATCH] openssl: upgrade 1.0.2h -> 1.0.2k Rebecca Chang Swee Fun
@ 2017-03-06 15:02 ` Leonardo Sandoval
0 siblings, 0 replies; 4+ messages in thread
From: Leonardo Sandoval @ 2017-03-06 15:02 UTC (permalink / raw)
To: Rebecca Chang Swee Fun; +Cc: openembedded-core
For the moment, patchtest is not sending its results, but this is what
it reported for the series sent:
* Issue Added patch file is missing Upstream-Status in the
header [test_upstream_status_presence]
Suggested fix Add Upstream-Status: <status> to the header of meta/recipes-connectivity/openssl/openssl/debian/version-script.patch (possible values: Pending, Submitted, Accepted, Backport, Denied, Inappropriate)
* Issue A patch file has been added, but does not have a Signed-off-by tag [test_signed_off_by_presence]
Suggested fix Sign off the added patch file (meta/recipes-connectivity/openssl/openssl/debian/version-script.patch)
On Mon, 2017-03-06 at 11:20 +0800, Rebecca Chang Swee Fun wrote:
> From: "Chang, Rebecca Swee Fun" <rebecca.swee.fun.chang@intel.com>
>
> This upgrade fixes several security CVEs:
> * Carry propagating bug in Montgomery multiplication (CVE-2016-7055)
> * Truncated packet could crash via OOB read (CVE-2017-3731p1)
> * BN_mod_exp may produce incorrect results on x86_64 (CVE-2017-3732)
>
> Backported 0002-CVE-2017-3731.patch for CVE-2017-3731p2 from:
> OE-Core rev: 1fe1cb3e6e03b4f7f0d30b2b67edc8809a18fe70
>
> This upgrade includes several bug fixes from OE-Core master:
> * openssl: Add Shell-Script based c_rehash utility
> (From OE-Core rev: cb6150f1a779e356f120d5e45c91fda75789970a)
> * openssl: use subdir= instead of moving files in do_configure_prepend()
> (From OE-Core rev: a960b6024f1b17994b0f4683a4e70fd2a079bd90)
> * openssl: enable parallel make
> (From OE-Core rev: ea89857f17a374b6095371ebe2422d2e83735cee)
> * openssl: fix ptest issues
> (From OE-Core rev: 928adfc807d3c812fcd748e2cf65f392eebd852c)
> * openssl.inc: avoid random ptest failures
> (From OE-Core rev: 101e2a5e0b7822ca3de3d3a73369405c05ab3c5b)
> * openssl: Add support for many MIPS configurations
> (From OE-Core rev: cd1f6fbf9a2113cf510c25de2eb3895468e79149)
> * openssl: fix mips64 configure support
> (From OE-Core rev: 245113ca1075bc3f0c47952e80b437229f855080)
> * openssl: Use linux-aarch64 target for aarch64
> (From OE-Core rev: 13e9a692510151383bc3243c3917154896b0e049)
> * openssl: Ensure SSL certificates are stored on sysconfdir
> (From OE-Core rev: 50d63fa346bbb05dafffc0cb55e21e1092272d95)
> * openssl.inc: minor packaging cleanup
> (From OE-Core rev: 3f81b516e2f23683ce6129bb79bcc08263cb7fe1)
> * openssl: don't move libcrypto to base_libdir
> (From OE-Core rev: 0be2ab32f690a2fcba0e821abe11460958bbc6dc)
> * openssl: fix add missing dependencies building for test directory
> (From OE-Core rev: 030142d0410bec85aeacfff6be27d5fed41ce808)
> * openssl: fix add missing `make depend` command before `make` library
> (From OE-Core rev: e3c251427a305780d3257a011260bd978de273d5)
>
> The following CVEs has been fixed in 1.0.2k.
> Hence, removing the patchset from this layer.
> * CVE-2016-2177, CVE-2016-2178, CVE-2016-2179,
> * CVE-2016-2180, CVE-2016-2181, CVE-2016-2182,
> * CVE-2016-6302, CVE-2016-6303, CVE-2016-6304,
> * CVE-2016-6306, CVE-2016-8610
>
> Signed-off-by: Chang, Rebecca Swee Fun <rebecca.swee.fun.chang@intel.com>
> ---
> meta/recipes-connectivity/openssl/openssl.inc | 104 +-
> .../openssl/openssl/0002-CVE-2017-3731.patch | 53 +
> .../openssl/openssl/CVE-2016-2177.patch | 286 --
> .../openssl/openssl/CVE-2016-2178.patch | 51 -
> .../openssl/openssl/CVE-2016-2179.patch | 255 --
> .../openssl/openssl/CVE-2016-2180.patch | 44 -
> .../openssl/openssl/CVE-2016-2181_p1.patch | 91 -
> .../openssl/openssl/CVE-2016-2181_p2.patch | 239 -
> .../openssl/openssl/CVE-2016-2181_p3.patch | 30 -
> .../openssl/openssl/CVE-2016-2182.patch | 70 -
> .../openssl/openssl/CVE-2016-6302.patch | 53 -
> .../openssl/openssl/CVE-2016-6303.patch | 36 -
> .../openssl/openssl/CVE-2016-6304.patch | 75 -
> .../openssl/openssl/CVE-2016-6306.patch | 71 -
> .../openssl/openssl/CVE-2016-8610.patch | 124 -
> .../Use-SHA256-not-MD5-as-default-digest.patch | 69 +
> .../openssl/crypto_use_bigint_in_x86-64_perl.patch | 33 -
> .../openssl/openssl/debian/ca.patch | 2 +-
> .../openssl/openssl/debian/version-script.patch | 4663 ++++++++++++++++++++
> .../openssl/debian1.0.2/version-script.patch | 31 +-
> .../openssl/openssl/fix-cipher-des-ede3-cfb1.patch | 2 +-
> .../openssl/openssl/openssl-c_rehash.sh | 222 +
> .../openssl/openssl-util-perlpath.pl-cwd.patch | 34 +
> .../openssl/openssl/openssl_fix_for_x32.patch | 4 +-
> .../openssl/openssl/parallel.patch | 17 +-
> .../recipes-connectivity/openssl/openssl_1.0.2h.bb | 82 -
> .../recipes-connectivity/openssl/openssl_1.0.2k.bb | 64 +
> 27 files changed, 5200 insertions(+), 1605 deletions(-)
> create mode 100644 meta/recipes-connectivity/openssl/openssl/0002-CVE-2017-3731.patch
> delete mode 100644 meta/recipes-connectivity/openssl/openssl/CVE-2016-2177.patch
> delete mode 100644 meta/recipes-connectivity/openssl/openssl/CVE-2016-2178.patch
> delete mode 100644 meta/recipes-connectivity/openssl/openssl/CVE-2016-2179.patch
> delete mode 100644 meta/recipes-connectivity/openssl/openssl/CVE-2016-2180.patch
> delete mode 100644 meta/recipes-connectivity/openssl/openssl/CVE-2016-2181_p1.patch
> delete mode 100644 meta/recipes-connectivity/openssl/openssl/CVE-2016-2181_p2.patch
> delete mode 100644 meta/recipes-connectivity/openssl/openssl/CVE-2016-2181_p3.patch
> delete mode 100644 meta/recipes-connectivity/openssl/openssl/CVE-2016-2182.patch
> delete mode 100644 meta/recipes-connectivity/openssl/openssl/CVE-2016-6302.patch
> delete mode 100644 meta/recipes-connectivity/openssl/openssl/CVE-2016-6303.patch
> delete mode 100644 meta/recipes-connectivity/openssl/openssl/CVE-2016-6304.patch
> delete mode 100644 meta/recipes-connectivity/openssl/openssl/CVE-2016-6306.patch
> delete mode 100644 meta/recipes-connectivity/openssl/openssl/CVE-2016-8610.patch
> create mode 100644 meta/recipes-connectivity/openssl/openssl/Use-SHA256-not-MD5-as-default-digest.patch
> delete mode 100644 meta/recipes-connectivity/openssl/openssl/crypto_use_bigint_in_x86-64_perl.patch
> create mode 100644 meta/recipes-connectivity/openssl/openssl/debian/version-script.patch
> create mode 100644 meta/recipes-connectivity/openssl/openssl/openssl-c_rehash.sh
> create mode 100644 meta/recipes-connectivity/openssl/openssl/openssl-util-perlpath.pl-cwd.patch
> delete mode 100644 meta/recipes-connectivity/openssl/openssl_1.0.2h.bb
> create mode 100644 meta/recipes-connectivity/openssl/openssl_1.0.2k.bb
>
> diff --git a/meta/recipes-connectivity/openssl/openssl.inc b/meta/recipes-connectivity/openssl/openssl.inc
> index 8af423f..c728272 100644
> --- a/meta/recipes-connectivity/openssl/openssl.inc
> +++ b/meta/recipes-connectivity/openssl/openssl.inc
> @@ -8,7 +8,7 @@ SECTION = "libs/network"
> LICENSE = "openssl"
> LIC_FILES_CHKSUM = "file://LICENSE;md5=f9a8f968107345e0b75aa8c2ecaa7ec8"
>
> -DEPENDS = "perl-native-runtime"
> +DEPENDS = "makedepend-native perl-native-runtime"
> DEPENDS_append_class-target = " openssl-native"
>
> SRC_URI = "http://www.openssl.org/source/openssl-${PV}.tar.gz \
> @@ -18,35 +18,31 @@ S = "${WORKDIR}/openssl-${PV}"
> PACKAGECONFIG[perl] = ",,,"
>
> AR_append = " r"
> -# Avoid binaries being marked as requiring an executable stack since it
> +# Avoid binaries being marked as requiring an executable stack since it
> # doesn't(which causes and this causes issues with SELinux
> CFLAG = "${@base_conditional('SITEINFO_ENDIANNESS', 'le', '-DL_ENDIAN', '-DB_ENDIAN', d)} \
> - -DTERMIO ${CFLAGS} -Wall -Wa,--noexecstack"
> -
> -# -02 does not work on mipsel: ssh hangs when it tries to read /dev/urandom
> -CFLAG_mtx-1 := "${@'${CFLAG}'.replace('-O2', '')}"
> -CFLAG_mtx-2 := "${@'${CFLAG}'.replace('-O2', '')}"
> + -DTERMIO ${CFLAGS} -Wall -Wa,--noexecstack"
>
> export DIRS = "crypto ssl apps"
> export EX_LIBS = "-lgcc -ldl"
> export AS = "${CC} -c"
> +EXTRA_OEMAKE = "-e MAKEFLAGS="
>
> inherit pkgconfig siteinfo multilib_header ptest
>
> PACKAGES =+ "libcrypto libssl ${PN}-misc openssl-conf"
> -FILES_libcrypto = "${base_libdir}/libcrypto${SOLIBS}"
> -FILES_libssl = "${libdir}/libssl.so.*"
> +FILES_libcrypto = "${libdir}/libcrypto${SOLIBS}"
> +FILES_libssl = "${libdir}/libssl${SOLIBS}"
> FILES_${PN} =+ " ${libdir}/ssl/*"
> -FILES_${PN}-misc = "${libdir}/ssl/misc ${bindir}/c_rehash"
> +FILES_${PN}-misc = "${libdir}/ssl/misc"
> RDEPENDS_${PN}-misc = "${@bb.utils.contains('PACKAGECONFIG', 'perl', 'perl', '', d)}"
> -FILES_${PN}-dev += "${base_libdir}/libcrypto${SOLIBSDEV}"
>
> # Add the openssl.cnf file to the openssl-conf package. Make the libcrypto
> # package RRECOMMENDS on this package. This will enable the configuration
> # file to be installed for both the base openssl package and the libcrypto
> # package since the base openssl package depends on the libcrypto package.
> -FILES_openssl-conf = "${libdir}/ssl/openssl.cnf"
> -CONFFILES_openssl-conf = "${libdir}/ssl/openssl.cnf"
> +FILES_openssl-conf = "${sysconfdir}/ssl/openssl.cnf"
> +CONFFILES_openssl-conf = "${sysconfdir}/ssl/openssl.cnf"
> RRECOMMENDS_libcrypto += "openssl-conf"
> RDEPENDS_${PN}-ptest += "${PN}-misc make perl perl-module-filehandle bc"
>
> @@ -86,7 +82,7 @@ do_configure () {
> target=linux-elf-armeb
> ;;
> linux-aarch64*)
> - target=linux-generic64
> + target=linux-aarch64
> ;;
> linux-sh3)
> target=debian-sh3
> @@ -109,15 +105,24 @@ do_configure () {
> linux-gnu64-x86_64)
> target=linux-x86_64
> ;;
> - linux-mips)
> - target=debian-mips
> + linux-gnun32-mips*el)
> + target=debian-mipsn32el
> + ;;
> + linux-gnun32-mips*)
> + target=debian-mipsn32
> ;;
> - linux-mipsel)
> + linux-mips*64*el)
> + target=debian-mips64el
> + ;;
> + linux-mips*64*)
> + target=debian-mips64
> + ;;
> + linux-mips*el)
> target=debian-mipsel
> ;;
> - linux-*-mips64)
> - target=linux-mips
> - ;;
> + linux-mips*)
> + target=debian-mips
> + ;;
> linux-microblaze*|linux-nios2*)
> target=linux-generic32
> ;;
> @@ -142,7 +147,7 @@ do_configure () {
> useprefix=${prefix}
> if [ "x$useprefix" = "x" ]; then
> useprefix=/
> - fi
> + fi
> perl ./Configure ${EXTRA_OECONF} shared --prefix=$useprefix --openssldir=${libdir}/ssl --libdir=`basename ${libdir}` $target
> }
>
> @@ -151,10 +156,14 @@ do_compile_prepend_class-target () {
> }
>
> do_compile () {
> + oe_runmake depend
> oe_runmake
> }
>
> do_compile_ptest () {
> + # build dependencies for test directory too
> + export DIRS="$DIRS test"
> + oe_runmake depend
> oe_runmake buildtest
> }
>
> @@ -167,40 +176,63 @@ do_install () {
> oe_libinstall -so libcrypto ${D}${libdir}
> oe_libinstall -so libssl ${D}${libdir}
>
> - # Moving libcrypto to /lib
> - if [ ! ${D}${libdir} -ef ${D}${base_libdir} ]; then
> - mkdir -p ${D}/${base_libdir}/
> - mv ${D}${libdir}/libcrypto* ${D}${base_libdir}/
> - sed -i s#libdir=\$\{exec_prefix\}\/lib#libdir=${base_libdir}# ${D}/${libdir}/pkgconfig/libcrypto.pc
> - fi
> -
> install -d ${D}${includedir}
> cp --dereference -R include/openssl ${D}${includedir}
>
> + install -Dm 0755 ${WORKDIR}/openssl-c_rehash.sh ${D}${bindir}/c_rehash
> + sed -i -e 's,/etc/openssl,${sysconfdir}/ssl,g' ${D}${bindir}/c_rehash
> +
> oe_multilib_header openssl/opensslconf.h
> if [ "${@bb.utils.contains('PACKAGECONFIG', 'perl', 'perl', '', d)}" = "perl" ]; then
> - install -m 0755 ${S}/tools/c_rehash ${D}${bindir}
> - sed -i -e '1s,.*,#!${bindir}/env perl,' ${D}${bindir}/c_rehash
> sed -i -e '1s,.*,#!${bindir}/env perl,' ${D}${libdir}/ssl/misc/CA.pl
> sed -i -e '1s,.*,#!${bindir}/env perl,' ${D}${libdir}/ssl/misc/tsget
> - # The c_rehash utility isn't installed by the normal installation process.
> else
> - rm -f ${D}${bindir}/c_rehash
> rm -f ${D}${libdir}/ssl/misc/CA.pl ${D}${libdir}/ssl/misc/tsget
> fi
> +
> + # Create SSL structure
> + install -d ${D}${sysconfdir}/ssl/
> + mv ${D}${libdir}/ssl/openssl.cnf \
> + ${D}${libdir}/ssl/certs \
> + ${D}${libdir}/ssl/private \
> + \
> + ${D}${sysconfdir}/ssl/
> + ln -sf ${sysconfdir}/ssl/certs ${D}${libdir}/ssl/certs
> + ln -sf ${sysconfdir}/ssl/private ${D}${libdir}/ssl/private
> + ln -sf ${sysconfdir}/ssl/openssl.cnf ${D}${libdir}/ssl/openssl.cnf
> }
>
> do_install_ptest () {
> - cp -r Makefile test ${D}${PTEST_PATH}
> + cp -r -L Makefile.org Makefile test ${D}${PTEST_PATH}
> + cp Configure config e_os.h ${D}${PTEST_PATH}
> + cp -r -L include ${D}${PTEST_PATH}
> + ln -sf ${libdir}/libcrypto.a ${D}${PTEST_PATH}
> + ln -sf ${libdir}/libssl.a ${D}${PTEST_PATH}
> + mkdir -p ${D}${PTEST_PATH}/crypto
> + cp crypto/constant_time_locl.h ${D}${PTEST_PATH}/crypto
> cp -r certs ${D}${PTEST_PATH}
> mkdir -p ${D}${PTEST_PATH}/apps
> - ln -sf /usr/lib/ssl/misc/CA.sh ${D}${PTEST_PATH}/apps
> - ln -sf /usr/lib/ssl/openssl.cnf ${D}${PTEST_PATH}/apps
> - ln -sf /usr/bin/openssl ${D}${PTEST_PATH}/apps
> + ln -sf ${libdir}/ssl/misc/CA.sh ${D}${PTEST_PATH}/apps
> + ln -sf ${sysconfdir}/ssl/openssl.cnf ${D}${PTEST_PATH}/apps
> + ln -sf ${bindir}/openssl ${D}${PTEST_PATH}/apps
> + cp apps/server.pem ${D}${PTEST_PATH}/apps
> cp apps/server2.pem ${D}${PTEST_PATH}/apps
> mkdir -p ${D}${PTEST_PATH}/util
> install util/opensslwrap.sh ${D}${PTEST_PATH}/util
> install util/shlib_wrap.sh ${D}${PTEST_PATH}/util
> + # Time stamps are relevant for "make alltests", otherwise
> + # make may try to recompile binaries. Not only must the
> + # binary files be newer than the sources, they also must
> + # be more recent than the header files in /usr/include.
> + #
> + # Using "cp -a" is not sufficient, because do_install
> + # does not preserve the original time stamps.
> + #
> + # So instead of using the original file stamps, we set
> + # the current time for all files. Binaries will get
> + # modified again later when stripping them, but that's okay.
> + touch ${D}${PTEST_PATH}
> + find ${D}${PTEST_PATH} -type f -print0 | xargs --verbose -0 touch -r ${D}${PTEST_PATH}
> }
>
> do_install_append_class-native() {
> diff --git a/meta/recipes-connectivity/openssl/openssl/0002-CVE-2017-3731.patch b/meta/recipes-connectivity/openssl/openssl/0002-CVE-2017-3731.patch
> new file mode 100644
> index 0000000..b56b2d5
> --- /dev/null
> +++ b/meta/recipes-connectivity/openssl/openssl/0002-CVE-2017-3731.patch
> @@ -0,0 +1,53 @@
> +From 6427f1accc54b515bb899370f1a662bfcb1caa52 Mon Sep 17 00:00:00 2001
> +From: Alexandru Moise <alexandru.moise@windriver.com>
> +Date: Tue, 7 Feb 2017 11:16:13 +0200
> +Subject: [PATCH 2/2] crypto/evp: harden AEAD ciphers.
> +MIME-Version: 1.0
> +Content-Type: text/plain; charset=UTF-8
> +Content-Transfer-Encoding: 8bit
> +
> +Originally a crash in 32-bit build was reported CHACHA20-POLY1305
> +cipher. The crash is triggered by truncated packet and is result
> +of excessive hashing to the edge of accessible memory. Since hash
> +operation is read-only it is not considered to be exploitable
> +beyond a DoS condition. Other ciphers were hardened.
> +
> +Thanks to Robert Święcki for report.
> +
> +CVE-2017-3731
> +
> +Backported from upstream commit:
> +2198b3a55de681e1f3c23edb0586afe13f438051
> +
> +Upstream-Status: Backport
> +
> +Reviewed-by: Rich Salz <rsalz@openssl.org>
> +Signed-off-by: Alexandru Moise <alexandru.moise@windriver.com>
> +---
> + crypto/evp/e_aes.c | 7 ++++++-
> + 1 file changed, 6 insertions(+), 1 deletion(-)
> +
> +diff --git a/crypto/evp/e_aes.c b/crypto/evp/e_aes.c
> +index 1734a82..16dcd10 100644
> +--- a/crypto/evp/e_aes.c
> ++++ b/crypto/evp/e_aes.c
> +@@ -1235,10 +1235,15 @@ static int aes_gcm_ctrl(EVP_CIPHER_CTX *c, int type, int arg, void *ptr)
> + {
> + unsigned int len = c->buf[arg - 2] << 8 | c->buf[arg - 1];
> + /* Correct length for explicit IV */
> ++ if (len < EVP_GCM_TLS_EXPLICIT_IV_LEN)
> ++ return 0;
> + len -= EVP_GCM_TLS_EXPLICIT_IV_LEN;
> + /* If decrypting correct for tag too */
> +- if (!c->encrypt)
> ++ if (!c->encrypt) {
> ++ if (len < EVP_GCM_TLS_TAG_LEN)
> ++ return 0;
> + len -= EVP_GCM_TLS_TAG_LEN;
> ++ }
> + c->buf[arg - 2] = len >> 8;
> + c->buf[arg - 1] = len & 0xff;
> + }
> +--
> +2.10.2
> +
> diff --git a/meta/recipes-connectivity/openssl/openssl/CVE-2016-2177.patch b/meta/recipes-connectivity/openssl/openssl/CVE-2016-2177.patch
> deleted file mode 100644
> index df36d5f..0000000
> --- a/meta/recipes-connectivity/openssl/openssl/CVE-2016-2177.patch
> +++ /dev/null
> @@ -1,286 +0,0 @@
> -From a004e72b95835136d3f1ea90517f706c24c03da7 Mon Sep 17 00:00:00 2001
> -From: Matt Caswell <matt@openssl.org>
> -Date: Thu, 5 May 2016 11:10:26 +0100
> -Subject: [PATCH] Avoid some undefined pointer arithmetic
> -
> -A common idiom in the codebase is:
> -
> -if (p + len > limit)
> -{
> - return; /* Too long */
> -}
> -
> -Where "p" points to some malloc'd data of SIZE bytes and
> -limit == p + SIZE
> -
> -"len" here could be from some externally supplied data (e.g. from a TLS
> -message).
> -
> -The rules of C pointer arithmetic are such that "p + len" is only well
> -defined where len <= SIZE. Therefore the above idiom is actually
> -undefined behaviour.
> -
> -For example this could cause problems if some malloc implementation
> -provides an address for "p" such that "p + len" actually overflows for
> -values of len that are too big and therefore p + len < limit!
> -
> -Issue reported by Guido Vranken.
> -
> -CVE-2016-2177
> -
> -Reviewed-by: Rich Salz <rsalz@openssl.org>
> -
> -Upstream-Status: Backport
> -CVE: CVE-2016-2177
> -
> -Signed-off-by: Armin Kuster <akuster@mvista.com>
> -
> -
> ----
> - ssl/s3_srvr.c | 14 +++++++-------
> - ssl/ssl_sess.c | 2 +-
> - ssl/t1_lib.c | 56 ++++++++++++++++++++++++++++++--------------------------
> - 3 files changed, 38 insertions(+), 34 deletions(-)
> -
> -diff --git a/ssl/s3_srvr.c b/ssl/s3_srvr.c
> -index ab28702..ab7f690 100644
> ---- a/ssl/s3_srvr.c
> -+++ b/ssl/s3_srvr.c
> -@@ -980,7 +980,7 @@ int ssl3_get_client_hello(SSL *s)
> -
> - session_length = *(p + SSL3_RANDOM_SIZE);
> -
> -- if (p + SSL3_RANDOM_SIZE + session_length + 1 >= d + n) {
> -+ if (SSL3_RANDOM_SIZE + session_length + 1 >= (d + n) - p) {
> - al = SSL_AD_DECODE_ERROR;
> - SSLerr(SSL_F_SSL3_GET_CLIENT_HELLO, SSL_R_LENGTH_TOO_SHORT);
> - goto f_err;
> -@@ -998,7 +998,7 @@ int ssl3_get_client_hello(SSL *s)
> - /* get the session-id */
> - j = *(p++);
> -
> -- if (p + j > d + n) {
> -+ if ((d + n) - p < j) {
> - al = SSL_AD_DECODE_ERROR;
> - SSLerr(SSL_F_SSL3_GET_CLIENT_HELLO, SSL_R_LENGTH_TOO_SHORT);
> - goto f_err;
> -@@ -1054,14 +1054,14 @@ int ssl3_get_client_hello(SSL *s)
> -
> - if (SSL_IS_DTLS(s)) {
> - /* cookie stuff */
> -- if (p + 1 > d + n) {
> -+ if ((d + n) - p < 1) {
> - al = SSL_AD_DECODE_ERROR;
> - SSLerr(SSL_F_SSL3_GET_CLIENT_HELLO, SSL_R_LENGTH_TOO_SHORT);
> - goto f_err;
> - }
> - cookie_len = *(p++);
> -
> -- if (p + cookie_len > d + n) {
> -+ if ((d + n ) - p < cookie_len) {
> - al = SSL_AD_DECODE_ERROR;
> - SSLerr(SSL_F_SSL3_GET_CLIENT_HELLO, SSL_R_LENGTH_TOO_SHORT);
> - goto f_err;
> -@@ -1131,7 +1131,7 @@ int ssl3_get_client_hello(SSL *s)
> - }
> - }
> -
> -- if (p + 2 > d + n) {
> -+ if ((d + n ) - p < 2) {
> - al = SSL_AD_DECODE_ERROR;
> - SSLerr(SSL_F_SSL3_GET_CLIENT_HELLO, SSL_R_LENGTH_TOO_SHORT);
> - goto f_err;
> -@@ -1145,7 +1145,7 @@ int ssl3_get_client_hello(SSL *s)
> - }
> -
> - /* i bytes of cipher data + 1 byte for compression length later */
> -- if ((p + i + 1) > (d + n)) {
> -+ if ((d + n) - p < i + 1) {
> - /* not enough data */
> - al = SSL_AD_DECODE_ERROR;
> - SSLerr(SSL_F_SSL3_GET_CLIENT_HELLO, SSL_R_LENGTH_MISMATCH);
> -@@ -1211,7 +1211,7 @@ int ssl3_get_client_hello(SSL *s)
> -
> - /* compression */
> - i = *(p++);
> -- if ((p + i) > (d + n)) {
> -+ if ((d + n) - p < i) {
> - /* not enough data */
> - al = SSL_AD_DECODE_ERROR;
> - SSLerr(SSL_F_SSL3_GET_CLIENT_HELLO, SSL_R_LENGTH_MISMATCH);
> -diff --git a/ssl/ssl_sess.c b/ssl/ssl_sess.c
> -index b182998..54ee783 100644
> ---- a/ssl/ssl_sess.c
> -+++ b/ssl/ssl_sess.c
> -@@ -573,7 +573,7 @@ int ssl_get_prev_session(SSL *s, unsigned char *session_id, int len,
> - int r;
> - #endif
> -
> -- if (session_id + len > limit) {
> -+ if (limit - session_id < len) {
> - fatal = 1;
> - goto err;
> - }
> -diff --git a/ssl/t1_lib.c b/ssl/t1_lib.c
> -index fb64607..cdac011 100644
> ---- a/ssl/t1_lib.c
> -+++ b/ssl/t1_lib.c
> -@@ -1867,11 +1867,11 @@ static void ssl_check_for_safari(SSL *s, const unsigned char *data,
> - 0x02, 0x03, /* SHA-1/ECDSA */
> - };
> -
> -- if (data >= (limit - 2))
> -+ if (limit - data <= 2)
> - return;
> - data += 2;
> -
> -- if (data > (limit - 4))
> -+ if (limit - data < 4)
> - return;
> - n2s(data, type);
> - n2s(data, size);
> -@@ -1879,7 +1879,7 @@ static void ssl_check_for_safari(SSL *s, const unsigned char *data,
> - if (type != TLSEXT_TYPE_server_name)
> - return;
> -
> -- if (data + size > limit)
> -+ if (limit - data < size)
> - return;
> - data += size;
> -
> -@@ -1887,7 +1887,7 @@ static void ssl_check_for_safari(SSL *s, const unsigned char *data,
> - const size_t len1 = sizeof(kSafariExtensionsBlock);
> - const size_t len2 = sizeof(kSafariTLS12ExtensionsBlock);
> -
> -- if (data + len1 + len2 != limit)
> -+ if (limit - data != (int)(len1 + len2))
> - return;
> - if (memcmp(data, kSafariExtensionsBlock, len1) != 0)
> - return;
> -@@ -1896,7 +1896,7 @@ static void ssl_check_for_safari(SSL *s, const unsigned char *data,
> - } else {
> - const size_t len = sizeof(kSafariExtensionsBlock);
> -
> -- if (data + len != limit)
> -+ if (limit - data != (int)(len))
> - return;
> - if (memcmp(data, kSafariExtensionsBlock, len) != 0)
> - return;
> -@@ -2053,19 +2053,19 @@ static int ssl_scan_clienthello_tlsext(SSL *s, unsigned char **p,
> - if (data == limit)
> - goto ri_check;
> -
> -- if (data > (limit - 2))
> -+ if (limit - data < 2)
> - goto err;
> -
> - n2s(data, len);
> -
> -- if (data + len != limit)
> -+ if (limit - data != len)
> - goto err;
> -
> -- while (data <= (limit - 4)) {
> -+ while (limit - data >= 4) {
> - n2s(data, type);
> - n2s(data, size);
> -
> -- if (data + size > (limit))
> -+ if (limit - data < size)
> - goto err;
> - # if 0
> - fprintf(stderr, "Received extension type %d size %d\n", type, size);
> -@@ -2472,18 +2472,18 @@ static int ssl_scan_clienthello_custom_tlsext(SSL *s,
> - if (s->hit || s->cert->srv_ext.meths_count == 0)
> - return 1;
> -
> -- if (data >= limit - 2)
> -+ if (limit - data <= 2)
> - return 1;
> - n2s(data, len);
> -
> -- if (data > limit - len)
> -+ if (limit - data < len)
> - return 1;
> -
> -- while (data <= limit - 4) {
> -+ while (limit - data >= 4) {
> - n2s(data, type);
> - n2s(data, size);
> -
> -- if (data + size > limit)
> -+ if (limit - data < size)
> - return 1;
> - if (custom_ext_parse(s, 1 /* server */ , type, data, size, al) <= 0)
> - return 0;
> -@@ -2569,20 +2569,20 @@ static int ssl_scan_serverhello_tlsext(SSL *s, unsigned char **p,
> - SSL_TLSEXT_HB_DONT_SEND_REQUESTS);
> - # endif
> -
> -- if (data >= (d + n - 2))
> -+ if ((d + n) - data <= 2)
> - goto ri_check;
> -
> - n2s(data, length);
> -- if (data + length != d + n) {
> -+ if ((d + n) - data != length) {
> - *al = SSL_AD_DECODE_ERROR;
> - return 0;
> - }
> -
> -- while (data <= (d + n - 4)) {
> -+ while ((d + n) - data >= 4) {
> - n2s(data, type);
> - n2s(data, size);
> -
> -- if (data + size > (d + n))
> -+ if ((d + n) - data < size)
> - goto ri_check;
> -
> - if (s->tlsext_debug_cb)
> -@@ -3307,29 +3307,33 @@ int tls1_process_ticket(SSL *s, unsigned char *session_id, int len,
> - /* Skip past DTLS cookie */
> - if (SSL_IS_DTLS(s)) {
> - i = *(p++);
> -- p += i;
> -- if (p >= limit)
> -+
> -+ if (limit - p <= i)
> - return -1;
> -+
> -+ p += i;
> - }
> - /* Skip past cipher list */
> - n2s(p, i);
> -- p += i;
> -- if (p >= limit)
> -+ if (limit - p <= i)
> - return -1;
> -+ p += i;
> -+
> - /* Skip past compression algorithm list */
> - i = *(p++);
> -- p += i;
> -- if (p > limit)
> -+ if (limit - p < i)
> - return -1;
> -+ p += i;
> -+
> - /* Now at start of extensions */
> -- if ((p + 2) >= limit)
> -+ if (limit - p <= 2)
> - return 0;
> - n2s(p, i);
> -- while ((p + 4) <= limit) {
> -+ while (limit - p >= 4) {
> - unsigned short type, size;
> - n2s(p, type);
> - n2s(p, size);
> -- if (p + size > limit)
> -+ if (limit - p < size)
> - return 0;
> - if (type == TLSEXT_TYPE_session_ticket) {
> - int r;
> ---
> -2.3.5
> -
> diff --git a/meta/recipes-connectivity/openssl/openssl/CVE-2016-2178.patch b/meta/recipes-connectivity/openssl/openssl/CVE-2016-2178.patch
> deleted file mode 100644
> index 27ade4e..0000000
> --- a/meta/recipes-connectivity/openssl/openssl/CVE-2016-2178.patch
> +++ /dev/null
> @@ -1,51 +0,0 @@
> -From 399944622df7bd81af62e67ea967c470534090e2 Mon Sep 17 00:00:00 2001
> -From: Cesar Pereida <cesar.pereida@aalto.fi>
> -Date: Mon, 23 May 2016 12:45:25 +0300
> -Subject: [PATCH] Fix DSA, preserve BN_FLG_CONSTTIME
> -
> -Operations in the DSA signing algorithm should run in constant time in
> -order to avoid side channel attacks. A flaw in the OpenSSL DSA
> -implementation means that a non-constant time codepath is followed for
> -certain operations. This has been demonstrated through a cache-timing
> -attack to be sufficient for an attacker to recover the private DSA key.
> -
> -CVE-2016-2178
> -
> -Reviewed-by: Richard Levitte <levitte@openssl.org>
> -Reviewed-by: Matt Caswell <matt@openssl.org>
> -
> -Upstream-Status: Backport
> -CVE: CVE-2016-2178
> -
> -Signed-off-by: Armin Kuster <akuster@mvista.com>
> -
> ----
> - crypto/dsa/dsa_ossl.c | 9 +++++----
> - 1 file changed, 5 insertions(+), 4 deletions(-)
> -
> -Index: openssl-1.0.2h/crypto/dsa/dsa_ossl.c
> -===================================================================
> ---- openssl-1.0.2h.orig/crypto/dsa/dsa_ossl.c
> -+++ openssl-1.0.2h/crypto/dsa/dsa_ossl.c
> -@@ -248,9 +248,6 @@ static int dsa_sign_setup(DSA *dsa, BN_C
> - if (!BN_rand_range(&k, dsa->q))
> - goto err;
> - while (BN_is_zero(&k)) ;
> -- if ((dsa->flags & DSA_FLAG_NO_EXP_CONSTTIME) == 0) {
> -- BN_set_flags(&k, BN_FLG_CONSTTIME);
> -- }
> -
> - if (dsa->flags & DSA_FLAG_CACHE_MONT_P) {
> - if (!BN_MONT_CTX_set_locked(&dsa->method_mont_p,
> -@@ -282,6 +279,11 @@ static int dsa_sign_setup(DSA *dsa, BN_C
> - } else {
> - K = &k;
> - }
> -+
> -+ if ((dsa->flags & DSA_FLAG_NO_EXP_CONSTTIME) == 0) {
> -+ BN_set_flags(K, BN_FLG_CONSTTIME);
> -+ }
> -+
> - DSA_BN_MOD_EXP(goto err, dsa, r, dsa->g, K, dsa->p, ctx,
> - dsa->method_mont_p);
> - if (!BN_mod(r, r, dsa->q, ctx))
> diff --git a/meta/recipes-connectivity/openssl/openssl/CVE-2016-2179.patch b/meta/recipes-connectivity/openssl/openssl/CVE-2016-2179.patch
> deleted file mode 100644
> index d1cf7f8..0000000
> --- a/meta/recipes-connectivity/openssl/openssl/CVE-2016-2179.patch
> +++ /dev/null
> @@ -1,255 +0,0 @@
> -From 00a4c1421407b6ac796688871b0a49a179c694d9 Mon Sep 17 00:00:00 2001
> -From: Matt Caswell <matt@openssl.org>
> -Date: Thu, 30 Jun 2016 13:17:08 +0100
> -Subject: [PATCH] Fix DTLS buffered message DoS attack
> -
> -DTLS can handle out of order record delivery. Additionally since
> -handshake messages can be bigger than will fit into a single packet, the
> -messages can be fragmented across multiple records (as with normal TLS).
> -That means that the messages can arrive mixed up, and we have to
> -reassemble them. We keep a queue of buffered messages that are "from the
> -future", i.e. messages we're not ready to deal with yet but have arrived
> -early. The messages held there may not be full yet - they could be one
> -or more fragments that are still in the process of being reassembled.
> -
> -The code assumes that we will eventually complete the reassembly and
> -when that occurs the complete message is removed from the queue at the
> -point that we need to use it.
> -
> -However, DTLS is also tolerant of packet loss. To get around that DTLS
> -messages can be retransmitted. If we receive a full (non-fragmented)
> -message from the peer after previously having received a fragment of
> -that message, then we ignore the message in the queue and just use the
> -non-fragmented version. At that point the queued message will never get
> -removed.
> -
> -Additionally the peer could send "future" messages that we never get to
> -in order to complete the handshake. Each message has a sequence number
> -(starting from 0). We will accept a message fragment for the current
> -message sequence number, or for any sequence up to 10 into the future.
> -However if the Finished message has a sequence number of 2, anything
> -greater than that in the queue is just left there.
> -
> -So, in those two ways we can end up with "orphaned" data in the queue
> -that will never get removed - except when the connection is closed. At
> -that point all the queues are flushed.
> -
> -An attacker could seek to exploit this by filling up the queues with
> -lots of large messages that are never going to be used in order to
> -attempt a DoS by memory exhaustion.
> -
> -I will assume that we are only concerned with servers here. It does not
> -seem reasonable to be concerned about a memory exhaustion attack on a
> -client. They are unlikely to process enough connections for this to be
> -an issue.
> -
> -A "long" handshake with many messages might be 5 messages long (in the
> -incoming direction), e.g. ClientHello, Certificate, ClientKeyExchange,
> -CertificateVerify, Finished. So this would be message sequence numbers 0
> -to 4. Additionally we can buffer up to 10 messages in the future.
> -Therefore the maximum number of messages that an attacker could send
> -that could get orphaned would typically be 15.
> -
> -The maximum size that a DTLS message is allowed to be is defined by
> -max_cert_list, which by default is 100k. Therefore the maximum amount of
> -"orphaned" memory per connection is 1500k.
> -
> -Message sequence numbers get reset after the Finished message, so
> -renegotiation will not extend the maximum number of messages that can be
> -orphaned per connection.
> -
> -As noted above, the queues do get cleared when the connection is closed.
> -Therefore in order to mount an effective attack, an attacker would have
> -to open many simultaneous connections.
> -
> -Issue reported by Quan Luo.
> -
> -CVE-2016-2179
> -
> -Reviewed-by: Richard Levitte <levitte@openssl.org>
> -
> -Upstream-Status: Backport
> -CVE: CVE-2106-2179
> -Signed-off-by: Armin Kuster <akuster@mvista.com>
> -
> ----
> - ssl/d1_both.c | 32 ++++++++++++++++----------------
> - ssl/d1_clnt.c | 1 +
> - ssl/d1_lib.c | 37 ++++++++++++++++++++++++++-----------
> - ssl/d1_srvr.c | 3 ++-
> - ssl/ssl_locl.h | 3 ++-
> - 5 files changed, 47 insertions(+), 29 deletions(-)
> -
> -Index: openssl-1.0.2h/ssl/d1_both.c
> -===================================================================
> ---- openssl-1.0.2h.orig/ssl/d1_both.c
> -+++ openssl-1.0.2h/ssl/d1_both.c
> -@@ -618,11 +618,23 @@ static int dtls1_retrieve_buffered_fragm
> - int al;
> -
> - *ok = 0;
> -- item = pqueue_peek(s->d1->buffered_messages);
> -- if (item == NULL)
> -- return 0;
> -+ do {
> -+ item = pqueue_peek(s->d1->buffered_messages);
> -+ if (item == NULL)
> -+ return 0;
> -+
> -+ frag = (hm_fragment *)item->data;
> -+
> -+ if (frag->msg_header.seq < s->d1->handshake_read_seq) {
> -+ /* This is a stale message that has been buffered so clear it */
> -+ pqueue_pop(s->d1->buffered_messages);
> -+ dtls1_hm_fragment_free(frag);
> -+ pitem_free(item);
> -+ item = NULL;
> -+ frag = NULL;
> -+ }
> -+ } while (item == NULL);
> -
> -- frag = (hm_fragment *)item->data;
> -
> - /* Don't return if reassembly still in progress */
> - if (frag->reassembly != NULL)
> -@@ -1296,18 +1308,6 @@ dtls1_retransmit_message(SSL *s, unsigne
> - return ret;
> - }
> -
> --/* call this function when the buffered messages are no longer needed */
> --void dtls1_clear_record_buffer(SSL *s)
> --{
> -- pitem *item;
> --
> -- for (item = pqueue_pop(s->d1->sent_messages);
> -- item != NULL; item = pqueue_pop(s->d1->sent_messages)) {
> -- dtls1_hm_fragment_free((hm_fragment *)item->data);
> -- pitem_free(item);
> -- }
> --}
> --
> - unsigned char *dtls1_set_message_header(SSL *s, unsigned char *p,
> - unsigned char mt, unsigned long len,
> - unsigned long frag_off,
> -Index: openssl-1.0.2h/ssl/d1_clnt.c
> -===================================================================
> ---- openssl-1.0.2h.orig/ssl/d1_clnt.c
> -+++ openssl-1.0.2h/ssl/d1_clnt.c
> -@@ -769,6 +769,7 @@ int dtls1_connect(SSL *s)
> - /* done with handshaking */
> - s->d1->handshake_read_seq = 0;
> - s->d1->next_handshake_write_seq = 0;
> -+ dtls1_clear_received_buffer(s);
> - goto end;
> - /* break; */
> -
> -Index: openssl-1.0.2h/ssl/d1_lib.c
> -===================================================================
> ---- openssl-1.0.2h.orig/ssl/d1_lib.c
> -+++ openssl-1.0.2h/ssl/d1_lib.c
> -@@ -170,7 +170,6 @@ int dtls1_new(SSL *s)
> - static void dtls1_clear_queues(SSL *s)
> - {
> - pitem *item = NULL;
> -- hm_fragment *frag = NULL;
> - DTLS1_RECORD_DATA *rdata;
> -
> - while ((item = pqueue_pop(s->d1->unprocessed_rcds.q)) != NULL) {
> -@@ -191,28 +190,44 @@ static void dtls1_clear_queues(SSL *s)
> - pitem_free(item);
> - }
> -
> -+ while ((item = pqueue_pop(s->d1->buffered_app_data.q)) != NULL) {
> -+ rdata = (DTLS1_RECORD_DATA *)item->data;
> -+ if (rdata->rbuf.buf) {
> -+ OPENSSL_free(rdata->rbuf.buf);
> -+ }
> -+ OPENSSL_free(item->data);
> -+ pitem_free(item);
> -+ }
> -+
> -+ dtls1_clear_received_buffer(s);
> -+ dtls1_clear_sent_buffer(s);
> -+}
> -+
> -+void dtls1_clear_received_buffer(SSL *s)
> -+{
> -+ pitem *item = NULL;
> -+ hm_fragment *frag = NULL;
> -+
> - while ((item = pqueue_pop(s->d1->buffered_messages)) != NULL) {
> - frag = (hm_fragment *)item->data;
> - dtls1_hm_fragment_free(frag);
> - pitem_free(item);
> - }
> -+}
> -+
> -+void dtls1_clear_sent_buffer(SSL *s)
> -+{
> -+ pitem *item = NULL;
> -+ hm_fragment *frag = NULL;
> -
> - while ((item = pqueue_pop(s->d1->sent_messages)) != NULL) {
> - frag = (hm_fragment *)item->data;
> - dtls1_hm_fragment_free(frag);
> - pitem_free(item);
> - }
> --
> -- while ((item = pqueue_pop(s->d1->buffered_app_data.q)) != NULL) {
> -- rdata = (DTLS1_RECORD_DATA *)item->data;
> -- if (rdata->rbuf.buf) {
> -- OPENSSL_free(rdata->rbuf.buf);
> -- }
> -- OPENSSL_free(item->data);
> -- pitem_free(item);
> -- }
> - }
> -
> -+
> - void dtls1_free(SSL *s)
> - {
> - ssl3_free(s);
> -@@ -456,7 +471,7 @@ void dtls1_stop_timer(SSL *s)
> - BIO_ctrl(SSL_get_rbio(s), BIO_CTRL_DGRAM_SET_NEXT_TIMEOUT, 0,
> - &(s->d1->next_timeout));
> - /* Clear retransmission buffer */
> -- dtls1_clear_record_buffer(s);
> -+ dtls1_clear_sent_buffer(s);
> - }
> -
> - int dtls1_check_timeout_num(SSL *s)
> -Index: openssl-1.0.2h/ssl/d1_srvr.c
> -===================================================================
> ---- openssl-1.0.2h.orig/ssl/d1_srvr.c
> -+++ openssl-1.0.2h/ssl/d1_srvr.c
> -@@ -313,7 +313,7 @@ int dtls1_accept(SSL *s)
> - case SSL3_ST_SW_HELLO_REQ_B:
> -
> - s->shutdown = 0;
> -- dtls1_clear_record_buffer(s);
> -+ dtls1_clear_sent_buffer(s);
> - dtls1_start_timer(s);
> - ret = ssl3_send_hello_request(s);
> - if (ret <= 0)
> -@@ -894,6 +894,7 @@ int dtls1_accept(SSL *s)
> - /* next message is server hello */
> - s->d1->handshake_write_seq = 0;
> - s->d1->next_handshake_write_seq = 0;
> -+ dtls1_clear_received_buffer(s);
> - goto end;
> - /* break; */
> -
> -Index: openssl-1.0.2h/ssl/ssl_locl.h
> -===================================================================
> ---- openssl-1.0.2h.orig/ssl/ssl_locl.h
> -+++ openssl-1.0.2h/ssl/ssl_locl.h
> -@@ -1242,7 +1242,8 @@ int dtls1_retransmit_message(SSL *s, uns
> - unsigned long frag_off, int *found);
> - int dtls1_get_queue_priority(unsigned short seq, int is_ccs);
> - int dtls1_retransmit_buffered_messages(SSL *s);
> --void dtls1_clear_record_buffer(SSL *s);
> -+void dtls1_clear_received_buffer(SSL *s);
> -+void dtls1_clear_sent_buffer(SSL *s);
> - void dtls1_get_message_header(unsigned char *data,
> - struct hm_header_st *msg_hdr);
> - void dtls1_get_ccs_header(unsigned char *data, struct ccs_header_st *ccs_hdr);
> diff --git a/meta/recipes-connectivity/openssl/openssl/CVE-2016-2180.patch b/meta/recipes-connectivity/openssl/openssl/CVE-2016-2180.patch
> deleted file mode 100644
> index c71aaa5..0000000
> --- a/meta/recipes-connectivity/openssl/openssl/CVE-2016-2180.patch
> +++ /dev/null
> @@ -1,44 +0,0 @@
> -From b746aa3fe05b5b5f7126df247ac3eceeb995e2a0 Mon Sep 17 00:00:00 2001
> -From: "Dr. Stephen Henson" <steve@openssl.org>
> -Date: Thu, 21 Jul 2016 15:24:16 +0100
> -Subject: [PATCH] Fix OOB read in TS_OBJ_print_bio().
> -
> -TS_OBJ_print_bio() misuses OBJ_txt2obj: it should print the result
> -as a null terminated buffer. The length value returned is the total
> -length the complete text reprsentation would need not the amount of
> -data written.
> -
> -CVE-2016-2180
> -
> -Thanks to Shi Lei for reporting this bug.
> -
> -Reviewed-by: Matt Caswell <matt@openssl.org>
> -(cherry picked from commit 0ed26acce328ec16a3aa635f1ca37365e8c7403a)
> -
> -Upstream-Status: Backport
> -CVE: CVE-2016-2180
> -Signed-off-by: Armin Kuster <akuster@mvista.com>
> -
> ----
> - crypto/ts/ts_lib.c | 5 ++---
> - 1 file changed, 2 insertions(+), 3 deletions(-)
> -
> -diff --git a/crypto/ts/ts_lib.c b/crypto/ts/ts_lib.c
> -index c51538a..e0f1063 100644
> ---- a/crypto/ts/ts_lib.c
> -+++ b/crypto/ts/ts_lib.c
> -@@ -90,9 +90,8 @@ int TS_OBJ_print_bio(BIO *bio, const ASN1_OBJECT *obj)
> - {
> - char obj_txt[128];
> -
> -- int len = OBJ_obj2txt(obj_txt, sizeof(obj_txt), obj, 0);
> -- BIO_write(bio, obj_txt, len);
> -- BIO_write(bio, "\n", 1);
> -+ OBJ_obj2txt(obj_txt, sizeof(obj_txt), obj, 0);
> -+ BIO_printf(bio, "%s\n", obj_txt);
> -
> - return 1;
> - }
> ---
> -2.7.4
> -
> diff --git a/meta/recipes-connectivity/openssl/openssl/CVE-2016-2181_p1.patch b/meta/recipes-connectivity/openssl/openssl/CVE-2016-2181_p1.patch
> deleted file mode 100644
> index 9149dbe..0000000
> --- a/meta/recipes-connectivity/openssl/openssl/CVE-2016-2181_p1.patch
> +++ /dev/null
> @@ -1,91 +0,0 @@
> -From 20744f6b40b5ded059a848f66d6ba922f2a62eb3 Mon Sep 17 00:00:00 2001
> -From: Matt Caswell <matt@openssl.org>
> -Date: Tue, 5 Jul 2016 11:46:26 +0100
> -Subject: [PATCH] Fix DTLS unprocessed records bug
> -
> -During a DTLS handshake we may get records destined for the next epoch
> -arrive before we have processed the CCS. In that case we can't decrypt or
> -verify the record yet, so we buffer it for later use. When we do receive
> -the CCS we work through the queue of unprocessed records and process them.
> -
> -Unfortunately the act of processing wipes out any existing packet data
> -that we were still working through. This includes any records from the new
> -epoch that were in the same packet as the CCS. We should only process the
> -buffered records if we've not got any data left.
> -
> -Reviewed-by: Richard Levitte <levitte@openssl.org>
> -
> -Upstream-Status: Backport
> -CVE: CVE-2016-2180 patch 1
> -Signed-off-by: Armin Kuster <akuster@mvista.com>
> -
> ----
> - ssl/d1_pkt.c | 23 +++++++++++++++++++++--
> - 1 file changed, 21 insertions(+), 2 deletions(-)
> -
> -diff --git a/ssl/d1_pkt.c b/ssl/d1_pkt.c
> -index fe30ec7..1fb119d 100644
> ---- a/ssl/d1_pkt.c
> -+++ b/ssl/d1_pkt.c
> -@@ -319,6 +319,7 @@ static int dtls1_retrieve_buffered_record(SSL *s, record_pqueue *queue)
> - static int dtls1_process_buffered_records(SSL *s)
> - {
> - pitem *item;
> -+ SSL3_BUFFER *rb;
> -
> - item = pqueue_peek(s->d1->unprocessed_rcds.q);
> - if (item) {
> -@@ -326,6 +327,19 @@ static int dtls1_process_buffered_records(SSL *s)
> - if (s->d1->unprocessed_rcds.epoch != s->d1->r_epoch)
> - return (1); /* Nothing to do. */
> -
> -+ rb = &s->s3->rbuf;
> -+
> -+ if (rb->left > 0) {
> -+ /*
> -+ * We've still got data from the current packet to read. There could
> -+ * be a record from the new epoch in it - so don't overwrite it
> -+ * with the unprocessed records yet (we'll do it when we've
> -+ * finished reading the current packet).
> -+ */
> -+ return 1;
> -+ }
> -+
> -+
> - /* Process all the records. */
> - while (pqueue_peek(s->d1->unprocessed_rcds.q)) {
> - dtls1_get_unprocessed_record(s);
> -@@ -581,6 +595,7 @@ int dtls1_get_record(SSL *s)
> -
> - rr = &(s->s3->rrec);
> -
> -+ again:
> - /*
> - * The epoch may have changed. If so, process all the pending records.
> - * This is a non-blocking operation.
> -@@ -593,7 +608,6 @@ int dtls1_get_record(SSL *s)
> - return 1;
> -
> - /* get something from the wire */
> -- again:
> - /* check if we have the header */
> - if ((s->rstate != SSL_ST_READ_BODY) ||
> - (s->packet_length < DTLS1_RT_HEADER_LENGTH)) {
> -@@ -1830,8 +1844,13 @@ static DTLS1_BITMAP *dtls1_get_bitmap(SSL *s, SSL3_RECORD *rr,
> - if (rr->epoch == s->d1->r_epoch)
> - return &s->d1->bitmap;
> -
> -- /* Only HM and ALERT messages can be from the next epoch */
> -+ /*
> -+ * Only HM and ALERT messages can be from the next epoch and only if we
> -+ * have already processed all of the unprocessed records from the last
> -+ * epoch
> -+ */
> - else if (rr->epoch == (unsigned long)(s->d1->r_epoch + 1) &&
> -+ s->d1->unprocessed_rcds.epoch != s->d1->r_epoch &&
> - (rr->type == SSL3_RT_HANDSHAKE || rr->type == SSL3_RT_ALERT)) {
> - *is_next_epoch = 1;
> - return &s->d1->next_bitmap;
> ---
> -2.7.4
> -
> diff --git a/meta/recipes-connectivity/openssl/openssl/CVE-2016-2181_p2.patch b/meta/recipes-connectivity/openssl/openssl/CVE-2016-2181_p2.patch
> deleted file mode 100644
> index ecf138a..0000000
> --- a/meta/recipes-connectivity/openssl/openssl/CVE-2016-2181_p2.patch
> +++ /dev/null
> @@ -1,239 +0,0 @@
> -From 3884b47b7c255c2e94d9b387ee83c7e8bb981258 Mon Sep 17 00:00:00 2001
> -From: Matt Caswell <matt@openssl.org>
> -Date: Tue, 5 Jul 2016 12:04:37 +0100
> -Subject: [PATCH] Fix DTLS replay protection
> -
> -The DTLS implementation provides some protection against replay attacks
> -in accordance with RFC6347 section 4.1.2.6.
> -
> -A sliding "window" of valid record sequence numbers is maintained with
> -the "right" hand edge of the window set to the highest sequence number we
> -have received so far. Records that arrive that are off the "left" hand
> -edge of the window are rejected. Records within the window are checked
> -against a list of records received so far. If we already received it then
> -we also reject the new record.
> -
> -If we have not already received the record, or the sequence number is off
> -the right hand edge of the window then we verify the MAC of the record.
> -If MAC verification fails then we discard the record. Otherwise we mark
> -the record as received. If the sequence number was off the right hand edge
> -of the window, then we slide the window along so that the right hand edge
> -is in line with the newly received sequence number.
> -
> -Records may arrive for future epochs, i.e. a record from after a CCS being
> -sent, can arrive before the CCS does if the packets get re-ordered. As we
> -have not yet received the CCS we are not yet in a position to decrypt or
> -validate the MAC of those records. OpenSSL places those records on an
> -unprocessed records queue. It additionally updates the window immediately,
> -even though we have not yet verified the MAC. This will only occur if
> -currently in a handshake/renegotiation.
> -
> -This could be exploited by an attacker by sending a record for the next
> -epoch (which does not have to decrypt or have a valid MAC), with a very
> -large sequence number. This means the right hand edge of the window is
> -moved very far to the right, and all subsequent legitimate packets are
> -dropped causing a denial of service.
> -
> -A similar effect can be achieved during the initial handshake. In this
> -case there is no MAC key negotiated yet. Therefore an attacker can send a
> -message for the current epoch with a very large sequence number. The code
> -will process the record as normal. If the hanshake message sequence number
> -(as opposed to the record sequence number that we have been talking about
> -so far) is in the future then the injected message is bufferred to be
> -handled later, but the window is still updated. Therefore all subsequent
> -legitimate handshake records are dropped. This aspect is not considered a
> -security issue because there are many ways for an attacker to disrupt the
> -initial handshake and prevent it from completing successfully (e.g.
> -injection of a handshake message will cause the Finished MAC to fail and
> -the handshake to be aborted). This issue comes about as a result of trying
> -to do replay protection, but having no integrity mechanism in place yet.
> -Does it even make sense to have replay protection in epoch 0? That
> -issue isn't addressed here though.
> -
> -This addressed an OCAP Audit issue.
> -
> -CVE-2016-2181
> -
> -Upstream-Status: Backport
> -CVE: CVE-2016-2181 patch2
> -Signed-off-by: Armin Kuster <akuster@mvista.com>
> -
> -
> -Reviewed-by: Richard Levitte <levitte@openssl.org>
> ----
> - ssl/d1_pkt.c | 60 +++++++++++++++++++++++++++++++++++++++++++++++------------
> - ssl/ssl.h | 1 +
> - ssl/ssl_err.c | 4 +++-
> - 3 files changed, 52 insertions(+), 13 deletions(-)
> -
> -Index: openssl-1.0.2h/ssl/d1_pkt.c
> -===================================================================
> ---- openssl-1.0.2h.orig/ssl/d1_pkt.c
> -+++ openssl-1.0.2h/ssl/d1_pkt.c
> -@@ -194,7 +194,7 @@ static int dtls1_record_needs_buffering(
> - #endif
> - static int dtls1_buffer_record(SSL *s, record_pqueue *q,
> - unsigned char *priority);
> --static int dtls1_process_record(SSL *s);
> -+static int dtls1_process_record(SSL *s, DTLS1_BITMAP *bitmap);
> -
> - /* copy buffered record into SSL structure */
> - static int dtls1_copy_record(SSL *s, pitem *item)
> -@@ -320,13 +320,18 @@ static int dtls1_process_buffered_record
> - {
> - pitem *item;
> - SSL3_BUFFER *rb;
> -+ SSL3_RECORD *rr;
> -+ DTLS1_BITMAP *bitmap;
> -+ unsigned int is_next_epoch;
> -+ int replayok = 1;
> -
> - item = pqueue_peek(s->d1->unprocessed_rcds.q);
> - if (item) {
> - /* Check if epoch is current. */
> - if (s->d1->unprocessed_rcds.epoch != s->d1->r_epoch)
> -- return (1); /* Nothing to do. */
> -+ return 1; /* Nothing to do. */
> -
> -+ rr = &s->s3->rrec;
> - rb = &s->s3->rbuf;
> -
> - if (rb->left > 0) {
> -@@ -343,11 +348,41 @@ static int dtls1_process_buffered_record
> - /* Process all the records. */
> - while (pqueue_peek(s->d1->unprocessed_rcds.q)) {
> - dtls1_get_unprocessed_record(s);
> -- if (!dtls1_process_record(s))
> -- return (0);
> -+ bitmap = dtls1_get_bitmap(s, rr, &is_next_epoch);
> -+ if (bitmap == NULL) {
> -+ /*
> -+ * Should not happen. This will only ever be NULL when the
> -+ * current record is from a different epoch. But that cannot
> -+ * be the case because we already checked the epoch above
> -+ */
> -+ SSLerr(SSL_F_DTLS1_PROCESS_BUFFERED_RECORDS,
> -+ ERR_R_INTERNAL_ERROR);
> -+ return 0;
> -+ }
> -+#ifndef OPENSSL_NO_SCTP
> -+ /* Only do replay check if no SCTP bio */
> -+ if (!BIO_dgram_is_sctp(SSL_get_rbio(s)))
> -+#endif
> -+ {
> -+ /*
> -+ * Check whether this is a repeat, or aged record. We did this
> -+ * check once already when we first received the record - but
> -+ * we might have updated the window since then due to
> -+ * records we subsequently processed.
> -+ */
> -+ replayok = dtls1_record_replay_check(s, bitmap);
> -+ }
> -+
> -+ if (!replayok || !dtls1_process_record(s, bitmap)) {
> -+ /* dump this record */
> -+ rr->length = 0;
> -+ s->packet_length = 0;
> -+ continue;
> -+ }
> -+
> - if (dtls1_buffer_record(s, &(s->d1->processed_rcds),
> - s->s3->rrec.seq_num) < 0)
> -- return -1;
> -+ return 0;
> - }
> - }
> -
> -@@ -358,7 +393,7 @@ static int dtls1_process_buffered_record
> - s->d1->processed_rcds.epoch = s->d1->r_epoch;
> - s->d1->unprocessed_rcds.epoch = s->d1->r_epoch + 1;
> -
> -- return (1);
> -+ return 1;
> - }
> -
> - #if 0
> -@@ -405,7 +440,7 @@ static int dtls1_get_buffered_record(SSL
> -
> - #endif
> -
> --static int dtls1_process_record(SSL *s)
> -+static int dtls1_process_record(SSL *s, DTLS1_BITMAP *bitmap)
> - {
> - int i, al;
> - int enc_err;
> -@@ -565,6 +600,10 @@ static int dtls1_process_record(SSL *s)
> -
> - /* we have pulled in a full packet so zero things */
> - s->packet_length = 0;
> -+
> -+ /* Mark receipt of record. */
> -+ dtls1_record_bitmap_update(s, bitmap);
> -+
> - return (1);
> -
> - f_err:
> -@@ -600,7 +639,7 @@ int dtls1_get_record(SSL *s)
> - * The epoch may have changed. If so, process all the pending records.
> - * This is a non-blocking operation.
> - */
> -- if (dtls1_process_buffered_records(s) < 0)
> -+ if (!dtls1_process_buffered_records(s))
> - return -1;
> -
> - /* if we're renegotiating, then there may be buffered records */
> -@@ -735,20 +774,17 @@ int dtls1_get_record(SSL *s)
> - if (dtls1_buffer_record
> - (s, &(s->d1->unprocessed_rcds), rr->seq_num) < 0)
> - return -1;
> -- /* Mark receipt of record. */
> -- dtls1_record_bitmap_update(s, bitmap);
> - }
> - rr->length = 0;
> - s->packet_length = 0;
> - goto again;
> - }
> -
> -- if (!dtls1_process_record(s)) {
> -+ if (!dtls1_process_record(s, bitmap)) {
> - rr->length = 0;
> - s->packet_length = 0; /* dump this record */
> - goto again; /* get another record */
> - }
> -- dtls1_record_bitmap_update(s, bitmap); /* Mark receipt of record. */
> -
> - return (1);
> -
> -Index: openssl-1.0.2h/ssl/ssl.h
> -===================================================================
> ---- openssl-1.0.2h.orig/ssl/ssl.h
> -+++ openssl-1.0.2h/ssl/ssl.h
> -@@ -2623,6 +2623,7 @@ void ERR_load_SSL_strings(void);
> - # define SSL_F_DTLS1_HEARTBEAT 305
> - # define SSL_F_DTLS1_OUTPUT_CERT_CHAIN 255
> - # define SSL_F_DTLS1_PREPROCESS_FRAGMENT 288
> -+# define SSL_F_DTLS1_PROCESS_BUFFERED_RECORDS 404
> - # define SSL_F_DTLS1_PROCESS_OUT_OF_SEQ_MESSAGE 256
> - # define SSL_F_DTLS1_PROCESS_RECORD 257
> - # define SSL_F_DTLS1_READ_BYTES 258
> -Index: openssl-1.0.2h/ssl/ssl_err.c
> -===================================================================
> ---- openssl-1.0.2h.orig/ssl/ssl_err.c
> -+++ openssl-1.0.2h/ssl/ssl_err.c
> -@@ -1,6 +1,6 @@
> - /* ssl/ssl_err.c */
> - /* ====================================================================
> -- * Copyright (c) 1999-2015 The OpenSSL Project. All rights reserved.
> -+ * Copyright (c) 1999-2016 The OpenSSL Project. All rights reserved.
> - *
> - * Redistribution and use in source and binary forms, with or without
> - * modification, are permitted provided that the following conditions
> -@@ -93,6 +93,8 @@ static ERR_STRING_DATA SSL_str_functs[]
> - {ERR_FUNC(SSL_F_DTLS1_HEARTBEAT), "dtls1_heartbeat"},
> - {ERR_FUNC(SSL_F_DTLS1_OUTPUT_CERT_CHAIN), "dtls1_output_cert_chain"},
> - {ERR_FUNC(SSL_F_DTLS1_PREPROCESS_FRAGMENT), "DTLS1_PREPROCESS_FRAGMENT"},
> -+ {ERR_FUNC(SSL_F_DTLS1_PROCESS_BUFFERED_RECORDS),
> -+ "DTLS1_PROCESS_BUFFERED_RECORDS"},
> - {ERR_FUNC(SSL_F_DTLS1_PROCESS_OUT_OF_SEQ_MESSAGE),
> - "DTLS1_PROCESS_OUT_OF_SEQ_MESSAGE"},
> - {ERR_FUNC(SSL_F_DTLS1_PROCESS_RECORD), "DTLS1_PROCESS_RECORD"},
> diff --git a/meta/recipes-connectivity/openssl/openssl/CVE-2016-2181_p3.patch b/meta/recipes-connectivity/openssl/openssl/CVE-2016-2181_p3.patch
> deleted file mode 100644
> index a752f89..0000000
> --- a/meta/recipes-connectivity/openssl/openssl/CVE-2016-2181_p3.patch
> +++ /dev/null
> @@ -1,30 +0,0 @@
> -From 26aebca74e38ae09f673c2045cc8e2ef762d265a Mon Sep 17 00:00:00 2001
> -From: Matt Caswell <matt@openssl.org>
> -Date: Wed, 17 Aug 2016 17:55:36 +0100
> -Subject: [PATCH] Update function error code
> -
> -A function error code needed updating due to merge issues.
> -
> -Reviewed-by: Richard Levitte <levitte@openssl.org>
> -
> -Upstream-Status: Backport
> -CVE: CVE-2016-2181 patch 3
> -Signed-off-by: Armin Kuster <akuster@mvista.com>
> -
> ----
> - ssl/ssl.h | 2 +-
> - 1 file changed, 1 insertion(+), 1 deletion(-)
> -
> -Index: openssl-1.0.2h/ssl/ssl.h
> -===================================================================
> ---- openssl-1.0.2h.orig/ssl/ssl.h
> -+++ openssl-1.0.2h/ssl/ssl.h
> -@@ -2623,7 +2623,7 @@ void ERR_load_SSL_strings(void);
> - # define SSL_F_DTLS1_HEARTBEAT 305
> - # define SSL_F_DTLS1_OUTPUT_CERT_CHAIN 255
> - # define SSL_F_DTLS1_PREPROCESS_FRAGMENT 288
> --# define SSL_F_DTLS1_PROCESS_BUFFERED_RECORDS 404
> -+# define SSL_F_DTLS1_PROCESS_BUFFERED_RECORDS 424
> - # define SSL_F_DTLS1_PROCESS_OUT_OF_SEQ_MESSAGE 256
> - # define SSL_F_DTLS1_PROCESS_RECORD 257
> - # define SSL_F_DTLS1_READ_BYTES 258
> diff --git a/meta/recipes-connectivity/openssl/openssl/CVE-2016-2182.patch b/meta/recipes-connectivity/openssl/openssl/CVE-2016-2182.patch
> deleted file mode 100644
> index 5995cbe..0000000
> --- a/meta/recipes-connectivity/openssl/openssl/CVE-2016-2182.patch
> +++ /dev/null
> @@ -1,70 +0,0 @@
> -From e36f27ddb80a48e579783bc29fb3758988342b71 Mon Sep 17 00:00:00 2001
> -From: "Dr. Stephen Henson" <steve@openssl.org>
> -Date: Fri, 5 Aug 2016 14:26:03 +0100
> -Subject: [PATCH] Check for errors in BN_bn2dec()
> -
> -If an oversize BIGNUM is presented to BN_bn2dec() it can cause
> -BN_div_word() to fail and not reduce the value of 't' resulting
> -in OOB writes to the bn_data buffer and eventually crashing.
> -
> -Fix by checking return value of BN_div_word() and checking writes
> -don't overflow buffer.
> -
> -Thanks to Shi Lei for reporting this bug.
> -
> -CVE-2016-2182
> -
> -Reviewed-by: Tim Hudson <tjh@openssl.org>
> -(cherry picked from commit 07bed46f332fce8c1d157689a2cdf915a982ae34)
> -
> -Conflicts:
> - crypto/bn/bn_print.c
> -
> -Upstream-Status: Backport
> -CVE: CVE-2016-2182
> -Signed-off-by: Armin Kuster <akuster@mvista.com>
> -
> ----
> - crypto/bn/bn_print.c | 11 ++++++++---
> - 1 file changed, 8 insertions(+), 3 deletions(-)
> -
> -diff --git a/crypto/bn/bn_print.c b/crypto/bn/bn_print.c
> -index bfa31ef..b44403e 100644
> ---- a/crypto/bn/bn_print.c
> -+++ b/crypto/bn/bn_print.c
> -@@ -111,6 +111,7 @@ char *BN_bn2dec(const BIGNUM *a)
> - char *p;
> - BIGNUM *t = NULL;
> - BN_ULONG *bn_data = NULL, *lp;
> -+ int bn_data_num;
> -
> - /*-
> - * get an upper bound for the length of the decimal integer
> -@@ -120,9 +121,9 @@ char *BN_bn2dec(const BIGNUM *a)
> - */
> - i = BN_num_bits(a) * 3;
> - num = (i / 10 + i / 1000 + 1) + 1;
> -- bn_data =
> -- (BN_ULONG *)OPENSSL_malloc((num / BN_DEC_NUM + 1) * sizeof(BN_ULONG));
> -- buf = (char *)OPENSSL_malloc(num + 3);
> -+ bn_data_num = num / BN_DEC_NUM + 1;
> -+ bn_data = OPENSSL_malloc(bn_data_num * sizeof(BN_ULONG));
> -+ buf = OPENSSL_malloc(num + 3);
> - if ((buf == NULL) || (bn_data == NULL)) {
> - BNerr(BN_F_BN_BN2DEC, ERR_R_MALLOC_FAILURE);
> - goto err;
> -@@ -143,7 +144,11 @@ char *BN_bn2dec(const BIGNUM *a)
> - i = 0;
> - while (!BN_is_zero(t)) {
> - *lp = BN_div_word(t, BN_DEC_CONV);
> -+ if (*lp == (BN_ULONG)-1)
> -+ goto err;
> - lp++;
> -+ if (lp - bn_data >= bn_data_num)
> -+ goto err;
> - }
> - lp--;
> - /*
> ---
> -2.7.4
> -
> diff --git a/meta/recipes-connectivity/openssl/openssl/CVE-2016-6302.patch b/meta/recipes-connectivity/openssl/openssl/CVE-2016-6302.patch
> deleted file mode 100644
> index a72ee70..0000000
> --- a/meta/recipes-connectivity/openssl/openssl/CVE-2016-6302.patch
> +++ /dev/null
> @@ -1,53 +0,0 @@
> -From baaabfd8fdcec04a691695fad9a664bea43202b6 Mon Sep 17 00:00:00 2001
> -From: "Dr. Stephen Henson" <steve@openssl.org>
> -Date: Tue, 23 Aug 2016 18:14:54 +0100
> -Subject: [PATCH] Sanity check ticket length.
> -
> -If a ticket callback changes the HMAC digest to SHA512 the existing
> -sanity checks are not sufficient and an attacker could perform a DoS
> -attack with a malformed ticket. Add additional checks based on
> -HMAC size.
> -
> -Thanks to Shi Lei for reporting this bug.
> -
> -CVE-2016-6302
> -
> -Reviewed-by: Rich Salz <rsalz@openssl.org>
> -
> -Upstream-Status: Backport
> -CVE: CVE-2016-6302
> -Signed-off-by: Armin Kuster <akuster@mvista.com>
> -
> ----
> - ssl/t1_lib.c | 11 ++++++++---
> - 1 file changed, 8 insertions(+), 3 deletions(-)
> -
> -Index: openssl-1.0.2h/ssl/t1_lib.c
> -===================================================================
> ---- openssl-1.0.2h.orig/ssl/t1_lib.c
> -+++ openssl-1.0.2h/ssl/t1_lib.c
> -@@ -3397,9 +3397,7 @@ static int tls_decrypt_ticket(SSL *s, co
> - HMAC_CTX hctx;
> - EVP_CIPHER_CTX ctx;
> - SSL_CTX *tctx = s->initial_ctx;
> -- /* Need at least keyname + iv + some encrypted data */
> -- if (eticklen < 48)
> -- return 2;
> -+
> - /* Initialize session ticket encryption and HMAC contexts */
> - HMAC_CTX_init(&hctx);
> - EVP_CIPHER_CTX_init(&ctx);
> -@@ -3433,6 +3431,13 @@ static int tls_decrypt_ticket(SSL *s, co
> - if (mlen < 0) {
> - goto err;
> - }
> -+ /* Sanity check ticket length: must exceed keyname + IV + HMAC */
> -+ if (eticklen <= 16 + EVP_CIPHER_CTX_iv_length(&ctx) + mlen) {
> -+ HMAC_CTX_cleanup(&hctx);
> -+ EVP_CIPHER_CTX_cleanup(&ctx);
> -+ return 2;
> -+ }
> -+
> - eticklen -= mlen;
> - /* Check HMAC of encrypted ticket */
> - if (HMAC_Update(&hctx, etick, eticklen) <= 0
> diff --git a/meta/recipes-connectivity/openssl/openssl/CVE-2016-6303.patch b/meta/recipes-connectivity/openssl/openssl/CVE-2016-6303.patch
> deleted file mode 100644
> index 95bdec4..0000000
> --- a/meta/recipes-connectivity/openssl/openssl/CVE-2016-6303.patch
> +++ /dev/null
> @@ -1,36 +0,0 @@
> -From 1027ad4f34c30b8585592764b9a670ba36888269 Mon Sep 17 00:00:00 2001
> -From: "Dr. Stephen Henson" <steve@openssl.org>
> -Date: Fri, 19 Aug 2016 23:28:29 +0100
> -Subject: [PATCH] Avoid overflow in MDC2_Update()
> -
> -Thanks to Shi Lei for reporting this issue.
> -
> -CVE-2016-6303
> -
> -Reviewed-by: Matt Caswell <matt@openssl.org>
> -(cherry picked from commit 55d83bf7c10c7b205fffa23fa7c3977491e56c07)
> -
> -Upstream-Status: Backport
> -CVE: CVE-2016-6303
> -Signed-off-by: Armin Kuster <akuster@mvista.com>
> -
> ----
> - crypto/mdc2/mdc2dgst.c | 2 +-
> - 1 file changed, 1 insertion(+), 1 deletion(-)
> -
> -diff --git a/crypto/mdc2/mdc2dgst.c b/crypto/mdc2/mdc2dgst.c
> -index 6615cf8..2dce493 100644
> ---- a/crypto/mdc2/mdc2dgst.c
> -+++ b/crypto/mdc2/mdc2dgst.c
> -@@ -91,7 +91,7 @@ int MDC2_Update(MDC2_CTX *c, const unsigned char *in, size_t len)
> -
> - i = c->num;
> - if (i != 0) {
> -- if (i + len < MDC2_BLOCK) {
> -+ if (len < MDC2_BLOCK - i) {
> - /* partial block */
> - memcpy(&(c->data[i]), in, len);
> - c->num += (int)len;
> ---
> -2.7.4
> -
> diff --git a/meta/recipes-connectivity/openssl/openssl/CVE-2016-6304.patch b/meta/recipes-connectivity/openssl/openssl/CVE-2016-6304.patch
> deleted file mode 100644
> index 64508b5..0000000
> --- a/meta/recipes-connectivity/openssl/openssl/CVE-2016-6304.patch
> +++ /dev/null
> @@ -1,75 +0,0 @@
> -From ea39b16b71e4e72a228a4535bd6d6a02c5edbc1f Mon Sep 17 00:00:00 2001
> -From: Matt Caswell <matt@openssl.org>
> -Date: Fri, 9 Sep 2016 10:08:45 +0100
> -Subject: [PATCH] Fix OCSP Status Request extension unbounded memory growth
> -
> -A malicious client can send an excessively large OCSP Status Request
> -extension. If that client continually requests renegotiation,
> -sending a large OCSP Status Request extension each time, then there will
> -be unbounded memory growth on the server. This will eventually lead to a
> -Denial Of Service attack through memory exhaustion. Servers with a
> -default configuration are vulnerable even if they do not support OCSP.
> -Builds using the "no-ocsp" build time option are not affected.
> -
> -I have also checked other extensions to see if they suffer from a similar
> -problem but I could not find any other issues.
> -
> -CVE-2016-6304
> -
> -Issue reported by Shi Lei.
> -
> -Reviewed-by: Rich Salz <rsalz@openssl.org>
> -
> -Upstream-Status: Backport
> -CVE: CVE-2016-6304
> -Signed-off-by: Armin Kuster <akuster@mvista.com>
> -
> ----
> - ssl/t1_lib.c | 24 +++++++++++++++++-------
> - 1 file changed, 17 insertions(+), 7 deletions(-)
> -
> -diff --git a/ssl/t1_lib.c b/ssl/t1_lib.c
> -index fbcf2e6..e4b4e27 100644
> ---- a/ssl/t1_lib.c
> -+++ b/ssl/t1_lib.c
> -@@ -2316,6 +2316,23 @@ static int ssl_scan_clienthello_tlsext(SSL *s, unsigned char **p,
> - size -= 2;
> - if (dsize > size)
> - goto err;
> -+
> -+ /*
> -+ * We remove any OCSP_RESPIDs from a previous handshake
> -+ * to prevent unbounded memory growth - CVE-2016-6304
> -+ */
> -+ sk_OCSP_RESPID_pop_free(s->tlsext_ocsp_ids,
> -+ OCSP_RESPID_free);
> -+ if (dsize > 0) {
> -+ s->tlsext_ocsp_ids = sk_OCSP_RESPID_new_null();
> -+ if (s->tlsext_ocsp_ids == NULL) {
> -+ *al = SSL_AD_INTERNAL_ERROR;
> -+ return 0;
> -+ }
> -+ } else {
> -+ s->tlsext_ocsp_ids = NULL;
> -+ }
> -+
> - while (dsize > 0) {
> - OCSP_RESPID *id;
> - int idsize;
> -@@ -2335,13 +2352,6 @@ static int ssl_scan_clienthello_tlsext(SSL *s, unsigned char **p,
> - OCSP_RESPID_free(id);
> - goto err;
> - }
> -- if (!s->tlsext_ocsp_ids
> -- && !(s->tlsext_ocsp_ids =
> -- sk_OCSP_RESPID_new_null())) {
> -- OCSP_RESPID_free(id);
> -- *al = SSL_AD_INTERNAL_ERROR;
> -- return 0;
> -- }
> - if (!sk_OCSP_RESPID_push(s->tlsext_ocsp_ids, id)) {
> - OCSP_RESPID_free(id);
> - *al = SSL_AD_INTERNAL_ERROR;
> ---
> -2.7.4
> -
> diff --git a/meta/recipes-connectivity/openssl/openssl/CVE-2016-6306.patch b/meta/recipes-connectivity/openssl/openssl/CVE-2016-6306.patch
> deleted file mode 100644
> index 9e7d576..0000000
> --- a/meta/recipes-connectivity/openssl/openssl/CVE-2016-6306.patch
> +++ /dev/null
> @@ -1,71 +0,0 @@
> -From ff553f837172ecb2b5c8eca257ec3c5619a4b299 Mon Sep 17 00:00:00 2001
> -From: "Dr. Stephen Henson" <steve@openssl.org>
> -Date: Sat, 17 Sep 2016 12:36:58 +0100
> -Subject: [PATCH] Fix small OOB reads.
> -
> -In ssl3_get_client_certificate, ssl3_get_server_certificate and
> -ssl3_get_certificate_request check we have enough room
> -before reading a length.
> -
> -Thanks to Shi Lei (Gear Team, Qihoo 360 Inc.) for reporting these bugs.
> -
> -CVE-2016-6306
> -
> -Reviewed-by: Richard Levitte <levitte@openssl.org>
> -Reviewed-by: Matt Caswell <matt@openssl.org>
> -
> -Upstream-Status: Backport
> -CVE: CVE-2016-6306
> -Signed-off-by: Armin Kuster <akuster@mvista.com>
> -
> ----
> - ssl/s3_clnt.c | 11 +++++++++++
> - ssl/s3_srvr.c | 6 ++++++
> - 2 files changed, 17 insertions(+)
> -
> -Index: openssl-1.0.2h/ssl/s3_clnt.c
> -===================================================================
> ---- openssl-1.0.2h.orig/ssl/s3_clnt.c
> -+++ openssl-1.0.2h/ssl/s3_clnt.c
> -@@ -1216,6 +1216,12 @@ int ssl3_get_server_certificate(SSL *s)
> - goto f_err;
> - }
> - for (nc = 0; nc < llen;) {
> -+ if (nc + 3 > llen) {
> -+ al = SSL_AD_DECODE_ERROR;
> -+ SSLerr(SSL_F_SSL3_GET_SERVER_CERTIFICATE,
> -+ SSL_R_CERT_LENGTH_MISMATCH);
> -+ goto f_err;
> -+ }
> - n2l3(p, l);
> - if ((l + nc + 3) > llen) {
> - al = SSL_AD_DECODE_ERROR;
> -@@ -2167,6 +2173,11 @@ int ssl3_get_certificate_request(SSL *s)
> - }
> -
> - for (nc = 0; nc < llen;) {
> -+ if (nc + 2 > llen) {
> -+ ssl3_send_alert(s, SSL3_AL_FATAL, SSL_AD_DECODE_ERROR);
> -+ SSLerr(SSL_F_SSL3_GET_CERTIFICATE_REQUEST, SSL_R_CA_DN_TOO_LONG);
> -+ goto err;
> -+ }
> - n2s(p, l);
> - if ((l + nc + 2) > llen) {
> - if ((s->options & SSL_OP_NETSCAPE_CA_DN_BUG))
> -Index: openssl-1.0.2h/ssl/s3_srvr.c
> -===================================================================
> ---- openssl-1.0.2h.orig/ssl/s3_srvr.c
> -+++ openssl-1.0.2h/ssl/s3_srvr.c
> -@@ -3213,6 +3213,12 @@ int ssl3_get_client_certificate(SSL *s)
> - goto f_err;
> - }
> - for (nc = 0; nc < llen;) {
> -+ if (nc + 3 > llen) {
> -+ al = SSL_AD_DECODE_ERROR;
> -+ SSLerr(SSL_F_SSL3_GET_CLIENT_CERTIFICATE,
> -+ SSL_R_CERT_LENGTH_MISMATCH);
> -+ goto f_err;
> -+ }
> - n2l3(p, l);
> - if ((l + nc + 3) > llen) {
> - al = SSL_AD_DECODE_ERROR;
> diff --git a/meta/recipes-connectivity/openssl/openssl/CVE-2016-8610.patch b/meta/recipes-connectivity/openssl/openssl/CVE-2016-8610.patch
> deleted file mode 100644
> index c2af589..0000000
> --- a/meta/recipes-connectivity/openssl/openssl/CVE-2016-8610.patch
> +++ /dev/null
> @@ -1,124 +0,0 @@
> -From 22646a075e75991b4e8f5d67171e45a6aead5b48 Mon Sep 17 00:00:00 2001
> -From: Matt Caswell <matt@openssl.org>
> -Date: Wed, 21 Sep 2016 14:48:16 +0100
> -Subject: [PATCH] Don't allow too many consecutive warning alerts
> -
> -Certain warning alerts are ignored if they are received. This can mean that
> -no progress will be made if one peer continually sends those warning alerts.
> -Implement a count so that we abort the connection if we receive too many.
> -
> -Issue reported by Shi Lei.
> -
> -Reviewed-by: Rich Salz <rsalz@openssl.org>
> -
> -Upstream-Status: Backport
> -CVE: CVE-2016-8610
> -Signed-off-by: Armin Kuster <akuster@mvista.com>
> -
> ----
> - ssl/d1_pkt.c | 15 +++++++++++++++
> - ssl/s3_pkt.c | 15 +++++++++++++++
> - ssl/ssl.h | 1 +
> - ssl/ssl_locl.h | 4 ++++
> - 4 files changed, 35 insertions(+)
> -
> -Index: openssl-1.0.2h/ssl/d1_pkt.c
> -===================================================================
> ---- openssl-1.0.2h.orig/ssl/d1_pkt.c
> -+++ openssl-1.0.2h/ssl/d1_pkt.c
> -@@ -928,6 +928,13 @@ int dtls1_read_bytes(SSL *s, int type, u
> - goto start;
> - }
> -
> -+ /*
> -+ * Reset the count of consecutive warning alerts if we've got a non-empty
> -+ * record that isn't an alert.
> -+ */
> -+ if (rr->type != SSL3_RT_ALERT && rr->length != 0)
> -+ s->cert->alert_count = 0;
> -+
> - /* we now have a packet which can be read and processed */
> -
> - if (s->s3->change_cipher_spec /* set when we receive ChangeCipherSpec,
> -@@ -1194,6 +1201,14 @@ int dtls1_read_bytes(SSL *s, int type, u
> -
> - if (alert_level == SSL3_AL_WARNING) {
> - s->s3->warn_alert = alert_descr;
> -+
> -+ s->cert->alert_count++;
> -+ if (s->cert->alert_count == MAX_WARN_ALERT_COUNT) {
> -+ al = SSL_AD_UNEXPECTED_MESSAGE;
> -+ SSLerr(SSL_F_DTLS1_READ_BYTES, SSL_R_TOO_MANY_WARN_ALERTS);
> -+ goto f_err;
> -+ }
> -+
> - if (alert_descr == SSL_AD_CLOSE_NOTIFY) {
> - #ifndef OPENSSL_NO_SCTP
> - /*
> -Index: openssl-1.0.2h/ssl/s3_pkt.c
> -===================================================================
> ---- openssl-1.0.2h.orig/ssl/s3_pkt.c
> -+++ openssl-1.0.2h/ssl/s3_pkt.c
> -@@ -1229,6 +1229,13 @@ int ssl3_read_bytes(SSL *s, int type, un
> - return (ret);
> - }
> -
> -+ /*
> -+ * Reset the count of consecutive warning alerts if we've got a non-empty
> -+ * record that isn't an alert.
> -+ */
> -+ if (rr->type != SSL3_RT_ALERT && rr->length != 0)
> -+ s->cert->alert_count = 0;
> -+
> - /* we now have a packet which can be read and processed */
> -
> - if (s->s3->change_cipher_spec /* set when we receive ChangeCipherSpec,
> -@@ -1443,6 +1450,14 @@ int ssl3_read_bytes(SSL *s, int type, un
> -
> - if (alert_level == SSL3_AL_WARNING) {
> - s->s3->warn_alert = alert_descr;
> -+
> -+ s->cert->alert_count++;
> -+ if (s->cert->alert_count == MAX_WARN_ALERT_COUNT) {
> -+ al = SSL_AD_UNEXPECTED_MESSAGE;
> -+ SSLerr(SSL_F_SSL3_READ_BYTES, SSL_R_TOO_MANY_WARN_ALERTS);
> -+ goto f_err;
> -+ }
> -+
> - if (alert_descr == SSL_AD_CLOSE_NOTIFY) {
> - s->shutdown |= SSL_RECEIVED_SHUTDOWN;
> - return (0);
> -Index: openssl-1.0.2h/ssl/ssl.h
> -===================================================================
> ---- openssl-1.0.2h.orig/ssl/ssl.h
> -+++ openssl-1.0.2h/ssl/ssl.h
> -@@ -3115,6 +3115,7 @@ void ERR_load_SSL_strings(void);
> - # define SSL_R_TLS_INVALID_ECPOINTFORMAT_LIST 157
> - # define SSL_R_TLS_PEER_DID_NOT_RESPOND_WITH_CERTIFICATE_LIST 233
> - # define SSL_R_TLS_RSA_ENCRYPTED_VALUE_LENGTH_IS_WRONG 234
> -+# define SSL_R_TOO_MANY_WARN_ALERTS 409
> - # define SSL_R_TRIED_TO_USE_UNSUPPORTED_CIPHER 235
> - # define SSL_R_UNABLE_TO_DECODE_DH_CERTS 236
> - # define SSL_R_UNABLE_TO_DECODE_ECDH_CERTS 313
> -Index: openssl-1.0.2h/ssl/ssl_locl.h
> -===================================================================
> ---- openssl-1.0.2h.orig/ssl/ssl_locl.h
> -+++ openssl-1.0.2h/ssl/ssl_locl.h
> -@@ -585,6 +585,8 @@ typedef struct {
> - */
> - # define SSL_EXT_FLAG_SENT 0x2
> -
> -+# define MAX_WARN_ALERT_COUNT 5
> -+
> - typedef struct {
> - custom_ext_method *meths;
> - size_t meths_count;
> -@@ -692,6 +694,8 @@ typedef struct cert_st {
> - unsigned char *alpn_proposed; /* server */
> - unsigned int alpn_proposed_len;
> - int alpn_sent; /* client */
> -+ /* Count of the number of consecutive warning alerts received */
> -+ unsigned int alert_count;
> - } CERT;
> -
> - typedef struct sess_cert_st {
> diff --git a/meta/recipes-connectivity/openssl/openssl/Use-SHA256-not-MD5-as-default-digest.patch b/meta/recipes-connectivity/openssl/openssl/Use-SHA256-not-MD5-as-default-digest.patch
> new file mode 100644
> index 0000000..58c9ee7
> --- /dev/null
> +++ b/meta/recipes-connectivity/openssl/openssl/Use-SHA256-not-MD5-as-default-digest.patch
> @@ -0,0 +1,69 @@
> +From d795f5f20a29adecf92c09459a3ee07ffac01a99 Mon Sep 17 00:00:00 2001
> +From: Rich Salz <rsalz@akamai.com>
> +Date: Sat, 13 Jun 2015 17:03:39 -0400
> +Subject: [PATCH] Use SHA256 not MD5 as default digest.
> +
> +Commit f8547f62c212837dbf44fb7e2755e5774a59a57b upstream.
> +
> +Upstream-Status: Backport
> +Backport from OpenSSL 2.0 to OpenSSL 1.0.2
> +Commit f8547f62c212837dbf44fb7e2755e5774a59a57b
> +
> +CVE: CVE-2004-2761
> +
> + The MD5 Message-Digest Algorithm is not collision resistant,
> + which makes it easier for context-dependent attackers to
> + conduct spoofing attacks, as demonstrated by attacks on the
> + use of MD5 in the signature algorithm of an X.509 certificate.
> +
> +Reviewed-by: Viktor Dukhovni <viktor@openssl.org>
> +Signed-off-by: Zhang Xiao <xiao.zhang@windriver.com>
> +Signed-off-by: T.O. Radzy Radzykewycz <radzy@windriver.com>
> +---
> + apps/ca.c | 2 +-
> + apps/dgst.c | 2 +-
> + apps/enc.c | 2 +-
> + 3 files changed, 3 insertions(+), 3 deletions(-)
> +
> +diff --git a/apps/ca.c b/apps/ca.c
> +index 3b7336c..8f3a84b 100644
> +--- a/apps/ca.c
> ++++ b/apps/ca.c
> +@@ -1612,7 +1612,7 @@ static int certify_cert(X509 **xret, char *infile, EVP_PKEY *pkey, X509 *x509,
> + } else
> + BIO_printf(bio_err, "Signature ok\n");
> +
> +- if ((rreq = X509_to_X509_REQ(req, NULL, EVP_md5())) == NULL)
> ++ if ((rreq = X509_to_X509_REQ(req, NULL, NULL)) == NULL)
> + goto err;
> +
> + ok = do_body(xret, pkey, x509, dgst, sigopts, policy, db, serial, subj,
> +diff --git a/apps/dgst.c b/apps/dgst.c
> +index 95e5fa3..0d1529f 100644
> +--- a/apps/dgst.c
> ++++ b/apps/dgst.c
> +@@ -442,7 +442,7 @@ int MAIN(int argc, char **argv)
> + goto end;
> + }
> + if (md == NULL)
> +- md = EVP_md5();
> ++ md = EVP_sha256();
> + if (!EVP_DigestInit_ex(mctx, md, impl)) {
> + BIO_printf(bio_err, "Error setting digest %s\n", pname);
> + ERR_print_errors(bio_err);
> +diff --git a/apps/enc.c b/apps/enc.c
> +index 7b7c70b..a7d944c 100644
> +--- a/apps/enc.c
> ++++ b/apps/enc.c
> +@@ -344,7 +344,7 @@ int MAIN(int argc, char **argv)
> + }
> +
> + if (dgst == NULL) {
> +- dgst = EVP_md5();
> ++ dgst = EVP_sha256();
> + }
> +
> + if (bufsize != NULL) {
> +--
> +1.9.1
> +
> diff --git a/meta/recipes-connectivity/openssl/openssl/crypto_use_bigint_in_x86-64_perl.patch b/meta/recipes-connectivity/openssl/openssl/crypto_use_bigint_in_x86-64_perl.patch
> deleted file mode 100644
> index 7ba9eab..0000000
> --- a/meta/recipes-connectivity/openssl/openssl/crypto_use_bigint_in_x86-64_perl.patch
> +++ /dev/null
> @@ -1,33 +0,0 @@
> -Upsteram Status: Backport
> -
> -When building on x32 systems where the default type is 32bit, make sure
> -we can transparently represent 64bit integers. Otherwise we end up with
> -build errors like:
> -/usr/bin/perl asm/ghash-x86_64.pl elf > ghash-x86_64.s
> -Integer overflow in hexadecimal number at asm/../../perlasm/x86_64-xlate.pl line 201, <> line 890.
> -...
> -ghash-x86_64.s: Assembler messages:
> -ghash-x86_64.s:890: Error: junk '.15473355479995e+19' after expression
> -
> -We don't enable this globally as there are some cases where we'd get
> -32bit values interpreted as unsigned when we need them as signed.
> -
> -Reported-by: Bertrand Jacquin <bertrand@jacquin.bzh>
> -URL: https://bugs.gentoo.org/542618
> -
> -Signed-off-By: Armin Kuster <akuster@mvista.com>
> -
> -diff --git a/crypto/perlasm/x86_64-xlate.pl b/crypto/perlasm/x86_64-xlate.pl
> ---- a/crypto/perlasm/x86_64-xlate.pl
> -+++ b/crypto/perlasm/x86_64-xlate.pl
> -@@ -196,6 +196,10 @@ my %globals;
> - my $self = shift;
> -
> - $self->{value} =~ s/\b(0b[0-1]+)/oct($1)/eig;
> -+ # When building on x32 ABIs, the expanded hex value might be too
> -+ # big to fit into 32bits. Enable transparent 64bit support here
> -+ # so we can safely print it out.
> -+ use bigint;
> - if ($gas) {
> - # Solaris /usr/ccs/bin/as can't handle multiplications
> - # in $self->{value}
> diff --git a/meta/recipes-connectivity/openssl/openssl/debian/ca.patch b/meta/recipes-connectivity/openssl/openssl/debian/ca.patch
> index aba4d42..fb745e4 100644
> --- a/meta/recipes-connectivity/openssl/openssl/debian/ca.patch
> +++ b/meta/recipes-connectivity/openssl/openssl/debian/ca.patch
> @@ -7,7 +7,7 @@ Index: openssl-0.9.8m/apps/CA.pl.in
> @@ -65,6 +65,7 @@
> foreach (@ARGV) {
> if ( /^(-\?|-h|-help)$/ ) {
> - print STDERR "usage: CA -newcert|-newreq|-newreq-nodes|-newca|-sign|-verify\n";
> + print STDERR "usage: CA -newcert|-newreq|-newreq-nodes|-newca|-sign|-signcert|-verify\n";
> + print STDERR "usage: CA -signcert certfile keyfile|-newcert|-newreq|-newca|-sign|-verify\n";
> exit 0;
> } elsif (/^-newcert$/) {
> diff --git a/meta/recipes-connectivity/openssl/openssl/debian/version-script.patch b/meta/recipes-connectivity/openssl/openssl/debian/version-script.patch
> new file mode 100644
> index 0000000..a249180
> --- /dev/null
> +++ b/meta/recipes-connectivity/openssl/openssl/debian/version-script.patch
> @@ -0,0 +1,4663 @@
> +Index: openssl-1.0.2~beta1.obsolete.0.0498436515490575/Configure
> +===================================================================
> +--- openssl-1.0.2~beta1.obsolete.0.0498436515490575.orig/Configure 2014-02-24 21:02:30.000000000 +0100
> ++++ openssl-1.0.2~beta1.obsolete.0.0498436515490575/Configure 2014-02-24 21:02:30.000000000 +0100
> +@@ -1651,6 +1651,8 @@
> + }
> + }
> +
> ++$shared_ldflag .= " -Wl,--version-script=openssl.ld";
> ++
> + open(IN,'<Makefile.org') || die "unable to read Makefile.org:$!\n";
> + unlink("$Makefile.new") || die "unable to remove old $Makefile.new:$!\n" if -e "$Makefile.new";
> + open(OUT,">$Makefile.new") || die "unable to create $Makefile.new:$!\n";
> +Index: openssl-1.0.2~beta1.obsolete.0.0498436515490575/openssl.ld
> +===================================================================
> +--- /dev/null 1970-01-01 00:00:00.000000000 +0000
> ++++ openssl-1.0.2~beta1.obsolete.0.0498436515490575/openssl.ld 2014-02-24 22:19:08.601827266 +0100
> +@@ -0,0 +1,4615 @@
> ++OPENSSL_1.0.0 {
> ++ global:
> ++ BIO_f_ssl;
> ++ BIO_new_buffer_ssl_connect;
> ++ BIO_new_ssl;
> ++ BIO_new_ssl_connect;
> ++ BIO_proxy_ssl_copy_session_id;
> ++ BIO_ssl_copy_session_id;
> ++ BIO_ssl_shutdown;
> ++ d2i_SSL_SESSION;
> ++ DTLSv1_client_method;
> ++ DTLSv1_method;
> ++ DTLSv1_server_method;
> ++ ERR_load_SSL_strings;
> ++ i2d_SSL_SESSION;
> ++ kssl_build_principal_2;
> ++ kssl_cget_tkt;
> ++ kssl_check_authent;
> ++ kssl_ctx_free;
> ++ kssl_ctx_new;
> ++ kssl_ctx_setkey;
> ++ kssl_ctx_setprinc;
> ++ kssl_ctx_setstring;
> ++ kssl_ctx_show;
> ++ kssl_err_set;
> ++ kssl_krb5_free_data_contents;
> ++ kssl_sget_tkt;
> ++ kssl_skip_confound;
> ++ kssl_validate_times;
> ++ PEM_read_bio_SSL_SESSION;
> ++ PEM_read_SSL_SESSION;
> ++ PEM_write_bio_SSL_SESSION;
> ++ PEM_write_SSL_SESSION;
> ++ SSL_accept;
> ++ SSL_add_client_CA;
> ++ SSL_add_dir_cert_subjects_to_stack;
> ++ SSL_add_dir_cert_subjs_to_stk;
> ++ SSL_add_file_cert_subjects_to_stack;
> ++ SSL_add_file_cert_subjs_to_stk;
> ++ SSL_alert_desc_string;
> ++ SSL_alert_desc_string_long;
> ++ SSL_alert_type_string;
> ++ SSL_alert_type_string_long;
> ++ SSL_callback_ctrl;
> ++ SSL_check_private_key;
> ++ SSL_CIPHER_description;
> ++ SSL_CIPHER_get_bits;
> ++ SSL_CIPHER_get_name;
> ++ SSL_CIPHER_get_version;
> ++ SSL_clear;
> ++ SSL_COMP_add_compression_method;
> ++ SSL_COMP_get_compression_methods;
> ++ SSL_COMP_get_compress_methods;
> ++ SSL_COMP_get_name;
> ++ SSL_connect;
> ++ SSL_copy_session_id;
> ++ SSL_ctrl;
> ++ SSL_CTX_add_client_CA;
> ++ SSL_CTX_add_session;
> ++ SSL_CTX_callback_ctrl;
> ++ SSL_CTX_check_private_key;
> ++ SSL_CTX_ctrl;
> ++ SSL_CTX_flush_sessions;
> ++ SSL_CTX_free;
> ++ SSL_CTX_get_cert_store;
> ++ SSL_CTX_get_client_CA_list;
> ++ SSL_CTX_get_client_cert_cb;
> ++ SSL_CTX_get_ex_data;
> ++ SSL_CTX_get_ex_new_index;
> ++ SSL_CTX_get_info_callback;
> ++ SSL_CTX_get_quiet_shutdown;
> ++ SSL_CTX_get_timeout;
> ++ SSL_CTX_get_verify_callback;
> ++ SSL_CTX_get_verify_depth;
> ++ SSL_CTX_get_verify_mode;
> ++ SSL_CTX_load_verify_locations;
> ++ SSL_CTX_new;
> ++ SSL_CTX_remove_session;
> ++ SSL_CTX_sess_get_get_cb;
> ++ SSL_CTX_sess_get_new_cb;
> ++ SSL_CTX_sess_get_remove_cb;
> ++ SSL_CTX_sessions;
> ++ SSL_CTX_sess_set_get_cb;
> ++ SSL_CTX_sess_set_new_cb;
> ++ SSL_CTX_sess_set_remove_cb;
> ++ SSL_CTX_set1_param;
> ++ SSL_CTX_set_cert_store;
> ++ SSL_CTX_set_cert_verify_callback;
> ++ SSL_CTX_set_cert_verify_cb;
> ++ SSL_CTX_set_cipher_list;
> ++ SSL_CTX_set_client_CA_list;
> ++ SSL_CTX_set_client_cert_cb;
> ++ SSL_CTX_set_client_cert_engine;
> ++ SSL_CTX_set_cookie_generate_cb;
> ++ SSL_CTX_set_cookie_verify_cb;
> ++ SSL_CTX_set_default_passwd_cb;
> ++ SSL_CTX_set_default_passwd_cb_userdata;
> ++ SSL_CTX_set_default_verify_paths;
> ++ SSL_CTX_set_def_passwd_cb_ud;
> ++ SSL_CTX_set_def_verify_paths;
> ++ SSL_CTX_set_ex_data;
> ++ SSL_CTX_set_generate_session_id;
> ++ SSL_CTX_set_info_callback;
> ++ SSL_CTX_set_msg_callback;
> ++ SSL_CTX_set_psk_client_callback;
> ++ SSL_CTX_set_psk_server_callback;
> ++ SSL_CTX_set_purpose;
> ++ SSL_CTX_set_quiet_shutdown;
> ++ SSL_CTX_set_session_id_context;
> ++ SSL_CTX_set_ssl_version;
> ++ SSL_CTX_set_timeout;
> ++ SSL_CTX_set_tmp_dh_callback;
> ++ SSL_CTX_set_tmp_ecdh_callback;
> ++ SSL_CTX_set_tmp_rsa_callback;
> ++ SSL_CTX_set_trust;
> ++ SSL_CTX_set_verify;
> ++ SSL_CTX_set_verify_depth;
> ++ SSL_CTX_use_cert_chain_file;
> ++ SSL_CTX_use_certificate;
> ++ SSL_CTX_use_certificate_ASN1;
> ++ SSL_CTX_use_certificate_chain_file;
> ++ SSL_CTX_use_certificate_file;
> ++ SSL_CTX_use_PrivateKey;
> ++ SSL_CTX_use_PrivateKey_ASN1;
> ++ SSL_CTX_use_PrivateKey_file;
> ++ SSL_CTX_use_psk_identity_hint;
> ++ SSL_CTX_use_RSAPrivateKey;
> ++ SSL_CTX_use_RSAPrivateKey_ASN1;
> ++ SSL_CTX_use_RSAPrivateKey_file;
> ++ SSL_do_handshake;
> ++ SSL_dup;
> ++ SSL_dup_CA_list;
> ++ SSLeay_add_ssl_algorithms;
> ++ SSL_free;
> ++ SSL_get1_session;
> ++ SSL_get_certificate;
> ++ SSL_get_cipher_list;
> ++ SSL_get_ciphers;
> ++ SSL_get_client_CA_list;
> ++ SSL_get_current_cipher;
> ++ SSL_get_current_compression;
> ++ SSL_get_current_expansion;
> ++ SSL_get_default_timeout;
> ++ SSL_get_error;
> ++ SSL_get_ex_data;
> ++ SSL_get_ex_data_X509_STORE_CTX_idx;
> ++ SSL_get_ex_d_X509_STORE_CTX_idx;
> ++ SSL_get_ex_new_index;
> ++ SSL_get_fd;
> ++ SSL_get_finished;
> ++ SSL_get_info_callback;
> ++ SSL_get_peer_cert_chain;
> ++ SSL_get_peer_certificate;
> ++ SSL_get_peer_finished;
> ++ SSL_get_privatekey;
> ++ SSL_get_psk_identity;
> ++ SSL_get_psk_identity_hint;
> ++ SSL_get_quiet_shutdown;
> ++ SSL_get_rbio;
> ++ SSL_get_read_ahead;
> ++ SSL_get_rfd;
> ++ SSL_get_servername;
> ++ SSL_get_servername_type;
> ++ SSL_get_session;
> ++ SSL_get_shared_ciphers;
> ++ SSL_get_shutdown;
> ++ SSL_get_SSL_CTX;
> ++ SSL_get_ssl_method;
> ++ SSL_get_verify_callback;
> ++ SSL_get_verify_depth;
> ++ SSL_get_verify_mode;
> ++ SSL_get_verify_result;
> ++ SSL_get_version;
> ++ SSL_get_wbio;
> ++ SSL_get_wfd;
> ++ SSL_has_matching_session_id;
> ++ SSL_library_init;
> ++ SSL_load_client_CA_file;
> ++ SSL_load_error_strings;
> ++ SSL_new;
> ++ SSL_peek;
> ++ SSL_pending;
> ++ SSL_read;
> ++ SSL_renegotiate;
> ++ SSL_renegotiate_pending;
> ++ SSL_rstate_string;
> ++ SSL_rstate_string_long;
> ++ SSL_SESSION_cmp;
> ++ SSL_SESSION_free;
> ++ SSL_SESSION_get_ex_data;
> ++ SSL_SESSION_get_ex_new_index;
> ++ SSL_SESSION_get_id;
> ++ SSL_SESSION_get_time;
> ++ SSL_SESSION_get_timeout;
> ++ SSL_SESSION_hash;
> ++ SSL_SESSION_new;
> ++ SSL_SESSION_print;
> ++ SSL_SESSION_print_fp;
> ++ SSL_SESSION_set_ex_data;
> ++ SSL_SESSION_set_time;
> ++ SSL_SESSION_set_timeout;
> ++ SSL_set1_param;
> ++ SSL_set_accept_state;
> ++ SSL_set_bio;
> ++ SSL_set_cipher_list;
> ++ SSL_set_client_CA_list;
> ++ SSL_set_connect_state;
> ++ SSL_set_ex_data;
> ++ SSL_set_fd;
> ++ SSL_set_generate_session_id;
> ++ SSL_set_info_callback;
> ++ SSL_set_msg_callback;
> ++ SSL_set_psk_client_callback;
> ++ SSL_set_psk_server_callback;
> ++ SSL_set_purpose;
> ++ SSL_set_quiet_shutdown;
> ++ SSL_set_read_ahead;
> ++ SSL_set_rfd;
> ++ SSL_set_session;
> ++ SSL_set_session_id_context;
> ++ SSL_set_session_secret_cb;
> ++ SSL_set_session_ticket_ext;
> ++ SSL_set_session_ticket_ext_cb;
> ++ SSL_set_shutdown;
> ++ SSL_set_SSL_CTX;
> ++ SSL_set_ssl_method;
> ++ SSL_set_tmp_dh_callback;
> ++ SSL_set_tmp_ecdh_callback;
> ++ SSL_set_tmp_rsa_callback;
> ++ SSL_set_trust;
> ++ SSL_set_verify;
> ++ SSL_set_verify_depth;
> ++ SSL_set_verify_result;
> ++ SSL_set_wfd;
> ++ SSL_shutdown;
> ++ SSL_state;
> ++ SSL_state_string;
> ++ SSL_state_string_long;
> ++ SSL_use_certificate;
> ++ SSL_use_certificate_ASN1;
> ++ SSL_use_certificate_file;
> ++ SSL_use_PrivateKey;
> ++ SSL_use_PrivateKey_ASN1;
> ++ SSL_use_PrivateKey_file;
> ++ SSL_use_psk_identity_hint;
> ++ SSL_use_RSAPrivateKey;
> ++ SSL_use_RSAPrivateKey_ASN1;
> ++ SSL_use_RSAPrivateKey_file;
> ++ SSLv23_client_method;
> ++ SSLv23_method;
> ++ SSLv23_server_method;
> ++ SSLv2_client_method;
> ++ SSLv2_method;
> ++ SSLv2_server_method;
> ++ SSLv3_client_method;
> ++ SSLv3_method;
> ++ SSLv3_server_method;
> ++ SSL_version;
> ++ SSL_want;
> ++ SSL_write;
> ++ TLSv1_client_method;
> ++ TLSv1_method;
> ++ TLSv1_server_method;
> ++
> ++
> ++ SSLeay;
> ++ SSLeay_version;
> ++ ASN1_BIT_STRING_asn1_meth;
> ++ ASN1_HEADER_free;
> ++ ASN1_HEADER_new;
> ++ ASN1_IA5STRING_asn1_meth;
> ++ ASN1_INTEGER_get;
> ++ ASN1_INTEGER_set;
> ++ ASN1_INTEGER_to_BN;
> ++ ASN1_OBJECT_create;
> ++ ASN1_OBJECT_free;
> ++ ASN1_OBJECT_new;
> ++ ASN1_PRINTABLE_type;
> ++ ASN1_STRING_cmp;
> ++ ASN1_STRING_dup;
> ++ ASN1_STRING_free;
> ++ ASN1_STRING_new;
> ++ ASN1_STRING_print;
> ++ ASN1_STRING_set;
> ++ ASN1_STRING_type_new;
> ++ ASN1_TYPE_free;
> ++ ASN1_TYPE_new;
> ++ ASN1_UNIVERSALSTRING_to_string;
> ++ ASN1_UTCTIME_check;
> ++ ASN1_UTCTIME_print;
> ++ ASN1_UTCTIME_set;
> ++ ASN1_check_infinite_end;
> ++ ASN1_d2i_bio;
> ++ ASN1_d2i_fp;
> ++ ASN1_digest;
> ++ ASN1_dup;
> ++ ASN1_get_object;
> ++ ASN1_i2d_bio;
> ++ ASN1_i2d_fp;
> ++ ASN1_object_size;
> ++ ASN1_parse;
> ++ ASN1_put_object;
> ++ ASN1_sign;
> ++ ASN1_verify;
> ++ BF_cbc_encrypt;
> ++ BF_cfb64_encrypt;
> ++ BF_ecb_encrypt;
> ++ BF_encrypt;
> ++ BF_ofb64_encrypt;
> ++ BF_options;
> ++ BF_set_key;
> ++ BIO_CONNECT_free;
> ++ BIO_CONNECT_new;
> ++ BIO_accept;
> ++ BIO_ctrl;
> ++ BIO_int_ctrl;
> ++ BIO_debug_callback;
> ++ BIO_dump;
> ++ BIO_dup_chain;
> ++ BIO_f_base64;
> ++ BIO_f_buffer;
> ++ BIO_f_cipher;
> ++ BIO_f_md;
> ++ BIO_f_null;
> ++ BIO_f_proxy_server;
> ++ BIO_fd_non_fatal_error;
> ++ BIO_fd_should_retry;
> ++ BIO_find_type;
> ++ BIO_free;
> ++ BIO_free_all;
> ++ BIO_get_accept_socket;
> ++ BIO_get_filter_bio;
> ++ BIO_get_host_ip;
> ++ BIO_get_port;
> ++ BIO_get_retry_BIO;
> ++ BIO_get_retry_reason;
> ++ BIO_gethostbyname;
> ++ BIO_gets;
> ++ BIO_new;
> ++ BIO_new_accept;
> ++ BIO_new_connect;
> ++ BIO_new_fd;
> ++ BIO_new_file;
> ++ BIO_new_fp;
> ++ BIO_new_socket;
> ++ BIO_pop;
> ++ BIO_printf;
> ++ BIO_push;
> ++ BIO_puts;
> ++ BIO_read;
> ++ BIO_s_accept;
> ++ BIO_s_connect;
> ++ BIO_s_fd;
> ++ BIO_s_file;
> ++ BIO_s_mem;
> ++ BIO_s_null;
> ++ BIO_s_proxy_client;
> ++ BIO_s_socket;
> ++ BIO_set;
> ++ BIO_set_cipher;
> ++ BIO_set_tcp_ndelay;
> ++ BIO_sock_cleanup;
> ++ BIO_sock_error;
> ++ BIO_sock_init;
> ++ BIO_sock_non_fatal_error;
> ++ BIO_sock_should_retry;
> ++ BIO_socket_ioctl;
> ++ BIO_write;
> ++ BN_CTX_free;
> ++ BN_CTX_new;
> ++ BN_MONT_CTX_free;
> ++ BN_MONT_CTX_new;
> ++ BN_MONT_CTX_set;
> ++ BN_add;
> ++ BN_add_word;
> ++ BN_hex2bn;
> ++ BN_bin2bn;
> ++ BN_bn2hex;
> ++ BN_bn2bin;
> ++ BN_clear;
> ++ BN_clear_bit;
> ++ BN_clear_free;
> ++ BN_cmp;
> ++ BN_copy;
> ++ BN_div;
> ++ BN_div_word;
> ++ BN_dup;
> ++ BN_free;
> ++ BN_from_montgomery;
> ++ BN_gcd;
> ++ BN_generate_prime;
> ++ BN_get_word;
> ++ BN_is_bit_set;
> ++ BN_is_prime;
> ++ BN_lshift;
> ++ BN_lshift1;
> ++ BN_mask_bits;
> ++ BN_mod;
> ++ BN_mod_exp;
> ++ BN_mod_exp_mont;
> ++ BN_mod_exp_simple;
> ++ BN_mod_inverse;
> ++ BN_mod_mul;
> ++ BN_mod_mul_montgomery;
> ++ BN_mod_word;
> ++ BN_mul;
> ++ BN_new;
> ++ BN_num_bits;
> ++ BN_num_bits_word;
> ++ BN_options;
> ++ BN_print;
> ++ BN_print_fp;
> ++ BN_rand;
> ++ BN_reciprocal;
> ++ BN_rshift;
> ++ BN_rshift1;
> ++ BN_set_bit;
> ++ BN_set_word;
> ++ BN_sqr;
> ++ BN_sub;
> ++ BN_to_ASN1_INTEGER;
> ++ BN_ucmp;
> ++ BN_value_one;
> ++ BUF_MEM_free;
> ++ BUF_MEM_grow;
> ++ BUF_MEM_new;
> ++ BUF_strdup;
> ++ CONF_free;
> ++ CONF_get_number;
> ++ CONF_get_section;
> ++ CONF_get_string;
> ++ CONF_load;
> ++ CRYPTO_add_lock;
> ++ CRYPTO_dbg_free;
> ++ CRYPTO_dbg_malloc;
> ++ CRYPTO_dbg_realloc;
> ++ CRYPTO_dbg_remalloc;
> ++ CRYPTO_free;
> ++ CRYPTO_get_add_lock_callback;
> ++ CRYPTO_get_id_callback;
> ++ CRYPTO_get_lock_name;
> ++ CRYPTO_get_locking_callback;
> ++ CRYPTO_get_mem_functions;
> ++ CRYPTO_lock;
> ++ CRYPTO_malloc;
> ++ CRYPTO_mem_ctrl;
> ++ CRYPTO_mem_leaks;
> ++ CRYPTO_mem_leaks_cb;
> ++ CRYPTO_mem_leaks_fp;
> ++ CRYPTO_realloc;
> ++ CRYPTO_remalloc;
> ++ CRYPTO_set_add_lock_callback;
> ++ CRYPTO_set_id_callback;
> ++ CRYPTO_set_locking_callback;
> ++ CRYPTO_set_mem_functions;
> ++ CRYPTO_thread_id;
> ++ DH_check;
> ++ DH_compute_key;
> ++ DH_free;
> ++ DH_generate_key;
> ++ DH_generate_parameters;
> ++ DH_new;
> ++ DH_size;
> ++ DHparams_print;
> ++ DHparams_print_fp;
> ++ DSA_free;
> ++ DSA_generate_key;
> ++ DSA_generate_parameters;
> ++ DSA_is_prime;
> ++ DSA_new;
> ++ DSA_print;
> ++ DSA_print_fp;
> ++ DSA_sign;
> ++ DSA_sign_setup;
> ++ DSA_size;
> ++ DSA_verify;
> ++ DSAparams_print;
> ++ DSAparams_print_fp;
> ++ ERR_clear_error;
> ++ ERR_error_string;
> ++ ERR_free_strings;
> ++ ERR_func_error_string;
> ++ ERR_get_err_state_table;
> ++ ERR_get_error;
> ++ ERR_get_error_line;
> ++ ERR_get_state;
> ++ ERR_get_string_table;
> ++ ERR_lib_error_string;
> ++ ERR_load_ASN1_strings;
> ++ ERR_load_BIO_strings;
> ++ ERR_load_BN_strings;
> ++ ERR_load_BUF_strings;
> ++ ERR_load_CONF_strings;
> ++ ERR_load_DH_strings;
> ++ ERR_load_DSA_strings;
> ++ ERR_load_ERR_strings;
> ++ ERR_load_EVP_strings;
> ++ ERR_load_OBJ_strings;
> ++ ERR_load_PEM_strings;
> ++ ERR_load_PROXY_strings;
> ++ ERR_load_RSA_strings;
> ++ ERR_load_X509_strings;
> ++ ERR_load_crypto_strings;
> ++ ERR_load_strings;
> ++ ERR_peek_error;
> ++ ERR_peek_error_line;
> ++ ERR_print_errors;
> ++ ERR_print_errors_fp;
> ++ ERR_put_error;
> ++ ERR_reason_error_string;
> ++ ERR_remove_state;
> ++ EVP_BytesToKey;
> ++ EVP_CIPHER_CTX_cleanup;
> ++ EVP_CipherFinal;
> ++ EVP_CipherInit;
> ++ EVP_CipherUpdate;
> ++ EVP_DecodeBlock;
> ++ EVP_DecodeFinal;
> ++ EVP_DecodeInit;
> ++ EVP_DecodeUpdate;
> ++ EVP_DecryptFinal;
> ++ EVP_DecryptInit;
> ++ EVP_DecryptUpdate;
> ++ EVP_DigestFinal;
> ++ EVP_DigestInit;
> ++ EVP_DigestUpdate;
> ++ EVP_EncodeBlock;
> ++ EVP_EncodeFinal;
> ++ EVP_EncodeInit;
> ++ EVP_EncodeUpdate;
> ++ EVP_EncryptFinal;
> ++ EVP_EncryptInit;
> ++ EVP_EncryptUpdate;
> ++ EVP_OpenFinal;
> ++ EVP_OpenInit;
> ++ EVP_PKEY_assign;
> ++ EVP_PKEY_copy_parameters;
> ++ EVP_PKEY_free;
> ++ EVP_PKEY_missing_parameters;
> ++ EVP_PKEY_new;
> ++ EVP_PKEY_save_parameters;
> ++ EVP_PKEY_size;
> ++ EVP_PKEY_type;
> ++ EVP_SealFinal;
> ++ EVP_SealInit;
> ++ EVP_SignFinal;
> ++ EVP_VerifyFinal;
> ++ EVP_add_alias;
> ++ EVP_add_cipher;
> ++ EVP_add_digest;
> ++ EVP_bf_cbc;
> ++ EVP_bf_cfb64;
> ++ EVP_bf_ecb;
> ++ EVP_bf_ofb;
> ++ EVP_cleanup;
> ++ EVP_des_cbc;
> ++ EVP_des_cfb64;
> ++ EVP_des_ecb;
> ++ EVP_des_ede;
> ++ EVP_des_ede3;
> ++ EVP_des_ede3_cbc;
> ++ EVP_des_ede3_cfb64;
> ++ EVP_des_ede3_ofb;
> ++ EVP_des_ede_cbc;
> ++ EVP_des_ede_cfb64;
> ++ EVP_des_ede_ofb;
> ++ EVP_des_ofb;
> ++ EVP_desx_cbc;
> ++ EVP_dss;
> ++ EVP_dss1;
> ++ EVP_enc_null;
> ++ EVP_get_cipherbyname;
> ++ EVP_get_digestbyname;
> ++ EVP_get_pw_prompt;
> ++ EVP_idea_cbc;
> ++ EVP_idea_cfb64;
> ++ EVP_idea_ecb;
> ++ EVP_idea_ofb;
> ++ EVP_md2;
> ++ EVP_md5;
> ++ EVP_md_null;
> ++ EVP_rc2_cbc;
> ++ EVP_rc2_cfb64;
> ++ EVP_rc2_ecb;
> ++ EVP_rc2_ofb;
> ++ EVP_rc4;
> ++ EVP_read_pw_string;
> ++ EVP_set_pw_prompt;
> ++ EVP_sha;
> ++ EVP_sha1;
> ++ MD2;
> ++ MD2_Final;
> ++ MD2_Init;
> ++ MD2_Update;
> ++ MD2_options;
> ++ MD5;
> ++ MD5_Final;
> ++ MD5_Init;
> ++ MD5_Update;
> ++ MDC2;
> ++ MDC2_Final;
> ++ MDC2_Init;
> ++ MDC2_Update;
> ++ NETSCAPE_SPKAC_free;
> ++ NETSCAPE_SPKAC_new;
> ++ NETSCAPE_SPKI_free;
> ++ NETSCAPE_SPKI_new;
> ++ NETSCAPE_SPKI_sign;
> ++ NETSCAPE_SPKI_verify;
> ++ OBJ_add_object;
> ++ OBJ_bsearch;
> ++ OBJ_cleanup;
> ++ OBJ_cmp;
> ++ OBJ_create;
> ++ OBJ_dup;
> ++ OBJ_ln2nid;
> ++ OBJ_new_nid;
> ++ OBJ_nid2ln;
> ++ OBJ_nid2obj;
> ++ OBJ_nid2sn;
> ++ OBJ_obj2nid;
> ++ OBJ_sn2nid;
> ++ OBJ_txt2nid;
> ++ PEM_ASN1_read;
> ++ PEM_ASN1_read_bio;
> ++ PEM_ASN1_write;
> ++ PEM_ASN1_write_bio;
> ++ PEM_SealFinal;
> ++ PEM_SealInit;
> ++ PEM_SealUpdate;
> ++ PEM_SignFinal;
> ++ PEM_SignInit;
> ++ PEM_SignUpdate;
> ++ PEM_X509_INFO_read;
> ++ PEM_X509_INFO_read_bio;
> ++ PEM_X509_INFO_write_bio;
> ++ PEM_dek_info;
> ++ PEM_do_header;
> ++ PEM_get_EVP_CIPHER_INFO;
> ++ PEM_proc_type;
> ++ PEM_read;
> ++ PEM_read_DHparams;
> ++ PEM_read_DSAPrivateKey;
> ++ PEM_read_DSAparams;
> ++ PEM_read_PKCS7;
> ++ PEM_read_PrivateKey;
> ++ PEM_read_RSAPrivateKey;
> ++ PEM_read_X509;
> ++ PEM_read_X509_CRL;
> ++ PEM_read_X509_REQ;
> ++ PEM_read_bio;
> ++ PEM_read_bio_DHparams;
> ++ PEM_read_bio_DSAPrivateKey;
> ++ PEM_read_bio_DSAparams;
> ++ PEM_read_bio_PKCS7;
> ++ PEM_read_bio_PrivateKey;
> ++ PEM_read_bio_RSAPrivateKey;
> ++ PEM_read_bio_X509;
> ++ PEM_read_bio_X509_CRL;
> ++ PEM_read_bio_X509_REQ;
> ++ PEM_write;
> ++ PEM_write_DHparams;
> ++ PEM_write_DSAPrivateKey;
> ++ PEM_write_DSAparams;
> ++ PEM_write_PKCS7;
> ++ PEM_write_PrivateKey;
> ++ PEM_write_RSAPrivateKey;
> ++ PEM_write_X509;
> ++ PEM_write_X509_CRL;
> ++ PEM_write_X509_REQ;
> ++ PEM_write_bio;
> ++ PEM_write_bio_DHparams;
> ++ PEM_write_bio_DSAPrivateKey;
> ++ PEM_write_bio_DSAparams;
> ++ PEM_write_bio_PKCS7;
> ++ PEM_write_bio_PrivateKey;
> ++ PEM_write_bio_RSAPrivateKey;
> ++ PEM_write_bio_X509;
> ++ PEM_write_bio_X509_CRL;
> ++ PEM_write_bio_X509_REQ;
> ++ PKCS7_DIGEST_free;
> ++ PKCS7_DIGEST_new;
> ++ PKCS7_ENCRYPT_free;
> ++ PKCS7_ENCRYPT_new;
> ++ PKCS7_ENC_CONTENT_free;
> ++ PKCS7_ENC_CONTENT_new;
> ++ PKCS7_ENVELOPE_free;
> ++ PKCS7_ENVELOPE_new;
> ++ PKCS7_ISSUER_AND_SERIAL_digest;
> ++ PKCS7_ISSUER_AND_SERIAL_free;
> ++ PKCS7_ISSUER_AND_SERIAL_new;
> ++ PKCS7_RECIP_INFO_free;
> ++ PKCS7_RECIP_INFO_new;
> ++ PKCS7_SIGNED_free;
> ++ PKCS7_SIGNED_new;
> ++ PKCS7_SIGNER_INFO_free;
> ++ PKCS7_SIGNER_INFO_new;
> ++ PKCS7_SIGN_ENVELOPE_free;
> ++ PKCS7_SIGN_ENVELOPE_new;
> ++ PKCS7_dup;
> ++ PKCS7_free;
> ++ PKCS7_new;
> ++ PROXY_ENTRY_add_noproxy;
> ++ PROXY_ENTRY_clear_noproxy;
> ++ PROXY_ENTRY_free;
> ++ PROXY_ENTRY_get_noproxy;
> ++ PROXY_ENTRY_new;
> ++ PROXY_ENTRY_set_server;
> ++ PROXY_add_noproxy;
> ++ PROXY_add_server;
> ++ PROXY_check_by_host;
> ++ PROXY_check_url;
> ++ PROXY_clear_noproxy;
> ++ PROXY_free;
> ++ PROXY_get_noproxy;
> ++ PROXY_get_proxies;
> ++ PROXY_get_proxy_entry;
> ++ PROXY_load_conf;
> ++ PROXY_new;
> ++ PROXY_print;
> ++ RAND_bytes;
> ++ RAND_cleanup;
> ++ RAND_file_name;
> ++ RAND_load_file;
> ++ RAND_screen;
> ++ RAND_seed;
> ++ RAND_write_file;
> ++ RC2_cbc_encrypt;
> ++ RC2_cfb64_encrypt;
> ++ RC2_ecb_encrypt;
> ++ RC2_encrypt;
> ++ RC2_ofb64_encrypt;
> ++ RC2_set_key;
> ++ RC4;
> ++ RC4_options;
> ++ RC4_set_key;
> ++ RSAPrivateKey_asn1_meth;
> ++ RSAPrivateKey_dup;
> ++ RSAPublicKey_dup;
> ++ RSA_PKCS1_SSLeay;
> ++ RSA_free;
> ++ RSA_generate_key;
> ++ RSA_new;
> ++ RSA_new_method;
> ++ RSA_print;
> ++ RSA_print_fp;
> ++ RSA_private_decrypt;
> ++ RSA_private_encrypt;
> ++ RSA_public_decrypt;
> ++ RSA_public_encrypt;
> ++ RSA_set_default_method;
> ++ RSA_sign;
> ++ RSA_sign_ASN1_OCTET_STRING;
> ++ RSA_size;
> ++ RSA_verify;
> ++ RSA_verify_ASN1_OCTET_STRING;
> ++ SHA;
> ++ SHA1;
> ++ SHA1_Final;
> ++ SHA1_Init;
> ++ SHA1_Update;
> ++ SHA_Final;
> ++ SHA_Init;
> ++ SHA_Update;
> ++ OpenSSL_add_all_algorithms;
> ++ OpenSSL_add_all_ciphers;
> ++ OpenSSL_add_all_digests;
> ++ TXT_DB_create_index;
> ++ TXT_DB_free;
> ++ TXT_DB_get_by_index;
> ++ TXT_DB_insert;
> ++ TXT_DB_read;
> ++ TXT_DB_write;
> ++ X509_ALGOR_free;
> ++ X509_ALGOR_new;
> ++ X509_ATTRIBUTE_free;
> ++ X509_ATTRIBUTE_new;
> ++ X509_CINF_free;
> ++ X509_CINF_new;
> ++ X509_CRL_INFO_free;
> ++ X509_CRL_INFO_new;
> ++ X509_CRL_add_ext;
> ++ X509_CRL_cmp;
> ++ X509_CRL_delete_ext;
> ++ X509_CRL_dup;
> ++ X509_CRL_free;
> ++ X509_CRL_get_ext;
> ++ X509_CRL_get_ext_by_NID;
> ++ X509_CRL_get_ext_by_OBJ;
> ++ X509_CRL_get_ext_by_critical;
> ++ X509_CRL_get_ext_count;
> ++ X509_CRL_new;
> ++ X509_CRL_sign;
> ++ X509_CRL_verify;
> ++ X509_EXTENSION_create_by_NID;
> ++ X509_EXTENSION_create_by_OBJ;
> ++ X509_EXTENSION_dup;
> ++ X509_EXTENSION_free;
> ++ X509_EXTENSION_get_critical;
> ++ X509_EXTENSION_get_data;
> ++ X509_EXTENSION_get_object;
> ++ X509_EXTENSION_new;
> ++ X509_EXTENSION_set_critical;
> ++ X509_EXTENSION_set_data;
> ++ X509_EXTENSION_set_object;
> ++ X509_INFO_free;
> ++ X509_INFO_new;
> ++ X509_LOOKUP_by_alias;
> ++ X509_LOOKUP_by_fingerprint;
> ++ X509_LOOKUP_by_issuer_serial;
> ++ X509_LOOKUP_by_subject;
> ++ X509_LOOKUP_ctrl;
> ++ X509_LOOKUP_file;
> ++ X509_LOOKUP_free;
> ++ X509_LOOKUP_hash_dir;
> ++ X509_LOOKUP_init;
> ++ X509_LOOKUP_new;
> ++ X509_LOOKUP_shutdown;
> ++ X509_NAME_ENTRY_create_by_NID;
> ++ X509_NAME_ENTRY_create_by_OBJ;
> ++ X509_NAME_ENTRY_dup;
> ++ X509_NAME_ENTRY_free;
> ++ X509_NAME_ENTRY_get_data;
> ++ X509_NAME_ENTRY_get_object;
> ++ X509_NAME_ENTRY_new;
> ++ X509_NAME_ENTRY_set_data;
> ++ X509_NAME_ENTRY_set_object;
> ++ X509_NAME_add_entry;
> ++ X509_NAME_cmp;
> ++ X509_NAME_delete_entry;
> ++ X509_NAME_digest;
> ++ X509_NAME_dup;
> ++ X509_NAME_entry_count;
> ++ X509_NAME_free;
> ++ X509_NAME_get_entry;
> ++ X509_NAME_get_index_by_NID;
> ++ X509_NAME_get_index_by_OBJ;
> ++ X509_NAME_get_text_by_NID;
> ++ X509_NAME_get_text_by_OBJ;
> ++ X509_NAME_hash;
> ++ X509_NAME_new;
> ++ X509_NAME_oneline;
> ++ X509_NAME_print;
> ++ X509_NAME_set;
> ++ X509_OBJECT_free_contents;
> ++ X509_OBJECT_retrieve_by_subject;
> ++ X509_OBJECT_up_ref_count;
> ++ X509_PKEY_free;
> ++ X509_PKEY_new;
> ++ X509_PUBKEY_free;
> ++ X509_PUBKEY_get;
> ++ X509_PUBKEY_new;
> ++ X509_PUBKEY_set;
> ++ X509_REQ_INFO_free;
> ++ X509_REQ_INFO_new;
> ++ X509_REQ_dup;
> ++ X509_REQ_free;
> ++ X509_REQ_get_pubkey;
> ++ X509_REQ_new;
> ++ X509_REQ_print;
> ++ X509_REQ_print_fp;
> ++ X509_REQ_set_pubkey;
> ++ X509_REQ_set_subject_name;
> ++ X509_REQ_set_version;
> ++ X509_REQ_sign;
> ++ X509_REQ_to_X509;
> ++ X509_REQ_verify;
> ++ X509_REVOKED_add_ext;
> ++ X509_REVOKED_delete_ext;
> ++ X509_REVOKED_free;
> ++ X509_REVOKED_get_ext;
> ++ X509_REVOKED_get_ext_by_NID;
> ++ X509_REVOKED_get_ext_by_OBJ;
> ++ X509_REVOKED_get_ext_by_critical;
> ++ X509_REVOKED_get_ext_by_critic;
> ++ X509_REVOKED_get_ext_count;
> ++ X509_REVOKED_new;
> ++ X509_SIG_free;
> ++ X509_SIG_new;
> ++ X509_STORE_CTX_cleanup;
> ++ X509_STORE_CTX_init;
> ++ X509_STORE_add_cert;
> ++ X509_STORE_add_lookup;
> ++ X509_STORE_free;
> ++ X509_STORE_get_by_subject;
> ++ X509_STORE_load_locations;
> ++ X509_STORE_new;
> ++ X509_STORE_set_default_paths;
> ++ X509_VAL_free;
> ++ X509_VAL_new;
> ++ X509_add_ext;
> ++ X509_asn1_meth;
> ++ X509_certificate_type;
> ++ X509_check_private_key;
> ++ X509_cmp_current_time;
> ++ X509_delete_ext;
> ++ X509_digest;
> ++ X509_dup;
> ++ X509_free;
> ++ X509_get_default_cert_area;
> ++ X509_get_default_cert_dir;
> ++ X509_get_default_cert_dir_env;
> ++ X509_get_default_cert_file;
> ++ X509_get_default_cert_file_env;
> ++ X509_get_default_private_dir;
> ++ X509_get_ext;
> ++ X509_get_ext_by_NID;
> ++ X509_get_ext_by_OBJ;
> ++ X509_get_ext_by_critical;
> ++ X509_get_ext_count;
> ++ X509_get_issuer_name;
> ++ X509_get_pubkey;
> ++ X509_get_pubkey_parameters;
> ++ X509_get_serialNumber;
> ++ X509_get_subject_name;
> ++ X509_gmtime_adj;
> ++ X509_issuer_and_serial_cmp;
> ++ X509_issuer_and_serial_hash;
> ++ X509_issuer_name_cmp;
> ++ X509_issuer_name_hash;
> ++ X509_load_cert_file;
> ++ X509_new;
> ++ X509_print;
> ++ X509_print_fp;
> ++ X509_set_issuer_name;
> ++ X509_set_notAfter;
> ++ X509_set_notBefore;
> ++ X509_set_pubkey;
> ++ X509_set_serialNumber;
> ++ X509_set_subject_name;
> ++ X509_set_version;
> ++ X509_sign;
> ++ X509_subject_name_cmp;
> ++ X509_subject_name_hash;
> ++ X509_to_X509_REQ;
> ++ X509_verify;
> ++ X509_verify_cert;
> ++ X509_verify_cert_error_string;
> ++ X509v3_add_ext;
> ++ X509v3_add_extension;
> ++ X509v3_add_netscape_extensions;
> ++ X509v3_add_standard_extensions;
> ++ X509v3_cleanup_extensions;
> ++ X509v3_data_type_by_NID;
> ++ X509v3_data_type_by_OBJ;
> ++ X509v3_delete_ext;
> ++ X509v3_get_ext;
> ++ X509v3_get_ext_by_NID;
> ++ X509v3_get_ext_by_OBJ;
> ++ X509v3_get_ext_by_critical;
> ++ X509v3_get_ext_count;
> ++ X509v3_pack_string;
> ++ X509v3_pack_type_by_NID;
> ++ X509v3_pack_type_by_OBJ;
> ++ X509v3_unpack_string;
> ++ _des_crypt;
> ++ a2d_ASN1_OBJECT;
> ++ a2i_ASN1_INTEGER;
> ++ a2i_ASN1_STRING;
> ++ asn1_Finish;
> ++ asn1_GetSequence;
> ++ bn_div_words;
> ++ bn_expand2;
> ++ bn_mul_add_words;
> ++ bn_mul_words;
> ++ BN_uadd;
> ++ BN_usub;
> ++ bn_sqr_words;
> ++ _ossl_old_crypt;
> ++ d2i_ASN1_BIT_STRING;
> ++ d2i_ASN1_BOOLEAN;
> ++ d2i_ASN1_HEADER;
> ++ d2i_ASN1_IA5STRING;
> ++ d2i_ASN1_INTEGER;
> ++ d2i_ASN1_OBJECT;
> ++ d2i_ASN1_OCTET_STRING;
> ++ d2i_ASN1_PRINTABLE;
> ++ d2i_ASN1_PRINTABLESTRING;
> ++ d2i_ASN1_SET;
> ++ d2i_ASN1_T61STRING;
> ++ d2i_ASN1_TYPE;
> ++ d2i_ASN1_UTCTIME;
> ++ d2i_ASN1_bytes;
> ++ d2i_ASN1_type_bytes;
> ++ d2i_DHparams;
> ++ d2i_DSAPrivateKey;
> ++ d2i_DSAPrivateKey_bio;
> ++ d2i_DSAPrivateKey_fp;
> ++ d2i_DSAPublicKey;
> ++ d2i_DSAparams;
> ++ d2i_NETSCAPE_SPKAC;
> ++ d2i_NETSCAPE_SPKI;
> ++ d2i_Netscape_RSA;
> ++ d2i_PKCS7;
> ++ d2i_PKCS7_DIGEST;
> ++ d2i_PKCS7_ENCRYPT;
> ++ d2i_PKCS7_ENC_CONTENT;
> ++ d2i_PKCS7_ENVELOPE;
> ++ d2i_PKCS7_ISSUER_AND_SERIAL;
> ++ d2i_PKCS7_RECIP_INFO;
> ++ d2i_PKCS7_SIGNED;
> ++ d2i_PKCS7_SIGNER_INFO;
> ++ d2i_PKCS7_SIGN_ENVELOPE;
> ++ d2i_PKCS7_bio;
> ++ d2i_PKCS7_fp;
> ++ d2i_PrivateKey;
> ++ d2i_PublicKey;
> ++ d2i_RSAPrivateKey;
> ++ d2i_RSAPrivateKey_bio;
> ++ d2i_RSAPrivateKey_fp;
> ++ d2i_RSAPublicKey;
> ++ d2i_X509;
> ++ d2i_X509_ALGOR;
> ++ d2i_X509_ATTRIBUTE;
> ++ d2i_X509_CINF;
> ++ d2i_X509_CRL;
> ++ d2i_X509_CRL_INFO;
> ++ d2i_X509_CRL_bio;
> ++ d2i_X509_CRL_fp;
> ++ d2i_X509_EXTENSION;
> ++ d2i_X509_NAME;
> ++ d2i_X509_NAME_ENTRY;
> ++ d2i_X509_PKEY;
> ++ d2i_X509_PUBKEY;
> ++ d2i_X509_REQ;
> ++ d2i_X509_REQ_INFO;
> ++ d2i_X509_REQ_bio;
> ++ d2i_X509_REQ_fp;
> ++ d2i_X509_REVOKED;
> ++ d2i_X509_SIG;
> ++ d2i_X509_VAL;
> ++ d2i_X509_bio;
> ++ d2i_X509_fp;
> ++ DES_cbc_cksum;
> ++ DES_cbc_encrypt;
> ++ DES_cblock_print_file;
> ++ DES_cfb64_encrypt;
> ++ DES_cfb_encrypt;
> ++ DES_decrypt3;
> ++ DES_ecb3_encrypt;
> ++ DES_ecb_encrypt;
> ++ DES_ede3_cbc_encrypt;
> ++ DES_ede3_cfb64_encrypt;
> ++ DES_ede3_ofb64_encrypt;
> ++ DES_enc_read;
> ++ DES_enc_write;
> ++ DES_encrypt1;
> ++ DES_encrypt2;
> ++ DES_encrypt3;
> ++ DES_fcrypt;
> ++ DES_is_weak_key;
> ++ DES_key_sched;
> ++ DES_ncbc_encrypt;
> ++ DES_ofb64_encrypt;
> ++ DES_ofb_encrypt;
> ++ DES_options;
> ++ DES_pcbc_encrypt;
> ++ DES_quad_cksum;
> ++ DES_random_key;
> ++ _ossl_old_des_random_seed;
> ++ _ossl_old_des_read_2passwords;
> ++ _ossl_old_des_read_password;
> ++ _ossl_old_des_read_pw;
> ++ _ossl_old_des_read_pw_string;
> ++ DES_set_key;
> ++ DES_set_odd_parity;
> ++ DES_string_to_2keys;
> ++ DES_string_to_key;
> ++ DES_xcbc_encrypt;
> ++ DES_xwhite_in2out;
> ++ fcrypt_body;
> ++ i2a_ASN1_INTEGER;
> ++ i2a_ASN1_OBJECT;
> ++ i2a_ASN1_STRING;
> ++ i2d_ASN1_BIT_STRING;
> ++ i2d_ASN1_BOOLEAN;
> ++ i2d_ASN1_HEADER;
> ++ i2d_ASN1_IA5STRING;
> ++ i2d_ASN1_INTEGER;
> ++ i2d_ASN1_OBJECT;
> ++ i2d_ASN1_OCTET_STRING;
> ++ i2d_ASN1_PRINTABLE;
> ++ i2d_ASN1_SET;
> ++ i2d_ASN1_TYPE;
> ++ i2d_ASN1_UTCTIME;
> ++ i2d_ASN1_bytes;
> ++ i2d_DHparams;
> ++ i2d_DSAPrivateKey;
> ++ i2d_DSAPrivateKey_bio;
> ++ i2d_DSAPrivateKey_fp;
> ++ i2d_DSAPublicKey;
> ++ i2d_DSAparams;
> ++ i2d_NETSCAPE_SPKAC;
> ++ i2d_NETSCAPE_SPKI;
> ++ i2d_Netscape_RSA;
> ++ i2d_PKCS7;
> ++ i2d_PKCS7_DIGEST;
> ++ i2d_PKCS7_ENCRYPT;
> ++ i2d_PKCS7_ENC_CONTENT;
> ++ i2d_PKCS7_ENVELOPE;
> ++ i2d_PKCS7_ISSUER_AND_SERIAL;
> ++ i2d_PKCS7_RECIP_INFO;
> ++ i2d_PKCS7_SIGNED;
> ++ i2d_PKCS7_SIGNER_INFO;
> ++ i2d_PKCS7_SIGN_ENVELOPE;
> ++ i2d_PKCS7_bio;
> ++ i2d_PKCS7_fp;
> ++ i2d_PrivateKey;
> ++ i2d_PublicKey;
> ++ i2d_RSAPrivateKey;
> ++ i2d_RSAPrivateKey_bio;
> ++ i2d_RSAPrivateKey_fp;
> ++ i2d_RSAPublicKey;
> ++ i2d_X509;
> ++ i2d_X509_ALGOR;
> ++ i2d_X509_ATTRIBUTE;
> ++ i2d_X509_CINF;
> ++ i2d_X509_CRL;
> ++ i2d_X509_CRL_INFO;
> ++ i2d_X509_CRL_bio;
> ++ i2d_X509_CRL_fp;
> ++ i2d_X509_EXTENSION;
> ++ i2d_X509_NAME;
> ++ i2d_X509_NAME_ENTRY;
> ++ i2d_X509_PKEY;
> ++ i2d_X509_PUBKEY;
> ++ i2d_X509_REQ;
> ++ i2d_X509_REQ_INFO;
> ++ i2d_X509_REQ_bio;
> ++ i2d_X509_REQ_fp;
> ++ i2d_X509_REVOKED;
> ++ i2d_X509_SIG;
> ++ i2d_X509_VAL;
> ++ i2d_X509_bio;
> ++ i2d_X509_fp;
> ++ idea_cbc_encrypt;
> ++ idea_cfb64_encrypt;
> ++ idea_ecb_encrypt;
> ++ idea_encrypt;
> ++ idea_ofb64_encrypt;
> ++ idea_options;
> ++ idea_set_decrypt_key;
> ++ idea_set_encrypt_key;
> ++ lh_delete;
> ++ lh_doall;
> ++ lh_doall_arg;
> ++ lh_free;
> ++ lh_insert;
> ++ lh_new;
> ++ lh_node_stats;
> ++ lh_node_stats_bio;
> ++ lh_node_usage_stats;
> ++ lh_node_usage_stats_bio;
> ++ lh_retrieve;
> ++ lh_stats;
> ++ lh_stats_bio;
> ++ lh_strhash;
> ++ sk_delete;
> ++ sk_delete_ptr;
> ++ sk_dup;
> ++ sk_find;
> ++ sk_free;
> ++ sk_insert;
> ++ sk_new;
> ++ sk_pop;
> ++ sk_pop_free;
> ++ sk_push;
> ++ sk_set_cmp_func;
> ++ sk_shift;
> ++ sk_unshift;
> ++ sk_zero;
> ++ BIO_f_nbio_test;
> ++ ASN1_TYPE_get;
> ++ ASN1_TYPE_set;
> ++ PKCS7_content_free;
> ++ ERR_load_PKCS7_strings;
> ++ X509_find_by_issuer_and_serial;
> ++ X509_find_by_subject;
> ++ PKCS7_ctrl;
> ++ PKCS7_set_type;
> ++ PKCS7_set_content;
> ++ PKCS7_SIGNER_INFO_set;
> ++ PKCS7_add_signer;
> ++ PKCS7_add_certificate;
> ++ PKCS7_add_crl;
> ++ PKCS7_content_new;
> ++ PKCS7_dataSign;
> ++ PKCS7_dataVerify;
> ++ PKCS7_dataInit;
> ++ PKCS7_add_signature;
> ++ PKCS7_cert_from_signer_info;
> ++ PKCS7_get_signer_info;
> ++ EVP_delete_alias;
> ++ EVP_mdc2;
> ++ PEM_read_bio_RSAPublicKey;
> ++ PEM_write_bio_RSAPublicKey;
> ++ d2i_RSAPublicKey_bio;
> ++ i2d_RSAPublicKey_bio;
> ++ PEM_read_RSAPublicKey;
> ++ PEM_write_RSAPublicKey;
> ++ d2i_RSAPublicKey_fp;
> ++ i2d_RSAPublicKey_fp;
> ++ BIO_copy_next_retry;
> ++ RSA_flags;
> ++ X509_STORE_add_crl;
> ++ X509_load_crl_file;
> ++ EVP_rc2_40_cbc;
> ++ EVP_rc4_40;
> ++ EVP_CIPHER_CTX_init;
> ++ HMAC;
> ++ HMAC_Init;
> ++ HMAC_Update;
> ++ HMAC_Final;
> ++ ERR_get_next_error_library;
> ++ EVP_PKEY_cmp_parameters;
> ++ HMAC_cleanup;
> ++ BIO_ptr_ctrl;
> ++ BIO_new_file_internal;
> ++ BIO_new_fp_internal;
> ++ BIO_s_file_internal;
> ++ BN_BLINDING_convert;
> ++ BN_BLINDING_invert;
> ++ BN_BLINDING_update;
> ++ RSA_blinding_on;
> ++ RSA_blinding_off;
> ++ i2t_ASN1_OBJECT;
> ++ BN_BLINDING_new;
> ++ BN_BLINDING_free;
> ++ EVP_cast5_cbc;
> ++ EVP_cast5_cfb64;
> ++ EVP_cast5_ecb;
> ++ EVP_cast5_ofb;
> ++ BF_decrypt;
> ++ CAST_set_key;
> ++ CAST_encrypt;
> ++ CAST_decrypt;
> ++ CAST_ecb_encrypt;
> ++ CAST_cbc_encrypt;
> ++ CAST_cfb64_encrypt;
> ++ CAST_ofb64_encrypt;
> ++ RC2_decrypt;
> ++ OBJ_create_objects;
> ++ BN_exp;
> ++ BN_mul_word;
> ++ BN_sub_word;
> ++ BN_dec2bn;
> ++ BN_bn2dec;
> ++ BIO_ghbn_ctrl;
> ++ CRYPTO_free_ex_data;
> ++ CRYPTO_get_ex_data;
> ++ CRYPTO_set_ex_data;
> ++ ERR_load_CRYPTO_strings;
> ++ ERR_load_CRYPTOlib_strings;
> ++ EVP_PKEY_bits;
> ++ MD5_Transform;
> ++ SHA1_Transform;
> ++ SHA_Transform;
> ++ X509_STORE_CTX_get_chain;
> ++ X509_STORE_CTX_get_current_cert;
> ++ X509_STORE_CTX_get_error;
> ++ X509_STORE_CTX_get_error_depth;
> ++ X509_STORE_CTX_get_ex_data;
> ++ X509_STORE_CTX_set_cert;
> ++ X509_STORE_CTX_set_chain;
> ++ X509_STORE_CTX_set_error;
> ++ X509_STORE_CTX_set_ex_data;
> ++ CRYPTO_dup_ex_data;
> ++ CRYPTO_get_new_lockid;
> ++ CRYPTO_new_ex_data;
> ++ RSA_set_ex_data;
> ++ RSA_get_ex_data;
> ++ RSA_get_ex_new_index;
> ++ RSA_padding_add_PKCS1_type_1;
> ++ RSA_padding_add_PKCS1_type_2;
> ++ RSA_padding_add_SSLv23;
> ++ RSA_padding_add_none;
> ++ RSA_padding_check_PKCS1_type_1;
> ++ RSA_padding_check_PKCS1_type_2;
> ++ RSA_padding_check_SSLv23;
> ++ RSA_padding_check_none;
> ++ bn_add_words;
> ++ d2i_Netscape_RSA_2;
> ++ CRYPTO_get_ex_new_index;
> ++ RIPEMD160_Init;
> ++ RIPEMD160_Update;
> ++ RIPEMD160_Final;
> ++ RIPEMD160;
> ++ RIPEMD160_Transform;
> ++ RC5_32_set_key;
> ++ RC5_32_ecb_encrypt;
> ++ RC5_32_encrypt;
> ++ RC5_32_decrypt;
> ++ RC5_32_cbc_encrypt;
> ++ RC5_32_cfb64_encrypt;
> ++ RC5_32_ofb64_encrypt;
> ++ BN_bn2mpi;
> ++ BN_mpi2bn;
> ++ ASN1_BIT_STRING_get_bit;
> ++ ASN1_BIT_STRING_set_bit;
> ++ BIO_get_ex_data;
> ++ BIO_get_ex_new_index;
> ++ BIO_set_ex_data;
> ++ X509v3_get_key_usage;
> ++ X509v3_set_key_usage;
> ++ a2i_X509v3_key_usage;
> ++ i2a_X509v3_key_usage;
> ++ EVP_PKEY_decrypt;
> ++ EVP_PKEY_encrypt;
> ++ PKCS7_RECIP_INFO_set;
> ++ PKCS7_add_recipient;
> ++ PKCS7_add_recipient_info;
> ++ PKCS7_set_cipher;
> ++ ASN1_TYPE_get_int_octetstring;
> ++ ASN1_TYPE_get_octetstring;
> ++ ASN1_TYPE_set_int_octetstring;
> ++ ASN1_TYPE_set_octetstring;
> ++ ASN1_UTCTIME_set_string;
> ++ ERR_add_error_data;
> ++ ERR_set_error_data;
> ++ EVP_CIPHER_asn1_to_param;
> ++ EVP_CIPHER_param_to_asn1;
> ++ EVP_CIPHER_get_asn1_iv;
> ++ EVP_CIPHER_set_asn1_iv;
> ++ EVP_rc5_32_12_16_cbc;
> ++ EVP_rc5_32_12_16_cfb64;
> ++ EVP_rc5_32_12_16_ecb;
> ++ EVP_rc5_32_12_16_ofb;
> ++ asn1_add_error;
> ++ d2i_ASN1_BMPSTRING;
> ++ i2d_ASN1_BMPSTRING;
> ++ BIO_f_ber;
> ++ BN_init;
> ++ COMP_CTX_new;
> ++ COMP_CTX_free;
> ++ COMP_CTX_compress_block;
> ++ COMP_CTX_expand_block;
> ++ X509_STORE_CTX_get_ex_new_index;
> ++ OBJ_NAME_add;
> ++ BIO_socket_nbio;
> ++ EVP_rc2_64_cbc;
> ++ OBJ_NAME_cleanup;
> ++ OBJ_NAME_get;
> ++ OBJ_NAME_init;
> ++ OBJ_NAME_new_index;
> ++ OBJ_NAME_remove;
> ++ BN_MONT_CTX_copy;
> ++ BIO_new_socks4a_connect;
> ++ BIO_s_socks4a_connect;
> ++ PROXY_set_connect_mode;
> ++ RAND_SSLeay;
> ++ RAND_set_rand_method;
> ++ RSA_memory_lock;
> ++ bn_sub_words;
> ++ bn_mul_normal;
> ++ bn_mul_comba8;
> ++ bn_mul_comba4;
> ++ bn_sqr_normal;
> ++ bn_sqr_comba8;
> ++ bn_sqr_comba4;
> ++ bn_cmp_words;
> ++ bn_mul_recursive;
> ++ bn_mul_part_recursive;
> ++ bn_sqr_recursive;
> ++ bn_mul_low_normal;
> ++ BN_RECP_CTX_init;
> ++ BN_RECP_CTX_new;
> ++ BN_RECP_CTX_free;
> ++ BN_RECP_CTX_set;
> ++ BN_mod_mul_reciprocal;
> ++ BN_mod_exp_recp;
> ++ BN_div_recp;
> ++ BN_CTX_init;
> ++ BN_MONT_CTX_init;
> ++ RAND_get_rand_method;
> ++ PKCS7_add_attribute;
> ++ PKCS7_add_signed_attribute;
> ++ PKCS7_digest_from_attributes;
> ++ PKCS7_get_attribute;
> ++ PKCS7_get_issuer_and_serial;
> ++ PKCS7_get_signed_attribute;
> ++ COMP_compress_block;
> ++ COMP_expand_block;
> ++ COMP_rle;
> ++ COMP_zlib;
> ++ ms_time_diff;
> ++ ms_time_new;
> ++ ms_time_free;
> ++ ms_time_cmp;
> ++ ms_time_get;
> ++ PKCS7_set_attributes;
> ++ PKCS7_set_signed_attributes;
> ++ X509_ATTRIBUTE_create;
> ++ X509_ATTRIBUTE_dup;
> ++ ASN1_GENERALIZEDTIME_check;
> ++ ASN1_GENERALIZEDTIME_print;
> ++ ASN1_GENERALIZEDTIME_set;
> ++ ASN1_GENERALIZEDTIME_set_string;
> ++ ASN1_TIME_print;
> ++ BASIC_CONSTRAINTS_free;
> ++ BASIC_CONSTRAINTS_new;
> ++ ERR_load_X509V3_strings;
> ++ NETSCAPE_CERT_SEQUENCE_free;
> ++ NETSCAPE_CERT_SEQUENCE_new;
> ++ OBJ_txt2obj;
> ++ PEM_read_NETSCAPE_CERT_SEQUENCE;
> ++ PEM_read_NS_CERT_SEQ;
> ++ PEM_read_bio_NETSCAPE_CERT_SEQUENCE;
> ++ PEM_read_bio_NS_CERT_SEQ;
> ++ PEM_write_NETSCAPE_CERT_SEQUENCE;
> ++ PEM_write_NS_CERT_SEQ;
> ++ PEM_write_bio_NETSCAPE_CERT_SEQUENCE;
> ++ PEM_write_bio_NS_CERT_SEQ;
> ++ X509V3_EXT_add;
> ++ X509V3_EXT_add_alias;
> ++ X509V3_EXT_add_conf;
> ++ X509V3_EXT_cleanup;
> ++ X509V3_EXT_conf;
> ++ X509V3_EXT_conf_nid;
> ++ X509V3_EXT_get;
> ++ X509V3_EXT_get_nid;
> ++ X509V3_EXT_print;
> ++ X509V3_EXT_print_fp;
> ++ X509V3_add_standard_extensions;
> ++ X509V3_add_value;
> ++ X509V3_add_value_bool;
> ++ X509V3_add_value_int;
> ++ X509V3_conf_free;
> ++ X509V3_get_value_bool;
> ++ X509V3_get_value_int;
> ++ X509V3_parse_list;
> ++ d2i_ASN1_GENERALIZEDTIME;
> ++ d2i_ASN1_TIME;
> ++ d2i_BASIC_CONSTRAINTS;
> ++ d2i_NETSCAPE_CERT_SEQUENCE;
> ++ d2i_ext_ku;
> ++ ext_ku_free;
> ++ ext_ku_new;
> ++ i2d_ASN1_GENERALIZEDTIME;
> ++ i2d_ASN1_TIME;
> ++ i2d_BASIC_CONSTRAINTS;
> ++ i2d_NETSCAPE_CERT_SEQUENCE;
> ++ i2d_ext_ku;
> ++ EVP_MD_CTX_copy;
> ++ i2d_ASN1_ENUMERATED;
> ++ d2i_ASN1_ENUMERATED;
> ++ ASN1_ENUMERATED_set;
> ++ ASN1_ENUMERATED_get;
> ++ BN_to_ASN1_ENUMERATED;
> ++ ASN1_ENUMERATED_to_BN;
> ++ i2a_ASN1_ENUMERATED;
> ++ a2i_ASN1_ENUMERATED;
> ++ i2d_GENERAL_NAME;
> ++ d2i_GENERAL_NAME;
> ++ GENERAL_NAME_new;
> ++ GENERAL_NAME_free;
> ++ GENERAL_NAMES_new;
> ++ GENERAL_NAMES_free;
> ++ d2i_GENERAL_NAMES;
> ++ i2d_GENERAL_NAMES;
> ++ i2v_GENERAL_NAMES;
> ++ i2s_ASN1_OCTET_STRING;
> ++ s2i_ASN1_OCTET_STRING;
> ++ X509V3_EXT_check_conf;
> ++ hex_to_string;
> ++ string_to_hex;
> ++ DES_ede3_cbcm_encrypt;
> ++ RSA_padding_add_PKCS1_OAEP;
> ++ RSA_padding_check_PKCS1_OAEP;
> ++ X509_CRL_print_fp;
> ++ X509_CRL_print;
> ++ i2v_GENERAL_NAME;
> ++ v2i_GENERAL_NAME;
> ++ i2d_PKEY_USAGE_PERIOD;
> ++ d2i_PKEY_USAGE_PERIOD;
> ++ PKEY_USAGE_PERIOD_new;
> ++ PKEY_USAGE_PERIOD_free;
> ++ v2i_GENERAL_NAMES;
> ++ i2s_ASN1_INTEGER;
> ++ X509V3_EXT_d2i;
> ++ name_cmp;
> ++ str_dup;
> ++ i2s_ASN1_ENUMERATED;
> ++ i2s_ASN1_ENUMERATED_TABLE;
> ++ BIO_s_log;
> ++ BIO_f_reliable;
> ++ PKCS7_dataFinal;
> ++ PKCS7_dataDecode;
> ++ X509V3_EXT_CRL_add_conf;
> ++ BN_set_params;
> ++ BN_get_params;
> ++ BIO_get_ex_num;
> ++ BIO_set_ex_free_func;
> ++ EVP_ripemd160;
> ++ ASN1_TIME_set;
> ++ i2d_AUTHORITY_KEYID;
> ++ d2i_AUTHORITY_KEYID;
> ++ AUTHORITY_KEYID_new;
> ++ AUTHORITY_KEYID_free;
> ++ ASN1_seq_unpack;
> ++ ASN1_seq_pack;
> ++ ASN1_unpack_string;
> ++ ASN1_pack_string;
> ++ PKCS12_pack_safebag;
> ++ PKCS12_MAKE_KEYBAG;
> ++ PKCS8_encrypt;
> ++ PKCS12_MAKE_SHKEYBAG;
> ++ PKCS12_pack_p7data;
> ++ PKCS12_pack_p7encdata;
> ++ PKCS12_add_localkeyid;
> ++ PKCS12_add_friendlyname_asc;
> ++ PKCS12_add_friendlyname_uni;
> ++ PKCS12_get_friendlyname;
> ++ PKCS12_pbe_crypt;
> ++ PKCS12_decrypt_d2i;
> ++ PKCS12_i2d_encrypt;
> ++ PKCS12_init;
> ++ PKCS12_key_gen_asc;
> ++ PKCS12_key_gen_uni;
> ++ PKCS12_gen_mac;
> ++ PKCS12_verify_mac;
> ++ PKCS12_set_mac;
> ++ PKCS12_setup_mac;
> ++ OPENSSL_asc2uni;
> ++ OPENSSL_uni2asc;
> ++ i2d_PKCS12_BAGS;
> ++ PKCS12_BAGS_new;
> ++ d2i_PKCS12_BAGS;
> ++ PKCS12_BAGS_free;
> ++ i2d_PKCS12;
> ++ d2i_PKCS12;
> ++ PKCS12_new;
> ++ PKCS12_free;
> ++ i2d_PKCS12_MAC_DATA;
> ++ PKCS12_MAC_DATA_new;
> ++ d2i_PKCS12_MAC_DATA;
> ++ PKCS12_MAC_DATA_free;
> ++ i2d_PKCS12_SAFEBAG;
> ++ PKCS12_SAFEBAG_new;
> ++ d2i_PKCS12_SAFEBAG;
> ++ PKCS12_SAFEBAG_free;
> ++ ERR_load_PKCS12_strings;
> ++ PKCS12_PBE_add;
> ++ PKCS8_add_keyusage;
> ++ PKCS12_get_attr_gen;
> ++ PKCS12_parse;
> ++ PKCS12_create;
> ++ i2d_PKCS12_bio;
> ++ i2d_PKCS12_fp;
> ++ d2i_PKCS12_bio;
> ++ d2i_PKCS12_fp;
> ++ i2d_PBEPARAM;
> ++ PBEPARAM_new;
> ++ d2i_PBEPARAM;
> ++ PBEPARAM_free;
> ++ i2d_PKCS8_PRIV_KEY_INFO;
> ++ PKCS8_PRIV_KEY_INFO_new;
> ++ d2i_PKCS8_PRIV_KEY_INFO;
> ++ PKCS8_PRIV_KEY_INFO_free;
> ++ EVP_PKCS82PKEY;
> ++ EVP_PKEY2PKCS8;
> ++ PKCS8_set_broken;
> ++ EVP_PBE_ALGOR_CipherInit;
> ++ EVP_PBE_alg_add;
> ++ PKCS5_pbe_set;
> ++ EVP_PBE_cleanup;
> ++ i2d_SXNET;
> ++ d2i_SXNET;
> ++ SXNET_new;
> ++ SXNET_free;
> ++ i2d_SXNETID;
> ++ d2i_SXNETID;
> ++ SXNETID_new;
> ++ SXNETID_free;
> ++ DSA_SIG_new;
> ++ DSA_SIG_free;
> ++ DSA_do_sign;
> ++ DSA_do_verify;
> ++ d2i_DSA_SIG;
> ++ i2d_DSA_SIG;
> ++ i2d_ASN1_VISIBLESTRING;
> ++ d2i_ASN1_VISIBLESTRING;
> ++ i2d_ASN1_UTF8STRING;
> ++ d2i_ASN1_UTF8STRING;
> ++ i2d_DIRECTORYSTRING;
> ++ d2i_DIRECTORYSTRING;
> ++ i2d_DISPLAYTEXT;
> ++ d2i_DISPLAYTEXT;
> ++ d2i_ASN1_SET_OF_X509;
> ++ i2d_ASN1_SET_OF_X509;
> ++ i2d_PBKDF2PARAM;
> ++ PBKDF2PARAM_new;
> ++ d2i_PBKDF2PARAM;
> ++ PBKDF2PARAM_free;
> ++ i2d_PBE2PARAM;
> ++ PBE2PARAM_new;
> ++ d2i_PBE2PARAM;
> ++ PBE2PARAM_free;
> ++ d2i_ASN1_SET_OF_GENERAL_NAME;
> ++ i2d_ASN1_SET_OF_GENERAL_NAME;
> ++ d2i_ASN1_SET_OF_SXNETID;
> ++ i2d_ASN1_SET_OF_SXNETID;
> ++ d2i_ASN1_SET_OF_POLICYQUALINFO;
> ++ i2d_ASN1_SET_OF_POLICYQUALINFO;
> ++ d2i_ASN1_SET_OF_POLICYINFO;
> ++ i2d_ASN1_SET_OF_POLICYINFO;
> ++ SXNET_add_id_asc;
> ++ SXNET_add_id_ulong;
> ++ SXNET_add_id_INTEGER;
> ++ SXNET_get_id_asc;
> ++ SXNET_get_id_ulong;
> ++ SXNET_get_id_INTEGER;
> ++ X509V3_set_conf_lhash;
> ++ i2d_CERTIFICATEPOLICIES;
> ++ CERTIFICATEPOLICIES_new;
> ++ CERTIFICATEPOLICIES_free;
> ++ d2i_CERTIFICATEPOLICIES;
> ++ i2d_POLICYINFO;
> ++ POLICYINFO_new;
> ++ d2i_POLICYINFO;
> ++ POLICYINFO_free;
> ++ i2d_POLICYQUALINFO;
> ++ POLICYQUALINFO_new;
> ++ d2i_POLICYQUALINFO;
> ++ POLICYQUALINFO_free;
> ++ i2d_USERNOTICE;
> ++ USERNOTICE_new;
> ++ d2i_USERNOTICE;
> ++ USERNOTICE_free;
> ++ i2d_NOTICEREF;
> ++ NOTICEREF_new;
> ++ d2i_NOTICEREF;
> ++ NOTICEREF_free;
> ++ X509V3_get_string;
> ++ X509V3_get_section;
> ++ X509V3_string_free;
> ++ X509V3_section_free;
> ++ X509V3_set_ctx;
> ++ s2i_ASN1_INTEGER;
> ++ CRYPTO_set_locked_mem_functions;
> ++ CRYPTO_get_locked_mem_functions;
> ++ CRYPTO_malloc_locked;
> ++ CRYPTO_free_locked;
> ++ BN_mod_exp2_mont;
> ++ ERR_get_error_line_data;
> ++ ERR_peek_error_line_data;
> ++ PKCS12_PBE_keyivgen;
> ++ X509_ALGOR_dup;
> ++ d2i_ASN1_SET_OF_DIST_POINT;
> ++ i2d_ASN1_SET_OF_DIST_POINT;
> ++ i2d_CRL_DIST_POINTS;
> ++ CRL_DIST_POINTS_new;
> ++ CRL_DIST_POINTS_free;
> ++ d2i_CRL_DIST_POINTS;
> ++ i2d_DIST_POINT;
> ++ DIST_POINT_new;
> ++ d2i_DIST_POINT;
> ++ DIST_POINT_free;
> ++ i2d_DIST_POINT_NAME;
> ++ DIST_POINT_NAME_new;
> ++ DIST_POINT_NAME_free;
> ++ d2i_DIST_POINT_NAME;
> ++ X509V3_add_value_uchar;
> ++ d2i_ASN1_SET_OF_X509_ATTRIBUTE;
> ++ i2d_ASN1_SET_OF_ASN1_TYPE;
> ++ d2i_ASN1_SET_OF_X509_EXTENSION;
> ++ d2i_ASN1_SET_OF_X509_NAME_ENTRY;
> ++ d2i_ASN1_SET_OF_ASN1_TYPE;
> ++ i2d_ASN1_SET_OF_X509_ATTRIBUTE;
> ++ i2d_ASN1_SET_OF_X509_EXTENSION;
> ++ i2d_ASN1_SET_OF_X509_NAME_ENTRY;
> ++ X509V3_EXT_i2d;
> ++ X509V3_EXT_val_prn;
> ++ X509V3_EXT_add_list;
> ++ EVP_CIPHER_type;
> ++ EVP_PBE_CipherInit;
> ++ X509V3_add_value_bool_nf;
> ++ d2i_ASN1_UINTEGER;
> ++ sk_value;
> ++ sk_num;
> ++ sk_set;
> ++ i2d_ASN1_SET_OF_X509_REVOKED;
> ++ sk_sort;
> ++ d2i_ASN1_SET_OF_X509_REVOKED;
> ++ i2d_ASN1_SET_OF_X509_ALGOR;
> ++ i2d_ASN1_SET_OF_X509_CRL;
> ++ d2i_ASN1_SET_OF_X509_ALGOR;
> ++ d2i_ASN1_SET_OF_X509_CRL;
> ++ i2d_ASN1_SET_OF_PKCS7_SIGNER_INFO;
> ++ i2d_ASN1_SET_OF_PKCS7_RECIP_INFO;
> ++ d2i_ASN1_SET_OF_PKCS7_SIGNER_INFO;
> ++ d2i_ASN1_SET_OF_PKCS7_RECIP_INFO;
> ++ PKCS5_PBE_add;
> ++ PEM_write_bio_PKCS8;
> ++ i2d_PKCS8_fp;
> ++ PEM_read_bio_PKCS8_PRIV_KEY_INFO;
> ++ PEM_read_bio_P8_PRIV_KEY_INFO;
> ++ d2i_PKCS8_bio;
> ++ d2i_PKCS8_PRIV_KEY_INFO_fp;
> ++ PEM_write_bio_PKCS8_PRIV_KEY_INFO;
> ++ PEM_write_bio_P8_PRIV_KEY_INFO;
> ++ PEM_read_PKCS8;
> ++ d2i_PKCS8_PRIV_KEY_INFO_bio;
> ++ d2i_PKCS8_fp;
> ++ PEM_write_PKCS8;
> ++ PEM_read_PKCS8_PRIV_KEY_INFO;
> ++ PEM_read_P8_PRIV_KEY_INFO;
> ++ PEM_read_bio_PKCS8;
> ++ PEM_write_PKCS8_PRIV_KEY_INFO;
> ++ PEM_write_P8_PRIV_KEY_INFO;
> ++ PKCS5_PBE_keyivgen;
> ++ i2d_PKCS8_bio;
> ++ i2d_PKCS8_PRIV_KEY_INFO_fp;
> ++ i2d_PKCS8_PRIV_KEY_INFO_bio;
> ++ BIO_s_bio;
> ++ PKCS5_pbe2_set;
> ++ PKCS5_PBKDF2_HMAC_SHA1;
> ++ PKCS5_v2_PBE_keyivgen;
> ++ PEM_write_bio_PKCS8PrivateKey;
> ++ PEM_write_PKCS8PrivateKey;
> ++ BIO_ctrl_get_read_request;
> ++ BIO_ctrl_pending;
> ++ BIO_ctrl_wpending;
> ++ BIO_new_bio_pair;
> ++ BIO_ctrl_get_write_guarantee;
> ++ CRYPTO_num_locks;
> ++ CONF_load_bio;
> ++ CONF_load_fp;
> ++ i2d_ASN1_SET_OF_ASN1_OBJECT;
> ++ d2i_ASN1_SET_OF_ASN1_OBJECT;
> ++ PKCS7_signatureVerify;
> ++ RSA_set_method;
> ++ RSA_get_method;
> ++ RSA_get_default_method;
> ++ RSA_check_key;
> ++ OBJ_obj2txt;
> ++ DSA_dup_DH;
> ++ X509_REQ_get_extensions;
> ++ X509_REQ_set_extension_nids;
> ++ BIO_nwrite;
> ++ X509_REQ_extension_nid;
> ++ BIO_nread;
> ++ X509_REQ_get_extension_nids;
> ++ BIO_nwrite0;
> ++ X509_REQ_add_extensions_nid;
> ++ BIO_nread0;
> ++ X509_REQ_add_extensions;
> ++ BIO_new_mem_buf;
> ++ DH_set_ex_data;
> ++ DH_set_method;
> ++ DSA_OpenSSL;
> ++ DH_get_ex_data;
> ++ DH_get_ex_new_index;
> ++ DSA_new_method;
> ++ DH_new_method;
> ++ DH_OpenSSL;
> ++ DSA_get_ex_new_index;
> ++ DH_get_default_method;
> ++ DSA_set_ex_data;
> ++ DH_set_default_method;
> ++ DSA_get_ex_data;
> ++ X509V3_EXT_REQ_add_conf;
> ++ NETSCAPE_SPKI_print;
> ++ NETSCAPE_SPKI_set_pubkey;
> ++ NETSCAPE_SPKI_b64_encode;
> ++ NETSCAPE_SPKI_get_pubkey;
> ++ NETSCAPE_SPKI_b64_decode;
> ++ UTF8_putc;
> ++ UTF8_getc;
> ++ RSA_null_method;
> ++ ASN1_tag2str;
> ++ BIO_ctrl_reset_read_request;
> ++ DISPLAYTEXT_new;
> ++ ASN1_GENERALIZEDTIME_free;
> ++ X509_REVOKED_get_ext_d2i;
> ++ X509_set_ex_data;
> ++ X509_reject_set_bit_asc;
> ++ X509_NAME_add_entry_by_txt;
> ++ X509_NAME_add_entry_by_NID;
> ++ X509_PURPOSE_get0;
> ++ PEM_read_X509_AUX;
> ++ d2i_AUTHORITY_INFO_ACCESS;
> ++ PEM_write_PUBKEY;
> ++ ACCESS_DESCRIPTION_new;
> ++ X509_CERT_AUX_free;
> ++ d2i_ACCESS_DESCRIPTION;
> ++ X509_trust_clear;
> ++ X509_TRUST_add;
> ++ ASN1_VISIBLESTRING_new;
> ++ X509_alias_set1;
> ++ ASN1_PRINTABLESTRING_free;
> ++ EVP_PKEY_get1_DSA;
> ++ ASN1_BMPSTRING_new;
> ++ ASN1_mbstring_copy;
> ++ ASN1_UTF8STRING_new;
> ++ DSA_get_default_method;
> ++ i2d_ASN1_SET_OF_ACCESS_DESCRIPTION;
> ++ ASN1_T61STRING_free;
> ++ DSA_set_method;
> ++ X509_get_ex_data;
> ++ ASN1_STRING_type;
> ++ X509_PURPOSE_get_by_sname;
> ++ ASN1_TIME_free;
> ++ ASN1_OCTET_STRING_cmp;
> ++ ASN1_BIT_STRING_new;
> ++ X509_get_ext_d2i;
> ++ PEM_read_bio_X509_AUX;
> ++ ASN1_STRING_set_default_mask_asc;
> ++ ASN1_STRING_set_def_mask_asc;
> ++ PEM_write_bio_RSA_PUBKEY;
> ++ ASN1_INTEGER_cmp;
> ++ d2i_RSA_PUBKEY_fp;
> ++ X509_trust_set_bit_asc;
> ++ PEM_write_bio_DSA_PUBKEY;
> ++ X509_STORE_CTX_free;
> ++ EVP_PKEY_set1_DSA;
> ++ i2d_DSA_PUBKEY_fp;
> ++ X509_load_cert_crl_file;
> ++ ASN1_TIME_new;
> ++ i2d_RSA_PUBKEY;
> ++ X509_STORE_CTX_purpose_inherit;
> ++ PEM_read_RSA_PUBKEY;
> ++ d2i_X509_AUX;
> ++ i2d_DSA_PUBKEY;
> ++ X509_CERT_AUX_print;
> ++ PEM_read_DSA_PUBKEY;
> ++ i2d_RSA_PUBKEY_bio;
> ++ ASN1_BIT_STRING_num_asc;
> ++ i2d_PUBKEY;
> ++ ASN1_UTCTIME_free;
> ++ DSA_set_default_method;
> ++ X509_PURPOSE_get_by_id;
> ++ ACCESS_DESCRIPTION_free;
> ++ PEM_read_bio_PUBKEY;
> ++ ASN1_STRING_set_by_NID;
> ++ X509_PURPOSE_get_id;
> ++ DISPLAYTEXT_free;
> ++ OTHERNAME_new;
> ++ X509_CERT_AUX_new;
> ++ X509_TRUST_cleanup;
> ++ X509_NAME_add_entry_by_OBJ;
> ++ X509_CRL_get_ext_d2i;
> ++ X509_PURPOSE_get0_name;
> ++ PEM_read_PUBKEY;
> ++ i2d_DSA_PUBKEY_bio;
> ++ i2d_OTHERNAME;
> ++ ASN1_OCTET_STRING_free;
> ++ ASN1_BIT_STRING_set_asc;
> ++ X509_get_ex_new_index;
> ++ ASN1_STRING_TABLE_cleanup;
> ++ X509_TRUST_get_by_id;
> ++ X509_PURPOSE_get_trust;
> ++ ASN1_STRING_length;
> ++ d2i_ASN1_SET_OF_ACCESS_DESCRIPTION;
> ++ ASN1_PRINTABLESTRING_new;
> ++ X509V3_get_d2i;
> ++ ASN1_ENUMERATED_free;
> ++ i2d_X509_CERT_AUX;
> ++ X509_STORE_CTX_set_trust;
> ++ ASN1_STRING_set_default_mask;
> ++ X509_STORE_CTX_new;
> ++ EVP_PKEY_get1_RSA;
> ++ DIRECTORYSTRING_free;
> ++ PEM_write_X509_AUX;
> ++ ASN1_OCTET_STRING_set;
> ++ d2i_DSA_PUBKEY_fp;
> ++ d2i_RSA_PUBKEY;
> ++ X509_TRUST_get0_name;
> ++ X509_TRUST_get0;
> ++ AUTHORITY_INFO_ACCESS_free;
> ++ ASN1_IA5STRING_new;
> ++ d2i_DSA_PUBKEY;
> ++ X509_check_purpose;
> ++ ASN1_ENUMERATED_new;
> ++ d2i_RSA_PUBKEY_bio;
> ++ d2i_PUBKEY;
> ++ X509_TRUST_get_trust;
> ++ X509_TRUST_get_flags;
> ++ ASN1_BMPSTRING_free;
> ++ ASN1_T61STRING_new;
> ++ ASN1_UTCTIME_new;
> ++ i2d_AUTHORITY_INFO_ACCESS;
> ++ EVP_PKEY_set1_RSA;
> ++ X509_STORE_CTX_set_purpose;
> ++ ASN1_IA5STRING_free;
> ++ PEM_write_bio_X509_AUX;
> ++ X509_PURPOSE_get_count;
> ++ CRYPTO_add_info;
> ++ X509_NAME_ENTRY_create_by_txt;
> ++ ASN1_STRING_get_default_mask;
> ++ X509_alias_get0;
> ++ ASN1_STRING_data;
> ++ i2d_ACCESS_DESCRIPTION;
> ++ X509_trust_set_bit;
> ++ ASN1_BIT_STRING_free;
> ++ PEM_read_bio_RSA_PUBKEY;
> ++ X509_add1_reject_object;
> ++ X509_check_trust;
> ++ PEM_read_bio_DSA_PUBKEY;
> ++ X509_PURPOSE_add;
> ++ ASN1_STRING_TABLE_get;
> ++ ASN1_UTF8STRING_free;
> ++ d2i_DSA_PUBKEY_bio;
> ++ PEM_write_RSA_PUBKEY;
> ++ d2i_OTHERNAME;
> ++ X509_reject_set_bit;
> ++ PEM_write_DSA_PUBKEY;
> ++ X509_PURPOSE_get0_sname;
> ++ EVP_PKEY_set1_DH;
> ++ ASN1_OCTET_STRING_dup;
> ++ ASN1_BIT_STRING_set;
> ++ X509_TRUST_get_count;
> ++ ASN1_INTEGER_free;
> ++ OTHERNAME_free;
> ++ i2d_RSA_PUBKEY_fp;
> ++ ASN1_INTEGER_dup;
> ++ d2i_X509_CERT_AUX;
> ++ PEM_write_bio_PUBKEY;
> ++ ASN1_VISIBLESTRING_free;
> ++ X509_PURPOSE_cleanup;
> ++ ASN1_mbstring_ncopy;
> ++ ASN1_GENERALIZEDTIME_new;
> ++ EVP_PKEY_get1_DH;
> ++ ASN1_OCTET_STRING_new;
> ++ ASN1_INTEGER_new;
> ++ i2d_X509_AUX;
> ++ ASN1_BIT_STRING_name_print;
> ++ X509_cmp;
> ++ ASN1_STRING_length_set;
> ++ DIRECTORYSTRING_new;
> ++ X509_add1_trust_object;
> ++ PKCS12_newpass;
> ++ SMIME_write_PKCS7;
> ++ SMIME_read_PKCS7;
> ++ DES_set_key_checked;
> ++ PKCS7_verify;
> ++ PKCS7_encrypt;
> ++ DES_set_key_unchecked;
> ++ SMIME_crlf_copy;
> ++ i2d_ASN1_PRINTABLESTRING;
> ++ PKCS7_get0_signers;
> ++ PKCS7_decrypt;
> ++ SMIME_text;
> ++ PKCS7_simple_smimecap;
> ++ PKCS7_get_smimecap;
> ++ PKCS7_sign;
> ++ PKCS7_add_attrib_smimecap;
> ++ CRYPTO_dbg_set_options;
> ++ CRYPTO_remove_all_info;
> ++ CRYPTO_get_mem_debug_functions;
> ++ CRYPTO_is_mem_check_on;
> ++ CRYPTO_set_mem_debug_functions;
> ++ CRYPTO_pop_info;
> ++ CRYPTO_push_info_;
> ++ CRYPTO_set_mem_debug_options;
> ++ PEM_write_PKCS8PrivateKey_nid;
> ++ PEM_write_bio_PKCS8PrivateKey_nid;
> ++ PEM_write_bio_PKCS8PrivKey_nid;
> ++ d2i_PKCS8PrivateKey_bio;
> ++ ASN1_NULL_free;
> ++ d2i_ASN1_NULL;
> ++ ASN1_NULL_new;
> ++ i2d_PKCS8PrivateKey_bio;
> ++ i2d_PKCS8PrivateKey_fp;
> ++ i2d_ASN1_NULL;
> ++ i2d_PKCS8PrivateKey_nid_fp;
> ++ d2i_PKCS8PrivateKey_fp;
> ++ i2d_PKCS8PrivateKey_nid_bio;
> ++ i2d_PKCS8PrivateKeyInfo_fp;
> ++ i2d_PKCS8PrivateKeyInfo_bio;
> ++ PEM_cb;
> ++ i2d_PrivateKey_fp;
> ++ d2i_PrivateKey_bio;
> ++ d2i_PrivateKey_fp;
> ++ i2d_PrivateKey_bio;
> ++ X509_reject_clear;
> ++ X509_TRUST_set_default;
> ++ d2i_AutoPrivateKey;
> ++ X509_ATTRIBUTE_get0_type;
> ++ X509_ATTRIBUTE_set1_data;
> ++ X509at_get_attr;
> ++ X509at_get_attr_count;
> ++ X509_ATTRIBUTE_create_by_NID;
> ++ X509_ATTRIBUTE_set1_object;
> ++ X509_ATTRIBUTE_count;
> ++ X509_ATTRIBUTE_create_by_OBJ;
> ++ X509_ATTRIBUTE_get0_object;
> ++ X509at_get_attr_by_NID;
> ++ X509at_add1_attr;
> ++ X509_ATTRIBUTE_get0_data;
> ++ X509at_delete_attr;
> ++ X509at_get_attr_by_OBJ;
> ++ RAND_add;
> ++ BIO_number_written;
> ++ BIO_number_read;
> ++ X509_STORE_CTX_get1_chain;
> ++ ERR_load_RAND_strings;
> ++ RAND_pseudo_bytes;
> ++ X509_REQ_get_attr_by_NID;
> ++ X509_REQ_get_attr;
> ++ X509_REQ_add1_attr_by_NID;
> ++ X509_REQ_get_attr_by_OBJ;
> ++ X509at_add1_attr_by_NID;
> ++ X509_REQ_add1_attr_by_OBJ;
> ++ X509_REQ_get_attr_count;
> ++ X509_REQ_add1_attr;
> ++ X509_REQ_delete_attr;
> ++ X509at_add1_attr_by_OBJ;
> ++ X509_REQ_add1_attr_by_txt;
> ++ X509_ATTRIBUTE_create_by_txt;
> ++ X509at_add1_attr_by_txt;
> ++ BN_pseudo_rand;
> ++ BN_is_prime_fasttest;
> ++ BN_CTX_end;
> ++ BN_CTX_start;
> ++ BN_CTX_get;
> ++ EVP_PKEY2PKCS8_broken;
> ++ ASN1_STRING_TABLE_add;
> ++ CRYPTO_dbg_get_options;
> ++ AUTHORITY_INFO_ACCESS_new;
> ++ CRYPTO_get_mem_debug_options;
> ++ DES_crypt;
> ++ PEM_write_bio_X509_REQ_NEW;
> ++ PEM_write_X509_REQ_NEW;
> ++ BIO_callback_ctrl;
> ++ RAND_egd;
> ++ RAND_status;
> ++ bn_dump1;
> ++ DES_check_key_parity;
> ++ lh_num_items;
> ++ RAND_event;
> ++ DSO_new;
> ++ DSO_new_method;
> ++ DSO_free;
> ++ DSO_flags;
> ++ DSO_up;
> ++ DSO_set_default_method;
> ++ DSO_get_default_method;
> ++ DSO_get_method;
> ++ DSO_set_method;
> ++ DSO_load;
> ++ DSO_bind_var;
> ++ DSO_METHOD_null;
> ++ DSO_METHOD_openssl;
> ++ DSO_METHOD_dlfcn;
> ++ DSO_METHOD_win32;
> ++ ERR_load_DSO_strings;
> ++ DSO_METHOD_dl;
> ++ NCONF_load;
> ++ NCONF_load_fp;
> ++ NCONF_new;
> ++ NCONF_get_string;
> ++ NCONF_free;
> ++ NCONF_get_number;
> ++ CONF_dump_fp;
> ++ NCONF_load_bio;
> ++ NCONF_dump_fp;
> ++ NCONF_get_section;
> ++ NCONF_dump_bio;
> ++ CONF_dump_bio;
> ++ NCONF_free_data;
> ++ CONF_set_default_method;
> ++ ERR_error_string_n;
> ++ BIO_snprintf;
> ++ DSO_ctrl;
> ++ i2d_ASN1_SET_OF_ASN1_INTEGER;
> ++ i2d_ASN1_SET_OF_PKCS12_SAFEBAG;
> ++ i2d_ASN1_SET_OF_PKCS7;
> ++ BIO_vfree;
> ++ d2i_ASN1_SET_OF_ASN1_INTEGER;
> ++ d2i_ASN1_SET_OF_PKCS12_SAFEBAG;
> ++ ASN1_UTCTIME_get;
> ++ X509_REQ_digest;
> ++ X509_CRL_digest;
> ++ d2i_ASN1_SET_OF_PKCS7;
> ++ EVP_CIPHER_CTX_set_key_length;
> ++ EVP_CIPHER_CTX_ctrl;
> ++ BN_mod_exp_mont_word;
> ++ RAND_egd_bytes;
> ++ X509_REQ_get1_email;
> ++ X509_get1_email;
> ++ X509_email_free;
> ++ i2d_RSA_NET;
> ++ d2i_RSA_NET_2;
> ++ d2i_RSA_NET;
> ++ DSO_bind_func;
> ++ CRYPTO_get_new_dynlockid;
> ++ sk_new_null;
> ++ CRYPTO_set_dynlock_destroy_callback;
> ++ CRYPTO_set_dynlock_destroy_cb;
> ++ CRYPTO_destroy_dynlockid;
> ++ CRYPTO_set_dynlock_size;
> ++ CRYPTO_set_dynlock_create_callback;
> ++ CRYPTO_set_dynlock_create_cb;
> ++ CRYPTO_set_dynlock_lock_callback;
> ++ CRYPTO_set_dynlock_lock_cb;
> ++ CRYPTO_get_dynlock_lock_callback;
> ++ CRYPTO_get_dynlock_lock_cb;
> ++ CRYPTO_get_dynlock_destroy_callback;
> ++ CRYPTO_get_dynlock_destroy_cb;
> ++ CRYPTO_get_dynlock_value;
> ++ CRYPTO_get_dynlock_create_callback;
> ++ CRYPTO_get_dynlock_create_cb;
> ++ c2i_ASN1_BIT_STRING;
> ++ i2c_ASN1_BIT_STRING;
> ++ RAND_poll;
> ++ c2i_ASN1_INTEGER;
> ++ i2c_ASN1_INTEGER;
> ++ BIO_dump_indent;
> ++ ASN1_parse_dump;
> ++ c2i_ASN1_OBJECT;
> ++ X509_NAME_print_ex_fp;
> ++ ASN1_STRING_print_ex_fp;
> ++ X509_NAME_print_ex;
> ++ ASN1_STRING_print_ex;
> ++ MD4;
> ++ MD4_Transform;
> ++ MD4_Final;
> ++ MD4_Update;
> ++ MD4_Init;
> ++ EVP_md4;
> ++ i2d_PUBKEY_bio;
> ++ i2d_PUBKEY_fp;
> ++ d2i_PUBKEY_bio;
> ++ ASN1_STRING_to_UTF8;
> ++ BIO_vprintf;
> ++ BIO_vsnprintf;
> ++ d2i_PUBKEY_fp;
> ++ X509_cmp_time;
> ++ X509_STORE_CTX_set_time;
> ++ X509_STORE_CTX_get1_issuer;
> ++ X509_OBJECT_retrieve_match;
> ++ X509_OBJECT_idx_by_subject;
> ++ X509_STORE_CTX_set_flags;
> ++ X509_STORE_CTX_trusted_stack;
> ++ X509_time_adj;
> ++ X509_check_issued;
> ++ ASN1_UTCTIME_cmp_time_t;
> ++ DES_set_weak_key_flag;
> ++ DES_check_key;
> ++ DES_rw_mode;
> ++ RSA_PKCS1_RSAref;
> ++ X509_keyid_set1;
> ++ BIO_next;
> ++ DSO_METHOD_vms;
> ++ BIO_f_linebuffer;
> ++ BN_bntest_rand;
> ++ OPENSSL_issetugid;
> ++ BN_rand_range;
> ++ ERR_load_ENGINE_strings;
> ++ ENGINE_set_DSA;
> ++ ENGINE_get_finish_function;
> ++ ENGINE_get_default_RSA;
> ++ ENGINE_get_BN_mod_exp;
> ++ DSA_get_default_openssl_method;
> ++ ENGINE_set_DH;
> ++ ENGINE_set_def_BN_mod_exp_crt;
> ++ ENGINE_set_default_BN_mod_exp_crt;
> ++ ENGINE_init;
> ++ DH_get_default_openssl_method;
> ++ RSA_set_default_openssl_method;
> ++ ENGINE_finish;
> ++ ENGINE_load_public_key;
> ++ ENGINE_get_DH;
> ++ ENGINE_ctrl;
> ++ ENGINE_get_init_function;
> ++ ENGINE_set_init_function;
> ++ ENGINE_set_default_DSA;
> ++ ENGINE_get_name;
> ++ ENGINE_get_last;
> ++ ENGINE_get_prev;
> ++ ENGINE_get_default_DH;
> ++ ENGINE_get_RSA;
> ++ ENGINE_set_default;
> ++ ENGINE_get_RAND;
> ++ ENGINE_get_first;
> ++ ENGINE_by_id;
> ++ ENGINE_set_finish_function;
> ++ ENGINE_get_def_BN_mod_exp_crt;
> ++ ENGINE_get_default_BN_mod_exp_crt;
> ++ RSA_get_default_openssl_method;
> ++ ENGINE_set_RSA;
> ++ ENGINE_load_private_key;
> ++ ENGINE_set_default_RAND;
> ++ ENGINE_set_BN_mod_exp;
> ++ ENGINE_remove;
> ++ ENGINE_free;
> ++ ENGINE_get_BN_mod_exp_crt;
> ++ ENGINE_get_next;
> ++ ENGINE_set_name;
> ++ ENGINE_get_default_DSA;
> ++ ENGINE_set_default_BN_mod_exp;
> ++ ENGINE_set_default_RSA;
> ++ ENGINE_get_default_RAND;
> ++ ENGINE_get_default_BN_mod_exp;
> ++ ENGINE_set_RAND;
> ++ ENGINE_set_id;
> ++ ENGINE_set_BN_mod_exp_crt;
> ++ ENGINE_set_default_DH;
> ++ ENGINE_new;
> ++ ENGINE_get_id;
> ++ DSA_set_default_openssl_method;
> ++ ENGINE_add;
> ++ DH_set_default_openssl_method;
> ++ ENGINE_get_DSA;
> ++ ENGINE_get_ctrl_function;
> ++ ENGINE_set_ctrl_function;
> ++ BN_pseudo_rand_range;
> ++ X509_STORE_CTX_set_verify_cb;
> ++ ERR_load_COMP_strings;
> ++ PKCS12_item_decrypt_d2i;
> ++ ASN1_UTF8STRING_it;
> ++ ENGINE_unregister_ciphers;
> ++ ENGINE_get_ciphers;
> ++ d2i_OCSP_BASICRESP;
> ++ KRB5_CHECKSUM_it;
> ++ EC_POINT_add;
> ++ ASN1_item_ex_i2d;
> ++ OCSP_CERTID_it;
> ++ d2i_OCSP_RESPBYTES;
> ++ X509V3_add1_i2d;
> ++ PKCS7_ENVELOPE_it;
> ++ UI_add_input_boolean;
> ++ ENGINE_unregister_RSA;
> ++ X509V3_EXT_nconf;
> ++ ASN1_GENERALSTRING_free;
> ++ d2i_OCSP_CERTSTATUS;
> ++ X509_REVOKED_set_serialNumber;
> ++ X509_print_ex;
> ++ OCSP_ONEREQ_get1_ext_d2i;
> ++ ENGINE_register_all_RAND;
> ++ ENGINE_load_dynamic;
> ++ PBKDF2PARAM_it;
> ++ EXTENDED_KEY_USAGE_new;
> ++ EC_GROUP_clear_free;
> ++ OCSP_sendreq_bio;
> ++ ASN1_item_digest;
> ++ OCSP_BASICRESP_delete_ext;
> ++ OCSP_SIGNATURE_it;
> ++ X509_CRL_it;
> ++ OCSP_BASICRESP_add_ext;
> ++ KRB5_ENCKEY_it;
> ++ UI_method_set_closer;
> ++ X509_STORE_set_purpose;
> ++ i2d_ASN1_GENERALSTRING;
> ++ OCSP_response_status;
> ++ i2d_OCSP_SERVICELOC;
> ++ ENGINE_get_digest_engine;
> ++ EC_GROUP_set_curve_GFp;
> ++ OCSP_REQUEST_get_ext_by_OBJ;
> ++ _ossl_old_des_random_key;
> ++ ASN1_T61STRING_it;
> ++ EC_GROUP_method_of;
> ++ i2d_KRB5_APREQ;
> ++ _ossl_old_des_encrypt;
> ++ ASN1_PRINTABLE_new;
> ++ HMAC_Init_ex;
> ++ d2i_KRB5_AUTHENT;
> ++ OCSP_archive_cutoff_new;
> ++ EC_POINT_set_Jprojective_coordinates_GFp;
> ++ EC_POINT_set_Jproj_coords_GFp;
> ++ _ossl_old_des_is_weak_key;
> ++ OCSP_BASICRESP_get_ext_by_OBJ;
> ++ EC_POINT_oct2point;
> ++ OCSP_SINGLERESP_get_ext_count;
> ++ UI_ctrl;
> ++ _shadow_DES_rw_mode;
> ++ asn1_do_adb;
> ++ ASN1_template_i2d;
> ++ ENGINE_register_DH;
> ++ UI_construct_prompt;
> ++ X509_STORE_set_trust;
> ++ UI_dup_input_string;
> ++ d2i_KRB5_APREQ;
> ++ EVP_MD_CTX_copy_ex;
> ++ OCSP_request_is_signed;
> ++ i2d_OCSP_REQINFO;
> ++ KRB5_ENCKEY_free;
> ++ OCSP_resp_get0;
> ++ GENERAL_NAME_it;
> ++ ASN1_GENERALIZEDTIME_it;
> ++ X509_STORE_set_flags;
> ++ EC_POINT_set_compressed_coordinates_GFp;
> ++ EC_POINT_set_compr_coords_GFp;
> ++ OCSP_response_status_str;
> ++ d2i_OCSP_REVOKEDINFO;
> ++ OCSP_basic_add1_cert;
> ++ ERR_get_implementation;
> ++ EVP_CipherFinal_ex;
> ++ OCSP_CERTSTATUS_new;
> ++ CRYPTO_cleanup_all_ex_data;
> ++ OCSP_resp_find;
> ++ BN_nnmod;
> ++ X509_CRL_sort;
> ++ X509_REVOKED_set_revocationDate;
> ++ ENGINE_register_RAND;
> ++ OCSP_SERVICELOC_new;
> ++ EC_POINT_set_affine_coordinates_GFp;
> ++ EC_POINT_set_affine_coords_GFp;
> ++ _ossl_old_des_options;
> ++ SXNET_it;
> ++ UI_dup_input_boolean;
> ++ PKCS12_add_CSPName_asc;
> ++ EC_POINT_is_at_infinity;
> ++ ENGINE_load_cryptodev;
> ++ DSO_convert_filename;
> ++ POLICYQUALINFO_it;
> ++ ENGINE_register_ciphers;
> ++ BN_mod_lshift_quick;
> ++ DSO_set_filename;
> ++ ASN1_item_free;
> ++ KRB5_TKTBODY_free;
> ++ AUTHORITY_KEYID_it;
> ++ KRB5_APREQBODY_new;
> ++ X509V3_EXT_REQ_add_nconf;
> ++ ENGINE_ctrl_cmd_string;
> ++ i2d_OCSP_RESPDATA;
> ++ EVP_MD_CTX_init;
> ++ EXTENDED_KEY_USAGE_free;
> ++ PKCS7_ATTR_SIGN_it;
> ++ UI_add_error_string;
> ++ KRB5_CHECKSUM_free;
> ++ OCSP_REQUEST_get_ext;
> ++ ENGINE_load_ubsec;
> ++ ENGINE_register_all_digests;
> ++ PKEY_USAGE_PERIOD_it;
> ++ PKCS12_unpack_authsafes;
> ++ ASN1_item_unpack;
> ++ NETSCAPE_SPKAC_it;
> ++ X509_REVOKED_it;
> ++ ASN1_STRING_encode;
> ++ EVP_aes_128_ecb;
> ++ KRB5_AUTHENT_free;
> ++ OCSP_BASICRESP_get_ext_by_critical;
> ++ OCSP_BASICRESP_get_ext_by_crit;
> ++ OCSP_cert_status_str;
> ++ d2i_OCSP_REQUEST;
> ++ UI_dup_info_string;
> ++ _ossl_old_des_xwhite_in2out;
> ++ PKCS12_it;
> ++ OCSP_SINGLERESP_get_ext_by_critical;
> ++ OCSP_SINGLERESP_get_ext_by_crit;
> ++ OCSP_CERTSTATUS_free;
> ++ _ossl_old_des_crypt;
> ++ ASN1_item_i2d;
> ++ EVP_DecryptFinal_ex;
> ++ ENGINE_load_openssl;
> ++ ENGINE_get_cmd_defns;
> ++ ENGINE_set_load_privkey_function;
> ++ ENGINE_set_load_privkey_fn;
> ++ EVP_EncryptFinal_ex;
> ++ ENGINE_set_default_digests;
> ++ X509_get0_pubkey_bitstr;
> ++ asn1_ex_i2c;
> ++ ENGINE_register_RSA;
> ++ ENGINE_unregister_DSA;
> ++ _ossl_old_des_key_sched;
> ++ X509_EXTENSION_it;
> ++ i2d_KRB5_AUTHENT;
> ++ SXNETID_it;
> ++ d2i_OCSP_SINGLERESP;
> ++ EDIPARTYNAME_new;
> ++ PKCS12_certbag2x509;
> ++ _ossl_old_des_ofb64_encrypt;
> ++ d2i_EXTENDED_KEY_USAGE;
> ++ ERR_print_errors_cb;
> ++ ENGINE_set_ciphers;
> ++ d2i_KRB5_APREQBODY;
> ++ UI_method_get_flusher;
> ++ X509_PUBKEY_it;
> ++ _ossl_old_des_enc_read;
> ++ PKCS7_ENCRYPT_it;
> ++ i2d_OCSP_RESPONSE;
> ++ EC_GROUP_get_cofactor;
> ++ PKCS12_unpack_p7data;
> ++ d2i_KRB5_AUTHDATA;
> ++ OCSP_copy_nonce;
> ++ KRB5_AUTHDATA_new;
> ++ OCSP_RESPDATA_new;
> ++ EC_GFp_mont_method;
> ++ OCSP_REVOKEDINFO_free;
> ++ UI_get_ex_data;
> ++ KRB5_APREQBODY_free;
> ++ EC_GROUP_get0_generator;
> ++ UI_get_default_method;
> ++ X509V3_set_nconf;
> ++ PKCS12_item_i2d_encrypt;
> ++ X509_add1_ext_i2d;
> ++ PKCS7_SIGNER_INFO_it;
> ++ KRB5_PRINCNAME_new;
> ++ PKCS12_SAFEBAG_it;
> ++ EC_GROUP_get_order;
> ++ d2i_OCSP_RESPID;
> ++ OCSP_request_verify;
> ++ NCONF_get_number_e;
> ++ _ossl_old_des_decrypt3;
> ++ X509_signature_print;
> ++ OCSP_SINGLERESP_free;
> ++ ENGINE_load_builtin_engines;
> ++ i2d_OCSP_ONEREQ;
> ++ OCSP_REQUEST_add_ext;
> ++ OCSP_RESPBYTES_new;
> ++ EVP_MD_CTX_create;
> ++ OCSP_resp_find_status;
> ++ X509_ALGOR_it;
> ++ ASN1_TIME_it;
> ++ OCSP_request_set1_name;
> ++ OCSP_ONEREQ_get_ext_count;
> ++ UI_get0_result;
> ++ PKCS12_AUTHSAFES_it;
> ++ EVP_aes_256_ecb;
> ++ PKCS12_pack_authsafes;
> ++ ASN1_IA5STRING_it;
> ++ UI_get_input_flags;
> ++ EC_GROUP_set_generator;
> ++ _ossl_old_des_string_to_2keys;
> ++ OCSP_CERTID_free;
> ++ X509_CERT_AUX_it;
> ++ CERTIFICATEPOLICIES_it;
> ++ _ossl_old_des_ede3_cbc_encrypt;
> ++ RAND_set_rand_engine;
> ++ DSO_get_loaded_filename;
> ++ X509_ATTRIBUTE_it;
> ++ OCSP_ONEREQ_get_ext_by_NID;
> ++ PKCS12_decrypt_skey;
> ++ KRB5_AUTHENT_it;
> ++ UI_dup_error_string;
> ++ RSAPublicKey_it;
> ++ i2d_OCSP_REQUEST;
> ++ PKCS12_x509crl2certbag;
> ++ OCSP_SERVICELOC_it;
> ++ ASN1_item_sign;
> ++ X509_CRL_set_issuer_name;
> ++ OBJ_NAME_do_all_sorted;
> ++ i2d_OCSP_BASICRESP;
> ++ i2d_OCSP_RESPBYTES;
> ++ PKCS12_unpack_p7encdata;
> ++ HMAC_CTX_init;
> ++ ENGINE_get_digest;
> ++ OCSP_RESPONSE_print;
> ++ KRB5_TKTBODY_it;
> ++ ACCESS_DESCRIPTION_it;
> ++ PKCS7_ISSUER_AND_SERIAL_it;
> ++ PBE2PARAM_it;
> ++ PKCS12_certbag2x509crl;
> ++ PKCS7_SIGNED_it;
> ++ ENGINE_get_cipher;
> ++ i2d_OCSP_CRLID;
> ++ OCSP_SINGLERESP_new;
> ++ ENGINE_cmd_is_executable;
> ++ RSA_up_ref;
> ++ ASN1_GENERALSTRING_it;
> ++ ENGINE_register_DSA;
> ++ X509V3_EXT_add_nconf_sk;
> ++ ENGINE_set_load_pubkey_function;
> ++ PKCS8_decrypt;
> ++ PEM_bytes_read_bio;
> ++ DIRECTORYSTRING_it;
> ++ d2i_OCSP_CRLID;
> ++ EC_POINT_is_on_curve;
> ++ CRYPTO_set_locked_mem_ex_functions;
> ++ CRYPTO_set_locked_mem_ex_funcs;
> ++ d2i_KRB5_CHECKSUM;
> ++ ASN1_item_dup;
> ++ X509_it;
> ++ BN_mod_add;
> ++ KRB5_AUTHDATA_free;
> ++ _ossl_old_des_cbc_cksum;
> ++ ASN1_item_verify;
> ++ CRYPTO_set_mem_ex_functions;
> ++ EC_POINT_get_Jprojective_coordinates_GFp;
> ++ EC_POINT_get_Jproj_coords_GFp;
> ++ ZLONG_it;
> ++ CRYPTO_get_locked_mem_ex_functions;
> ++ CRYPTO_get_locked_mem_ex_funcs;
> ++ ASN1_TIME_check;
> ++ UI_get0_user_data;
> ++ HMAC_CTX_cleanup;
> ++ DSA_up_ref;
> ++ _ossl_old_des_ede3_cfb64_encrypt;
> ++ _ossl_odes_ede3_cfb64_encrypt;
> ++ ASN1_BMPSTRING_it;
> ++ ASN1_tag2bit;
> ++ UI_method_set_flusher;
> ++ X509_ocspid_print;
> ++ KRB5_ENCDATA_it;
> ++ ENGINE_get_load_pubkey_function;
> ++ UI_add_user_data;
> ++ OCSP_REQUEST_delete_ext;
> ++ UI_get_method;
> ++ OCSP_ONEREQ_free;
> ++ ASN1_PRINTABLESTRING_it;
> ++ X509_CRL_set_nextUpdate;
> ++ OCSP_REQUEST_it;
> ++ OCSP_BASICRESP_it;
> ++ AES_ecb_encrypt;
> ++ BN_mod_sqr;
> ++ NETSCAPE_CERT_SEQUENCE_it;
> ++ GENERAL_NAMES_it;
> ++ AUTHORITY_INFO_ACCESS_it;
> ++ ASN1_FBOOLEAN_it;
> ++ UI_set_ex_data;
> ++ _ossl_old_des_string_to_key;
> ++ ENGINE_register_all_RSA;
> ++ d2i_KRB5_PRINCNAME;
> ++ OCSP_RESPBYTES_it;
> ++ X509_CINF_it;
> ++ ENGINE_unregister_digests;
> ++ d2i_EDIPARTYNAME;
> ++ d2i_OCSP_SERVICELOC;
> ++ ENGINE_get_digests;
> ++ _ossl_old_des_set_odd_parity;
> ++ OCSP_RESPDATA_free;
> ++ d2i_KRB5_TICKET;
> ++ OTHERNAME_it;
> ++ EVP_MD_CTX_cleanup;
> ++ d2i_ASN1_GENERALSTRING;
> ++ X509_CRL_set_version;
> ++ BN_mod_sub;
> ++ OCSP_SINGLERESP_get_ext_by_NID;
> ++ ENGINE_get_ex_new_index;
> ++ OCSP_REQUEST_free;
> ++ OCSP_REQUEST_add1_ext_i2d;
> ++ X509_VAL_it;
> ++ EC_POINTs_make_affine;
> ++ EC_POINT_mul;
> ++ X509V3_EXT_add_nconf;
> ++ X509_TRUST_set;
> ++ X509_CRL_add1_ext_i2d;
> ++ _ossl_old_des_fcrypt;
> ++ DISPLAYTEXT_it;
> ++ X509_CRL_set_lastUpdate;
> ++ OCSP_BASICRESP_free;
> ++ OCSP_BASICRESP_add1_ext_i2d;
> ++ d2i_KRB5_AUTHENTBODY;
> ++ CRYPTO_set_ex_data_implementation;
> ++ CRYPTO_set_ex_data_impl;
> ++ KRB5_ENCDATA_new;
> ++ DSO_up_ref;
> ++ OCSP_crl_reason_str;
> ++ UI_get0_result_string;
> ++ ASN1_GENERALSTRING_new;
> ++ X509_SIG_it;
> ++ ERR_set_implementation;
> ++ ERR_load_EC_strings;
> ++ UI_get0_action_string;
> ++ OCSP_ONEREQ_get_ext;
> ++ EC_POINT_method_of;
> ++ i2d_KRB5_APREQBODY;
> ++ _ossl_old_des_ecb3_encrypt;
> ++ CRYPTO_get_mem_ex_functions;
> ++ ENGINE_get_ex_data;
> ++ UI_destroy_method;
> ++ ASN1_item_i2d_bio;
> ++ OCSP_ONEREQ_get_ext_by_OBJ;
> ++ ASN1_primitive_new;
> ++ ASN1_PRINTABLE_it;
> ++ EVP_aes_192_ecb;
> ++ OCSP_SIGNATURE_new;
> ++ LONG_it;
> ++ ASN1_VISIBLESTRING_it;
> ++ OCSP_SINGLERESP_add1_ext_i2d;
> ++ d2i_OCSP_CERTID;
> ++ ASN1_item_d2i_fp;
> ++ CRL_DIST_POINTS_it;
> ++ GENERAL_NAME_print;
> ++ OCSP_SINGLERESP_delete_ext;
> ++ PKCS12_SAFEBAGS_it;
> ++ d2i_OCSP_SIGNATURE;
> ++ OCSP_request_add1_nonce;
> ++ ENGINE_set_cmd_defns;
> ++ OCSP_SERVICELOC_free;
> ++ EC_GROUP_free;
> ++ ASN1_BIT_STRING_it;
> ++ X509_REQ_it;
> ++ _ossl_old_des_cbc_encrypt;
> ++ ERR_unload_strings;
> ++ PKCS7_SIGN_ENVELOPE_it;
> ++ EDIPARTYNAME_free;
> ++ OCSP_REQINFO_free;
> ++ EC_GROUP_new_curve_GFp;
> ++ OCSP_REQUEST_get1_ext_d2i;
> ++ PKCS12_item_pack_safebag;
> ++ asn1_ex_c2i;
> ++ ENGINE_register_digests;
> ++ i2d_OCSP_REVOKEDINFO;
> ++ asn1_enc_restore;
> ++ UI_free;
> ++ UI_new_method;
> ++ EVP_EncryptInit_ex;
> ++ X509_pubkey_digest;
> ++ EC_POINT_invert;
> ++ OCSP_basic_sign;
> ++ i2d_OCSP_RESPID;
> ++ OCSP_check_nonce;
> ++ ENGINE_ctrl_cmd;
> ++ d2i_KRB5_ENCKEY;
> ++ OCSP_parse_url;
> ++ OCSP_SINGLERESP_get_ext;
> ++ OCSP_CRLID_free;
> ++ OCSP_BASICRESP_get1_ext_d2i;
> ++ RSAPrivateKey_it;
> ++ ENGINE_register_all_DH;
> ++ i2d_EDIPARTYNAME;
> ++ EC_POINT_get_affine_coordinates_GFp;
> ++ EC_POINT_get_affine_coords_GFp;
> ++ OCSP_CRLID_new;
> ++ ENGINE_get_flags;
> ++ OCSP_ONEREQ_it;
> ++ UI_process;
> ++ ASN1_INTEGER_it;
> ++ EVP_CipherInit_ex;
> ++ UI_get_string_type;
> ++ ENGINE_unregister_DH;
> ++ ENGINE_register_all_DSA;
> ++ OCSP_ONEREQ_get_ext_by_critical;
> ++ bn_dup_expand;
> ++ OCSP_cert_id_new;
> ++ BASIC_CONSTRAINTS_it;
> ++ BN_mod_add_quick;
> ++ EC_POINT_new;
> ++ EVP_MD_CTX_destroy;
> ++ OCSP_RESPBYTES_free;
> ++ EVP_aes_128_cbc;
> ++ OCSP_SINGLERESP_get1_ext_d2i;
> ++ EC_POINT_free;
> ++ DH_up_ref;
> ++ X509_NAME_ENTRY_it;
> ++ UI_get_ex_new_index;
> ++ BN_mod_sub_quick;
> ++ OCSP_ONEREQ_add_ext;
> ++ OCSP_request_sign;
> ++ EVP_DigestFinal_ex;
> ++ ENGINE_set_digests;
> ++ OCSP_id_issuer_cmp;
> ++ OBJ_NAME_do_all;
> ++ EC_POINTs_mul;
> ++ ENGINE_register_complete;
> ++ X509V3_EXT_nconf_nid;
> ++ ASN1_SEQUENCE_it;
> ++ UI_set_default_method;
> ++ RAND_query_egd_bytes;
> ++ UI_method_get_writer;
> ++ UI_OpenSSL;
> ++ PEM_def_callback;
> ++ ENGINE_cleanup;
> ++ DIST_POINT_it;
> ++ OCSP_SINGLERESP_it;
> ++ d2i_KRB5_TKTBODY;
> ++ EC_POINT_cmp;
> ++ OCSP_REVOKEDINFO_new;
> ++ i2d_OCSP_CERTSTATUS;
> ++ OCSP_basic_add1_nonce;
> ++ ASN1_item_ex_d2i;
> ++ BN_mod_lshift1_quick;
> ++ UI_set_method;
> ++ OCSP_id_get0_info;
> ++ BN_mod_sqrt;
> ++ EC_GROUP_copy;
> ++ KRB5_ENCDATA_free;
> ++ _ossl_old_des_cfb_encrypt;
> ++ OCSP_SINGLERESP_get_ext_by_OBJ;
> ++ OCSP_cert_to_id;
> ++ OCSP_RESPID_new;
> ++ OCSP_RESPDATA_it;
> ++ d2i_OCSP_RESPDATA;
> ++ ENGINE_register_all_complete;
> ++ OCSP_check_validity;
> ++ PKCS12_BAGS_it;
> ++ OCSP_url_svcloc_new;
> ++ ASN1_template_free;
> ++ OCSP_SINGLERESP_add_ext;
> ++ KRB5_AUTHENTBODY_it;
> ++ X509_supported_extension;
> ++ i2d_KRB5_AUTHDATA;
> ++ UI_method_get_opener;
> ++ ENGINE_set_ex_data;
> ++ OCSP_REQUEST_print;
> ++ CBIGNUM_it;
> ++ KRB5_TICKET_new;
> ++ KRB5_APREQ_new;
> ++ EC_GROUP_get_curve_GFp;
> ++ KRB5_ENCKEY_new;
> ++ ASN1_template_d2i;
> ++ _ossl_old_des_quad_cksum;
> ++ OCSP_single_get0_status;
> ++ BN_swap;
> ++ POLICYINFO_it;
> ++ ENGINE_set_destroy_function;
> ++ asn1_enc_free;
> ++ OCSP_RESPID_it;
> ++ EC_GROUP_new;
> ++ EVP_aes_256_cbc;
> ++ i2d_KRB5_PRINCNAME;
> ++ _ossl_old_des_encrypt2;
> ++ _ossl_old_des_encrypt3;
> ++ PKCS8_PRIV_KEY_INFO_it;
> ++ OCSP_REQINFO_it;
> ++ PBEPARAM_it;
> ++ KRB5_AUTHENTBODY_new;
> ++ X509_CRL_add0_revoked;
> ++ EDIPARTYNAME_it;
> ++ NETSCAPE_SPKI_it;
> ++ UI_get0_test_string;
> ++ ENGINE_get_cipher_engine;
> ++ ENGINE_register_all_ciphers;
> ++ EC_POINT_copy;
> ++ BN_kronecker;
> ++ _ossl_old_des_ede3_ofb64_encrypt;
> ++ _ossl_odes_ede3_ofb64_encrypt;
> ++ UI_method_get_reader;
> ++ OCSP_BASICRESP_get_ext_count;
> ++ ASN1_ENUMERATED_it;
> ++ UI_set_result;
> ++ i2d_KRB5_TICKET;
> ++ X509_print_ex_fp;
> ++ EVP_CIPHER_CTX_set_padding;
> ++ d2i_OCSP_RESPONSE;
> ++ ASN1_UTCTIME_it;
> ++ _ossl_old_des_enc_write;
> ++ OCSP_RESPONSE_new;
> ++ AES_set_encrypt_key;
> ++ OCSP_resp_count;
> ++ KRB5_CHECKSUM_new;
> ++ ENGINE_load_cswift;
> ++ OCSP_onereq_get0_id;
> ++ ENGINE_set_default_ciphers;
> ++ NOTICEREF_it;
> ++ X509V3_EXT_CRL_add_nconf;
> ++ OCSP_REVOKEDINFO_it;
> ++ AES_encrypt;
> ++ OCSP_REQUEST_new;
> ++ ASN1_ANY_it;
> ++ CRYPTO_ex_data_new_class;
> ++ _ossl_old_des_ncbc_encrypt;
> ++ i2d_KRB5_TKTBODY;
> ++ EC_POINT_clear_free;
> ++ AES_decrypt;
> ++ asn1_enc_init;
> ++ UI_get_result_maxsize;
> ++ OCSP_CERTID_new;
> ++ ENGINE_unregister_RAND;
> ++ UI_method_get_closer;
> ++ d2i_KRB5_ENCDATA;
> ++ OCSP_request_onereq_count;
> ++ OCSP_basic_verify;
> ++ KRB5_AUTHENTBODY_free;
> ++ ASN1_item_d2i;
> ++ ASN1_primitive_free;
> ++ i2d_EXTENDED_KEY_USAGE;
> ++ i2d_OCSP_SIGNATURE;
> ++ asn1_enc_save;
> ++ ENGINE_load_nuron;
> ++ _ossl_old_des_pcbc_encrypt;
> ++ PKCS12_MAC_DATA_it;
> ++ OCSP_accept_responses_new;
> ++ asn1_do_lock;
> ++ PKCS7_ATTR_VERIFY_it;
> ++ KRB5_APREQBODY_it;
> ++ i2d_OCSP_SINGLERESP;
> ++ ASN1_item_ex_new;
> ++ UI_add_verify_string;
> ++ _ossl_old_des_set_key;
> ++ KRB5_PRINCNAME_it;
> ++ EVP_DecryptInit_ex;
> ++ i2d_OCSP_CERTID;
> ++ ASN1_item_d2i_bio;
> ++ EC_POINT_dbl;
> ++ asn1_get_choice_selector;
> ++ i2d_KRB5_CHECKSUM;
> ++ ENGINE_set_table_flags;
> ++ AES_options;
> ++ ENGINE_load_chil;
> ++ OCSP_id_cmp;
> ++ OCSP_BASICRESP_new;
> ++ OCSP_REQUEST_get_ext_by_NID;
> ++ KRB5_APREQ_it;
> ++ ENGINE_get_destroy_function;
> ++ CONF_set_nconf;
> ++ ASN1_PRINTABLE_free;
> ++ OCSP_BASICRESP_get_ext_by_NID;
> ++ DIST_POINT_NAME_it;
> ++ X509V3_extensions_print;
> ++ _ossl_old_des_cfb64_encrypt;
> ++ X509_REVOKED_add1_ext_i2d;
> ++ _ossl_old_des_ofb_encrypt;
> ++ KRB5_TKTBODY_new;
> ++ ASN1_OCTET_STRING_it;
> ++ ERR_load_UI_strings;
> ++ i2d_KRB5_ENCKEY;
> ++ ASN1_template_new;
> ++ OCSP_SIGNATURE_free;
> ++ ASN1_item_i2d_fp;
> ++ KRB5_PRINCNAME_free;
> ++ PKCS7_RECIP_INFO_it;
> ++ EXTENDED_KEY_USAGE_it;
> ++ EC_GFp_simple_method;
> ++ EC_GROUP_precompute_mult;
> ++ OCSP_request_onereq_get0;
> ++ UI_method_set_writer;
> ++ KRB5_AUTHENT_new;
> ++ X509_CRL_INFO_it;
> ++ DSO_set_name_converter;
> ++ AES_set_decrypt_key;
> ++ PKCS7_DIGEST_it;
> ++ PKCS12_x5092certbag;
> ++ EVP_DigestInit_ex;
> ++ i2a_ACCESS_DESCRIPTION;
> ++ OCSP_RESPONSE_it;
> ++ PKCS7_ENC_CONTENT_it;
> ++ OCSP_request_add0_id;
> ++ EC_POINT_make_affine;
> ++ DSO_get_filename;
> ++ OCSP_CERTSTATUS_it;
> ++ OCSP_request_add1_cert;
> ++ UI_get0_output_string;
> ++ UI_dup_verify_string;
> ++ BN_mod_lshift;
> ++ KRB5_AUTHDATA_it;
> ++ asn1_set_choice_selector;
> ++ OCSP_basic_add1_status;
> ++ OCSP_RESPID_free;
> ++ asn1_get_field_ptr;
> ++ UI_add_input_string;
> ++ OCSP_CRLID_it;
> ++ i2d_KRB5_AUTHENTBODY;
> ++ OCSP_REQUEST_get_ext_count;
> ++ ENGINE_load_atalla;
> ++ X509_NAME_it;
> ++ USERNOTICE_it;
> ++ OCSP_REQINFO_new;
> ++ OCSP_BASICRESP_get_ext;
> ++ CRYPTO_get_ex_data_implementation;
> ++ CRYPTO_get_ex_data_impl;
> ++ ASN1_item_pack;
> ++ i2d_KRB5_ENCDATA;
> ++ X509_PURPOSE_set;
> ++ X509_REQ_INFO_it;
> ++ UI_method_set_opener;
> ++ ASN1_item_ex_free;
> ++ ASN1_BOOLEAN_it;
> ++ ENGINE_get_table_flags;
> ++ UI_create_method;
> ++ OCSP_ONEREQ_add1_ext_i2d;
> ++ _shadow_DES_check_key;
> ++ d2i_OCSP_REQINFO;
> ++ UI_add_info_string;
> ++ UI_get_result_minsize;
> ++ ASN1_NULL_it;
> ++ BN_mod_lshift1;
> ++ d2i_OCSP_ONEREQ;
> ++ OCSP_ONEREQ_new;
> ++ KRB5_TICKET_it;
> ++ EVP_aes_192_cbc;
> ++ KRB5_TICKET_free;
> ++ UI_new;
> ++ OCSP_response_create;
> ++ _ossl_old_des_xcbc_encrypt;
> ++ PKCS7_it;
> ++ OCSP_REQUEST_get_ext_by_critical;
> ++ OCSP_REQUEST_get_ext_by_crit;
> ++ ENGINE_set_flags;
> ++ _ossl_old_des_ecb_encrypt;
> ++ OCSP_response_get1_basic;
> ++ EVP_Digest;
> ++ OCSP_ONEREQ_delete_ext;
> ++ ASN1_TBOOLEAN_it;
> ++ ASN1_item_new;
> ++ ASN1_TIME_to_generalizedtime;
> ++ BIGNUM_it;
> ++ AES_cbc_encrypt;
> ++ ENGINE_get_load_privkey_function;
> ++ ENGINE_get_load_privkey_fn;
> ++ OCSP_RESPONSE_free;
> ++ UI_method_set_reader;
> ++ i2d_ASN1_T61STRING;
> ++ EC_POINT_set_to_infinity;
> ++ ERR_load_OCSP_strings;
> ++ EC_POINT_point2oct;
> ++ KRB5_APREQ_free;
> ++ ASN1_OBJECT_it;
> ++ OCSP_crlID_new;
> ++ OCSP_crlID2_new;
> ++ CONF_modules_load_file;
> ++ CONF_imodule_set_usr_data;
> ++ ENGINE_set_default_string;
> ++ CONF_module_get_usr_data;
> ++ ASN1_add_oid_module;
> ++ CONF_modules_finish;
> ++ OPENSSL_config;
> ++ CONF_modules_unload;
> ++ CONF_imodule_get_value;
> ++ CONF_module_set_usr_data;
> ++ CONF_parse_list;
> ++ CONF_module_add;
> ++ CONF_get1_default_config_file;
> ++ CONF_imodule_get_flags;
> ++ CONF_imodule_get_module;
> ++ CONF_modules_load;
> ++ CONF_imodule_get_name;
> ++ ERR_peek_top_error;
> ++ CONF_imodule_get_usr_data;
> ++ CONF_imodule_set_flags;
> ++ ENGINE_add_conf_module;
> ++ ERR_peek_last_error_line;
> ++ ERR_peek_last_error_line_data;
> ++ ERR_peek_last_error;
> ++ DES_read_2passwords;
> ++ DES_read_password;
> ++ UI_UTIL_read_pw;
> ++ UI_UTIL_read_pw_string;
> ++ ENGINE_load_aep;
> ++ ENGINE_load_sureware;
> ++ OPENSSL_add_all_algorithms_noconf;
> ++ OPENSSL_add_all_algo_noconf;
> ++ OPENSSL_add_all_algorithms_conf;
> ++ OPENSSL_add_all_algo_conf;
> ++ OPENSSL_load_builtin_modules;
> ++ AES_ofb128_encrypt;
> ++ AES_ctr128_encrypt;
> ++ AES_cfb128_encrypt;
> ++ ENGINE_load_4758cca;
> ++ _ossl_096_des_random_seed;
> ++ EVP_aes_256_ofb;
> ++ EVP_aes_192_ofb;
> ++ EVP_aes_128_cfb128;
> ++ EVP_aes_256_cfb128;
> ++ EVP_aes_128_ofb;
> ++ EVP_aes_192_cfb128;
> ++ CONF_modules_free;
> ++ NCONF_default;
> ++ OPENSSL_no_config;
> ++ NCONF_WIN32;
> ++ ASN1_UNIVERSALSTRING_new;
> ++ EVP_des_ede_ecb;
> ++ i2d_ASN1_UNIVERSALSTRING;
> ++ ASN1_UNIVERSALSTRING_free;
> ++ ASN1_UNIVERSALSTRING_it;
> ++ d2i_ASN1_UNIVERSALSTRING;
> ++ EVP_des_ede3_ecb;
> ++ X509_REQ_print_ex;
> ++ ENGINE_up_ref;
> ++ BUF_MEM_grow_clean;
> ++ CRYPTO_realloc_clean;
> ++ BUF_strlcat;
> ++ BIO_indent;
> ++ BUF_strlcpy;
> ++ OpenSSLDie;
> ++ OPENSSL_cleanse;
> ++ ENGINE_setup_bsd_cryptodev;
> ++ ERR_release_err_state_table;
> ++ EVP_aes_128_cfb8;
> ++ FIPS_corrupt_rsa;
> ++ FIPS_selftest_des;
> ++ EVP_aes_128_cfb1;
> ++ EVP_aes_192_cfb8;
> ++ FIPS_mode_set;
> ++ FIPS_selftest_dsa;
> ++ EVP_aes_256_cfb8;
> ++ FIPS_allow_md5;
> ++ DES_ede3_cfb_encrypt;
> ++ EVP_des_ede3_cfb8;
> ++ FIPS_rand_seeded;
> ++ AES_cfbr_encrypt_block;
> ++ AES_cfb8_encrypt;
> ++ FIPS_rand_seed;
> ++ FIPS_corrupt_des;
> ++ EVP_aes_192_cfb1;
> ++ FIPS_selftest_aes;
> ++ FIPS_set_prng_key;
> ++ EVP_des_cfb8;
> ++ FIPS_corrupt_dsa;
> ++ FIPS_test_mode;
> ++ FIPS_rand_method;
> ++ EVP_aes_256_cfb1;
> ++ ERR_load_FIPS_strings;
> ++ FIPS_corrupt_aes;
> ++ FIPS_selftest_sha1;
> ++ FIPS_selftest_rsa;
> ++ FIPS_corrupt_sha1;
> ++ EVP_des_cfb1;
> ++ FIPS_dsa_check;
> ++ AES_cfb1_encrypt;
> ++ EVP_des_ede3_cfb1;
> ++ FIPS_rand_check;
> ++ FIPS_md5_allowed;
> ++ FIPS_mode;
> ++ FIPS_selftest_failed;
> ++ sk_is_sorted;
> ++ X509_check_ca;
> ++ HMAC_CTX_set_flags;
> ++ d2i_PROXY_CERT_INFO_EXTENSION;
> ++ PROXY_POLICY_it;
> ++ i2d_PROXY_POLICY;
> ++ i2d_PROXY_CERT_INFO_EXTENSION;
> ++ d2i_PROXY_POLICY;
> ++ PROXY_CERT_INFO_EXTENSION_new;
> ++ PROXY_CERT_INFO_EXTENSION_free;
> ++ PROXY_CERT_INFO_EXTENSION_it;
> ++ PROXY_POLICY_free;
> ++ PROXY_POLICY_new;
> ++ BN_MONT_CTX_set_locked;
> ++ FIPS_selftest_rng;
> ++ EVP_sha384;
> ++ EVP_sha512;
> ++ EVP_sha224;
> ++ EVP_sha256;
> ++ FIPS_selftest_hmac;
> ++ FIPS_corrupt_rng;
> ++ BN_mod_exp_mont_consttime;
> ++ RSA_X931_hash_id;
> ++ RSA_padding_check_X931;
> ++ RSA_verify_PKCS1_PSS;
> ++ RSA_padding_add_X931;
> ++ RSA_padding_add_PKCS1_PSS;
> ++ PKCS1_MGF1;
> ++ BN_X931_generate_Xpq;
> ++ RSA_X931_generate_key;
> ++ BN_X931_derive_prime;
> ++ BN_X931_generate_prime;
> ++ RSA_X931_derive;
> ++ BIO_new_dgram;
> ++ BN_get0_nist_prime_384;
> ++ ERR_set_mark;
> ++ X509_STORE_CTX_set0_crls;
> ++ ENGINE_set_STORE;
> ++ ENGINE_register_ECDSA;
> ++ STORE_meth_set_list_start_fn;
> ++ STORE_method_set_list_start_function;
> ++ BN_BLINDING_invert_ex;
> ++ NAME_CONSTRAINTS_free;
> ++ STORE_ATTR_INFO_set_number;
> ++ BN_BLINDING_get_thread_id;
> ++ X509_STORE_CTX_set0_param;
> ++ POLICY_MAPPING_it;
> ++ STORE_parse_attrs_start;
> ++ POLICY_CONSTRAINTS_free;
> ++ EVP_PKEY_add1_attr_by_NID;
> ++ BN_nist_mod_192;
> ++ EC_GROUP_get_trinomial_basis;
> ++ STORE_set_method;
> ++ GENERAL_SUBTREE_free;
> ++ NAME_CONSTRAINTS_it;
> ++ ECDH_get_default_method;
> ++ PKCS12_add_safe;
> ++ EC_KEY_new_by_curve_name;
> ++ STORE_meth_get_update_store_fn;
> ++ STORE_method_get_update_store_function;
> ++ ENGINE_register_ECDH;
> ++ SHA512_Update;
> ++ i2d_ECPrivateKey;
> ++ BN_get0_nist_prime_192;
> ++ STORE_modify_certificate;
> ++ EC_POINT_set_affine_coordinates_GF2m;
> ++ EC_POINT_set_affine_coords_GF2m;
> ++ BN_GF2m_mod_exp_arr;
> ++ STORE_ATTR_INFO_modify_number;
> ++ X509_keyid_get0;
> ++ ENGINE_load_gmp;
> ++ pitem_new;
> ++ BN_GF2m_mod_mul_arr;
> ++ STORE_list_public_key_endp;
> ++ o2i_ECPublicKey;
> ++ EC_KEY_copy;
> ++ BIO_dump_fp;
> ++ X509_policy_node_get0_parent;
> ++ EC_GROUP_check_discriminant;
> ++ i2o_ECPublicKey;
> ++ EC_KEY_precompute_mult;
> ++ a2i_IPADDRESS;
> ++ STORE_meth_set_initialise_fn;
> ++ STORE_method_set_initialise_function;
> ++ X509_STORE_CTX_set_depth;
> ++ X509_VERIFY_PARAM_inherit;
> ++ EC_POINT_point2bn;
> ++ STORE_ATTR_INFO_set_dn;
> ++ X509_policy_tree_get0_policies;
> ++ EC_GROUP_new_curve_GF2m;
> ++ STORE_destroy_method;
> ++ ENGINE_unregister_STORE;
> ++ EVP_PKEY_get1_EC_KEY;
> ++ STORE_ATTR_INFO_get0_number;
> ++ ENGINE_get_default_ECDH;
> ++ EC_KEY_get_conv_form;
> ++ ASN1_OCTET_STRING_NDEF_it;
> ++ STORE_delete_public_key;
> ++ STORE_get_public_key;
> ++ STORE_modify_arbitrary;
> ++ ENGINE_get_static_state;
> ++ pqueue_iterator;
> ++ ECDSA_SIG_new;
> ++ OPENSSL_DIR_end;
> ++ BN_GF2m_mod_sqr;
> ++ EC_POINT_bn2point;
> ++ X509_VERIFY_PARAM_set_depth;
> ++ EC_KEY_set_asn1_flag;
> ++ STORE_get_method;
> ++ EC_KEY_get_key_method_data;
> ++ ECDSA_sign_ex;
> ++ STORE_parse_attrs_end;
> ++ EC_GROUP_get_point_conversion_form;
> ++ EC_GROUP_get_point_conv_form;
> ++ STORE_method_set_store_function;
> ++ STORE_ATTR_INFO_in;
> ++ PEM_read_bio_ECPKParameters;
> ++ EC_GROUP_get_pentanomial_basis;
> ++ EVP_PKEY_add1_attr_by_txt;
> ++ BN_BLINDING_set_flags;
> ++ X509_VERIFY_PARAM_set1_policies;
> ++ X509_VERIFY_PARAM_set1_name;
> ++ X509_VERIFY_PARAM_set_purpose;
> ++ STORE_get_number;
> ++ ECDSA_sign_setup;
> ++ BN_GF2m_mod_solve_quad_arr;
> ++ EC_KEY_up_ref;
> ++ POLICY_MAPPING_free;
> ++ BN_GF2m_mod_div;
> ++ X509_VERIFY_PARAM_set_flags;
> ++ EC_KEY_free;
> ++ STORE_meth_set_list_next_fn;
> ++ STORE_method_set_list_next_function;
> ++ PEM_write_bio_ECPrivateKey;
> ++ d2i_EC_PUBKEY;
> ++ STORE_meth_get_generate_fn;
> ++ STORE_method_get_generate_function;
> ++ STORE_meth_set_list_end_fn;
> ++ STORE_method_set_list_end_function;
> ++ pqueue_print;
> ++ EC_GROUP_have_precompute_mult;
> ++ EC_KEY_print_fp;
> ++ BN_GF2m_mod_arr;
> ++ PEM_write_bio_X509_CERT_PAIR;
> ++ EVP_PKEY_cmp;
> ++ X509_policy_level_node_count;
> ++ STORE_new_engine;
> ++ STORE_list_public_key_start;
> ++ X509_VERIFY_PARAM_new;
> ++ ECDH_get_ex_data;
> ++ EVP_PKEY_get_attr;
> ++ ECDSA_do_sign;
> ++ ENGINE_unregister_ECDH;
> ++ ECDH_OpenSSL;
> ++ EC_KEY_set_conv_form;
> ++ EC_POINT_dup;
> ++ GENERAL_SUBTREE_new;
> ++ STORE_list_crl_endp;
> ++ EC_get_builtin_curves;
> ++ X509_policy_node_get0_qualifiers;
> ++ X509_pcy_node_get0_qualifiers;
> ++ STORE_list_crl_end;
> ++ EVP_PKEY_set1_EC_KEY;
> ++ BN_GF2m_mod_sqrt_arr;
> ++ i2d_ECPrivateKey_bio;
> ++ ECPKParameters_print_fp;
> ++ pqueue_find;
> ++ ECDSA_SIG_free;
> ++ PEM_write_bio_ECPKParameters;
> ++ STORE_method_set_ctrl_function;
> ++ STORE_list_public_key_end;
> ++ EC_KEY_set_private_key;
> ++ pqueue_peek;
> ++ STORE_get_arbitrary;
> ++ STORE_store_crl;
> ++ X509_policy_node_get0_policy;
> ++ PKCS12_add_safes;
> ++ BN_BLINDING_convert_ex;
> ++ X509_policy_tree_free;
> ++ OPENSSL_ia32cap_loc;
> ++ BN_GF2m_poly2arr;
> ++ STORE_ctrl;
> ++ STORE_ATTR_INFO_compare;
> ++ BN_get0_nist_prime_224;
> ++ i2d_ECParameters;
> ++ i2d_ECPKParameters;
> ++ BN_GENCB_call;
> ++ d2i_ECPKParameters;
> ++ STORE_meth_set_generate_fn;
> ++ STORE_method_set_generate_function;
> ++ ENGINE_set_ECDH;
> ++ NAME_CONSTRAINTS_new;
> ++ SHA256_Init;
> ++ EC_KEY_get0_public_key;
> ++ PEM_write_bio_EC_PUBKEY;
> ++ STORE_ATTR_INFO_set_cstr;
> ++ STORE_list_crl_next;
> ++ STORE_ATTR_INFO_in_range;
> ++ ECParameters_print;
> ++ STORE_meth_set_delete_fn;
> ++ STORE_method_set_delete_function;
> ++ STORE_list_certificate_next;
> ++ ASN1_generate_nconf;
> ++ BUF_memdup;
> ++ BN_GF2m_mod_mul;
> ++ STORE_meth_get_list_next_fn;
> ++ STORE_method_get_list_next_function;
> ++ STORE_ATTR_INFO_get0_dn;
> ++ STORE_list_private_key_next;
> ++ EC_GROUP_set_seed;
> ++ X509_VERIFY_PARAM_set_trust;
> ++ STORE_ATTR_INFO_free;
> ++ STORE_get_private_key;
> ++ EVP_PKEY_get_attr_count;
> ++ STORE_ATTR_INFO_new;
> ++ EC_GROUP_get_curve_GF2m;
> ++ STORE_meth_set_revoke_fn;
> ++ STORE_method_set_revoke_function;
> ++ STORE_store_number;
> ++ BN_is_prime_ex;
> ++ STORE_revoke_public_key;
> ++ X509_STORE_CTX_get0_param;
> ++ STORE_delete_arbitrary;
> ++ PEM_read_X509_CERT_PAIR;
> ++ X509_STORE_set_depth;
> ++ ECDSA_get_ex_data;
> ++ SHA224;
> ++ BIO_dump_indent_fp;
> ++ EC_KEY_set_group;
> ++ BUF_strndup;
> ++ STORE_list_certificate_start;
> ++ BN_GF2m_mod;
> ++ X509_REQ_check_private_key;
> ++ EC_GROUP_get_seed_len;
> ++ ERR_load_STORE_strings;
> ++ PEM_read_bio_EC_PUBKEY;
> ++ STORE_list_private_key_end;
> ++ i2d_EC_PUBKEY;
> ++ ECDSA_get_default_method;
> ++ ASN1_put_eoc;
> ++ X509_STORE_CTX_get_explicit_policy;
> ++ X509_STORE_CTX_get_expl_policy;
> ++ X509_VERIFY_PARAM_table_cleanup;
> ++ STORE_modify_private_key;
> ++ X509_VERIFY_PARAM_free;
> ++ EC_METHOD_get_field_type;
> ++ EC_GFp_nist_method;
> ++ STORE_meth_set_modify_fn;
> ++ STORE_method_set_modify_function;
> ++ STORE_parse_attrs_next;
> ++ ENGINE_load_padlock;
> ++ EC_GROUP_set_curve_name;
> ++ X509_CERT_PAIR_it;
> ++ STORE_meth_get_revoke_fn;
> ++ STORE_method_get_revoke_function;
> ++ STORE_method_set_get_function;
> ++ STORE_modify_number;
> ++ STORE_method_get_store_function;
> ++ STORE_store_private_key;
> ++ BN_GF2m_mod_sqr_arr;
> ++ RSA_setup_blinding;
> ++ BIO_s_datagram;
> ++ STORE_Memory;
> ++ sk_find_ex;
> ++ EC_GROUP_set_curve_GF2m;
> ++ ENGINE_set_default_ECDSA;
> ++ POLICY_CONSTRAINTS_new;
> ++ BN_GF2m_mod_sqrt;
> ++ ECDH_set_default_method;
> ++ EC_KEY_generate_key;
> ++ SHA384_Update;
> ++ BN_GF2m_arr2poly;
> ++ STORE_method_get_get_function;
> ++ STORE_meth_set_cleanup_fn;
> ++ STORE_method_set_cleanup_function;
> ++ EC_GROUP_check;
> ++ d2i_ECPrivateKey_bio;
> ++ EC_KEY_insert_key_method_data;
> ++ STORE_meth_get_lock_store_fn;
> ++ STORE_method_get_lock_store_function;
> ++ X509_VERIFY_PARAM_get_depth;
> ++ SHA224_Final;
> ++ STORE_meth_set_update_store_fn;
> ++ STORE_method_set_update_store_function;
> ++ SHA224_Update;
> ++ d2i_ECPrivateKey;
> ++ ASN1_item_ndef_i2d;
> ++ STORE_delete_private_key;
> ++ ERR_pop_to_mark;
> ++ ENGINE_register_all_STORE;
> ++ X509_policy_level_get0_node;
> ++ i2d_PKCS7_NDEF;
> ++ EC_GROUP_get_degree;
> ++ ASN1_generate_v3;
> ++ STORE_ATTR_INFO_modify_cstr;
> ++ X509_policy_tree_level_count;
> ++ BN_GF2m_add;
> ++ EC_KEY_get0_group;
> ++ STORE_generate_crl;
> ++ STORE_store_public_key;
> ++ X509_CERT_PAIR_free;
> ++ STORE_revoke_private_key;
> ++ BN_nist_mod_224;
> ++ SHA512_Final;
> ++ STORE_ATTR_INFO_modify_dn;
> ++ STORE_meth_get_initialise_fn;
> ++ STORE_method_get_initialise_function;
> ++ STORE_delete_number;
> ++ i2d_EC_PUBKEY_bio;
> ++ BIO_dgram_non_fatal_error;
> ++ EC_GROUP_get_asn1_flag;
> ++ STORE_ATTR_INFO_in_ex;
> ++ STORE_list_crl_start;
> ++ ECDH_get_ex_new_index;
> ++ STORE_meth_get_modify_fn;
> ++ STORE_method_get_modify_function;
> ++ v2i_ASN1_BIT_STRING;
> ++ STORE_store_certificate;
> ++ OBJ_bsearch_ex;
> ++ X509_STORE_CTX_set_default;
> ++ STORE_ATTR_INFO_set_sha1str;
> ++ BN_GF2m_mod_inv;
> ++ BN_GF2m_mod_exp;
> ++ STORE_modify_public_key;
> ++ STORE_meth_get_list_start_fn;
> ++ STORE_method_get_list_start_function;
> ++ EC_GROUP_get0_seed;
> ++ STORE_store_arbitrary;
> ++ STORE_meth_set_unlock_store_fn;
> ++ STORE_method_set_unlock_store_function;
> ++ BN_GF2m_mod_div_arr;
> ++ ENGINE_set_ECDSA;
> ++ STORE_create_method;
> ++ ECPKParameters_print;
> ++ EC_KEY_get0_private_key;
> ++ PEM_write_EC_PUBKEY;
> ++ X509_VERIFY_PARAM_set1;
> ++ ECDH_set_method;
> ++ v2i_GENERAL_NAME_ex;
> ++ ECDH_set_ex_data;
> ++ STORE_generate_key;
> ++ BN_nist_mod_521;
> ++ X509_policy_tree_get0_level;
> ++ EC_GROUP_set_point_conversion_form;
> ++ EC_GROUP_set_point_conv_form;
> ++ PEM_read_EC_PUBKEY;
> ++ i2d_ECDSA_SIG;
> ++ ECDSA_OpenSSL;
> ++ STORE_delete_crl;
> ++ EC_KEY_get_enc_flags;
> ++ ASN1_const_check_infinite_end;
> ++ EVP_PKEY_delete_attr;
> ++ ECDSA_set_default_method;
> ++ EC_POINT_set_compressed_coordinates_GF2m;
> ++ EC_POINT_set_compr_coords_GF2m;
> ++ EC_GROUP_cmp;
> ++ STORE_revoke_certificate;
> ++ BN_get0_nist_prime_256;
> ++ STORE_meth_get_delete_fn;
> ++ STORE_method_get_delete_function;
> ++ SHA224_Init;
> ++ PEM_read_ECPrivateKey;
> ++ SHA512_Init;
> ++ STORE_parse_attrs_endp;
> ++ BN_set_negative;
> ++ ERR_load_ECDSA_strings;
> ++ EC_GROUP_get_basis_type;
> ++ STORE_list_public_key_next;
> ++ i2v_ASN1_BIT_STRING;
> ++ STORE_OBJECT_free;
> ++ BN_nist_mod_384;
> ++ i2d_X509_CERT_PAIR;
> ++ PEM_write_ECPKParameters;
> ++ ECDH_compute_key;
> ++ STORE_ATTR_INFO_get0_sha1str;
> ++ ENGINE_register_all_ECDH;
> ++ pqueue_pop;
> ++ STORE_ATTR_INFO_get0_cstr;
> ++ POLICY_CONSTRAINTS_it;
> ++ STORE_get_ex_new_index;
> ++ EVP_PKEY_get_attr_by_OBJ;
> ++ X509_VERIFY_PARAM_add0_policy;
> ++ BN_GF2m_mod_solve_quad;
> ++ SHA256;
> ++ i2d_ECPrivateKey_fp;
> ++ X509_policy_tree_get0_user_policies;
> ++ X509_pcy_tree_get0_usr_policies;
> ++ OPENSSL_DIR_read;
> ++ ENGINE_register_all_ECDSA;
> ++ X509_VERIFY_PARAM_lookup;
> ++ EC_POINT_get_affine_coordinates_GF2m;
> ++ EC_POINT_get_affine_coords_GF2m;
> ++ EC_GROUP_dup;
> ++ ENGINE_get_default_ECDSA;
> ++ EC_KEY_new;
> ++ SHA256_Transform;
> ++ EC_KEY_set_enc_flags;
> ++ ECDSA_verify;
> ++ EC_POINT_point2hex;
> ++ ENGINE_get_STORE;
> ++ SHA512;
> ++ STORE_get_certificate;
> ++ ECDSA_do_sign_ex;
> ++ ECDSA_do_verify;
> ++ d2i_ECPrivateKey_fp;
> ++ STORE_delete_certificate;
> ++ SHA512_Transform;
> ++ X509_STORE_set1_param;
> ++ STORE_method_get_ctrl_function;
> ++ STORE_free;
> ++ PEM_write_ECPrivateKey;
> ++ STORE_meth_get_unlock_store_fn;
> ++ STORE_method_get_unlock_store_function;
> ++ STORE_get_ex_data;
> ++ EC_KEY_set_public_key;
> ++ PEM_read_ECPKParameters;
> ++ X509_CERT_PAIR_new;
> ++ ENGINE_register_STORE;
> ++ RSA_generate_key_ex;
> ++ DSA_generate_parameters_ex;
> ++ ECParameters_print_fp;
> ++ X509V3_NAME_from_section;
> ++ EVP_PKEY_add1_attr;
> ++ STORE_modify_crl;
> ++ STORE_list_private_key_start;
> ++ POLICY_MAPPINGS_it;
> ++ GENERAL_SUBTREE_it;
> ++ EC_GROUP_get_curve_name;
> ++ PEM_write_X509_CERT_PAIR;
> ++ BIO_dump_indent_cb;
> ++ d2i_X509_CERT_PAIR;
> ++ STORE_list_private_key_endp;
> ++ asn1_const_Finish;
> ++ i2d_EC_PUBKEY_fp;
> ++ BN_nist_mod_256;
> ++ X509_VERIFY_PARAM_add0_table;
> ++ pqueue_free;
> ++ BN_BLINDING_create_param;
> ++ ECDSA_size;
> ++ d2i_EC_PUBKEY_bio;
> ++ BN_get0_nist_prime_521;
> ++ STORE_ATTR_INFO_modify_sha1str;
> ++ BN_generate_prime_ex;
> ++ EC_GROUP_new_by_curve_name;
> ++ SHA256_Final;
> ++ DH_generate_parameters_ex;
> ++ PEM_read_bio_ECPrivateKey;
> ++ STORE_meth_get_cleanup_fn;
> ++ STORE_method_get_cleanup_function;
> ++ ENGINE_get_ECDH;
> ++ d2i_ECDSA_SIG;
> ++ BN_is_prime_fasttest_ex;
> ++ ECDSA_sign;
> ++ X509_policy_check;
> ++ EVP_PKEY_get_attr_by_NID;
> ++ STORE_set_ex_data;
> ++ ENGINE_get_ECDSA;
> ++ EVP_ecdsa;
> ++ BN_BLINDING_get_flags;
> ++ PKCS12_add_cert;
> ++ STORE_OBJECT_new;
> ++ ERR_load_ECDH_strings;
> ++ EC_KEY_dup;
> ++ EVP_CIPHER_CTX_rand_key;
> ++ ECDSA_set_method;
> ++ a2i_IPADDRESS_NC;
> ++ d2i_ECParameters;
> ++ STORE_list_certificate_end;
> ++ STORE_get_crl;
> ++ X509_POLICY_NODE_print;
> ++ SHA384_Init;
> ++ EC_GF2m_simple_method;
> ++ ECDSA_set_ex_data;
> ++ SHA384_Final;
> ++ PKCS7_set_digest;
> ++ EC_KEY_print;
> ++ STORE_meth_set_lock_store_fn;
> ++ STORE_method_set_lock_store_function;
> ++ ECDSA_get_ex_new_index;
> ++ SHA384;
> ++ POLICY_MAPPING_new;
> ++ STORE_list_certificate_endp;
> ++ X509_STORE_CTX_get0_policy_tree;
> ++ EC_GROUP_set_asn1_flag;
> ++ EC_KEY_check_key;
> ++ d2i_EC_PUBKEY_fp;
> ++ PKCS7_set0_type_other;
> ++ PEM_read_bio_X509_CERT_PAIR;
> ++ pqueue_next;
> ++ STORE_meth_get_list_end_fn;
> ++ STORE_method_get_list_end_function;
> ++ EVP_PKEY_add1_attr_by_OBJ;
> ++ X509_VERIFY_PARAM_set_time;
> ++ pqueue_new;
> ++ ENGINE_set_default_ECDH;
> ++ STORE_new_method;
> ++ PKCS12_add_key;
> ++ DSO_merge;
> ++ EC_POINT_hex2point;
> ++ BIO_dump_cb;
> ++ SHA256_Update;
> ++ pqueue_insert;
> ++ pitem_free;
> ++ BN_GF2m_mod_inv_arr;
> ++ ENGINE_unregister_ECDSA;
> ++ BN_BLINDING_set_thread_id;
> ++ get_rfc3526_prime_8192;
> ++ X509_VERIFY_PARAM_clear_flags;
> ++ get_rfc2409_prime_1024;
> ++ DH_check_pub_key;
> ++ get_rfc3526_prime_2048;
> ++ get_rfc3526_prime_6144;
> ++ get_rfc3526_prime_1536;
> ++ get_rfc3526_prime_3072;
> ++ get_rfc3526_prime_4096;
> ++ get_rfc2409_prime_768;
> ++ X509_VERIFY_PARAM_get_flags;
> ++ EVP_CIPHER_CTX_new;
> ++ EVP_CIPHER_CTX_free;
> ++ Camellia_cbc_encrypt;
> ++ Camellia_cfb128_encrypt;
> ++ Camellia_cfb1_encrypt;
> ++ Camellia_cfb8_encrypt;
> ++ Camellia_ctr128_encrypt;
> ++ Camellia_cfbr_encrypt_block;
> ++ Camellia_decrypt;
> ++ Camellia_ecb_encrypt;
> ++ Camellia_encrypt;
> ++ Camellia_ofb128_encrypt;
> ++ Camellia_set_key;
> ++ EVP_camellia_128_cbc;
> ++ EVP_camellia_128_cfb128;
> ++ EVP_camellia_128_cfb1;
> ++ EVP_camellia_128_cfb8;
> ++ EVP_camellia_128_ecb;
> ++ EVP_camellia_128_ofb;
> ++ EVP_camellia_192_cbc;
> ++ EVP_camellia_192_cfb128;
> ++ EVP_camellia_192_cfb1;
> ++ EVP_camellia_192_cfb8;
> ++ EVP_camellia_192_ecb;
> ++ EVP_camellia_192_ofb;
> ++ EVP_camellia_256_cbc;
> ++ EVP_camellia_256_cfb128;
> ++ EVP_camellia_256_cfb1;
> ++ EVP_camellia_256_cfb8;
> ++ EVP_camellia_256_ecb;
> ++ EVP_camellia_256_ofb;
> ++ a2i_ipadd;
> ++ ASIdentifiers_free;
> ++ i2d_ASIdOrRange;
> ++ EVP_CIPHER_block_size;
> ++ v3_asid_is_canonical;
> ++ IPAddressChoice_free;
> ++ EVP_CIPHER_CTX_set_app_data;
> ++ BIO_set_callback_arg;
> ++ v3_addr_add_prefix;
> ++ IPAddressOrRange_it;
> ++ BIO_set_flags;
> ++ ASIdentifiers_it;
> ++ v3_addr_get_range;
> ++ BIO_method_type;
> ++ v3_addr_inherits;
> ++ IPAddressChoice_it;
> ++ AES_ige_encrypt;
> ++ v3_addr_add_range;
> ++ EVP_CIPHER_CTX_nid;
> ++ d2i_ASRange;
> ++ v3_addr_add_inherit;
> ++ v3_asid_add_id_or_range;
> ++ v3_addr_validate_resource_set;
> ++ EVP_CIPHER_iv_length;
> ++ EVP_MD_type;
> ++ v3_asid_canonize;
> ++ IPAddressRange_free;
> ++ v3_asid_add_inherit;
> ++ EVP_CIPHER_CTX_key_length;
> ++ IPAddressRange_new;
> ++ ASIdOrRange_new;
> ++ EVP_MD_size;
> ++ EVP_MD_CTX_test_flags;
> ++ BIO_clear_flags;
> ++ i2d_ASRange;
> ++ IPAddressRange_it;
> ++ IPAddressChoice_new;
> ++ ASIdentifierChoice_new;
> ++ ASRange_free;
> ++ EVP_MD_pkey_type;
> ++ EVP_MD_CTX_clear_flags;
> ++ IPAddressFamily_free;
> ++ i2d_IPAddressFamily;
> ++ IPAddressOrRange_new;
> ++ EVP_CIPHER_flags;
> ++ v3_asid_validate_resource_set;
> ++ d2i_IPAddressRange;
> ++ AES_bi_ige_encrypt;
> ++ BIO_get_callback;
> ++ IPAddressOrRange_free;
> ++ v3_addr_subset;
> ++ d2i_IPAddressFamily;
> ++ v3_asid_subset;
> ++ BIO_test_flags;
> ++ i2d_ASIdentifierChoice;
> ++ ASRange_it;
> ++ d2i_ASIdentifiers;
> ++ ASRange_new;
> ++ d2i_IPAddressChoice;
> ++ v3_addr_get_afi;
> ++ EVP_CIPHER_key_length;
> ++ EVP_Cipher;
> ++ i2d_IPAddressOrRange;
> ++ ASIdOrRange_it;
> ++ EVP_CIPHER_nid;
> ++ i2d_IPAddressChoice;
> ++ EVP_CIPHER_CTX_block_size;
> ++ ASIdentifiers_new;
> ++ v3_addr_validate_path;
> ++ IPAddressFamily_new;
> ++ EVP_MD_CTX_set_flags;
> ++ v3_addr_is_canonical;
> ++ i2d_IPAddressRange;
> ++ IPAddressFamily_it;
> ++ v3_asid_inherits;
> ++ EVP_CIPHER_CTX_cipher;
> ++ EVP_CIPHER_CTX_get_app_data;
> ++ EVP_MD_block_size;
> ++ EVP_CIPHER_CTX_flags;
> ++ v3_asid_validate_path;
> ++ d2i_IPAddressOrRange;
> ++ v3_addr_canonize;
> ++ ASIdentifierChoice_it;
> ++ EVP_MD_CTX_md;
> ++ d2i_ASIdentifierChoice;
> ++ BIO_method_name;
> ++ EVP_CIPHER_CTX_iv_length;
> ++ ASIdOrRange_free;
> ++ ASIdentifierChoice_free;
> ++ BIO_get_callback_arg;
> ++ BIO_set_callback;
> ++ d2i_ASIdOrRange;
> ++ i2d_ASIdentifiers;
> ++ SEED_decrypt;
> ++ SEED_encrypt;
> ++ SEED_cbc_encrypt;
> ++ EVP_seed_ofb;
> ++ SEED_cfb128_encrypt;
> ++ SEED_ofb128_encrypt;
> ++ EVP_seed_cbc;
> ++ SEED_ecb_encrypt;
> ++ EVP_seed_ecb;
> ++ SEED_set_key;
> ++ EVP_seed_cfb128;
> ++ X509_EXTENSIONS_it;
> ++ X509_get1_ocsp;
> ++ OCSP_REQ_CTX_free;
> ++ i2d_X509_EXTENSIONS;
> ++ OCSP_sendreq_nbio;
> ++ OCSP_sendreq_new;
> ++ d2i_X509_EXTENSIONS;
> ++ X509_ALGORS_it;
> ++ X509_ALGOR_get0;
> ++ X509_ALGOR_set0;
> ++ AES_unwrap_key;
> ++ AES_wrap_key;
> ++ X509at_get0_data_by_OBJ;
> ++ ASN1_TYPE_set1;
> ++ ASN1_STRING_set0;
> ++ i2d_X509_ALGORS;
> ++ BIO_f_zlib;
> ++ COMP_zlib_cleanup;
> ++ d2i_X509_ALGORS;
> ++ CMS_ReceiptRequest_free;
> ++ PEM_write_CMS;
> ++ CMS_add0_CertificateChoices;
> ++ CMS_unsigned_add1_attr_by_OBJ;
> ++ ERR_load_CMS_strings;
> ++ CMS_sign_receipt;
> ++ i2d_CMS_ContentInfo;
> ++ CMS_signed_delete_attr;
> ++ d2i_CMS_bio;
> ++ CMS_unsigned_get_attr_by_NID;
> ++ CMS_verify;
> ++ SMIME_read_CMS;
> ++ CMS_decrypt_set1_key;
> ++ CMS_SignerInfo_get0_algs;
> ++ CMS_add1_cert;
> ++ CMS_set_detached;
> ++ CMS_encrypt;
> ++ CMS_EnvelopedData_create;
> ++ CMS_uncompress;
> ++ CMS_add0_crl;
> ++ CMS_SignerInfo_verify_content;
> ++ CMS_unsigned_get0_data_by_OBJ;
> ++ PEM_write_bio_CMS;
> ++ CMS_unsigned_get_attr;
> ++ CMS_RecipientInfo_ktri_cert_cmp;
> ++ CMS_RecipientInfo_ktri_get0_algs;
> ++ CMS_RecipInfo_ktri_get0_algs;
> ++ CMS_ContentInfo_free;
> ++ CMS_final;
> ++ CMS_add_simple_smimecap;
> ++ CMS_SignerInfo_verify;
> ++ CMS_data;
> ++ CMS_ContentInfo_it;
> ++ d2i_CMS_ReceiptRequest;
> ++ CMS_compress;
> ++ CMS_digest_create;
> ++ CMS_SignerInfo_cert_cmp;
> ++ CMS_SignerInfo_sign;
> ++ CMS_data_create;
> ++ i2d_CMS_bio;
> ++ CMS_EncryptedData_set1_key;
> ++ CMS_decrypt;
> ++ int_smime_write_ASN1;
> ++ CMS_unsigned_delete_attr;
> ++ CMS_unsigned_get_attr_count;
> ++ CMS_add_smimecap;
> ++ PEM_read_CMS;
> ++ CMS_signed_get_attr_by_OBJ;
> ++ d2i_CMS_ContentInfo;
> ++ CMS_add_standard_smimecap;
> ++ CMS_ContentInfo_new;
> ++ CMS_RecipientInfo_type;
> ++ CMS_get0_type;
> ++ CMS_is_detached;
> ++ CMS_sign;
> ++ CMS_signed_add1_attr;
> ++ CMS_unsigned_get_attr_by_OBJ;
> ++ SMIME_write_CMS;
> ++ CMS_EncryptedData_decrypt;
> ++ CMS_get0_RecipientInfos;
> ++ CMS_add0_RevocationInfoChoice;
> ++ CMS_decrypt_set1_pkey;
> ++ CMS_SignerInfo_set1_signer_cert;
> ++ CMS_get0_signers;
> ++ CMS_ReceiptRequest_get0_values;
> ++ CMS_signed_get0_data_by_OBJ;
> ++ CMS_get0_SignerInfos;
> ++ CMS_add0_cert;
> ++ CMS_EncryptedData_encrypt;
> ++ CMS_digest_verify;
> ++ CMS_set1_signers_certs;
> ++ CMS_signed_get_attr;
> ++ CMS_RecipientInfo_set0_key;
> ++ CMS_SignedData_init;
> ++ CMS_RecipientInfo_kekri_get0_id;
> ++ CMS_verify_receipt;
> ++ CMS_ReceiptRequest_it;
> ++ PEM_read_bio_CMS;
> ++ CMS_get1_crls;
> ++ CMS_add0_recipient_key;
> ++ SMIME_read_ASN1;
> ++ CMS_ReceiptRequest_new;
> ++ CMS_get0_content;
> ++ CMS_get1_ReceiptRequest;
> ++ CMS_signed_add1_attr_by_OBJ;
> ++ CMS_RecipientInfo_kekri_id_cmp;
> ++ CMS_add1_ReceiptRequest;
> ++ CMS_SignerInfo_get0_signer_id;
> ++ CMS_unsigned_add1_attr_by_NID;
> ++ CMS_unsigned_add1_attr;
> ++ CMS_signed_get_attr_by_NID;
> ++ CMS_get1_certs;
> ++ CMS_signed_add1_attr_by_NID;
> ++ CMS_unsigned_add1_attr_by_txt;
> ++ CMS_dataFinal;
> ++ CMS_RecipientInfo_ktri_get0_signer_id;
> ++ CMS_RecipInfo_ktri_get0_sigr_id;
> ++ i2d_CMS_ReceiptRequest;
> ++ CMS_add1_recipient_cert;
> ++ CMS_dataInit;
> ++ CMS_signed_add1_attr_by_txt;
> ++ CMS_RecipientInfo_decrypt;
> ++ CMS_signed_get_attr_count;
> ++ CMS_get0_eContentType;
> ++ CMS_set1_eContentType;
> ++ CMS_ReceiptRequest_create0;
> ++ CMS_add1_signer;
> ++ CMS_RecipientInfo_set0_pkey;
> ++ ENGINE_set_load_ssl_client_cert_function;
> ++ ENGINE_set_ld_ssl_clnt_cert_fn;
> ++ ENGINE_get_ssl_client_cert_function;
> ++ ENGINE_get_ssl_client_cert_fn;
> ++ ENGINE_load_ssl_client_cert;
> ++ ENGINE_load_capi;
> ++ OPENSSL_isservice;
> ++ FIPS_dsa_sig_decode;
> ++ EVP_CIPHER_CTX_clear_flags;
> ++ FIPS_rand_status;
> ++ FIPS_rand_set_key;
> ++ CRYPTO_set_mem_info_functions;
> ++ RSA_X931_generate_key_ex;
> ++ int_ERR_set_state_func;
> ++ int_EVP_MD_set_engine_callbacks;
> ++ int_CRYPTO_set_do_dynlock_callback;
> ++ FIPS_rng_stick;
> ++ EVP_CIPHER_CTX_set_flags;
> ++ BN_X931_generate_prime_ex;
> ++ FIPS_selftest_check;
> ++ FIPS_rand_set_dt;
> ++ CRYPTO_dbg_pop_info;
> ++ FIPS_dsa_free;
> ++ RSA_X931_derive_ex;
> ++ FIPS_rsa_new;
> ++ FIPS_rand_bytes;
> ++ fips_cipher_test;
> ++ EVP_CIPHER_CTX_test_flags;
> ++ CRYPTO_malloc_debug_init;
> ++ CRYPTO_dbg_push_info;
> ++ FIPS_corrupt_rsa_keygen;
> ++ FIPS_dh_new;
> ++ FIPS_corrupt_dsa_keygen;
> ++ FIPS_dh_free;
> ++ fips_pkey_signature_test;
> ++ EVP_add_alg_module;
> ++ int_RAND_init_engine_callbacks;
> ++ int_EVP_CIPHER_set_engine_callbacks;
> ++ int_EVP_MD_init_engine_callbacks;
> ++ FIPS_rand_test_mode;
> ++ FIPS_rand_reset;
> ++ FIPS_dsa_new;
> ++ int_RAND_set_callbacks;
> ++ BN_X931_derive_prime_ex;
> ++ int_ERR_lib_init;
> ++ int_EVP_CIPHER_init_engine_callbacks;
> ++ FIPS_rsa_free;
> ++ FIPS_dsa_sig_encode;
> ++ CRYPTO_dbg_remove_all_info;
> ++ OPENSSL_init;
> ++ CRYPTO_strdup;
> ++ JPAKE_STEP3A_process;
> ++ JPAKE_STEP1_release;
> ++ JPAKE_get_shared_key;
> ++ JPAKE_STEP3B_init;
> ++ JPAKE_STEP1_generate;
> ++ JPAKE_STEP1_init;
> ++ JPAKE_STEP3B_process;
> ++ JPAKE_STEP2_generate;
> ++ JPAKE_CTX_new;
> ++ JPAKE_CTX_free;
> ++ JPAKE_STEP3B_release;
> ++ JPAKE_STEP3A_release;
> ++ JPAKE_STEP2_process;
> ++ JPAKE_STEP3B_generate;
> ++ JPAKE_STEP1_process;
> ++ JPAKE_STEP3A_generate;
> ++ JPAKE_STEP2_release;
> ++ JPAKE_STEP3A_init;
> ++ ERR_load_JPAKE_strings;
> ++ JPAKE_STEP2_init;
> ++ pqueue_size;
> ++ i2d_TS_ACCURACY;
> ++ i2d_TS_MSG_IMPRINT_fp;
> ++ i2d_TS_MSG_IMPRINT;
> ++ EVP_PKEY_print_public;
> ++ EVP_PKEY_CTX_new;
> ++ i2d_TS_TST_INFO;
> ++ EVP_PKEY_asn1_find;
> ++ DSO_METHOD_beos;
> ++ TS_CONF_load_cert;
> ++ TS_REQ_get_ext;
> ++ EVP_PKEY_sign_init;
> ++ ASN1_item_print;
> ++ TS_TST_INFO_set_nonce;
> ++ TS_RESP_dup;
> ++ ENGINE_register_pkey_meths;
> ++ EVP_PKEY_asn1_add0;
> ++ PKCS7_add0_attrib_signing_time;
> ++ i2d_TS_TST_INFO_fp;
> ++ BIO_asn1_get_prefix;
> ++ TS_TST_INFO_set_time;
> ++ EVP_PKEY_meth_set_decrypt;
> ++ EVP_PKEY_set_type_str;
> ++ EVP_PKEY_CTX_get_keygen_info;
> ++ TS_REQ_set_policy_id;
> ++ d2i_TS_RESP_fp;
> ++ ENGINE_get_pkey_asn1_meth_engine;
> ++ ENGINE_get_pkey_asn1_meth_eng;
> ++ WHIRLPOOL_Init;
> ++ TS_RESP_set_status_info;
> ++ EVP_PKEY_keygen;
> ++ EVP_DigestSignInit;
> ++ TS_ACCURACY_set_millis;
> ++ TS_REQ_dup;
> ++ GENERAL_NAME_dup;
> ++ ASN1_SEQUENCE_ANY_it;
> ++ WHIRLPOOL;
> ++ X509_STORE_get1_crls;
> ++ ENGINE_get_pkey_asn1_meth;
> ++ EVP_PKEY_asn1_new;
> ++ BIO_new_NDEF;
> ++ ENGINE_get_pkey_meth;
> ++ TS_MSG_IMPRINT_set_algo;
> ++ i2d_TS_TST_INFO_bio;
> ++ TS_TST_INFO_set_ordering;
> ++ TS_TST_INFO_get_ext_by_OBJ;
> ++ CRYPTO_THREADID_set_pointer;
> ++ TS_CONF_get_tsa_section;
> ++ SMIME_write_ASN1;
> ++ TS_RESP_CTX_set_signer_key;
> ++ EVP_PKEY_encrypt_old;
> ++ EVP_PKEY_encrypt_init;
> ++ CRYPTO_THREADID_cpy;
> ++ ASN1_PCTX_get_cert_flags;
> ++ i2d_ESS_SIGNING_CERT;
> ++ TS_CONF_load_key;
> ++ i2d_ASN1_SEQUENCE_ANY;
> ++ d2i_TS_MSG_IMPRINT_bio;
> ++ EVP_PKEY_asn1_set_public;
> ++ b2i_PublicKey_bio;
> ++ BIO_asn1_set_prefix;
> ++ EVP_PKEY_new_mac_key;
> ++ BIO_new_CMS;
> ++ CRYPTO_THREADID_cmp;
> ++ TS_REQ_ext_free;
> ++ EVP_PKEY_asn1_set_free;
> ++ EVP_PKEY_get0_asn1;
> ++ d2i_NETSCAPE_X509;
> ++ EVP_PKEY_verify_recover_init;
> ++ EVP_PKEY_CTX_set_data;
> ++ EVP_PKEY_keygen_init;
> ++ TS_RESP_CTX_set_status_info;
> ++ TS_MSG_IMPRINT_get_algo;
> ++ TS_REQ_print_bio;
> ++ EVP_PKEY_CTX_ctrl_str;
> ++ EVP_PKEY_get_default_digest_nid;
> ++ PEM_write_bio_PKCS7_stream;
> ++ TS_MSG_IMPRINT_print_bio;
> ++ BN_asc2bn;
> ++ TS_REQ_get_policy_id;
> ++ ENGINE_set_default_pkey_asn1_meths;
> ++ ENGINE_set_def_pkey_asn1_meths;
> ++ d2i_TS_ACCURACY;
> ++ DSO_global_lookup;
> ++ TS_CONF_set_tsa_name;
> ++ i2d_ASN1_SET_ANY;
> ++ ENGINE_load_gost;
> ++ WHIRLPOOL_BitUpdate;
> ++ ASN1_PCTX_get_flags;
> ++ TS_TST_INFO_get_ext_by_NID;
> ++ TS_RESP_new;
> ++ ESS_CERT_ID_dup;
> ++ TS_STATUS_INFO_dup;
> ++ TS_REQ_delete_ext;
> ++ EVP_DigestVerifyFinal;
> ++ EVP_PKEY_print_params;
> ++ i2d_CMS_bio_stream;
> ++ TS_REQ_get_msg_imprint;
> ++ OBJ_find_sigid_by_algs;
> ++ TS_TST_INFO_get_serial;
> ++ TS_REQ_get_nonce;
> ++ X509_PUBKEY_set0_param;
> ++ EVP_PKEY_CTX_set0_keygen_info;
> ++ DIST_POINT_set_dpname;
> ++ i2d_ISSUING_DIST_POINT;
> ++ ASN1_SET_ANY_it;
> ++ EVP_PKEY_CTX_get_data;
> ++ TS_STATUS_INFO_print_bio;
> ++ EVP_PKEY_derive_init;
> ++ d2i_TS_TST_INFO;
> ++ EVP_PKEY_asn1_add_alias;
> ++ d2i_TS_RESP_bio;
> ++ OTHERNAME_cmp;
> ++ GENERAL_NAME_set0_value;
> ++ PKCS7_RECIP_INFO_get0_alg;
> ++ TS_RESP_CTX_new;
> ++ TS_RESP_set_tst_info;
> ++ PKCS7_final;
> ++ EVP_PKEY_base_id;
> ++ TS_RESP_CTX_set_signer_cert;
> ++ TS_REQ_set_msg_imprint;
> ++ EVP_PKEY_CTX_ctrl;
> ++ TS_CONF_set_digests;
> ++ d2i_TS_MSG_IMPRINT;
> ++ EVP_PKEY_meth_set_ctrl;
> ++ TS_REQ_get_ext_by_NID;
> ++ PKCS5_pbe_set0_algor;
> ++ BN_BLINDING_thread_id;
> ++ TS_ACCURACY_new;
> ++ X509_CRL_METHOD_free;
> ++ ASN1_PCTX_get_nm_flags;
> ++ EVP_PKEY_meth_set_sign;
> ++ CRYPTO_THREADID_current;
> ++ EVP_PKEY_decrypt_init;
> ++ NETSCAPE_X509_free;
> ++ i2b_PVK_bio;
> ++ EVP_PKEY_print_private;
> ++ GENERAL_NAME_get0_value;
> ++ b2i_PVK_bio;
> ++ ASN1_UTCTIME_adj;
> ++ TS_TST_INFO_new;
> ++ EVP_MD_do_all_sorted;
> ++ TS_CONF_set_default_engine;
> ++ TS_ACCURACY_set_seconds;
> ++ TS_TST_INFO_get_time;
> ++ PKCS8_pkey_get0;
> ++ EVP_PKEY_asn1_get0;
> ++ OBJ_add_sigid;
> ++ PKCS7_SIGNER_INFO_sign;
> ++ EVP_PKEY_paramgen_init;
> ++ EVP_PKEY_sign;
> ++ OBJ_sigid_free;
> ++ EVP_PKEY_meth_set_init;
> ++ d2i_ESS_ISSUER_SERIAL;
> ++ ISSUING_DIST_POINT_new;
> ++ ASN1_TIME_adj;
> ++ TS_OBJ_print_bio;
> ++ EVP_PKEY_meth_set_verify_recover;
> ++ EVP_PKEY_meth_set_vrfy_recover;
> ++ TS_RESP_get_status_info;
> ++ CMS_stream;
> ++ EVP_PKEY_CTX_set_cb;
> ++ PKCS7_to_TS_TST_INFO;
> ++ ASN1_PCTX_get_oid_flags;
> ++ TS_TST_INFO_add_ext;
> ++ EVP_PKEY_meth_set_derive;
> ++ i2d_TS_RESP_fp;
> ++ i2d_TS_MSG_IMPRINT_bio;
> ++ TS_RESP_CTX_set_accuracy;
> ++ TS_REQ_set_nonce;
> ++ ESS_CERT_ID_new;
> ++ ENGINE_pkey_asn1_find_str;
> ++ TS_REQ_get_ext_count;
> ++ BUF_reverse;
> ++ TS_TST_INFO_print_bio;
> ++ d2i_ISSUING_DIST_POINT;
> ++ ENGINE_get_pkey_meths;
> ++ i2b_PrivateKey_bio;
> ++ i2d_TS_RESP;
> ++ b2i_PublicKey;
> ++ TS_VERIFY_CTX_cleanup;
> ++ TS_STATUS_INFO_free;
> ++ TS_RESP_verify_token;
> ++ OBJ_bsearch_ex_;
> ++ ASN1_bn_print;
> ++ EVP_PKEY_asn1_get_count;
> ++ ENGINE_register_pkey_asn1_meths;
> ++ ASN1_PCTX_set_nm_flags;
> ++ EVP_DigestVerifyInit;
> ++ ENGINE_set_default_pkey_meths;
> ++ TS_TST_INFO_get_policy_id;
> ++ TS_REQ_get_cert_req;
> ++ X509_CRL_set_meth_data;
> ++ PKCS8_pkey_set0;
> ++ ASN1_STRING_copy;
> ++ d2i_TS_TST_INFO_fp;
> ++ X509_CRL_match;
> ++ EVP_PKEY_asn1_set_private;
> ++ TS_TST_INFO_get_ext_d2i;
> ++ TS_RESP_CTX_add_policy;
> ++ d2i_TS_RESP;
> ++ TS_CONF_load_certs;
> ++ TS_TST_INFO_get_msg_imprint;
> ++ ERR_load_TS_strings;
> ++ TS_TST_INFO_get_version;
> ++ EVP_PKEY_CTX_dup;
> ++ EVP_PKEY_meth_set_verify;
> ++ i2b_PublicKey_bio;
> ++ TS_CONF_set_certs;
> ++ EVP_PKEY_asn1_get0_info;
> ++ TS_VERIFY_CTX_free;
> ++ TS_REQ_get_ext_by_critical;
> ++ TS_RESP_CTX_set_serial_cb;
> ++ X509_CRL_get_meth_data;
> ++ TS_RESP_CTX_set_time_cb;
> ++ TS_MSG_IMPRINT_get_msg;
> ++ TS_TST_INFO_ext_free;
> ++ TS_REQ_get_version;
> ++ TS_REQ_add_ext;
> ++ EVP_PKEY_CTX_set_app_data;
> ++ OBJ_bsearch_;
> ++ EVP_PKEY_meth_set_verifyctx;
> ++ i2d_PKCS7_bio_stream;
> ++ CRYPTO_THREADID_set_numeric;
> ++ PKCS7_sign_add_signer;
> ++ d2i_TS_TST_INFO_bio;
> ++ TS_TST_INFO_get_ordering;
> ++ TS_RESP_print_bio;
> ++ TS_TST_INFO_get_exts;
> ++ HMAC_CTX_copy;
> ++ PKCS5_pbe2_set_iv;
> ++ ENGINE_get_pkey_asn1_meths;
> ++ b2i_PrivateKey;
> ++ EVP_PKEY_CTX_get_app_data;
> ++ TS_REQ_set_cert_req;
> ++ CRYPTO_THREADID_set_callback;
> ++ TS_CONF_set_serial;
> ++ TS_TST_INFO_free;
> ++ d2i_TS_REQ_fp;
> ++ TS_RESP_verify_response;
> ++ i2d_ESS_ISSUER_SERIAL;
> ++ TS_ACCURACY_get_seconds;
> ++ EVP_CIPHER_do_all;
> ++ b2i_PrivateKey_bio;
> ++ OCSP_CERTID_dup;
> ++ X509_PUBKEY_get0_param;
> ++ TS_MSG_IMPRINT_dup;
> ++ PKCS7_print_ctx;
> ++ i2d_TS_REQ_bio;
> ++ EVP_whirlpool;
> ++ EVP_PKEY_asn1_set_param;
> ++ EVP_PKEY_meth_set_encrypt;
> ++ ASN1_PCTX_set_flags;
> ++ i2d_ESS_CERT_ID;
> ++ TS_VERIFY_CTX_new;
> ++ TS_RESP_CTX_set_extension_cb;
> ++ ENGINE_register_all_pkey_meths;
> ++ TS_RESP_CTX_set_status_info_cond;
> ++ TS_RESP_CTX_set_stat_info_cond;
> ++ EVP_PKEY_verify;
> ++ WHIRLPOOL_Final;
> ++ X509_CRL_METHOD_new;
> ++ EVP_DigestSignFinal;
> ++ TS_RESP_CTX_set_def_policy;
> ++ NETSCAPE_X509_it;
> ++ TS_RESP_create_response;
> ++ PKCS7_SIGNER_INFO_get0_algs;
> ++ TS_TST_INFO_get_nonce;
> ++ EVP_PKEY_decrypt_old;
> ++ TS_TST_INFO_set_policy_id;
> ++ TS_CONF_set_ess_cert_id_chain;
> ++ EVP_PKEY_CTX_get0_pkey;
> ++ d2i_TS_REQ;
> ++ EVP_PKEY_asn1_find_str;
> ++ BIO_f_asn1;
> ++ ESS_SIGNING_CERT_new;
> ++ EVP_PBE_find;
> ++ X509_CRL_get0_by_cert;
> ++ EVP_PKEY_derive;
> ++ i2d_TS_REQ;
> ++ TS_TST_INFO_delete_ext;
> ++ ESS_ISSUER_SERIAL_free;
> ++ ASN1_PCTX_set_str_flags;
> ++ ENGINE_get_pkey_asn1_meth_str;
> ++ TS_CONF_set_signer_key;
> ++ TS_ACCURACY_get_millis;
> ++ TS_RESP_get_token;
> ++ TS_ACCURACY_dup;
> ++ ENGINE_register_all_pkey_asn1_meths;
> ++ ENGINE_reg_all_pkey_asn1_meths;
> ++ X509_CRL_set_default_method;
> ++ CRYPTO_THREADID_hash;
> ++ CMS_ContentInfo_print_ctx;
> ++ TS_RESP_free;
> ++ ISSUING_DIST_POINT_free;
> ++ ESS_ISSUER_SERIAL_new;
> ++ CMS_add1_crl;
> ++ PKCS7_add1_attrib_digest;
> ++ TS_RESP_CTX_add_md;
> ++ TS_TST_INFO_dup;
> ++ ENGINE_set_pkey_asn1_meths;
> ++ PEM_write_bio_Parameters;
> ++ TS_TST_INFO_get_accuracy;
> ++ X509_CRL_get0_by_serial;
> ++ TS_TST_INFO_set_version;
> ++ TS_RESP_CTX_get_tst_info;
> ++ TS_RESP_verify_signature;
> ++ CRYPTO_THREADID_get_callback;
> ++ TS_TST_INFO_get_tsa;
> ++ TS_STATUS_INFO_new;
> ++ EVP_PKEY_CTX_get_cb;
> ++ TS_REQ_get_ext_d2i;
> ++ GENERAL_NAME_set0_othername;
> ++ TS_TST_INFO_get_ext_count;
> ++ TS_RESP_CTX_get_request;
> ++ i2d_NETSCAPE_X509;
> ++ ENGINE_get_pkey_meth_engine;
> ++ EVP_PKEY_meth_set_signctx;
> ++ EVP_PKEY_asn1_copy;
> ++ ASN1_TYPE_cmp;
> ++ EVP_CIPHER_do_all_sorted;
> ++ EVP_PKEY_CTX_free;
> ++ ISSUING_DIST_POINT_it;
> ++ d2i_TS_MSG_IMPRINT_fp;
> ++ X509_STORE_get1_certs;
> ++ EVP_PKEY_CTX_get_operation;
> ++ d2i_ESS_SIGNING_CERT;
> ++ TS_CONF_set_ordering;
> ++ EVP_PBE_alg_add_type;
> ++ TS_REQ_set_version;
> ++ EVP_PKEY_get0;
> ++ BIO_asn1_set_suffix;
> ++ i2d_TS_STATUS_INFO;
> ++ EVP_MD_do_all;
> ++ TS_TST_INFO_set_accuracy;
> ++ PKCS7_add_attrib_content_type;
> ++ ERR_remove_thread_state;
> ++ EVP_PKEY_meth_add0;
> ++ TS_TST_INFO_set_tsa;
> ++ EVP_PKEY_meth_new;
> ++ WHIRLPOOL_Update;
> ++ TS_CONF_set_accuracy;
> ++ ASN1_PCTX_set_oid_flags;
> ++ ESS_SIGNING_CERT_dup;
> ++ d2i_TS_REQ_bio;
> ++ X509_time_adj_ex;
> ++ TS_RESP_CTX_add_flags;
> ++ d2i_TS_STATUS_INFO;
> ++ TS_MSG_IMPRINT_set_msg;
> ++ BIO_asn1_get_suffix;
> ++ TS_REQ_free;
> ++ EVP_PKEY_meth_free;
> ++ TS_REQ_get_exts;
> ++ TS_RESP_CTX_set_clock_precision_digits;
> ++ TS_RESP_CTX_set_clk_prec_digits;
> ++ TS_RESP_CTX_add_failure_info;
> ++ i2d_TS_RESP_bio;
> ++ EVP_PKEY_CTX_get0_peerkey;
> ++ PEM_write_bio_CMS_stream;
> ++ TS_REQ_new;
> ++ TS_MSG_IMPRINT_new;
> ++ EVP_PKEY_meth_find;
> ++ EVP_PKEY_id;
> ++ TS_TST_INFO_set_serial;
> ++ a2i_GENERAL_NAME;
> ++ TS_CONF_set_crypto_device;
> ++ EVP_PKEY_verify_init;
> ++ TS_CONF_set_policies;
> ++ ASN1_PCTX_new;
> ++ ESS_CERT_ID_free;
> ++ ENGINE_unregister_pkey_meths;
> ++ TS_MSG_IMPRINT_free;
> ++ TS_VERIFY_CTX_init;
> ++ PKCS7_stream;
> ++ TS_RESP_CTX_set_certs;
> ++ TS_CONF_set_def_policy;
> ++ ASN1_GENERALIZEDTIME_adj;
> ++ NETSCAPE_X509_new;
> ++ TS_ACCURACY_free;
> ++ TS_RESP_get_tst_info;
> ++ EVP_PKEY_derive_set_peer;
> ++ PEM_read_bio_Parameters;
> ++ TS_CONF_set_clock_precision_digits;
> ++ TS_CONF_set_clk_prec_digits;
> ++ ESS_ISSUER_SERIAL_dup;
> ++ TS_ACCURACY_get_micros;
> ++ ASN1_PCTX_get_str_flags;
> ++ NAME_CONSTRAINTS_check;
> ++ ASN1_BIT_STRING_check;
> ++ X509_check_akid;
> ++ ENGINE_unregister_pkey_asn1_meths;
> ++ ENGINE_unreg_pkey_asn1_meths;
> ++ ASN1_PCTX_free;
> ++ PEM_write_bio_ASN1_stream;
> ++ i2d_ASN1_bio_stream;
> ++ TS_X509_ALGOR_print_bio;
> ++ EVP_PKEY_meth_set_cleanup;
> ++ EVP_PKEY_asn1_free;
> ++ ESS_SIGNING_CERT_free;
> ++ TS_TST_INFO_set_msg_imprint;
> ++ GENERAL_NAME_cmp;
> ++ d2i_ASN1_SET_ANY;
> ++ ENGINE_set_pkey_meths;
> ++ i2d_TS_REQ_fp;
> ++ d2i_ASN1_SEQUENCE_ANY;
> ++ GENERAL_NAME_get0_otherName;
> ++ d2i_ESS_CERT_ID;
> ++ OBJ_find_sigid_algs;
> ++ EVP_PKEY_meth_set_keygen;
> ++ PKCS5_PBKDF2_HMAC;
> ++ EVP_PKEY_paramgen;
> ++ EVP_PKEY_meth_set_paramgen;
> ++ BIO_new_PKCS7;
> ++ EVP_PKEY_verify_recover;
> ++ TS_ext_print_bio;
> ++ TS_ASN1_INTEGER_print_bio;
> ++ check_defer;
> ++ DSO_pathbyaddr;
> ++ EVP_PKEY_set_type;
> ++ TS_ACCURACY_set_micros;
> ++ TS_REQ_to_TS_VERIFY_CTX;
> ++ EVP_PKEY_meth_set_copy;
> ++ ASN1_PCTX_set_cert_flags;
> ++ TS_TST_INFO_get_ext;
> ++ EVP_PKEY_asn1_set_ctrl;
> ++ TS_TST_INFO_get_ext_by_critical;
> ++ EVP_PKEY_CTX_new_id;
> ++ TS_REQ_get_ext_by_OBJ;
> ++ TS_CONF_set_signer_cert;
> ++ X509_NAME_hash_old;
> ++ ASN1_TIME_set_string;
> ++ EVP_MD_flags;
> ++ TS_RESP_CTX_free;
> ++ DSAparams_dup;
> ++ DHparams_dup;
> ++ OCSP_REQ_CTX_add1_header;
> ++ OCSP_REQ_CTX_set1_req;
> ++ X509_STORE_set_verify_cb;
> ++ X509_STORE_CTX_get0_current_crl;
> ++ X509_STORE_CTX_get0_parent_ctx;
> ++ X509_STORE_CTX_get0_current_issuer;
> ++ X509_STORE_CTX_get0_cur_issuer;
> ++ X509_issuer_name_hash_old;
> ++ X509_subject_name_hash_old;
> ++ EVP_CIPHER_CTX_copy;
> ++ UI_method_get_prompt_constructor;
> ++ UI_method_get_prompt_constructr;
> ++ UI_method_set_prompt_constructor;
> ++ UI_method_set_prompt_constructr;
> ++ EVP_read_pw_string_min;
> ++ CRYPTO_cts128_encrypt;
> ++ CRYPTO_cts128_decrypt_block;
> ++ CRYPTO_cfb128_1_encrypt;
> ++ CRYPTO_cbc128_encrypt;
> ++ CRYPTO_ctr128_encrypt;
> ++ CRYPTO_ofb128_encrypt;
> ++ CRYPTO_cts128_decrypt;
> ++ CRYPTO_cts128_encrypt_block;
> ++ CRYPTO_cbc128_decrypt;
> ++ CRYPTO_cfb128_encrypt;
> ++ CRYPTO_cfb128_8_encrypt;
> ++
> ++ local:
> ++ *;
> ++};
> ++
> ++
> ++OPENSSL_1.0.1 {
> ++ global:
> ++ SSL_renegotiate_abbreviated;
> ++ TLSv1_1_method;
> ++ TLSv1_1_client_method;
> ++ TLSv1_1_server_method;
> ++ SSL_CTX_set_srp_client_pwd_callback;
> ++ SSL_CTX_set_srp_client_pwd_cb;
> ++ SSL_get_srp_g;
> ++ SSL_CTX_set_srp_username_callback;
> ++ SSL_CTX_set_srp_un_cb;
> ++ SSL_get_srp_userinfo;
> ++ SSL_set_srp_server_param;
> ++ SSL_set_srp_server_param_pw;
> ++ SSL_get_srp_N;
> ++ SSL_get_srp_username;
> ++ SSL_CTX_set_srp_password;
> ++ SSL_CTX_set_srp_strength;
> ++ SSL_CTX_set_srp_verify_param_callback;
> ++ SSL_CTX_set_srp_vfy_param_cb;
> ++ SSL_CTX_set_srp_cb_arg;
> ++ SSL_CTX_set_srp_username;
> ++ SSL_CTX_SRP_CTX_init;
> ++ SSL_SRP_CTX_init;
> ++ SRP_Calc_A_param;
> ++ SRP_generate_server_master_secret;
> ++ SRP_gen_server_master_secret;
> ++ SSL_CTX_SRP_CTX_free;
> ++ SRP_generate_client_master_secret;
> ++ SRP_gen_client_master_secret;
> ++ SSL_srp_server_param_with_username;
> ++ SSL_srp_server_param_with_un;
> ++ SSL_SRP_CTX_free;
> ++ SSL_set_debug;
> ++ SSL_SESSION_get0_peer;
> ++ TLSv1_2_client_method;
> ++ SSL_SESSION_set1_id_context;
> ++ TLSv1_2_server_method;
> ++ SSL_cache_hit;
> ++ SSL_get0_kssl_ctx;
> ++ SSL_set0_kssl_ctx;
> ++ SSL_set_state;
> ++ SSL_CIPHER_get_id;
> ++ TLSv1_2_method;
> ++ kssl_ctx_get0_client_princ;
> ++ SSL_export_keying_material;
> ++ SSL_set_tlsext_use_srtp;
> ++ SSL_CTX_set_next_protos_advertised_cb;
> ++ SSL_CTX_set_next_protos_adv_cb;
> ++ SSL_get0_next_proto_negotiated;
> ++ SSL_get_selected_srtp_profile;
> ++ SSL_CTX_set_tlsext_use_srtp;
> ++ SSL_select_next_proto;
> ++ SSL_get_srtp_profiles;
> ++ SSL_CTX_set_next_proto_select_cb;
> ++ SSL_CTX_set_next_proto_sel_cb;
> ++ SSL_SESSION_get_compress_id;
> ++
> ++ SRP_VBASE_get_by_user;
> ++ SRP_Calc_server_key;
> ++ SRP_create_verifier;
> ++ SRP_create_verifier_BN;
> ++ SRP_Calc_u;
> ++ SRP_VBASE_free;
> ++ SRP_Calc_client_key;
> ++ SRP_get_default_gN;
> ++ SRP_Calc_x;
> ++ SRP_Calc_B;
> ++ SRP_VBASE_new;
> ++ SRP_check_known_gN_param;
> ++ SRP_Calc_A;
> ++ SRP_Verify_A_mod_N;
> ++ SRP_VBASE_init;
> ++ SRP_Verify_B_mod_N;
> ++ EC_KEY_set_public_key_affine_coordinates;
> ++ EC_KEY_set_pub_key_aff_coords;
> ++ EVP_aes_192_ctr;
> ++ EVP_PKEY_meth_get0_info;
> ++ EVP_PKEY_meth_copy;
> ++ ERR_add_error_vdata;
> ++ EVP_aes_128_ctr;
> ++ EVP_aes_256_ctr;
> ++ EC_GFp_nistp224_method;
> ++ EC_KEY_get_flags;
> ++ RSA_padding_add_PKCS1_PSS_mgf1;
> ++ EVP_aes_128_xts;
> ++ EVP_aes_256_xts;
> ++ EVP_aes_128_gcm;
> ++ EC_KEY_clear_flags;
> ++ EC_KEY_set_flags;
> ++ EVP_aes_256_ccm;
> ++ RSA_verify_PKCS1_PSS_mgf1;
> ++ EVP_aes_128_ccm;
> ++ EVP_aes_192_gcm;
> ++ X509_ALGOR_set_md;
> ++ RAND_init_fips;
> ++ EVP_aes_256_gcm;
> ++ EVP_aes_192_ccm;
> ++ CMAC_CTX_copy;
> ++ CMAC_CTX_free;
> ++ CMAC_CTX_get0_cipher_ctx;
> ++ CMAC_CTX_cleanup;
> ++ CMAC_Init;
> ++ CMAC_Update;
> ++ CMAC_resume;
> ++ CMAC_CTX_new;
> ++ CMAC_Final;
> ++ CRYPTO_ctr128_encrypt_ctr32;
> ++ CRYPTO_gcm128_release;
> ++ CRYPTO_ccm128_decrypt_ccm64;
> ++ CRYPTO_ccm128_encrypt;
> ++ CRYPTO_gcm128_encrypt;
> ++ CRYPTO_xts128_encrypt;
> ++ EVP_rc4_hmac_md5;
> ++ CRYPTO_nistcts128_decrypt_block;
> ++ CRYPTO_gcm128_setiv;
> ++ CRYPTO_nistcts128_encrypt;
> ++ EVP_aes_128_cbc_hmac_sha1;
> ++ CRYPTO_gcm128_tag;
> ++ CRYPTO_ccm128_encrypt_ccm64;
> ++ ENGINE_load_rdrand;
> ++ CRYPTO_ccm128_setiv;
> ++ CRYPTO_nistcts128_encrypt_block;
> ++ CRYPTO_gcm128_aad;
> ++ CRYPTO_ccm128_init;
> ++ CRYPTO_nistcts128_decrypt;
> ++ CRYPTO_gcm128_new;
> ++ CRYPTO_ccm128_tag;
> ++ CRYPTO_ccm128_decrypt;
> ++ CRYPTO_ccm128_aad;
> ++ CRYPTO_gcm128_init;
> ++ CRYPTO_gcm128_decrypt;
> ++ ENGINE_load_rsax;
> ++ CRYPTO_gcm128_decrypt_ctr32;
> ++ CRYPTO_gcm128_encrypt_ctr32;
> ++ CRYPTO_gcm128_finish;
> ++ EVP_aes_256_cbc_hmac_sha1;
> ++ PKCS5_pbkdf2_set;
> ++ CMS_add0_recipient_password;
> ++ CMS_decrypt_set1_password;
> ++ CMS_RecipientInfo_set0_password;
> ++ RAND_set_fips_drbg_type;
> ++ X509_REQ_sign_ctx;
> ++ RSA_PSS_PARAMS_new;
> ++ X509_CRL_sign_ctx;
> ++ X509_signature_dump;
> ++ d2i_RSA_PSS_PARAMS;
> ++ RSA_PSS_PARAMS_it;
> ++ RSA_PSS_PARAMS_free;
> ++ X509_sign_ctx;
> ++ i2d_RSA_PSS_PARAMS;
> ++ ASN1_item_sign_ctx;
> ++ EC_GFp_nistp521_method;
> ++ EC_GFp_nistp256_method;
> ++ OPENSSL_stderr;
> ++ OPENSSL_cpuid_setup;
> ++ OPENSSL_showfatal;
> ++ BIO_new_dgram_sctp;
> ++ BIO_dgram_sctp_msg_waiting;
> ++ BIO_dgram_sctp_wait_for_dry;
> ++ BIO_s_datagram_sctp;
> ++ BIO_dgram_is_sctp;
> ++ BIO_dgram_sctp_notification_cb;
> ++} OPENSSL_1.0.0;
> ++
> ++OPENSSL_1.0.1d {
> ++ global:
> ++ CRYPTO_memcmp;
> ++} OPENSSL_1.0.1;
> ++
> ++OPENSSL_1.0.2 {
> ++ global:
> ++ SSL_CTX_set_alpn_protos;
> ++ SSL_set_alpn_protos;
> ++ SSL_CTX_set_alpn_select_cb;
> ++ SSL_get0_alpn_selected;
> ++ SSL_CTX_set_custom_cli_ext;
> ++ SSL_CTX_set_custom_srv_ext;
> ++ SSL_CTX_set_srv_supp_data;
> ++ SSL_CTX_set_cli_supp_data;
> ++ SSL_set_cert_cb;
> ++ SSL_CTX_use_serverinfo;
> ++ SSL_CTX_use_serverinfo_file;
> ++ SSL_CTX_set_cert_cb;
> ++ SSL_CTX_get0_param;
> ++ SSL_get0_param;
> ++ SSL_certs_clear;
> ++ DTLSv1_2_method;
> ++ DTLSv1_2_server_method;
> ++ DTLSv1_2_client_method;
> ++ DTLS_method;
> ++ DTLS_server_method;
> ++ DTLS_client_method;
> ++ SSL_CTX_get_ssl_method;
> ++ SSL_CTX_get0_certificate;
> ++ SSL_CTX_get0_privatekey;
> ++ SSL_COMP_set0_compression_methods;
> ++ SSL_COMP_free_compression_methods;
> ++ SSL_CIPHER_find;
> ++ SSL_is_server;
> ++ SSL_CONF_CTX_new;
> ++ SSL_CONF_CTX_finish;
> ++ SSL_CONF_CTX_free;
> ++ SSL_CONF_CTX_set_flags;
> ++ SSL_CONF_CTX_clear_flags;
> ++ SSL_CONF_CTX_set1_prefix;
> ++ SSL_CONF_CTX_set_ssl;
> ++ SSL_CONF_CTX_set_ssl_ctx;
> ++ SSL_CONF_cmd;
> ++ SSL_CONF_cmd_argv;
> ++ SSL_CONF_cmd_value_type;
> ++ SSL_trace;
> ++ SSL_CIPHER_standard_name;
> ++ SSL_get_tlsa_record_byname;
> ++ ASN1_TIME_diff;
> ++ BIO_hex_string;
> ++ CMS_RecipientInfo_get0_pkey_ctx;
> ++ CMS_RecipientInfo_encrypt;
> ++ CMS_SignerInfo_get0_pkey_ctx;
> ++ CMS_SignerInfo_get0_md_ctx;
> ++ CMS_SignerInfo_get0_signature;
> ++ CMS_RecipientInfo_kari_get0_alg;
> ++ CMS_RecipientInfo_kari_get0_reks;
> ++ CMS_RecipientInfo_kari_get0_orig_id;
> ++ CMS_RecipientInfo_kari_orig_id_cmp;
> ++ CMS_RecipientEncryptedKey_get0_id;
> ++ CMS_RecipientEncryptedKey_cert_cmp;
> ++ CMS_RecipientInfo_kari_set0_pkey;
> ++ CMS_RecipientInfo_kari_get0_ctx;
> ++ CMS_RecipientInfo_kari_decrypt;
> ++ CMS_SharedInfo_encode;
> ++ DH_compute_key_padded;
> ++ d2i_DHxparams;
> ++ i2d_DHxparams;
> ++ DH_get_1024_160;
> ++ DH_get_2048_224;
> ++ DH_get_2048_256;
> ++ DH_KDF_X9_42;
> ++ ECDH_KDF_X9_62;
> ++ ECDSA_METHOD_new;
> ++ ECDSA_METHOD_free;
> ++ ECDSA_METHOD_set_app_data;
> ++ ECDSA_METHOD_get_app_data;
> ++ ECDSA_METHOD_set_sign;
> ++ ECDSA_METHOD_set_sign_setup;
> ++ ECDSA_METHOD_set_verify;
> ++ ECDSA_METHOD_set_flags;
> ++ ECDSA_METHOD_set_name;
> ++ EVP_des_ede3_wrap;
> ++ EVP_aes_128_wrap;
> ++ EVP_aes_192_wrap;
> ++ EVP_aes_256_wrap;
> ++ EVP_aes_128_cbc_hmac_sha256;
> ++ EVP_aes_256_cbc_hmac_sha256;
> ++ CRYPTO_128_wrap;
> ++ CRYPTO_128_unwrap;
> ++ OCSP_REQ_CTX_nbio;
> ++ OCSP_REQ_CTX_new;
> ++ OCSP_set_max_response_length;
> ++ OCSP_REQ_CTX_i2d;
> ++ OCSP_REQ_CTX_nbio_d2i;
> ++ OCSP_REQ_CTX_get0_mem_bio;
> ++ OCSP_REQ_CTX_http;
> ++ RSA_padding_add_PKCS1_OAEP_mgf1;
> ++ RSA_padding_check_PKCS1_OAEP_mgf1;
> ++ RSA_OAEP_PARAMS_free;
> ++ RSA_OAEP_PARAMS_it;
> ++ RSA_OAEP_PARAMS_new;
> ++ SSL_get_sigalgs;
> ++ SSL_get_shared_sigalgs;
> ++ SSL_check_chain;
> ++ X509_chain_up_ref;
> ++ X509_http_nbio;
> ++ X509_CRL_http_nbio;
> ++ X509_REVOKED_dup;
> ++ i2d_re_X509_tbs;
> ++ X509_get0_signature;
> ++ X509_get_signature_nid;
> ++ X509_CRL_diff;
> ++ X509_chain_check_suiteb;
> ++ X509_CRL_check_suiteb;
> ++ X509_check_host;
> ++ X509_check_email;
> ++ X509_check_ip;
> ++ X509_check_ip_asc;
> ++ X509_STORE_set_lookup_crls_cb;
> ++ X509_STORE_CTX_get0_store;
> ++ X509_VERIFY_PARAM_set1_host;
> ++ X509_VERIFY_PARAM_add1_host;
> ++ X509_VERIFY_PARAM_set_hostflags;
> ++ X509_VERIFY_PARAM_get0_peername;
> ++ X509_VERIFY_PARAM_set1_email;
> ++ X509_VERIFY_PARAM_set1_ip;
> ++ X509_VERIFY_PARAM_set1_ip_asc;
> ++ X509_VERIFY_PARAM_get0_name;
> ++ X509_VERIFY_PARAM_get_count;
> ++ X509_VERIFY_PARAM_get0;
> ++ X509V3_EXT_free;
> ++ EC_GROUP_get_mont_data;
> ++ EC_curve_nid2nist;
> ++ EC_curve_nist2nid;
> ++ PEM_write_bio_DHxparams;
> ++ PEM_write_DHxparams;
> ++ SSL_CTX_add_client_custom_ext;
> ++ SSL_CTX_add_server_custom_ext;
> ++ SSL_extension_supported;
> ++ BUF_strnlen;
> ++ sk_deep_copy;
> ++ SSL_test_functions;
> ++} OPENSSL_1.0.1d;
> ++
> +Index: openssl-1.0.2~beta1.obsolete.0.0498436515490575/engines/openssl.ld
> +===================================================================
> +--- /dev/null 1970-01-01 00:00:00.000000000 +0000
> ++++ openssl-1.0.2~beta1.obsolete.0.0498436515490575/engines/openssl.ld 2014-02-24 21:02:30.000000000 +0100
> +@@ -0,0 +1,10 @@
> ++OPENSSL_1.0.0 {
> ++ global:
> ++ bind_engine;
> ++ v_check;
> ++ OPENSSL_init;
> ++ OPENSSL_finish;
> ++ local:
> ++ *;
> ++};
> ++
> +Index: openssl-1.0.2~beta1.obsolete.0.0498436515490575/engines/ccgost/openssl.ld
> +===================================================================
> +--- /dev/null 1970-01-01 00:00:00.000000000 +0000
> ++++ openssl-1.0.2~beta1.obsolete.0.0498436515490575/engines/ccgost/openssl.ld 2014-02-24 21:02:30.000000000 +0100
> +@@ -0,0 +1,10 @@
> ++OPENSSL_1.0.0 {
> ++ global:
> ++ bind_engine;
> ++ v_check;
> ++ OPENSSL_init;
> ++ OPENSSL_finish;
> ++ local:
> ++ *;
> ++};
> ++
> diff --git a/meta/recipes-connectivity/openssl/openssl/debian1.0.2/version-script.patch b/meta/recipes-connectivity/openssl/openssl/debian1.0.2/version-script.patch
> index f53efdb..29f11a2 100644
> --- a/meta/recipes-connectivity/openssl/openssl/debian1.0.2/version-script.patch
> +++ b/meta/recipes-connectivity/openssl/openssl/debian1.0.2/version-script.patch
> @@ -15,8 +15,8 @@ Index: openssl-1.0.2~beta1.obsolete.0.0498436515490575/openssl.ld
> ===================================================================
> --- /dev/null 1970-01-01 00:00:00.000000000 +0000
> +++ openssl-1.0.2~beta1.obsolete.0.0498436515490575/openssl.ld 2014-02-24 22:19:08.601827266 +0100
> -@@ -0,0 +1,4621 @@
> -+OPENSSL_1.0.0 {
> +@@ -0,0 +1,4608 @@
> ++OPENSSL_1.0.2d {
> + global:
> + BIO_f_ssl;
> + BIO_new_buffer_ssl_connect;
> @@ -4314,14 +4314,6 @@ Index: openssl-1.0.2~beta1.obsolete.0.0498436515490575/openssl.ld
> + CRYPTO_cbc128_decrypt;
> + CRYPTO_cfb128_encrypt;
> + CRYPTO_cfb128_8_encrypt;
> -+
> -+ local:
> -+ *;
> -+};
> -+
> -+
> -+OPENSSL_1.0.1 {
> -+ global:
> + SSL_renegotiate_abbreviated;
> + TLSv1_1_method;
> + TLSv1_1_client_method;
> @@ -4483,15 +4475,7 @@ Index: openssl-1.0.2~beta1.obsolete.0.0498436515490575/openssl.ld
> + BIO_s_datagram_sctp;
> + BIO_dgram_is_sctp;
> + BIO_dgram_sctp_notification_cb;
> -+} OPENSSL_1.0.0;
> -+
> -+OPENSSL_1.0.1d {
> -+ global:
> + CRYPTO_memcmp;
> -+} OPENSSL_1.0.1;
> -+
> -+OPENSSL_1.0.2 {
> -+ global:
> + SSL_CTX_set_alpn_protos;
> + SSL_set_alpn_protos;
> + SSL_CTX_set_alpn_select_cb;
> @@ -4629,20 +4613,23 @@ Index: openssl-1.0.2~beta1.obsolete.0.0498436515490575/openssl.ld
> + BUF_strnlen;
> + sk_deep_copy;
> + SSL_test_functions;
> -+} OPENSSL_1.0.1d;
> ++
> ++ local:
> ++ *;
> ++};
> +
> +OPENSSL_1.0.2g {
> + global:
> + SRP_VBASE_get1_by_user;
> + SRP_user_pwd_free;
> -+} OPENSSL_1.0.2;
> ++} OPENSSL_1.0.2d;
> +
> Index: openssl-1.0.2~beta1.obsolete.0.0498436515490575/engines/openssl.ld
> ===================================================================
> --- /dev/null 1970-01-01 00:00:00.000000000 +0000
> +++ openssl-1.0.2~beta1.obsolete.0.0498436515490575/engines/openssl.ld 2014-02-24 21:02:30.000000000 +0100
> @@ -0,0 +1,10 @@
> -+OPENSSL_1.0.0 {
> ++OPENSSL_1.0.2 {
> + global:
> + bind_engine;
> + v_check;
> @@ -4657,7 +4644,7 @@ Index: openssl-1.0.2~beta1.obsolete.0.0498436515490575/engines/ccgost/openssl.ld
> --- /dev/null 1970-01-01 00:00:00.000000000 +0000
> +++ openssl-1.0.2~beta1.obsolete.0.0498436515490575/engines/ccgost/openssl.ld 2014-02-24 21:02:30.000000000 +0100
> @@ -0,0 +1,10 @@
> -+OPENSSL_1.0.0 {
> ++OPENSSL_1.0.2 {
> + global:
> + bind_engine;
> + v_check;
> diff --git a/meta/recipes-connectivity/openssl/openssl/fix-cipher-des-ede3-cfb1.patch b/meta/recipes-connectivity/openssl/openssl/fix-cipher-des-ede3-cfb1.patch
> index 06d1ea6..2a318a4 100644
> --- a/meta/recipes-connectivity/openssl/openssl/fix-cipher-des-ede3-cfb1.patch
> +++ b/meta/recipes-connectivity/openssl/openssl/fix-cipher-des-ede3-cfb1.patch
> @@ -4,7 +4,7 @@ This patch adds the fix for one of the ciphers used in openssl, namely
> the cipher des-ede3-cfb1. Complete bug log and patch is present here:
> http://rt.openssl.org/Ticket/Display.html?id=2867
>
> -Signed-Off-By: Muhammad Shakeel <muhammad_shakeel@mentor.com>
> +Signed-off-by: Muhammad Shakeel <muhammad_shakeel@mentor.com>
>
> Index: openssl-1.0.2/crypto/evp/e_des3.c
> ===================================================================
> diff --git a/meta/recipes-connectivity/openssl/openssl/openssl-c_rehash.sh b/meta/recipes-connectivity/openssl/openssl/openssl-c_rehash.sh
> new file mode 100644
> index 0000000..6620fdc
> --- /dev/null
> +++ b/meta/recipes-connectivity/openssl/openssl/openssl-c_rehash.sh
> @@ -0,0 +1,222 @@
> +#!/bin/sh
> +#
> +# Ben Secrest <blsecres@gmail.com>
> +#
> +# sh c_rehash script, scan all files in a directory
> +# and add symbolic links to their hash values.
> +#
> +# based on the c_rehash perl script distributed with openssl
> +#
> +# LICENSE: See OpenSSL license
> +# ^^acceptable?^^
> +#
> +
> +# default certificate location
> +DIR=/etc/openssl
> +
> +# for filetype bitfield
> +IS_CERT=$(( 1 << 0 ))
> +IS_CRL=$(( 1 << 1 ))
> +
> +
> +# check to see if a file is a certificate file or a CRL file
> +# arguments:
> +# 1. the filename to be scanned
> +# returns:
> +# bitfield of file type; uses ${IS_CERT} and ${IS_CRL}
> +#
> +check_file()
> +{
> + local IS_TYPE=0
> +
> + # make IFS a newline so we can process grep output line by line
> + local OLDIFS=${IFS}
> + IFS=$( printf "\n" )
> +
> + # XXX: could be more efficient to have two 'grep -m' but is -m portable?
> + for LINE in $( grep '^-----BEGIN .*-----' ${1} )
> + do
> + if echo ${LINE} \
> + | grep -q -E '^-----BEGIN (X509 |TRUSTED )?CERTIFICATE-----'
> + then
> + IS_TYPE=$(( ${IS_TYPE} | ${IS_CERT} ))
> +
> + if [ $(( ${IS_TYPE} & ${IS_CRL} )) -ne 0 ]
> + then
> + break
> + fi
> + elif echo ${LINE} | grep -q '^-----BEGIN X509 CRL-----'
> + then
> + IS_TYPE=$(( ${IS_TYPE} | ${IS_CRL} ))
> +
> + if [ $(( ${IS_TYPE} & ${IS_CERT} )) -ne 0 ]
> + then
> + break
> + fi
> + fi
> + done
> +
> + # restore IFS
> + IFS=${OLDIFS}
> +
> + return ${IS_TYPE}
> +}
> +
> +
> +#
> +# use openssl to fingerprint a file
> +# arguments:
> +# 1. the filename to fingerprint
> +# 2. the method to use (x509, crl)
> +# returns:
> +# none
> +# assumptions:
> +# user will capture output from last stage of pipeline
> +#
> +fingerprint()
> +{
> + ${SSL_CMD} ${2} -fingerprint -noout -in ${1} | sed 's/^.*=//' | tr -d ':'
> +}
> +
> +
> +#
> +# link_hash - create links to certificate files
> +# arguments:
> +# 1. the filename to create a link for
> +# 2. the type of certificate being linked (x509, crl)
> +# returns:
> +# 0 on success, 1 otherwise
> +#
> +link_hash()
> +{
> + local FINGERPRINT=$( fingerprint ${1} ${2} )
> + local HASH=$( ${SSL_CMD} ${2} -hash -noout -in ${1} )
> + local SUFFIX=0
> + local LINKFILE=''
> + local TAG=''
> +
> + if [ ${2} = "crl" ]
> + then
> + TAG='r'
> + fi
> +
> + LINKFILE=${HASH}.${TAG}${SUFFIX}
> +
> + while [ -f ${LINKFILE} ]
> + do
> + if [ ${FINGERPRINT} = $( fingerprint ${LINKFILE} ${2} ) ]
> + then
> + echo "NOTE: Skipping duplicate file ${1}" >&2
> + return 1
> + fi
> +
> + SUFFIX=$(( ${SUFFIX} + 1 ))
> + LINKFILE=${HASH}.${TAG}${SUFFIX}
> + done
> +
> + echo "${3} => ${LINKFILE}"
> +
> + # assume any system with a POSIX shell will either support symlinks or
> + # do something to handle this gracefully
> + ln -s ${3} ${LINKFILE}
> +
> + return 0
> +}
> +
> +
> +# hash_dir create hash links in a given directory
> +hash_dir()
> +{
> + echo "Doing ${1}"
> +
> + cd ${1}
> +
> + ls -1 * 2>/dev/null | while read FILE
> + do
> + if echo ${FILE} | grep -q -E '^[[:xdigit:]]{8}\.r?[[:digit:]]+$' \
> + && [ -h "${FILE}" ]
> + then
> + rm ${FILE}
> + fi
> + done
> +
> + ls -1 *.pem *.cer *.crt *.crl 2>/dev/null | while read FILE
> + do
> + REAL_FILE=${FILE}
> + # if we run on build host then get to the real files in rootfs
> + if [ -n "${SYSROOT}" -a -h ${FILE} ]
> + then
> + FILE=$( readlink ${FILE} )
> + # check the symlink is absolute (or dangling in other word)
> + if [ "x/" = "x$( echo ${FILE} | cut -c1 -)" ]
> + then
> + REAL_FILE=${SYSROOT}/${FILE}
> + fi
> + fi
> +
> + check_file ${REAL_FILE}
> + local FILE_TYPE=${?}
> + local TYPE_STR=''
> +
> + if [ $(( ${FILE_TYPE} & ${IS_CERT} )) -ne 0 ]
> + then
> + TYPE_STR='x509'
> + elif [ $(( ${FILE_TYPE} & ${IS_CRL} )) -ne 0 ]
> + then
> + TYPE_STR='crl'
> + else
> + echo "NOTE: ${FILE} does not contain a certificate or CRL: skipping" >&2
> + continue
> + fi
> +
> + link_hash ${REAL_FILE} ${TYPE_STR} ${FILE}
> + done
> +}
> +
> +
> +# choose the name of an ssl application
> +if [ -n "${OPENSSL}" ]
> +then
> + SSL_CMD=$(which ${OPENSSL} 2>/dev/null)
> +else
> + SSL_CMD=/usr/bin/openssl
> + OPENSSL=${SSL_CMD}
> + export OPENSSL
> +fi
> +
> +# fix paths
> +PATH=${PATH}:${DIR}/bin
> +export PATH
> +
> +# confirm existance/executability of ssl command
> +if ! [ -x ${SSL_CMD} ]
> +then
> + echo "${0}: rehashing skipped ('openssl' program not available)" >&2
> + exit 0
> +fi
> +
> +# determine which directories to process
> +old_IFS=$IFS
> +if [ ${#} -gt 0 ]
> +then
> + IFS=':'
> + DIRLIST=${*}
> +elif [ -n "${SSL_CERT_DIR}" ]
> +then
> + DIRLIST=$SSL_CERT_DIR
> +else
> + DIRLIST=${DIR}/certs
> +fi
> +
> +IFS=':'
> +
> +# process directories
> +for CERT_DIR in ${DIRLIST}
> +do
> + if [ -d ${CERT_DIR} -a -w ${CERT_DIR} ]
> + then
> + IFS=$old_IFS
> + hash_dir ${CERT_DIR}
> + IFS=':'
> + fi
> +done
> diff --git a/meta/recipes-connectivity/openssl/openssl/openssl-util-perlpath.pl-cwd.patch b/meta/recipes-connectivity/openssl/openssl/openssl-util-perlpath.pl-cwd.patch
> new file mode 100644
> index 0000000..065b9b1
> --- /dev/null
> +++ b/meta/recipes-connectivity/openssl/openssl/openssl-util-perlpath.pl-cwd.patch
> @@ -0,0 +1,34 @@
> +From e427748f3bb5d37e78dc8d70a558c373aa8ababb Mon Sep 17 00:00:00 2001
> +From: Robert Yang <liezhi.yang@windriver.com>
> +Date: Mon, 19 Sep 2016 22:06:28 -0700
> +Subject: [PATCH] util/perlpath.pl: make it work when cwd is not in @INC
> +
> +Fixed when building on Debian-testing:
> +| Can't locate find.pl in @INC (@INC contains: /etc/perl /usr/local/lib/x86_64-linux-gnu/perl/5.22.2 /usr/local/share/perl/5.22.2 /usr/lib/x86_64-linux-gnu/perl5/5.22 /usr/share/perl5 /usr/lib/x86_64-linux-gnu/perl/5.22 /usr/share/perl/5.22 /usr/local/lib/site_perl /usr/lib/x86_64-linux-gnu/perl-base) at perlpath.pl line 7.
> +
> +The find.pl is added by oe-core, so once openssl/find.pl is removed,
> +then this patch can be dropped.
> +
> +Upstream-Status: Inappropriate [OE-Specific]
> +
> +Signed-off-by: Robert Yang <liezhi.yang@windriver.com>
> +---
> + util/perlpath.pl | 2 ++
> + 1 file changed, 2 insertions(+)
> +
> +diff --git a/util/perlpath.pl b/util/perlpath.pl
> +index a1f236b..5599892 100755
> +--- a/util/perlpath.pl
> ++++ b/util/perlpath.pl
> +@@ -4,6 +4,8 @@
> + # line in all scripts that rely on perl.
> + #
> +
> ++BEGIN { unshift @INC, "."; }
> ++
> + require "find.pl";
> +
> + $#ARGV == 0 || print STDERR "usage: perlpath newpath (eg /usr/bin)\n";
> +--
> +2.9.0
> +
> diff --git a/meta/recipes-connectivity/openssl/openssl/openssl_fix_for_x32.patch b/meta/recipes-connectivity/openssl/openssl/openssl_fix_for_x32.patch
> index cbce32c..0f08a64 100644
> --- a/meta/recipes-connectivity/openssl/openssl/openssl_fix_for_x32.patch
> +++ b/meta/recipes-connectivity/openssl/openssl/openssl_fix_for_x32.patch
> @@ -2,10 +2,10 @@ Upstream-Status: Pending
>
> Received from H J Liu @ Intel
> Make the assembly syntax compatible with x32 gcc. Othewise x32 gcc throws errors.
> -Signed-Off-By: Nitin A Kamble <nitin.a.kamble@intel.com> 2011/07/13
> +Signed-off-by: Nitin A Kamble <nitin.a.kamble@intel.com> 2011/07/13
>
> ported the patch to the 1.0.0e version
> -Signed-Off-By: Nitin A Kamble <nitin.a.kamble@intel.com> 2011/12/01
> +Signed-off-by: Nitin A Kamble <nitin.a.kamble@intel.com> 2011/12/01
> Index: openssl-1.0.2/crypto/bn/bn.h
> ===================================================================
> --- openssl-1.0.2.orig/crypto/bn/bn.h
> diff --git a/meta/recipes-connectivity/openssl/openssl/parallel.patch b/meta/recipes-connectivity/openssl/openssl/parallel.patch
> index b6c2c14..f3f4c99 100644
> --- a/meta/recipes-connectivity/openssl/openssl/parallel.patch
> +++ b/meta/recipes-connectivity/openssl/openssl/parallel.patch
> @@ -6,6 +6,9 @@ https://gitweb.gentoo.org/repo/gentoo.git/plain/dev-libs/openssl/files/openssl-1
> Upstream-Status: Pending
> Signed-off-by: Ross Burton <ross.burton@intel.com>
>
> +Refreshed for 1.0.2i
> +Signed-off-by: Patrick Ohly <patrick.ohly@intel.com>
> +
> --- openssl-1.0.2g/crypto/Makefile
> +++ openssl-1.0.2g/crypto/Makefile
> @@ -85,11 +85,11 @@
> @@ -133,7 +136,7 @@ Signed-off-by: Ross Burton <ross.burton@intel.com>
> fi; \
> --- openssl-1.0.2g/test/Makefile
> +++ openssl-1.0.2g/test/Makefile
> -@@ -139,7 +139,7 @@
> +@@ -144,7 +144,7 @@
> tags:
> ctags $(SRC)
>
> @@ -142,7 +145,7 @@ Signed-off-by: Ross Burton <ross.burton@intel.com>
>
> apps:
> @(cd ..; $(MAKE) DIRS=apps all)
> -@@ -421,130 +421,130 @@
> +@@ -438,136 +438,136 @@
> link_app.$${shlib_target}
>
> $(RSATEST)$(EXE_EXT): $(RSATEST).o $(DLIBCRYPTO)
> @@ -309,13 +312,21 @@ Signed-off-by: Ross Burton <ross.burton@intel.com>
> - @target=$(CLIENTHELLOTEST) $(BUILD_CMD)
> + +@target=$(CLIENTHELLOTEST) $(BUILD_CMD)
>
> + $(BADDTLSTEST)$(EXE_EXT): $(BADDTLSTEST).o
> +- @target=$(BADDTLSTEST) $(BUILD_CMD)
> ++ +@target=$(BADDTLSTEST) $(BUILD_CMD)
> +
> $(SSLV2CONFTEST)$(EXE_EXT): $(SSLV2CONFTEST).o
> - @target=$(SSLV2CONFTEST) $(BUILD_CMD)
> + +@target=$(SSLV2CONFTEST) $(BUILD_CMD)
>
> + $(DTLSTEST)$(EXE_EXT): $(DTLSTEST).o ssltestlib.o $(DLIBSSL) $(DLIBCRYPTO)
> +- @target=$(DTLSTEST); exobj=ssltestlib.o; $(BUILD_CMD)
> ++ +@target=$(DTLSTEST); exobj=ssltestlib.o; $(BUILD_CMD)
> +
> #$(AESTEST).o: $(AESTEST).c
> # $(CC) -c $(CFLAGS) -DINTERMEDIATE_VALUE_KAT -DTRACE_KAT_MCT $(AESTEST).c
> -@@ -557,7 +557,7 @@
> +@@ -580,6 +580,6 @@
> # fi
>
> dummytest$(EXE_EXT): dummytest.o $(DLIBCRYPTO)
> diff --git a/meta/recipes-connectivity/openssl/openssl_1.0.2h.bb b/meta/recipes-connectivity/openssl/openssl_1.0.2h.bb
> deleted file mode 100644
> index 26bc6be..0000000
> --- a/meta/recipes-connectivity/openssl/openssl_1.0.2h.bb
> +++ /dev/null
> @@ -1,82 +0,0 @@
> -require openssl.inc
> -
> -# For target side versions of openssl enable support for OCF Linux driver
> -# if they are available.
> -DEPENDS += "cryptodev-linux"
> -
> -CFLAG += "-DHAVE_CRYPTODEV -DUSE_CRYPTODEV_DIGESTS"
> -
> -LIC_FILES_CHKSUM = "file://LICENSE;md5=27ffa5d74bb5a337056c14b2ef93fbf6"
> -
> -export DIRS = "crypto ssl apps engines"
> -export OE_LDFLAGS="${LDFLAGS}"
> -
> -SRC_URI += "file://configure-targets.patch \
> - file://shared-libs.patch \
> - file://oe-ldflags.patch \
> - file://engines-install-in-libdir-ssl.patch \
> - file://debian1.0.2/block_diginotar.patch \
> - file://debian1.0.2/block_digicert_malaysia.patch \
> - file://debian/ca.patch \
> - file://debian/c_rehash-compat.patch \
> - file://debian/debian-targets.patch \
> - file://debian/man-dir.patch \
> - file://debian/man-section.patch \
> - file://debian/no-rpath.patch \
> - file://debian/no-symbolic.patch \
> - file://debian/pic.patch \
> - file://debian1.0.2/version-script.patch \
> - file://openssl_fix_for_x32.patch \
> - file://fix-cipher-des-ede3-cfb1.patch \
> - file://openssl-avoid-NULL-pointer-dereference-in-EVP_DigestInit_ex.patch \
> - file://find.pl \
> - file://openssl-fix-des.pod-error.patch \
> - file://Makefiles-ptest.patch \
> - file://ptest-deps.patch \
> - file://run-ptest \
> - file://crypto_use_bigint_in_x86-64_perl.patch \
> - file://openssl-1.0.2a-x32-asm.patch \
> - file://ptest_makefile_deps.patch \
> - file://parallel.patch \
> - file://CVE-2016-2177.patch \
> - file://CVE-2016-2178.patch \
> - file://CVE-2016-2180.patch \
> - file://CVE-2016-2181_p1.patch \
> - file://CVE-2016-2181_p2.patch \
> - file://CVE-2016-2181_p3.patch \
> - file://CVE-2016-2182.patch \
> - file://CVE-2016-6302.patch \
> - file://CVE-2016-6303.patch \
> - file://CVE-2016-6304.patch \
> - file://CVE-2016-6306.patch \
> - file://CVE-2016-2179.patch \
> - file://CVE-2016-8610.patch \
> - "
> -
> -SRC_URI[md5sum] = "9392e65072ce4b614c1392eefc1f23d0"
> -SRC_URI[sha256sum] = "1d4007e53aad94a5b2002fe045ee7bb0b3d98f1a47f8b2bc851dcd1c74332919"
> -
> -PACKAGES =+ " \
> - ${PN}-engines \
> - ${PN}-engines-dbg \
> - "
> -
> -FILES_${PN}-engines = "${libdir}/ssl/engines/*.so ${libdir}/engines"
> -FILES_${PN}-engines-dbg = "${libdir}/ssl/engines/.debug"
> -
> -PARALLEL_MAKE = ""
> -PARALLEL_MAKEINST = ""
> -
> -do_configure_prepend() {
> - cp ${WORKDIR}/find.pl ${S}/util/find.pl
> -}
> -
> -# The crypto_use_bigint patch means that perl's bignum module needs to be
> -# installed, but some distributions (for example Fedora 23) don't ship it by
> -# default. As the resulting error is very misleading check for bignum before
> -# building.
> -do_configure_prepend() {
> - if ! perl -Mbigint -e true; then
> - bbfatal "The perl module 'bignum' was not found but this is required to build openssl. Please install this module (often packaged as perl-bignum) and re-run bitbake."
> - fi
> -}
> diff --git a/meta/recipes-connectivity/openssl/openssl_1.0.2k.bb b/meta/recipes-connectivity/openssl/openssl_1.0.2k.bb
> new file mode 100644
> index 0000000..f333c8f
> --- /dev/null
> +++ b/meta/recipes-connectivity/openssl/openssl_1.0.2k.bb
> @@ -0,0 +1,64 @@
> +require openssl.inc
> +
> +# For target side versions of openssl enable support for OCF Linux driver
> +# if they are available.
> +DEPENDS += "cryptodev-linux"
> +
> +CFLAG += "-DHAVE_CRYPTODEV -DUSE_CRYPTODEV_DIGESTS"
> +CFLAG_append_class-native = " -fPIC"
> +
> +LIC_FILES_CHKSUM = "file://LICENSE;md5=27ffa5d74bb5a337056c14b2ef93fbf6"
> +
> +export DIRS = "crypto ssl apps engines"
> +export OE_LDFLAGS="${LDFLAGS}"
> +
> +SRC_URI += "file://find.pl;subdir=${BP}/util/ \
> + file://run-ptest \
> + file://openssl-c_rehash.sh \
> + file://configure-targets.patch \
> + file://shared-libs.patch \
> + file://oe-ldflags.patch \
> + file://engines-install-in-libdir-ssl.patch \
> + file://debian1.0.2/block_diginotar.patch \
> + file://debian1.0.2/block_digicert_malaysia.patch \
> + file://debian/ca.patch \
> + file://debian/c_rehash-compat.patch \
> + file://debian/debian-targets.patch \
> + file://debian/man-dir.patch \
> + file://debian/man-section.patch \
> + file://debian/no-rpath.patch \
> + file://debian/no-symbolic.patch \
> + file://debian/pic.patch \
> + file://debian1.0.2/version-script.patch \
> + file://openssl_fix_for_x32.patch \
> + file://fix-cipher-des-ede3-cfb1.patch \
> + file://openssl-avoid-NULL-pointer-dereference-in-EVP_DigestInit_ex.patch \
> + file://openssl-fix-des.pod-error.patch \
> + file://Makefiles-ptest.patch \
> + file://ptest-deps.patch \
> + file://openssl-1.0.2a-x32-asm.patch \
> + file://ptest_makefile_deps.patch \
> + file://parallel.patch \
> + file://openssl-util-perlpath.pl-cwd.patch \
> + file://0002-CVE-2017-3731.patch \
> + "
> +SRC_URI[md5sum] = "f965fc0bf01bf882b31314b61391ae65"
> +SRC_URI[sha256sum] = "6b3977c61f2aedf0f96367dcfb5c6e578cf37e7b8d913b4ecb6643c3cb88d8c0"
> +
> +PACKAGES =+ " \
> + ${PN}-engines \
> + ${PN}-engines-dbg \
> + "
> +
> +FILES_${PN}-engines = "${libdir}/ssl/engines/*.so ${libdir}/engines"
> +FILES_${PN}-engines-dbg = "${libdir}/ssl/engines/.debug"
> +
> +# The crypto_use_bigint patch means that perl's bignum module needs to be
> +# installed, but some distributions (for example Fedora 23) don't ship it by
> +# default. As the resulting error is very misleading check for bignum before
> +# building.
> +do_configure_prepend() {
> + if ! perl -Mbigint -e true; then
> + bbfatal "The perl module 'bignum' was not found but this is required to build openssl. Please install this module (often packaged as perl-bignum) and re-run bitbake."
> + fi
> +}
> --
> 2.7.4
>
^ permalink raw reply [flat|nested] 4+ messages in thread
* Re: [jethro][PATCH] Forklift OpenSSL 1.0.k to Jethro
2017-03-06 3:20 [jethro][PATCH] Forklift OpenSSL 1.0.k to Jethro Rebecca Chang Swee Fun
2017-03-06 3:20 ` [jethro][PATCH] openssl: upgrade 1.0.2h -> 1.0.2k Rebecca Chang Swee Fun
@ 2017-03-06 16:01 ` akuster808
1 sibling, 0 replies; 4+ messages in thread
From: akuster808 @ 2017-03-06 16:01 UTC (permalink / raw)
To: Rebecca Chang Swee Fun, openembedded-core
On 03/05/2017 07:20 PM, Rebecca Chang Swee Fun wrote:
> From: "Chang, Rebecca Swee Fun" <rebecca.swee.fun.chang@intel.com>
>
> Hi all,
>
> This is an version upgrade for OpenSSL from 1.0.2h to 1.0.2k.
> The upgrade was forklifted from OE-Core master branch to
> Jethro branch and remove upstream dependencies to new bbclasses.
>
> The details of CVEs are mentioned in the patch commit message.
>
> The main purpose of this forklifting effort is to make sure
> OpenSSL shipped in BSPs is updated.
> Due to OpenSSL version
> fork in Jethro, it is difficult to do purely "git cherry-pick"
> and resolving conflicts everywhere.
Its not difficult, its just time consuming.
> This is main reason I opted for forklifting approach.
We have discussed updating openssl as the method for managing this
package in stable branches and it was met with lots of resistance.
Seeing this is Jethro ( nearly 2 yrs old), I would suspect this is a
much harder sell to make.
>
> This is the first time I did an upgrade for OpenSSL. Please
> help to review and provide feedbacks if this approach is not
> feasible.
The feasible call is on the stable branch maintainer and oe-core layer
maintainers.
per policy, these changes would have to propagate through the other
stable branches first if we didn't want to make an exception.
- armin
> I'm looking forward to learn from everyone of you.
>
> Thank you very much.
>
> Regards,
> Rebecca
>
> Chang, Rebecca Swee Fun (1):
> openssl: upgrade 1.0.2h -> 1.0.2k
>
> meta/recipes-connectivity/openssl/openssl.inc | 104 +-
> .../openssl/openssl/0002-CVE-2017-3731.patch | 53 +
> .../openssl/openssl/CVE-2016-2177.patch | 286 --
> .../openssl/openssl/CVE-2016-2178.patch | 51 -
> .../openssl/openssl/CVE-2016-2179.patch | 255 --
> .../openssl/openssl/CVE-2016-2180.patch | 44 -
> .../openssl/openssl/CVE-2016-2181_p1.patch | 91 -
> .../openssl/openssl/CVE-2016-2181_p2.patch | 239 -
> .../openssl/openssl/CVE-2016-2181_p3.patch | 30 -
> .../openssl/openssl/CVE-2016-2182.patch | 70 -
> .../openssl/openssl/CVE-2016-6302.patch | 53 -
> .../openssl/openssl/CVE-2016-6303.patch | 36 -
> .../openssl/openssl/CVE-2016-6304.patch | 75 -
> .../openssl/openssl/CVE-2016-6306.patch | 71 -
> .../openssl/openssl/CVE-2016-8610.patch | 124 -
> .../Use-SHA256-not-MD5-as-default-digest.patch | 69 +
> .../openssl/crypto_use_bigint_in_x86-64_perl.patch | 33 -
> .../openssl/openssl/debian/ca.patch | 2 +-
> .../openssl/openssl/debian/version-script.patch | 4663 ++++++++++++++++++++
> .../openssl/debian1.0.2/version-script.patch | 31 +-
> .../openssl/openssl/fix-cipher-des-ede3-cfb1.patch | 2 +-
> .../openssl/openssl/openssl-c_rehash.sh | 222 +
> .../openssl/openssl-util-perlpath.pl-cwd.patch | 34 +
> .../openssl/openssl/openssl_fix_for_x32.patch | 4 +-
> .../openssl/openssl/parallel.patch | 17 +-
> .../recipes-connectivity/openssl/openssl_1.0.2h.bb | 82 -
> .../recipes-connectivity/openssl/openssl_1.0.2k.bb | 64 +
> 27 files changed, 5200 insertions(+), 1605 deletions(-)
> create mode 100644 meta/recipes-connectivity/openssl/openssl/0002-CVE-2017-3731.patch
> delete mode 100644 meta/recipes-connectivity/openssl/openssl/CVE-2016-2177.patch
> delete mode 100644 meta/recipes-connectivity/openssl/openssl/CVE-2016-2178.patch
> delete mode 100644 meta/recipes-connectivity/openssl/openssl/CVE-2016-2179.patch
> delete mode 100644 meta/recipes-connectivity/openssl/openssl/CVE-2016-2180.patch
> delete mode 100644 meta/recipes-connectivity/openssl/openssl/CVE-2016-2181_p1.patch
> delete mode 100644 meta/recipes-connectivity/openssl/openssl/CVE-2016-2181_p2.patch
> delete mode 100644 meta/recipes-connectivity/openssl/openssl/CVE-2016-2181_p3.patch
> delete mode 100644 meta/recipes-connectivity/openssl/openssl/CVE-2016-2182.patch
> delete mode 100644 meta/recipes-connectivity/openssl/openssl/CVE-2016-6302.patch
> delete mode 100644 meta/recipes-connectivity/openssl/openssl/CVE-2016-6303.patch
> delete mode 100644 meta/recipes-connectivity/openssl/openssl/CVE-2016-6304.patch
> delete mode 100644 meta/recipes-connectivity/openssl/openssl/CVE-2016-6306.patch
> delete mode 100644 meta/recipes-connectivity/openssl/openssl/CVE-2016-8610.patch
> create mode 100644 meta/recipes-connectivity/openssl/openssl/Use-SHA256-not-MD5-as-default-digest.patch
> delete mode 100644 meta/recipes-connectivity/openssl/openssl/crypto_use_bigint_in_x86-64_perl.patch
> create mode 100644 meta/recipes-connectivity/openssl/openssl/debian/version-script.patch
> create mode 100644 meta/recipes-connectivity/openssl/openssl/openssl-c_rehash.sh
> create mode 100644 meta/recipes-connectivity/openssl/openssl/openssl-util-perlpath.pl-cwd.patch
> delete mode 100644 meta/recipes-connectivity/openssl/openssl_1.0.2h.bb
> create mode 100644 meta/recipes-connectivity/openssl/openssl_1.0.2k.bb
>
^ permalink raw reply [flat|nested] 4+ messages in thread
end of thread, other threads:[~2017-03-06 16:01 UTC | newest]
Thread overview: 4+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2017-03-06 3:20 [jethro][PATCH] Forklift OpenSSL 1.0.k to Jethro Rebecca Chang Swee Fun
2017-03-06 3:20 ` [jethro][PATCH] openssl: upgrade 1.0.2h -> 1.0.2k Rebecca Chang Swee Fun
2017-03-06 15:02 ` Leonardo Sandoval
2017-03-06 16:01 ` [jethro][PATCH] Forklift OpenSSL 1.0.k to Jethro akuster808
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox