* Re: [jethro][PATCH] openssl: upgrade 1.0.2h -> 1.0.2k
2017-03-06 3:20 ` [jethro][PATCH] openssl: upgrade 1.0.2h -> 1.0.2k Rebecca Chang Swee Fun
@ 2017-03-06 15:02 ` Leonardo Sandoval
0 siblings, 0 replies; 4+ messages in thread
From: Leonardo Sandoval @ 2017-03-06 15:02 UTC (permalink / raw)
To: Rebecca Chang Swee Fun; +Cc: openembedded-core
For the moment, patchtest is not sending its results, but this is what
it reported for the series sent:
* Issue Added patch file is missing Upstream-Status in the
header [test_upstream_status_presence]
Suggested fix Add Upstream-Status: <status> to the header of meta/recipes-connectivity/openssl/openssl/debian/version-script.patch (possible values: Pending, Submitted, Accepted, Backport, Denied, Inappropriate)
* Issue A patch file has been added, but does not have a Signed-off-by tag [test_signed_off_by_presence]
Suggested fix Sign off the added patch file (meta/recipes-connectivity/openssl/openssl/debian/version-script.patch)
On Mon, 2017-03-06 at 11:20 +0800, Rebecca Chang Swee Fun wrote:
> From: "Chang, Rebecca Swee Fun" <rebecca.swee.fun.chang@intel.com>
>
> This upgrade fixes several security CVEs:
> * Carry propagating bug in Montgomery multiplication (CVE-2016-7055)
> * Truncated packet could crash via OOB read (CVE-2017-3731p1)
> * BN_mod_exp may produce incorrect results on x86_64 (CVE-2017-3732)
>
> Backported 0002-CVE-2017-3731.patch for CVE-2017-3731p2 from:
> OE-Core rev: 1fe1cb3e6e03b4f7f0d30b2b67edc8809a18fe70
>
> This upgrade includes several bug fixes from OE-Core master:
> * openssl: Add Shell-Script based c_rehash utility
> (From OE-Core rev: cb6150f1a779e356f120d5e45c91fda75789970a)
> * openssl: use subdir= instead of moving files in do_configure_prepend()
> (From OE-Core rev: a960b6024f1b17994b0f4683a4e70fd2a079bd90)
> * openssl: enable parallel make
> (From OE-Core rev: ea89857f17a374b6095371ebe2422d2e83735cee)
> * openssl: fix ptest issues
> (From OE-Core rev: 928adfc807d3c812fcd748e2cf65f392eebd852c)
> * openssl.inc: avoid random ptest failures
> (From OE-Core rev: 101e2a5e0b7822ca3de3d3a73369405c05ab3c5b)
> * openssl: Add support for many MIPS configurations
> (From OE-Core rev: cd1f6fbf9a2113cf510c25de2eb3895468e79149)
> * openssl: fix mips64 configure support
> (From OE-Core rev: 245113ca1075bc3f0c47952e80b437229f855080)
> * openssl: Use linux-aarch64 target for aarch64
> (From OE-Core rev: 13e9a692510151383bc3243c3917154896b0e049)
> * openssl: Ensure SSL certificates are stored on sysconfdir
> (From OE-Core rev: 50d63fa346bbb05dafffc0cb55e21e1092272d95)
> * openssl.inc: minor packaging cleanup
> (From OE-Core rev: 3f81b516e2f23683ce6129bb79bcc08263cb7fe1)
> * openssl: don't move libcrypto to base_libdir
> (From OE-Core rev: 0be2ab32f690a2fcba0e821abe11460958bbc6dc)
> * openssl: fix add missing dependencies building for test directory
> (From OE-Core rev: 030142d0410bec85aeacfff6be27d5fed41ce808)
> * openssl: fix add missing `make depend` command before `make` library
> (From OE-Core rev: e3c251427a305780d3257a011260bd978de273d5)
>
> The following CVEs has been fixed in 1.0.2k.
> Hence, removing the patchset from this layer.
> * CVE-2016-2177, CVE-2016-2178, CVE-2016-2179,
> * CVE-2016-2180, CVE-2016-2181, CVE-2016-2182,
> * CVE-2016-6302, CVE-2016-6303, CVE-2016-6304,
> * CVE-2016-6306, CVE-2016-8610
>
> Signed-off-by: Chang, Rebecca Swee Fun <rebecca.swee.fun.chang@intel.com>
> ---
> meta/recipes-connectivity/openssl/openssl.inc | 104 +-
> .../openssl/openssl/0002-CVE-2017-3731.patch | 53 +
> .../openssl/openssl/CVE-2016-2177.patch | 286 --
> .../openssl/openssl/CVE-2016-2178.patch | 51 -
> .../openssl/openssl/CVE-2016-2179.patch | 255 --
> .../openssl/openssl/CVE-2016-2180.patch | 44 -
> .../openssl/openssl/CVE-2016-2181_p1.patch | 91 -
> .../openssl/openssl/CVE-2016-2181_p2.patch | 239 -
> .../openssl/openssl/CVE-2016-2181_p3.patch | 30 -
> .../openssl/openssl/CVE-2016-2182.patch | 70 -
> .../openssl/openssl/CVE-2016-6302.patch | 53 -
> .../openssl/openssl/CVE-2016-6303.patch | 36 -
> .../openssl/openssl/CVE-2016-6304.patch | 75 -
> .../openssl/openssl/CVE-2016-6306.patch | 71 -
> .../openssl/openssl/CVE-2016-8610.patch | 124 -
> .../Use-SHA256-not-MD5-as-default-digest.patch | 69 +
> .../openssl/crypto_use_bigint_in_x86-64_perl.patch | 33 -
> .../openssl/openssl/debian/ca.patch | 2 +-
> .../openssl/openssl/debian/version-script.patch | 4663 ++++++++++++++++++++
> .../openssl/debian1.0.2/version-script.patch | 31 +-
> .../openssl/openssl/fix-cipher-des-ede3-cfb1.patch | 2 +-
> .../openssl/openssl/openssl-c_rehash.sh | 222 +
> .../openssl/openssl-util-perlpath.pl-cwd.patch | 34 +
> .../openssl/openssl/openssl_fix_for_x32.patch | 4 +-
> .../openssl/openssl/parallel.patch | 17 +-
> .../recipes-connectivity/openssl/openssl_1.0.2h.bb | 82 -
> .../recipes-connectivity/openssl/openssl_1.0.2k.bb | 64 +
> 27 files changed, 5200 insertions(+), 1605 deletions(-)
> create mode 100644 meta/recipes-connectivity/openssl/openssl/0002-CVE-2017-3731.patch
> delete mode 100644 meta/recipes-connectivity/openssl/openssl/CVE-2016-2177.patch
> delete mode 100644 meta/recipes-connectivity/openssl/openssl/CVE-2016-2178.patch
> delete mode 100644 meta/recipes-connectivity/openssl/openssl/CVE-2016-2179.patch
> delete mode 100644 meta/recipes-connectivity/openssl/openssl/CVE-2016-2180.patch
> delete mode 100644 meta/recipes-connectivity/openssl/openssl/CVE-2016-2181_p1.patch
> delete mode 100644 meta/recipes-connectivity/openssl/openssl/CVE-2016-2181_p2.patch
> delete mode 100644 meta/recipes-connectivity/openssl/openssl/CVE-2016-2181_p3.patch
> delete mode 100644 meta/recipes-connectivity/openssl/openssl/CVE-2016-2182.patch
> delete mode 100644 meta/recipes-connectivity/openssl/openssl/CVE-2016-6302.patch
> delete mode 100644 meta/recipes-connectivity/openssl/openssl/CVE-2016-6303.patch
> delete mode 100644 meta/recipes-connectivity/openssl/openssl/CVE-2016-6304.patch
> delete mode 100644 meta/recipes-connectivity/openssl/openssl/CVE-2016-6306.patch
> delete mode 100644 meta/recipes-connectivity/openssl/openssl/CVE-2016-8610.patch
> create mode 100644 meta/recipes-connectivity/openssl/openssl/Use-SHA256-not-MD5-as-default-digest.patch
> delete mode 100644 meta/recipes-connectivity/openssl/openssl/crypto_use_bigint_in_x86-64_perl.patch
> create mode 100644 meta/recipes-connectivity/openssl/openssl/debian/version-script.patch
> create mode 100644 meta/recipes-connectivity/openssl/openssl/openssl-c_rehash.sh
> create mode 100644 meta/recipes-connectivity/openssl/openssl/openssl-util-perlpath.pl-cwd.patch
> delete mode 100644 meta/recipes-connectivity/openssl/openssl_1.0.2h.bb
> create mode 100644 meta/recipes-connectivity/openssl/openssl_1.0.2k.bb
>
> diff --git a/meta/recipes-connectivity/openssl/openssl.inc b/meta/recipes-connectivity/openssl/openssl.inc
> index 8af423f..c728272 100644
> --- a/meta/recipes-connectivity/openssl/openssl.inc
> +++ b/meta/recipes-connectivity/openssl/openssl.inc
> @@ -8,7 +8,7 @@ SECTION = "libs/network"
> LICENSE = "openssl"
> LIC_FILES_CHKSUM = "file://LICENSE;md5=f9a8f968107345e0b75aa8c2ecaa7ec8"
>
> -DEPENDS = "perl-native-runtime"
> +DEPENDS = "makedepend-native perl-native-runtime"
> DEPENDS_append_class-target = " openssl-native"
>
> SRC_URI = "http://www.openssl.org/source/openssl-${PV}.tar.gz \
> @@ -18,35 +18,31 @@ S = "${WORKDIR}/openssl-${PV}"
> PACKAGECONFIG[perl] = ",,,"
>
> AR_append = " r"
> -# Avoid binaries being marked as requiring an executable stack since it
> +# Avoid binaries being marked as requiring an executable stack since it
> # doesn't(which causes and this causes issues with SELinux
> CFLAG = "${@base_conditional('SITEINFO_ENDIANNESS', 'le', '-DL_ENDIAN', '-DB_ENDIAN', d)} \
> - -DTERMIO ${CFLAGS} -Wall -Wa,--noexecstack"
> -
> -# -02 does not work on mipsel: ssh hangs when it tries to read /dev/urandom
> -CFLAG_mtx-1 := "${@'${CFLAG}'.replace('-O2', '')}"
> -CFLAG_mtx-2 := "${@'${CFLAG}'.replace('-O2', '')}"
> + -DTERMIO ${CFLAGS} -Wall -Wa,--noexecstack"
>
> export DIRS = "crypto ssl apps"
> export EX_LIBS = "-lgcc -ldl"
> export AS = "${CC} -c"
> +EXTRA_OEMAKE = "-e MAKEFLAGS="
>
> inherit pkgconfig siteinfo multilib_header ptest
>
> PACKAGES =+ "libcrypto libssl ${PN}-misc openssl-conf"
> -FILES_libcrypto = "${base_libdir}/libcrypto${SOLIBS}"
> -FILES_libssl = "${libdir}/libssl.so.*"
> +FILES_libcrypto = "${libdir}/libcrypto${SOLIBS}"
> +FILES_libssl = "${libdir}/libssl${SOLIBS}"
> FILES_${PN} =+ " ${libdir}/ssl/*"
> -FILES_${PN}-misc = "${libdir}/ssl/misc ${bindir}/c_rehash"
> +FILES_${PN}-misc = "${libdir}/ssl/misc"
> RDEPENDS_${PN}-misc = "${@bb.utils.contains('PACKAGECONFIG', 'perl', 'perl', '', d)}"
> -FILES_${PN}-dev += "${base_libdir}/libcrypto${SOLIBSDEV}"
>
> # Add the openssl.cnf file to the openssl-conf package. Make the libcrypto
> # package RRECOMMENDS on this package. This will enable the configuration
> # file to be installed for both the base openssl package and the libcrypto
> # package since the base openssl package depends on the libcrypto package.
> -FILES_openssl-conf = "${libdir}/ssl/openssl.cnf"
> -CONFFILES_openssl-conf = "${libdir}/ssl/openssl.cnf"
> +FILES_openssl-conf = "${sysconfdir}/ssl/openssl.cnf"
> +CONFFILES_openssl-conf = "${sysconfdir}/ssl/openssl.cnf"
> RRECOMMENDS_libcrypto += "openssl-conf"
> RDEPENDS_${PN}-ptest += "${PN}-misc make perl perl-module-filehandle bc"
>
> @@ -86,7 +82,7 @@ do_configure () {
> target=linux-elf-armeb
> ;;
> linux-aarch64*)
> - target=linux-generic64
> + target=linux-aarch64
> ;;
> linux-sh3)
> target=debian-sh3
> @@ -109,15 +105,24 @@ do_configure () {
> linux-gnu64-x86_64)
> target=linux-x86_64
> ;;
> - linux-mips)
> - target=debian-mips
> + linux-gnun32-mips*el)
> + target=debian-mipsn32el
> + ;;
> + linux-gnun32-mips*)
> + target=debian-mipsn32
> ;;
> - linux-mipsel)
> + linux-mips*64*el)
> + target=debian-mips64el
> + ;;
> + linux-mips*64*)
> + target=debian-mips64
> + ;;
> + linux-mips*el)
> target=debian-mipsel
> ;;
> - linux-*-mips64)
> - target=linux-mips
> - ;;
> + linux-mips*)
> + target=debian-mips
> + ;;
> linux-microblaze*|linux-nios2*)
> target=linux-generic32
> ;;
> @@ -142,7 +147,7 @@ do_configure () {
> useprefix=${prefix}
> if [ "x$useprefix" = "x" ]; then
> useprefix=/
> - fi
> + fi
> perl ./Configure ${EXTRA_OECONF} shared --prefix=$useprefix --openssldir=${libdir}/ssl --libdir=`basename ${libdir}` $target
> }
>
> @@ -151,10 +156,14 @@ do_compile_prepend_class-target () {
> }
>
> do_compile () {
> + oe_runmake depend
> oe_runmake
> }
>
> do_compile_ptest () {
> + # build dependencies for test directory too
> + export DIRS="$DIRS test"
> + oe_runmake depend
> oe_runmake buildtest
> }
>
> @@ -167,40 +176,63 @@ do_install () {
> oe_libinstall -so libcrypto ${D}${libdir}
> oe_libinstall -so libssl ${D}${libdir}
>
> - # Moving libcrypto to /lib
> - if [ ! ${D}${libdir} -ef ${D}${base_libdir} ]; then
> - mkdir -p ${D}/${base_libdir}/
> - mv ${D}${libdir}/libcrypto* ${D}${base_libdir}/
> - sed -i s#libdir=\$\{exec_prefix\}\/lib#libdir=${base_libdir}# ${D}/${libdir}/pkgconfig/libcrypto.pc
> - fi
> -
> install -d ${D}${includedir}
> cp --dereference -R include/openssl ${D}${includedir}
>
> + install -Dm 0755 ${WORKDIR}/openssl-c_rehash.sh ${D}${bindir}/c_rehash
> + sed -i -e 's,/etc/openssl,${sysconfdir}/ssl,g' ${D}${bindir}/c_rehash
> +
> oe_multilib_header openssl/opensslconf.h
> if [ "${@bb.utils.contains('PACKAGECONFIG', 'perl', 'perl', '', d)}" = "perl" ]; then
> - install -m 0755 ${S}/tools/c_rehash ${D}${bindir}
> - sed -i -e '1s,.*,#!${bindir}/env perl,' ${D}${bindir}/c_rehash
> sed -i -e '1s,.*,#!${bindir}/env perl,' ${D}${libdir}/ssl/misc/CA.pl
> sed -i -e '1s,.*,#!${bindir}/env perl,' ${D}${libdir}/ssl/misc/tsget
> - # The c_rehash utility isn't installed by the normal installation process.
> else
> - rm -f ${D}${bindir}/c_rehash
> rm -f ${D}${libdir}/ssl/misc/CA.pl ${D}${libdir}/ssl/misc/tsget
> fi
> +
> + # Create SSL structure
> + install -d ${D}${sysconfdir}/ssl/
> + mv ${D}${libdir}/ssl/openssl.cnf \
> + ${D}${libdir}/ssl/certs \
> + ${D}${libdir}/ssl/private \
> + \
> + ${D}${sysconfdir}/ssl/
> + ln -sf ${sysconfdir}/ssl/certs ${D}${libdir}/ssl/certs
> + ln -sf ${sysconfdir}/ssl/private ${D}${libdir}/ssl/private
> + ln -sf ${sysconfdir}/ssl/openssl.cnf ${D}${libdir}/ssl/openssl.cnf
> }
>
> do_install_ptest () {
> - cp -r Makefile test ${D}${PTEST_PATH}
> + cp -r -L Makefile.org Makefile test ${D}${PTEST_PATH}
> + cp Configure config e_os.h ${D}${PTEST_PATH}
> + cp -r -L include ${D}${PTEST_PATH}
> + ln -sf ${libdir}/libcrypto.a ${D}${PTEST_PATH}
> + ln -sf ${libdir}/libssl.a ${D}${PTEST_PATH}
> + mkdir -p ${D}${PTEST_PATH}/crypto
> + cp crypto/constant_time_locl.h ${D}${PTEST_PATH}/crypto
> cp -r certs ${D}${PTEST_PATH}
> mkdir -p ${D}${PTEST_PATH}/apps
> - ln -sf /usr/lib/ssl/misc/CA.sh ${D}${PTEST_PATH}/apps
> - ln -sf /usr/lib/ssl/openssl.cnf ${D}${PTEST_PATH}/apps
> - ln -sf /usr/bin/openssl ${D}${PTEST_PATH}/apps
> + ln -sf ${libdir}/ssl/misc/CA.sh ${D}${PTEST_PATH}/apps
> + ln -sf ${sysconfdir}/ssl/openssl.cnf ${D}${PTEST_PATH}/apps
> + ln -sf ${bindir}/openssl ${D}${PTEST_PATH}/apps
> + cp apps/server.pem ${D}${PTEST_PATH}/apps
> cp apps/server2.pem ${D}${PTEST_PATH}/apps
> mkdir -p ${D}${PTEST_PATH}/util
> install util/opensslwrap.sh ${D}${PTEST_PATH}/util
> install util/shlib_wrap.sh ${D}${PTEST_PATH}/util
> + # Time stamps are relevant for "make alltests", otherwise
> + # make may try to recompile binaries. Not only must the
> + # binary files be newer than the sources, they also must
> + # be more recent than the header files in /usr/include.
> + #
> + # Using "cp -a" is not sufficient, because do_install
> + # does not preserve the original time stamps.
> + #
> + # So instead of using the original file stamps, we set
> + # the current time for all files. Binaries will get
> + # modified again later when stripping them, but that's okay.
> + touch ${D}${PTEST_PATH}
> + find ${D}${PTEST_PATH} -type f -print0 | xargs --verbose -0 touch -r ${D}${PTEST_PATH}
> }
>
> do_install_append_class-native() {
> diff --git a/meta/recipes-connectivity/openssl/openssl/0002-CVE-2017-3731.patch b/meta/recipes-connectivity/openssl/openssl/0002-CVE-2017-3731.patch
> new file mode 100644
> index 0000000..b56b2d5
> --- /dev/null
> +++ b/meta/recipes-connectivity/openssl/openssl/0002-CVE-2017-3731.patch
> @@ -0,0 +1,53 @@
> +From 6427f1accc54b515bb899370f1a662bfcb1caa52 Mon Sep 17 00:00:00 2001
> +From: Alexandru Moise <alexandru.moise@windriver.com>
> +Date: Tue, 7 Feb 2017 11:16:13 +0200
> +Subject: [PATCH 2/2] crypto/evp: harden AEAD ciphers.
> +MIME-Version: 1.0
> +Content-Type: text/plain; charset=UTF-8
> +Content-Transfer-Encoding: 8bit
> +
> +Originally a crash in 32-bit build was reported CHACHA20-POLY1305
> +cipher. The crash is triggered by truncated packet and is result
> +of excessive hashing to the edge of accessible memory. Since hash
> +operation is read-only it is not considered to be exploitable
> +beyond a DoS condition. Other ciphers were hardened.
> +
> +Thanks to Robert Święcki for report.
> +
> +CVE-2017-3731
> +
> +Backported from upstream commit:
> +2198b3a55de681e1f3c23edb0586afe13f438051
> +
> +Upstream-Status: Backport
> +
> +Reviewed-by: Rich Salz <rsalz@openssl.org>
> +Signed-off-by: Alexandru Moise <alexandru.moise@windriver.com>
> +---
> + crypto/evp/e_aes.c | 7 ++++++-
> + 1 file changed, 6 insertions(+), 1 deletion(-)
> +
> +diff --git a/crypto/evp/e_aes.c b/crypto/evp/e_aes.c
> +index 1734a82..16dcd10 100644
> +--- a/crypto/evp/e_aes.c
> ++++ b/crypto/evp/e_aes.c
> +@@ -1235,10 +1235,15 @@ static int aes_gcm_ctrl(EVP_CIPHER_CTX *c, int type, int arg, void *ptr)
> + {
> + unsigned int len = c->buf[arg - 2] << 8 | c->buf[arg - 1];
> + /* Correct length for explicit IV */
> ++ if (len < EVP_GCM_TLS_EXPLICIT_IV_LEN)
> ++ return 0;
> + len -= EVP_GCM_TLS_EXPLICIT_IV_LEN;
> + /* If decrypting correct for tag too */
> +- if (!c->encrypt)
> ++ if (!c->encrypt) {
> ++ if (len < EVP_GCM_TLS_TAG_LEN)
> ++ return 0;
> + len -= EVP_GCM_TLS_TAG_LEN;
> ++ }
> + c->buf[arg - 2] = len >> 8;
> + c->buf[arg - 1] = len & 0xff;
> + }
> +--
> +2.10.2
> +
> diff --git a/meta/recipes-connectivity/openssl/openssl/CVE-2016-2177.patch b/meta/recipes-connectivity/openssl/openssl/CVE-2016-2177.patch
> deleted file mode 100644
> index df36d5f..0000000
> --- a/meta/recipes-connectivity/openssl/openssl/CVE-2016-2177.patch
> +++ /dev/null
> @@ -1,286 +0,0 @@
> -From a004e72b95835136d3f1ea90517f706c24c03da7 Mon Sep 17 00:00:00 2001
> -From: Matt Caswell <matt@openssl.org>
> -Date: Thu, 5 May 2016 11:10:26 +0100
> -Subject: [PATCH] Avoid some undefined pointer arithmetic
> -
> -A common idiom in the codebase is:
> -
> -if (p + len > limit)
> -{
> - return; /* Too long */
> -}
> -
> -Where "p" points to some malloc'd data of SIZE bytes and
> -limit == p + SIZE
> -
> -"len" here could be from some externally supplied data (e.g. from a TLS
> -message).
> -
> -The rules of C pointer arithmetic are such that "p + len" is only well
> -defined where len <= SIZE. Therefore the above idiom is actually
> -undefined behaviour.
> -
> -For example this could cause problems if some malloc implementation
> -provides an address for "p" such that "p + len" actually overflows for
> -values of len that are too big and therefore p + len < limit!
> -
> -Issue reported by Guido Vranken.
> -
> -CVE-2016-2177
> -
> -Reviewed-by: Rich Salz <rsalz@openssl.org>
> -
> -Upstream-Status: Backport
> -CVE: CVE-2016-2177
> -
> -Signed-off-by: Armin Kuster <akuster@mvista.com>
> -
> -
> ----
> - ssl/s3_srvr.c | 14 +++++++-------
> - ssl/ssl_sess.c | 2 +-
> - ssl/t1_lib.c | 56 ++++++++++++++++++++++++++++++--------------------------
> - 3 files changed, 38 insertions(+), 34 deletions(-)
> -
> -diff --git a/ssl/s3_srvr.c b/ssl/s3_srvr.c
> -index ab28702..ab7f690 100644
> ---- a/ssl/s3_srvr.c
> -+++ b/ssl/s3_srvr.c
> -@@ -980,7 +980,7 @@ int ssl3_get_client_hello(SSL *s)
> -
> - session_length = *(p + SSL3_RANDOM_SIZE);
> -
> -- if (p + SSL3_RANDOM_SIZE + session_length + 1 >= d + n) {
> -+ if (SSL3_RANDOM_SIZE + session_length + 1 >= (d + n) - p) {
> - al = SSL_AD_DECODE_ERROR;
> - SSLerr(SSL_F_SSL3_GET_CLIENT_HELLO, SSL_R_LENGTH_TOO_SHORT);
> - goto f_err;
> -@@ -998,7 +998,7 @@ int ssl3_get_client_hello(SSL *s)
> - /* get the session-id */
> - j = *(p++);
> -
> -- if (p + j > d + n) {
> -+ if ((d + n) - p < j) {
> - al = SSL_AD_DECODE_ERROR;
> - SSLerr(SSL_F_SSL3_GET_CLIENT_HELLO, SSL_R_LENGTH_TOO_SHORT);
> - goto f_err;
> -@@ -1054,14 +1054,14 @@ int ssl3_get_client_hello(SSL *s)
> -
> - if (SSL_IS_DTLS(s)) {
> - /* cookie stuff */
> -- if (p + 1 > d + n) {
> -+ if ((d + n) - p < 1) {
> - al = SSL_AD_DECODE_ERROR;
> - SSLerr(SSL_F_SSL3_GET_CLIENT_HELLO, SSL_R_LENGTH_TOO_SHORT);
> - goto f_err;
> - }
> - cookie_len = *(p++);
> -
> -- if (p + cookie_len > d + n) {
> -+ if ((d + n ) - p < cookie_len) {
> - al = SSL_AD_DECODE_ERROR;
> - SSLerr(SSL_F_SSL3_GET_CLIENT_HELLO, SSL_R_LENGTH_TOO_SHORT);
> - goto f_err;
> -@@ -1131,7 +1131,7 @@ int ssl3_get_client_hello(SSL *s)
> - }
> - }
> -
> -- if (p + 2 > d + n) {
> -+ if ((d + n ) - p < 2) {
> - al = SSL_AD_DECODE_ERROR;
> - SSLerr(SSL_F_SSL3_GET_CLIENT_HELLO, SSL_R_LENGTH_TOO_SHORT);
> - goto f_err;
> -@@ -1145,7 +1145,7 @@ int ssl3_get_client_hello(SSL *s)
> - }
> -
> - /* i bytes of cipher data + 1 byte for compression length later */
> -- if ((p + i + 1) > (d + n)) {
> -+ if ((d + n) - p < i + 1) {
> - /* not enough data */
> - al = SSL_AD_DECODE_ERROR;
> - SSLerr(SSL_F_SSL3_GET_CLIENT_HELLO, SSL_R_LENGTH_MISMATCH);
> -@@ -1211,7 +1211,7 @@ int ssl3_get_client_hello(SSL *s)
> -
> - /* compression */
> - i = *(p++);
> -- if ((p + i) > (d + n)) {
> -+ if ((d + n) - p < i) {
> - /* not enough data */
> - al = SSL_AD_DECODE_ERROR;
> - SSLerr(SSL_F_SSL3_GET_CLIENT_HELLO, SSL_R_LENGTH_MISMATCH);
> -diff --git a/ssl/ssl_sess.c b/ssl/ssl_sess.c
> -index b182998..54ee783 100644
> ---- a/ssl/ssl_sess.c
> -+++ b/ssl/ssl_sess.c
> -@@ -573,7 +573,7 @@ int ssl_get_prev_session(SSL *s, unsigned char *session_id, int len,
> - int r;
> - #endif
> -
> -- if (session_id + len > limit) {
> -+ if (limit - session_id < len) {
> - fatal = 1;
> - goto err;
> - }
> -diff --git a/ssl/t1_lib.c b/ssl/t1_lib.c
> -index fb64607..cdac011 100644
> ---- a/ssl/t1_lib.c
> -+++ b/ssl/t1_lib.c
> -@@ -1867,11 +1867,11 @@ static void ssl_check_for_safari(SSL *s, const unsigned char *data,
> - 0x02, 0x03, /* SHA-1/ECDSA */
> - };
> -
> -- if (data >= (limit - 2))
> -+ if (limit - data <= 2)
> - return;
> - data += 2;
> -
> -- if (data > (limit - 4))
> -+ if (limit - data < 4)
> - return;
> - n2s(data, type);
> - n2s(data, size);
> -@@ -1879,7 +1879,7 @@ static void ssl_check_for_safari(SSL *s, const unsigned char *data,
> - if (type != TLSEXT_TYPE_server_name)
> - return;
> -
> -- if (data + size > limit)
> -+ if (limit - data < size)
> - return;
> - data += size;
> -
> -@@ -1887,7 +1887,7 @@ static void ssl_check_for_safari(SSL *s, const unsigned char *data,
> - const size_t len1 = sizeof(kSafariExtensionsBlock);
> - const size_t len2 = sizeof(kSafariTLS12ExtensionsBlock);
> -
> -- if (data + len1 + len2 != limit)
> -+ if (limit - data != (int)(len1 + len2))
> - return;
> - if (memcmp(data, kSafariExtensionsBlock, len1) != 0)
> - return;
> -@@ -1896,7 +1896,7 @@ static void ssl_check_for_safari(SSL *s, const unsigned char *data,
> - } else {
> - const size_t len = sizeof(kSafariExtensionsBlock);
> -
> -- if (data + len != limit)
> -+ if (limit - data != (int)(len))
> - return;
> - if (memcmp(data, kSafariExtensionsBlock, len) != 0)
> - return;
> -@@ -2053,19 +2053,19 @@ static int ssl_scan_clienthello_tlsext(SSL *s, unsigned char **p,
> - if (data == limit)
> - goto ri_check;
> -
> -- if (data > (limit - 2))
> -+ if (limit - data < 2)
> - goto err;
> -
> - n2s(data, len);
> -
> -- if (data + len != limit)
> -+ if (limit - data != len)
> - goto err;
> -
> -- while (data <= (limit - 4)) {
> -+ while (limit - data >= 4) {
> - n2s(data, type);
> - n2s(data, size);
> -
> -- if (data + size > (limit))
> -+ if (limit - data < size)
> - goto err;
> - # if 0
> - fprintf(stderr, "Received extension type %d size %d\n", type, size);
> -@@ -2472,18 +2472,18 @@ static int ssl_scan_clienthello_custom_tlsext(SSL *s,
> - if (s->hit || s->cert->srv_ext.meths_count == 0)
> - return 1;
> -
> -- if (data >= limit - 2)
> -+ if (limit - data <= 2)
> - return 1;
> - n2s(data, len);
> -
> -- if (data > limit - len)
> -+ if (limit - data < len)
> - return 1;
> -
> -- while (data <= limit - 4) {
> -+ while (limit - data >= 4) {
> - n2s(data, type);
> - n2s(data, size);
> -
> -- if (data + size > limit)
> -+ if (limit - data < size)
> - return 1;
> - if (custom_ext_parse(s, 1 /* server */ , type, data, size, al) <= 0)
> - return 0;
> -@@ -2569,20 +2569,20 @@ static int ssl_scan_serverhello_tlsext(SSL *s, unsigned char **p,
> - SSL_TLSEXT_HB_DONT_SEND_REQUESTS);
> - # endif
> -
> -- if (data >= (d + n - 2))
> -+ if ((d + n) - data <= 2)
> - goto ri_check;
> -
> - n2s(data, length);
> -- if (data + length != d + n) {
> -+ if ((d + n) - data != length) {
> - *al = SSL_AD_DECODE_ERROR;
> - return 0;
> - }
> -
> -- while (data <= (d + n - 4)) {
> -+ while ((d + n) - data >= 4) {
> - n2s(data, type);
> - n2s(data, size);
> -
> -- if (data + size > (d + n))
> -+ if ((d + n) - data < size)
> - goto ri_check;
> -
> - if (s->tlsext_debug_cb)
> -@@ -3307,29 +3307,33 @@ int tls1_process_ticket(SSL *s, unsigned char *session_id, int len,
> - /* Skip past DTLS cookie */
> - if (SSL_IS_DTLS(s)) {
> - i = *(p++);
> -- p += i;
> -- if (p >= limit)
> -+
> -+ if (limit - p <= i)
> - return -1;
> -+
> -+ p += i;
> - }
> - /* Skip past cipher list */
> - n2s(p, i);
> -- p += i;
> -- if (p >= limit)
> -+ if (limit - p <= i)
> - return -1;
> -+ p += i;
> -+
> - /* Skip past compression algorithm list */
> - i = *(p++);
> -- p += i;
> -- if (p > limit)
> -+ if (limit - p < i)
> - return -1;
> -+ p += i;
> -+
> - /* Now at start of extensions */
> -- if ((p + 2) >= limit)
> -+ if (limit - p <= 2)
> - return 0;
> - n2s(p, i);
> -- while ((p + 4) <= limit) {
> -+ while (limit - p >= 4) {
> - unsigned short type, size;
> - n2s(p, type);
> - n2s(p, size);
> -- if (p + size > limit)
> -+ if (limit - p < size)
> - return 0;
> - if (type == TLSEXT_TYPE_session_ticket) {
> - int r;
> ---
> -2.3.5
> -
> diff --git a/meta/recipes-connectivity/openssl/openssl/CVE-2016-2178.patch b/meta/recipes-connectivity/openssl/openssl/CVE-2016-2178.patch
> deleted file mode 100644
> index 27ade4e..0000000
> --- a/meta/recipes-connectivity/openssl/openssl/CVE-2016-2178.patch
> +++ /dev/null
> @@ -1,51 +0,0 @@
> -From 399944622df7bd81af62e67ea967c470534090e2 Mon Sep 17 00:00:00 2001
> -From: Cesar Pereida <cesar.pereida@aalto.fi>
> -Date: Mon, 23 May 2016 12:45:25 +0300
> -Subject: [PATCH] Fix DSA, preserve BN_FLG_CONSTTIME
> -
> -Operations in the DSA signing algorithm should run in constant time in
> -order to avoid side channel attacks. A flaw in the OpenSSL DSA
> -implementation means that a non-constant time codepath is followed for
> -certain operations. This has been demonstrated through a cache-timing
> -attack to be sufficient for an attacker to recover the private DSA key.
> -
> -CVE-2016-2178
> -
> -Reviewed-by: Richard Levitte <levitte@openssl.org>
> -Reviewed-by: Matt Caswell <matt@openssl.org>
> -
> -Upstream-Status: Backport
> -CVE: CVE-2016-2178
> -
> -Signed-off-by: Armin Kuster <akuster@mvista.com>
> -
> ----
> - crypto/dsa/dsa_ossl.c | 9 +++++----
> - 1 file changed, 5 insertions(+), 4 deletions(-)
> -
> -Index: openssl-1.0.2h/crypto/dsa/dsa_ossl.c
> -===================================================================
> ---- openssl-1.0.2h.orig/crypto/dsa/dsa_ossl.c
> -+++ openssl-1.0.2h/crypto/dsa/dsa_ossl.c
> -@@ -248,9 +248,6 @@ static int dsa_sign_setup(DSA *dsa, BN_C
> - if (!BN_rand_range(&k, dsa->q))
> - goto err;
> - while (BN_is_zero(&k)) ;
> -- if ((dsa->flags & DSA_FLAG_NO_EXP_CONSTTIME) == 0) {
> -- BN_set_flags(&k, BN_FLG_CONSTTIME);
> -- }
> -
> - if (dsa->flags & DSA_FLAG_CACHE_MONT_P) {
> - if (!BN_MONT_CTX_set_locked(&dsa->method_mont_p,
> -@@ -282,6 +279,11 @@ static int dsa_sign_setup(DSA *dsa, BN_C
> - } else {
> - K = &k;
> - }
> -+
> -+ if ((dsa->flags & DSA_FLAG_NO_EXP_CONSTTIME) == 0) {
> -+ BN_set_flags(K, BN_FLG_CONSTTIME);
> -+ }
> -+
> - DSA_BN_MOD_EXP(goto err, dsa, r, dsa->g, K, dsa->p, ctx,
> - dsa->method_mont_p);
> - if (!BN_mod(r, r, dsa->q, ctx))
> diff --git a/meta/recipes-connectivity/openssl/openssl/CVE-2016-2179.patch b/meta/recipes-connectivity/openssl/openssl/CVE-2016-2179.patch
> deleted file mode 100644
> index d1cf7f8..0000000
> --- a/meta/recipes-connectivity/openssl/openssl/CVE-2016-2179.patch
> +++ /dev/null
> @@ -1,255 +0,0 @@
> -From 00a4c1421407b6ac796688871b0a49a179c694d9 Mon Sep 17 00:00:00 2001
> -From: Matt Caswell <matt@openssl.org>
> -Date: Thu, 30 Jun 2016 13:17:08 +0100
> -Subject: [PATCH] Fix DTLS buffered message DoS attack
> -
> -DTLS can handle out of order record delivery. Additionally since
> -handshake messages can be bigger than will fit into a single packet, the
> -messages can be fragmented across multiple records (as with normal TLS).
> -That means that the messages can arrive mixed up, and we have to
> -reassemble them. We keep a queue of buffered messages that are "from the
> -future", i.e. messages we're not ready to deal with yet but have arrived
> -early. The messages held there may not be full yet - they could be one
> -or more fragments that are still in the process of being reassembled.
> -
> -The code assumes that we will eventually complete the reassembly and
> -when that occurs the complete message is removed from the queue at the
> -point that we need to use it.
> -
> -However, DTLS is also tolerant of packet loss. To get around that DTLS
> -messages can be retransmitted. If we receive a full (non-fragmented)
> -message from the peer after previously having received a fragment of
> -that message, then we ignore the message in the queue and just use the
> -non-fragmented version. At that point the queued message will never get
> -removed.
> -
> -Additionally the peer could send "future" messages that we never get to
> -in order to complete the handshake. Each message has a sequence number
> -(starting from 0). We will accept a message fragment for the current
> -message sequence number, or for any sequence up to 10 into the future.
> -However if the Finished message has a sequence number of 2, anything
> -greater than that in the queue is just left there.
> -
> -So, in those two ways we can end up with "orphaned" data in the queue
> -that will never get removed - except when the connection is closed. At
> -that point all the queues are flushed.
> -
> -An attacker could seek to exploit this by filling up the queues with
> -lots of large messages that are never going to be used in order to
> -attempt a DoS by memory exhaustion.
> -
> -I will assume that we are only concerned with servers here. It does not
> -seem reasonable to be concerned about a memory exhaustion attack on a
> -client. They are unlikely to process enough connections for this to be
> -an issue.
> -
> -A "long" handshake with many messages might be 5 messages long (in the
> -incoming direction), e.g. ClientHello, Certificate, ClientKeyExchange,
> -CertificateVerify, Finished. So this would be message sequence numbers 0
> -to 4. Additionally we can buffer up to 10 messages in the future.
> -Therefore the maximum number of messages that an attacker could send
> -that could get orphaned would typically be 15.
> -
> -The maximum size that a DTLS message is allowed to be is defined by
> -max_cert_list, which by default is 100k. Therefore the maximum amount of
> -"orphaned" memory per connection is 1500k.
> -
> -Message sequence numbers get reset after the Finished message, so
> -renegotiation will not extend the maximum number of messages that can be
> -orphaned per connection.
> -
> -As noted above, the queues do get cleared when the connection is closed.
> -Therefore in order to mount an effective attack, an attacker would have
> -to open many simultaneous connections.
> -
> -Issue reported by Quan Luo.
> -
> -CVE-2016-2179
> -
> -Reviewed-by: Richard Levitte <levitte@openssl.org>
> -
> -Upstream-Status: Backport
> -CVE: CVE-2106-2179
> -Signed-off-by: Armin Kuster <akuster@mvista.com>
> -
> ----
> - ssl/d1_both.c | 32 ++++++++++++++++----------------
> - ssl/d1_clnt.c | 1 +
> - ssl/d1_lib.c | 37 ++++++++++++++++++++++++++-----------
> - ssl/d1_srvr.c | 3 ++-
> - ssl/ssl_locl.h | 3 ++-
> - 5 files changed, 47 insertions(+), 29 deletions(-)
> -
> -Index: openssl-1.0.2h/ssl/d1_both.c
> -===================================================================
> ---- openssl-1.0.2h.orig/ssl/d1_both.c
> -+++ openssl-1.0.2h/ssl/d1_both.c
> -@@ -618,11 +618,23 @@ static int dtls1_retrieve_buffered_fragm
> - int al;
> -
> - *ok = 0;
> -- item = pqueue_peek(s->d1->buffered_messages);
> -- if (item == NULL)
> -- return 0;
> -+ do {
> -+ item = pqueue_peek(s->d1->buffered_messages);
> -+ if (item == NULL)
> -+ return 0;
> -+
> -+ frag = (hm_fragment *)item->data;
> -+
> -+ if (frag->msg_header.seq < s->d1->handshake_read_seq) {
> -+ /* This is a stale message that has been buffered so clear it */
> -+ pqueue_pop(s->d1->buffered_messages);
> -+ dtls1_hm_fragment_free(frag);
> -+ pitem_free(item);
> -+ item = NULL;
> -+ frag = NULL;
> -+ }
> -+ } while (item == NULL);
> -
> -- frag = (hm_fragment *)item->data;
> -
> - /* Don't return if reassembly still in progress */
> - if (frag->reassembly != NULL)
> -@@ -1296,18 +1308,6 @@ dtls1_retransmit_message(SSL *s, unsigne
> - return ret;
> - }
> -
> --/* call this function when the buffered messages are no longer needed */
> --void dtls1_clear_record_buffer(SSL *s)
> --{
> -- pitem *item;
> --
> -- for (item = pqueue_pop(s->d1->sent_messages);
> -- item != NULL; item = pqueue_pop(s->d1->sent_messages)) {
> -- dtls1_hm_fragment_free((hm_fragment *)item->data);
> -- pitem_free(item);
> -- }
> --}
> --
> - unsigned char *dtls1_set_message_header(SSL *s, unsigned char *p,
> - unsigned char mt, unsigned long len,
> - unsigned long frag_off,
> -Index: openssl-1.0.2h/ssl/d1_clnt.c
> -===================================================================
> ---- openssl-1.0.2h.orig/ssl/d1_clnt.c
> -+++ openssl-1.0.2h/ssl/d1_clnt.c
> -@@ -769,6 +769,7 @@ int dtls1_connect(SSL *s)
> - /* done with handshaking */
> - s->d1->handshake_read_seq = 0;
> - s->d1->next_handshake_write_seq = 0;
> -+ dtls1_clear_received_buffer(s);
> - goto end;
> - /* break; */
> -
> -Index: openssl-1.0.2h/ssl/d1_lib.c
> -===================================================================
> ---- openssl-1.0.2h.orig/ssl/d1_lib.c
> -+++ openssl-1.0.2h/ssl/d1_lib.c
> -@@ -170,7 +170,6 @@ int dtls1_new(SSL *s)
> - static void dtls1_clear_queues(SSL *s)
> - {
> - pitem *item = NULL;
> -- hm_fragment *frag = NULL;
> - DTLS1_RECORD_DATA *rdata;
> -
> - while ((item = pqueue_pop(s->d1->unprocessed_rcds.q)) != NULL) {
> -@@ -191,28 +190,44 @@ static void dtls1_clear_queues(SSL *s)
> - pitem_free(item);
> - }
> -
> -+ while ((item = pqueue_pop(s->d1->buffered_app_data.q)) != NULL) {
> -+ rdata = (DTLS1_RECORD_DATA *)item->data;
> -+ if (rdata->rbuf.buf) {
> -+ OPENSSL_free(rdata->rbuf.buf);
> -+ }
> -+ OPENSSL_free(item->data);
> -+ pitem_free(item);
> -+ }
> -+
> -+ dtls1_clear_received_buffer(s);
> -+ dtls1_clear_sent_buffer(s);
> -+}
> -+
> -+void dtls1_clear_received_buffer(SSL *s)
> -+{
> -+ pitem *item = NULL;
> -+ hm_fragment *frag = NULL;
> -+
> - while ((item = pqueue_pop(s->d1->buffered_messages)) != NULL) {
> - frag = (hm_fragment *)item->data;
> - dtls1_hm_fragment_free(frag);
> - pitem_free(item);
> - }
> -+}
> -+
> -+void dtls1_clear_sent_buffer(SSL *s)
> -+{
> -+ pitem *item = NULL;
> -+ hm_fragment *frag = NULL;
> -
> - while ((item = pqueue_pop(s->d1->sent_messages)) != NULL) {
> - frag = (hm_fragment *)item->data;
> - dtls1_hm_fragment_free(frag);
> - pitem_free(item);
> - }
> --
> -- while ((item = pqueue_pop(s->d1->buffered_app_data.q)) != NULL) {
> -- rdata = (DTLS1_RECORD_DATA *)item->data;
> -- if (rdata->rbuf.buf) {
> -- OPENSSL_free(rdata->rbuf.buf);
> -- }
> -- OPENSSL_free(item->data);
> -- pitem_free(item);
> -- }
> - }
> -
> -+
> - void dtls1_free(SSL *s)
> - {
> - ssl3_free(s);
> -@@ -456,7 +471,7 @@ void dtls1_stop_timer(SSL *s)
> - BIO_ctrl(SSL_get_rbio(s), BIO_CTRL_DGRAM_SET_NEXT_TIMEOUT, 0,
> - &(s->d1->next_timeout));
> - /* Clear retransmission buffer */
> -- dtls1_clear_record_buffer(s);
> -+ dtls1_clear_sent_buffer(s);
> - }
> -
> - int dtls1_check_timeout_num(SSL *s)
> -Index: openssl-1.0.2h/ssl/d1_srvr.c
> -===================================================================
> ---- openssl-1.0.2h.orig/ssl/d1_srvr.c
> -+++ openssl-1.0.2h/ssl/d1_srvr.c
> -@@ -313,7 +313,7 @@ int dtls1_accept(SSL *s)
> - case SSL3_ST_SW_HELLO_REQ_B:
> -
> - s->shutdown = 0;
> -- dtls1_clear_record_buffer(s);
> -+ dtls1_clear_sent_buffer(s);
> - dtls1_start_timer(s);
> - ret = ssl3_send_hello_request(s);
> - if (ret <= 0)
> -@@ -894,6 +894,7 @@ int dtls1_accept(SSL *s)
> - /* next message is server hello */
> - s->d1->handshake_write_seq = 0;
> - s->d1->next_handshake_write_seq = 0;
> -+ dtls1_clear_received_buffer(s);
> - goto end;
> - /* break; */
> -
> -Index: openssl-1.0.2h/ssl/ssl_locl.h
> -===================================================================
> ---- openssl-1.0.2h.orig/ssl/ssl_locl.h
> -+++ openssl-1.0.2h/ssl/ssl_locl.h
> -@@ -1242,7 +1242,8 @@ int dtls1_retransmit_message(SSL *s, uns
> - unsigned long frag_off, int *found);
> - int dtls1_get_queue_priority(unsigned short seq, int is_ccs);
> - int dtls1_retransmit_buffered_messages(SSL *s);
> --void dtls1_clear_record_buffer(SSL *s);
> -+void dtls1_clear_received_buffer(SSL *s);
> -+void dtls1_clear_sent_buffer(SSL *s);
> - void dtls1_get_message_header(unsigned char *data,
> - struct hm_header_st *msg_hdr);
> - void dtls1_get_ccs_header(unsigned char *data, struct ccs_header_st *ccs_hdr);
> diff --git a/meta/recipes-connectivity/openssl/openssl/CVE-2016-2180.patch b/meta/recipes-connectivity/openssl/openssl/CVE-2016-2180.patch
> deleted file mode 100644
> index c71aaa5..0000000
> --- a/meta/recipes-connectivity/openssl/openssl/CVE-2016-2180.patch
> +++ /dev/null
> @@ -1,44 +0,0 @@
> -From b746aa3fe05b5b5f7126df247ac3eceeb995e2a0 Mon Sep 17 00:00:00 2001
> -From: "Dr. Stephen Henson" <steve@openssl.org>
> -Date: Thu, 21 Jul 2016 15:24:16 +0100
> -Subject: [PATCH] Fix OOB read in TS_OBJ_print_bio().
> -
> -TS_OBJ_print_bio() misuses OBJ_txt2obj: it should print the result
> -as a null terminated buffer. The length value returned is the total
> -length the complete text reprsentation would need not the amount of
> -data written.
> -
> -CVE-2016-2180
> -
> -Thanks to Shi Lei for reporting this bug.
> -
> -Reviewed-by: Matt Caswell <matt@openssl.org>
> -(cherry picked from commit 0ed26acce328ec16a3aa635f1ca37365e8c7403a)
> -
> -Upstream-Status: Backport
> -CVE: CVE-2016-2180
> -Signed-off-by: Armin Kuster <akuster@mvista.com>
> -
> ----
> - crypto/ts/ts_lib.c | 5 ++---
> - 1 file changed, 2 insertions(+), 3 deletions(-)
> -
> -diff --git a/crypto/ts/ts_lib.c b/crypto/ts/ts_lib.c
> -index c51538a..e0f1063 100644
> ---- a/crypto/ts/ts_lib.c
> -+++ b/crypto/ts/ts_lib.c
> -@@ -90,9 +90,8 @@ int TS_OBJ_print_bio(BIO *bio, const ASN1_OBJECT *obj)
> - {
> - char obj_txt[128];
> -
> -- int len = OBJ_obj2txt(obj_txt, sizeof(obj_txt), obj, 0);
> -- BIO_write(bio, obj_txt, len);
> -- BIO_write(bio, "\n", 1);
> -+ OBJ_obj2txt(obj_txt, sizeof(obj_txt), obj, 0);
> -+ BIO_printf(bio, "%s\n", obj_txt);
> -
> - return 1;
> - }
> ---
> -2.7.4
> -
> diff --git a/meta/recipes-connectivity/openssl/openssl/CVE-2016-2181_p1.patch b/meta/recipes-connectivity/openssl/openssl/CVE-2016-2181_p1.patch
> deleted file mode 100644
> index 9149dbe..0000000
> --- a/meta/recipes-connectivity/openssl/openssl/CVE-2016-2181_p1.patch
> +++ /dev/null
> @@ -1,91 +0,0 @@
> -From 20744f6b40b5ded059a848f66d6ba922f2a62eb3 Mon Sep 17 00:00:00 2001
> -From: Matt Caswell <matt@openssl.org>
> -Date: Tue, 5 Jul 2016 11:46:26 +0100
> -Subject: [PATCH] Fix DTLS unprocessed records bug
> -
> -During a DTLS handshake we may get records destined for the next epoch
> -arrive before we have processed the CCS. In that case we can't decrypt or
> -verify the record yet, so we buffer it for later use. When we do receive
> -the CCS we work through the queue of unprocessed records and process them.
> -
> -Unfortunately the act of processing wipes out any existing packet data
> -that we were still working through. This includes any records from the new
> -epoch that were in the same packet as the CCS. We should only process the
> -buffered records if we've not got any data left.
> -
> -Reviewed-by: Richard Levitte <levitte@openssl.org>
> -
> -Upstream-Status: Backport
> -CVE: CVE-2016-2180 patch 1
> -Signed-off-by: Armin Kuster <akuster@mvista.com>
> -
> ----
> - ssl/d1_pkt.c | 23 +++++++++++++++++++++--
> - 1 file changed, 21 insertions(+), 2 deletions(-)
> -
> -diff --git a/ssl/d1_pkt.c b/ssl/d1_pkt.c
> -index fe30ec7..1fb119d 100644
> ---- a/ssl/d1_pkt.c
> -+++ b/ssl/d1_pkt.c
> -@@ -319,6 +319,7 @@ static int dtls1_retrieve_buffered_record(SSL *s, record_pqueue *queue)
> - static int dtls1_process_buffered_records(SSL *s)
> - {
> - pitem *item;
> -+ SSL3_BUFFER *rb;
> -
> - item = pqueue_peek(s->d1->unprocessed_rcds.q);
> - if (item) {
> -@@ -326,6 +327,19 @@ static int dtls1_process_buffered_records(SSL *s)
> - if (s->d1->unprocessed_rcds.epoch != s->d1->r_epoch)
> - return (1); /* Nothing to do. */
> -
> -+ rb = &s->s3->rbuf;
> -+
> -+ if (rb->left > 0) {
> -+ /*
> -+ * We've still got data from the current packet to read. There could
> -+ * be a record from the new epoch in it - so don't overwrite it
> -+ * with the unprocessed records yet (we'll do it when we've
> -+ * finished reading the current packet).
> -+ */
> -+ return 1;
> -+ }
> -+
> -+
> - /* Process all the records. */
> - while (pqueue_peek(s->d1->unprocessed_rcds.q)) {
> - dtls1_get_unprocessed_record(s);
> -@@ -581,6 +595,7 @@ int dtls1_get_record(SSL *s)
> -
> - rr = &(s->s3->rrec);
> -
> -+ again:
> - /*
> - * The epoch may have changed. If so, process all the pending records.
> - * This is a non-blocking operation.
> -@@ -593,7 +608,6 @@ int dtls1_get_record(SSL *s)
> - return 1;
> -
> - /* get something from the wire */
> -- again:
> - /* check if we have the header */
> - if ((s->rstate != SSL_ST_READ_BODY) ||
> - (s->packet_length < DTLS1_RT_HEADER_LENGTH)) {
> -@@ -1830,8 +1844,13 @@ static DTLS1_BITMAP *dtls1_get_bitmap(SSL *s, SSL3_RECORD *rr,
> - if (rr->epoch == s->d1->r_epoch)
> - return &s->d1->bitmap;
> -
> -- /* Only HM and ALERT messages can be from the next epoch */
> -+ /*
> -+ * Only HM and ALERT messages can be from the next epoch and only if we
> -+ * have already processed all of the unprocessed records from the last
> -+ * epoch
> -+ */
> - else if (rr->epoch == (unsigned long)(s->d1->r_epoch + 1) &&
> -+ s->d1->unprocessed_rcds.epoch != s->d1->r_epoch &&
> - (rr->type == SSL3_RT_HANDSHAKE || rr->type == SSL3_RT_ALERT)) {
> - *is_next_epoch = 1;
> - return &s->d1->next_bitmap;
> ---
> -2.7.4
> -
> diff --git a/meta/recipes-connectivity/openssl/openssl/CVE-2016-2181_p2.patch b/meta/recipes-connectivity/openssl/openssl/CVE-2016-2181_p2.patch
> deleted file mode 100644
> index ecf138a..0000000
> --- a/meta/recipes-connectivity/openssl/openssl/CVE-2016-2181_p2.patch
> +++ /dev/null
> @@ -1,239 +0,0 @@
> -From 3884b47b7c255c2e94d9b387ee83c7e8bb981258 Mon Sep 17 00:00:00 2001
> -From: Matt Caswell <matt@openssl.org>
> -Date: Tue, 5 Jul 2016 12:04:37 +0100
> -Subject: [PATCH] Fix DTLS replay protection
> -
> -The DTLS implementation provides some protection against replay attacks
> -in accordance with RFC6347 section 4.1.2.6.
> -
> -A sliding "window" of valid record sequence numbers is maintained with
> -the "right" hand edge of the window set to the highest sequence number we
> -have received so far. Records that arrive that are off the "left" hand
> -edge of the window are rejected. Records within the window are checked
> -against a list of records received so far. If we already received it then
> -we also reject the new record.
> -
> -If we have not already received the record, or the sequence number is off
> -the right hand edge of the window then we verify the MAC of the record.
> -If MAC verification fails then we discard the record. Otherwise we mark
> -the record as received. If the sequence number was off the right hand edge
> -of the window, then we slide the window along so that the right hand edge
> -is in line with the newly received sequence number.
> -
> -Records may arrive for future epochs, i.e. a record from after a CCS being
> -sent, can arrive before the CCS does if the packets get re-ordered. As we
> -have not yet received the CCS we are not yet in a position to decrypt or
> -validate the MAC of those records. OpenSSL places those records on an
> -unprocessed records queue. It additionally updates the window immediately,
> -even though we have not yet verified the MAC. This will only occur if
> -currently in a handshake/renegotiation.
> -
> -This could be exploited by an attacker by sending a record for the next
> -epoch (which does not have to decrypt or have a valid MAC), with a very
> -large sequence number. This means the right hand edge of the window is
> -moved very far to the right, and all subsequent legitimate packets are
> -dropped causing a denial of service.
> -
> -A similar effect can be achieved during the initial handshake. In this
> -case there is no MAC key negotiated yet. Therefore an attacker can send a
> -message for the current epoch with a very large sequence number. The code
> -will process the record as normal. If the hanshake message sequence number
> -(as opposed to the record sequence number that we have been talking about
> -so far) is in the future then the injected message is bufferred to be
> -handled later, but the window is still updated. Therefore all subsequent
> -legitimate handshake records are dropped. This aspect is not considered a
> -security issue because there are many ways for an attacker to disrupt the
> -initial handshake and prevent it from completing successfully (e.g.
> -injection of a handshake message will cause the Finished MAC to fail and
> -the handshake to be aborted). This issue comes about as a result of trying
> -to do replay protection, but having no integrity mechanism in place yet.
> -Does it even make sense to have replay protection in epoch 0? That
> -issue isn't addressed here though.
> -
> -This addressed an OCAP Audit issue.
> -
> -CVE-2016-2181
> -
> -Upstream-Status: Backport
> -CVE: CVE-2016-2181 patch2
> -Signed-off-by: Armin Kuster <akuster@mvista.com>
> -
> -
> -Reviewed-by: Richard Levitte <levitte@openssl.org>
> ----
> - ssl/d1_pkt.c | 60 +++++++++++++++++++++++++++++++++++++++++++++++------------
> - ssl/ssl.h | 1 +
> - ssl/ssl_err.c | 4 +++-
> - 3 files changed, 52 insertions(+), 13 deletions(-)
> -
> -Index: openssl-1.0.2h/ssl/d1_pkt.c
> -===================================================================
> ---- openssl-1.0.2h.orig/ssl/d1_pkt.c
> -+++ openssl-1.0.2h/ssl/d1_pkt.c
> -@@ -194,7 +194,7 @@ static int dtls1_record_needs_buffering(
> - #endif
> - static int dtls1_buffer_record(SSL *s, record_pqueue *q,
> - unsigned char *priority);
> --static int dtls1_process_record(SSL *s);
> -+static int dtls1_process_record(SSL *s, DTLS1_BITMAP *bitmap);
> -
> - /* copy buffered record into SSL structure */
> - static int dtls1_copy_record(SSL *s, pitem *item)
> -@@ -320,13 +320,18 @@ static int dtls1_process_buffered_record
> - {
> - pitem *item;
> - SSL3_BUFFER *rb;
> -+ SSL3_RECORD *rr;
> -+ DTLS1_BITMAP *bitmap;
> -+ unsigned int is_next_epoch;
> -+ int replayok = 1;
> -
> - item = pqueue_peek(s->d1->unprocessed_rcds.q);
> - if (item) {
> - /* Check if epoch is current. */
> - if (s->d1->unprocessed_rcds.epoch != s->d1->r_epoch)
> -- return (1); /* Nothing to do. */
> -+ return 1; /* Nothing to do. */
> -
> -+ rr = &s->s3->rrec;
> - rb = &s->s3->rbuf;
> -
> - if (rb->left > 0) {
> -@@ -343,11 +348,41 @@ static int dtls1_process_buffered_record
> - /* Process all the records. */
> - while (pqueue_peek(s->d1->unprocessed_rcds.q)) {
> - dtls1_get_unprocessed_record(s);
> -- if (!dtls1_process_record(s))
> -- return (0);
> -+ bitmap = dtls1_get_bitmap(s, rr, &is_next_epoch);
> -+ if (bitmap == NULL) {
> -+ /*
> -+ * Should not happen. This will only ever be NULL when the
> -+ * current record is from a different epoch. But that cannot
> -+ * be the case because we already checked the epoch above
> -+ */
> -+ SSLerr(SSL_F_DTLS1_PROCESS_BUFFERED_RECORDS,
> -+ ERR_R_INTERNAL_ERROR);
> -+ return 0;
> -+ }
> -+#ifndef OPENSSL_NO_SCTP
> -+ /* Only do replay check if no SCTP bio */
> -+ if (!BIO_dgram_is_sctp(SSL_get_rbio(s)))
> -+#endif
> -+ {
> -+ /*
> -+ * Check whether this is a repeat, or aged record. We did this
> -+ * check once already when we first received the record - but
> -+ * we might have updated the window since then due to
> -+ * records we subsequently processed.
> -+ */
> -+ replayok = dtls1_record_replay_check(s, bitmap);
> -+ }
> -+
> -+ if (!replayok || !dtls1_process_record(s, bitmap)) {
> -+ /* dump this record */
> -+ rr->length = 0;
> -+ s->packet_length = 0;
> -+ continue;
> -+ }
> -+
> - if (dtls1_buffer_record(s, &(s->d1->processed_rcds),
> - s->s3->rrec.seq_num) < 0)
> -- return -1;
> -+ return 0;
> - }
> - }
> -
> -@@ -358,7 +393,7 @@ static int dtls1_process_buffered_record
> - s->d1->processed_rcds.epoch = s->d1->r_epoch;
> - s->d1->unprocessed_rcds.epoch = s->d1->r_epoch + 1;
> -
> -- return (1);
> -+ return 1;
> - }
> -
> - #if 0
> -@@ -405,7 +440,7 @@ static int dtls1_get_buffered_record(SSL
> -
> - #endif
> -
> --static int dtls1_process_record(SSL *s)
> -+static int dtls1_process_record(SSL *s, DTLS1_BITMAP *bitmap)
> - {
> - int i, al;
> - int enc_err;
> -@@ -565,6 +600,10 @@ static int dtls1_process_record(SSL *s)
> -
> - /* we have pulled in a full packet so zero things */
> - s->packet_length = 0;
> -+
> -+ /* Mark receipt of record. */
> -+ dtls1_record_bitmap_update(s, bitmap);
> -+
> - return (1);
> -
> - f_err:
> -@@ -600,7 +639,7 @@ int dtls1_get_record(SSL *s)
> - * The epoch may have changed. If so, process all the pending records.
> - * This is a non-blocking operation.
> - */
> -- if (dtls1_process_buffered_records(s) < 0)
> -+ if (!dtls1_process_buffered_records(s))
> - return -1;
> -
> - /* if we're renegotiating, then there may be buffered records */
> -@@ -735,20 +774,17 @@ int dtls1_get_record(SSL *s)
> - if (dtls1_buffer_record
> - (s, &(s->d1->unprocessed_rcds), rr->seq_num) < 0)
> - return -1;
> -- /* Mark receipt of record. */
> -- dtls1_record_bitmap_update(s, bitmap);
> - }
> - rr->length = 0;
> - s->packet_length = 0;
> - goto again;
> - }
> -
> -- if (!dtls1_process_record(s)) {
> -+ if (!dtls1_process_record(s, bitmap)) {
> - rr->length = 0;
> - s->packet_length = 0; /* dump this record */
> - goto again; /* get another record */
> - }
> -- dtls1_record_bitmap_update(s, bitmap); /* Mark receipt of record. */
> -
> - return (1);
> -
> -Index: openssl-1.0.2h/ssl/ssl.h
> -===================================================================
> ---- openssl-1.0.2h.orig/ssl/ssl.h
> -+++ openssl-1.0.2h/ssl/ssl.h
> -@@ -2623,6 +2623,7 @@ void ERR_load_SSL_strings(void);
> - # define SSL_F_DTLS1_HEARTBEAT 305
> - # define SSL_F_DTLS1_OUTPUT_CERT_CHAIN 255
> - # define SSL_F_DTLS1_PREPROCESS_FRAGMENT 288
> -+# define SSL_F_DTLS1_PROCESS_BUFFERED_RECORDS 404
> - # define SSL_F_DTLS1_PROCESS_OUT_OF_SEQ_MESSAGE 256
> - # define SSL_F_DTLS1_PROCESS_RECORD 257
> - # define SSL_F_DTLS1_READ_BYTES 258
> -Index: openssl-1.0.2h/ssl/ssl_err.c
> -===================================================================
> ---- openssl-1.0.2h.orig/ssl/ssl_err.c
> -+++ openssl-1.0.2h/ssl/ssl_err.c
> -@@ -1,6 +1,6 @@
> - /* ssl/ssl_err.c */
> - /* ====================================================================
> -- * Copyright (c) 1999-2015 The OpenSSL Project. All rights reserved.
> -+ * Copyright (c) 1999-2016 The OpenSSL Project. All rights reserved.
> - *
> - * Redistribution and use in source and binary forms, with or without
> - * modification, are permitted provided that the following conditions
> -@@ -93,6 +93,8 @@ static ERR_STRING_DATA SSL_str_functs[]
> - {ERR_FUNC(SSL_F_DTLS1_HEARTBEAT), "dtls1_heartbeat"},
> - {ERR_FUNC(SSL_F_DTLS1_OUTPUT_CERT_CHAIN), "dtls1_output_cert_chain"},
> - {ERR_FUNC(SSL_F_DTLS1_PREPROCESS_FRAGMENT), "DTLS1_PREPROCESS_FRAGMENT"},
> -+ {ERR_FUNC(SSL_F_DTLS1_PROCESS_BUFFERED_RECORDS),
> -+ "DTLS1_PROCESS_BUFFERED_RECORDS"},
> - {ERR_FUNC(SSL_F_DTLS1_PROCESS_OUT_OF_SEQ_MESSAGE),
> - "DTLS1_PROCESS_OUT_OF_SEQ_MESSAGE"},
> - {ERR_FUNC(SSL_F_DTLS1_PROCESS_RECORD), "DTLS1_PROCESS_RECORD"},
> diff --git a/meta/recipes-connectivity/openssl/openssl/CVE-2016-2181_p3.patch b/meta/recipes-connectivity/openssl/openssl/CVE-2016-2181_p3.patch
> deleted file mode 100644
> index a752f89..0000000
> --- a/meta/recipes-connectivity/openssl/openssl/CVE-2016-2181_p3.patch
> +++ /dev/null
> @@ -1,30 +0,0 @@
> -From 26aebca74e38ae09f673c2045cc8e2ef762d265a Mon Sep 17 00:00:00 2001
> -From: Matt Caswell <matt@openssl.org>
> -Date: Wed, 17 Aug 2016 17:55:36 +0100
> -Subject: [PATCH] Update function error code
> -
> -A function error code needed updating due to merge issues.
> -
> -Reviewed-by: Richard Levitte <levitte@openssl.org>
> -
> -Upstream-Status: Backport
> -CVE: CVE-2016-2181 patch 3
> -Signed-off-by: Armin Kuster <akuster@mvista.com>
> -
> ----
> - ssl/ssl.h | 2 +-
> - 1 file changed, 1 insertion(+), 1 deletion(-)
> -
> -Index: openssl-1.0.2h/ssl/ssl.h
> -===================================================================
> ---- openssl-1.0.2h.orig/ssl/ssl.h
> -+++ openssl-1.0.2h/ssl/ssl.h
> -@@ -2623,7 +2623,7 @@ void ERR_load_SSL_strings(void);
> - # define SSL_F_DTLS1_HEARTBEAT 305
> - # define SSL_F_DTLS1_OUTPUT_CERT_CHAIN 255
> - # define SSL_F_DTLS1_PREPROCESS_FRAGMENT 288
> --# define SSL_F_DTLS1_PROCESS_BUFFERED_RECORDS 404
> -+# define SSL_F_DTLS1_PROCESS_BUFFERED_RECORDS 424
> - # define SSL_F_DTLS1_PROCESS_OUT_OF_SEQ_MESSAGE 256
> - # define SSL_F_DTLS1_PROCESS_RECORD 257
> - # define SSL_F_DTLS1_READ_BYTES 258
> diff --git a/meta/recipes-connectivity/openssl/openssl/CVE-2016-2182.patch b/meta/recipes-connectivity/openssl/openssl/CVE-2016-2182.patch
> deleted file mode 100644
> index 5995cbe..0000000
> --- a/meta/recipes-connectivity/openssl/openssl/CVE-2016-2182.patch
> +++ /dev/null
> @@ -1,70 +0,0 @@
> -From e36f27ddb80a48e579783bc29fb3758988342b71 Mon Sep 17 00:00:00 2001
> -From: "Dr. Stephen Henson" <steve@openssl.org>
> -Date: Fri, 5 Aug 2016 14:26:03 +0100
> -Subject: [PATCH] Check for errors in BN_bn2dec()
> -
> -If an oversize BIGNUM is presented to BN_bn2dec() it can cause
> -BN_div_word() to fail and not reduce the value of 't' resulting
> -in OOB writes to the bn_data buffer and eventually crashing.
> -
> -Fix by checking return value of BN_div_word() and checking writes
> -don't overflow buffer.
> -
> -Thanks to Shi Lei for reporting this bug.
> -
> -CVE-2016-2182
> -
> -Reviewed-by: Tim Hudson <tjh@openssl.org>
> -(cherry picked from commit 07bed46f332fce8c1d157689a2cdf915a982ae34)
> -
> -Conflicts:
> - crypto/bn/bn_print.c
> -
> -Upstream-Status: Backport
> -CVE: CVE-2016-2182
> -Signed-off-by: Armin Kuster <akuster@mvista.com>
> -
> ----
> - crypto/bn/bn_print.c | 11 ++++++++---
> - 1 file changed, 8 insertions(+), 3 deletions(-)
> -
> -diff --git a/crypto/bn/bn_print.c b/crypto/bn/bn_print.c
> -index bfa31ef..b44403e 100644
> ---- a/crypto/bn/bn_print.c
> -+++ b/crypto/bn/bn_print.c
> -@@ -111,6 +111,7 @@ char *BN_bn2dec(const BIGNUM *a)
> - char *p;
> - BIGNUM *t = NULL;
> - BN_ULONG *bn_data = NULL, *lp;
> -+ int bn_data_num;
> -
> - /*-
> - * get an upper bound for the length of the decimal integer
> -@@ -120,9 +121,9 @@ char *BN_bn2dec(const BIGNUM *a)
> - */
> - i = BN_num_bits(a) * 3;
> - num = (i / 10 + i / 1000 + 1) + 1;
> -- bn_data =
> -- (BN_ULONG *)OPENSSL_malloc((num / BN_DEC_NUM + 1) * sizeof(BN_ULONG));
> -- buf = (char *)OPENSSL_malloc(num + 3);
> -+ bn_data_num = num / BN_DEC_NUM + 1;
> -+ bn_data = OPENSSL_malloc(bn_data_num * sizeof(BN_ULONG));
> -+ buf = OPENSSL_malloc(num + 3);
> - if ((buf == NULL) || (bn_data == NULL)) {
> - BNerr(BN_F_BN_BN2DEC, ERR_R_MALLOC_FAILURE);
> - goto err;
> -@@ -143,7 +144,11 @@ char *BN_bn2dec(const BIGNUM *a)
> - i = 0;
> - while (!BN_is_zero(t)) {
> - *lp = BN_div_word(t, BN_DEC_CONV);
> -+ if (*lp == (BN_ULONG)-1)
> -+ goto err;
> - lp++;
> -+ if (lp - bn_data >= bn_data_num)
> -+ goto err;
> - }
> - lp--;
> - /*
> ---
> -2.7.4
> -
> diff --git a/meta/recipes-connectivity/openssl/openssl/CVE-2016-6302.patch b/meta/recipes-connectivity/openssl/openssl/CVE-2016-6302.patch
> deleted file mode 100644
> index a72ee70..0000000
> --- a/meta/recipes-connectivity/openssl/openssl/CVE-2016-6302.patch
> +++ /dev/null
> @@ -1,53 +0,0 @@
> -From baaabfd8fdcec04a691695fad9a664bea43202b6 Mon Sep 17 00:00:00 2001
> -From: "Dr. Stephen Henson" <steve@openssl.org>
> -Date: Tue, 23 Aug 2016 18:14:54 +0100
> -Subject: [PATCH] Sanity check ticket length.
> -
> -If a ticket callback changes the HMAC digest to SHA512 the existing
> -sanity checks are not sufficient and an attacker could perform a DoS
> -attack with a malformed ticket. Add additional checks based on
> -HMAC size.
> -
> -Thanks to Shi Lei for reporting this bug.
> -
> -CVE-2016-6302
> -
> -Reviewed-by: Rich Salz <rsalz@openssl.org>
> -
> -Upstream-Status: Backport
> -CVE: CVE-2016-6302
> -Signed-off-by: Armin Kuster <akuster@mvista.com>
> -
> ----
> - ssl/t1_lib.c | 11 ++++++++---
> - 1 file changed, 8 insertions(+), 3 deletions(-)
> -
> -Index: openssl-1.0.2h/ssl/t1_lib.c
> -===================================================================
> ---- openssl-1.0.2h.orig/ssl/t1_lib.c
> -+++ openssl-1.0.2h/ssl/t1_lib.c
> -@@ -3397,9 +3397,7 @@ static int tls_decrypt_ticket(SSL *s, co
> - HMAC_CTX hctx;
> - EVP_CIPHER_CTX ctx;
> - SSL_CTX *tctx = s->initial_ctx;
> -- /* Need at least keyname + iv + some encrypted data */
> -- if (eticklen < 48)
> -- return 2;
> -+
> - /* Initialize session ticket encryption and HMAC contexts */
> - HMAC_CTX_init(&hctx);
> - EVP_CIPHER_CTX_init(&ctx);
> -@@ -3433,6 +3431,13 @@ static int tls_decrypt_ticket(SSL *s, co
> - if (mlen < 0) {
> - goto err;
> - }
> -+ /* Sanity check ticket length: must exceed keyname + IV + HMAC */
> -+ if (eticklen <= 16 + EVP_CIPHER_CTX_iv_length(&ctx) + mlen) {
> -+ HMAC_CTX_cleanup(&hctx);
> -+ EVP_CIPHER_CTX_cleanup(&ctx);
> -+ return 2;
> -+ }
> -+
> - eticklen -= mlen;
> - /* Check HMAC of encrypted ticket */
> - if (HMAC_Update(&hctx, etick, eticklen) <= 0
> diff --git a/meta/recipes-connectivity/openssl/openssl/CVE-2016-6303.patch b/meta/recipes-connectivity/openssl/openssl/CVE-2016-6303.patch
> deleted file mode 100644
> index 95bdec4..0000000
> --- a/meta/recipes-connectivity/openssl/openssl/CVE-2016-6303.patch
> +++ /dev/null
> @@ -1,36 +0,0 @@
> -From 1027ad4f34c30b8585592764b9a670ba36888269 Mon Sep 17 00:00:00 2001
> -From: "Dr. Stephen Henson" <steve@openssl.org>
> -Date: Fri, 19 Aug 2016 23:28:29 +0100
> -Subject: [PATCH] Avoid overflow in MDC2_Update()
> -
> -Thanks to Shi Lei for reporting this issue.
> -
> -CVE-2016-6303
> -
> -Reviewed-by: Matt Caswell <matt@openssl.org>
> -(cherry picked from commit 55d83bf7c10c7b205fffa23fa7c3977491e56c07)
> -
> -Upstream-Status: Backport
> -CVE: CVE-2016-6303
> -Signed-off-by: Armin Kuster <akuster@mvista.com>
> -
> ----
> - crypto/mdc2/mdc2dgst.c | 2 +-
> - 1 file changed, 1 insertion(+), 1 deletion(-)
> -
> -diff --git a/crypto/mdc2/mdc2dgst.c b/crypto/mdc2/mdc2dgst.c
> -index 6615cf8..2dce493 100644
> ---- a/crypto/mdc2/mdc2dgst.c
> -+++ b/crypto/mdc2/mdc2dgst.c
> -@@ -91,7 +91,7 @@ int MDC2_Update(MDC2_CTX *c, const unsigned char *in, size_t len)
> -
> - i = c->num;
> - if (i != 0) {
> -- if (i + len < MDC2_BLOCK) {
> -+ if (len < MDC2_BLOCK - i) {
> - /* partial block */
> - memcpy(&(c->data[i]), in, len);
> - c->num += (int)len;
> ---
> -2.7.4
> -
> diff --git a/meta/recipes-connectivity/openssl/openssl/CVE-2016-6304.patch b/meta/recipes-connectivity/openssl/openssl/CVE-2016-6304.patch
> deleted file mode 100644
> index 64508b5..0000000
> --- a/meta/recipes-connectivity/openssl/openssl/CVE-2016-6304.patch
> +++ /dev/null
> @@ -1,75 +0,0 @@
> -From ea39b16b71e4e72a228a4535bd6d6a02c5edbc1f Mon Sep 17 00:00:00 2001
> -From: Matt Caswell <matt@openssl.org>
> -Date: Fri, 9 Sep 2016 10:08:45 +0100
> -Subject: [PATCH] Fix OCSP Status Request extension unbounded memory growth
> -
> -A malicious client can send an excessively large OCSP Status Request
> -extension. If that client continually requests renegotiation,
> -sending a large OCSP Status Request extension each time, then there will
> -be unbounded memory growth on the server. This will eventually lead to a
> -Denial Of Service attack through memory exhaustion. Servers with a
> -default configuration are vulnerable even if they do not support OCSP.
> -Builds using the "no-ocsp" build time option are not affected.
> -
> -I have also checked other extensions to see if they suffer from a similar
> -problem but I could not find any other issues.
> -
> -CVE-2016-6304
> -
> -Issue reported by Shi Lei.
> -
> -Reviewed-by: Rich Salz <rsalz@openssl.org>
> -
> -Upstream-Status: Backport
> -CVE: CVE-2016-6304
> -Signed-off-by: Armin Kuster <akuster@mvista.com>
> -
> ----
> - ssl/t1_lib.c | 24 +++++++++++++++++-------
> - 1 file changed, 17 insertions(+), 7 deletions(-)
> -
> -diff --git a/ssl/t1_lib.c b/ssl/t1_lib.c
> -index fbcf2e6..e4b4e27 100644
> ---- a/ssl/t1_lib.c
> -+++ b/ssl/t1_lib.c
> -@@ -2316,6 +2316,23 @@ static int ssl_scan_clienthello_tlsext(SSL *s, unsigned char **p,
> - size -= 2;
> - if (dsize > size)
> - goto err;
> -+
> -+ /*
> -+ * We remove any OCSP_RESPIDs from a previous handshake
> -+ * to prevent unbounded memory growth - CVE-2016-6304
> -+ */
> -+ sk_OCSP_RESPID_pop_free(s->tlsext_ocsp_ids,
> -+ OCSP_RESPID_free);
> -+ if (dsize > 0) {
> -+ s->tlsext_ocsp_ids = sk_OCSP_RESPID_new_null();
> -+ if (s->tlsext_ocsp_ids == NULL) {
> -+ *al = SSL_AD_INTERNAL_ERROR;
> -+ return 0;
> -+ }
> -+ } else {
> -+ s->tlsext_ocsp_ids = NULL;
> -+ }
> -+
> - while (dsize > 0) {
> - OCSP_RESPID *id;
> - int idsize;
> -@@ -2335,13 +2352,6 @@ static int ssl_scan_clienthello_tlsext(SSL *s, unsigned char **p,
> - OCSP_RESPID_free(id);
> - goto err;
> - }
> -- if (!s->tlsext_ocsp_ids
> -- && !(s->tlsext_ocsp_ids =
> -- sk_OCSP_RESPID_new_null())) {
> -- OCSP_RESPID_free(id);
> -- *al = SSL_AD_INTERNAL_ERROR;
> -- return 0;
> -- }
> - if (!sk_OCSP_RESPID_push(s->tlsext_ocsp_ids, id)) {
> - OCSP_RESPID_free(id);
> - *al = SSL_AD_INTERNAL_ERROR;
> ---
> -2.7.4
> -
> diff --git a/meta/recipes-connectivity/openssl/openssl/CVE-2016-6306.patch b/meta/recipes-connectivity/openssl/openssl/CVE-2016-6306.patch
> deleted file mode 100644
> index 9e7d576..0000000
> --- a/meta/recipes-connectivity/openssl/openssl/CVE-2016-6306.patch
> +++ /dev/null
> @@ -1,71 +0,0 @@
> -From ff553f837172ecb2b5c8eca257ec3c5619a4b299 Mon Sep 17 00:00:00 2001
> -From: "Dr. Stephen Henson" <steve@openssl.org>
> -Date: Sat, 17 Sep 2016 12:36:58 +0100
> -Subject: [PATCH] Fix small OOB reads.
> -
> -In ssl3_get_client_certificate, ssl3_get_server_certificate and
> -ssl3_get_certificate_request check we have enough room
> -before reading a length.
> -
> -Thanks to Shi Lei (Gear Team, Qihoo 360 Inc.) for reporting these bugs.
> -
> -CVE-2016-6306
> -
> -Reviewed-by: Richard Levitte <levitte@openssl.org>
> -Reviewed-by: Matt Caswell <matt@openssl.org>
> -
> -Upstream-Status: Backport
> -CVE: CVE-2016-6306
> -Signed-off-by: Armin Kuster <akuster@mvista.com>
> -
> ----
> - ssl/s3_clnt.c | 11 +++++++++++
> - ssl/s3_srvr.c | 6 ++++++
> - 2 files changed, 17 insertions(+)
> -
> -Index: openssl-1.0.2h/ssl/s3_clnt.c
> -===================================================================
> ---- openssl-1.0.2h.orig/ssl/s3_clnt.c
> -+++ openssl-1.0.2h/ssl/s3_clnt.c
> -@@ -1216,6 +1216,12 @@ int ssl3_get_server_certificate(SSL *s)
> - goto f_err;
> - }
> - for (nc = 0; nc < llen;) {
> -+ if (nc + 3 > llen) {
> -+ al = SSL_AD_DECODE_ERROR;
> -+ SSLerr(SSL_F_SSL3_GET_SERVER_CERTIFICATE,
> -+ SSL_R_CERT_LENGTH_MISMATCH);
> -+ goto f_err;
> -+ }
> - n2l3(p, l);
> - if ((l + nc + 3) > llen) {
> - al = SSL_AD_DECODE_ERROR;
> -@@ -2167,6 +2173,11 @@ int ssl3_get_certificate_request(SSL *s)
> - }
> -
> - for (nc = 0; nc < llen;) {
> -+ if (nc + 2 > llen) {
> -+ ssl3_send_alert(s, SSL3_AL_FATAL, SSL_AD_DECODE_ERROR);
> -+ SSLerr(SSL_F_SSL3_GET_CERTIFICATE_REQUEST, SSL_R_CA_DN_TOO_LONG);
> -+ goto err;
> -+ }
> - n2s(p, l);
> - if ((l + nc + 2) > llen) {
> - if ((s->options & SSL_OP_NETSCAPE_CA_DN_BUG))
> -Index: openssl-1.0.2h/ssl/s3_srvr.c
> -===================================================================
> ---- openssl-1.0.2h.orig/ssl/s3_srvr.c
> -+++ openssl-1.0.2h/ssl/s3_srvr.c
> -@@ -3213,6 +3213,12 @@ int ssl3_get_client_certificate(SSL *s)
> - goto f_err;
> - }
> - for (nc = 0; nc < llen;) {
> -+ if (nc + 3 > llen) {
> -+ al = SSL_AD_DECODE_ERROR;
> -+ SSLerr(SSL_F_SSL3_GET_CLIENT_CERTIFICATE,
> -+ SSL_R_CERT_LENGTH_MISMATCH);
> -+ goto f_err;
> -+ }
> - n2l3(p, l);
> - if ((l + nc + 3) > llen) {
> - al = SSL_AD_DECODE_ERROR;
> diff --git a/meta/recipes-connectivity/openssl/openssl/CVE-2016-8610.patch b/meta/recipes-connectivity/openssl/openssl/CVE-2016-8610.patch
> deleted file mode 100644
> index c2af589..0000000
> --- a/meta/recipes-connectivity/openssl/openssl/CVE-2016-8610.patch
> +++ /dev/null
> @@ -1,124 +0,0 @@
> -From 22646a075e75991b4e8f5d67171e45a6aead5b48 Mon Sep 17 00:00:00 2001
> -From: Matt Caswell <matt@openssl.org>
> -Date: Wed, 21 Sep 2016 14:48:16 +0100
> -Subject: [PATCH] Don't allow too many consecutive warning alerts
> -
> -Certain warning alerts are ignored if they are received. This can mean that
> -no progress will be made if one peer continually sends those warning alerts.
> -Implement a count so that we abort the connection if we receive too many.
> -
> -Issue reported by Shi Lei.
> -
> -Reviewed-by: Rich Salz <rsalz@openssl.org>
> -
> -Upstream-Status: Backport
> -CVE: CVE-2016-8610
> -Signed-off-by: Armin Kuster <akuster@mvista.com>
> -
> ----
> - ssl/d1_pkt.c | 15 +++++++++++++++
> - ssl/s3_pkt.c | 15 +++++++++++++++
> - ssl/ssl.h | 1 +
> - ssl/ssl_locl.h | 4 ++++
> - 4 files changed, 35 insertions(+)
> -
> -Index: openssl-1.0.2h/ssl/d1_pkt.c
> -===================================================================
> ---- openssl-1.0.2h.orig/ssl/d1_pkt.c
> -+++ openssl-1.0.2h/ssl/d1_pkt.c
> -@@ -928,6 +928,13 @@ int dtls1_read_bytes(SSL *s, int type, u
> - goto start;
> - }
> -
> -+ /*
> -+ * Reset the count of consecutive warning alerts if we've got a non-empty
> -+ * record that isn't an alert.
> -+ */
> -+ if (rr->type != SSL3_RT_ALERT && rr->length != 0)
> -+ s->cert->alert_count = 0;
> -+
> - /* we now have a packet which can be read and processed */
> -
> - if (s->s3->change_cipher_spec /* set when we receive ChangeCipherSpec,
> -@@ -1194,6 +1201,14 @@ int dtls1_read_bytes(SSL *s, int type, u
> -
> - if (alert_level == SSL3_AL_WARNING) {
> - s->s3->warn_alert = alert_descr;
> -+
> -+ s->cert->alert_count++;
> -+ if (s->cert->alert_count == MAX_WARN_ALERT_COUNT) {
> -+ al = SSL_AD_UNEXPECTED_MESSAGE;
> -+ SSLerr(SSL_F_DTLS1_READ_BYTES, SSL_R_TOO_MANY_WARN_ALERTS);
> -+ goto f_err;
> -+ }
> -+
> - if (alert_descr == SSL_AD_CLOSE_NOTIFY) {
> - #ifndef OPENSSL_NO_SCTP
> - /*
> -Index: openssl-1.0.2h/ssl/s3_pkt.c
> -===================================================================
> ---- openssl-1.0.2h.orig/ssl/s3_pkt.c
> -+++ openssl-1.0.2h/ssl/s3_pkt.c
> -@@ -1229,6 +1229,13 @@ int ssl3_read_bytes(SSL *s, int type, un
> - return (ret);
> - }
> -
> -+ /*
> -+ * Reset the count of consecutive warning alerts if we've got a non-empty
> -+ * record that isn't an alert.
> -+ */
> -+ if (rr->type != SSL3_RT_ALERT && rr->length != 0)
> -+ s->cert->alert_count = 0;
> -+
> - /* we now have a packet which can be read and processed */
> -
> - if (s->s3->change_cipher_spec /* set when we receive ChangeCipherSpec,
> -@@ -1443,6 +1450,14 @@ int ssl3_read_bytes(SSL *s, int type, un
> -
> - if (alert_level == SSL3_AL_WARNING) {
> - s->s3->warn_alert = alert_descr;
> -+
> -+ s->cert->alert_count++;
> -+ if (s->cert->alert_count == MAX_WARN_ALERT_COUNT) {
> -+ al = SSL_AD_UNEXPECTED_MESSAGE;
> -+ SSLerr(SSL_F_SSL3_READ_BYTES, SSL_R_TOO_MANY_WARN_ALERTS);
> -+ goto f_err;
> -+ }
> -+
> - if (alert_descr == SSL_AD_CLOSE_NOTIFY) {
> - s->shutdown |= SSL_RECEIVED_SHUTDOWN;
> - return (0);
> -Index: openssl-1.0.2h/ssl/ssl.h
> -===================================================================
> ---- openssl-1.0.2h.orig/ssl/ssl.h
> -+++ openssl-1.0.2h/ssl/ssl.h
> -@@ -3115,6 +3115,7 @@ void ERR_load_SSL_strings(void);
> - # define SSL_R_TLS_INVALID_ECPOINTFORMAT_LIST 157
> - # define SSL_R_TLS_PEER_DID_NOT_RESPOND_WITH_CERTIFICATE_LIST 233
> - # define SSL_R_TLS_RSA_ENCRYPTED_VALUE_LENGTH_IS_WRONG 234
> -+# define SSL_R_TOO_MANY_WARN_ALERTS 409
> - # define SSL_R_TRIED_TO_USE_UNSUPPORTED_CIPHER 235
> - # define SSL_R_UNABLE_TO_DECODE_DH_CERTS 236
> - # define SSL_R_UNABLE_TO_DECODE_ECDH_CERTS 313
> -Index: openssl-1.0.2h/ssl/ssl_locl.h
> -===================================================================
> ---- openssl-1.0.2h.orig/ssl/ssl_locl.h
> -+++ openssl-1.0.2h/ssl/ssl_locl.h
> -@@ -585,6 +585,8 @@ typedef struct {
> - */
> - # define SSL_EXT_FLAG_SENT 0x2
> -
> -+# define MAX_WARN_ALERT_COUNT 5
> -+
> - typedef struct {
> - custom_ext_method *meths;
> - size_t meths_count;
> -@@ -692,6 +694,8 @@ typedef struct cert_st {
> - unsigned char *alpn_proposed; /* server */
> - unsigned int alpn_proposed_len;
> - int alpn_sent; /* client */
> -+ /* Count of the number of consecutive warning alerts received */
> -+ unsigned int alert_count;
> - } CERT;
> -
> - typedef struct sess_cert_st {
> diff --git a/meta/recipes-connectivity/openssl/openssl/Use-SHA256-not-MD5-as-default-digest.patch b/meta/recipes-connectivity/openssl/openssl/Use-SHA256-not-MD5-as-default-digest.patch
> new file mode 100644
> index 0000000..58c9ee7
> --- /dev/null
> +++ b/meta/recipes-connectivity/openssl/openssl/Use-SHA256-not-MD5-as-default-digest.patch
> @@ -0,0 +1,69 @@
> +From d795f5f20a29adecf92c09459a3ee07ffac01a99 Mon Sep 17 00:00:00 2001
> +From: Rich Salz <rsalz@akamai.com>
> +Date: Sat, 13 Jun 2015 17:03:39 -0400
> +Subject: [PATCH] Use SHA256 not MD5 as default digest.
> +
> +Commit f8547f62c212837dbf44fb7e2755e5774a59a57b upstream.
> +
> +Upstream-Status: Backport
> +Backport from OpenSSL 2.0 to OpenSSL 1.0.2
> +Commit f8547f62c212837dbf44fb7e2755e5774a59a57b
> +
> +CVE: CVE-2004-2761
> +
> + The MD5 Message-Digest Algorithm is not collision resistant,
> + which makes it easier for context-dependent attackers to
> + conduct spoofing attacks, as demonstrated by attacks on the
> + use of MD5 in the signature algorithm of an X.509 certificate.
> +
> +Reviewed-by: Viktor Dukhovni <viktor@openssl.org>
> +Signed-off-by: Zhang Xiao <xiao.zhang@windriver.com>
> +Signed-off-by: T.O. Radzy Radzykewycz <radzy@windriver.com>
> +---
> + apps/ca.c | 2 +-
> + apps/dgst.c | 2 +-
> + apps/enc.c | 2 +-
> + 3 files changed, 3 insertions(+), 3 deletions(-)
> +
> +diff --git a/apps/ca.c b/apps/ca.c
> +index 3b7336c..8f3a84b 100644
> +--- a/apps/ca.c
> ++++ b/apps/ca.c
> +@@ -1612,7 +1612,7 @@ static int certify_cert(X509 **xret, char *infile, EVP_PKEY *pkey, X509 *x509,
> + } else
> + BIO_printf(bio_err, "Signature ok\n");
> +
> +- if ((rreq = X509_to_X509_REQ(req, NULL, EVP_md5())) == NULL)
> ++ if ((rreq = X509_to_X509_REQ(req, NULL, NULL)) == NULL)
> + goto err;
> +
> + ok = do_body(xret, pkey, x509, dgst, sigopts, policy, db, serial, subj,
> +diff --git a/apps/dgst.c b/apps/dgst.c
> +index 95e5fa3..0d1529f 100644
> +--- a/apps/dgst.c
> ++++ b/apps/dgst.c
> +@@ -442,7 +442,7 @@ int MAIN(int argc, char **argv)
> + goto end;
> + }
> + if (md == NULL)
> +- md = EVP_md5();
> ++ md = EVP_sha256();
> + if (!EVP_DigestInit_ex(mctx, md, impl)) {
> + BIO_printf(bio_err, "Error setting digest %s\n", pname);
> + ERR_print_errors(bio_err);
> +diff --git a/apps/enc.c b/apps/enc.c
> +index 7b7c70b..a7d944c 100644
> +--- a/apps/enc.c
> ++++ b/apps/enc.c
> +@@ -344,7 +344,7 @@ int MAIN(int argc, char **argv)
> + }
> +
> + if (dgst == NULL) {
> +- dgst = EVP_md5();
> ++ dgst = EVP_sha256();
> + }
> +
> + if (bufsize != NULL) {
> +--
> +1.9.1
> +
> diff --git a/meta/recipes-connectivity/openssl/openssl/crypto_use_bigint_in_x86-64_perl.patch b/meta/recipes-connectivity/openssl/openssl/crypto_use_bigint_in_x86-64_perl.patch
> deleted file mode 100644
> index 7ba9eab..0000000
> --- a/meta/recipes-connectivity/openssl/openssl/crypto_use_bigint_in_x86-64_perl.patch
> +++ /dev/null
> @@ -1,33 +0,0 @@
> -Upsteram Status: Backport
> -
> -When building on x32 systems where the default type is 32bit, make sure
> -we can transparently represent 64bit integers. Otherwise we end up with
> -build errors like:
> -/usr/bin/perl asm/ghash-x86_64.pl elf > ghash-x86_64.s
> -Integer overflow in hexadecimal number at asm/../../perlasm/x86_64-xlate.pl line 201, <> line 890.
> -...
> -ghash-x86_64.s: Assembler messages:
> -ghash-x86_64.s:890: Error: junk '.15473355479995e+19' after expression
> -
> -We don't enable this globally as there are some cases where we'd get
> -32bit values interpreted as unsigned when we need them as signed.
> -
> -Reported-by: Bertrand Jacquin <bertrand@jacquin.bzh>
> -URL: https://bugs.gentoo.org/542618
> -
> -Signed-off-By: Armin Kuster <akuster@mvista.com>
> -
> -diff --git a/crypto/perlasm/x86_64-xlate.pl b/crypto/perlasm/x86_64-xlate.pl
> ---- a/crypto/perlasm/x86_64-xlate.pl
> -+++ b/crypto/perlasm/x86_64-xlate.pl
> -@@ -196,6 +196,10 @@ my %globals;
> - my $self = shift;
> -
> - $self->{value} =~ s/\b(0b[0-1]+)/oct($1)/eig;
> -+ # When building on x32 ABIs, the expanded hex value might be too
> -+ # big to fit into 32bits. Enable transparent 64bit support here
> -+ # so we can safely print it out.
> -+ use bigint;
> - if ($gas) {
> - # Solaris /usr/ccs/bin/as can't handle multiplications
> - # in $self->{value}
> diff --git a/meta/recipes-connectivity/openssl/openssl/debian/ca.patch b/meta/recipes-connectivity/openssl/openssl/debian/ca.patch
> index aba4d42..fb745e4 100644
> --- a/meta/recipes-connectivity/openssl/openssl/debian/ca.patch
> +++ b/meta/recipes-connectivity/openssl/openssl/debian/ca.patch
> @@ -7,7 +7,7 @@ Index: openssl-0.9.8m/apps/CA.pl.in
> @@ -65,6 +65,7 @@
> foreach (@ARGV) {
> if ( /^(-\?|-h|-help)$/ ) {
> - print STDERR "usage: CA -newcert|-newreq|-newreq-nodes|-newca|-sign|-verify\n";
> + print STDERR "usage: CA -newcert|-newreq|-newreq-nodes|-newca|-sign|-signcert|-verify\n";
> + print STDERR "usage: CA -signcert certfile keyfile|-newcert|-newreq|-newca|-sign|-verify\n";
> exit 0;
> } elsif (/^-newcert$/) {
> diff --git a/meta/recipes-connectivity/openssl/openssl/debian/version-script.patch b/meta/recipes-connectivity/openssl/openssl/debian/version-script.patch
> new file mode 100644
> index 0000000..a249180
> --- /dev/null
> +++ b/meta/recipes-connectivity/openssl/openssl/debian/version-script.patch
> @@ -0,0 +1,4663 @@
> +Index: openssl-1.0.2~beta1.obsolete.0.0498436515490575/Configure
> +===================================================================
> +--- openssl-1.0.2~beta1.obsolete.0.0498436515490575.orig/Configure 2014-02-24 21:02:30.000000000 +0100
> ++++ openssl-1.0.2~beta1.obsolete.0.0498436515490575/Configure 2014-02-24 21:02:30.000000000 +0100
> +@@ -1651,6 +1651,8 @@
> + }
> + }
> +
> ++$shared_ldflag .= " -Wl,--version-script=openssl.ld";
> ++
> + open(IN,'<Makefile.org') || die "unable to read Makefile.org:$!\n";
> + unlink("$Makefile.new") || die "unable to remove old $Makefile.new:$!\n" if -e "$Makefile.new";
> + open(OUT,">$Makefile.new") || die "unable to create $Makefile.new:$!\n";
> +Index: openssl-1.0.2~beta1.obsolete.0.0498436515490575/openssl.ld
> +===================================================================
> +--- /dev/null 1970-01-01 00:00:00.000000000 +0000
> ++++ openssl-1.0.2~beta1.obsolete.0.0498436515490575/openssl.ld 2014-02-24 22:19:08.601827266 +0100
> +@@ -0,0 +1,4615 @@
> ++OPENSSL_1.0.0 {
> ++ global:
> ++ BIO_f_ssl;
> ++ BIO_new_buffer_ssl_connect;
> ++ BIO_new_ssl;
> ++ BIO_new_ssl_connect;
> ++ BIO_proxy_ssl_copy_session_id;
> ++ BIO_ssl_copy_session_id;
> ++ BIO_ssl_shutdown;
> ++ d2i_SSL_SESSION;
> ++ DTLSv1_client_method;
> ++ DTLSv1_method;
> ++ DTLSv1_server_method;
> ++ ERR_load_SSL_strings;
> ++ i2d_SSL_SESSION;
> ++ kssl_build_principal_2;
> ++ kssl_cget_tkt;
> ++ kssl_check_authent;
> ++ kssl_ctx_free;
> ++ kssl_ctx_new;
> ++ kssl_ctx_setkey;
> ++ kssl_ctx_setprinc;
> ++ kssl_ctx_setstring;
> ++ kssl_ctx_show;
> ++ kssl_err_set;
> ++ kssl_krb5_free_data_contents;
> ++ kssl_sget_tkt;
> ++ kssl_skip_confound;
> ++ kssl_validate_times;
> ++ PEM_read_bio_SSL_SESSION;
> ++ PEM_read_SSL_SESSION;
> ++ PEM_write_bio_SSL_SESSION;
> ++ PEM_write_SSL_SESSION;
> ++ SSL_accept;
> ++ SSL_add_client_CA;
> ++ SSL_add_dir_cert_subjects_to_stack;
> ++ SSL_add_dir_cert_subjs_to_stk;
> ++ SSL_add_file_cert_subjects_to_stack;
> ++ SSL_add_file_cert_subjs_to_stk;
> ++ SSL_alert_desc_string;
> ++ SSL_alert_desc_string_long;
> ++ SSL_alert_type_string;
> ++ SSL_alert_type_string_long;
> ++ SSL_callback_ctrl;
> ++ SSL_check_private_key;
> ++ SSL_CIPHER_description;
> ++ SSL_CIPHER_get_bits;
> ++ SSL_CIPHER_get_name;
> ++ SSL_CIPHER_get_version;
> ++ SSL_clear;
> ++ SSL_COMP_add_compression_method;
> ++ SSL_COMP_get_compression_methods;
> ++ SSL_COMP_get_compress_methods;
> ++ SSL_COMP_get_name;
> ++ SSL_connect;
> ++ SSL_copy_session_id;
> ++ SSL_ctrl;
> ++ SSL_CTX_add_client_CA;
> ++ SSL_CTX_add_session;
> ++ SSL_CTX_callback_ctrl;
> ++ SSL_CTX_check_private_key;
> ++ SSL_CTX_ctrl;
> ++ SSL_CTX_flush_sessions;
> ++ SSL_CTX_free;
> ++ SSL_CTX_get_cert_store;
> ++ SSL_CTX_get_client_CA_list;
> ++ SSL_CTX_get_client_cert_cb;
> ++ SSL_CTX_get_ex_data;
> ++ SSL_CTX_get_ex_new_index;
> ++ SSL_CTX_get_info_callback;
> ++ SSL_CTX_get_quiet_shutdown;
> ++ SSL_CTX_get_timeout;
> ++ SSL_CTX_get_verify_callback;
> ++ SSL_CTX_get_verify_depth;
> ++ SSL_CTX_get_verify_mode;
> ++ SSL_CTX_load_verify_locations;
> ++ SSL_CTX_new;
> ++ SSL_CTX_remove_session;
> ++ SSL_CTX_sess_get_get_cb;
> ++ SSL_CTX_sess_get_new_cb;
> ++ SSL_CTX_sess_get_remove_cb;
> ++ SSL_CTX_sessions;
> ++ SSL_CTX_sess_set_get_cb;
> ++ SSL_CTX_sess_set_new_cb;
> ++ SSL_CTX_sess_set_remove_cb;
> ++ SSL_CTX_set1_param;
> ++ SSL_CTX_set_cert_store;
> ++ SSL_CTX_set_cert_verify_callback;
> ++ SSL_CTX_set_cert_verify_cb;
> ++ SSL_CTX_set_cipher_list;
> ++ SSL_CTX_set_client_CA_list;
> ++ SSL_CTX_set_client_cert_cb;
> ++ SSL_CTX_set_client_cert_engine;
> ++ SSL_CTX_set_cookie_generate_cb;
> ++ SSL_CTX_set_cookie_verify_cb;
> ++ SSL_CTX_set_default_passwd_cb;
> ++ SSL_CTX_set_default_passwd_cb_userdata;
> ++ SSL_CTX_set_default_verify_paths;
> ++ SSL_CTX_set_def_passwd_cb_ud;
> ++ SSL_CTX_set_def_verify_paths;
> ++ SSL_CTX_set_ex_data;
> ++ SSL_CTX_set_generate_session_id;
> ++ SSL_CTX_set_info_callback;
> ++ SSL_CTX_set_msg_callback;
> ++ SSL_CTX_set_psk_client_callback;
> ++ SSL_CTX_set_psk_server_callback;
> ++ SSL_CTX_set_purpose;
> ++ SSL_CTX_set_quiet_shutdown;
> ++ SSL_CTX_set_session_id_context;
> ++ SSL_CTX_set_ssl_version;
> ++ SSL_CTX_set_timeout;
> ++ SSL_CTX_set_tmp_dh_callback;
> ++ SSL_CTX_set_tmp_ecdh_callback;
> ++ SSL_CTX_set_tmp_rsa_callback;
> ++ SSL_CTX_set_trust;
> ++ SSL_CTX_set_verify;
> ++ SSL_CTX_set_verify_depth;
> ++ SSL_CTX_use_cert_chain_file;
> ++ SSL_CTX_use_certificate;
> ++ SSL_CTX_use_certificate_ASN1;
> ++ SSL_CTX_use_certificate_chain_file;
> ++ SSL_CTX_use_certificate_file;
> ++ SSL_CTX_use_PrivateKey;
> ++ SSL_CTX_use_PrivateKey_ASN1;
> ++ SSL_CTX_use_PrivateKey_file;
> ++ SSL_CTX_use_psk_identity_hint;
> ++ SSL_CTX_use_RSAPrivateKey;
> ++ SSL_CTX_use_RSAPrivateKey_ASN1;
> ++ SSL_CTX_use_RSAPrivateKey_file;
> ++ SSL_do_handshake;
> ++ SSL_dup;
> ++ SSL_dup_CA_list;
> ++ SSLeay_add_ssl_algorithms;
> ++ SSL_free;
> ++ SSL_get1_session;
> ++ SSL_get_certificate;
> ++ SSL_get_cipher_list;
> ++ SSL_get_ciphers;
> ++ SSL_get_client_CA_list;
> ++ SSL_get_current_cipher;
> ++ SSL_get_current_compression;
> ++ SSL_get_current_expansion;
> ++ SSL_get_default_timeout;
> ++ SSL_get_error;
> ++ SSL_get_ex_data;
> ++ SSL_get_ex_data_X509_STORE_CTX_idx;
> ++ SSL_get_ex_d_X509_STORE_CTX_idx;
> ++ SSL_get_ex_new_index;
> ++ SSL_get_fd;
> ++ SSL_get_finished;
> ++ SSL_get_info_callback;
> ++ SSL_get_peer_cert_chain;
> ++ SSL_get_peer_certificate;
> ++ SSL_get_peer_finished;
> ++ SSL_get_privatekey;
> ++ SSL_get_psk_identity;
> ++ SSL_get_psk_identity_hint;
> ++ SSL_get_quiet_shutdown;
> ++ SSL_get_rbio;
> ++ SSL_get_read_ahead;
> ++ SSL_get_rfd;
> ++ SSL_get_servername;
> ++ SSL_get_servername_type;
> ++ SSL_get_session;
> ++ SSL_get_shared_ciphers;
> ++ SSL_get_shutdown;
> ++ SSL_get_SSL_CTX;
> ++ SSL_get_ssl_method;
> ++ SSL_get_verify_callback;
> ++ SSL_get_verify_depth;
> ++ SSL_get_verify_mode;
> ++ SSL_get_verify_result;
> ++ SSL_get_version;
> ++ SSL_get_wbio;
> ++ SSL_get_wfd;
> ++ SSL_has_matching_session_id;
> ++ SSL_library_init;
> ++ SSL_load_client_CA_file;
> ++ SSL_load_error_strings;
> ++ SSL_new;
> ++ SSL_peek;
> ++ SSL_pending;
> ++ SSL_read;
> ++ SSL_renegotiate;
> ++ SSL_renegotiate_pending;
> ++ SSL_rstate_string;
> ++ SSL_rstate_string_long;
> ++ SSL_SESSION_cmp;
> ++ SSL_SESSION_free;
> ++ SSL_SESSION_get_ex_data;
> ++ SSL_SESSION_get_ex_new_index;
> ++ SSL_SESSION_get_id;
> ++ SSL_SESSION_get_time;
> ++ SSL_SESSION_get_timeout;
> ++ SSL_SESSION_hash;
> ++ SSL_SESSION_new;
> ++ SSL_SESSION_print;
> ++ SSL_SESSION_print_fp;
> ++ SSL_SESSION_set_ex_data;
> ++ SSL_SESSION_set_time;
> ++ SSL_SESSION_set_timeout;
> ++ SSL_set1_param;
> ++ SSL_set_accept_state;
> ++ SSL_set_bio;
> ++ SSL_set_cipher_list;
> ++ SSL_set_client_CA_list;
> ++ SSL_set_connect_state;
> ++ SSL_set_ex_data;
> ++ SSL_set_fd;
> ++ SSL_set_generate_session_id;
> ++ SSL_set_info_callback;
> ++ SSL_set_msg_callback;
> ++ SSL_set_psk_client_callback;
> ++ SSL_set_psk_server_callback;
> ++ SSL_set_purpose;
> ++ SSL_set_quiet_shutdown;
> ++ SSL_set_read_ahead;
> ++ SSL_set_rfd;
> ++ SSL_set_session;
> ++ SSL_set_session_id_context;
> ++ SSL_set_session_secret_cb;
> ++ SSL_set_session_ticket_ext;
> ++ SSL_set_session_ticket_ext_cb;
> ++ SSL_set_shutdown;
> ++ SSL_set_SSL_CTX;
> ++ SSL_set_ssl_method;
> ++ SSL_set_tmp_dh_callback;
> ++ SSL_set_tmp_ecdh_callback;
> ++ SSL_set_tmp_rsa_callback;
> ++ SSL_set_trust;
> ++ SSL_set_verify;
> ++ SSL_set_verify_depth;
> ++ SSL_set_verify_result;
> ++ SSL_set_wfd;
> ++ SSL_shutdown;
> ++ SSL_state;
> ++ SSL_state_string;
> ++ SSL_state_string_long;
> ++ SSL_use_certificate;
> ++ SSL_use_certificate_ASN1;
> ++ SSL_use_certificate_file;
> ++ SSL_use_PrivateKey;
> ++ SSL_use_PrivateKey_ASN1;
> ++ SSL_use_PrivateKey_file;
> ++ SSL_use_psk_identity_hint;
> ++ SSL_use_RSAPrivateKey;
> ++ SSL_use_RSAPrivateKey_ASN1;
> ++ SSL_use_RSAPrivateKey_file;
> ++ SSLv23_client_method;
> ++ SSLv23_method;
> ++ SSLv23_server_method;
> ++ SSLv2_client_method;
> ++ SSLv2_method;
> ++ SSLv2_server_method;
> ++ SSLv3_client_method;
> ++ SSLv3_method;
> ++ SSLv3_server_method;
> ++ SSL_version;
> ++ SSL_want;
> ++ SSL_write;
> ++ TLSv1_client_method;
> ++ TLSv1_method;
> ++ TLSv1_server_method;
> ++
> ++
> ++ SSLeay;
> ++ SSLeay_version;
> ++ ASN1_BIT_STRING_asn1_meth;
> ++ ASN1_HEADER_free;
> ++ ASN1_HEADER_new;
> ++ ASN1_IA5STRING_asn1_meth;
> ++ ASN1_INTEGER_get;
> ++ ASN1_INTEGER_set;
> ++ ASN1_INTEGER_to_BN;
> ++ ASN1_OBJECT_create;
> ++ ASN1_OBJECT_free;
> ++ ASN1_OBJECT_new;
> ++ ASN1_PRINTABLE_type;
> ++ ASN1_STRING_cmp;
> ++ ASN1_STRING_dup;
> ++ ASN1_STRING_free;
> ++ ASN1_STRING_new;
> ++ ASN1_STRING_print;
> ++ ASN1_STRING_set;
> ++ ASN1_STRING_type_new;
> ++ ASN1_TYPE_free;
> ++ ASN1_TYPE_new;
> ++ ASN1_UNIVERSALSTRING_to_string;
> ++ ASN1_UTCTIME_check;
> ++ ASN1_UTCTIME_print;
> ++ ASN1_UTCTIME_set;
> ++ ASN1_check_infinite_end;
> ++ ASN1_d2i_bio;
> ++ ASN1_d2i_fp;
> ++ ASN1_digest;
> ++ ASN1_dup;
> ++ ASN1_get_object;
> ++ ASN1_i2d_bio;
> ++ ASN1_i2d_fp;
> ++ ASN1_object_size;
> ++ ASN1_parse;
> ++ ASN1_put_object;
> ++ ASN1_sign;
> ++ ASN1_verify;
> ++ BF_cbc_encrypt;
> ++ BF_cfb64_encrypt;
> ++ BF_ecb_encrypt;
> ++ BF_encrypt;
> ++ BF_ofb64_encrypt;
> ++ BF_options;
> ++ BF_set_key;
> ++ BIO_CONNECT_free;
> ++ BIO_CONNECT_new;
> ++ BIO_accept;
> ++ BIO_ctrl;
> ++ BIO_int_ctrl;
> ++ BIO_debug_callback;
> ++ BIO_dump;
> ++ BIO_dup_chain;
> ++ BIO_f_base64;
> ++ BIO_f_buffer;
> ++ BIO_f_cipher;
> ++ BIO_f_md;
> ++ BIO_f_null;
> ++ BIO_f_proxy_server;
> ++ BIO_fd_non_fatal_error;
> ++ BIO_fd_should_retry;
> ++ BIO_find_type;
> ++ BIO_free;
> ++ BIO_free_all;
> ++ BIO_get_accept_socket;
> ++ BIO_get_filter_bio;
> ++ BIO_get_host_ip;
> ++ BIO_get_port;
> ++ BIO_get_retry_BIO;
> ++ BIO_get_retry_reason;
> ++ BIO_gethostbyname;
> ++ BIO_gets;
> ++ BIO_new;
> ++ BIO_new_accept;
> ++ BIO_new_connect;
> ++ BIO_new_fd;
> ++ BIO_new_file;
> ++ BIO_new_fp;
> ++ BIO_new_socket;
> ++ BIO_pop;
> ++ BIO_printf;
> ++ BIO_push;
> ++ BIO_puts;
> ++ BIO_read;
> ++ BIO_s_accept;
> ++ BIO_s_connect;
> ++ BIO_s_fd;
> ++ BIO_s_file;
> ++ BIO_s_mem;
> ++ BIO_s_null;
> ++ BIO_s_proxy_client;
> ++ BIO_s_socket;
> ++ BIO_set;
> ++ BIO_set_cipher;
> ++ BIO_set_tcp_ndelay;
> ++ BIO_sock_cleanup;
> ++ BIO_sock_error;
> ++ BIO_sock_init;
> ++ BIO_sock_non_fatal_error;
> ++ BIO_sock_should_retry;
> ++ BIO_socket_ioctl;
> ++ BIO_write;
> ++ BN_CTX_free;
> ++ BN_CTX_new;
> ++ BN_MONT_CTX_free;
> ++ BN_MONT_CTX_new;
> ++ BN_MONT_CTX_set;
> ++ BN_add;
> ++ BN_add_word;
> ++ BN_hex2bn;
> ++ BN_bin2bn;
> ++ BN_bn2hex;
> ++ BN_bn2bin;
> ++ BN_clear;
> ++ BN_clear_bit;
> ++ BN_clear_free;
> ++ BN_cmp;
> ++ BN_copy;
> ++ BN_div;
> ++ BN_div_word;
> ++ BN_dup;
> ++ BN_free;
> ++ BN_from_montgomery;
> ++ BN_gcd;
> ++ BN_generate_prime;
> ++ BN_get_word;
> ++ BN_is_bit_set;
> ++ BN_is_prime;
> ++ BN_lshift;
> ++ BN_lshift1;
> ++ BN_mask_bits;
> ++ BN_mod;
> ++ BN_mod_exp;
> ++ BN_mod_exp_mont;
> ++ BN_mod_exp_simple;
> ++ BN_mod_inverse;
> ++ BN_mod_mul;
> ++ BN_mod_mul_montgomery;
> ++ BN_mod_word;
> ++ BN_mul;
> ++ BN_new;
> ++ BN_num_bits;
> ++ BN_num_bits_word;
> ++ BN_options;
> ++ BN_print;
> ++ BN_print_fp;
> ++ BN_rand;
> ++ BN_reciprocal;
> ++ BN_rshift;
> ++ BN_rshift1;
> ++ BN_set_bit;
> ++ BN_set_word;
> ++ BN_sqr;
> ++ BN_sub;
> ++ BN_to_ASN1_INTEGER;
> ++ BN_ucmp;
> ++ BN_value_one;
> ++ BUF_MEM_free;
> ++ BUF_MEM_grow;
> ++ BUF_MEM_new;
> ++ BUF_strdup;
> ++ CONF_free;
> ++ CONF_get_number;
> ++ CONF_get_section;
> ++ CONF_get_string;
> ++ CONF_load;
> ++ CRYPTO_add_lock;
> ++ CRYPTO_dbg_free;
> ++ CRYPTO_dbg_malloc;
> ++ CRYPTO_dbg_realloc;
> ++ CRYPTO_dbg_remalloc;
> ++ CRYPTO_free;
> ++ CRYPTO_get_add_lock_callback;
> ++ CRYPTO_get_id_callback;
> ++ CRYPTO_get_lock_name;
> ++ CRYPTO_get_locking_callback;
> ++ CRYPTO_get_mem_functions;
> ++ CRYPTO_lock;
> ++ CRYPTO_malloc;
> ++ CRYPTO_mem_ctrl;
> ++ CRYPTO_mem_leaks;
> ++ CRYPTO_mem_leaks_cb;
> ++ CRYPTO_mem_leaks_fp;
> ++ CRYPTO_realloc;
> ++ CRYPTO_remalloc;
> ++ CRYPTO_set_add_lock_callback;
> ++ CRYPTO_set_id_callback;
> ++ CRYPTO_set_locking_callback;
> ++ CRYPTO_set_mem_functions;
> ++ CRYPTO_thread_id;
> ++ DH_check;
> ++ DH_compute_key;
> ++ DH_free;
> ++ DH_generate_key;
> ++ DH_generate_parameters;
> ++ DH_new;
> ++ DH_size;
> ++ DHparams_print;
> ++ DHparams_print_fp;
> ++ DSA_free;
> ++ DSA_generate_key;
> ++ DSA_generate_parameters;
> ++ DSA_is_prime;
> ++ DSA_new;
> ++ DSA_print;
> ++ DSA_print_fp;
> ++ DSA_sign;
> ++ DSA_sign_setup;
> ++ DSA_size;
> ++ DSA_verify;
> ++ DSAparams_print;
> ++ DSAparams_print_fp;
> ++ ERR_clear_error;
> ++ ERR_error_string;
> ++ ERR_free_strings;
> ++ ERR_func_error_string;
> ++ ERR_get_err_state_table;
> ++ ERR_get_error;
> ++ ERR_get_error_line;
> ++ ERR_get_state;
> ++ ERR_get_string_table;
> ++ ERR_lib_error_string;
> ++ ERR_load_ASN1_strings;
> ++ ERR_load_BIO_strings;
> ++ ERR_load_BN_strings;
> ++ ERR_load_BUF_strings;
> ++ ERR_load_CONF_strings;
> ++ ERR_load_DH_strings;
> ++ ERR_load_DSA_strings;
> ++ ERR_load_ERR_strings;
> ++ ERR_load_EVP_strings;
> ++ ERR_load_OBJ_strings;
> ++ ERR_load_PEM_strings;
> ++ ERR_load_PROXY_strings;
> ++ ERR_load_RSA_strings;
> ++ ERR_load_X509_strings;
> ++ ERR_load_crypto_strings;
> ++ ERR_load_strings;
> ++ ERR_peek_error;
> ++ ERR_peek_error_line;
> ++ ERR_print_errors;
> ++ ERR_print_errors_fp;
> ++ ERR_put_error;
> ++ ERR_reason_error_string;
> ++ ERR_remove_state;
> ++ EVP_BytesToKey;
> ++ EVP_CIPHER_CTX_cleanup;
> ++ EVP_CipherFinal;
> ++ EVP_CipherInit;
> ++ EVP_CipherUpdate;
> ++ EVP_DecodeBlock;
> ++ EVP_DecodeFinal;
> ++ EVP_DecodeInit;
> ++ EVP_DecodeUpdate;
> ++ EVP_DecryptFinal;
> ++ EVP_DecryptInit;
> ++ EVP_DecryptUpdate;
> ++ EVP_DigestFinal;
> ++ EVP_DigestInit;
> ++ EVP_DigestUpdate;
> ++ EVP_EncodeBlock;
> ++ EVP_EncodeFinal;
> ++ EVP_EncodeInit;
> ++ EVP_EncodeUpdate;
> ++ EVP_EncryptFinal;
> ++ EVP_EncryptInit;
> ++ EVP_EncryptUpdate;
> ++ EVP_OpenFinal;
> ++ EVP_OpenInit;
> ++ EVP_PKEY_assign;
> ++ EVP_PKEY_copy_parameters;
> ++ EVP_PKEY_free;
> ++ EVP_PKEY_missing_parameters;
> ++ EVP_PKEY_new;
> ++ EVP_PKEY_save_parameters;
> ++ EVP_PKEY_size;
> ++ EVP_PKEY_type;
> ++ EVP_SealFinal;
> ++ EVP_SealInit;
> ++ EVP_SignFinal;
> ++ EVP_VerifyFinal;
> ++ EVP_add_alias;
> ++ EVP_add_cipher;
> ++ EVP_add_digest;
> ++ EVP_bf_cbc;
> ++ EVP_bf_cfb64;
> ++ EVP_bf_ecb;
> ++ EVP_bf_ofb;
> ++ EVP_cleanup;
> ++ EVP_des_cbc;
> ++ EVP_des_cfb64;
> ++ EVP_des_ecb;
> ++ EVP_des_ede;
> ++ EVP_des_ede3;
> ++ EVP_des_ede3_cbc;
> ++ EVP_des_ede3_cfb64;
> ++ EVP_des_ede3_ofb;
> ++ EVP_des_ede_cbc;
> ++ EVP_des_ede_cfb64;
> ++ EVP_des_ede_ofb;
> ++ EVP_des_ofb;
> ++ EVP_desx_cbc;
> ++ EVP_dss;
> ++ EVP_dss1;
> ++ EVP_enc_null;
> ++ EVP_get_cipherbyname;
> ++ EVP_get_digestbyname;
> ++ EVP_get_pw_prompt;
> ++ EVP_idea_cbc;
> ++ EVP_idea_cfb64;
> ++ EVP_idea_ecb;
> ++ EVP_idea_ofb;
> ++ EVP_md2;
> ++ EVP_md5;
> ++ EVP_md_null;
> ++ EVP_rc2_cbc;
> ++ EVP_rc2_cfb64;
> ++ EVP_rc2_ecb;
> ++ EVP_rc2_ofb;
> ++ EVP_rc4;
> ++ EVP_read_pw_string;
> ++ EVP_set_pw_prompt;
> ++ EVP_sha;
> ++ EVP_sha1;
> ++ MD2;
> ++ MD2_Final;
> ++ MD2_Init;
> ++ MD2_Update;
> ++ MD2_options;
> ++ MD5;
> ++ MD5_Final;
> ++ MD5_Init;
> ++ MD5_Update;
> ++ MDC2;
> ++ MDC2_Final;
> ++ MDC2_Init;
> ++ MDC2_Update;
> ++ NETSCAPE_SPKAC_free;
> ++ NETSCAPE_SPKAC_new;
> ++ NETSCAPE_SPKI_free;
> ++ NETSCAPE_SPKI_new;
> ++ NETSCAPE_SPKI_sign;
> ++ NETSCAPE_SPKI_verify;
> ++ OBJ_add_object;
> ++ OBJ_bsearch;
> ++ OBJ_cleanup;
> ++ OBJ_cmp;
> ++ OBJ_create;
> ++ OBJ_dup;
> ++ OBJ_ln2nid;
> ++ OBJ_new_nid;
> ++ OBJ_nid2ln;
> ++ OBJ_nid2obj;
> ++ OBJ_nid2sn;
> ++ OBJ_obj2nid;
> ++ OBJ_sn2nid;
> ++ OBJ_txt2nid;
> ++ PEM_ASN1_read;
> ++ PEM_ASN1_read_bio;
> ++ PEM_ASN1_write;
> ++ PEM_ASN1_write_bio;
> ++ PEM_SealFinal;
> ++ PEM_SealInit;
> ++ PEM_SealUpdate;
> ++ PEM_SignFinal;
> ++ PEM_SignInit;
> ++ PEM_SignUpdate;
> ++ PEM_X509_INFO_read;
> ++ PEM_X509_INFO_read_bio;
> ++ PEM_X509_INFO_write_bio;
> ++ PEM_dek_info;
> ++ PEM_do_header;
> ++ PEM_get_EVP_CIPHER_INFO;
> ++ PEM_proc_type;
> ++ PEM_read;
> ++ PEM_read_DHparams;
> ++ PEM_read_DSAPrivateKey;
> ++ PEM_read_DSAparams;
> ++ PEM_read_PKCS7;
> ++ PEM_read_PrivateKey;
> ++ PEM_read_RSAPrivateKey;
> ++ PEM_read_X509;
> ++ PEM_read_X509_CRL;
> ++ PEM_read_X509_REQ;
> ++ PEM_read_bio;
> ++ PEM_read_bio_DHparams;
> ++ PEM_read_bio_DSAPrivateKey;
> ++ PEM_read_bio_DSAparams;
> ++ PEM_read_bio_PKCS7;
> ++ PEM_read_bio_PrivateKey;
> ++ PEM_read_bio_RSAPrivateKey;
> ++ PEM_read_bio_X509;
> ++ PEM_read_bio_X509_CRL;
> ++ PEM_read_bio_X509_REQ;
> ++ PEM_write;
> ++ PEM_write_DHparams;
> ++ PEM_write_DSAPrivateKey;
> ++ PEM_write_DSAparams;
> ++ PEM_write_PKCS7;
> ++ PEM_write_PrivateKey;
> ++ PEM_write_RSAPrivateKey;
> ++ PEM_write_X509;
> ++ PEM_write_X509_CRL;
> ++ PEM_write_X509_REQ;
> ++ PEM_write_bio;
> ++ PEM_write_bio_DHparams;
> ++ PEM_write_bio_DSAPrivateKey;
> ++ PEM_write_bio_DSAparams;
> ++ PEM_write_bio_PKCS7;
> ++ PEM_write_bio_PrivateKey;
> ++ PEM_write_bio_RSAPrivateKey;
> ++ PEM_write_bio_X509;
> ++ PEM_write_bio_X509_CRL;
> ++ PEM_write_bio_X509_REQ;
> ++ PKCS7_DIGEST_free;
> ++ PKCS7_DIGEST_new;
> ++ PKCS7_ENCRYPT_free;
> ++ PKCS7_ENCRYPT_new;
> ++ PKCS7_ENC_CONTENT_free;
> ++ PKCS7_ENC_CONTENT_new;
> ++ PKCS7_ENVELOPE_free;
> ++ PKCS7_ENVELOPE_new;
> ++ PKCS7_ISSUER_AND_SERIAL_digest;
> ++ PKCS7_ISSUER_AND_SERIAL_free;
> ++ PKCS7_ISSUER_AND_SERIAL_new;
> ++ PKCS7_RECIP_INFO_free;
> ++ PKCS7_RECIP_INFO_new;
> ++ PKCS7_SIGNED_free;
> ++ PKCS7_SIGNED_new;
> ++ PKCS7_SIGNER_INFO_free;
> ++ PKCS7_SIGNER_INFO_new;
> ++ PKCS7_SIGN_ENVELOPE_free;
> ++ PKCS7_SIGN_ENVELOPE_new;
> ++ PKCS7_dup;
> ++ PKCS7_free;
> ++ PKCS7_new;
> ++ PROXY_ENTRY_add_noproxy;
> ++ PROXY_ENTRY_clear_noproxy;
> ++ PROXY_ENTRY_free;
> ++ PROXY_ENTRY_get_noproxy;
> ++ PROXY_ENTRY_new;
> ++ PROXY_ENTRY_set_server;
> ++ PROXY_add_noproxy;
> ++ PROXY_add_server;
> ++ PROXY_check_by_host;
> ++ PROXY_check_url;
> ++ PROXY_clear_noproxy;
> ++ PROXY_free;
> ++ PROXY_get_noproxy;
> ++ PROXY_get_proxies;
> ++ PROXY_get_proxy_entry;
> ++ PROXY_load_conf;
> ++ PROXY_new;
> ++ PROXY_print;
> ++ RAND_bytes;
> ++ RAND_cleanup;
> ++ RAND_file_name;
> ++ RAND_load_file;
> ++ RAND_screen;
> ++ RAND_seed;
> ++ RAND_write_file;
> ++ RC2_cbc_encrypt;
> ++ RC2_cfb64_encrypt;
> ++ RC2_ecb_encrypt;
> ++ RC2_encrypt;
> ++ RC2_ofb64_encrypt;
> ++ RC2_set_key;
> ++ RC4;
> ++ RC4_options;
> ++ RC4_set_key;
> ++ RSAPrivateKey_asn1_meth;
> ++ RSAPrivateKey_dup;
> ++ RSAPublicKey_dup;
> ++ RSA_PKCS1_SSLeay;
> ++ RSA_free;
> ++ RSA_generate_key;
> ++ RSA_new;
> ++ RSA_new_method;
> ++ RSA_print;
> ++ RSA_print_fp;
> ++ RSA_private_decrypt;
> ++ RSA_private_encrypt;
> ++ RSA_public_decrypt;
> ++ RSA_public_encrypt;
> ++ RSA_set_default_method;
> ++ RSA_sign;
> ++ RSA_sign_ASN1_OCTET_STRING;
> ++ RSA_size;
> ++ RSA_verify;
> ++ RSA_verify_ASN1_OCTET_STRING;
> ++ SHA;
> ++ SHA1;
> ++ SHA1_Final;
> ++ SHA1_Init;
> ++ SHA1_Update;
> ++ SHA_Final;
> ++ SHA_Init;
> ++ SHA_Update;
> ++ OpenSSL_add_all_algorithms;
> ++ OpenSSL_add_all_ciphers;
> ++ OpenSSL_add_all_digests;
> ++ TXT_DB_create_index;
> ++ TXT_DB_free;
> ++ TXT_DB_get_by_index;
> ++ TXT_DB_insert;
> ++ TXT_DB_read;
> ++ TXT_DB_write;
> ++ X509_ALGOR_free;
> ++ X509_ALGOR_new;
> ++ X509_ATTRIBUTE_free;
> ++ X509_ATTRIBUTE_new;
> ++ X509_CINF_free;
> ++ X509_CINF_new;
> ++ X509_CRL_INFO_free;
> ++ X509_CRL_INFO_new;
> ++ X509_CRL_add_ext;
> ++ X509_CRL_cmp;
> ++ X509_CRL_delete_ext;
> ++ X509_CRL_dup;
> ++ X509_CRL_free;
> ++ X509_CRL_get_ext;
> ++ X509_CRL_get_ext_by_NID;
> ++ X509_CRL_get_ext_by_OBJ;
> ++ X509_CRL_get_ext_by_critical;
> ++ X509_CRL_get_ext_count;
> ++ X509_CRL_new;
> ++ X509_CRL_sign;
> ++ X509_CRL_verify;
> ++ X509_EXTENSION_create_by_NID;
> ++ X509_EXTENSION_create_by_OBJ;
> ++ X509_EXTENSION_dup;
> ++ X509_EXTENSION_free;
> ++ X509_EXTENSION_get_critical;
> ++ X509_EXTENSION_get_data;
> ++ X509_EXTENSION_get_object;
> ++ X509_EXTENSION_new;
> ++ X509_EXTENSION_set_critical;
> ++ X509_EXTENSION_set_data;
> ++ X509_EXTENSION_set_object;
> ++ X509_INFO_free;
> ++ X509_INFO_new;
> ++ X509_LOOKUP_by_alias;
> ++ X509_LOOKUP_by_fingerprint;
> ++ X509_LOOKUP_by_issuer_serial;
> ++ X509_LOOKUP_by_subject;
> ++ X509_LOOKUP_ctrl;
> ++ X509_LOOKUP_file;
> ++ X509_LOOKUP_free;
> ++ X509_LOOKUP_hash_dir;
> ++ X509_LOOKUP_init;
> ++ X509_LOOKUP_new;
> ++ X509_LOOKUP_shutdown;
> ++ X509_NAME_ENTRY_create_by_NID;
> ++ X509_NAME_ENTRY_create_by_OBJ;
> ++ X509_NAME_ENTRY_dup;
> ++ X509_NAME_ENTRY_free;
> ++ X509_NAME_ENTRY_get_data;
> ++ X509_NAME_ENTRY_get_object;
> ++ X509_NAME_ENTRY_new;
> ++ X509_NAME_ENTRY_set_data;
> ++ X509_NAME_ENTRY_set_object;
> ++ X509_NAME_add_entry;
> ++ X509_NAME_cmp;
> ++ X509_NAME_delete_entry;
> ++ X509_NAME_digest;
> ++ X509_NAME_dup;
> ++ X509_NAME_entry_count;
> ++ X509_NAME_free;
> ++ X509_NAME_get_entry;
> ++ X509_NAME_get_index_by_NID;
> ++ X509_NAME_get_index_by_OBJ;
> ++ X509_NAME_get_text_by_NID;
> ++ X509_NAME_get_text_by_OBJ;
> ++ X509_NAME_hash;
> ++ X509_NAME_new;
> ++ X509_NAME_oneline;
> ++ X509_NAME_print;
> ++ X509_NAME_set;
> ++ X509_OBJECT_free_contents;
> ++ X509_OBJECT_retrieve_by_subject;
> ++ X509_OBJECT_up_ref_count;
> ++ X509_PKEY_free;
> ++ X509_PKEY_new;
> ++ X509_PUBKEY_free;
> ++ X509_PUBKEY_get;
> ++ X509_PUBKEY_new;
> ++ X509_PUBKEY_set;
> ++ X509_REQ_INFO_free;
> ++ X509_REQ_INFO_new;
> ++ X509_REQ_dup;
> ++ X509_REQ_free;
> ++ X509_REQ_get_pubkey;
> ++ X509_REQ_new;
> ++ X509_REQ_print;
> ++ X509_REQ_print_fp;
> ++ X509_REQ_set_pubkey;
> ++ X509_REQ_set_subject_name;
> ++ X509_REQ_set_version;
> ++ X509_REQ_sign;
> ++ X509_REQ_to_X509;
> ++ X509_REQ_verify;
> ++ X509_REVOKED_add_ext;
> ++ X509_REVOKED_delete_ext;
> ++ X509_REVOKED_free;
> ++ X509_REVOKED_get_ext;
> ++ X509_REVOKED_get_ext_by_NID;
> ++ X509_REVOKED_get_ext_by_OBJ;
> ++ X509_REVOKED_get_ext_by_critical;
> ++ X509_REVOKED_get_ext_by_critic;
> ++ X509_REVOKED_get_ext_count;
> ++ X509_REVOKED_new;
> ++ X509_SIG_free;
> ++ X509_SIG_new;
> ++ X509_STORE_CTX_cleanup;
> ++ X509_STORE_CTX_init;
> ++ X509_STORE_add_cert;
> ++ X509_STORE_add_lookup;
> ++ X509_STORE_free;
> ++ X509_STORE_get_by_subject;
> ++ X509_STORE_load_locations;
> ++ X509_STORE_new;
> ++ X509_STORE_set_default_paths;
> ++ X509_VAL_free;
> ++ X509_VAL_new;
> ++ X509_add_ext;
> ++ X509_asn1_meth;
> ++ X509_certificate_type;
> ++ X509_check_private_key;
> ++ X509_cmp_current_time;
> ++ X509_delete_ext;
> ++ X509_digest;
> ++ X509_dup;
> ++ X509_free;
> ++ X509_get_default_cert_area;
> ++ X509_get_default_cert_dir;
> ++ X509_get_default_cert_dir_env;
> ++ X509_get_default_cert_file;
> ++ X509_get_default_cert_file_env;
> ++ X509_get_default_private_dir;
> ++ X509_get_ext;
> ++ X509_get_ext_by_NID;
> ++ X509_get_ext_by_OBJ;
> ++ X509_get_ext_by_critical;
> ++ X509_get_ext_count;
> ++ X509_get_issuer_name;
> ++ X509_get_pubkey;
> ++ X509_get_pubkey_parameters;
> ++ X509_get_serialNumber;
> ++ X509_get_subject_name;
> ++ X509_gmtime_adj;
> ++ X509_issuer_and_serial_cmp;
> ++ X509_issuer_and_serial_hash;
> ++ X509_issuer_name_cmp;
> ++ X509_issuer_name_hash;
> ++ X509_load_cert_file;
> ++ X509_new;
> ++ X509_print;
> ++ X509_print_fp;
> ++ X509_set_issuer_name;
> ++ X509_set_notAfter;
> ++ X509_set_notBefore;
> ++ X509_set_pubkey;
> ++ X509_set_serialNumber;
> ++ X509_set_subject_name;
> ++ X509_set_version;
> ++ X509_sign;
> ++ X509_subject_name_cmp;
> ++ X509_subject_name_hash;
> ++ X509_to_X509_REQ;
> ++ X509_verify;
> ++ X509_verify_cert;
> ++ X509_verify_cert_error_string;
> ++ X509v3_add_ext;
> ++ X509v3_add_extension;
> ++ X509v3_add_netscape_extensions;
> ++ X509v3_add_standard_extensions;
> ++ X509v3_cleanup_extensions;
> ++ X509v3_data_type_by_NID;
> ++ X509v3_data_type_by_OBJ;
> ++ X509v3_delete_ext;
> ++ X509v3_get_ext;
> ++ X509v3_get_ext_by_NID;
> ++ X509v3_get_ext_by_OBJ;
> ++ X509v3_get_ext_by_critical;
> ++ X509v3_get_ext_count;
> ++ X509v3_pack_string;
> ++ X509v3_pack_type_by_NID;
> ++ X509v3_pack_type_by_OBJ;
> ++ X509v3_unpack_string;
> ++ _des_crypt;
> ++ a2d_ASN1_OBJECT;
> ++ a2i_ASN1_INTEGER;
> ++ a2i_ASN1_STRING;
> ++ asn1_Finish;
> ++ asn1_GetSequence;
> ++ bn_div_words;
> ++ bn_expand2;
> ++ bn_mul_add_words;
> ++ bn_mul_words;
> ++ BN_uadd;
> ++ BN_usub;
> ++ bn_sqr_words;
> ++ _ossl_old_crypt;
> ++ d2i_ASN1_BIT_STRING;
> ++ d2i_ASN1_BOOLEAN;
> ++ d2i_ASN1_HEADER;
> ++ d2i_ASN1_IA5STRING;
> ++ d2i_ASN1_INTEGER;
> ++ d2i_ASN1_OBJECT;
> ++ d2i_ASN1_OCTET_STRING;
> ++ d2i_ASN1_PRINTABLE;
> ++ d2i_ASN1_PRINTABLESTRING;
> ++ d2i_ASN1_SET;
> ++ d2i_ASN1_T61STRING;
> ++ d2i_ASN1_TYPE;
> ++ d2i_ASN1_UTCTIME;
> ++ d2i_ASN1_bytes;
> ++ d2i_ASN1_type_bytes;
> ++ d2i_DHparams;
> ++ d2i_DSAPrivateKey;
> ++ d2i_DSAPrivateKey_bio;
> ++ d2i_DSAPrivateKey_fp;
> ++ d2i_DSAPublicKey;
> ++ d2i_DSAparams;
> ++ d2i_NETSCAPE_SPKAC;
> ++ d2i_NETSCAPE_SPKI;
> ++ d2i_Netscape_RSA;
> ++ d2i_PKCS7;
> ++ d2i_PKCS7_DIGEST;
> ++ d2i_PKCS7_ENCRYPT;
> ++ d2i_PKCS7_ENC_CONTENT;
> ++ d2i_PKCS7_ENVELOPE;
> ++ d2i_PKCS7_ISSUER_AND_SERIAL;
> ++ d2i_PKCS7_RECIP_INFO;
> ++ d2i_PKCS7_SIGNED;
> ++ d2i_PKCS7_SIGNER_INFO;
> ++ d2i_PKCS7_SIGN_ENVELOPE;
> ++ d2i_PKCS7_bio;
> ++ d2i_PKCS7_fp;
> ++ d2i_PrivateKey;
> ++ d2i_PublicKey;
> ++ d2i_RSAPrivateKey;
> ++ d2i_RSAPrivateKey_bio;
> ++ d2i_RSAPrivateKey_fp;
> ++ d2i_RSAPublicKey;
> ++ d2i_X509;
> ++ d2i_X509_ALGOR;
> ++ d2i_X509_ATTRIBUTE;
> ++ d2i_X509_CINF;
> ++ d2i_X509_CRL;
> ++ d2i_X509_CRL_INFO;
> ++ d2i_X509_CRL_bio;
> ++ d2i_X509_CRL_fp;
> ++ d2i_X509_EXTENSION;
> ++ d2i_X509_NAME;
> ++ d2i_X509_NAME_ENTRY;
> ++ d2i_X509_PKEY;
> ++ d2i_X509_PUBKEY;
> ++ d2i_X509_REQ;
> ++ d2i_X509_REQ_INFO;
> ++ d2i_X509_REQ_bio;
> ++ d2i_X509_REQ_fp;
> ++ d2i_X509_REVOKED;
> ++ d2i_X509_SIG;
> ++ d2i_X509_VAL;
> ++ d2i_X509_bio;
> ++ d2i_X509_fp;
> ++ DES_cbc_cksum;
> ++ DES_cbc_encrypt;
> ++ DES_cblock_print_file;
> ++ DES_cfb64_encrypt;
> ++ DES_cfb_encrypt;
> ++ DES_decrypt3;
> ++ DES_ecb3_encrypt;
> ++ DES_ecb_encrypt;
> ++ DES_ede3_cbc_encrypt;
> ++ DES_ede3_cfb64_encrypt;
> ++ DES_ede3_ofb64_encrypt;
> ++ DES_enc_read;
> ++ DES_enc_write;
> ++ DES_encrypt1;
> ++ DES_encrypt2;
> ++ DES_encrypt3;
> ++ DES_fcrypt;
> ++ DES_is_weak_key;
> ++ DES_key_sched;
> ++ DES_ncbc_encrypt;
> ++ DES_ofb64_encrypt;
> ++ DES_ofb_encrypt;
> ++ DES_options;
> ++ DES_pcbc_encrypt;
> ++ DES_quad_cksum;
> ++ DES_random_key;
> ++ _ossl_old_des_random_seed;
> ++ _ossl_old_des_read_2passwords;
> ++ _ossl_old_des_read_password;
> ++ _ossl_old_des_read_pw;
> ++ _ossl_old_des_read_pw_string;
> ++ DES_set_key;
> ++ DES_set_odd_parity;
> ++ DES_string_to_2keys;
> ++ DES_string_to_key;
> ++ DES_xcbc_encrypt;
> ++ DES_xwhite_in2out;
> ++ fcrypt_body;
> ++ i2a_ASN1_INTEGER;
> ++ i2a_ASN1_OBJECT;
> ++ i2a_ASN1_STRING;
> ++ i2d_ASN1_BIT_STRING;
> ++ i2d_ASN1_BOOLEAN;
> ++ i2d_ASN1_HEADER;
> ++ i2d_ASN1_IA5STRING;
> ++ i2d_ASN1_INTEGER;
> ++ i2d_ASN1_OBJECT;
> ++ i2d_ASN1_OCTET_STRING;
> ++ i2d_ASN1_PRINTABLE;
> ++ i2d_ASN1_SET;
> ++ i2d_ASN1_TYPE;
> ++ i2d_ASN1_UTCTIME;
> ++ i2d_ASN1_bytes;
> ++ i2d_DHparams;
> ++ i2d_DSAPrivateKey;
> ++ i2d_DSAPrivateKey_bio;
> ++ i2d_DSAPrivateKey_fp;
> ++ i2d_DSAPublicKey;
> ++ i2d_DSAparams;
> ++ i2d_NETSCAPE_SPKAC;
> ++ i2d_NETSCAPE_SPKI;
> ++ i2d_Netscape_RSA;
> ++ i2d_PKCS7;
> ++ i2d_PKCS7_DIGEST;
> ++ i2d_PKCS7_ENCRYPT;
> ++ i2d_PKCS7_ENC_CONTENT;
> ++ i2d_PKCS7_ENVELOPE;
> ++ i2d_PKCS7_ISSUER_AND_SERIAL;
> ++ i2d_PKCS7_RECIP_INFO;
> ++ i2d_PKCS7_SIGNED;
> ++ i2d_PKCS7_SIGNER_INFO;
> ++ i2d_PKCS7_SIGN_ENVELOPE;
> ++ i2d_PKCS7_bio;
> ++ i2d_PKCS7_fp;
> ++ i2d_PrivateKey;
> ++ i2d_PublicKey;
> ++ i2d_RSAPrivateKey;
> ++ i2d_RSAPrivateKey_bio;
> ++ i2d_RSAPrivateKey_fp;
> ++ i2d_RSAPublicKey;
> ++ i2d_X509;
> ++ i2d_X509_ALGOR;
> ++ i2d_X509_ATTRIBUTE;
> ++ i2d_X509_CINF;
> ++ i2d_X509_CRL;
> ++ i2d_X509_CRL_INFO;
> ++ i2d_X509_CRL_bio;
> ++ i2d_X509_CRL_fp;
> ++ i2d_X509_EXTENSION;
> ++ i2d_X509_NAME;
> ++ i2d_X509_NAME_ENTRY;
> ++ i2d_X509_PKEY;
> ++ i2d_X509_PUBKEY;
> ++ i2d_X509_REQ;
> ++ i2d_X509_REQ_INFO;
> ++ i2d_X509_REQ_bio;
> ++ i2d_X509_REQ_fp;
> ++ i2d_X509_REVOKED;
> ++ i2d_X509_SIG;
> ++ i2d_X509_VAL;
> ++ i2d_X509_bio;
> ++ i2d_X509_fp;
> ++ idea_cbc_encrypt;
> ++ idea_cfb64_encrypt;
> ++ idea_ecb_encrypt;
> ++ idea_encrypt;
> ++ idea_ofb64_encrypt;
> ++ idea_options;
> ++ idea_set_decrypt_key;
> ++ idea_set_encrypt_key;
> ++ lh_delete;
> ++ lh_doall;
> ++ lh_doall_arg;
> ++ lh_free;
> ++ lh_insert;
> ++ lh_new;
> ++ lh_node_stats;
> ++ lh_node_stats_bio;
> ++ lh_node_usage_stats;
> ++ lh_node_usage_stats_bio;
> ++ lh_retrieve;
> ++ lh_stats;
> ++ lh_stats_bio;
> ++ lh_strhash;
> ++ sk_delete;
> ++ sk_delete_ptr;
> ++ sk_dup;
> ++ sk_find;
> ++ sk_free;
> ++ sk_insert;
> ++ sk_new;
> ++ sk_pop;
> ++ sk_pop_free;
> ++ sk_push;
> ++ sk_set_cmp_func;
> ++ sk_shift;
> ++ sk_unshift;
> ++ sk_zero;
> ++ BIO_f_nbio_test;
> ++ ASN1_TYPE_get;
> ++ ASN1_TYPE_set;
> ++ PKCS7_content_free;
> ++ ERR_load_PKCS7_strings;
> ++ X509_find_by_issuer_and_serial;
> ++ X509_find_by_subject;
> ++ PKCS7_ctrl;
> ++ PKCS7_set_type;
> ++ PKCS7_set_content;
> ++ PKCS7_SIGNER_INFO_set;
> ++ PKCS7_add_signer;
> ++ PKCS7_add_certificate;
> ++ PKCS7_add_crl;
> ++ PKCS7_content_new;
> ++ PKCS7_dataSign;
> ++ PKCS7_dataVerify;
> ++ PKCS7_dataInit;
> ++ PKCS7_add_signature;
> ++ PKCS7_cert_from_signer_info;
> ++ PKCS7_get_signer_info;
> ++ EVP_delete_alias;
> ++ EVP_mdc2;
> ++ PEM_read_bio_RSAPublicKey;
> ++ PEM_write_bio_RSAPublicKey;
> ++ d2i_RSAPublicKey_bio;
> ++ i2d_RSAPublicKey_bio;
> ++ PEM_read_RSAPublicKey;
> ++ PEM_write_RSAPublicKey;
> ++ d2i_RSAPublicKey_fp;
> ++ i2d_RSAPublicKey_fp;
> ++ BIO_copy_next_retry;
> ++ RSA_flags;
> ++ X509_STORE_add_crl;
> ++ X509_load_crl_file;
> ++ EVP_rc2_40_cbc;
> ++ EVP_rc4_40;
> ++ EVP_CIPHER_CTX_init;
> ++ HMAC;
> ++ HMAC_Init;
> ++ HMAC_Update;
> ++ HMAC_Final;
> ++ ERR_get_next_error_library;
> ++ EVP_PKEY_cmp_parameters;
> ++ HMAC_cleanup;
> ++ BIO_ptr_ctrl;
> ++ BIO_new_file_internal;
> ++ BIO_new_fp_internal;
> ++ BIO_s_file_internal;
> ++ BN_BLINDING_convert;
> ++ BN_BLINDING_invert;
> ++ BN_BLINDING_update;
> ++ RSA_blinding_on;
> ++ RSA_blinding_off;
> ++ i2t_ASN1_OBJECT;
> ++ BN_BLINDING_new;
> ++ BN_BLINDING_free;
> ++ EVP_cast5_cbc;
> ++ EVP_cast5_cfb64;
> ++ EVP_cast5_ecb;
> ++ EVP_cast5_ofb;
> ++ BF_decrypt;
> ++ CAST_set_key;
> ++ CAST_encrypt;
> ++ CAST_decrypt;
> ++ CAST_ecb_encrypt;
> ++ CAST_cbc_encrypt;
> ++ CAST_cfb64_encrypt;
> ++ CAST_ofb64_encrypt;
> ++ RC2_decrypt;
> ++ OBJ_create_objects;
> ++ BN_exp;
> ++ BN_mul_word;
> ++ BN_sub_word;
> ++ BN_dec2bn;
> ++ BN_bn2dec;
> ++ BIO_ghbn_ctrl;
> ++ CRYPTO_free_ex_data;
> ++ CRYPTO_get_ex_data;
> ++ CRYPTO_set_ex_data;
> ++ ERR_load_CRYPTO_strings;
> ++ ERR_load_CRYPTOlib_strings;
> ++ EVP_PKEY_bits;
> ++ MD5_Transform;
> ++ SHA1_Transform;
> ++ SHA_Transform;
> ++ X509_STORE_CTX_get_chain;
> ++ X509_STORE_CTX_get_current_cert;
> ++ X509_STORE_CTX_get_error;
> ++ X509_STORE_CTX_get_error_depth;
> ++ X509_STORE_CTX_get_ex_data;
> ++ X509_STORE_CTX_set_cert;
> ++ X509_STORE_CTX_set_chain;
> ++ X509_STORE_CTX_set_error;
> ++ X509_STORE_CTX_set_ex_data;
> ++ CRYPTO_dup_ex_data;
> ++ CRYPTO_get_new_lockid;
> ++ CRYPTO_new_ex_data;
> ++ RSA_set_ex_data;
> ++ RSA_get_ex_data;
> ++ RSA_get_ex_new_index;
> ++ RSA_padding_add_PKCS1_type_1;
> ++ RSA_padding_add_PKCS1_type_2;
> ++ RSA_padding_add_SSLv23;
> ++ RSA_padding_add_none;
> ++ RSA_padding_check_PKCS1_type_1;
> ++ RSA_padding_check_PKCS1_type_2;
> ++ RSA_padding_check_SSLv23;
> ++ RSA_padding_check_none;
> ++ bn_add_words;
> ++ d2i_Netscape_RSA_2;
> ++ CRYPTO_get_ex_new_index;
> ++ RIPEMD160_Init;
> ++ RIPEMD160_Update;
> ++ RIPEMD160_Final;
> ++ RIPEMD160;
> ++ RIPEMD160_Transform;
> ++ RC5_32_set_key;
> ++ RC5_32_ecb_encrypt;
> ++ RC5_32_encrypt;
> ++ RC5_32_decrypt;
> ++ RC5_32_cbc_encrypt;
> ++ RC5_32_cfb64_encrypt;
> ++ RC5_32_ofb64_encrypt;
> ++ BN_bn2mpi;
> ++ BN_mpi2bn;
> ++ ASN1_BIT_STRING_get_bit;
> ++ ASN1_BIT_STRING_set_bit;
> ++ BIO_get_ex_data;
> ++ BIO_get_ex_new_index;
> ++ BIO_set_ex_data;
> ++ X509v3_get_key_usage;
> ++ X509v3_set_key_usage;
> ++ a2i_X509v3_key_usage;
> ++ i2a_X509v3_key_usage;
> ++ EVP_PKEY_decrypt;
> ++ EVP_PKEY_encrypt;
> ++ PKCS7_RECIP_INFO_set;
> ++ PKCS7_add_recipient;
> ++ PKCS7_add_recipient_info;
> ++ PKCS7_set_cipher;
> ++ ASN1_TYPE_get_int_octetstring;
> ++ ASN1_TYPE_get_octetstring;
> ++ ASN1_TYPE_set_int_octetstring;
> ++ ASN1_TYPE_set_octetstring;
> ++ ASN1_UTCTIME_set_string;
> ++ ERR_add_error_data;
> ++ ERR_set_error_data;
> ++ EVP_CIPHER_asn1_to_param;
> ++ EVP_CIPHER_param_to_asn1;
> ++ EVP_CIPHER_get_asn1_iv;
> ++ EVP_CIPHER_set_asn1_iv;
> ++ EVP_rc5_32_12_16_cbc;
> ++ EVP_rc5_32_12_16_cfb64;
> ++ EVP_rc5_32_12_16_ecb;
> ++ EVP_rc5_32_12_16_ofb;
> ++ asn1_add_error;
> ++ d2i_ASN1_BMPSTRING;
> ++ i2d_ASN1_BMPSTRING;
> ++ BIO_f_ber;
> ++ BN_init;
> ++ COMP_CTX_new;
> ++ COMP_CTX_free;
> ++ COMP_CTX_compress_block;
> ++ COMP_CTX_expand_block;
> ++ X509_STORE_CTX_get_ex_new_index;
> ++ OBJ_NAME_add;
> ++ BIO_socket_nbio;
> ++ EVP_rc2_64_cbc;
> ++ OBJ_NAME_cleanup;
> ++ OBJ_NAME_get;
> ++ OBJ_NAME_init;
> ++ OBJ_NAME_new_index;
> ++ OBJ_NAME_remove;
> ++ BN_MONT_CTX_copy;
> ++ BIO_new_socks4a_connect;
> ++ BIO_s_socks4a_connect;
> ++ PROXY_set_connect_mode;
> ++ RAND_SSLeay;
> ++ RAND_set_rand_method;
> ++ RSA_memory_lock;
> ++ bn_sub_words;
> ++ bn_mul_normal;
> ++ bn_mul_comba8;
> ++ bn_mul_comba4;
> ++ bn_sqr_normal;
> ++ bn_sqr_comba8;
> ++ bn_sqr_comba4;
> ++ bn_cmp_words;
> ++ bn_mul_recursive;
> ++ bn_mul_part_recursive;
> ++ bn_sqr_recursive;
> ++ bn_mul_low_normal;
> ++ BN_RECP_CTX_init;
> ++ BN_RECP_CTX_new;
> ++ BN_RECP_CTX_free;
> ++ BN_RECP_CTX_set;
> ++ BN_mod_mul_reciprocal;
> ++ BN_mod_exp_recp;
> ++ BN_div_recp;
> ++ BN_CTX_init;
> ++ BN_MONT_CTX_init;
> ++ RAND_get_rand_method;
> ++ PKCS7_add_attribute;
> ++ PKCS7_add_signed_attribute;
> ++ PKCS7_digest_from_attributes;
> ++ PKCS7_get_attribute;
> ++ PKCS7_get_issuer_and_serial;
> ++ PKCS7_get_signed_attribute;
> ++ COMP_compress_block;
> ++ COMP_expand_block;
> ++ COMP_rle;
> ++ COMP_zlib;
> ++ ms_time_diff;
> ++ ms_time_new;
> ++ ms_time_free;
> ++ ms_time_cmp;
> ++ ms_time_get;
> ++ PKCS7_set_attributes;
> ++ PKCS7_set_signed_attributes;
> ++ X509_ATTRIBUTE_create;
> ++ X509_ATTRIBUTE_dup;
> ++ ASN1_GENERALIZEDTIME_check;
> ++ ASN1_GENERALIZEDTIME_print;
> ++ ASN1_GENERALIZEDTIME_set;
> ++ ASN1_GENERALIZEDTIME_set_string;
> ++ ASN1_TIME_print;
> ++ BASIC_CONSTRAINTS_free;
> ++ BASIC_CONSTRAINTS_new;
> ++ ERR_load_X509V3_strings;
> ++ NETSCAPE_CERT_SEQUENCE_free;
> ++ NETSCAPE_CERT_SEQUENCE_new;
> ++ OBJ_txt2obj;
> ++ PEM_read_NETSCAPE_CERT_SEQUENCE;
> ++ PEM_read_NS_CERT_SEQ;
> ++ PEM_read_bio_NETSCAPE_CERT_SEQUENCE;
> ++ PEM_read_bio_NS_CERT_SEQ;
> ++ PEM_write_NETSCAPE_CERT_SEQUENCE;
> ++ PEM_write_NS_CERT_SEQ;
> ++ PEM_write_bio_NETSCAPE_CERT_SEQUENCE;
> ++ PEM_write_bio_NS_CERT_SEQ;
> ++ X509V3_EXT_add;
> ++ X509V3_EXT_add_alias;
> ++ X509V3_EXT_add_conf;
> ++ X509V3_EXT_cleanup;
> ++ X509V3_EXT_conf;
> ++ X509V3_EXT_conf_nid;
> ++ X509V3_EXT_get;
> ++ X509V3_EXT_get_nid;
> ++ X509V3_EXT_print;
> ++ X509V3_EXT_print_fp;
> ++ X509V3_add_standard_extensions;
> ++ X509V3_add_value;
> ++ X509V3_add_value_bool;
> ++ X509V3_add_value_int;
> ++ X509V3_conf_free;
> ++ X509V3_get_value_bool;
> ++ X509V3_get_value_int;
> ++ X509V3_parse_list;
> ++ d2i_ASN1_GENERALIZEDTIME;
> ++ d2i_ASN1_TIME;
> ++ d2i_BASIC_CONSTRAINTS;
> ++ d2i_NETSCAPE_CERT_SEQUENCE;
> ++ d2i_ext_ku;
> ++ ext_ku_free;
> ++ ext_ku_new;
> ++ i2d_ASN1_GENERALIZEDTIME;
> ++ i2d_ASN1_TIME;
> ++ i2d_BASIC_CONSTRAINTS;
> ++ i2d_NETSCAPE_CERT_SEQUENCE;
> ++ i2d_ext_ku;
> ++ EVP_MD_CTX_copy;
> ++ i2d_ASN1_ENUMERATED;
> ++ d2i_ASN1_ENUMERATED;
> ++ ASN1_ENUMERATED_set;
> ++ ASN1_ENUMERATED_get;
> ++ BN_to_ASN1_ENUMERATED;
> ++ ASN1_ENUMERATED_to_BN;
> ++ i2a_ASN1_ENUMERATED;
> ++ a2i_ASN1_ENUMERATED;
> ++ i2d_GENERAL_NAME;
> ++ d2i_GENERAL_NAME;
> ++ GENERAL_NAME_new;
> ++ GENERAL_NAME_free;
> ++ GENERAL_NAMES_new;
> ++ GENERAL_NAMES_free;
> ++ d2i_GENERAL_NAMES;
> ++ i2d_GENERAL_NAMES;
> ++ i2v_GENERAL_NAMES;
> ++ i2s_ASN1_OCTET_STRING;
> ++ s2i_ASN1_OCTET_STRING;
> ++ X509V3_EXT_check_conf;
> ++ hex_to_string;
> ++ string_to_hex;
> ++ DES_ede3_cbcm_encrypt;
> ++ RSA_padding_add_PKCS1_OAEP;
> ++ RSA_padding_check_PKCS1_OAEP;
> ++ X509_CRL_print_fp;
> ++ X509_CRL_print;
> ++ i2v_GENERAL_NAME;
> ++ v2i_GENERAL_NAME;
> ++ i2d_PKEY_USAGE_PERIOD;
> ++ d2i_PKEY_USAGE_PERIOD;
> ++ PKEY_USAGE_PERIOD_new;
> ++ PKEY_USAGE_PERIOD_free;
> ++ v2i_GENERAL_NAMES;
> ++ i2s_ASN1_INTEGER;
> ++ X509V3_EXT_d2i;
> ++ name_cmp;
> ++ str_dup;
> ++ i2s_ASN1_ENUMERATED;
> ++ i2s_ASN1_ENUMERATED_TABLE;
> ++ BIO_s_log;
> ++ BIO_f_reliable;
> ++ PKCS7_dataFinal;
> ++ PKCS7_dataDecode;
> ++ X509V3_EXT_CRL_add_conf;
> ++ BN_set_params;
> ++ BN_get_params;
> ++ BIO_get_ex_num;
> ++ BIO_set_ex_free_func;
> ++ EVP_ripemd160;
> ++ ASN1_TIME_set;
> ++ i2d_AUTHORITY_KEYID;
> ++ d2i_AUTHORITY_KEYID;
> ++ AUTHORITY_KEYID_new;
> ++ AUTHORITY_KEYID_free;
> ++ ASN1_seq_unpack;
> ++ ASN1_seq_pack;
> ++ ASN1_unpack_string;
> ++ ASN1_pack_string;
> ++ PKCS12_pack_safebag;
> ++ PKCS12_MAKE_KEYBAG;
> ++ PKCS8_encrypt;
> ++ PKCS12_MAKE_SHKEYBAG;
> ++ PKCS12_pack_p7data;
> ++ PKCS12_pack_p7encdata;
> ++ PKCS12_add_localkeyid;
> ++ PKCS12_add_friendlyname_asc;
> ++ PKCS12_add_friendlyname_uni;
> ++ PKCS12_get_friendlyname;
> ++ PKCS12_pbe_crypt;
> ++ PKCS12_decrypt_d2i;
> ++ PKCS12_i2d_encrypt;
> ++ PKCS12_init;
> ++ PKCS12_key_gen_asc;
> ++ PKCS12_key_gen_uni;
> ++ PKCS12_gen_mac;
> ++ PKCS12_verify_mac;
> ++ PKCS12_set_mac;
> ++ PKCS12_setup_mac;
> ++ OPENSSL_asc2uni;
> ++ OPENSSL_uni2asc;
> ++ i2d_PKCS12_BAGS;
> ++ PKCS12_BAGS_new;
> ++ d2i_PKCS12_BAGS;
> ++ PKCS12_BAGS_free;
> ++ i2d_PKCS12;
> ++ d2i_PKCS12;
> ++ PKCS12_new;
> ++ PKCS12_free;
> ++ i2d_PKCS12_MAC_DATA;
> ++ PKCS12_MAC_DATA_new;
> ++ d2i_PKCS12_MAC_DATA;
> ++ PKCS12_MAC_DATA_free;
> ++ i2d_PKCS12_SAFEBAG;
> ++ PKCS12_SAFEBAG_new;
> ++ d2i_PKCS12_SAFEBAG;
> ++ PKCS12_SAFEBAG_free;
> ++ ERR_load_PKCS12_strings;
> ++ PKCS12_PBE_add;
> ++ PKCS8_add_keyusage;
> ++ PKCS12_get_attr_gen;
> ++ PKCS12_parse;
> ++ PKCS12_create;
> ++ i2d_PKCS12_bio;
> ++ i2d_PKCS12_fp;
> ++ d2i_PKCS12_bio;
> ++ d2i_PKCS12_fp;
> ++ i2d_PBEPARAM;
> ++ PBEPARAM_new;
> ++ d2i_PBEPARAM;
> ++ PBEPARAM_free;
> ++ i2d_PKCS8_PRIV_KEY_INFO;
> ++ PKCS8_PRIV_KEY_INFO_new;
> ++ d2i_PKCS8_PRIV_KEY_INFO;
> ++ PKCS8_PRIV_KEY_INFO_free;
> ++ EVP_PKCS82PKEY;
> ++ EVP_PKEY2PKCS8;
> ++ PKCS8_set_broken;
> ++ EVP_PBE_ALGOR_CipherInit;
> ++ EVP_PBE_alg_add;
> ++ PKCS5_pbe_set;
> ++ EVP_PBE_cleanup;
> ++ i2d_SXNET;
> ++ d2i_SXNET;
> ++ SXNET_new;
> ++ SXNET_free;
> ++ i2d_SXNETID;
> ++ d2i_SXNETID;
> ++ SXNETID_new;
> ++ SXNETID_free;
> ++ DSA_SIG_new;
> ++ DSA_SIG_free;
> ++ DSA_do_sign;
> ++ DSA_do_verify;
> ++ d2i_DSA_SIG;
> ++ i2d_DSA_SIG;
> ++ i2d_ASN1_VISIBLESTRING;
> ++ d2i_ASN1_VISIBLESTRING;
> ++ i2d_ASN1_UTF8STRING;
> ++ d2i_ASN1_UTF8STRING;
> ++ i2d_DIRECTORYSTRING;
> ++ d2i_DIRECTORYSTRING;
> ++ i2d_DISPLAYTEXT;
> ++ d2i_DISPLAYTEXT;
> ++ d2i_ASN1_SET_OF_X509;
> ++ i2d_ASN1_SET_OF_X509;
> ++ i2d_PBKDF2PARAM;
> ++ PBKDF2PARAM_new;
> ++ d2i_PBKDF2PARAM;
> ++ PBKDF2PARAM_free;
> ++ i2d_PBE2PARAM;
> ++ PBE2PARAM_new;
> ++ d2i_PBE2PARAM;
> ++ PBE2PARAM_free;
> ++ d2i_ASN1_SET_OF_GENERAL_NAME;
> ++ i2d_ASN1_SET_OF_GENERAL_NAME;
> ++ d2i_ASN1_SET_OF_SXNETID;
> ++ i2d_ASN1_SET_OF_SXNETID;
> ++ d2i_ASN1_SET_OF_POLICYQUALINFO;
> ++ i2d_ASN1_SET_OF_POLICYQUALINFO;
> ++ d2i_ASN1_SET_OF_POLICYINFO;
> ++ i2d_ASN1_SET_OF_POLICYINFO;
> ++ SXNET_add_id_asc;
> ++ SXNET_add_id_ulong;
> ++ SXNET_add_id_INTEGER;
> ++ SXNET_get_id_asc;
> ++ SXNET_get_id_ulong;
> ++ SXNET_get_id_INTEGER;
> ++ X509V3_set_conf_lhash;
> ++ i2d_CERTIFICATEPOLICIES;
> ++ CERTIFICATEPOLICIES_new;
> ++ CERTIFICATEPOLICIES_free;
> ++ d2i_CERTIFICATEPOLICIES;
> ++ i2d_POLICYINFO;
> ++ POLICYINFO_new;
> ++ d2i_POLICYINFO;
> ++ POLICYINFO_free;
> ++ i2d_POLICYQUALINFO;
> ++ POLICYQUALINFO_new;
> ++ d2i_POLICYQUALINFO;
> ++ POLICYQUALINFO_free;
> ++ i2d_USERNOTICE;
> ++ USERNOTICE_new;
> ++ d2i_USERNOTICE;
> ++ USERNOTICE_free;
> ++ i2d_NOTICEREF;
> ++ NOTICEREF_new;
> ++ d2i_NOTICEREF;
> ++ NOTICEREF_free;
> ++ X509V3_get_string;
> ++ X509V3_get_section;
> ++ X509V3_string_free;
> ++ X509V3_section_free;
> ++ X509V3_set_ctx;
> ++ s2i_ASN1_INTEGER;
> ++ CRYPTO_set_locked_mem_functions;
> ++ CRYPTO_get_locked_mem_functions;
> ++ CRYPTO_malloc_locked;
> ++ CRYPTO_free_locked;
> ++ BN_mod_exp2_mont;
> ++ ERR_get_error_line_data;
> ++ ERR_peek_error_line_data;
> ++ PKCS12_PBE_keyivgen;
> ++ X509_ALGOR_dup;
> ++ d2i_ASN1_SET_OF_DIST_POINT;
> ++ i2d_ASN1_SET_OF_DIST_POINT;
> ++ i2d_CRL_DIST_POINTS;
> ++ CRL_DIST_POINTS_new;
> ++ CRL_DIST_POINTS_free;
> ++ d2i_CRL_DIST_POINTS;
> ++ i2d_DIST_POINT;
> ++ DIST_POINT_new;
> ++ d2i_DIST_POINT;
> ++ DIST_POINT_free;
> ++ i2d_DIST_POINT_NAME;
> ++ DIST_POINT_NAME_new;
> ++ DIST_POINT_NAME_free;
> ++ d2i_DIST_POINT_NAME;
> ++ X509V3_add_value_uchar;
> ++ d2i_ASN1_SET_OF_X509_ATTRIBUTE;
> ++ i2d_ASN1_SET_OF_ASN1_TYPE;
> ++ d2i_ASN1_SET_OF_X509_EXTENSION;
> ++ d2i_ASN1_SET_OF_X509_NAME_ENTRY;
> ++ d2i_ASN1_SET_OF_ASN1_TYPE;
> ++ i2d_ASN1_SET_OF_X509_ATTRIBUTE;
> ++ i2d_ASN1_SET_OF_X509_EXTENSION;
> ++ i2d_ASN1_SET_OF_X509_NAME_ENTRY;
> ++ X509V3_EXT_i2d;
> ++ X509V3_EXT_val_prn;
> ++ X509V3_EXT_add_list;
> ++ EVP_CIPHER_type;
> ++ EVP_PBE_CipherInit;
> ++ X509V3_add_value_bool_nf;
> ++ d2i_ASN1_UINTEGER;
> ++ sk_value;
> ++ sk_num;
> ++ sk_set;
> ++ i2d_ASN1_SET_OF_X509_REVOKED;
> ++ sk_sort;
> ++ d2i_ASN1_SET_OF_X509_REVOKED;
> ++ i2d_ASN1_SET_OF_X509_ALGOR;
> ++ i2d_ASN1_SET_OF_X509_CRL;
> ++ d2i_ASN1_SET_OF_X509_ALGOR;
> ++ d2i_ASN1_SET_OF_X509_CRL;
> ++ i2d_ASN1_SET_OF_PKCS7_SIGNER_INFO;
> ++ i2d_ASN1_SET_OF_PKCS7_RECIP_INFO;
> ++ d2i_ASN1_SET_OF_PKCS7_SIGNER_INFO;
> ++ d2i_ASN1_SET_OF_PKCS7_RECIP_INFO;
> ++ PKCS5_PBE_add;
> ++ PEM_write_bio_PKCS8;
> ++ i2d_PKCS8_fp;
> ++ PEM_read_bio_PKCS8_PRIV_KEY_INFO;
> ++ PEM_read_bio_P8_PRIV_KEY_INFO;
> ++ d2i_PKCS8_bio;
> ++ d2i_PKCS8_PRIV_KEY_INFO_fp;
> ++ PEM_write_bio_PKCS8_PRIV_KEY_INFO;
> ++ PEM_write_bio_P8_PRIV_KEY_INFO;
> ++ PEM_read_PKCS8;
> ++ d2i_PKCS8_PRIV_KEY_INFO_bio;
> ++ d2i_PKCS8_fp;
> ++ PEM_write_PKCS8;
> ++ PEM_read_PKCS8_PRIV_KEY_INFO;
> ++ PEM_read_P8_PRIV_KEY_INFO;
> ++ PEM_read_bio_PKCS8;
> ++ PEM_write_PKCS8_PRIV_KEY_INFO;
> ++ PEM_write_P8_PRIV_KEY_INFO;
> ++ PKCS5_PBE_keyivgen;
> ++ i2d_PKCS8_bio;
> ++ i2d_PKCS8_PRIV_KEY_INFO_fp;
> ++ i2d_PKCS8_PRIV_KEY_INFO_bio;
> ++ BIO_s_bio;
> ++ PKCS5_pbe2_set;
> ++ PKCS5_PBKDF2_HMAC_SHA1;
> ++ PKCS5_v2_PBE_keyivgen;
> ++ PEM_write_bio_PKCS8PrivateKey;
> ++ PEM_write_PKCS8PrivateKey;
> ++ BIO_ctrl_get_read_request;
> ++ BIO_ctrl_pending;
> ++ BIO_ctrl_wpending;
> ++ BIO_new_bio_pair;
> ++ BIO_ctrl_get_write_guarantee;
> ++ CRYPTO_num_locks;
> ++ CONF_load_bio;
> ++ CONF_load_fp;
> ++ i2d_ASN1_SET_OF_ASN1_OBJECT;
> ++ d2i_ASN1_SET_OF_ASN1_OBJECT;
> ++ PKCS7_signatureVerify;
> ++ RSA_set_method;
> ++ RSA_get_method;
> ++ RSA_get_default_method;
> ++ RSA_check_key;
> ++ OBJ_obj2txt;
> ++ DSA_dup_DH;
> ++ X509_REQ_get_extensions;
> ++ X509_REQ_set_extension_nids;
> ++ BIO_nwrite;
> ++ X509_REQ_extension_nid;
> ++ BIO_nread;
> ++ X509_REQ_get_extension_nids;
> ++ BIO_nwrite0;
> ++ X509_REQ_add_extensions_nid;
> ++ BIO_nread0;
> ++ X509_REQ_add_extensions;
> ++ BIO_new_mem_buf;
> ++ DH_set_ex_data;
> ++ DH_set_method;
> ++ DSA_OpenSSL;
> ++ DH_get_ex_data;
> ++ DH_get_ex_new_index;
> ++ DSA_new_method;
> ++ DH_new_method;
> ++ DH_OpenSSL;
> ++ DSA_get_ex_new_index;
> ++ DH_get_default_method;
> ++ DSA_set_ex_data;
> ++ DH_set_default_method;
> ++ DSA_get_ex_data;
> ++ X509V3_EXT_REQ_add_conf;
> ++ NETSCAPE_SPKI_print;
> ++ NETSCAPE_SPKI_set_pubkey;
> ++ NETSCAPE_SPKI_b64_encode;
> ++ NETSCAPE_SPKI_get_pubkey;
> ++ NETSCAPE_SPKI_b64_decode;
> ++ UTF8_putc;
> ++ UTF8_getc;
> ++ RSA_null_method;
> ++ ASN1_tag2str;
> ++ BIO_ctrl_reset_read_request;
> ++ DISPLAYTEXT_new;
> ++ ASN1_GENERALIZEDTIME_free;
> ++ X509_REVOKED_get_ext_d2i;
> ++ X509_set_ex_data;
> ++ X509_reject_set_bit_asc;
> ++ X509_NAME_add_entry_by_txt;
> ++ X509_NAME_add_entry_by_NID;
> ++ X509_PURPOSE_get0;
> ++ PEM_read_X509_AUX;
> ++ d2i_AUTHORITY_INFO_ACCESS;
> ++ PEM_write_PUBKEY;
> ++ ACCESS_DESCRIPTION_new;
> ++ X509_CERT_AUX_free;
> ++ d2i_ACCESS_DESCRIPTION;
> ++ X509_trust_clear;
> ++ X509_TRUST_add;
> ++ ASN1_VISIBLESTRING_new;
> ++ X509_alias_set1;
> ++ ASN1_PRINTABLESTRING_free;
> ++ EVP_PKEY_get1_DSA;
> ++ ASN1_BMPSTRING_new;
> ++ ASN1_mbstring_copy;
> ++ ASN1_UTF8STRING_new;
> ++ DSA_get_default_method;
> ++ i2d_ASN1_SET_OF_ACCESS_DESCRIPTION;
> ++ ASN1_T61STRING_free;
> ++ DSA_set_method;
> ++ X509_get_ex_data;
> ++ ASN1_STRING_type;
> ++ X509_PURPOSE_get_by_sname;
> ++ ASN1_TIME_free;
> ++ ASN1_OCTET_STRING_cmp;
> ++ ASN1_BIT_STRING_new;
> ++ X509_get_ext_d2i;
> ++ PEM_read_bio_X509_AUX;
> ++ ASN1_STRING_set_default_mask_asc;
> ++ ASN1_STRING_set_def_mask_asc;
> ++ PEM_write_bio_RSA_PUBKEY;
> ++ ASN1_INTEGER_cmp;
> ++ d2i_RSA_PUBKEY_fp;
> ++ X509_trust_set_bit_asc;
> ++ PEM_write_bio_DSA_PUBKEY;
> ++ X509_STORE_CTX_free;
> ++ EVP_PKEY_set1_DSA;
> ++ i2d_DSA_PUBKEY_fp;
> ++ X509_load_cert_crl_file;
> ++ ASN1_TIME_new;
> ++ i2d_RSA_PUBKEY;
> ++ X509_STORE_CTX_purpose_inherit;
> ++ PEM_read_RSA_PUBKEY;
> ++ d2i_X509_AUX;
> ++ i2d_DSA_PUBKEY;
> ++ X509_CERT_AUX_print;
> ++ PEM_read_DSA_PUBKEY;
> ++ i2d_RSA_PUBKEY_bio;
> ++ ASN1_BIT_STRING_num_asc;
> ++ i2d_PUBKEY;
> ++ ASN1_UTCTIME_free;
> ++ DSA_set_default_method;
> ++ X509_PURPOSE_get_by_id;
> ++ ACCESS_DESCRIPTION_free;
> ++ PEM_read_bio_PUBKEY;
> ++ ASN1_STRING_set_by_NID;
> ++ X509_PURPOSE_get_id;
> ++ DISPLAYTEXT_free;
> ++ OTHERNAME_new;
> ++ X509_CERT_AUX_new;
> ++ X509_TRUST_cleanup;
> ++ X509_NAME_add_entry_by_OBJ;
> ++ X509_CRL_get_ext_d2i;
> ++ X509_PURPOSE_get0_name;
> ++ PEM_read_PUBKEY;
> ++ i2d_DSA_PUBKEY_bio;
> ++ i2d_OTHERNAME;
> ++ ASN1_OCTET_STRING_free;
> ++ ASN1_BIT_STRING_set_asc;
> ++ X509_get_ex_new_index;
> ++ ASN1_STRING_TABLE_cleanup;
> ++ X509_TRUST_get_by_id;
> ++ X509_PURPOSE_get_trust;
> ++ ASN1_STRING_length;
> ++ d2i_ASN1_SET_OF_ACCESS_DESCRIPTION;
> ++ ASN1_PRINTABLESTRING_new;
> ++ X509V3_get_d2i;
> ++ ASN1_ENUMERATED_free;
> ++ i2d_X509_CERT_AUX;
> ++ X509_STORE_CTX_set_trust;
> ++ ASN1_STRING_set_default_mask;
> ++ X509_STORE_CTX_new;
> ++ EVP_PKEY_get1_RSA;
> ++ DIRECTORYSTRING_free;
> ++ PEM_write_X509_AUX;
> ++ ASN1_OCTET_STRING_set;
> ++ d2i_DSA_PUBKEY_fp;
> ++ d2i_RSA_PUBKEY;
> ++ X509_TRUST_get0_name;
> ++ X509_TRUST_get0;
> ++ AUTHORITY_INFO_ACCESS_free;
> ++ ASN1_IA5STRING_new;
> ++ d2i_DSA_PUBKEY;
> ++ X509_check_purpose;
> ++ ASN1_ENUMERATED_new;
> ++ d2i_RSA_PUBKEY_bio;
> ++ d2i_PUBKEY;
> ++ X509_TRUST_get_trust;
> ++ X509_TRUST_get_flags;
> ++ ASN1_BMPSTRING_free;
> ++ ASN1_T61STRING_new;
> ++ ASN1_UTCTIME_new;
> ++ i2d_AUTHORITY_INFO_ACCESS;
> ++ EVP_PKEY_set1_RSA;
> ++ X509_STORE_CTX_set_purpose;
> ++ ASN1_IA5STRING_free;
> ++ PEM_write_bio_X509_AUX;
> ++ X509_PURPOSE_get_count;
> ++ CRYPTO_add_info;
> ++ X509_NAME_ENTRY_create_by_txt;
> ++ ASN1_STRING_get_default_mask;
> ++ X509_alias_get0;
> ++ ASN1_STRING_data;
> ++ i2d_ACCESS_DESCRIPTION;
> ++ X509_trust_set_bit;
> ++ ASN1_BIT_STRING_free;
> ++ PEM_read_bio_RSA_PUBKEY;
> ++ X509_add1_reject_object;
> ++ X509_check_trust;
> ++ PEM_read_bio_DSA_PUBKEY;
> ++ X509_PURPOSE_add;
> ++ ASN1_STRING_TABLE_get;
> ++ ASN1_UTF8STRING_free;
> ++ d2i_DSA_PUBKEY_bio;
> ++ PEM_write_RSA_PUBKEY;
> ++ d2i_OTHERNAME;
> ++ X509_reject_set_bit;
> ++ PEM_write_DSA_PUBKEY;
> ++ X509_PURPOSE_get0_sname;
> ++ EVP_PKEY_set1_DH;
> ++ ASN1_OCTET_STRING_dup;
> ++ ASN1_BIT_STRING_set;
> ++ X509_TRUST_get_count;
> ++ ASN1_INTEGER_free;
> ++ OTHERNAME_free;
> ++ i2d_RSA_PUBKEY_fp;
> ++ ASN1_INTEGER_dup;
> ++ d2i_X509_CERT_AUX;
> ++ PEM_write_bio_PUBKEY;
> ++ ASN1_VISIBLESTRING_free;
> ++ X509_PURPOSE_cleanup;
> ++ ASN1_mbstring_ncopy;
> ++ ASN1_GENERALIZEDTIME_new;
> ++ EVP_PKEY_get1_DH;
> ++ ASN1_OCTET_STRING_new;
> ++ ASN1_INTEGER_new;
> ++ i2d_X509_AUX;
> ++ ASN1_BIT_STRING_name_print;
> ++ X509_cmp;
> ++ ASN1_STRING_length_set;
> ++ DIRECTORYSTRING_new;
> ++ X509_add1_trust_object;
> ++ PKCS12_newpass;
> ++ SMIME_write_PKCS7;
> ++ SMIME_read_PKCS7;
> ++ DES_set_key_checked;
> ++ PKCS7_verify;
> ++ PKCS7_encrypt;
> ++ DES_set_key_unchecked;
> ++ SMIME_crlf_copy;
> ++ i2d_ASN1_PRINTABLESTRING;
> ++ PKCS7_get0_signers;
> ++ PKCS7_decrypt;
> ++ SMIME_text;
> ++ PKCS7_simple_smimecap;
> ++ PKCS7_get_smimecap;
> ++ PKCS7_sign;
> ++ PKCS7_add_attrib_smimecap;
> ++ CRYPTO_dbg_set_options;
> ++ CRYPTO_remove_all_info;
> ++ CRYPTO_get_mem_debug_functions;
> ++ CRYPTO_is_mem_check_on;
> ++ CRYPTO_set_mem_debug_functions;
> ++ CRYPTO_pop_info;
> ++ CRYPTO_push_info_;
> ++ CRYPTO_set_mem_debug_options;
> ++ PEM_write_PKCS8PrivateKey_nid;
> ++ PEM_write_bio_PKCS8PrivateKey_nid;
> ++ PEM_write_bio_PKCS8PrivKey_nid;
> ++ d2i_PKCS8PrivateKey_bio;
> ++ ASN1_NULL_free;
> ++ d2i_ASN1_NULL;
> ++ ASN1_NULL_new;
> ++ i2d_PKCS8PrivateKey_bio;
> ++ i2d_PKCS8PrivateKey_fp;
> ++ i2d_ASN1_NULL;
> ++ i2d_PKCS8PrivateKey_nid_fp;
> ++ d2i_PKCS8PrivateKey_fp;
> ++ i2d_PKCS8PrivateKey_nid_bio;
> ++ i2d_PKCS8PrivateKeyInfo_fp;
> ++ i2d_PKCS8PrivateKeyInfo_bio;
> ++ PEM_cb;
> ++ i2d_PrivateKey_fp;
> ++ d2i_PrivateKey_bio;
> ++ d2i_PrivateKey_fp;
> ++ i2d_PrivateKey_bio;
> ++ X509_reject_clear;
> ++ X509_TRUST_set_default;
> ++ d2i_AutoPrivateKey;
> ++ X509_ATTRIBUTE_get0_type;
> ++ X509_ATTRIBUTE_set1_data;
> ++ X509at_get_attr;
> ++ X509at_get_attr_count;
> ++ X509_ATTRIBUTE_create_by_NID;
> ++ X509_ATTRIBUTE_set1_object;
> ++ X509_ATTRIBUTE_count;
> ++ X509_ATTRIBUTE_create_by_OBJ;
> ++ X509_ATTRIBUTE_get0_object;
> ++ X509at_get_attr_by_NID;
> ++ X509at_add1_attr;
> ++ X509_ATTRIBUTE_get0_data;
> ++ X509at_delete_attr;
> ++ X509at_get_attr_by_OBJ;
> ++ RAND_add;
> ++ BIO_number_written;
> ++ BIO_number_read;
> ++ X509_STORE_CTX_get1_chain;
> ++ ERR_load_RAND_strings;
> ++ RAND_pseudo_bytes;
> ++ X509_REQ_get_attr_by_NID;
> ++ X509_REQ_get_attr;
> ++ X509_REQ_add1_attr_by_NID;
> ++ X509_REQ_get_attr_by_OBJ;
> ++ X509at_add1_attr_by_NID;
> ++ X509_REQ_add1_attr_by_OBJ;
> ++ X509_REQ_get_attr_count;
> ++ X509_REQ_add1_attr;
> ++ X509_REQ_delete_attr;
> ++ X509at_add1_attr_by_OBJ;
> ++ X509_REQ_add1_attr_by_txt;
> ++ X509_ATTRIBUTE_create_by_txt;
> ++ X509at_add1_attr_by_txt;
> ++ BN_pseudo_rand;
> ++ BN_is_prime_fasttest;
> ++ BN_CTX_end;
> ++ BN_CTX_start;
> ++ BN_CTX_get;
> ++ EVP_PKEY2PKCS8_broken;
> ++ ASN1_STRING_TABLE_add;
> ++ CRYPTO_dbg_get_options;
> ++ AUTHORITY_INFO_ACCESS_new;
> ++ CRYPTO_get_mem_debug_options;
> ++ DES_crypt;
> ++ PEM_write_bio_X509_REQ_NEW;
> ++ PEM_write_X509_REQ_NEW;
> ++ BIO_callback_ctrl;
> ++ RAND_egd;
> ++ RAND_status;
> ++ bn_dump1;
> ++ DES_check_key_parity;
> ++ lh_num_items;
> ++ RAND_event;
> ++ DSO_new;
> ++ DSO_new_method;
> ++ DSO_free;
> ++ DSO_flags;
> ++ DSO_up;
> ++ DSO_set_default_method;
> ++ DSO_get_default_method;
> ++ DSO_get_method;
> ++ DSO_set_method;
> ++ DSO_load;
> ++ DSO_bind_var;
> ++ DSO_METHOD_null;
> ++ DSO_METHOD_openssl;
> ++ DSO_METHOD_dlfcn;
> ++ DSO_METHOD_win32;
> ++ ERR_load_DSO_strings;
> ++ DSO_METHOD_dl;
> ++ NCONF_load;
> ++ NCONF_load_fp;
> ++ NCONF_new;
> ++ NCONF_get_string;
> ++ NCONF_free;
> ++ NCONF_get_number;
> ++ CONF_dump_fp;
> ++ NCONF_load_bio;
> ++ NCONF_dump_fp;
> ++ NCONF_get_section;
> ++ NCONF_dump_bio;
> ++ CONF_dump_bio;
> ++ NCONF_free_data;
> ++ CONF_set_default_method;
> ++ ERR_error_string_n;
> ++ BIO_snprintf;
> ++ DSO_ctrl;
> ++ i2d_ASN1_SET_OF_ASN1_INTEGER;
> ++ i2d_ASN1_SET_OF_PKCS12_SAFEBAG;
> ++ i2d_ASN1_SET_OF_PKCS7;
> ++ BIO_vfree;
> ++ d2i_ASN1_SET_OF_ASN1_INTEGER;
> ++ d2i_ASN1_SET_OF_PKCS12_SAFEBAG;
> ++ ASN1_UTCTIME_get;
> ++ X509_REQ_digest;
> ++ X509_CRL_digest;
> ++ d2i_ASN1_SET_OF_PKCS7;
> ++ EVP_CIPHER_CTX_set_key_length;
> ++ EVP_CIPHER_CTX_ctrl;
> ++ BN_mod_exp_mont_word;
> ++ RAND_egd_bytes;
> ++ X509_REQ_get1_email;
> ++ X509_get1_email;
> ++ X509_email_free;
> ++ i2d_RSA_NET;
> ++ d2i_RSA_NET_2;
> ++ d2i_RSA_NET;
> ++ DSO_bind_func;
> ++ CRYPTO_get_new_dynlockid;
> ++ sk_new_null;
> ++ CRYPTO_set_dynlock_destroy_callback;
> ++ CRYPTO_set_dynlock_destroy_cb;
> ++ CRYPTO_destroy_dynlockid;
> ++ CRYPTO_set_dynlock_size;
> ++ CRYPTO_set_dynlock_create_callback;
> ++ CRYPTO_set_dynlock_create_cb;
> ++ CRYPTO_set_dynlock_lock_callback;
> ++ CRYPTO_set_dynlock_lock_cb;
> ++ CRYPTO_get_dynlock_lock_callback;
> ++ CRYPTO_get_dynlock_lock_cb;
> ++ CRYPTO_get_dynlock_destroy_callback;
> ++ CRYPTO_get_dynlock_destroy_cb;
> ++ CRYPTO_get_dynlock_value;
> ++ CRYPTO_get_dynlock_create_callback;
> ++ CRYPTO_get_dynlock_create_cb;
> ++ c2i_ASN1_BIT_STRING;
> ++ i2c_ASN1_BIT_STRING;
> ++ RAND_poll;
> ++ c2i_ASN1_INTEGER;
> ++ i2c_ASN1_INTEGER;
> ++ BIO_dump_indent;
> ++ ASN1_parse_dump;
> ++ c2i_ASN1_OBJECT;
> ++ X509_NAME_print_ex_fp;
> ++ ASN1_STRING_print_ex_fp;
> ++ X509_NAME_print_ex;
> ++ ASN1_STRING_print_ex;
> ++ MD4;
> ++ MD4_Transform;
> ++ MD4_Final;
> ++ MD4_Update;
> ++ MD4_Init;
> ++ EVP_md4;
> ++ i2d_PUBKEY_bio;
> ++ i2d_PUBKEY_fp;
> ++ d2i_PUBKEY_bio;
> ++ ASN1_STRING_to_UTF8;
> ++ BIO_vprintf;
> ++ BIO_vsnprintf;
> ++ d2i_PUBKEY_fp;
> ++ X509_cmp_time;
> ++ X509_STORE_CTX_set_time;
> ++ X509_STORE_CTX_get1_issuer;
> ++ X509_OBJECT_retrieve_match;
> ++ X509_OBJECT_idx_by_subject;
> ++ X509_STORE_CTX_set_flags;
> ++ X509_STORE_CTX_trusted_stack;
> ++ X509_time_adj;
> ++ X509_check_issued;
> ++ ASN1_UTCTIME_cmp_time_t;
> ++ DES_set_weak_key_flag;
> ++ DES_check_key;
> ++ DES_rw_mode;
> ++ RSA_PKCS1_RSAref;
> ++ X509_keyid_set1;
> ++ BIO_next;
> ++ DSO_METHOD_vms;
> ++ BIO_f_linebuffer;
> ++ BN_bntest_rand;
> ++ OPENSSL_issetugid;
> ++ BN_rand_range;
> ++ ERR_load_ENGINE_strings;
> ++ ENGINE_set_DSA;
> ++ ENGINE_get_finish_function;
> ++ ENGINE_get_default_RSA;
> ++ ENGINE_get_BN_mod_exp;
> ++ DSA_get_default_openssl_method;
> ++ ENGINE_set_DH;
> ++ ENGINE_set_def_BN_mod_exp_crt;
> ++ ENGINE_set_default_BN_mod_exp_crt;
> ++ ENGINE_init;
> ++ DH_get_default_openssl_method;
> ++ RSA_set_default_openssl_method;
> ++ ENGINE_finish;
> ++ ENGINE_load_public_key;
> ++ ENGINE_get_DH;
> ++ ENGINE_ctrl;
> ++ ENGINE_get_init_function;
> ++ ENGINE_set_init_function;
> ++ ENGINE_set_default_DSA;
> ++ ENGINE_get_name;
> ++ ENGINE_get_last;
> ++ ENGINE_get_prev;
> ++ ENGINE_get_default_DH;
> ++ ENGINE_get_RSA;
> ++ ENGINE_set_default;
> ++ ENGINE_get_RAND;
> ++ ENGINE_get_first;
> ++ ENGINE_by_id;
> ++ ENGINE_set_finish_function;
> ++ ENGINE_get_def_BN_mod_exp_crt;
> ++ ENGINE_get_default_BN_mod_exp_crt;
> ++ RSA_get_default_openssl_method;
> ++ ENGINE_set_RSA;
> ++ ENGINE_load_private_key;
> ++ ENGINE_set_default_RAND;
> ++ ENGINE_set_BN_mod_exp;
> ++ ENGINE_remove;
> ++ ENGINE_free;
> ++ ENGINE_get_BN_mod_exp_crt;
> ++ ENGINE_get_next;
> ++ ENGINE_set_name;
> ++ ENGINE_get_default_DSA;
> ++ ENGINE_set_default_BN_mod_exp;
> ++ ENGINE_set_default_RSA;
> ++ ENGINE_get_default_RAND;
> ++ ENGINE_get_default_BN_mod_exp;
> ++ ENGINE_set_RAND;
> ++ ENGINE_set_id;
> ++ ENGINE_set_BN_mod_exp_crt;
> ++ ENGINE_set_default_DH;
> ++ ENGINE_new;
> ++ ENGINE_get_id;
> ++ DSA_set_default_openssl_method;
> ++ ENGINE_add;
> ++ DH_set_default_openssl_method;
> ++ ENGINE_get_DSA;
> ++ ENGINE_get_ctrl_function;
> ++ ENGINE_set_ctrl_function;
> ++ BN_pseudo_rand_range;
> ++ X509_STORE_CTX_set_verify_cb;
> ++ ERR_load_COMP_strings;
> ++ PKCS12_item_decrypt_d2i;
> ++ ASN1_UTF8STRING_it;
> ++ ENGINE_unregister_ciphers;
> ++ ENGINE_get_ciphers;
> ++ d2i_OCSP_BASICRESP;
> ++ KRB5_CHECKSUM_it;
> ++ EC_POINT_add;
> ++ ASN1_item_ex_i2d;
> ++ OCSP_CERTID_it;
> ++ d2i_OCSP_RESPBYTES;
> ++ X509V3_add1_i2d;
> ++ PKCS7_ENVELOPE_it;
> ++ UI_add_input_boolean;
> ++ ENGINE_unregister_RSA;
> ++ X509V3_EXT_nconf;
> ++ ASN1_GENERALSTRING_free;
> ++ d2i_OCSP_CERTSTATUS;
> ++ X509_REVOKED_set_serialNumber;
> ++ X509_print_ex;
> ++ OCSP_ONEREQ_get1_ext_d2i;
> ++ ENGINE_register_all_RAND;
> ++ ENGINE_load_dynamic;
> ++ PBKDF2PARAM_it;
> ++ EXTENDED_KEY_USAGE_new;
> ++ EC_GROUP_clear_free;
> ++ OCSP_sendreq_bio;
> ++ ASN1_item_digest;
> ++ OCSP_BASICRESP_delete_ext;
> ++ OCSP_SIGNATURE_it;
> ++ X509_CRL_it;
> ++ OCSP_BASICRESP_add_ext;
> ++ KRB5_ENCKEY_it;
> ++ UI_method_set_closer;
> ++ X509_STORE_set_purpose;
> ++ i2d_ASN1_GENERALSTRING;
> ++ OCSP_response_status;
> ++ i2d_OCSP_SERVICELOC;
> ++ ENGINE_get_digest_engine;
> ++ EC_GROUP_set_curve_GFp;
> ++ OCSP_REQUEST_get_ext_by_OBJ;
> ++ _ossl_old_des_random_key;
> ++ ASN1_T61STRING_it;
> ++ EC_GROUP_method_of;
> ++ i2d_KRB5_APREQ;
> ++ _ossl_old_des_encrypt;
> ++ ASN1_PRINTABLE_new;
> ++ HMAC_Init_ex;
> ++ d2i_KRB5_AUTHENT;
> ++ OCSP_archive_cutoff_new;
> ++ EC_POINT_set_Jprojective_coordinates_GFp;
> ++ EC_POINT_set_Jproj_coords_GFp;
> ++ _ossl_old_des_is_weak_key;
> ++ OCSP_BASICRESP_get_ext_by_OBJ;
> ++ EC_POINT_oct2point;
> ++ OCSP_SINGLERESP_get_ext_count;
> ++ UI_ctrl;
> ++ _shadow_DES_rw_mode;
> ++ asn1_do_adb;
> ++ ASN1_template_i2d;
> ++ ENGINE_register_DH;
> ++ UI_construct_prompt;
> ++ X509_STORE_set_trust;
> ++ UI_dup_input_string;
> ++ d2i_KRB5_APREQ;
> ++ EVP_MD_CTX_copy_ex;
> ++ OCSP_request_is_signed;
> ++ i2d_OCSP_REQINFO;
> ++ KRB5_ENCKEY_free;
> ++ OCSP_resp_get0;
> ++ GENERAL_NAME_it;
> ++ ASN1_GENERALIZEDTIME_it;
> ++ X509_STORE_set_flags;
> ++ EC_POINT_set_compressed_coordinates_GFp;
> ++ EC_POINT_set_compr_coords_GFp;
> ++ OCSP_response_status_str;
> ++ d2i_OCSP_REVOKEDINFO;
> ++ OCSP_basic_add1_cert;
> ++ ERR_get_implementation;
> ++ EVP_CipherFinal_ex;
> ++ OCSP_CERTSTATUS_new;
> ++ CRYPTO_cleanup_all_ex_data;
> ++ OCSP_resp_find;
> ++ BN_nnmod;
> ++ X509_CRL_sort;
> ++ X509_REVOKED_set_revocationDate;
> ++ ENGINE_register_RAND;
> ++ OCSP_SERVICELOC_new;
> ++ EC_POINT_set_affine_coordinates_GFp;
> ++ EC_POINT_set_affine_coords_GFp;
> ++ _ossl_old_des_options;
> ++ SXNET_it;
> ++ UI_dup_input_boolean;
> ++ PKCS12_add_CSPName_asc;
> ++ EC_POINT_is_at_infinity;
> ++ ENGINE_load_cryptodev;
> ++ DSO_convert_filename;
> ++ POLICYQUALINFO_it;
> ++ ENGINE_register_ciphers;
> ++ BN_mod_lshift_quick;
> ++ DSO_set_filename;
> ++ ASN1_item_free;
> ++ KRB5_TKTBODY_free;
> ++ AUTHORITY_KEYID_it;
> ++ KRB5_APREQBODY_new;
> ++ X509V3_EXT_REQ_add_nconf;
> ++ ENGINE_ctrl_cmd_string;
> ++ i2d_OCSP_RESPDATA;
> ++ EVP_MD_CTX_init;
> ++ EXTENDED_KEY_USAGE_free;
> ++ PKCS7_ATTR_SIGN_it;
> ++ UI_add_error_string;
> ++ KRB5_CHECKSUM_free;
> ++ OCSP_REQUEST_get_ext;
> ++ ENGINE_load_ubsec;
> ++ ENGINE_register_all_digests;
> ++ PKEY_USAGE_PERIOD_it;
> ++ PKCS12_unpack_authsafes;
> ++ ASN1_item_unpack;
> ++ NETSCAPE_SPKAC_it;
> ++ X509_REVOKED_it;
> ++ ASN1_STRING_encode;
> ++ EVP_aes_128_ecb;
> ++ KRB5_AUTHENT_free;
> ++ OCSP_BASICRESP_get_ext_by_critical;
> ++ OCSP_BASICRESP_get_ext_by_crit;
> ++ OCSP_cert_status_str;
> ++ d2i_OCSP_REQUEST;
> ++ UI_dup_info_string;
> ++ _ossl_old_des_xwhite_in2out;
> ++ PKCS12_it;
> ++ OCSP_SINGLERESP_get_ext_by_critical;
> ++ OCSP_SINGLERESP_get_ext_by_crit;
> ++ OCSP_CERTSTATUS_free;
> ++ _ossl_old_des_crypt;
> ++ ASN1_item_i2d;
> ++ EVP_DecryptFinal_ex;
> ++ ENGINE_load_openssl;
> ++ ENGINE_get_cmd_defns;
> ++ ENGINE_set_load_privkey_function;
> ++ ENGINE_set_load_privkey_fn;
> ++ EVP_EncryptFinal_ex;
> ++ ENGINE_set_default_digests;
> ++ X509_get0_pubkey_bitstr;
> ++ asn1_ex_i2c;
> ++ ENGINE_register_RSA;
> ++ ENGINE_unregister_DSA;
> ++ _ossl_old_des_key_sched;
> ++ X509_EXTENSION_it;
> ++ i2d_KRB5_AUTHENT;
> ++ SXNETID_it;
> ++ d2i_OCSP_SINGLERESP;
> ++ EDIPARTYNAME_new;
> ++ PKCS12_certbag2x509;
> ++ _ossl_old_des_ofb64_encrypt;
> ++ d2i_EXTENDED_KEY_USAGE;
> ++ ERR_print_errors_cb;
> ++ ENGINE_set_ciphers;
> ++ d2i_KRB5_APREQBODY;
> ++ UI_method_get_flusher;
> ++ X509_PUBKEY_it;
> ++ _ossl_old_des_enc_read;
> ++ PKCS7_ENCRYPT_it;
> ++ i2d_OCSP_RESPONSE;
> ++ EC_GROUP_get_cofactor;
> ++ PKCS12_unpack_p7data;
> ++ d2i_KRB5_AUTHDATA;
> ++ OCSP_copy_nonce;
> ++ KRB5_AUTHDATA_new;
> ++ OCSP_RESPDATA_new;
> ++ EC_GFp_mont_method;
> ++ OCSP_REVOKEDINFO_free;
> ++ UI_get_ex_data;
> ++ KRB5_APREQBODY_free;
> ++ EC_GROUP_get0_generator;
> ++ UI_get_default_method;
> ++ X509V3_set_nconf;
> ++ PKCS12_item_i2d_encrypt;
> ++ X509_add1_ext_i2d;
> ++ PKCS7_SIGNER_INFO_it;
> ++ KRB5_PRINCNAME_new;
> ++ PKCS12_SAFEBAG_it;
> ++ EC_GROUP_get_order;
> ++ d2i_OCSP_RESPID;
> ++ OCSP_request_verify;
> ++ NCONF_get_number_e;
> ++ _ossl_old_des_decrypt3;
> ++ X509_signature_print;
> ++ OCSP_SINGLERESP_free;
> ++ ENGINE_load_builtin_engines;
> ++ i2d_OCSP_ONEREQ;
> ++ OCSP_REQUEST_add_ext;
> ++ OCSP_RESPBYTES_new;
> ++ EVP_MD_CTX_create;
> ++ OCSP_resp_find_status;
> ++ X509_ALGOR_it;
> ++ ASN1_TIME_it;
> ++ OCSP_request_set1_name;
> ++ OCSP_ONEREQ_get_ext_count;
> ++ UI_get0_result;
> ++ PKCS12_AUTHSAFES_it;
> ++ EVP_aes_256_ecb;
> ++ PKCS12_pack_authsafes;
> ++ ASN1_IA5STRING_it;
> ++ UI_get_input_flags;
> ++ EC_GROUP_set_generator;
> ++ _ossl_old_des_string_to_2keys;
> ++ OCSP_CERTID_free;
> ++ X509_CERT_AUX_it;
> ++ CERTIFICATEPOLICIES_it;
> ++ _ossl_old_des_ede3_cbc_encrypt;
> ++ RAND_set_rand_engine;
> ++ DSO_get_loaded_filename;
> ++ X509_ATTRIBUTE_it;
> ++ OCSP_ONEREQ_get_ext_by_NID;
> ++ PKCS12_decrypt_skey;
> ++ KRB5_AUTHENT_it;
> ++ UI_dup_error_string;
> ++ RSAPublicKey_it;
> ++ i2d_OCSP_REQUEST;
> ++ PKCS12_x509crl2certbag;
> ++ OCSP_SERVICELOC_it;
> ++ ASN1_item_sign;
> ++ X509_CRL_set_issuer_name;
> ++ OBJ_NAME_do_all_sorted;
> ++ i2d_OCSP_BASICRESP;
> ++ i2d_OCSP_RESPBYTES;
> ++ PKCS12_unpack_p7encdata;
> ++ HMAC_CTX_init;
> ++ ENGINE_get_digest;
> ++ OCSP_RESPONSE_print;
> ++ KRB5_TKTBODY_it;
> ++ ACCESS_DESCRIPTION_it;
> ++ PKCS7_ISSUER_AND_SERIAL_it;
> ++ PBE2PARAM_it;
> ++ PKCS12_certbag2x509crl;
> ++ PKCS7_SIGNED_it;
> ++ ENGINE_get_cipher;
> ++ i2d_OCSP_CRLID;
> ++ OCSP_SINGLERESP_new;
> ++ ENGINE_cmd_is_executable;
> ++ RSA_up_ref;
> ++ ASN1_GENERALSTRING_it;
> ++ ENGINE_register_DSA;
> ++ X509V3_EXT_add_nconf_sk;
> ++ ENGINE_set_load_pubkey_function;
> ++ PKCS8_decrypt;
> ++ PEM_bytes_read_bio;
> ++ DIRECTORYSTRING_it;
> ++ d2i_OCSP_CRLID;
> ++ EC_POINT_is_on_curve;
> ++ CRYPTO_set_locked_mem_ex_functions;
> ++ CRYPTO_set_locked_mem_ex_funcs;
> ++ d2i_KRB5_CHECKSUM;
> ++ ASN1_item_dup;
> ++ X509_it;
> ++ BN_mod_add;
> ++ KRB5_AUTHDATA_free;
> ++ _ossl_old_des_cbc_cksum;
> ++ ASN1_item_verify;
> ++ CRYPTO_set_mem_ex_functions;
> ++ EC_POINT_get_Jprojective_coordinates_GFp;
> ++ EC_POINT_get_Jproj_coords_GFp;
> ++ ZLONG_it;
> ++ CRYPTO_get_locked_mem_ex_functions;
> ++ CRYPTO_get_locked_mem_ex_funcs;
> ++ ASN1_TIME_check;
> ++ UI_get0_user_data;
> ++ HMAC_CTX_cleanup;
> ++ DSA_up_ref;
> ++ _ossl_old_des_ede3_cfb64_encrypt;
> ++ _ossl_odes_ede3_cfb64_encrypt;
> ++ ASN1_BMPSTRING_it;
> ++ ASN1_tag2bit;
> ++ UI_method_set_flusher;
> ++ X509_ocspid_print;
> ++ KRB5_ENCDATA_it;
> ++ ENGINE_get_load_pubkey_function;
> ++ UI_add_user_data;
> ++ OCSP_REQUEST_delete_ext;
> ++ UI_get_method;
> ++ OCSP_ONEREQ_free;
> ++ ASN1_PRINTABLESTRING_it;
> ++ X509_CRL_set_nextUpdate;
> ++ OCSP_REQUEST_it;
> ++ OCSP_BASICRESP_it;
> ++ AES_ecb_encrypt;
> ++ BN_mod_sqr;
> ++ NETSCAPE_CERT_SEQUENCE_it;
> ++ GENERAL_NAMES_it;
> ++ AUTHORITY_INFO_ACCESS_it;
> ++ ASN1_FBOOLEAN_it;
> ++ UI_set_ex_data;
> ++ _ossl_old_des_string_to_key;
> ++ ENGINE_register_all_RSA;
> ++ d2i_KRB5_PRINCNAME;
> ++ OCSP_RESPBYTES_it;
> ++ X509_CINF_it;
> ++ ENGINE_unregister_digests;
> ++ d2i_EDIPARTYNAME;
> ++ d2i_OCSP_SERVICELOC;
> ++ ENGINE_get_digests;
> ++ _ossl_old_des_set_odd_parity;
> ++ OCSP_RESPDATA_free;
> ++ d2i_KRB5_TICKET;
> ++ OTHERNAME_it;
> ++ EVP_MD_CTX_cleanup;
> ++ d2i_ASN1_GENERALSTRING;
> ++ X509_CRL_set_version;
> ++ BN_mod_sub;
> ++ OCSP_SINGLERESP_get_ext_by_NID;
> ++ ENGINE_get_ex_new_index;
> ++ OCSP_REQUEST_free;
> ++ OCSP_REQUEST_add1_ext_i2d;
> ++ X509_VAL_it;
> ++ EC_POINTs_make_affine;
> ++ EC_POINT_mul;
> ++ X509V3_EXT_add_nconf;
> ++ X509_TRUST_set;
> ++ X509_CRL_add1_ext_i2d;
> ++ _ossl_old_des_fcrypt;
> ++ DISPLAYTEXT_it;
> ++ X509_CRL_set_lastUpdate;
> ++ OCSP_BASICRESP_free;
> ++ OCSP_BASICRESP_add1_ext_i2d;
> ++ d2i_KRB5_AUTHENTBODY;
> ++ CRYPTO_set_ex_data_implementation;
> ++ CRYPTO_set_ex_data_impl;
> ++ KRB5_ENCDATA_new;
> ++ DSO_up_ref;
> ++ OCSP_crl_reason_str;
> ++ UI_get0_result_string;
> ++ ASN1_GENERALSTRING_new;
> ++ X509_SIG_it;
> ++ ERR_set_implementation;
> ++ ERR_load_EC_strings;
> ++ UI_get0_action_string;
> ++ OCSP_ONEREQ_get_ext;
> ++ EC_POINT_method_of;
> ++ i2d_KRB5_APREQBODY;
> ++ _ossl_old_des_ecb3_encrypt;
> ++ CRYPTO_get_mem_ex_functions;
> ++ ENGINE_get_ex_data;
> ++ UI_destroy_method;
> ++ ASN1_item_i2d_bio;
> ++ OCSP_ONEREQ_get_ext_by_OBJ;
> ++ ASN1_primitive_new;
> ++ ASN1_PRINTABLE_it;
> ++ EVP_aes_192_ecb;
> ++ OCSP_SIGNATURE_new;
> ++ LONG_it;
> ++ ASN1_VISIBLESTRING_it;
> ++ OCSP_SINGLERESP_add1_ext_i2d;
> ++ d2i_OCSP_CERTID;
> ++ ASN1_item_d2i_fp;
> ++ CRL_DIST_POINTS_it;
> ++ GENERAL_NAME_print;
> ++ OCSP_SINGLERESP_delete_ext;
> ++ PKCS12_SAFEBAGS_it;
> ++ d2i_OCSP_SIGNATURE;
> ++ OCSP_request_add1_nonce;
> ++ ENGINE_set_cmd_defns;
> ++ OCSP_SERVICELOC_free;
> ++ EC_GROUP_free;
> ++ ASN1_BIT_STRING_it;
> ++ X509_REQ_it;
> ++ _ossl_old_des_cbc_encrypt;
> ++ ERR_unload_strings;
> ++ PKCS7_SIGN_ENVELOPE_it;
> ++ EDIPARTYNAME_free;
> ++ OCSP_REQINFO_free;
> ++ EC_GROUP_new_curve_GFp;
> ++ OCSP_REQUEST_get1_ext_d2i;
> ++ PKCS12_item_pack_safebag;
> ++ asn1_ex_c2i;
> ++ ENGINE_register_digests;
> ++ i2d_OCSP_REVOKEDINFO;
> ++ asn1_enc_restore;
> ++ UI_free;
> ++ UI_new_method;
> ++ EVP_EncryptInit_ex;
> ++ X509_pubkey_digest;
> ++ EC_POINT_invert;
> ++ OCSP_basic_sign;
> ++ i2d_OCSP_RESPID;
> ++ OCSP_check_nonce;
> ++ ENGINE_ctrl_cmd;
> ++ d2i_KRB5_ENCKEY;
> ++ OCSP_parse_url;
> ++ OCSP_SINGLERESP_get_ext;
> ++ OCSP_CRLID_free;
> ++ OCSP_BASICRESP_get1_ext_d2i;
> ++ RSAPrivateKey_it;
> ++ ENGINE_register_all_DH;
> ++ i2d_EDIPARTYNAME;
> ++ EC_POINT_get_affine_coordinates_GFp;
> ++ EC_POINT_get_affine_coords_GFp;
> ++ OCSP_CRLID_new;
> ++ ENGINE_get_flags;
> ++ OCSP_ONEREQ_it;
> ++ UI_process;
> ++ ASN1_INTEGER_it;
> ++ EVP_CipherInit_ex;
> ++ UI_get_string_type;
> ++ ENGINE_unregister_DH;
> ++ ENGINE_register_all_DSA;
> ++ OCSP_ONEREQ_get_ext_by_critical;
> ++ bn_dup_expand;
> ++ OCSP_cert_id_new;
> ++ BASIC_CONSTRAINTS_it;
> ++ BN_mod_add_quick;
> ++ EC_POINT_new;
> ++ EVP_MD_CTX_destroy;
> ++ OCSP_RESPBYTES_free;
> ++ EVP_aes_128_cbc;
> ++ OCSP_SINGLERESP_get1_ext_d2i;
> ++ EC_POINT_free;
> ++ DH_up_ref;
> ++ X509_NAME_ENTRY_it;
> ++ UI_get_ex_new_index;
> ++ BN_mod_sub_quick;
> ++ OCSP_ONEREQ_add_ext;
> ++ OCSP_request_sign;
> ++ EVP_DigestFinal_ex;
> ++ ENGINE_set_digests;
> ++ OCSP_id_issuer_cmp;
> ++ OBJ_NAME_do_all;
> ++ EC_POINTs_mul;
> ++ ENGINE_register_complete;
> ++ X509V3_EXT_nconf_nid;
> ++ ASN1_SEQUENCE_it;
> ++ UI_set_default_method;
> ++ RAND_query_egd_bytes;
> ++ UI_method_get_writer;
> ++ UI_OpenSSL;
> ++ PEM_def_callback;
> ++ ENGINE_cleanup;
> ++ DIST_POINT_it;
> ++ OCSP_SINGLERESP_it;
> ++ d2i_KRB5_TKTBODY;
> ++ EC_POINT_cmp;
> ++ OCSP_REVOKEDINFO_new;
> ++ i2d_OCSP_CERTSTATUS;
> ++ OCSP_basic_add1_nonce;
> ++ ASN1_item_ex_d2i;
> ++ BN_mod_lshift1_quick;
> ++ UI_set_method;
> ++ OCSP_id_get0_info;
> ++ BN_mod_sqrt;
> ++ EC_GROUP_copy;
> ++ KRB5_ENCDATA_free;
> ++ _ossl_old_des_cfb_encrypt;
> ++ OCSP_SINGLERESP_get_ext_by_OBJ;
> ++ OCSP_cert_to_id;
> ++ OCSP_RESPID_new;
> ++ OCSP_RESPDATA_it;
> ++ d2i_OCSP_RESPDATA;
> ++ ENGINE_register_all_complete;
> ++ OCSP_check_validity;
> ++ PKCS12_BAGS_it;
> ++ OCSP_url_svcloc_new;
> ++ ASN1_template_free;
> ++ OCSP_SINGLERESP_add_ext;
> ++ KRB5_AUTHENTBODY_it;
> ++ X509_supported_extension;
> ++ i2d_KRB5_AUTHDATA;
> ++ UI_method_get_opener;
> ++ ENGINE_set_ex_data;
> ++ OCSP_REQUEST_print;
> ++ CBIGNUM_it;
> ++ KRB5_TICKET_new;
> ++ KRB5_APREQ_new;
> ++ EC_GROUP_get_curve_GFp;
> ++ KRB5_ENCKEY_new;
> ++ ASN1_template_d2i;
> ++ _ossl_old_des_quad_cksum;
> ++ OCSP_single_get0_status;
> ++ BN_swap;
> ++ POLICYINFO_it;
> ++ ENGINE_set_destroy_function;
> ++ asn1_enc_free;
> ++ OCSP_RESPID_it;
> ++ EC_GROUP_new;
> ++ EVP_aes_256_cbc;
> ++ i2d_KRB5_PRINCNAME;
> ++ _ossl_old_des_encrypt2;
> ++ _ossl_old_des_encrypt3;
> ++ PKCS8_PRIV_KEY_INFO_it;
> ++ OCSP_REQINFO_it;
> ++ PBEPARAM_it;
> ++ KRB5_AUTHENTBODY_new;
> ++ X509_CRL_add0_revoked;
> ++ EDIPARTYNAME_it;
> ++ NETSCAPE_SPKI_it;
> ++ UI_get0_test_string;
> ++ ENGINE_get_cipher_engine;
> ++ ENGINE_register_all_ciphers;
> ++ EC_POINT_copy;
> ++ BN_kronecker;
> ++ _ossl_old_des_ede3_ofb64_encrypt;
> ++ _ossl_odes_ede3_ofb64_encrypt;
> ++ UI_method_get_reader;
> ++ OCSP_BASICRESP_get_ext_count;
> ++ ASN1_ENUMERATED_it;
> ++ UI_set_result;
> ++ i2d_KRB5_TICKET;
> ++ X509_print_ex_fp;
> ++ EVP_CIPHER_CTX_set_padding;
> ++ d2i_OCSP_RESPONSE;
> ++ ASN1_UTCTIME_it;
> ++ _ossl_old_des_enc_write;
> ++ OCSP_RESPONSE_new;
> ++ AES_set_encrypt_key;
> ++ OCSP_resp_count;
> ++ KRB5_CHECKSUM_new;
> ++ ENGINE_load_cswift;
> ++ OCSP_onereq_get0_id;
> ++ ENGINE_set_default_ciphers;
> ++ NOTICEREF_it;
> ++ X509V3_EXT_CRL_add_nconf;
> ++ OCSP_REVOKEDINFO_it;
> ++ AES_encrypt;
> ++ OCSP_REQUEST_new;
> ++ ASN1_ANY_it;
> ++ CRYPTO_ex_data_new_class;
> ++ _ossl_old_des_ncbc_encrypt;
> ++ i2d_KRB5_TKTBODY;
> ++ EC_POINT_clear_free;
> ++ AES_decrypt;
> ++ asn1_enc_init;
> ++ UI_get_result_maxsize;
> ++ OCSP_CERTID_new;
> ++ ENGINE_unregister_RAND;
> ++ UI_method_get_closer;
> ++ d2i_KRB5_ENCDATA;
> ++ OCSP_request_onereq_count;
> ++ OCSP_basic_verify;
> ++ KRB5_AUTHENTBODY_free;
> ++ ASN1_item_d2i;
> ++ ASN1_primitive_free;
> ++ i2d_EXTENDED_KEY_USAGE;
> ++ i2d_OCSP_SIGNATURE;
> ++ asn1_enc_save;
> ++ ENGINE_load_nuron;
> ++ _ossl_old_des_pcbc_encrypt;
> ++ PKCS12_MAC_DATA_it;
> ++ OCSP_accept_responses_new;
> ++ asn1_do_lock;
> ++ PKCS7_ATTR_VERIFY_it;
> ++ KRB5_APREQBODY_it;
> ++ i2d_OCSP_SINGLERESP;
> ++ ASN1_item_ex_new;
> ++ UI_add_verify_string;
> ++ _ossl_old_des_set_key;
> ++ KRB5_PRINCNAME_it;
> ++ EVP_DecryptInit_ex;
> ++ i2d_OCSP_CERTID;
> ++ ASN1_item_d2i_bio;
> ++ EC_POINT_dbl;
> ++ asn1_get_choice_selector;
> ++ i2d_KRB5_CHECKSUM;
> ++ ENGINE_set_table_flags;
> ++ AES_options;
> ++ ENGINE_load_chil;
> ++ OCSP_id_cmp;
> ++ OCSP_BASICRESP_new;
> ++ OCSP_REQUEST_get_ext_by_NID;
> ++ KRB5_APREQ_it;
> ++ ENGINE_get_destroy_function;
> ++ CONF_set_nconf;
> ++ ASN1_PRINTABLE_free;
> ++ OCSP_BASICRESP_get_ext_by_NID;
> ++ DIST_POINT_NAME_it;
> ++ X509V3_extensions_print;
> ++ _ossl_old_des_cfb64_encrypt;
> ++ X509_REVOKED_add1_ext_i2d;
> ++ _ossl_old_des_ofb_encrypt;
> ++ KRB5_TKTBODY_new;
> ++ ASN1_OCTET_STRING_it;
> ++ ERR_load_UI_strings;
> ++ i2d_KRB5_ENCKEY;
> ++ ASN1_template_new;
> ++ OCSP_SIGNATURE_free;
> ++ ASN1_item_i2d_fp;
> ++ KRB5_PRINCNAME_free;
> ++ PKCS7_RECIP_INFO_it;
> ++ EXTENDED_KEY_USAGE_it;
> ++ EC_GFp_simple_method;
> ++ EC_GROUP_precompute_mult;
> ++ OCSP_request_onereq_get0;
> ++ UI_method_set_writer;
> ++ KRB5_AUTHENT_new;
> ++ X509_CRL_INFO_it;
> ++ DSO_set_name_converter;
> ++ AES_set_decrypt_key;
> ++ PKCS7_DIGEST_it;
> ++ PKCS12_x5092certbag;
> ++ EVP_DigestInit_ex;
> ++ i2a_ACCESS_DESCRIPTION;
> ++ OCSP_RESPONSE_it;
> ++ PKCS7_ENC_CONTENT_it;
> ++ OCSP_request_add0_id;
> ++ EC_POINT_make_affine;
> ++ DSO_get_filename;
> ++ OCSP_CERTSTATUS_it;
> ++ OCSP_request_add1_cert;
> ++ UI_get0_output_string;
> ++ UI_dup_verify_string;
> ++ BN_mod_lshift;
> ++ KRB5_AUTHDATA_it;
> ++ asn1_set_choice_selector;
> ++ OCSP_basic_add1_status;
> ++ OCSP_RESPID_free;
> ++ asn1_get_field_ptr;
> ++ UI_add_input_string;
> ++ OCSP_CRLID_it;
> ++ i2d_KRB5_AUTHENTBODY;
> ++ OCSP_REQUEST_get_ext_count;
> ++ ENGINE_load_atalla;
> ++ X509_NAME_it;
> ++ USERNOTICE_it;
> ++ OCSP_REQINFO_new;
> ++ OCSP_BASICRESP_get_ext;
> ++ CRYPTO_get_ex_data_implementation;
> ++ CRYPTO_get_ex_data_impl;
> ++ ASN1_item_pack;
> ++ i2d_KRB5_ENCDATA;
> ++ X509_PURPOSE_set;
> ++ X509_REQ_INFO_it;
> ++ UI_method_set_opener;
> ++ ASN1_item_ex_free;
> ++ ASN1_BOOLEAN_it;
> ++ ENGINE_get_table_flags;
> ++ UI_create_method;
> ++ OCSP_ONEREQ_add1_ext_i2d;
> ++ _shadow_DES_check_key;
> ++ d2i_OCSP_REQINFO;
> ++ UI_add_info_string;
> ++ UI_get_result_minsize;
> ++ ASN1_NULL_it;
> ++ BN_mod_lshift1;
> ++ d2i_OCSP_ONEREQ;
> ++ OCSP_ONEREQ_new;
> ++ KRB5_TICKET_it;
> ++ EVP_aes_192_cbc;
> ++ KRB5_TICKET_free;
> ++ UI_new;
> ++ OCSP_response_create;
> ++ _ossl_old_des_xcbc_encrypt;
> ++ PKCS7_it;
> ++ OCSP_REQUEST_get_ext_by_critical;
> ++ OCSP_REQUEST_get_ext_by_crit;
> ++ ENGINE_set_flags;
> ++ _ossl_old_des_ecb_encrypt;
> ++ OCSP_response_get1_basic;
> ++ EVP_Digest;
> ++ OCSP_ONEREQ_delete_ext;
> ++ ASN1_TBOOLEAN_it;
> ++ ASN1_item_new;
> ++ ASN1_TIME_to_generalizedtime;
> ++ BIGNUM_it;
> ++ AES_cbc_encrypt;
> ++ ENGINE_get_load_privkey_function;
> ++ ENGINE_get_load_privkey_fn;
> ++ OCSP_RESPONSE_free;
> ++ UI_method_set_reader;
> ++ i2d_ASN1_T61STRING;
> ++ EC_POINT_set_to_infinity;
> ++ ERR_load_OCSP_strings;
> ++ EC_POINT_point2oct;
> ++ KRB5_APREQ_free;
> ++ ASN1_OBJECT_it;
> ++ OCSP_crlID_new;
> ++ OCSP_crlID2_new;
> ++ CONF_modules_load_file;
> ++ CONF_imodule_set_usr_data;
> ++ ENGINE_set_default_string;
> ++ CONF_module_get_usr_data;
> ++ ASN1_add_oid_module;
> ++ CONF_modules_finish;
> ++ OPENSSL_config;
> ++ CONF_modules_unload;
> ++ CONF_imodule_get_value;
> ++ CONF_module_set_usr_data;
> ++ CONF_parse_list;
> ++ CONF_module_add;
> ++ CONF_get1_default_config_file;
> ++ CONF_imodule_get_flags;
> ++ CONF_imodule_get_module;
> ++ CONF_modules_load;
> ++ CONF_imodule_get_name;
> ++ ERR_peek_top_error;
> ++ CONF_imodule_get_usr_data;
> ++ CONF_imodule_set_flags;
> ++ ENGINE_add_conf_module;
> ++ ERR_peek_last_error_line;
> ++ ERR_peek_last_error_line_data;
> ++ ERR_peek_last_error;
> ++ DES_read_2passwords;
> ++ DES_read_password;
> ++ UI_UTIL_read_pw;
> ++ UI_UTIL_read_pw_string;
> ++ ENGINE_load_aep;
> ++ ENGINE_load_sureware;
> ++ OPENSSL_add_all_algorithms_noconf;
> ++ OPENSSL_add_all_algo_noconf;
> ++ OPENSSL_add_all_algorithms_conf;
> ++ OPENSSL_add_all_algo_conf;
> ++ OPENSSL_load_builtin_modules;
> ++ AES_ofb128_encrypt;
> ++ AES_ctr128_encrypt;
> ++ AES_cfb128_encrypt;
> ++ ENGINE_load_4758cca;
> ++ _ossl_096_des_random_seed;
> ++ EVP_aes_256_ofb;
> ++ EVP_aes_192_ofb;
> ++ EVP_aes_128_cfb128;
> ++ EVP_aes_256_cfb128;
> ++ EVP_aes_128_ofb;
> ++ EVP_aes_192_cfb128;
> ++ CONF_modules_free;
> ++ NCONF_default;
> ++ OPENSSL_no_config;
> ++ NCONF_WIN32;
> ++ ASN1_UNIVERSALSTRING_new;
> ++ EVP_des_ede_ecb;
> ++ i2d_ASN1_UNIVERSALSTRING;
> ++ ASN1_UNIVERSALSTRING_free;
> ++ ASN1_UNIVERSALSTRING_it;
> ++ d2i_ASN1_UNIVERSALSTRING;
> ++ EVP_des_ede3_ecb;
> ++ X509_REQ_print_ex;
> ++ ENGINE_up_ref;
> ++ BUF_MEM_grow_clean;
> ++ CRYPTO_realloc_clean;
> ++ BUF_strlcat;
> ++ BIO_indent;
> ++ BUF_strlcpy;
> ++ OpenSSLDie;
> ++ OPENSSL_cleanse;
> ++ ENGINE_setup_bsd_cryptodev;
> ++ ERR_release_err_state_table;
> ++ EVP_aes_128_cfb8;
> ++ FIPS_corrupt_rsa;
> ++ FIPS_selftest_des;
> ++ EVP_aes_128_cfb1;
> ++ EVP_aes_192_cfb8;
> ++ FIPS_mode_set;
> ++ FIPS_selftest_dsa;
> ++ EVP_aes_256_cfb8;
> ++ FIPS_allow_md5;
> ++ DES_ede3_cfb_encrypt;
> ++ EVP_des_ede3_cfb8;
> ++ FIPS_rand_seeded;
> ++ AES_cfbr_encrypt_block;
> ++ AES_cfb8_encrypt;
> ++ FIPS_rand_seed;
> ++ FIPS_corrupt_des;
> ++ EVP_aes_192_cfb1;
> ++ FIPS_selftest_aes;
> ++ FIPS_set_prng_key;
> ++ EVP_des_cfb8;
> ++ FIPS_corrupt_dsa;
> ++ FIPS_test_mode;
> ++ FIPS_rand_method;
> ++ EVP_aes_256_cfb1;
> ++ ERR_load_FIPS_strings;
> ++ FIPS_corrupt_aes;
> ++ FIPS_selftest_sha1;
> ++ FIPS_selftest_rsa;
> ++ FIPS_corrupt_sha1;
> ++ EVP_des_cfb1;
> ++ FIPS_dsa_check;
> ++ AES_cfb1_encrypt;
> ++ EVP_des_ede3_cfb1;
> ++ FIPS_rand_check;
> ++ FIPS_md5_allowed;
> ++ FIPS_mode;
> ++ FIPS_selftest_failed;
> ++ sk_is_sorted;
> ++ X509_check_ca;
> ++ HMAC_CTX_set_flags;
> ++ d2i_PROXY_CERT_INFO_EXTENSION;
> ++ PROXY_POLICY_it;
> ++ i2d_PROXY_POLICY;
> ++ i2d_PROXY_CERT_INFO_EXTENSION;
> ++ d2i_PROXY_POLICY;
> ++ PROXY_CERT_INFO_EXTENSION_new;
> ++ PROXY_CERT_INFO_EXTENSION_free;
> ++ PROXY_CERT_INFO_EXTENSION_it;
> ++ PROXY_POLICY_free;
> ++ PROXY_POLICY_new;
> ++ BN_MONT_CTX_set_locked;
> ++ FIPS_selftest_rng;
> ++ EVP_sha384;
> ++ EVP_sha512;
> ++ EVP_sha224;
> ++ EVP_sha256;
> ++ FIPS_selftest_hmac;
> ++ FIPS_corrupt_rng;
> ++ BN_mod_exp_mont_consttime;
> ++ RSA_X931_hash_id;
> ++ RSA_padding_check_X931;
> ++ RSA_verify_PKCS1_PSS;
> ++ RSA_padding_add_X931;
> ++ RSA_padding_add_PKCS1_PSS;
> ++ PKCS1_MGF1;
> ++ BN_X931_generate_Xpq;
> ++ RSA_X931_generate_key;
> ++ BN_X931_derive_prime;
> ++ BN_X931_generate_prime;
> ++ RSA_X931_derive;
> ++ BIO_new_dgram;
> ++ BN_get0_nist_prime_384;
> ++ ERR_set_mark;
> ++ X509_STORE_CTX_set0_crls;
> ++ ENGINE_set_STORE;
> ++ ENGINE_register_ECDSA;
> ++ STORE_meth_set_list_start_fn;
> ++ STORE_method_set_list_start_function;
> ++ BN_BLINDING_invert_ex;
> ++ NAME_CONSTRAINTS_free;
> ++ STORE_ATTR_INFO_set_number;
> ++ BN_BLINDING_get_thread_id;
> ++ X509_STORE_CTX_set0_param;
> ++ POLICY_MAPPING_it;
> ++ STORE_parse_attrs_start;
> ++ POLICY_CONSTRAINTS_free;
> ++ EVP_PKEY_add1_attr_by_NID;
> ++ BN_nist_mod_192;
> ++ EC_GROUP_get_trinomial_basis;
> ++ STORE_set_method;
> ++ GENERAL_SUBTREE_free;
> ++ NAME_CONSTRAINTS_it;
> ++ ECDH_get_default_method;
> ++ PKCS12_add_safe;
> ++ EC_KEY_new_by_curve_name;
> ++ STORE_meth_get_update_store_fn;
> ++ STORE_method_get_update_store_function;
> ++ ENGINE_register_ECDH;
> ++ SHA512_Update;
> ++ i2d_ECPrivateKey;
> ++ BN_get0_nist_prime_192;
> ++ STORE_modify_certificate;
> ++ EC_POINT_set_affine_coordinates_GF2m;
> ++ EC_POINT_set_affine_coords_GF2m;
> ++ BN_GF2m_mod_exp_arr;
> ++ STORE_ATTR_INFO_modify_number;
> ++ X509_keyid_get0;
> ++ ENGINE_load_gmp;
> ++ pitem_new;
> ++ BN_GF2m_mod_mul_arr;
> ++ STORE_list_public_key_endp;
> ++ o2i_ECPublicKey;
> ++ EC_KEY_copy;
> ++ BIO_dump_fp;
> ++ X509_policy_node_get0_parent;
> ++ EC_GROUP_check_discriminant;
> ++ i2o_ECPublicKey;
> ++ EC_KEY_precompute_mult;
> ++ a2i_IPADDRESS;
> ++ STORE_meth_set_initialise_fn;
> ++ STORE_method_set_initialise_function;
> ++ X509_STORE_CTX_set_depth;
> ++ X509_VERIFY_PARAM_inherit;
> ++ EC_POINT_point2bn;
> ++ STORE_ATTR_INFO_set_dn;
> ++ X509_policy_tree_get0_policies;
> ++ EC_GROUP_new_curve_GF2m;
> ++ STORE_destroy_method;
> ++ ENGINE_unregister_STORE;
> ++ EVP_PKEY_get1_EC_KEY;
> ++ STORE_ATTR_INFO_get0_number;
> ++ ENGINE_get_default_ECDH;
> ++ EC_KEY_get_conv_form;
> ++ ASN1_OCTET_STRING_NDEF_it;
> ++ STORE_delete_public_key;
> ++ STORE_get_public_key;
> ++ STORE_modify_arbitrary;
> ++ ENGINE_get_static_state;
> ++ pqueue_iterator;
> ++ ECDSA_SIG_new;
> ++ OPENSSL_DIR_end;
> ++ BN_GF2m_mod_sqr;
> ++ EC_POINT_bn2point;
> ++ X509_VERIFY_PARAM_set_depth;
> ++ EC_KEY_set_asn1_flag;
> ++ STORE_get_method;
> ++ EC_KEY_get_key_method_data;
> ++ ECDSA_sign_ex;
> ++ STORE_parse_attrs_end;
> ++ EC_GROUP_get_point_conversion_form;
> ++ EC_GROUP_get_point_conv_form;
> ++ STORE_method_set_store_function;
> ++ STORE_ATTR_INFO_in;
> ++ PEM_read_bio_ECPKParameters;
> ++ EC_GROUP_get_pentanomial_basis;
> ++ EVP_PKEY_add1_attr_by_txt;
> ++ BN_BLINDING_set_flags;
> ++ X509_VERIFY_PARAM_set1_policies;
> ++ X509_VERIFY_PARAM_set1_name;
> ++ X509_VERIFY_PARAM_set_purpose;
> ++ STORE_get_number;
> ++ ECDSA_sign_setup;
> ++ BN_GF2m_mod_solve_quad_arr;
> ++ EC_KEY_up_ref;
> ++ POLICY_MAPPING_free;
> ++ BN_GF2m_mod_div;
> ++ X509_VERIFY_PARAM_set_flags;
> ++ EC_KEY_free;
> ++ STORE_meth_set_list_next_fn;
> ++ STORE_method_set_list_next_function;
> ++ PEM_write_bio_ECPrivateKey;
> ++ d2i_EC_PUBKEY;
> ++ STORE_meth_get_generate_fn;
> ++ STORE_method_get_generate_function;
> ++ STORE_meth_set_list_end_fn;
> ++ STORE_method_set_list_end_function;
> ++ pqueue_print;
> ++ EC_GROUP_have_precompute_mult;
> ++ EC_KEY_print_fp;
> ++ BN_GF2m_mod_arr;
> ++ PEM_write_bio_X509_CERT_PAIR;
> ++ EVP_PKEY_cmp;
> ++ X509_policy_level_node_count;
> ++ STORE_new_engine;
> ++ STORE_list_public_key_start;
> ++ X509_VERIFY_PARAM_new;
> ++ ECDH_get_ex_data;
> ++ EVP_PKEY_get_attr;
> ++ ECDSA_do_sign;
> ++ ENGINE_unregister_ECDH;
> ++ ECDH_OpenSSL;
> ++ EC_KEY_set_conv_form;
> ++ EC_POINT_dup;
> ++ GENERAL_SUBTREE_new;
> ++ STORE_list_crl_endp;
> ++ EC_get_builtin_curves;
> ++ X509_policy_node_get0_qualifiers;
> ++ X509_pcy_node_get0_qualifiers;
> ++ STORE_list_crl_end;
> ++ EVP_PKEY_set1_EC_KEY;
> ++ BN_GF2m_mod_sqrt_arr;
> ++ i2d_ECPrivateKey_bio;
> ++ ECPKParameters_print_fp;
> ++ pqueue_find;
> ++ ECDSA_SIG_free;
> ++ PEM_write_bio_ECPKParameters;
> ++ STORE_method_set_ctrl_function;
> ++ STORE_list_public_key_end;
> ++ EC_KEY_set_private_key;
> ++ pqueue_peek;
> ++ STORE_get_arbitrary;
> ++ STORE_store_crl;
> ++ X509_policy_node_get0_policy;
> ++ PKCS12_add_safes;
> ++ BN_BLINDING_convert_ex;
> ++ X509_policy_tree_free;
> ++ OPENSSL_ia32cap_loc;
> ++ BN_GF2m_poly2arr;
> ++ STORE_ctrl;
> ++ STORE_ATTR_INFO_compare;
> ++ BN_get0_nist_prime_224;
> ++ i2d_ECParameters;
> ++ i2d_ECPKParameters;
> ++ BN_GENCB_call;
> ++ d2i_ECPKParameters;
> ++ STORE_meth_set_generate_fn;
> ++ STORE_method_set_generate_function;
> ++ ENGINE_set_ECDH;
> ++ NAME_CONSTRAINTS_new;
> ++ SHA256_Init;
> ++ EC_KEY_get0_public_key;
> ++ PEM_write_bio_EC_PUBKEY;
> ++ STORE_ATTR_INFO_set_cstr;
> ++ STORE_list_crl_next;
> ++ STORE_ATTR_INFO_in_range;
> ++ ECParameters_print;
> ++ STORE_meth_set_delete_fn;
> ++ STORE_method_set_delete_function;
> ++ STORE_list_certificate_next;
> ++ ASN1_generate_nconf;
> ++ BUF_memdup;
> ++ BN_GF2m_mod_mul;
> ++ STORE_meth_get_list_next_fn;
> ++ STORE_method_get_list_next_function;
> ++ STORE_ATTR_INFO_get0_dn;
> ++ STORE_list_private_key_next;
> ++ EC_GROUP_set_seed;
> ++ X509_VERIFY_PARAM_set_trust;
> ++ STORE_ATTR_INFO_free;
> ++ STORE_get_private_key;
> ++ EVP_PKEY_get_attr_count;
> ++ STORE_ATTR_INFO_new;
> ++ EC_GROUP_get_curve_GF2m;
> ++ STORE_meth_set_revoke_fn;
> ++ STORE_method_set_revoke_function;
> ++ STORE_store_number;
> ++ BN_is_prime_ex;
> ++ STORE_revoke_public_key;
> ++ X509_STORE_CTX_get0_param;
> ++ STORE_delete_arbitrary;
> ++ PEM_read_X509_CERT_PAIR;
> ++ X509_STORE_set_depth;
> ++ ECDSA_get_ex_data;
> ++ SHA224;
> ++ BIO_dump_indent_fp;
> ++ EC_KEY_set_group;
> ++ BUF_strndup;
> ++ STORE_list_certificate_start;
> ++ BN_GF2m_mod;
> ++ X509_REQ_check_private_key;
> ++ EC_GROUP_get_seed_len;
> ++ ERR_load_STORE_strings;
> ++ PEM_read_bio_EC_PUBKEY;
> ++ STORE_list_private_key_end;
> ++ i2d_EC_PUBKEY;
> ++ ECDSA_get_default_method;
> ++ ASN1_put_eoc;
> ++ X509_STORE_CTX_get_explicit_policy;
> ++ X509_STORE_CTX_get_expl_policy;
> ++ X509_VERIFY_PARAM_table_cleanup;
> ++ STORE_modify_private_key;
> ++ X509_VERIFY_PARAM_free;
> ++ EC_METHOD_get_field_type;
> ++ EC_GFp_nist_method;
> ++ STORE_meth_set_modify_fn;
> ++ STORE_method_set_modify_function;
> ++ STORE_parse_attrs_next;
> ++ ENGINE_load_padlock;
> ++ EC_GROUP_set_curve_name;
> ++ X509_CERT_PAIR_it;
> ++ STORE_meth_get_revoke_fn;
> ++ STORE_method_get_revoke_function;
> ++ STORE_method_set_get_function;
> ++ STORE_modify_number;
> ++ STORE_method_get_store_function;
> ++ STORE_store_private_key;
> ++ BN_GF2m_mod_sqr_arr;
> ++ RSA_setup_blinding;
> ++ BIO_s_datagram;
> ++ STORE_Memory;
> ++ sk_find_ex;
> ++ EC_GROUP_set_curve_GF2m;
> ++ ENGINE_set_default_ECDSA;
> ++ POLICY_CONSTRAINTS_new;
> ++ BN_GF2m_mod_sqrt;
> ++ ECDH_set_default_method;
> ++ EC_KEY_generate_key;
> ++ SHA384_Update;
> ++ BN_GF2m_arr2poly;
> ++ STORE_method_get_get_function;
> ++ STORE_meth_set_cleanup_fn;
> ++ STORE_method_set_cleanup_function;
> ++ EC_GROUP_check;
> ++ d2i_ECPrivateKey_bio;
> ++ EC_KEY_insert_key_method_data;
> ++ STORE_meth_get_lock_store_fn;
> ++ STORE_method_get_lock_store_function;
> ++ X509_VERIFY_PARAM_get_depth;
> ++ SHA224_Final;
> ++ STORE_meth_set_update_store_fn;
> ++ STORE_method_set_update_store_function;
> ++ SHA224_Update;
> ++ d2i_ECPrivateKey;
> ++ ASN1_item_ndef_i2d;
> ++ STORE_delete_private_key;
> ++ ERR_pop_to_mark;
> ++ ENGINE_register_all_STORE;
> ++ X509_policy_level_get0_node;
> ++ i2d_PKCS7_NDEF;
> ++ EC_GROUP_get_degree;
> ++ ASN1_generate_v3;
> ++ STORE_ATTR_INFO_modify_cstr;
> ++ X509_policy_tree_level_count;
> ++ BN_GF2m_add;
> ++ EC_KEY_get0_group;
> ++ STORE_generate_crl;
> ++ STORE_store_public_key;
> ++ X509_CERT_PAIR_free;
> ++ STORE_revoke_private_key;
> ++ BN_nist_mod_224;
> ++ SHA512_Final;
> ++ STORE_ATTR_INFO_modify_dn;
> ++ STORE_meth_get_initialise_fn;
> ++ STORE_method_get_initialise_function;
> ++ STORE_delete_number;
> ++ i2d_EC_PUBKEY_bio;
> ++ BIO_dgram_non_fatal_error;
> ++ EC_GROUP_get_asn1_flag;
> ++ STORE_ATTR_INFO_in_ex;
> ++ STORE_list_crl_start;
> ++ ECDH_get_ex_new_index;
> ++ STORE_meth_get_modify_fn;
> ++ STORE_method_get_modify_function;
> ++ v2i_ASN1_BIT_STRING;
> ++ STORE_store_certificate;
> ++ OBJ_bsearch_ex;
> ++ X509_STORE_CTX_set_default;
> ++ STORE_ATTR_INFO_set_sha1str;
> ++ BN_GF2m_mod_inv;
> ++ BN_GF2m_mod_exp;
> ++ STORE_modify_public_key;
> ++ STORE_meth_get_list_start_fn;
> ++ STORE_method_get_list_start_function;
> ++ EC_GROUP_get0_seed;
> ++ STORE_store_arbitrary;
> ++ STORE_meth_set_unlock_store_fn;
> ++ STORE_method_set_unlock_store_function;
> ++ BN_GF2m_mod_div_arr;
> ++ ENGINE_set_ECDSA;
> ++ STORE_create_method;
> ++ ECPKParameters_print;
> ++ EC_KEY_get0_private_key;
> ++ PEM_write_EC_PUBKEY;
> ++ X509_VERIFY_PARAM_set1;
> ++ ECDH_set_method;
> ++ v2i_GENERAL_NAME_ex;
> ++ ECDH_set_ex_data;
> ++ STORE_generate_key;
> ++ BN_nist_mod_521;
> ++ X509_policy_tree_get0_level;
> ++ EC_GROUP_set_point_conversion_form;
> ++ EC_GROUP_set_point_conv_form;
> ++ PEM_read_EC_PUBKEY;
> ++ i2d_ECDSA_SIG;
> ++ ECDSA_OpenSSL;
> ++ STORE_delete_crl;
> ++ EC_KEY_get_enc_flags;
> ++ ASN1_const_check_infinite_end;
> ++ EVP_PKEY_delete_attr;
> ++ ECDSA_set_default_method;
> ++ EC_POINT_set_compressed_coordinates_GF2m;
> ++ EC_POINT_set_compr_coords_GF2m;
> ++ EC_GROUP_cmp;
> ++ STORE_revoke_certificate;
> ++ BN_get0_nist_prime_256;
> ++ STORE_meth_get_delete_fn;
> ++ STORE_method_get_delete_function;
> ++ SHA224_Init;
> ++ PEM_read_ECPrivateKey;
> ++ SHA512_Init;
> ++ STORE_parse_attrs_endp;
> ++ BN_set_negative;
> ++ ERR_load_ECDSA_strings;
> ++ EC_GROUP_get_basis_type;
> ++ STORE_list_public_key_next;
> ++ i2v_ASN1_BIT_STRING;
> ++ STORE_OBJECT_free;
> ++ BN_nist_mod_384;
> ++ i2d_X509_CERT_PAIR;
> ++ PEM_write_ECPKParameters;
> ++ ECDH_compute_key;
> ++ STORE_ATTR_INFO_get0_sha1str;
> ++ ENGINE_register_all_ECDH;
> ++ pqueue_pop;
> ++ STORE_ATTR_INFO_get0_cstr;
> ++ POLICY_CONSTRAINTS_it;
> ++ STORE_get_ex_new_index;
> ++ EVP_PKEY_get_attr_by_OBJ;
> ++ X509_VERIFY_PARAM_add0_policy;
> ++ BN_GF2m_mod_solve_quad;
> ++ SHA256;
> ++ i2d_ECPrivateKey_fp;
> ++ X509_policy_tree_get0_user_policies;
> ++ X509_pcy_tree_get0_usr_policies;
> ++ OPENSSL_DIR_read;
> ++ ENGINE_register_all_ECDSA;
> ++ X509_VERIFY_PARAM_lookup;
> ++ EC_POINT_get_affine_coordinates_GF2m;
> ++ EC_POINT_get_affine_coords_GF2m;
> ++ EC_GROUP_dup;
> ++ ENGINE_get_default_ECDSA;
> ++ EC_KEY_new;
> ++ SHA256_Transform;
> ++ EC_KEY_set_enc_flags;
> ++ ECDSA_verify;
> ++ EC_POINT_point2hex;
> ++ ENGINE_get_STORE;
> ++ SHA512;
> ++ STORE_get_certificate;
> ++ ECDSA_do_sign_ex;
> ++ ECDSA_do_verify;
> ++ d2i_ECPrivateKey_fp;
> ++ STORE_delete_certificate;
> ++ SHA512_Transform;
> ++ X509_STORE_set1_param;
> ++ STORE_method_get_ctrl_function;
> ++ STORE_free;
> ++ PEM_write_ECPrivateKey;
> ++ STORE_meth_get_unlock_store_fn;
> ++ STORE_method_get_unlock_store_function;
> ++ STORE_get_ex_data;
> ++ EC_KEY_set_public_key;
> ++ PEM_read_ECPKParameters;
> ++ X509_CERT_PAIR_new;
> ++ ENGINE_register_STORE;
> ++ RSA_generate_key_ex;
> ++ DSA_generate_parameters_ex;
> ++ ECParameters_print_fp;
> ++ X509V3_NAME_from_section;
> ++ EVP_PKEY_add1_attr;
> ++ STORE_modify_crl;
> ++ STORE_list_private_key_start;
> ++ POLICY_MAPPINGS_it;
> ++ GENERAL_SUBTREE_it;
> ++ EC_GROUP_get_curve_name;
> ++ PEM_write_X509_CERT_PAIR;
> ++ BIO_dump_indent_cb;
> ++ d2i_X509_CERT_PAIR;
> ++ STORE_list_private_key_endp;
> ++ asn1_const_Finish;
> ++ i2d_EC_PUBKEY_fp;
> ++ BN_nist_mod_256;
> ++ X509_VERIFY_PARAM_add0_table;
> ++ pqueue_free;
> ++ BN_BLINDING_create_param;
> ++ ECDSA_size;
> ++ d2i_EC_PUBKEY_bio;
> ++ BN_get0_nist_prime_521;
> ++ STORE_ATTR_INFO_modify_sha1str;
> ++ BN_generate_prime_ex;
> ++ EC_GROUP_new_by_curve_name;
> ++ SHA256_Final;
> ++ DH_generate_parameters_ex;
> ++ PEM_read_bio_ECPrivateKey;
> ++ STORE_meth_get_cleanup_fn;
> ++ STORE_method_get_cleanup_function;
> ++ ENGINE_get_ECDH;
> ++ d2i_ECDSA_SIG;
> ++ BN_is_prime_fasttest_ex;
> ++ ECDSA_sign;
> ++ X509_policy_check;
> ++ EVP_PKEY_get_attr_by_NID;
> ++ STORE_set_ex_data;
> ++ ENGINE_get_ECDSA;
> ++ EVP_ecdsa;
> ++ BN_BLINDING_get_flags;
> ++ PKCS12_add_cert;
> ++ STORE_OBJECT_new;
> ++ ERR_load_ECDH_strings;
> ++ EC_KEY_dup;
> ++ EVP_CIPHER_CTX_rand_key;
> ++ ECDSA_set_method;
> ++ a2i_IPADDRESS_NC;
> ++ d2i_ECParameters;
> ++ STORE_list_certificate_end;
> ++ STORE_get_crl;
> ++ X509_POLICY_NODE_print;
> ++ SHA384_Init;
> ++ EC_GF2m_simple_method;
> ++ ECDSA_set_ex_data;
> ++ SHA384_Final;
> ++ PKCS7_set_digest;
> ++ EC_KEY_print;
> ++ STORE_meth_set_lock_store_fn;
> ++ STORE_method_set_lock_store_function;
> ++ ECDSA_get_ex_new_index;
> ++ SHA384;
> ++ POLICY_MAPPING_new;
> ++ STORE_list_certificate_endp;
> ++ X509_STORE_CTX_get0_policy_tree;
> ++ EC_GROUP_set_asn1_flag;
> ++ EC_KEY_check_key;
> ++ d2i_EC_PUBKEY_fp;
> ++ PKCS7_set0_type_other;
> ++ PEM_read_bio_X509_CERT_PAIR;
> ++ pqueue_next;
> ++ STORE_meth_get_list_end_fn;
> ++ STORE_method_get_list_end_function;
> ++ EVP_PKEY_add1_attr_by_OBJ;
> ++ X509_VERIFY_PARAM_set_time;
> ++ pqueue_new;
> ++ ENGINE_set_default_ECDH;
> ++ STORE_new_method;
> ++ PKCS12_add_key;
> ++ DSO_merge;
> ++ EC_POINT_hex2point;
> ++ BIO_dump_cb;
> ++ SHA256_Update;
> ++ pqueue_insert;
> ++ pitem_free;
> ++ BN_GF2m_mod_inv_arr;
> ++ ENGINE_unregister_ECDSA;
> ++ BN_BLINDING_set_thread_id;
> ++ get_rfc3526_prime_8192;
> ++ X509_VERIFY_PARAM_clear_flags;
> ++ get_rfc2409_prime_1024;
> ++ DH_check_pub_key;
> ++ get_rfc3526_prime_2048;
> ++ get_rfc3526_prime_6144;
> ++ get_rfc3526_prime_1536;
> ++ get_rfc3526_prime_3072;
> ++ get_rfc3526_prime_4096;
> ++ get_rfc2409_prime_768;
> ++ X509_VERIFY_PARAM_get_flags;
> ++ EVP_CIPHER_CTX_new;
> ++ EVP_CIPHER_CTX_free;
> ++ Camellia_cbc_encrypt;
> ++ Camellia_cfb128_encrypt;
> ++ Camellia_cfb1_encrypt;
> ++ Camellia_cfb8_encrypt;
> ++ Camellia_ctr128_encrypt;
> ++ Camellia_cfbr_encrypt_block;
> ++ Camellia_decrypt;
> ++ Camellia_ecb_encrypt;
> ++ Camellia_encrypt;
> ++ Camellia_ofb128_encrypt;
> ++ Camellia_set_key;
> ++ EVP_camellia_128_cbc;
> ++ EVP_camellia_128_cfb128;
> ++ EVP_camellia_128_cfb1;
> ++ EVP_camellia_128_cfb8;
> ++ EVP_camellia_128_ecb;
> ++ EVP_camellia_128_ofb;
> ++ EVP_camellia_192_cbc;
> ++ EVP_camellia_192_cfb128;
> ++ EVP_camellia_192_cfb1;
> ++ EVP_camellia_192_cfb8;
> ++ EVP_camellia_192_ecb;
> ++ EVP_camellia_192_ofb;
> ++ EVP_camellia_256_cbc;
> ++ EVP_camellia_256_cfb128;
> ++ EVP_camellia_256_cfb1;
> ++ EVP_camellia_256_cfb8;
> ++ EVP_camellia_256_ecb;
> ++ EVP_camellia_256_ofb;
> ++ a2i_ipadd;
> ++ ASIdentifiers_free;
> ++ i2d_ASIdOrRange;
> ++ EVP_CIPHER_block_size;
> ++ v3_asid_is_canonical;
> ++ IPAddressChoice_free;
> ++ EVP_CIPHER_CTX_set_app_data;
> ++ BIO_set_callback_arg;
> ++ v3_addr_add_prefix;
> ++ IPAddressOrRange_it;
> ++ BIO_set_flags;
> ++ ASIdentifiers_it;
> ++ v3_addr_get_range;
> ++ BIO_method_type;
> ++ v3_addr_inherits;
> ++ IPAddressChoice_it;
> ++ AES_ige_encrypt;
> ++ v3_addr_add_range;
> ++ EVP_CIPHER_CTX_nid;
> ++ d2i_ASRange;
> ++ v3_addr_add_inherit;
> ++ v3_asid_add_id_or_range;
> ++ v3_addr_validate_resource_set;
> ++ EVP_CIPHER_iv_length;
> ++ EVP_MD_type;
> ++ v3_asid_canonize;
> ++ IPAddressRange_free;
> ++ v3_asid_add_inherit;
> ++ EVP_CIPHER_CTX_key_length;
> ++ IPAddressRange_new;
> ++ ASIdOrRange_new;
> ++ EVP_MD_size;
> ++ EVP_MD_CTX_test_flags;
> ++ BIO_clear_flags;
> ++ i2d_ASRange;
> ++ IPAddressRange_it;
> ++ IPAddressChoice_new;
> ++ ASIdentifierChoice_new;
> ++ ASRange_free;
> ++ EVP_MD_pkey_type;
> ++ EVP_MD_CTX_clear_flags;
> ++ IPAddressFamily_free;
> ++ i2d_IPAddressFamily;
> ++ IPAddressOrRange_new;
> ++ EVP_CIPHER_flags;
> ++ v3_asid_validate_resource_set;
> ++ d2i_IPAddressRange;
> ++ AES_bi_ige_encrypt;
> ++ BIO_get_callback;
> ++ IPAddressOrRange_free;
> ++ v3_addr_subset;
> ++ d2i_IPAddressFamily;
> ++ v3_asid_subset;
> ++ BIO_test_flags;
> ++ i2d_ASIdentifierChoice;
> ++ ASRange_it;
> ++ d2i_ASIdentifiers;
> ++ ASRange_new;
> ++ d2i_IPAddressChoice;
> ++ v3_addr_get_afi;
> ++ EVP_CIPHER_key_length;
> ++ EVP_Cipher;
> ++ i2d_IPAddressOrRange;
> ++ ASIdOrRange_it;
> ++ EVP_CIPHER_nid;
> ++ i2d_IPAddressChoice;
> ++ EVP_CIPHER_CTX_block_size;
> ++ ASIdentifiers_new;
> ++ v3_addr_validate_path;
> ++ IPAddressFamily_new;
> ++ EVP_MD_CTX_set_flags;
> ++ v3_addr_is_canonical;
> ++ i2d_IPAddressRange;
> ++ IPAddressFamily_it;
> ++ v3_asid_inherits;
> ++ EVP_CIPHER_CTX_cipher;
> ++ EVP_CIPHER_CTX_get_app_data;
> ++ EVP_MD_block_size;
> ++ EVP_CIPHER_CTX_flags;
> ++ v3_asid_validate_path;
> ++ d2i_IPAddressOrRange;
> ++ v3_addr_canonize;
> ++ ASIdentifierChoice_it;
> ++ EVP_MD_CTX_md;
> ++ d2i_ASIdentifierChoice;
> ++ BIO_method_name;
> ++ EVP_CIPHER_CTX_iv_length;
> ++ ASIdOrRange_free;
> ++ ASIdentifierChoice_free;
> ++ BIO_get_callback_arg;
> ++ BIO_set_callback;
> ++ d2i_ASIdOrRange;
> ++ i2d_ASIdentifiers;
> ++ SEED_decrypt;
> ++ SEED_encrypt;
> ++ SEED_cbc_encrypt;
> ++ EVP_seed_ofb;
> ++ SEED_cfb128_encrypt;
> ++ SEED_ofb128_encrypt;
> ++ EVP_seed_cbc;
> ++ SEED_ecb_encrypt;
> ++ EVP_seed_ecb;
> ++ SEED_set_key;
> ++ EVP_seed_cfb128;
> ++ X509_EXTENSIONS_it;
> ++ X509_get1_ocsp;
> ++ OCSP_REQ_CTX_free;
> ++ i2d_X509_EXTENSIONS;
> ++ OCSP_sendreq_nbio;
> ++ OCSP_sendreq_new;
> ++ d2i_X509_EXTENSIONS;
> ++ X509_ALGORS_it;
> ++ X509_ALGOR_get0;
> ++ X509_ALGOR_set0;
> ++ AES_unwrap_key;
> ++ AES_wrap_key;
> ++ X509at_get0_data_by_OBJ;
> ++ ASN1_TYPE_set1;
> ++ ASN1_STRING_set0;
> ++ i2d_X509_ALGORS;
> ++ BIO_f_zlib;
> ++ COMP_zlib_cleanup;
> ++ d2i_X509_ALGORS;
> ++ CMS_ReceiptRequest_free;
> ++ PEM_write_CMS;
> ++ CMS_add0_CertificateChoices;
> ++ CMS_unsigned_add1_attr_by_OBJ;
> ++ ERR_load_CMS_strings;
> ++ CMS_sign_receipt;
> ++ i2d_CMS_ContentInfo;
> ++ CMS_signed_delete_attr;
> ++ d2i_CMS_bio;
> ++ CMS_unsigned_get_attr_by_NID;
> ++ CMS_verify;
> ++ SMIME_read_CMS;
> ++ CMS_decrypt_set1_key;
> ++ CMS_SignerInfo_get0_algs;
> ++ CMS_add1_cert;
> ++ CMS_set_detached;
> ++ CMS_encrypt;
> ++ CMS_EnvelopedData_create;
> ++ CMS_uncompress;
> ++ CMS_add0_crl;
> ++ CMS_SignerInfo_verify_content;
> ++ CMS_unsigned_get0_data_by_OBJ;
> ++ PEM_write_bio_CMS;
> ++ CMS_unsigned_get_attr;
> ++ CMS_RecipientInfo_ktri_cert_cmp;
> ++ CMS_RecipientInfo_ktri_get0_algs;
> ++ CMS_RecipInfo_ktri_get0_algs;
> ++ CMS_ContentInfo_free;
> ++ CMS_final;
> ++ CMS_add_simple_smimecap;
> ++ CMS_SignerInfo_verify;
> ++ CMS_data;
> ++ CMS_ContentInfo_it;
> ++ d2i_CMS_ReceiptRequest;
> ++ CMS_compress;
> ++ CMS_digest_create;
> ++ CMS_SignerInfo_cert_cmp;
> ++ CMS_SignerInfo_sign;
> ++ CMS_data_create;
> ++ i2d_CMS_bio;
> ++ CMS_EncryptedData_set1_key;
> ++ CMS_decrypt;
> ++ int_smime_write_ASN1;
> ++ CMS_unsigned_delete_attr;
> ++ CMS_unsigned_get_attr_count;
> ++ CMS_add_smimecap;
> ++ PEM_read_CMS;
> ++ CMS_signed_get_attr_by_OBJ;
> ++ d2i_CMS_ContentInfo;
> ++ CMS_add_standard_smimecap;
> ++ CMS_ContentInfo_new;
> ++ CMS_RecipientInfo_type;
> ++ CMS_get0_type;
> ++ CMS_is_detached;
> ++ CMS_sign;
> ++ CMS_signed_add1_attr;
> ++ CMS_unsigned_get_attr_by_OBJ;
> ++ SMIME_write_CMS;
> ++ CMS_EncryptedData_decrypt;
> ++ CMS_get0_RecipientInfos;
> ++ CMS_add0_RevocationInfoChoice;
> ++ CMS_decrypt_set1_pkey;
> ++ CMS_SignerInfo_set1_signer_cert;
> ++ CMS_get0_signers;
> ++ CMS_ReceiptRequest_get0_values;
> ++ CMS_signed_get0_data_by_OBJ;
> ++ CMS_get0_SignerInfos;
> ++ CMS_add0_cert;
> ++ CMS_EncryptedData_encrypt;
> ++ CMS_digest_verify;
> ++ CMS_set1_signers_certs;
> ++ CMS_signed_get_attr;
> ++ CMS_RecipientInfo_set0_key;
> ++ CMS_SignedData_init;
> ++ CMS_RecipientInfo_kekri_get0_id;
> ++ CMS_verify_receipt;
> ++ CMS_ReceiptRequest_it;
> ++ PEM_read_bio_CMS;
> ++ CMS_get1_crls;
> ++ CMS_add0_recipient_key;
> ++ SMIME_read_ASN1;
> ++ CMS_ReceiptRequest_new;
> ++ CMS_get0_content;
> ++ CMS_get1_ReceiptRequest;
> ++ CMS_signed_add1_attr_by_OBJ;
> ++ CMS_RecipientInfo_kekri_id_cmp;
> ++ CMS_add1_ReceiptRequest;
> ++ CMS_SignerInfo_get0_signer_id;
> ++ CMS_unsigned_add1_attr_by_NID;
> ++ CMS_unsigned_add1_attr;
> ++ CMS_signed_get_attr_by_NID;
> ++ CMS_get1_certs;
> ++ CMS_signed_add1_attr_by_NID;
> ++ CMS_unsigned_add1_attr_by_txt;
> ++ CMS_dataFinal;
> ++ CMS_RecipientInfo_ktri_get0_signer_id;
> ++ CMS_RecipInfo_ktri_get0_sigr_id;
> ++ i2d_CMS_ReceiptRequest;
> ++ CMS_add1_recipient_cert;
> ++ CMS_dataInit;
> ++ CMS_signed_add1_attr_by_txt;
> ++ CMS_RecipientInfo_decrypt;
> ++ CMS_signed_get_attr_count;
> ++ CMS_get0_eContentType;
> ++ CMS_set1_eContentType;
> ++ CMS_ReceiptRequest_create0;
> ++ CMS_add1_signer;
> ++ CMS_RecipientInfo_set0_pkey;
> ++ ENGINE_set_load_ssl_client_cert_function;
> ++ ENGINE_set_ld_ssl_clnt_cert_fn;
> ++ ENGINE_get_ssl_client_cert_function;
> ++ ENGINE_get_ssl_client_cert_fn;
> ++ ENGINE_load_ssl_client_cert;
> ++ ENGINE_load_capi;
> ++ OPENSSL_isservice;
> ++ FIPS_dsa_sig_decode;
> ++ EVP_CIPHER_CTX_clear_flags;
> ++ FIPS_rand_status;
> ++ FIPS_rand_set_key;
> ++ CRYPTO_set_mem_info_functions;
> ++ RSA_X931_generate_key_ex;
> ++ int_ERR_set_state_func;
> ++ int_EVP_MD_set_engine_callbacks;
> ++ int_CRYPTO_set_do_dynlock_callback;
> ++ FIPS_rng_stick;
> ++ EVP_CIPHER_CTX_set_flags;
> ++ BN_X931_generate_prime_ex;
> ++ FIPS_selftest_check;
> ++ FIPS_rand_set_dt;
> ++ CRYPTO_dbg_pop_info;
> ++ FIPS_dsa_free;
> ++ RSA_X931_derive_ex;
> ++ FIPS_rsa_new;
> ++ FIPS_rand_bytes;
> ++ fips_cipher_test;
> ++ EVP_CIPHER_CTX_test_flags;
> ++ CRYPTO_malloc_debug_init;
> ++ CRYPTO_dbg_push_info;
> ++ FIPS_corrupt_rsa_keygen;
> ++ FIPS_dh_new;
> ++ FIPS_corrupt_dsa_keygen;
> ++ FIPS_dh_free;
> ++ fips_pkey_signature_test;
> ++ EVP_add_alg_module;
> ++ int_RAND_init_engine_callbacks;
> ++ int_EVP_CIPHER_set_engine_callbacks;
> ++ int_EVP_MD_init_engine_callbacks;
> ++ FIPS_rand_test_mode;
> ++ FIPS_rand_reset;
> ++ FIPS_dsa_new;
> ++ int_RAND_set_callbacks;
> ++ BN_X931_derive_prime_ex;
> ++ int_ERR_lib_init;
> ++ int_EVP_CIPHER_init_engine_callbacks;
> ++ FIPS_rsa_free;
> ++ FIPS_dsa_sig_encode;
> ++ CRYPTO_dbg_remove_all_info;
> ++ OPENSSL_init;
> ++ CRYPTO_strdup;
> ++ JPAKE_STEP3A_process;
> ++ JPAKE_STEP1_release;
> ++ JPAKE_get_shared_key;
> ++ JPAKE_STEP3B_init;
> ++ JPAKE_STEP1_generate;
> ++ JPAKE_STEP1_init;
> ++ JPAKE_STEP3B_process;
> ++ JPAKE_STEP2_generate;
> ++ JPAKE_CTX_new;
> ++ JPAKE_CTX_free;
> ++ JPAKE_STEP3B_release;
> ++ JPAKE_STEP3A_release;
> ++ JPAKE_STEP2_process;
> ++ JPAKE_STEP3B_generate;
> ++ JPAKE_STEP1_process;
> ++ JPAKE_STEP3A_generate;
> ++ JPAKE_STEP2_release;
> ++ JPAKE_STEP3A_init;
> ++ ERR_load_JPAKE_strings;
> ++ JPAKE_STEP2_init;
> ++ pqueue_size;
> ++ i2d_TS_ACCURACY;
> ++ i2d_TS_MSG_IMPRINT_fp;
> ++ i2d_TS_MSG_IMPRINT;
> ++ EVP_PKEY_print_public;
> ++ EVP_PKEY_CTX_new;
> ++ i2d_TS_TST_INFO;
> ++ EVP_PKEY_asn1_find;
> ++ DSO_METHOD_beos;
> ++ TS_CONF_load_cert;
> ++ TS_REQ_get_ext;
> ++ EVP_PKEY_sign_init;
> ++ ASN1_item_print;
> ++ TS_TST_INFO_set_nonce;
> ++ TS_RESP_dup;
> ++ ENGINE_register_pkey_meths;
> ++ EVP_PKEY_asn1_add0;
> ++ PKCS7_add0_attrib_signing_time;
> ++ i2d_TS_TST_INFO_fp;
> ++ BIO_asn1_get_prefix;
> ++ TS_TST_INFO_set_time;
> ++ EVP_PKEY_meth_set_decrypt;
> ++ EVP_PKEY_set_type_str;
> ++ EVP_PKEY_CTX_get_keygen_info;
> ++ TS_REQ_set_policy_id;
> ++ d2i_TS_RESP_fp;
> ++ ENGINE_get_pkey_asn1_meth_engine;
> ++ ENGINE_get_pkey_asn1_meth_eng;
> ++ WHIRLPOOL_Init;
> ++ TS_RESP_set_status_info;
> ++ EVP_PKEY_keygen;
> ++ EVP_DigestSignInit;
> ++ TS_ACCURACY_set_millis;
> ++ TS_REQ_dup;
> ++ GENERAL_NAME_dup;
> ++ ASN1_SEQUENCE_ANY_it;
> ++ WHIRLPOOL;
> ++ X509_STORE_get1_crls;
> ++ ENGINE_get_pkey_asn1_meth;
> ++ EVP_PKEY_asn1_new;
> ++ BIO_new_NDEF;
> ++ ENGINE_get_pkey_meth;
> ++ TS_MSG_IMPRINT_set_algo;
> ++ i2d_TS_TST_INFO_bio;
> ++ TS_TST_INFO_set_ordering;
> ++ TS_TST_INFO_get_ext_by_OBJ;
> ++ CRYPTO_THREADID_set_pointer;
> ++ TS_CONF_get_tsa_section;
> ++ SMIME_write_ASN1;
> ++ TS_RESP_CTX_set_signer_key;
> ++ EVP_PKEY_encrypt_old;
> ++ EVP_PKEY_encrypt_init;
> ++ CRYPTO_THREADID_cpy;
> ++ ASN1_PCTX_get_cert_flags;
> ++ i2d_ESS_SIGNING_CERT;
> ++ TS_CONF_load_key;
> ++ i2d_ASN1_SEQUENCE_ANY;
> ++ d2i_TS_MSG_IMPRINT_bio;
> ++ EVP_PKEY_asn1_set_public;
> ++ b2i_PublicKey_bio;
> ++ BIO_asn1_set_prefix;
> ++ EVP_PKEY_new_mac_key;
> ++ BIO_new_CMS;
> ++ CRYPTO_THREADID_cmp;
> ++ TS_REQ_ext_free;
> ++ EVP_PKEY_asn1_set_free;
> ++ EVP_PKEY_get0_asn1;
> ++ d2i_NETSCAPE_X509;
> ++ EVP_PKEY_verify_recover_init;
> ++ EVP_PKEY_CTX_set_data;
> ++ EVP_PKEY_keygen_init;
> ++ TS_RESP_CTX_set_status_info;
> ++ TS_MSG_IMPRINT_get_algo;
> ++ TS_REQ_print_bio;
> ++ EVP_PKEY_CTX_ctrl_str;
> ++ EVP_PKEY_get_default_digest_nid;
> ++ PEM_write_bio_PKCS7_stream;
> ++ TS_MSG_IMPRINT_print_bio;
> ++ BN_asc2bn;
> ++ TS_REQ_get_policy_id;
> ++ ENGINE_set_default_pkey_asn1_meths;
> ++ ENGINE_set_def_pkey_asn1_meths;
> ++ d2i_TS_ACCURACY;
> ++ DSO_global_lookup;
> ++ TS_CONF_set_tsa_name;
> ++ i2d_ASN1_SET_ANY;
> ++ ENGINE_load_gost;
> ++ WHIRLPOOL_BitUpdate;
> ++ ASN1_PCTX_get_flags;
> ++ TS_TST_INFO_get_ext_by_NID;
> ++ TS_RESP_new;
> ++ ESS_CERT_ID_dup;
> ++ TS_STATUS_INFO_dup;
> ++ TS_REQ_delete_ext;
> ++ EVP_DigestVerifyFinal;
> ++ EVP_PKEY_print_params;
> ++ i2d_CMS_bio_stream;
> ++ TS_REQ_get_msg_imprint;
> ++ OBJ_find_sigid_by_algs;
> ++ TS_TST_INFO_get_serial;
> ++ TS_REQ_get_nonce;
> ++ X509_PUBKEY_set0_param;
> ++ EVP_PKEY_CTX_set0_keygen_info;
> ++ DIST_POINT_set_dpname;
> ++ i2d_ISSUING_DIST_POINT;
> ++ ASN1_SET_ANY_it;
> ++ EVP_PKEY_CTX_get_data;
> ++ TS_STATUS_INFO_print_bio;
> ++ EVP_PKEY_derive_init;
> ++ d2i_TS_TST_INFO;
> ++ EVP_PKEY_asn1_add_alias;
> ++ d2i_TS_RESP_bio;
> ++ OTHERNAME_cmp;
> ++ GENERAL_NAME_set0_value;
> ++ PKCS7_RECIP_INFO_get0_alg;
> ++ TS_RESP_CTX_new;
> ++ TS_RESP_set_tst_info;
> ++ PKCS7_final;
> ++ EVP_PKEY_base_id;
> ++ TS_RESP_CTX_set_signer_cert;
> ++ TS_REQ_set_msg_imprint;
> ++ EVP_PKEY_CTX_ctrl;
> ++ TS_CONF_set_digests;
> ++ d2i_TS_MSG_IMPRINT;
> ++ EVP_PKEY_meth_set_ctrl;
> ++ TS_REQ_get_ext_by_NID;
> ++ PKCS5_pbe_set0_algor;
> ++ BN_BLINDING_thread_id;
> ++ TS_ACCURACY_new;
> ++ X509_CRL_METHOD_free;
> ++ ASN1_PCTX_get_nm_flags;
> ++ EVP_PKEY_meth_set_sign;
> ++ CRYPTO_THREADID_current;
> ++ EVP_PKEY_decrypt_init;
> ++ NETSCAPE_X509_free;
> ++ i2b_PVK_bio;
> ++ EVP_PKEY_print_private;
> ++ GENERAL_NAME_get0_value;
> ++ b2i_PVK_bio;
> ++ ASN1_UTCTIME_adj;
> ++ TS_TST_INFO_new;
> ++ EVP_MD_do_all_sorted;
> ++ TS_CONF_set_default_engine;
> ++ TS_ACCURACY_set_seconds;
> ++ TS_TST_INFO_get_time;
> ++ PKCS8_pkey_get0;
> ++ EVP_PKEY_asn1_get0;
> ++ OBJ_add_sigid;
> ++ PKCS7_SIGNER_INFO_sign;
> ++ EVP_PKEY_paramgen_init;
> ++ EVP_PKEY_sign;
> ++ OBJ_sigid_free;
> ++ EVP_PKEY_meth_set_init;
> ++ d2i_ESS_ISSUER_SERIAL;
> ++ ISSUING_DIST_POINT_new;
> ++ ASN1_TIME_adj;
> ++ TS_OBJ_print_bio;
> ++ EVP_PKEY_meth_set_verify_recover;
> ++ EVP_PKEY_meth_set_vrfy_recover;
> ++ TS_RESP_get_status_info;
> ++ CMS_stream;
> ++ EVP_PKEY_CTX_set_cb;
> ++ PKCS7_to_TS_TST_INFO;
> ++ ASN1_PCTX_get_oid_flags;
> ++ TS_TST_INFO_add_ext;
> ++ EVP_PKEY_meth_set_derive;
> ++ i2d_TS_RESP_fp;
> ++ i2d_TS_MSG_IMPRINT_bio;
> ++ TS_RESP_CTX_set_accuracy;
> ++ TS_REQ_set_nonce;
> ++ ESS_CERT_ID_new;
> ++ ENGINE_pkey_asn1_find_str;
> ++ TS_REQ_get_ext_count;
> ++ BUF_reverse;
> ++ TS_TST_INFO_print_bio;
> ++ d2i_ISSUING_DIST_POINT;
> ++ ENGINE_get_pkey_meths;
> ++ i2b_PrivateKey_bio;
> ++ i2d_TS_RESP;
> ++ b2i_PublicKey;
> ++ TS_VERIFY_CTX_cleanup;
> ++ TS_STATUS_INFO_free;
> ++ TS_RESP_verify_token;
> ++ OBJ_bsearch_ex_;
> ++ ASN1_bn_print;
> ++ EVP_PKEY_asn1_get_count;
> ++ ENGINE_register_pkey_asn1_meths;
> ++ ASN1_PCTX_set_nm_flags;
> ++ EVP_DigestVerifyInit;
> ++ ENGINE_set_default_pkey_meths;
> ++ TS_TST_INFO_get_policy_id;
> ++ TS_REQ_get_cert_req;
> ++ X509_CRL_set_meth_data;
> ++ PKCS8_pkey_set0;
> ++ ASN1_STRING_copy;
> ++ d2i_TS_TST_INFO_fp;
> ++ X509_CRL_match;
> ++ EVP_PKEY_asn1_set_private;
> ++ TS_TST_INFO_get_ext_d2i;
> ++ TS_RESP_CTX_add_policy;
> ++ d2i_TS_RESP;
> ++ TS_CONF_load_certs;
> ++ TS_TST_INFO_get_msg_imprint;
> ++ ERR_load_TS_strings;
> ++ TS_TST_INFO_get_version;
> ++ EVP_PKEY_CTX_dup;
> ++ EVP_PKEY_meth_set_verify;
> ++ i2b_PublicKey_bio;
> ++ TS_CONF_set_certs;
> ++ EVP_PKEY_asn1_get0_info;
> ++ TS_VERIFY_CTX_free;
> ++ TS_REQ_get_ext_by_critical;
> ++ TS_RESP_CTX_set_serial_cb;
> ++ X509_CRL_get_meth_data;
> ++ TS_RESP_CTX_set_time_cb;
> ++ TS_MSG_IMPRINT_get_msg;
> ++ TS_TST_INFO_ext_free;
> ++ TS_REQ_get_version;
> ++ TS_REQ_add_ext;
> ++ EVP_PKEY_CTX_set_app_data;
> ++ OBJ_bsearch_;
> ++ EVP_PKEY_meth_set_verifyctx;
> ++ i2d_PKCS7_bio_stream;
> ++ CRYPTO_THREADID_set_numeric;
> ++ PKCS7_sign_add_signer;
> ++ d2i_TS_TST_INFO_bio;
> ++ TS_TST_INFO_get_ordering;
> ++ TS_RESP_print_bio;
> ++ TS_TST_INFO_get_exts;
> ++ HMAC_CTX_copy;
> ++ PKCS5_pbe2_set_iv;
> ++ ENGINE_get_pkey_asn1_meths;
> ++ b2i_PrivateKey;
> ++ EVP_PKEY_CTX_get_app_data;
> ++ TS_REQ_set_cert_req;
> ++ CRYPTO_THREADID_set_callback;
> ++ TS_CONF_set_serial;
> ++ TS_TST_INFO_free;
> ++ d2i_TS_REQ_fp;
> ++ TS_RESP_verify_response;
> ++ i2d_ESS_ISSUER_SERIAL;
> ++ TS_ACCURACY_get_seconds;
> ++ EVP_CIPHER_do_all;
> ++ b2i_PrivateKey_bio;
> ++ OCSP_CERTID_dup;
> ++ X509_PUBKEY_get0_param;
> ++ TS_MSG_IMPRINT_dup;
> ++ PKCS7_print_ctx;
> ++ i2d_TS_REQ_bio;
> ++ EVP_whirlpool;
> ++ EVP_PKEY_asn1_set_param;
> ++ EVP_PKEY_meth_set_encrypt;
> ++ ASN1_PCTX_set_flags;
> ++ i2d_ESS_CERT_ID;
> ++ TS_VERIFY_CTX_new;
> ++ TS_RESP_CTX_set_extension_cb;
> ++ ENGINE_register_all_pkey_meths;
> ++ TS_RESP_CTX_set_status_info_cond;
> ++ TS_RESP_CTX_set_stat_info_cond;
> ++ EVP_PKEY_verify;
> ++ WHIRLPOOL_Final;
> ++ X509_CRL_METHOD_new;
> ++ EVP_DigestSignFinal;
> ++ TS_RESP_CTX_set_def_policy;
> ++ NETSCAPE_X509_it;
> ++ TS_RESP_create_response;
> ++ PKCS7_SIGNER_INFO_get0_algs;
> ++ TS_TST_INFO_get_nonce;
> ++ EVP_PKEY_decrypt_old;
> ++ TS_TST_INFO_set_policy_id;
> ++ TS_CONF_set_ess_cert_id_chain;
> ++ EVP_PKEY_CTX_get0_pkey;
> ++ d2i_TS_REQ;
> ++ EVP_PKEY_asn1_find_str;
> ++ BIO_f_asn1;
> ++ ESS_SIGNING_CERT_new;
> ++ EVP_PBE_find;
> ++ X509_CRL_get0_by_cert;
> ++ EVP_PKEY_derive;
> ++ i2d_TS_REQ;
> ++ TS_TST_INFO_delete_ext;
> ++ ESS_ISSUER_SERIAL_free;
> ++ ASN1_PCTX_set_str_flags;
> ++ ENGINE_get_pkey_asn1_meth_str;
> ++ TS_CONF_set_signer_key;
> ++ TS_ACCURACY_get_millis;
> ++ TS_RESP_get_token;
> ++ TS_ACCURACY_dup;
> ++ ENGINE_register_all_pkey_asn1_meths;
> ++ ENGINE_reg_all_pkey_asn1_meths;
> ++ X509_CRL_set_default_method;
> ++ CRYPTO_THREADID_hash;
> ++ CMS_ContentInfo_print_ctx;
> ++ TS_RESP_free;
> ++ ISSUING_DIST_POINT_free;
> ++ ESS_ISSUER_SERIAL_new;
> ++ CMS_add1_crl;
> ++ PKCS7_add1_attrib_digest;
> ++ TS_RESP_CTX_add_md;
> ++ TS_TST_INFO_dup;
> ++ ENGINE_set_pkey_asn1_meths;
> ++ PEM_write_bio_Parameters;
> ++ TS_TST_INFO_get_accuracy;
> ++ X509_CRL_get0_by_serial;
> ++ TS_TST_INFO_set_version;
> ++ TS_RESP_CTX_get_tst_info;
> ++ TS_RESP_verify_signature;
> ++ CRYPTO_THREADID_get_callback;
> ++ TS_TST_INFO_get_tsa;
> ++ TS_STATUS_INFO_new;
> ++ EVP_PKEY_CTX_get_cb;
> ++ TS_REQ_get_ext_d2i;
> ++ GENERAL_NAME_set0_othername;
> ++ TS_TST_INFO_get_ext_count;
> ++ TS_RESP_CTX_get_request;
> ++ i2d_NETSCAPE_X509;
> ++ ENGINE_get_pkey_meth_engine;
> ++ EVP_PKEY_meth_set_signctx;
> ++ EVP_PKEY_asn1_copy;
> ++ ASN1_TYPE_cmp;
> ++ EVP_CIPHER_do_all_sorted;
> ++ EVP_PKEY_CTX_free;
> ++ ISSUING_DIST_POINT_it;
> ++ d2i_TS_MSG_IMPRINT_fp;
> ++ X509_STORE_get1_certs;
> ++ EVP_PKEY_CTX_get_operation;
> ++ d2i_ESS_SIGNING_CERT;
> ++ TS_CONF_set_ordering;
> ++ EVP_PBE_alg_add_type;
> ++ TS_REQ_set_version;
> ++ EVP_PKEY_get0;
> ++ BIO_asn1_set_suffix;
> ++ i2d_TS_STATUS_INFO;
> ++ EVP_MD_do_all;
> ++ TS_TST_INFO_set_accuracy;
> ++ PKCS7_add_attrib_content_type;
> ++ ERR_remove_thread_state;
> ++ EVP_PKEY_meth_add0;
> ++ TS_TST_INFO_set_tsa;
> ++ EVP_PKEY_meth_new;
> ++ WHIRLPOOL_Update;
> ++ TS_CONF_set_accuracy;
> ++ ASN1_PCTX_set_oid_flags;
> ++ ESS_SIGNING_CERT_dup;
> ++ d2i_TS_REQ_bio;
> ++ X509_time_adj_ex;
> ++ TS_RESP_CTX_add_flags;
> ++ d2i_TS_STATUS_INFO;
> ++ TS_MSG_IMPRINT_set_msg;
> ++ BIO_asn1_get_suffix;
> ++ TS_REQ_free;
> ++ EVP_PKEY_meth_free;
> ++ TS_REQ_get_exts;
> ++ TS_RESP_CTX_set_clock_precision_digits;
> ++ TS_RESP_CTX_set_clk_prec_digits;
> ++ TS_RESP_CTX_add_failure_info;
> ++ i2d_TS_RESP_bio;
> ++ EVP_PKEY_CTX_get0_peerkey;
> ++ PEM_write_bio_CMS_stream;
> ++ TS_REQ_new;
> ++ TS_MSG_IMPRINT_new;
> ++ EVP_PKEY_meth_find;
> ++ EVP_PKEY_id;
> ++ TS_TST_INFO_set_serial;
> ++ a2i_GENERAL_NAME;
> ++ TS_CONF_set_crypto_device;
> ++ EVP_PKEY_verify_init;
> ++ TS_CONF_set_policies;
> ++ ASN1_PCTX_new;
> ++ ESS_CERT_ID_free;
> ++ ENGINE_unregister_pkey_meths;
> ++ TS_MSG_IMPRINT_free;
> ++ TS_VERIFY_CTX_init;
> ++ PKCS7_stream;
> ++ TS_RESP_CTX_set_certs;
> ++ TS_CONF_set_def_policy;
> ++ ASN1_GENERALIZEDTIME_adj;
> ++ NETSCAPE_X509_new;
> ++ TS_ACCURACY_free;
> ++ TS_RESP_get_tst_info;
> ++ EVP_PKEY_derive_set_peer;
> ++ PEM_read_bio_Parameters;
> ++ TS_CONF_set_clock_precision_digits;
> ++ TS_CONF_set_clk_prec_digits;
> ++ ESS_ISSUER_SERIAL_dup;
> ++ TS_ACCURACY_get_micros;
> ++ ASN1_PCTX_get_str_flags;
> ++ NAME_CONSTRAINTS_check;
> ++ ASN1_BIT_STRING_check;
> ++ X509_check_akid;
> ++ ENGINE_unregister_pkey_asn1_meths;
> ++ ENGINE_unreg_pkey_asn1_meths;
> ++ ASN1_PCTX_free;
> ++ PEM_write_bio_ASN1_stream;
> ++ i2d_ASN1_bio_stream;
> ++ TS_X509_ALGOR_print_bio;
> ++ EVP_PKEY_meth_set_cleanup;
> ++ EVP_PKEY_asn1_free;
> ++ ESS_SIGNING_CERT_free;
> ++ TS_TST_INFO_set_msg_imprint;
> ++ GENERAL_NAME_cmp;
> ++ d2i_ASN1_SET_ANY;
> ++ ENGINE_set_pkey_meths;
> ++ i2d_TS_REQ_fp;
> ++ d2i_ASN1_SEQUENCE_ANY;
> ++ GENERAL_NAME_get0_otherName;
> ++ d2i_ESS_CERT_ID;
> ++ OBJ_find_sigid_algs;
> ++ EVP_PKEY_meth_set_keygen;
> ++ PKCS5_PBKDF2_HMAC;
> ++ EVP_PKEY_paramgen;
> ++ EVP_PKEY_meth_set_paramgen;
> ++ BIO_new_PKCS7;
> ++ EVP_PKEY_verify_recover;
> ++ TS_ext_print_bio;
> ++ TS_ASN1_INTEGER_print_bio;
> ++ check_defer;
> ++ DSO_pathbyaddr;
> ++ EVP_PKEY_set_type;
> ++ TS_ACCURACY_set_micros;
> ++ TS_REQ_to_TS_VERIFY_CTX;
> ++ EVP_PKEY_meth_set_copy;
> ++ ASN1_PCTX_set_cert_flags;
> ++ TS_TST_INFO_get_ext;
> ++ EVP_PKEY_asn1_set_ctrl;
> ++ TS_TST_INFO_get_ext_by_critical;
> ++ EVP_PKEY_CTX_new_id;
> ++ TS_REQ_get_ext_by_OBJ;
> ++ TS_CONF_set_signer_cert;
> ++ X509_NAME_hash_old;
> ++ ASN1_TIME_set_string;
> ++ EVP_MD_flags;
> ++ TS_RESP_CTX_free;
> ++ DSAparams_dup;
> ++ DHparams_dup;
> ++ OCSP_REQ_CTX_add1_header;
> ++ OCSP_REQ_CTX_set1_req;
> ++ X509_STORE_set_verify_cb;
> ++ X509_STORE_CTX_get0_current_crl;
> ++ X509_STORE_CTX_get0_parent_ctx;
> ++ X509_STORE_CTX_get0_current_issuer;
> ++ X509_STORE_CTX_get0_cur_issuer;
> ++ X509_issuer_name_hash_old;
> ++ X509_subject_name_hash_old;
> ++ EVP_CIPHER_CTX_copy;
> ++ UI_method_get_prompt_constructor;
> ++ UI_method_get_prompt_constructr;
> ++ UI_method_set_prompt_constructor;
> ++ UI_method_set_prompt_constructr;
> ++ EVP_read_pw_string_min;
> ++ CRYPTO_cts128_encrypt;
> ++ CRYPTO_cts128_decrypt_block;
> ++ CRYPTO_cfb128_1_encrypt;
> ++ CRYPTO_cbc128_encrypt;
> ++ CRYPTO_ctr128_encrypt;
> ++ CRYPTO_ofb128_encrypt;
> ++ CRYPTO_cts128_decrypt;
> ++ CRYPTO_cts128_encrypt_block;
> ++ CRYPTO_cbc128_decrypt;
> ++ CRYPTO_cfb128_encrypt;
> ++ CRYPTO_cfb128_8_encrypt;
> ++
> ++ local:
> ++ *;
> ++};
> ++
> ++
> ++OPENSSL_1.0.1 {
> ++ global:
> ++ SSL_renegotiate_abbreviated;
> ++ TLSv1_1_method;
> ++ TLSv1_1_client_method;
> ++ TLSv1_1_server_method;
> ++ SSL_CTX_set_srp_client_pwd_callback;
> ++ SSL_CTX_set_srp_client_pwd_cb;
> ++ SSL_get_srp_g;
> ++ SSL_CTX_set_srp_username_callback;
> ++ SSL_CTX_set_srp_un_cb;
> ++ SSL_get_srp_userinfo;
> ++ SSL_set_srp_server_param;
> ++ SSL_set_srp_server_param_pw;
> ++ SSL_get_srp_N;
> ++ SSL_get_srp_username;
> ++ SSL_CTX_set_srp_password;
> ++ SSL_CTX_set_srp_strength;
> ++ SSL_CTX_set_srp_verify_param_callback;
> ++ SSL_CTX_set_srp_vfy_param_cb;
> ++ SSL_CTX_set_srp_cb_arg;
> ++ SSL_CTX_set_srp_username;
> ++ SSL_CTX_SRP_CTX_init;
> ++ SSL_SRP_CTX_init;
> ++ SRP_Calc_A_param;
> ++ SRP_generate_server_master_secret;
> ++ SRP_gen_server_master_secret;
> ++ SSL_CTX_SRP_CTX_free;
> ++ SRP_generate_client_master_secret;
> ++ SRP_gen_client_master_secret;
> ++ SSL_srp_server_param_with_username;
> ++ SSL_srp_server_param_with_un;
> ++ SSL_SRP_CTX_free;
> ++ SSL_set_debug;
> ++ SSL_SESSION_get0_peer;
> ++ TLSv1_2_client_method;
> ++ SSL_SESSION_set1_id_context;
> ++ TLSv1_2_server_method;
> ++ SSL_cache_hit;
> ++ SSL_get0_kssl_ctx;
> ++ SSL_set0_kssl_ctx;
> ++ SSL_set_state;
> ++ SSL_CIPHER_get_id;
> ++ TLSv1_2_method;
> ++ kssl_ctx_get0_client_princ;
> ++ SSL_export_keying_material;
> ++ SSL_set_tlsext_use_srtp;
> ++ SSL_CTX_set_next_protos_advertised_cb;
> ++ SSL_CTX_set_next_protos_adv_cb;
> ++ SSL_get0_next_proto_negotiated;
> ++ SSL_get_selected_srtp_profile;
> ++ SSL_CTX_set_tlsext_use_srtp;
> ++ SSL_select_next_proto;
> ++ SSL_get_srtp_profiles;
> ++ SSL_CTX_set_next_proto_select_cb;
> ++ SSL_CTX_set_next_proto_sel_cb;
> ++ SSL_SESSION_get_compress_id;
> ++
> ++ SRP_VBASE_get_by_user;
> ++ SRP_Calc_server_key;
> ++ SRP_create_verifier;
> ++ SRP_create_verifier_BN;
> ++ SRP_Calc_u;
> ++ SRP_VBASE_free;
> ++ SRP_Calc_client_key;
> ++ SRP_get_default_gN;
> ++ SRP_Calc_x;
> ++ SRP_Calc_B;
> ++ SRP_VBASE_new;
> ++ SRP_check_known_gN_param;
> ++ SRP_Calc_A;
> ++ SRP_Verify_A_mod_N;
> ++ SRP_VBASE_init;
> ++ SRP_Verify_B_mod_N;
> ++ EC_KEY_set_public_key_affine_coordinates;
> ++ EC_KEY_set_pub_key_aff_coords;
> ++ EVP_aes_192_ctr;
> ++ EVP_PKEY_meth_get0_info;
> ++ EVP_PKEY_meth_copy;
> ++ ERR_add_error_vdata;
> ++ EVP_aes_128_ctr;
> ++ EVP_aes_256_ctr;
> ++ EC_GFp_nistp224_method;
> ++ EC_KEY_get_flags;
> ++ RSA_padding_add_PKCS1_PSS_mgf1;
> ++ EVP_aes_128_xts;
> ++ EVP_aes_256_xts;
> ++ EVP_aes_128_gcm;
> ++ EC_KEY_clear_flags;
> ++ EC_KEY_set_flags;
> ++ EVP_aes_256_ccm;
> ++ RSA_verify_PKCS1_PSS_mgf1;
> ++ EVP_aes_128_ccm;
> ++ EVP_aes_192_gcm;
> ++ X509_ALGOR_set_md;
> ++ RAND_init_fips;
> ++ EVP_aes_256_gcm;
> ++ EVP_aes_192_ccm;
> ++ CMAC_CTX_copy;
> ++ CMAC_CTX_free;
> ++ CMAC_CTX_get0_cipher_ctx;
> ++ CMAC_CTX_cleanup;
> ++ CMAC_Init;
> ++ CMAC_Update;
> ++ CMAC_resume;
> ++ CMAC_CTX_new;
> ++ CMAC_Final;
> ++ CRYPTO_ctr128_encrypt_ctr32;
> ++ CRYPTO_gcm128_release;
> ++ CRYPTO_ccm128_decrypt_ccm64;
> ++ CRYPTO_ccm128_encrypt;
> ++ CRYPTO_gcm128_encrypt;
> ++ CRYPTO_xts128_encrypt;
> ++ EVP_rc4_hmac_md5;
> ++ CRYPTO_nistcts128_decrypt_block;
> ++ CRYPTO_gcm128_setiv;
> ++ CRYPTO_nistcts128_encrypt;
> ++ EVP_aes_128_cbc_hmac_sha1;
> ++ CRYPTO_gcm128_tag;
> ++ CRYPTO_ccm128_encrypt_ccm64;
> ++ ENGINE_load_rdrand;
> ++ CRYPTO_ccm128_setiv;
> ++ CRYPTO_nistcts128_encrypt_block;
> ++ CRYPTO_gcm128_aad;
> ++ CRYPTO_ccm128_init;
> ++ CRYPTO_nistcts128_decrypt;
> ++ CRYPTO_gcm128_new;
> ++ CRYPTO_ccm128_tag;
> ++ CRYPTO_ccm128_decrypt;
> ++ CRYPTO_ccm128_aad;
> ++ CRYPTO_gcm128_init;
> ++ CRYPTO_gcm128_decrypt;
> ++ ENGINE_load_rsax;
> ++ CRYPTO_gcm128_decrypt_ctr32;
> ++ CRYPTO_gcm128_encrypt_ctr32;
> ++ CRYPTO_gcm128_finish;
> ++ EVP_aes_256_cbc_hmac_sha1;
> ++ PKCS5_pbkdf2_set;
> ++ CMS_add0_recipient_password;
> ++ CMS_decrypt_set1_password;
> ++ CMS_RecipientInfo_set0_password;
> ++ RAND_set_fips_drbg_type;
> ++ X509_REQ_sign_ctx;
> ++ RSA_PSS_PARAMS_new;
> ++ X509_CRL_sign_ctx;
> ++ X509_signature_dump;
> ++ d2i_RSA_PSS_PARAMS;
> ++ RSA_PSS_PARAMS_it;
> ++ RSA_PSS_PARAMS_free;
> ++ X509_sign_ctx;
> ++ i2d_RSA_PSS_PARAMS;
> ++ ASN1_item_sign_ctx;
> ++ EC_GFp_nistp521_method;
> ++ EC_GFp_nistp256_method;
> ++ OPENSSL_stderr;
> ++ OPENSSL_cpuid_setup;
> ++ OPENSSL_showfatal;
> ++ BIO_new_dgram_sctp;
> ++ BIO_dgram_sctp_msg_waiting;
> ++ BIO_dgram_sctp_wait_for_dry;
> ++ BIO_s_datagram_sctp;
> ++ BIO_dgram_is_sctp;
> ++ BIO_dgram_sctp_notification_cb;
> ++} OPENSSL_1.0.0;
> ++
> ++OPENSSL_1.0.1d {
> ++ global:
> ++ CRYPTO_memcmp;
> ++} OPENSSL_1.0.1;
> ++
> ++OPENSSL_1.0.2 {
> ++ global:
> ++ SSL_CTX_set_alpn_protos;
> ++ SSL_set_alpn_protos;
> ++ SSL_CTX_set_alpn_select_cb;
> ++ SSL_get0_alpn_selected;
> ++ SSL_CTX_set_custom_cli_ext;
> ++ SSL_CTX_set_custom_srv_ext;
> ++ SSL_CTX_set_srv_supp_data;
> ++ SSL_CTX_set_cli_supp_data;
> ++ SSL_set_cert_cb;
> ++ SSL_CTX_use_serverinfo;
> ++ SSL_CTX_use_serverinfo_file;
> ++ SSL_CTX_set_cert_cb;
> ++ SSL_CTX_get0_param;
> ++ SSL_get0_param;
> ++ SSL_certs_clear;
> ++ DTLSv1_2_method;
> ++ DTLSv1_2_server_method;
> ++ DTLSv1_2_client_method;
> ++ DTLS_method;
> ++ DTLS_server_method;
> ++ DTLS_client_method;
> ++ SSL_CTX_get_ssl_method;
> ++ SSL_CTX_get0_certificate;
> ++ SSL_CTX_get0_privatekey;
> ++ SSL_COMP_set0_compression_methods;
> ++ SSL_COMP_free_compression_methods;
> ++ SSL_CIPHER_find;
> ++ SSL_is_server;
> ++ SSL_CONF_CTX_new;
> ++ SSL_CONF_CTX_finish;
> ++ SSL_CONF_CTX_free;
> ++ SSL_CONF_CTX_set_flags;
> ++ SSL_CONF_CTX_clear_flags;
> ++ SSL_CONF_CTX_set1_prefix;
> ++ SSL_CONF_CTX_set_ssl;
> ++ SSL_CONF_CTX_set_ssl_ctx;
> ++ SSL_CONF_cmd;
> ++ SSL_CONF_cmd_argv;
> ++ SSL_CONF_cmd_value_type;
> ++ SSL_trace;
> ++ SSL_CIPHER_standard_name;
> ++ SSL_get_tlsa_record_byname;
> ++ ASN1_TIME_diff;
> ++ BIO_hex_string;
> ++ CMS_RecipientInfo_get0_pkey_ctx;
> ++ CMS_RecipientInfo_encrypt;
> ++ CMS_SignerInfo_get0_pkey_ctx;
> ++ CMS_SignerInfo_get0_md_ctx;
> ++ CMS_SignerInfo_get0_signature;
> ++ CMS_RecipientInfo_kari_get0_alg;
> ++ CMS_RecipientInfo_kari_get0_reks;
> ++ CMS_RecipientInfo_kari_get0_orig_id;
> ++ CMS_RecipientInfo_kari_orig_id_cmp;
> ++ CMS_RecipientEncryptedKey_get0_id;
> ++ CMS_RecipientEncryptedKey_cert_cmp;
> ++ CMS_RecipientInfo_kari_set0_pkey;
> ++ CMS_RecipientInfo_kari_get0_ctx;
> ++ CMS_RecipientInfo_kari_decrypt;
> ++ CMS_SharedInfo_encode;
> ++ DH_compute_key_padded;
> ++ d2i_DHxparams;
> ++ i2d_DHxparams;
> ++ DH_get_1024_160;
> ++ DH_get_2048_224;
> ++ DH_get_2048_256;
> ++ DH_KDF_X9_42;
> ++ ECDH_KDF_X9_62;
> ++ ECDSA_METHOD_new;
> ++ ECDSA_METHOD_free;
> ++ ECDSA_METHOD_set_app_data;
> ++ ECDSA_METHOD_get_app_data;
> ++ ECDSA_METHOD_set_sign;
> ++ ECDSA_METHOD_set_sign_setup;
> ++ ECDSA_METHOD_set_verify;
> ++ ECDSA_METHOD_set_flags;
> ++ ECDSA_METHOD_set_name;
> ++ EVP_des_ede3_wrap;
> ++ EVP_aes_128_wrap;
> ++ EVP_aes_192_wrap;
> ++ EVP_aes_256_wrap;
> ++ EVP_aes_128_cbc_hmac_sha256;
> ++ EVP_aes_256_cbc_hmac_sha256;
> ++ CRYPTO_128_wrap;
> ++ CRYPTO_128_unwrap;
> ++ OCSP_REQ_CTX_nbio;
> ++ OCSP_REQ_CTX_new;
> ++ OCSP_set_max_response_length;
> ++ OCSP_REQ_CTX_i2d;
> ++ OCSP_REQ_CTX_nbio_d2i;
> ++ OCSP_REQ_CTX_get0_mem_bio;
> ++ OCSP_REQ_CTX_http;
> ++ RSA_padding_add_PKCS1_OAEP_mgf1;
> ++ RSA_padding_check_PKCS1_OAEP_mgf1;
> ++ RSA_OAEP_PARAMS_free;
> ++ RSA_OAEP_PARAMS_it;
> ++ RSA_OAEP_PARAMS_new;
> ++ SSL_get_sigalgs;
> ++ SSL_get_shared_sigalgs;
> ++ SSL_check_chain;
> ++ X509_chain_up_ref;
> ++ X509_http_nbio;
> ++ X509_CRL_http_nbio;
> ++ X509_REVOKED_dup;
> ++ i2d_re_X509_tbs;
> ++ X509_get0_signature;
> ++ X509_get_signature_nid;
> ++ X509_CRL_diff;
> ++ X509_chain_check_suiteb;
> ++ X509_CRL_check_suiteb;
> ++ X509_check_host;
> ++ X509_check_email;
> ++ X509_check_ip;
> ++ X509_check_ip_asc;
> ++ X509_STORE_set_lookup_crls_cb;
> ++ X509_STORE_CTX_get0_store;
> ++ X509_VERIFY_PARAM_set1_host;
> ++ X509_VERIFY_PARAM_add1_host;
> ++ X509_VERIFY_PARAM_set_hostflags;
> ++ X509_VERIFY_PARAM_get0_peername;
> ++ X509_VERIFY_PARAM_set1_email;
> ++ X509_VERIFY_PARAM_set1_ip;
> ++ X509_VERIFY_PARAM_set1_ip_asc;
> ++ X509_VERIFY_PARAM_get0_name;
> ++ X509_VERIFY_PARAM_get_count;
> ++ X509_VERIFY_PARAM_get0;
> ++ X509V3_EXT_free;
> ++ EC_GROUP_get_mont_data;
> ++ EC_curve_nid2nist;
> ++ EC_curve_nist2nid;
> ++ PEM_write_bio_DHxparams;
> ++ PEM_write_DHxparams;
> ++ SSL_CTX_add_client_custom_ext;
> ++ SSL_CTX_add_server_custom_ext;
> ++ SSL_extension_supported;
> ++ BUF_strnlen;
> ++ sk_deep_copy;
> ++ SSL_test_functions;
> ++} OPENSSL_1.0.1d;
> ++
> +Index: openssl-1.0.2~beta1.obsolete.0.0498436515490575/engines/openssl.ld
> +===================================================================
> +--- /dev/null 1970-01-01 00:00:00.000000000 +0000
> ++++ openssl-1.0.2~beta1.obsolete.0.0498436515490575/engines/openssl.ld 2014-02-24 21:02:30.000000000 +0100
> +@@ -0,0 +1,10 @@
> ++OPENSSL_1.0.0 {
> ++ global:
> ++ bind_engine;
> ++ v_check;
> ++ OPENSSL_init;
> ++ OPENSSL_finish;
> ++ local:
> ++ *;
> ++};
> ++
> +Index: openssl-1.0.2~beta1.obsolete.0.0498436515490575/engines/ccgost/openssl.ld
> +===================================================================
> +--- /dev/null 1970-01-01 00:00:00.000000000 +0000
> ++++ openssl-1.0.2~beta1.obsolete.0.0498436515490575/engines/ccgost/openssl.ld 2014-02-24 21:02:30.000000000 +0100
> +@@ -0,0 +1,10 @@
> ++OPENSSL_1.0.0 {
> ++ global:
> ++ bind_engine;
> ++ v_check;
> ++ OPENSSL_init;
> ++ OPENSSL_finish;
> ++ local:
> ++ *;
> ++};
> ++
> diff --git a/meta/recipes-connectivity/openssl/openssl/debian1.0.2/version-script.patch b/meta/recipes-connectivity/openssl/openssl/debian1.0.2/version-script.patch
> index f53efdb..29f11a2 100644
> --- a/meta/recipes-connectivity/openssl/openssl/debian1.0.2/version-script.patch
> +++ b/meta/recipes-connectivity/openssl/openssl/debian1.0.2/version-script.patch
> @@ -15,8 +15,8 @@ Index: openssl-1.0.2~beta1.obsolete.0.0498436515490575/openssl.ld
> ===================================================================
> --- /dev/null 1970-01-01 00:00:00.000000000 +0000
> +++ openssl-1.0.2~beta1.obsolete.0.0498436515490575/openssl.ld 2014-02-24 22:19:08.601827266 +0100
> -@@ -0,0 +1,4621 @@
> -+OPENSSL_1.0.0 {
> +@@ -0,0 +1,4608 @@
> ++OPENSSL_1.0.2d {
> + global:
> + BIO_f_ssl;
> + BIO_new_buffer_ssl_connect;
> @@ -4314,14 +4314,6 @@ Index: openssl-1.0.2~beta1.obsolete.0.0498436515490575/openssl.ld
> + CRYPTO_cbc128_decrypt;
> + CRYPTO_cfb128_encrypt;
> + CRYPTO_cfb128_8_encrypt;
> -+
> -+ local:
> -+ *;
> -+};
> -+
> -+
> -+OPENSSL_1.0.1 {
> -+ global:
> + SSL_renegotiate_abbreviated;
> + TLSv1_1_method;
> + TLSv1_1_client_method;
> @@ -4483,15 +4475,7 @@ Index: openssl-1.0.2~beta1.obsolete.0.0498436515490575/openssl.ld
> + BIO_s_datagram_sctp;
> + BIO_dgram_is_sctp;
> + BIO_dgram_sctp_notification_cb;
> -+} OPENSSL_1.0.0;
> -+
> -+OPENSSL_1.0.1d {
> -+ global:
> + CRYPTO_memcmp;
> -+} OPENSSL_1.0.1;
> -+
> -+OPENSSL_1.0.2 {
> -+ global:
> + SSL_CTX_set_alpn_protos;
> + SSL_set_alpn_protos;
> + SSL_CTX_set_alpn_select_cb;
> @@ -4629,20 +4613,23 @@ Index: openssl-1.0.2~beta1.obsolete.0.0498436515490575/openssl.ld
> + BUF_strnlen;
> + sk_deep_copy;
> + SSL_test_functions;
> -+} OPENSSL_1.0.1d;
> ++
> ++ local:
> ++ *;
> ++};
> +
> +OPENSSL_1.0.2g {
> + global:
> + SRP_VBASE_get1_by_user;
> + SRP_user_pwd_free;
> -+} OPENSSL_1.0.2;
> ++} OPENSSL_1.0.2d;
> +
> Index: openssl-1.0.2~beta1.obsolete.0.0498436515490575/engines/openssl.ld
> ===================================================================
> --- /dev/null 1970-01-01 00:00:00.000000000 +0000
> +++ openssl-1.0.2~beta1.obsolete.0.0498436515490575/engines/openssl.ld 2014-02-24 21:02:30.000000000 +0100
> @@ -0,0 +1,10 @@
> -+OPENSSL_1.0.0 {
> ++OPENSSL_1.0.2 {
> + global:
> + bind_engine;
> + v_check;
> @@ -4657,7 +4644,7 @@ Index: openssl-1.0.2~beta1.obsolete.0.0498436515490575/engines/ccgost/openssl.ld
> --- /dev/null 1970-01-01 00:00:00.000000000 +0000
> +++ openssl-1.0.2~beta1.obsolete.0.0498436515490575/engines/ccgost/openssl.ld 2014-02-24 21:02:30.000000000 +0100
> @@ -0,0 +1,10 @@
> -+OPENSSL_1.0.0 {
> ++OPENSSL_1.0.2 {
> + global:
> + bind_engine;
> + v_check;
> diff --git a/meta/recipes-connectivity/openssl/openssl/fix-cipher-des-ede3-cfb1.patch b/meta/recipes-connectivity/openssl/openssl/fix-cipher-des-ede3-cfb1.patch
> index 06d1ea6..2a318a4 100644
> --- a/meta/recipes-connectivity/openssl/openssl/fix-cipher-des-ede3-cfb1.patch
> +++ b/meta/recipes-connectivity/openssl/openssl/fix-cipher-des-ede3-cfb1.patch
> @@ -4,7 +4,7 @@ This patch adds the fix for one of the ciphers used in openssl, namely
> the cipher des-ede3-cfb1. Complete bug log and patch is present here:
> http://rt.openssl.org/Ticket/Display.html?id=2867
>
> -Signed-Off-By: Muhammad Shakeel <muhammad_shakeel@mentor.com>
> +Signed-off-by: Muhammad Shakeel <muhammad_shakeel@mentor.com>
>
> Index: openssl-1.0.2/crypto/evp/e_des3.c
> ===================================================================
> diff --git a/meta/recipes-connectivity/openssl/openssl/openssl-c_rehash.sh b/meta/recipes-connectivity/openssl/openssl/openssl-c_rehash.sh
> new file mode 100644
> index 0000000..6620fdc
> --- /dev/null
> +++ b/meta/recipes-connectivity/openssl/openssl/openssl-c_rehash.sh
> @@ -0,0 +1,222 @@
> +#!/bin/sh
> +#
> +# Ben Secrest <blsecres@gmail.com>
> +#
> +# sh c_rehash script, scan all files in a directory
> +# and add symbolic links to their hash values.
> +#
> +# based on the c_rehash perl script distributed with openssl
> +#
> +# LICENSE: See OpenSSL license
> +# ^^acceptable?^^
> +#
> +
> +# default certificate location
> +DIR=/etc/openssl
> +
> +# for filetype bitfield
> +IS_CERT=$(( 1 << 0 ))
> +IS_CRL=$(( 1 << 1 ))
> +
> +
> +# check to see if a file is a certificate file or a CRL file
> +# arguments:
> +# 1. the filename to be scanned
> +# returns:
> +# bitfield of file type; uses ${IS_CERT} and ${IS_CRL}
> +#
> +check_file()
> +{
> + local IS_TYPE=0
> +
> + # make IFS a newline so we can process grep output line by line
> + local OLDIFS=${IFS}
> + IFS=$( printf "\n" )
> +
> + # XXX: could be more efficient to have two 'grep -m' but is -m portable?
> + for LINE in $( grep '^-----BEGIN .*-----' ${1} )
> + do
> + if echo ${LINE} \
> + | grep -q -E '^-----BEGIN (X509 |TRUSTED )?CERTIFICATE-----'
> + then
> + IS_TYPE=$(( ${IS_TYPE} | ${IS_CERT} ))
> +
> + if [ $(( ${IS_TYPE} & ${IS_CRL} )) -ne 0 ]
> + then
> + break
> + fi
> + elif echo ${LINE} | grep -q '^-----BEGIN X509 CRL-----'
> + then
> + IS_TYPE=$(( ${IS_TYPE} | ${IS_CRL} ))
> +
> + if [ $(( ${IS_TYPE} & ${IS_CERT} )) -ne 0 ]
> + then
> + break
> + fi
> + fi
> + done
> +
> + # restore IFS
> + IFS=${OLDIFS}
> +
> + return ${IS_TYPE}
> +}
> +
> +
> +#
> +# use openssl to fingerprint a file
> +# arguments:
> +# 1. the filename to fingerprint
> +# 2. the method to use (x509, crl)
> +# returns:
> +# none
> +# assumptions:
> +# user will capture output from last stage of pipeline
> +#
> +fingerprint()
> +{
> + ${SSL_CMD} ${2} -fingerprint -noout -in ${1} | sed 's/^.*=//' | tr -d ':'
> +}
> +
> +
> +#
> +# link_hash - create links to certificate files
> +# arguments:
> +# 1. the filename to create a link for
> +# 2. the type of certificate being linked (x509, crl)
> +# returns:
> +# 0 on success, 1 otherwise
> +#
> +link_hash()
> +{
> + local FINGERPRINT=$( fingerprint ${1} ${2} )
> + local HASH=$( ${SSL_CMD} ${2} -hash -noout -in ${1} )
> + local SUFFIX=0
> + local LINKFILE=''
> + local TAG=''
> +
> + if [ ${2} = "crl" ]
> + then
> + TAG='r'
> + fi
> +
> + LINKFILE=${HASH}.${TAG}${SUFFIX}
> +
> + while [ -f ${LINKFILE} ]
> + do
> + if [ ${FINGERPRINT} = $( fingerprint ${LINKFILE} ${2} ) ]
> + then
> + echo "NOTE: Skipping duplicate file ${1}" >&2
> + return 1
> + fi
> +
> + SUFFIX=$(( ${SUFFIX} + 1 ))
> + LINKFILE=${HASH}.${TAG}${SUFFIX}
> + done
> +
> + echo "${3} => ${LINKFILE}"
> +
> + # assume any system with a POSIX shell will either support symlinks or
> + # do something to handle this gracefully
> + ln -s ${3} ${LINKFILE}
> +
> + return 0
> +}
> +
> +
> +# hash_dir create hash links in a given directory
> +hash_dir()
> +{
> + echo "Doing ${1}"
> +
> + cd ${1}
> +
> + ls -1 * 2>/dev/null | while read FILE
> + do
> + if echo ${FILE} | grep -q -E '^[[:xdigit:]]{8}\.r?[[:digit:]]+$' \
> + && [ -h "${FILE}" ]
> + then
> + rm ${FILE}
> + fi
> + done
> +
> + ls -1 *.pem *.cer *.crt *.crl 2>/dev/null | while read FILE
> + do
> + REAL_FILE=${FILE}
> + # if we run on build host then get to the real files in rootfs
> + if [ -n "${SYSROOT}" -a -h ${FILE} ]
> + then
> + FILE=$( readlink ${FILE} )
> + # check the symlink is absolute (or dangling in other word)
> + if [ "x/" = "x$( echo ${FILE} | cut -c1 -)" ]
> + then
> + REAL_FILE=${SYSROOT}/${FILE}
> + fi
> + fi
> +
> + check_file ${REAL_FILE}
> + local FILE_TYPE=${?}
> + local TYPE_STR=''
> +
> + if [ $(( ${FILE_TYPE} & ${IS_CERT} )) -ne 0 ]
> + then
> + TYPE_STR='x509'
> + elif [ $(( ${FILE_TYPE} & ${IS_CRL} )) -ne 0 ]
> + then
> + TYPE_STR='crl'
> + else
> + echo "NOTE: ${FILE} does not contain a certificate or CRL: skipping" >&2
> + continue
> + fi
> +
> + link_hash ${REAL_FILE} ${TYPE_STR} ${FILE}
> + done
> +}
> +
> +
> +# choose the name of an ssl application
> +if [ -n "${OPENSSL}" ]
> +then
> + SSL_CMD=$(which ${OPENSSL} 2>/dev/null)
> +else
> + SSL_CMD=/usr/bin/openssl
> + OPENSSL=${SSL_CMD}
> + export OPENSSL
> +fi
> +
> +# fix paths
> +PATH=${PATH}:${DIR}/bin
> +export PATH
> +
> +# confirm existance/executability of ssl command
> +if ! [ -x ${SSL_CMD} ]
> +then
> + echo "${0}: rehashing skipped ('openssl' program not available)" >&2
> + exit 0
> +fi
> +
> +# determine which directories to process
> +old_IFS=$IFS
> +if [ ${#} -gt 0 ]
> +then
> + IFS=':'
> + DIRLIST=${*}
> +elif [ -n "${SSL_CERT_DIR}" ]
> +then
> + DIRLIST=$SSL_CERT_DIR
> +else
> + DIRLIST=${DIR}/certs
> +fi
> +
> +IFS=':'
> +
> +# process directories
> +for CERT_DIR in ${DIRLIST}
> +do
> + if [ -d ${CERT_DIR} -a -w ${CERT_DIR} ]
> + then
> + IFS=$old_IFS
> + hash_dir ${CERT_DIR}
> + IFS=':'
> + fi
> +done
> diff --git a/meta/recipes-connectivity/openssl/openssl/openssl-util-perlpath.pl-cwd.patch b/meta/recipes-connectivity/openssl/openssl/openssl-util-perlpath.pl-cwd.patch
> new file mode 100644
> index 0000000..065b9b1
> --- /dev/null
> +++ b/meta/recipes-connectivity/openssl/openssl/openssl-util-perlpath.pl-cwd.patch
> @@ -0,0 +1,34 @@
> +From e427748f3bb5d37e78dc8d70a558c373aa8ababb Mon Sep 17 00:00:00 2001
> +From: Robert Yang <liezhi.yang@windriver.com>
> +Date: Mon, 19 Sep 2016 22:06:28 -0700
> +Subject: [PATCH] util/perlpath.pl: make it work when cwd is not in @INC
> +
> +Fixed when building on Debian-testing:
> +| Can't locate find.pl in @INC (@INC contains: /etc/perl /usr/local/lib/x86_64-linux-gnu/perl/5.22.2 /usr/local/share/perl/5.22.2 /usr/lib/x86_64-linux-gnu/perl5/5.22 /usr/share/perl5 /usr/lib/x86_64-linux-gnu/perl/5.22 /usr/share/perl/5.22 /usr/local/lib/site_perl /usr/lib/x86_64-linux-gnu/perl-base) at perlpath.pl line 7.
> +
> +The find.pl is added by oe-core, so once openssl/find.pl is removed,
> +then this patch can be dropped.
> +
> +Upstream-Status: Inappropriate [OE-Specific]
> +
> +Signed-off-by: Robert Yang <liezhi.yang@windriver.com>
> +---
> + util/perlpath.pl | 2 ++
> + 1 file changed, 2 insertions(+)
> +
> +diff --git a/util/perlpath.pl b/util/perlpath.pl
> +index a1f236b..5599892 100755
> +--- a/util/perlpath.pl
> ++++ b/util/perlpath.pl
> +@@ -4,6 +4,8 @@
> + # line in all scripts that rely on perl.
> + #
> +
> ++BEGIN { unshift @INC, "."; }
> ++
> + require "find.pl";
> +
> + $#ARGV == 0 || print STDERR "usage: perlpath newpath (eg /usr/bin)\n";
> +--
> +2.9.0
> +
> diff --git a/meta/recipes-connectivity/openssl/openssl/openssl_fix_for_x32.patch b/meta/recipes-connectivity/openssl/openssl/openssl_fix_for_x32.patch
> index cbce32c..0f08a64 100644
> --- a/meta/recipes-connectivity/openssl/openssl/openssl_fix_for_x32.patch
> +++ b/meta/recipes-connectivity/openssl/openssl/openssl_fix_for_x32.patch
> @@ -2,10 +2,10 @@ Upstream-Status: Pending
>
> Received from H J Liu @ Intel
> Make the assembly syntax compatible with x32 gcc. Othewise x32 gcc throws errors.
> -Signed-Off-By: Nitin A Kamble <nitin.a.kamble@intel.com> 2011/07/13
> +Signed-off-by: Nitin A Kamble <nitin.a.kamble@intel.com> 2011/07/13
>
> ported the patch to the 1.0.0e version
> -Signed-Off-By: Nitin A Kamble <nitin.a.kamble@intel.com> 2011/12/01
> +Signed-off-by: Nitin A Kamble <nitin.a.kamble@intel.com> 2011/12/01
> Index: openssl-1.0.2/crypto/bn/bn.h
> ===================================================================
> --- openssl-1.0.2.orig/crypto/bn/bn.h
> diff --git a/meta/recipes-connectivity/openssl/openssl/parallel.patch b/meta/recipes-connectivity/openssl/openssl/parallel.patch
> index b6c2c14..f3f4c99 100644
> --- a/meta/recipes-connectivity/openssl/openssl/parallel.patch
> +++ b/meta/recipes-connectivity/openssl/openssl/parallel.patch
> @@ -6,6 +6,9 @@ https://gitweb.gentoo.org/repo/gentoo.git/plain/dev-libs/openssl/files/openssl-1
> Upstream-Status: Pending
> Signed-off-by: Ross Burton <ross.burton@intel.com>
>
> +Refreshed for 1.0.2i
> +Signed-off-by: Patrick Ohly <patrick.ohly@intel.com>
> +
> --- openssl-1.0.2g/crypto/Makefile
> +++ openssl-1.0.2g/crypto/Makefile
> @@ -85,11 +85,11 @@
> @@ -133,7 +136,7 @@ Signed-off-by: Ross Burton <ross.burton@intel.com>
> fi; \
> --- openssl-1.0.2g/test/Makefile
> +++ openssl-1.0.2g/test/Makefile
> -@@ -139,7 +139,7 @@
> +@@ -144,7 +144,7 @@
> tags:
> ctags $(SRC)
>
> @@ -142,7 +145,7 @@ Signed-off-by: Ross Burton <ross.burton@intel.com>
>
> apps:
> @(cd ..; $(MAKE) DIRS=apps all)
> -@@ -421,130 +421,130 @@
> +@@ -438,136 +438,136 @@
> link_app.$${shlib_target}
>
> $(RSATEST)$(EXE_EXT): $(RSATEST).o $(DLIBCRYPTO)
> @@ -309,13 +312,21 @@ Signed-off-by: Ross Burton <ross.burton@intel.com>
> - @target=$(CLIENTHELLOTEST) $(BUILD_CMD)
> + +@target=$(CLIENTHELLOTEST) $(BUILD_CMD)
>
> + $(BADDTLSTEST)$(EXE_EXT): $(BADDTLSTEST).o
> +- @target=$(BADDTLSTEST) $(BUILD_CMD)
> ++ +@target=$(BADDTLSTEST) $(BUILD_CMD)
> +
> $(SSLV2CONFTEST)$(EXE_EXT): $(SSLV2CONFTEST).o
> - @target=$(SSLV2CONFTEST) $(BUILD_CMD)
> + +@target=$(SSLV2CONFTEST) $(BUILD_CMD)
>
> + $(DTLSTEST)$(EXE_EXT): $(DTLSTEST).o ssltestlib.o $(DLIBSSL) $(DLIBCRYPTO)
> +- @target=$(DTLSTEST); exobj=ssltestlib.o; $(BUILD_CMD)
> ++ +@target=$(DTLSTEST); exobj=ssltestlib.o; $(BUILD_CMD)
> +
> #$(AESTEST).o: $(AESTEST).c
> # $(CC) -c $(CFLAGS) -DINTERMEDIATE_VALUE_KAT -DTRACE_KAT_MCT $(AESTEST).c
> -@@ -557,7 +557,7 @@
> +@@ -580,6 +580,6 @@
> # fi
>
> dummytest$(EXE_EXT): dummytest.o $(DLIBCRYPTO)
> diff --git a/meta/recipes-connectivity/openssl/openssl_1.0.2h.bb b/meta/recipes-connectivity/openssl/openssl_1.0.2h.bb
> deleted file mode 100644
> index 26bc6be..0000000
> --- a/meta/recipes-connectivity/openssl/openssl_1.0.2h.bb
> +++ /dev/null
> @@ -1,82 +0,0 @@
> -require openssl.inc
> -
> -# For target side versions of openssl enable support for OCF Linux driver
> -# if they are available.
> -DEPENDS += "cryptodev-linux"
> -
> -CFLAG += "-DHAVE_CRYPTODEV -DUSE_CRYPTODEV_DIGESTS"
> -
> -LIC_FILES_CHKSUM = "file://LICENSE;md5=27ffa5d74bb5a337056c14b2ef93fbf6"
> -
> -export DIRS = "crypto ssl apps engines"
> -export OE_LDFLAGS="${LDFLAGS}"
> -
> -SRC_URI += "file://configure-targets.patch \
> - file://shared-libs.patch \
> - file://oe-ldflags.patch \
> - file://engines-install-in-libdir-ssl.patch \
> - file://debian1.0.2/block_diginotar.patch \
> - file://debian1.0.2/block_digicert_malaysia.patch \
> - file://debian/ca.patch \
> - file://debian/c_rehash-compat.patch \
> - file://debian/debian-targets.patch \
> - file://debian/man-dir.patch \
> - file://debian/man-section.patch \
> - file://debian/no-rpath.patch \
> - file://debian/no-symbolic.patch \
> - file://debian/pic.patch \
> - file://debian1.0.2/version-script.patch \
> - file://openssl_fix_for_x32.patch \
> - file://fix-cipher-des-ede3-cfb1.patch \
> - file://openssl-avoid-NULL-pointer-dereference-in-EVP_DigestInit_ex.patch \
> - file://find.pl \
> - file://openssl-fix-des.pod-error.patch \
> - file://Makefiles-ptest.patch \
> - file://ptest-deps.patch \
> - file://run-ptest \
> - file://crypto_use_bigint_in_x86-64_perl.patch \
> - file://openssl-1.0.2a-x32-asm.patch \
> - file://ptest_makefile_deps.patch \
> - file://parallel.patch \
> - file://CVE-2016-2177.patch \
> - file://CVE-2016-2178.patch \
> - file://CVE-2016-2180.patch \
> - file://CVE-2016-2181_p1.patch \
> - file://CVE-2016-2181_p2.patch \
> - file://CVE-2016-2181_p3.patch \
> - file://CVE-2016-2182.patch \
> - file://CVE-2016-6302.patch \
> - file://CVE-2016-6303.patch \
> - file://CVE-2016-6304.patch \
> - file://CVE-2016-6306.patch \
> - file://CVE-2016-2179.patch \
> - file://CVE-2016-8610.patch \
> - "
> -
> -SRC_URI[md5sum] = "9392e65072ce4b614c1392eefc1f23d0"
> -SRC_URI[sha256sum] = "1d4007e53aad94a5b2002fe045ee7bb0b3d98f1a47f8b2bc851dcd1c74332919"
> -
> -PACKAGES =+ " \
> - ${PN}-engines \
> - ${PN}-engines-dbg \
> - "
> -
> -FILES_${PN}-engines = "${libdir}/ssl/engines/*.so ${libdir}/engines"
> -FILES_${PN}-engines-dbg = "${libdir}/ssl/engines/.debug"
> -
> -PARALLEL_MAKE = ""
> -PARALLEL_MAKEINST = ""
> -
> -do_configure_prepend() {
> - cp ${WORKDIR}/find.pl ${S}/util/find.pl
> -}
> -
> -# The crypto_use_bigint patch means that perl's bignum module needs to be
> -# installed, but some distributions (for example Fedora 23) don't ship it by
> -# default. As the resulting error is very misleading check for bignum before
> -# building.
> -do_configure_prepend() {
> - if ! perl -Mbigint -e true; then
> - bbfatal "The perl module 'bignum' was not found but this is required to build openssl. Please install this module (often packaged as perl-bignum) and re-run bitbake."
> - fi
> -}
> diff --git a/meta/recipes-connectivity/openssl/openssl_1.0.2k.bb b/meta/recipes-connectivity/openssl/openssl_1.0.2k.bb
> new file mode 100644
> index 0000000..f333c8f
> --- /dev/null
> +++ b/meta/recipes-connectivity/openssl/openssl_1.0.2k.bb
> @@ -0,0 +1,64 @@
> +require openssl.inc
> +
> +# For target side versions of openssl enable support for OCF Linux driver
> +# if they are available.
> +DEPENDS += "cryptodev-linux"
> +
> +CFLAG += "-DHAVE_CRYPTODEV -DUSE_CRYPTODEV_DIGESTS"
> +CFLAG_append_class-native = " -fPIC"
> +
> +LIC_FILES_CHKSUM = "file://LICENSE;md5=27ffa5d74bb5a337056c14b2ef93fbf6"
> +
> +export DIRS = "crypto ssl apps engines"
> +export OE_LDFLAGS="${LDFLAGS}"
> +
> +SRC_URI += "file://find.pl;subdir=${BP}/util/ \
> + file://run-ptest \
> + file://openssl-c_rehash.sh \
> + file://configure-targets.patch \
> + file://shared-libs.patch \
> + file://oe-ldflags.patch \
> + file://engines-install-in-libdir-ssl.patch \
> + file://debian1.0.2/block_diginotar.patch \
> + file://debian1.0.2/block_digicert_malaysia.patch \
> + file://debian/ca.patch \
> + file://debian/c_rehash-compat.patch \
> + file://debian/debian-targets.patch \
> + file://debian/man-dir.patch \
> + file://debian/man-section.patch \
> + file://debian/no-rpath.patch \
> + file://debian/no-symbolic.patch \
> + file://debian/pic.patch \
> + file://debian1.0.2/version-script.patch \
> + file://openssl_fix_for_x32.patch \
> + file://fix-cipher-des-ede3-cfb1.patch \
> + file://openssl-avoid-NULL-pointer-dereference-in-EVP_DigestInit_ex.patch \
> + file://openssl-fix-des.pod-error.patch \
> + file://Makefiles-ptest.patch \
> + file://ptest-deps.patch \
> + file://openssl-1.0.2a-x32-asm.patch \
> + file://ptest_makefile_deps.patch \
> + file://parallel.patch \
> + file://openssl-util-perlpath.pl-cwd.patch \
> + file://0002-CVE-2017-3731.patch \
> + "
> +SRC_URI[md5sum] = "f965fc0bf01bf882b31314b61391ae65"
> +SRC_URI[sha256sum] = "6b3977c61f2aedf0f96367dcfb5c6e578cf37e7b8d913b4ecb6643c3cb88d8c0"
> +
> +PACKAGES =+ " \
> + ${PN}-engines \
> + ${PN}-engines-dbg \
> + "
> +
> +FILES_${PN}-engines = "${libdir}/ssl/engines/*.so ${libdir}/engines"
> +FILES_${PN}-engines-dbg = "${libdir}/ssl/engines/.debug"
> +
> +# The crypto_use_bigint patch means that perl's bignum module needs to be
> +# installed, but some distributions (for example Fedora 23) don't ship it by
> +# default. As the resulting error is very misleading check for bignum before
> +# building.
> +do_configure_prepend() {
> + if ! perl -Mbigint -e true; then
> + bbfatal "The perl module 'bignum' was not found but this is required to build openssl. Please install this module (often packaged as perl-bignum) and re-run bitbake."
> + fi
> +}
> --
> 2.7.4
>
^ permalink raw reply [flat|nested] 4+ messages in thread