* [PATCH] openssl: Upgrade to 1.0.2
@ 2015-03-04 17:46 Saul Wold
2015-03-12 6:18 ` Robert Yang
0 siblings, 1 reply; 6+ messages in thread
From: Saul Wold @ 2015-03-04 17:46 UTC (permalink / raw)
To: openembedded-core
Rebased numerous patches
removed aarch64 initial work since it's part of upstream now
Imported a few additional patches from Debian to support the version-script
and blacklist additional bad certificates.
Signed-off-by: Saul Wold <sgw@linux.intel.com>
---
.../openssl/openssl/Makefiles-ptest.patch | 36 +--
.../openssl/openssl/debian/c_rehash-compat.patch | 58 +++-
.../openssl/openssl/debian/debian-targets.patch | 25 +-
.../openssl/openssl/debian/version-script.patch | 311 ++++++++++-----------
.../debian1.0.2/block_digicert_malaysia.patch | 29 ++
.../openssl/debian1.0.2/block_diginotar.patch | 67 +++++
.../openssl/openssl/debian1.0.2/padlock_conf.patch | 31 ++
.../openssl/engines-install-in-libdir-ssl.patch | 42 +--
.../openssl/openssl/fix-cipher-des-ede3-cfb1.patch | 21 +-
.../openssl/openssl/initial-aarch64-bits.patch | 120 --------
...-pointer-dereference-in-EVP_DigestInit_ex.patch | 22 +-
...NULL-pointer-dereference-in-dh_pub_encode.patch | 41 +--
.../openssl/openssl/openssl_fix_for_x32.patch | 85 ++----
.../openssl/openssl/ptest-deps.patch | 16 +-
.../openssl/update-version-script-for-1.0.2.patch | 66 +++++
.../{openssl_1.0.1k.bb => openssl_1.0.2.bb} | 19 +-
16 files changed, 522 insertions(+), 467 deletions(-)
create mode 100644 meta/recipes-connectivity/openssl/openssl/debian1.0.2/block_digicert_malaysia.patch
create mode 100644 meta/recipes-connectivity/openssl/openssl/debian1.0.2/block_diginotar.patch
create mode 100644 meta/recipes-connectivity/openssl/openssl/debian1.0.2/padlock_conf.patch
delete mode 100644 meta/recipes-connectivity/openssl/openssl/initial-aarch64-bits.patch
create mode 100644 meta/recipes-connectivity/openssl/openssl/update-version-script-for-1.0.2.patch
rename meta/recipes-connectivity/openssl/{openssl_1.0.1k.bb => openssl_1.0.2.bb} (84%)
diff --git a/meta/recipes-connectivity/openssl/openssl/Makefiles-ptest.patch b/meta/recipes-connectivity/openssl/openssl/Makefiles-ptest.patch
index ac53a91..249446a 100644
--- a/meta/recipes-connectivity/openssl/openssl/Makefiles-ptest.patch
+++ b/meta/recipes-connectivity/openssl/openssl/Makefiles-ptest.patch
@@ -5,10 +5,11 @@ Signed-off-by: Anders Roxell <anders.roxell@enea.com>
Signed-off-by: Maxin B. John <maxin.john@enea.com>
Upstream-Status: Pending
---
-diff -uNr a/Makefile b/Makefile
---- a/Makefile.org 2012-05-10 17:06:02.000000000 +0200
-+++ b/Makefile.org 2012-10-27 00:05:55.359424024 +0200
-@@ -411,8 +411,16 @@
+Index: openssl-1.0.2/Makefile.org
+===================================================================
+--- openssl-1.0.2.orig/Makefile.org
++++ openssl-1.0.2/Makefile.org
+@@ -451,8 +451,16 @@ rehash.time: certs apps
test: tests
tests: rehash
@@ -26,11 +27,11 @@ diff -uNr a/Makefile b/Makefile
OPENSSL_CONF=apps/openssl.cnf util/opensslwrap.sh version -a
report:
-diff --git a/test/Makefile b/test/Makefile
-index 3912f82..1696767 100644
---- a/test/Makefile
-+++ b/test/Makefile
-@@ -128,7 +128,7 @@ tests: exe apps $(TESTS)
+Index: openssl-1.0.2/test/Makefile
+===================================================================
+--- openssl-1.0.2.orig/test/Makefile
++++ openssl-1.0.2/test/Makefile
+@@ -137,7 +137,7 @@ tests: exe apps $(TESTS)
apps:
@(cd ..; $(MAKE) DIRS=apps all)
@@ -39,28 +40,28 @@ index 3912f82..1696767 100644
test_des test_idea test_sha test_md4 test_md5 test_hmac \
test_md2 test_mdc2 test_wp \
test_rmd test_rc2 test_rc4 test_rc5 test_bf test_cast test_aes \
-@@ -138,6 +138,11 @@ alltests: \
- test_ss test_ca test_engine test_evp test_ssl test_tsa test_ige \
- test_jpake test_cms
+@@ -148,6 +148,11 @@ alltests: \
+ test_jpake test_srp test_cms test_ocsp test_v3name test_heartbeat \
+ test_constant_time
+alltests:
+ @(for i in $(all-tests); do \
+ ( $(MAKE) $$i && echo "PASS: $$i" ) || echo "FAIL: $$i"; \
+ done)
+
- test_evp:
+ test_evp: $(EVPTEST)$(EXE_EXT) evptests.txt
../util/shlib_wrap.sh ./$(EVPTEST) evptests.txt
-@@ -203,7 +208,7 @@ test_x509:
+@@ -213,7 +218,7 @@ test_x509: ../apps/openssl$(EXE_EXT) tx5
echo test second x509v3 certificate
sh ./tx509 v3-cert2.pem 2>/dev/null
--test_rsa: $(RSATEST)$(EXE_EXT)
-+test_rsa:
+-test_rsa: $(RSATEST)$(EXE_EXT) ../apps/openssl$(EXE_EXT) trsa testrsa.pem
++test_rsa: ../apps/openssl$(EXE_EXT) trsa testrsa.pem
@sh ./trsa 2>/dev/null
../util/shlib_wrap.sh ./$(RSATEST)
-@@ -298,11 +303,11 @@ test_tsa:
+@@ -313,11 +318,11 @@ test_tsa: ../apps/openssl$(EXE_EXT) test
sh ./testtsa; \
fi
@@ -73,3 +74,4 @@ index 3912f82..1696767 100644
+test_jpake:
@echo "Test JPAKE"
../util/shlib_wrap.sh ./$(JPAKETEST)
+
diff --git a/meta/recipes-connectivity/openssl/openssl/debian/c_rehash-compat.patch b/meta/recipes-connectivity/openssl/openssl/debian/c_rehash-compat.patch
index ac1b19b..3943e2c 100644
--- a/meta/recipes-connectivity/openssl/openssl/debian/c_rehash-compat.patch
+++ b/meta/recipes-connectivity/openssl/openssl/debian/c_rehash-compat.patch
@@ -1,38 +1,58 @@
-Upstream-Status: Backport [debian]
-
From 83f318d68bbdab1ca898c94576a838cc97df4700 Mon Sep 17 00:00:00 2001
From: Ludwig Nussel <ludwig.nussel@suse.de>
Date: Wed, 21 Apr 2010 15:52:10 +0200
Subject: [PATCH] also create old hash for compatibility
+Upstream-Status: Backport [debian]
+
---
tools/c_rehash.in | 8 +++++++-
1 files changed, 7 insertions(+), 1 deletions(-)
-Index: openssl-1.0.0d/tools/c_rehash.in
+Index: openssl-1.0.2~beta3/tools/c_rehash.in
===================================================================
---- openssl-1.0.0d.orig/tools/c_rehash.in 2011-04-13 20:41:28.000000000 +0000
-+++ openssl-1.0.0d/tools/c_rehash.in 2011-04-13 20:41:28.000000000 +0000
-@@ -86,6 +86,7 @@
- }
+--- openssl-1.0.2~beta3.orig/tools/c_rehash.in
++++ openssl-1.0.2~beta3/tools/c_rehash.in
+@@ -8,8 +8,6 @@ my $prefix;
+
+ my $openssl = $ENV{OPENSSL} || "openssl";
+ my $pwd;
+-my $x509hash = "-subject_hash";
+-my $crlhash = "-hash";
+ my $verbose = 0;
+ my $symlink_exists=eval {symlink("",""); 1};
+ my $removelinks = 1;
+@@ -18,10 +16,7 @@ my $removelinks = 1;
+ while ( $ARGV[0] =~ '-.*' ) {
+ my $flag = shift @ARGV;
+ last if ( $flag eq '--');
+- if ( $flag =~ /-old/) {
+- $x509hash = "-subject_hash_old";
+- $crlhash = "-hash_old";
+- } elsif ( $flag =~ /-h/) {
++ if ( $flag =~ /-h/) {
+ help();
+ } elsif ( $flag eq '-n' ) {
+ $removelinks = 0;
+@@ -113,7 +108,9 @@ sub hash_dir {
+ next;
}
link_hash_cert($fname) if($cert);
+ link_hash_cert_old($fname) if($cert);
link_hash_crl($fname) if($crl);
++ link_hash_crl_old($fname) if($crl);
}
}
-@@ -119,8 +120,9 @@
+
+@@ -146,6 +143,7 @@ sub check_file {
sub link_hash_cert {
my $fname = $_[0];
-+ my $hashopt = $_[1] || '-subject_hash';
++ my $x509hash = $_[1] || '-subject_hash';
$fname =~ s/'/'\\''/g;
-- my ($hash, $fprint) = `"$openssl" x509 -hash -fingerprint -noout -in "$fname"`;
-+ my ($hash, $fprint) = `"$openssl" x509 $hashopt -fingerprint -noout -in "$fname"`;
+ my ($hash, $fprint) = `"$openssl" x509 $x509hash -fingerprint -noout -in "$fname"`;
chomp $hash;
- chomp $fprint;
- $fprint =~ s/^.*=//;
-@@ -150,6 +152,10 @@
+@@ -177,10 +175,20 @@ sub link_hash_cert {
$hashlist{$hash} = $fprint;
}
@@ -40,6 +60,16 @@ Index: openssl-1.0.0d/tools/c_rehash.in
+ link_hash_cert($_[0], '-subject_hash_old');
+}
+
++sub link_hash_crl_old {
++ link_hash_crl($_[0], '-hash_old');
++}
++
++
# Same as above except for a CRL. CRL links are of the form <hash>.r<n>
sub link_hash_crl {
+ my $fname = $_[0];
++ my $crlhash = $_[1] || "-hash";
+ $fname =~ s/'/'\\''/g;
+ my ($hash, $fprint) = `"$openssl" crl $crlhash -fingerprint -noout -in '$fname'`;
+ chomp $hash;
diff --git a/meta/recipes-connectivity/openssl/openssl/debian/debian-targets.patch b/meta/recipes-connectivity/openssl/openssl/debian/debian-targets.patch
index 8101edf..39d4328 100644
--- a/meta/recipes-connectivity/openssl/openssl/debian/debian-targets.patch
+++ b/meta/recipes-connectivity/openssl/openssl/debian/debian-targets.patch
@@ -1,12 +1,12 @@
Upstream-Status: Backport [debian]
-Index: openssl-1.0.1/Configure
+Index: openssl-1.0.2/Configure
===================================================================
---- openssl-1.0.1.orig/Configure 2012-03-17 15:37:54.000000000 +0000
-+++ openssl-1.0.1/Configure 2012-03-17 16:13:49.000000000 +0000
-@@ -105,6 +105,10 @@
+--- openssl-1.0.2.orig/Configure
++++ openssl-1.0.2/Configure
+@@ -107,6 +107,10 @@ my $gcc_devteam_warn = "-Wall -pedantic
- my $gcc_devteam_warn = "-Wall -pedantic -DPEDANTIC -Wno-long-long -Wsign-compare -Wmissing-prototypes -Wshadow -Wformat -Werror -DCRYPTO_MDEBUG_ALL -DCRYPTO_MDEBUG_ABORT -DREF_CHECK -DOPENSSL_NO_DEPRECATED";
+ my $clang_disabled_warnings = "-Wno-language-extension-token -Wno-extended-offsetof -Wno-padded -Wno-shorten-64-to-32 -Wno-format-nonliteral -Wno-missing-noreturn -Wno-unused-parameter -Wno-sign-conversion -Wno-unreachable-code -Wno-conversion -Wno-documentation -Wno-missing-variable-declarations -Wno-cast-align -Wno-incompatible-pointer-types-discards-qualifiers -Wno-missing-variable-declarations -Wno-missing-field-initializers -Wno-unused-macros -Wno-disabled-macro-expansion -Wno-conditional-uninitialized -Wno-switch-enum";
+# There are no separate CFLAGS/CPPFLAGS/LDFLAGS, set everything in CFLAGS
+my $debian_cflags = `dpkg-buildflags --get CFLAGS` . `dpkg-buildflags --get CPPFLAGS` . `dpkg-buildflags --get LDFLAGS` . "-Wa,--noexecstack -Wall";
@@ -15,7 +15,7 @@ Index: openssl-1.0.1/Configure
my $strict_warnings = 0;
my $x86_gcc_des="DES_PTR DES_RISC1 DES_UNROLL";
-@@ -338,6 +342,48 @@
+@@ -343,6 +347,55 @@ my %table=(
"osf1-alpha-cc", "cc:-std1 -tune host -O4 -readonly_strings::(unknown):::SIXTY_FOUR_BIT_LONG RC4_CHUNK:${alpha_asm}:dlfcn:alpha-osf1-shared:::.so",
"tru64-alpha-cc", "cc:-std1 -tune host -fast -readonly_strings::-pthread:::SIXTY_FOUR_BIT_LONG RC4_CHUNK:${alpha_asm}:dlfcn:alpha-osf1-shared::-msym:.so",
@@ -23,9 +23,9 @@ Index: openssl-1.0.1/Configure
+"debian-alpha","gcc:-DTERMIO ${debian_cflags}::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_RISC1 DES_UNROLL:${alpha_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+"debian-alpha-ev4","gcc:-DTERMIO ${debian_cflags} -mcpu=ev4::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_RISC1 DES_UNROLL:${alpha_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+"debian-alpha-ev5","gcc:-DTERMIO ${debian_cflags} -mcpu=ev5::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_RISC1 DES_UNROLL:${alpha_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
-+"debian-armeb","gcc:-DB_ENDIAN -DTERMIO ${debian_cflags}::-D_REENTRANT::-ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_INT DES_UNROLL BF_PTR:${no_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
-+"debian-armel","gcc:-DL_ENDIAN -DTERMIO ${debian_cflags}::-D_REENTRANT::-ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_INT DES_UNROLL BF_PTR:${no_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
-+"debian-armhf","gcc:-DL_ENDIAN -DTERMIO ${debian_cflags}::-D_REENTRANT::-ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_INT DES_UNROLL BF_PTR:${no_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
++"debian-arm64","gcc:-DL_ENDIAN -DTERMIO ${debian_cflags}::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHAR RC4_CHUNK DES_INT DES_UNROLL BF_PTR:${no_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
++"debian-armel","gcc:-DL_ENDIAN -DTERMIO ${debian_cflags}::-D_REENTRANT::-ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_INT DES_UNROLL BF_PTR:${armv4_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
++"debian-armhf","gcc:-DL_ENDIAN -DTERMIO ${debian_cflags}::-D_REENTRANT::-ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_INT DES_UNROLL BF_PTR:${armv4_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+"debian-amd64", "gcc:-m64 -DL_ENDIAN -DTERMIO ${debian_cflags} -DMD32_REG_T=int::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_INT DES_UNROLL:${x86_64_asm}:elf:dlfcn:linux-shared:-fPIC:-m64:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR):::",
+"debian-avr32", "gcc:-DB_ENDIAN -DTERMIO ${debian_cflags} -fomit-frame-pointer::-D_REENTRANT::-ldl:BN_LLONG_BF_PTR:${no_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+"debian-kfreebsd-amd64","gcc:-m64 -DL_ENDIAN -DTERMIOS ${debian_cflags} -DMD32_REG_T=int::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_INT DES_UNROLL:${x86_64_asm}:elf:dlfcn:linux-shared:-fPIC:-m64:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
@@ -40,15 +40,21 @@ Index: openssl-1.0.1/Configure
+"debian-m68k","gcc:-DB_ENDIAN -DTERMIO ${debian_cflags}::-D_REENTRANT::-ldl:BN_LLONG MD2_CHAR RC4_INDEX:${no_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+"debian-mips", "gcc:-DB_ENDIAN -DTERMIO ${debian_cflags}::-D_REENTRANT::-ldl:BN_LLONG RC2_CHAR RC4_INDEX DES_INT DES_UNROLL DES_RISC2:${no_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+"debian-mipsel", "gcc:-DL_ENDIAN -DTERMIO ${debian_cflags}::-D_REENTRANT::-ldl:BN_LLONG RC2_CHAR RC4_INDEX DES_INT DES_UNROLL DES_RISC2:${no_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
++"debian-mipsn32", "mips64-linux-gnuabin32-gcc:-DB_ENDIAN -DTERMIO ${debian_cflags}::-D_REENTRANT::-ldl:BN_LLONG RC2_CHAR RC4_INDEX DES_INT DES_UNROLL DES_RISC2:${no_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
++"debian-mipsn32el", "mips64el-linux-gnuabin32-gcc:-DL_ENDIAN -DTERMIO ${debian_cflags}::-D_REENTRANT::-ldl:BN_LLONG RC2_CHAR RC4_INDEX DES_INT DES_UNROLL DES_RISC2:${no_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
++"debian-mips64", "mips64-linux-gnuabi64-gcc:-DB_ENDIAN -DTERMIO ${debian_cflags}::-D_REENTRANT::-ldl:BN_LLONG RC2_CHAR RC4_INDEX DES_INT DES_UNROLL DES_RISC2:${no_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
++"debian-mips64el", "mips64el-linux-gnuabi64-gcc:-DL_ENDIAN -DTERMIO ${debian_cflags}::-D_REENTRANT::-ldl:BN_LLONG RC2_CHAR RC4_INDEX DES_INT DES_UNROLL DES_RISC2:${no_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+"debian-netbsd-i386", "gcc:-DL_ENDIAN -DTERMIOS ${debian_cflags} -m486::(unknown):::BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${no_asm}:dlfcn:bsd-gcc-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+"debian-netbsd-m68k", "gcc:-DB_ENDIAN -DTERMIOS ${debian_cflags}::(unknown):::BN_LLONG MD2_CHAR RC4_INDEX DES_UNROLL:${no_asm}:dlfcn:bsd-gcc-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+"debian-netbsd-sparc", "gcc:-DB_ENDIAN -DTERMIOS ${debian_cflags} -mv8::(unknown):::BN_LLONG MD2_CHAR RC4_INDEX DES_UNROLL:${no_asm}:dlfcn:bsd-gcc-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+"debian-openbsd-alpha","gcc:-DTERMIOS ${debian_cflags}::(unknown):::SIXTY_FOUR_BIT_LONG DES_INT DES_PTR DES_RISC2:${no_asm}:dlfcn:bsd-gcc-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+"debian-openbsd-i386", "gcc:-DL_ENDIAN -DTERMIOS ${debian_cflags} -m486::(unknown):::BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_asm}:a.out:dlfcn:bsd-gcc-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+"debian-openbsd-mips","gcc:-DL_ENDIAN ${debian_cflags}::(unknown)::BN_LLONG MD2_CHAR RC4_INDEX RC4_CHAR DES_UNROLL DES_RISC2 DES_PTR BF_PTR:${no_asm}:dlfcn:bsd-gcc-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
++"debian-or1k", "gcc:-DB_ENDIAN -DTERMIO ${debian_cflags}::-D_REENTRANT::-ldl:BN_LLONG DES_RISC1:${no_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+"debian-powerpc","gcc:-DB_ENDIAN -DTERMIO ${debian_cflags}::-D_REENTRANT::-ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_RISC1 DES_UNROLL:${ppc32_asm}:linux32:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+"debian-powerpcspe","gcc:-DB_ENDIAN -DTERMIO ${debian_cflags}::-D_REENTRANT::-ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_RISC1 DES_UNROLL:${ppc32_asm}:linux32:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+"debian-ppc64","gcc:-m64 -DB_ENDIAN -DTERMIO ${debian_cflags}::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHAR RC4_CHUNK DES_RISC1 DES_UNROLL:${ppc64_asm}:linux64:dlfcn:linux-shared:-fPIC:-m64:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
++"debian-ppc64el","gcc:-m64 -DL_ENDIAN -DTERMIO ${debian_cflags}::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHAR RC4_CHUNK DES_RISC1 DES_UNROLL:${ppc64_asm}:linux64le:dlfcn:linux-shared:-fPIC:-m64:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+"debian-s390","gcc:-DB_ENDIAN -DTERMIO ${debian_cflags}::-D_REENTRANT::-ldl:RC4_CHAR RC4_CHUNK DES_INT DES_UNROLL:${no_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+"debian-s390x","gcc:-DB_ENDIAN -DTERMIO ${debian_cflags}::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHAR RC4_CHUNK DES_INT DES_UNROLL:${no_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+"debian-sh3", "gcc:-DL_ENDIAN -DTERMIO ${debian_cflags}::-D_REENTRANT::-ldl:BN_LLONG:${no_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
@@ -60,6 +66,7 @@ Index: openssl-1.0.1/Configure
+"debian-sparc-v8","gcc:-DB_ENDIAN -DTERMIO ${debian_cflags} -mcpu=v8 -DBN_DIV2W::-D_REENTRANT::-ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_UNROLL BF_PTR:${sparcv8_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+"debian-sparc-v9","gcc:-DB_ENDIAN -DTERMIO ${debian_cflags} -mcpu=v9 -Wa,-Av8plus -DULTRASPARC -DBN_DIV2W::-D_REENTRANT::-ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_UNROLL BF_PTR:${sparcv9_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+"debian-sparc64","gcc:-m64 -DB_ENDIAN -DTERMIO ${debian_cflags} -DULTRASPARC -DBN_DIV2W::-D_REENTRANT::-ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_INT DES_PTR DES_RISC1 DES_UNROLL BF_PTR:${sparcv9_asm}:dlfcn:linux-shared:-fPIC:-m64:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
++"debian-x32","gcc:-mx32 -DL_ENDIAN -DTERMIO ${debian_cflags} -DMD32_REG_T=int::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT RC4_CHUNK DES_INT DES_UNROLL:${x86_64_asm}:elf:dlfcn:linux-shared:-fPIC:-mx32:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR):::x32",
+
####
#### Variety of LINUX:-)
diff --git a/meta/recipes-connectivity/openssl/openssl/debian/version-script.patch b/meta/recipes-connectivity/openssl/openssl/debian/version-script.patch
index ece8b9b..a249180 100644
--- a/meta/recipes-connectivity/openssl/openssl/debian/version-script.patch
+++ b/meta/recipes-connectivity/openssl/openssl/debian/version-script.patch
@@ -1,10 +1,8 @@
-Upstream-Status: Backport [debian]
-
-Index: openssl-1.0.1d/Configure
+Index: openssl-1.0.2~beta1.obsolete.0.0498436515490575/Configure
===================================================================
---- openssl-1.0.1d.orig/Configure 2013-02-06 19:41:43.000000000 +0100
-+++ openssl-1.0.1d/Configure 2013-02-06 19:41:43.000000000 +0100
-@@ -1621,6 +1621,8 @@
+--- openssl-1.0.2~beta1.obsolete.0.0498436515490575.orig/Configure 2014-02-24 21:02:30.000000000 +0100
++++ openssl-1.0.2~beta1.obsolete.0.0498436515490575/Configure 2014-02-24 21:02:30.000000000 +0100
+@@ -1651,6 +1651,8 @@
}
}
@@ -13,11 +11,11 @@ Index: openssl-1.0.1d/Configure
open(IN,'<Makefile.org') || die "unable to read Makefile.org:$!\n";
unlink("$Makefile.new") || die "unable to remove old $Makefile.new:$!\n" if -e "$Makefile.new";
open(OUT,">$Makefile.new") || die "unable to create $Makefile.new:$!\n";
-Index: openssl-1.0.1d/openssl.ld
+Index: openssl-1.0.2~beta1.obsolete.0.0498436515490575/openssl.ld
===================================================================
--- /dev/null 1970-01-01 00:00:00.000000000 +0000
-+++ openssl-1.0.1d/openssl.ld 2013-02-06 19:44:25.000000000 +0100
-@@ -0,0 +1,4620 @@
++++ openssl-1.0.2~beta1.obsolete.0.0498436515490575/openssl.ld 2014-02-24 22:19:08.601827266 +0100
+@@ -0,0 +1,4615 @@
+OPENSSL_1.0.0 {
+ global:
+ BIO_f_ssl;
@@ -2229,20 +2227,16 @@ Index: openssl-1.0.1d/openssl.ld
+ ERR_load_COMP_strings;
+ PKCS12_item_decrypt_d2i;
+ ASN1_UTF8STRING_it;
-+ ASN1_UTF8STRING_it;
+ ENGINE_unregister_ciphers;
+ ENGINE_get_ciphers;
+ d2i_OCSP_BASICRESP;
+ KRB5_CHECKSUM_it;
-+ KRB5_CHECKSUM_it;
+ EC_POINT_add;
+ ASN1_item_ex_i2d;
+ OCSP_CERTID_it;
-+ OCSP_CERTID_it;
+ d2i_OCSP_RESPBYTES;
+ X509V3_add1_i2d;
+ PKCS7_ENVELOPE_it;
-+ PKCS7_ENVELOPE_it;
+ UI_add_input_boolean;
+ ENGINE_unregister_RSA;
+ X509V3_EXT_nconf;
@@ -2254,19 +2248,15 @@ Index: openssl-1.0.1d/openssl.ld
+ ENGINE_register_all_RAND;
+ ENGINE_load_dynamic;
+ PBKDF2PARAM_it;
-+ PBKDF2PARAM_it;
+ EXTENDED_KEY_USAGE_new;
+ EC_GROUP_clear_free;
+ OCSP_sendreq_bio;
+ ASN1_item_digest;
+ OCSP_BASICRESP_delete_ext;
+ OCSP_SIGNATURE_it;
-+ OCSP_SIGNATURE_it;
-+ X509_CRL_it;
+ X509_CRL_it;
+ OCSP_BASICRESP_add_ext;
+ KRB5_ENCKEY_it;
-+ KRB5_ENCKEY_it;
+ UI_method_set_closer;
+ X509_STORE_set_purpose;
+ i2d_ASN1_GENERALSTRING;
@@ -2277,7 +2267,6 @@ Index: openssl-1.0.1d/openssl.ld
+ OCSP_REQUEST_get_ext_by_OBJ;
+ _ossl_old_des_random_key;
+ ASN1_T61STRING_it;
-+ ASN1_T61STRING_it;
+ EC_GROUP_method_of;
+ i2d_KRB5_APREQ;
+ _ossl_old_des_encrypt;
@@ -2293,7 +2282,6 @@ Index: openssl-1.0.1d/openssl.ld
+ OCSP_SINGLERESP_get_ext_count;
+ UI_ctrl;
+ _shadow_DES_rw_mode;
-+ _shadow_DES_rw_mode;
+ asn1_do_adb;
+ ASN1_template_i2d;
+ ENGINE_register_DH;
@@ -2307,8 +2295,6 @@ Index: openssl-1.0.1d/openssl.ld
+ KRB5_ENCKEY_free;
+ OCSP_resp_get0;
+ GENERAL_NAME_it;
-+ GENERAL_NAME_it;
-+ ASN1_GENERALIZEDTIME_it;
+ ASN1_GENERALIZEDTIME_it;
+ X509_STORE_set_flags;
+ EC_POINT_set_compressed_coordinates_GFp;
@@ -2330,21 +2316,18 @@ Index: openssl-1.0.1d/openssl.ld
+ EC_POINT_set_affine_coords_GFp;
+ _ossl_old_des_options;
+ SXNET_it;
-+ SXNET_it;
+ UI_dup_input_boolean;
+ PKCS12_add_CSPName_asc;
+ EC_POINT_is_at_infinity;
+ ENGINE_load_cryptodev;
+ DSO_convert_filename;
+ POLICYQUALINFO_it;
-+ POLICYQUALINFO_it;
+ ENGINE_register_ciphers;
+ BN_mod_lshift_quick;
+ DSO_set_filename;
+ ASN1_item_free;
+ KRB5_TKTBODY_free;
+ AUTHORITY_KEYID_it;
-+ AUTHORITY_KEYID_it;
+ KRB5_APREQBODY_new;
+ X509V3_EXT_REQ_add_nconf;
+ ENGINE_ctrl_cmd_string;
@@ -2352,19 +2335,15 @@ Index: openssl-1.0.1d/openssl.ld
+ EVP_MD_CTX_init;
+ EXTENDED_KEY_USAGE_free;
+ PKCS7_ATTR_SIGN_it;
-+ PKCS7_ATTR_SIGN_it;
+ UI_add_error_string;
+ KRB5_CHECKSUM_free;
+ OCSP_REQUEST_get_ext;
+ ENGINE_load_ubsec;
+ ENGINE_register_all_digests;
+ PKEY_USAGE_PERIOD_it;
-+ PKEY_USAGE_PERIOD_it;
+ PKCS12_unpack_authsafes;
+ ASN1_item_unpack;
+ NETSCAPE_SPKAC_it;
-+ NETSCAPE_SPKAC_it;
-+ X509_REVOKED_it;
+ X509_REVOKED_it;
+ ASN1_STRING_encode;
+ EVP_aes_128_ecb;
@@ -2376,7 +2355,6 @@ Index: openssl-1.0.1d/openssl.ld
+ UI_dup_info_string;
+ _ossl_old_des_xwhite_in2out;
+ PKCS12_it;
-+ PKCS12_it;
+ OCSP_SINGLERESP_get_ext_by_critical;
+ OCSP_SINGLERESP_get_ext_by_crit;
+ OCSP_CERTSTATUS_free;
@@ -2395,10 +2373,8 @@ Index: openssl-1.0.1d/openssl.ld
+ ENGINE_unregister_DSA;
+ _ossl_old_des_key_sched;
+ X509_EXTENSION_it;
-+ X509_EXTENSION_it;
+ i2d_KRB5_AUTHENT;
+ SXNETID_it;
-+ SXNETID_it;
+ d2i_OCSP_SINGLERESP;
+ EDIPARTYNAME_new;
+ PKCS12_certbag2x509;
@@ -2409,10 +2385,8 @@ Index: openssl-1.0.1d/openssl.ld
+ d2i_KRB5_APREQBODY;
+ UI_method_get_flusher;
+ X509_PUBKEY_it;
-+ X509_PUBKEY_it;
+ _ossl_old_des_enc_read;
+ PKCS7_ENCRYPT_it;
-+ PKCS7_ENCRYPT_it;
+ i2d_OCSP_RESPONSE;
+ EC_GROUP_get_cofactor;
+ PKCS12_unpack_p7data;
@@ -2430,10 +2404,8 @@ Index: openssl-1.0.1d/openssl.ld
+ PKCS12_item_i2d_encrypt;
+ X509_add1_ext_i2d;
+ PKCS7_SIGNER_INFO_it;
-+ PKCS7_SIGNER_INFO_it;
+ KRB5_PRINCNAME_new;
+ PKCS12_SAFEBAG_it;
-+ PKCS12_SAFEBAG_it;
+ EC_GROUP_get_order;
+ d2i_OCSP_RESPID;
+ OCSP_request_verify;
@@ -2448,42 +2420,32 @@ Index: openssl-1.0.1d/openssl.ld
+ EVP_MD_CTX_create;
+ OCSP_resp_find_status;
+ X509_ALGOR_it;
-+ X509_ALGOR_it;
-+ ASN1_TIME_it;
+ ASN1_TIME_it;
+ OCSP_request_set1_name;
+ OCSP_ONEREQ_get_ext_count;
+ UI_get0_result;
+ PKCS12_AUTHSAFES_it;
-+ PKCS12_AUTHSAFES_it;
+ EVP_aes_256_ecb;
+ PKCS12_pack_authsafes;
+ ASN1_IA5STRING_it;
-+ ASN1_IA5STRING_it;
+ UI_get_input_flags;
+ EC_GROUP_set_generator;
+ _ossl_old_des_string_to_2keys;
+ OCSP_CERTID_free;
+ X509_CERT_AUX_it;
-+ X509_CERT_AUX_it;
-+ CERTIFICATEPOLICIES_it;
+ CERTIFICATEPOLICIES_it;
+ _ossl_old_des_ede3_cbc_encrypt;
+ RAND_set_rand_engine;
+ DSO_get_loaded_filename;
+ X509_ATTRIBUTE_it;
-+ X509_ATTRIBUTE_it;
+ OCSP_ONEREQ_get_ext_by_NID;
+ PKCS12_decrypt_skey;
+ KRB5_AUTHENT_it;
-+ KRB5_AUTHENT_it;
+ UI_dup_error_string;
+ RSAPublicKey_it;
-+ RSAPublicKey_it;
+ i2d_OCSP_REQUEST;
+ PKCS12_x509crl2certbag;
+ OCSP_SERVICELOC_it;
-+ OCSP_SERVICELOC_it;
+ ASN1_item_sign;
+ X509_CRL_set_issuer_name;
+ OBJ_NAME_do_all_sorted;
@@ -2494,30 +2456,23 @@ Index: openssl-1.0.1d/openssl.ld
+ ENGINE_get_digest;
+ OCSP_RESPONSE_print;
+ KRB5_TKTBODY_it;
-+ KRB5_TKTBODY_it;
+ ACCESS_DESCRIPTION_it;
-+ ACCESS_DESCRIPTION_it;
-+ PKCS7_ISSUER_AND_SERIAL_it;
+ PKCS7_ISSUER_AND_SERIAL_it;
+ PBE2PARAM_it;
-+ PBE2PARAM_it;
+ PKCS12_certbag2x509crl;
+ PKCS7_SIGNED_it;
-+ PKCS7_SIGNED_it;
+ ENGINE_get_cipher;
+ i2d_OCSP_CRLID;
+ OCSP_SINGLERESP_new;
+ ENGINE_cmd_is_executable;
+ RSA_up_ref;
+ ASN1_GENERALSTRING_it;
-+ ASN1_GENERALSTRING_it;
+ ENGINE_register_DSA;
+ X509V3_EXT_add_nconf_sk;
+ ENGINE_set_load_pubkey_function;
+ PKCS8_decrypt;
+ PEM_bytes_read_bio;
+ DIRECTORYSTRING_it;
-+ DIRECTORYSTRING_it;
+ d2i_OCSP_CRLID;
+ EC_POINT_is_on_curve;
+ CRYPTO_set_locked_mem_ex_functions;
@@ -2525,7 +2480,6 @@ Index: openssl-1.0.1d/openssl.ld
+ d2i_KRB5_CHECKSUM;
+ ASN1_item_dup;
+ X509_it;
-+ X509_it;
+ BN_mod_add;
+ KRB5_AUTHDATA_free;
+ _ossl_old_des_cbc_cksum;
@@ -2534,7 +2488,6 @@ Index: openssl-1.0.1d/openssl.ld
+ EC_POINT_get_Jprojective_coordinates_GFp;
+ EC_POINT_get_Jproj_coords_GFp;
+ ZLONG_it;
-+ ZLONG_it;
+ CRYPTO_get_locked_mem_ex_functions;
+ CRYPTO_get_locked_mem_ex_funcs;
+ ASN1_TIME_check;
@@ -2544,41 +2497,30 @@ Index: openssl-1.0.1d/openssl.ld
+ _ossl_old_des_ede3_cfb64_encrypt;
+ _ossl_odes_ede3_cfb64_encrypt;
+ ASN1_BMPSTRING_it;
-+ ASN1_BMPSTRING_it;
+ ASN1_tag2bit;
+ UI_method_set_flusher;
+ X509_ocspid_print;
+ KRB5_ENCDATA_it;
-+ KRB5_ENCDATA_it;
+ ENGINE_get_load_pubkey_function;
+ UI_add_user_data;
+ OCSP_REQUEST_delete_ext;
+ UI_get_method;
+ OCSP_ONEREQ_free;
+ ASN1_PRINTABLESTRING_it;
-+ ASN1_PRINTABLESTRING_it;
+ X509_CRL_set_nextUpdate;
+ OCSP_REQUEST_it;
-+ OCSP_REQUEST_it;
-+ OCSP_BASICRESP_it;
+ OCSP_BASICRESP_it;
+ AES_ecb_encrypt;
+ BN_mod_sqr;
+ NETSCAPE_CERT_SEQUENCE_it;
-+ NETSCAPE_CERT_SEQUENCE_it;
-+ GENERAL_NAMES_it;
+ GENERAL_NAMES_it;
+ AUTHORITY_INFO_ACCESS_it;
-+ AUTHORITY_INFO_ACCESS_it;
-+ ASN1_FBOOLEAN_it;
+ ASN1_FBOOLEAN_it;
+ UI_set_ex_data;
+ _ossl_old_des_string_to_key;
+ ENGINE_register_all_RSA;
+ d2i_KRB5_PRINCNAME;
+ OCSP_RESPBYTES_it;
-+ OCSP_RESPBYTES_it;
-+ X509_CINF_it;
+ X509_CINF_it;
+ ENGINE_unregister_digests;
+ d2i_EDIPARTYNAME;
@@ -2588,7 +2530,6 @@ Index: openssl-1.0.1d/openssl.ld
+ OCSP_RESPDATA_free;
+ d2i_KRB5_TICKET;
+ OTHERNAME_it;
-+ OTHERNAME_it;
+ EVP_MD_CTX_cleanup;
+ d2i_ASN1_GENERALSTRING;
+ X509_CRL_set_version;
@@ -2598,7 +2539,6 @@ Index: openssl-1.0.1d/openssl.ld
+ OCSP_REQUEST_free;
+ OCSP_REQUEST_add1_ext_i2d;
+ X509_VAL_it;
-+ X509_VAL_it;
+ EC_POINTs_make_affine;
+ EC_POINT_mul;
+ X509V3_EXT_add_nconf;
@@ -2606,7 +2546,6 @@ Index: openssl-1.0.1d/openssl.ld
+ X509_CRL_add1_ext_i2d;
+ _ossl_old_des_fcrypt;
+ DISPLAYTEXT_it;
-+ DISPLAYTEXT_it;
+ X509_CRL_set_lastUpdate;
+ OCSP_BASICRESP_free;
+ OCSP_BASICRESP_add1_ext_i2d;
@@ -2619,7 +2558,6 @@ Index: openssl-1.0.1d/openssl.ld
+ UI_get0_result_string;
+ ASN1_GENERALSTRING_new;
+ X509_SIG_it;
-+ X509_SIG_it;
+ ERR_set_implementation;
+ ERR_load_EC_strings;
+ UI_get0_action_string;
@@ -2634,35 +2572,27 @@ Index: openssl-1.0.1d/openssl.ld
+ OCSP_ONEREQ_get_ext_by_OBJ;
+ ASN1_primitive_new;
+ ASN1_PRINTABLE_it;
-+ ASN1_PRINTABLE_it;
+ EVP_aes_192_ecb;
+ OCSP_SIGNATURE_new;
+ LONG_it;
-+ LONG_it;
-+ ASN1_VISIBLESTRING_it;
+ ASN1_VISIBLESTRING_it;
+ OCSP_SINGLERESP_add1_ext_i2d;
+ d2i_OCSP_CERTID;
+ ASN1_item_d2i_fp;
+ CRL_DIST_POINTS_it;
-+ CRL_DIST_POINTS_it;
+ GENERAL_NAME_print;
+ OCSP_SINGLERESP_delete_ext;
+ PKCS12_SAFEBAGS_it;
-+ PKCS12_SAFEBAGS_it;
+ d2i_OCSP_SIGNATURE;
+ OCSP_request_add1_nonce;
+ ENGINE_set_cmd_defns;
+ OCSP_SERVICELOC_free;
+ EC_GROUP_free;
+ ASN1_BIT_STRING_it;
-+ ASN1_BIT_STRING_it;
-+ X509_REQ_it;
+ X509_REQ_it;
+ _ossl_old_des_cbc_encrypt;
+ ERR_unload_strings;
+ PKCS7_SIGN_ENVELOPE_it;
-+ PKCS7_SIGN_ENVELOPE_it;
+ EDIPARTYNAME_free;
+ OCSP_REQINFO_free;
+ EC_GROUP_new_curve_GFp;
@@ -2687,7 +2617,6 @@ Index: openssl-1.0.1d/openssl.ld
+ OCSP_CRLID_free;
+ OCSP_BASICRESP_get1_ext_d2i;
+ RSAPrivateKey_it;
-+ RSAPrivateKey_it;
+ ENGINE_register_all_DH;
+ i2d_EDIPARTYNAME;
+ EC_POINT_get_affine_coordinates_GFp;
@@ -2695,10 +2624,8 @@ Index: openssl-1.0.1d/openssl.ld
+ OCSP_CRLID_new;
+ ENGINE_get_flags;
+ OCSP_ONEREQ_it;
-+ OCSP_ONEREQ_it;
+ UI_process;
+ ASN1_INTEGER_it;
-+ ASN1_INTEGER_it;
+ EVP_CipherInit_ex;
+ UI_get_string_type;
+ ENGINE_unregister_DH;
@@ -2707,7 +2634,6 @@ Index: openssl-1.0.1d/openssl.ld
+ bn_dup_expand;
+ OCSP_cert_id_new;
+ BASIC_CONSTRAINTS_it;
-+ BASIC_CONSTRAINTS_it;
+ BN_mod_add_quick;
+ EC_POINT_new;
+ EVP_MD_CTX_destroy;
@@ -2717,7 +2643,6 @@ Index: openssl-1.0.1d/openssl.ld
+ EC_POINT_free;
+ DH_up_ref;
+ X509_NAME_ENTRY_it;
-+ X509_NAME_ENTRY_it;
+ UI_get_ex_new_index;
+ BN_mod_sub_quick;
+ OCSP_ONEREQ_add_ext;
@@ -2730,7 +2655,6 @@ Index: openssl-1.0.1d/openssl.ld
+ ENGINE_register_complete;
+ X509V3_EXT_nconf_nid;
+ ASN1_SEQUENCE_it;
-+ ASN1_SEQUENCE_it;
+ UI_set_default_method;
+ RAND_query_egd_bytes;
+ UI_method_get_writer;
@@ -2738,8 +2662,6 @@ Index: openssl-1.0.1d/openssl.ld
+ PEM_def_callback;
+ ENGINE_cleanup;
+ DIST_POINT_it;
-+ DIST_POINT_it;
-+ OCSP_SINGLERESP_it;
+ OCSP_SINGLERESP_it;
+ d2i_KRB5_TKTBODY;
+ EC_POINT_cmp;
@@ -2758,24 +2680,20 @@ Index: openssl-1.0.1d/openssl.ld
+ OCSP_cert_to_id;
+ OCSP_RESPID_new;
+ OCSP_RESPDATA_it;
-+ OCSP_RESPDATA_it;
+ d2i_OCSP_RESPDATA;
+ ENGINE_register_all_complete;
+ OCSP_check_validity;
+ PKCS12_BAGS_it;
-+ PKCS12_BAGS_it;
+ OCSP_url_svcloc_new;
+ ASN1_template_free;
+ OCSP_SINGLERESP_add_ext;
+ KRB5_AUTHENTBODY_it;
-+ KRB5_AUTHENTBODY_it;
+ X509_supported_extension;
+ i2d_KRB5_AUTHDATA;
+ UI_method_get_opener;
+ ENGINE_set_ex_data;
+ OCSP_REQUEST_print;
+ CBIGNUM_it;
-+ CBIGNUM_it;
+ KRB5_TICKET_new;
+ KRB5_APREQ_new;
+ EC_GROUP_get_curve_GFp;
@@ -2785,27 +2703,20 @@ Index: openssl-1.0.1d/openssl.ld
+ OCSP_single_get0_status;
+ BN_swap;
+ POLICYINFO_it;
-+ POLICYINFO_it;
+ ENGINE_set_destroy_function;
+ asn1_enc_free;
+ OCSP_RESPID_it;
-+ OCSP_RESPID_it;
+ EC_GROUP_new;
+ EVP_aes_256_cbc;
+ i2d_KRB5_PRINCNAME;
+ _ossl_old_des_encrypt2;
+ _ossl_old_des_encrypt3;
+ PKCS8_PRIV_KEY_INFO_it;
-+ PKCS8_PRIV_KEY_INFO_it;
-+ OCSP_REQINFO_it;
+ OCSP_REQINFO_it;
+ PBEPARAM_it;
-+ PBEPARAM_it;
+ KRB5_AUTHENTBODY_new;
+ X509_CRL_add0_revoked;
+ EDIPARTYNAME_it;
-+ EDIPARTYNAME_it;
-+ NETSCAPE_SPKI_it;
+ NETSCAPE_SPKI_it;
+ UI_get0_test_string;
+ ENGINE_get_cipher_engine;
@@ -2817,14 +2728,12 @@ Index: openssl-1.0.1d/openssl.ld
+ UI_method_get_reader;
+ OCSP_BASICRESP_get_ext_count;
+ ASN1_ENUMERATED_it;
-+ ASN1_ENUMERATED_it;
+ UI_set_result;
+ i2d_KRB5_TICKET;
+ X509_print_ex_fp;
+ EVP_CIPHER_CTX_set_padding;
+ d2i_OCSP_RESPONSE;
+ ASN1_UTCTIME_it;
-+ ASN1_UTCTIME_it;
+ _ossl_old_des_enc_write;
+ OCSP_RESPONSE_new;
+ AES_set_encrypt_key;
@@ -2834,14 +2743,11 @@ Index: openssl-1.0.1d/openssl.ld
+ OCSP_onereq_get0_id;
+ ENGINE_set_default_ciphers;
+ NOTICEREF_it;
-+ NOTICEREF_it;
+ X509V3_EXT_CRL_add_nconf;
+ OCSP_REVOKEDINFO_it;
-+ OCSP_REVOKEDINFO_it;
+ AES_encrypt;
+ OCSP_REQUEST_new;
+ ASN1_ANY_it;
-+ ASN1_ANY_it;
+ CRYPTO_ex_data_new_class;
+ _ossl_old_des_ncbc_encrypt;
+ i2d_KRB5_TKTBODY;
@@ -2864,19 +2770,15 @@ Index: openssl-1.0.1d/openssl.ld
+ ENGINE_load_nuron;
+ _ossl_old_des_pcbc_encrypt;
+ PKCS12_MAC_DATA_it;
-+ PKCS12_MAC_DATA_it;
+ OCSP_accept_responses_new;
+ asn1_do_lock;
+ PKCS7_ATTR_VERIFY_it;
-+ PKCS7_ATTR_VERIFY_it;
-+ KRB5_APREQBODY_it;
+ KRB5_APREQBODY_it;
+ i2d_OCSP_SINGLERESP;
+ ASN1_item_ex_new;
+ UI_add_verify_string;
+ _ossl_old_des_set_key;
+ KRB5_PRINCNAME_it;
-+ KRB5_PRINCNAME_it;
+ EVP_DecryptInit_ex;
+ i2d_OCSP_CERTID;
+ ASN1_item_d2i_bio;
@@ -2890,20 +2792,17 @@ Index: openssl-1.0.1d/openssl.ld
+ OCSP_BASICRESP_new;
+ OCSP_REQUEST_get_ext_by_NID;
+ KRB5_APREQ_it;
-+ KRB5_APREQ_it;
+ ENGINE_get_destroy_function;
+ CONF_set_nconf;
+ ASN1_PRINTABLE_free;
+ OCSP_BASICRESP_get_ext_by_NID;
+ DIST_POINT_NAME_it;
-+ DIST_POINT_NAME_it;
+ X509V3_extensions_print;
+ _ossl_old_des_cfb64_encrypt;
+ X509_REVOKED_add1_ext_i2d;
+ _ossl_old_des_ofb_encrypt;
+ KRB5_TKTBODY_new;
+ ASN1_OCTET_STRING_it;
-+ ASN1_OCTET_STRING_it;
+ ERR_load_UI_strings;
+ i2d_KRB5_ENCKEY;
+ ASN1_template_new;
@@ -2911,8 +2810,6 @@ Index: openssl-1.0.1d/openssl.ld
+ ASN1_item_i2d_fp;
+ KRB5_PRINCNAME_free;
+ PKCS7_RECIP_INFO_it;
-+ PKCS7_RECIP_INFO_it;
-+ EXTENDED_KEY_USAGE_it;
+ EXTENDED_KEY_USAGE_it;
+ EC_GFp_simple_method;
+ EC_GROUP_precompute_mult;
@@ -2920,42 +2817,33 @@ Index: openssl-1.0.1d/openssl.ld
+ UI_method_set_writer;
+ KRB5_AUTHENT_new;
+ X509_CRL_INFO_it;
-+ X509_CRL_INFO_it;
+ DSO_set_name_converter;
+ AES_set_decrypt_key;
+ PKCS7_DIGEST_it;
-+ PKCS7_DIGEST_it;
+ PKCS12_x5092certbag;
+ EVP_DigestInit_ex;
+ i2a_ACCESS_DESCRIPTION;
+ OCSP_RESPONSE_it;
-+ OCSP_RESPONSE_it;
-+ PKCS7_ENC_CONTENT_it;
+ PKCS7_ENC_CONTENT_it;
+ OCSP_request_add0_id;
+ EC_POINT_make_affine;
+ DSO_get_filename;
+ OCSP_CERTSTATUS_it;
-+ OCSP_CERTSTATUS_it;
+ OCSP_request_add1_cert;
+ UI_get0_output_string;
+ UI_dup_verify_string;
+ BN_mod_lshift;
+ KRB5_AUTHDATA_it;
-+ KRB5_AUTHDATA_it;
+ asn1_set_choice_selector;
+ OCSP_basic_add1_status;
+ OCSP_RESPID_free;
+ asn1_get_field_ptr;
+ UI_add_input_string;
+ OCSP_CRLID_it;
-+ OCSP_CRLID_it;
+ i2d_KRB5_AUTHENTBODY;
+ OCSP_REQUEST_get_ext_count;
+ ENGINE_load_atalla;
+ X509_NAME_it;
-+ X509_NAME_it;
-+ USERNOTICE_it;
+ USERNOTICE_it;
+ OCSP_REQINFO_new;
+ OCSP_BASICRESP_get_ext;
@@ -2965,33 +2853,27 @@ Index: openssl-1.0.1d/openssl.ld
+ i2d_KRB5_ENCDATA;
+ X509_PURPOSE_set;
+ X509_REQ_INFO_it;
-+ X509_REQ_INFO_it;
+ UI_method_set_opener;
+ ASN1_item_ex_free;
+ ASN1_BOOLEAN_it;
-+ ASN1_BOOLEAN_it;
+ ENGINE_get_table_flags;
+ UI_create_method;
+ OCSP_ONEREQ_add1_ext_i2d;
+ _shadow_DES_check_key;
-+ _shadow_DES_check_key;
+ d2i_OCSP_REQINFO;
+ UI_add_info_string;
+ UI_get_result_minsize;
+ ASN1_NULL_it;
-+ ASN1_NULL_it;
+ BN_mod_lshift1;
+ d2i_OCSP_ONEREQ;
+ OCSP_ONEREQ_new;
+ KRB5_TICKET_it;
-+ KRB5_TICKET_it;
+ EVP_aes_192_cbc;
+ KRB5_TICKET_free;
+ UI_new;
+ OCSP_response_create;
+ _ossl_old_des_xcbc_encrypt;
+ PKCS7_it;
-+ PKCS7_it;
+ OCSP_REQUEST_get_ext_by_critical;
+ OCSP_REQUEST_get_ext_by_crit;
+ ENGINE_set_flags;
@@ -3000,11 +2882,9 @@ Index: openssl-1.0.1d/openssl.ld
+ EVP_Digest;
+ OCSP_ONEREQ_delete_ext;
+ ASN1_TBOOLEAN_it;
-+ ASN1_TBOOLEAN_it;
+ ASN1_item_new;
+ ASN1_TIME_to_generalizedtime;
+ BIGNUM_it;
-+ BIGNUM_it;
+ AES_cbc_encrypt;
+ ENGINE_get_load_privkey_function;
+ ENGINE_get_load_privkey_fn;
@@ -3016,7 +2896,6 @@ Index: openssl-1.0.1d/openssl.ld
+ EC_POINT_point2oct;
+ KRB5_APREQ_free;
+ ASN1_OBJECT_it;
-+ ASN1_OBJECT_it;
+ OCSP_crlID_new;
+ OCSP_crlID2_new;
+ CONF_modules_load_file;
@@ -3074,7 +2953,6 @@ Index: openssl-1.0.1d/openssl.ld
+ i2d_ASN1_UNIVERSALSTRING;
+ ASN1_UNIVERSALSTRING_free;
+ ASN1_UNIVERSALSTRING_it;
-+ ASN1_UNIVERSALSTRING_it;
+ d2i_ASN1_UNIVERSALSTRING;
+ EVP_des_ede3_ecb;
+ X509_REQ_print_ex;
@@ -3130,14 +3008,12 @@ Index: openssl-1.0.1d/openssl.ld
+ HMAC_CTX_set_flags;
+ d2i_PROXY_CERT_INFO_EXTENSION;
+ PROXY_POLICY_it;
-+ PROXY_POLICY_it;
+ i2d_PROXY_POLICY;
+ i2d_PROXY_CERT_INFO_EXTENSION;
+ d2i_PROXY_POLICY;
+ PROXY_CERT_INFO_EXTENSION_new;
+ PROXY_CERT_INFO_EXTENSION_free;
+ PROXY_CERT_INFO_EXTENSION_it;
-+ PROXY_CERT_INFO_EXTENSION_it;
+ PROXY_POLICY_free;
+ PROXY_POLICY_new;
+ BN_MONT_CTX_set_locked;
@@ -3174,7 +3050,6 @@ Index: openssl-1.0.1d/openssl.ld
+ BN_BLINDING_get_thread_id;
+ X509_STORE_CTX_set0_param;
+ POLICY_MAPPING_it;
-+ POLICY_MAPPING_it;
+ STORE_parse_attrs_start;
+ POLICY_CONSTRAINTS_free;
+ EVP_PKEY_add1_attr_by_NID;
@@ -3183,7 +3058,6 @@ Index: openssl-1.0.1d/openssl.ld
+ STORE_set_method;
+ GENERAL_SUBTREE_free;
+ NAME_CONSTRAINTS_it;
-+ NAME_CONSTRAINTS_it;
+ ECDH_get_default_method;
+ PKCS12_add_safe;
+ EC_KEY_new_by_curve_name;
@@ -3226,7 +3100,6 @@ Index: openssl-1.0.1d/openssl.ld
+ ENGINE_get_default_ECDH;
+ EC_KEY_get_conv_form;
+ ASN1_OCTET_STRING_NDEF_it;
-+ ASN1_OCTET_STRING_NDEF_it;
+ STORE_delete_public_key;
+ STORE_get_public_key;
+ STORE_modify_arbitrary;
@@ -3383,7 +3256,6 @@ Index: openssl-1.0.1d/openssl.ld
+ ENGINE_load_padlock;
+ EC_GROUP_set_curve_name;
+ X509_CERT_PAIR_it;
-+ X509_CERT_PAIR_it;
+ STORE_meth_get_revoke_fn;
+ STORE_method_get_revoke_function;
+ STORE_method_set_get_function;
@@ -3510,7 +3382,6 @@ Index: openssl-1.0.1d/openssl.ld
+ pqueue_pop;
+ STORE_ATTR_INFO_get0_cstr;
+ POLICY_CONSTRAINTS_it;
-+ POLICY_CONSTRAINTS_it;
+ STORE_get_ex_new_index;
+ EVP_PKEY_get_attr_by_OBJ;
+ X509_VERIFY_PARAM_add0_policy;
@@ -3558,8 +3429,6 @@ Index: openssl-1.0.1d/openssl.ld
+ STORE_modify_crl;
+ STORE_list_private_key_start;
+ POLICY_MAPPINGS_it;
-+ POLICY_MAPPINGS_it;
-+ GENERAL_SUBTREE_it;
+ GENERAL_SUBTREE_it;
+ EC_GROUP_get_curve_name;
+ PEM_write_X509_CERT_PAIR;
@@ -3692,15 +3561,12 @@ Index: openssl-1.0.1d/openssl.ld
+ BIO_set_callback_arg;
+ v3_addr_add_prefix;
+ IPAddressOrRange_it;
-+ IPAddressOrRange_it;
+ BIO_set_flags;
+ ASIdentifiers_it;
-+ ASIdentifiers_it;
+ v3_addr_get_range;
+ BIO_method_type;
+ v3_addr_inherits;
+ IPAddressChoice_it;
-+ IPAddressChoice_it;
+ AES_ige_encrypt;
+ v3_addr_add_range;
+ EVP_CIPHER_CTX_nid;
@@ -3721,7 +3587,6 @@ Index: openssl-1.0.1d/openssl.ld
+ BIO_clear_flags;
+ i2d_ASRange;
+ IPAddressRange_it;
-+ IPAddressRange_it;
+ IPAddressChoice_new;
+ ASIdentifierChoice_new;
+ ASRange_free;
@@ -3742,7 +3607,6 @@ Index: openssl-1.0.1d/openssl.ld
+ BIO_test_flags;
+ i2d_ASIdentifierChoice;
+ ASRange_it;
-+ ASRange_it;
+ d2i_ASIdentifiers;
+ ASRange_new;
+ d2i_IPAddressChoice;
@@ -3751,7 +3615,6 @@ Index: openssl-1.0.1d/openssl.ld
+ EVP_Cipher;
+ i2d_IPAddressOrRange;
+ ASIdOrRange_it;
-+ ASIdOrRange_it;
+ EVP_CIPHER_nid;
+ i2d_IPAddressChoice;
+ EVP_CIPHER_CTX_block_size;
@@ -3762,7 +3625,6 @@ Index: openssl-1.0.1d/openssl.ld
+ v3_addr_is_canonical;
+ i2d_IPAddressRange;
+ IPAddressFamily_it;
-+ IPAddressFamily_it;
+ v3_asid_inherits;
+ EVP_CIPHER_CTX_cipher;
+ EVP_CIPHER_CTX_get_app_data;
@@ -3772,7 +3634,6 @@ Index: openssl-1.0.1d/openssl.ld
+ d2i_IPAddressOrRange;
+ v3_addr_canonize;
+ ASIdentifierChoice_it;
-+ ASIdentifierChoice_it;
+ EVP_MD_CTX_md;
+ d2i_ASIdentifierChoice;
+ BIO_method_name;
@@ -3795,7 +3656,6 @@ Index: openssl-1.0.1d/openssl.ld
+ SEED_set_key;
+ EVP_seed_cfb128;
+ X509_EXTENSIONS_it;
-+ X509_EXTENSIONS_it;
+ X509_get1_ocsp;
+ OCSP_REQ_CTX_free;
+ i2d_X509_EXTENSIONS;
@@ -3803,7 +3663,6 @@ Index: openssl-1.0.1d/openssl.ld
+ OCSP_sendreq_new;
+ d2i_X509_EXTENSIONS;
+ X509_ALGORS_it;
-+ X509_ALGORS_it;
+ X509_ALGOR_get0;
+ X509_ALGOR_set0;
+ AES_unwrap_key;
@@ -3848,7 +3707,6 @@ Index: openssl-1.0.1d/openssl.ld
+ CMS_SignerInfo_verify;
+ CMS_data;
+ CMS_ContentInfo_it;
-+ CMS_ContentInfo_it;
+ d2i_CMS_ReceiptRequest;
+ CMS_compress;
+ CMS_digest_create;
@@ -3893,7 +3751,6 @@ Index: openssl-1.0.1d/openssl.ld
+ CMS_RecipientInfo_kekri_get0_id;
+ CMS_verify_receipt;
+ CMS_ReceiptRequest_it;
-+ CMS_ReceiptRequest_it;
+ PEM_read_bio_CMS;
+ CMS_get1_crls;
+ CMS_add0_recipient_key;
@@ -4032,7 +3889,6 @@ Index: openssl-1.0.1d/openssl.ld
+ TS_REQ_dup;
+ GENERAL_NAME_dup;
+ ASN1_SEQUENCE_ANY_it;
-+ ASN1_SEQUENCE_ANY_it;
+ WHIRLPOOL;
+ X509_STORE_get1_crls;
+ ENGINE_get_pkey_asn1_meth;
@@ -4103,7 +3959,6 @@ Index: openssl-1.0.1d/openssl.ld
+ DIST_POINT_set_dpname;
+ i2d_ISSUING_DIST_POINT;
+ ASN1_SET_ANY_it;
-+ ASN1_SET_ANY_it;
+ EVP_PKEY_CTX_get_data;
+ TS_STATUS_INFO_print_bio;
+ EVP_PKEY_derive_init;
@@ -4263,7 +4118,6 @@ Index: openssl-1.0.1d/openssl.ld
+ EVP_DigestSignFinal;
+ TS_RESP_CTX_set_def_policy;
+ NETSCAPE_X509_it;
-+ NETSCAPE_X509_it;
+ TS_RESP_create_response;
+ PKCS7_SIGNER_INFO_get0_algs;
+ TS_TST_INFO_get_nonce;
@@ -4322,7 +4176,6 @@ Index: openssl-1.0.1d/openssl.ld
+ EVP_CIPHER_do_all_sorted;
+ EVP_PKEY_CTX_free;
+ ISSUING_DIST_POINT_it;
-+ ISSUING_DIST_POINT_it;
+ d2i_TS_MSG_IMPRINT_fp;
+ X509_STORE_get1_certs;
+ EVP_PKEY_CTX_get_operation;
@@ -4615,7 +4468,6 @@ Index: openssl-1.0.1d/openssl.ld
+ X509_signature_dump;
+ d2i_RSA_PSS_PARAMS;
+ RSA_PSS_PARAMS_it;
-+ RSA_PSS_PARAMS_it;
+ RSA_PSS_PARAMS_free;
+ X509_sign_ctx;
+ i2d_RSA_PSS_PARAMS;
@@ -4638,10 +4490,151 @@ Index: openssl-1.0.1d/openssl.ld
+ CRYPTO_memcmp;
+} OPENSSL_1.0.1;
+
-Index: openssl-1.0.1d/engines/openssl.ld
++OPENSSL_1.0.2 {
++ global:
++ SSL_CTX_set_alpn_protos;
++ SSL_set_alpn_protos;
++ SSL_CTX_set_alpn_select_cb;
++ SSL_get0_alpn_selected;
++ SSL_CTX_set_custom_cli_ext;
++ SSL_CTX_set_custom_srv_ext;
++ SSL_CTX_set_srv_supp_data;
++ SSL_CTX_set_cli_supp_data;
++ SSL_set_cert_cb;
++ SSL_CTX_use_serverinfo;
++ SSL_CTX_use_serverinfo_file;
++ SSL_CTX_set_cert_cb;
++ SSL_CTX_get0_param;
++ SSL_get0_param;
++ SSL_certs_clear;
++ DTLSv1_2_method;
++ DTLSv1_2_server_method;
++ DTLSv1_2_client_method;
++ DTLS_method;
++ DTLS_server_method;
++ DTLS_client_method;
++ SSL_CTX_get_ssl_method;
++ SSL_CTX_get0_certificate;
++ SSL_CTX_get0_privatekey;
++ SSL_COMP_set0_compression_methods;
++ SSL_COMP_free_compression_methods;
++ SSL_CIPHER_find;
++ SSL_is_server;
++ SSL_CONF_CTX_new;
++ SSL_CONF_CTX_finish;
++ SSL_CONF_CTX_free;
++ SSL_CONF_CTX_set_flags;
++ SSL_CONF_CTX_clear_flags;
++ SSL_CONF_CTX_set1_prefix;
++ SSL_CONF_CTX_set_ssl;
++ SSL_CONF_CTX_set_ssl_ctx;
++ SSL_CONF_cmd;
++ SSL_CONF_cmd_argv;
++ SSL_CONF_cmd_value_type;
++ SSL_trace;
++ SSL_CIPHER_standard_name;
++ SSL_get_tlsa_record_byname;
++ ASN1_TIME_diff;
++ BIO_hex_string;
++ CMS_RecipientInfo_get0_pkey_ctx;
++ CMS_RecipientInfo_encrypt;
++ CMS_SignerInfo_get0_pkey_ctx;
++ CMS_SignerInfo_get0_md_ctx;
++ CMS_SignerInfo_get0_signature;
++ CMS_RecipientInfo_kari_get0_alg;
++ CMS_RecipientInfo_kari_get0_reks;
++ CMS_RecipientInfo_kari_get0_orig_id;
++ CMS_RecipientInfo_kari_orig_id_cmp;
++ CMS_RecipientEncryptedKey_get0_id;
++ CMS_RecipientEncryptedKey_cert_cmp;
++ CMS_RecipientInfo_kari_set0_pkey;
++ CMS_RecipientInfo_kari_get0_ctx;
++ CMS_RecipientInfo_kari_decrypt;
++ CMS_SharedInfo_encode;
++ DH_compute_key_padded;
++ d2i_DHxparams;
++ i2d_DHxparams;
++ DH_get_1024_160;
++ DH_get_2048_224;
++ DH_get_2048_256;
++ DH_KDF_X9_42;
++ ECDH_KDF_X9_62;
++ ECDSA_METHOD_new;
++ ECDSA_METHOD_free;
++ ECDSA_METHOD_set_app_data;
++ ECDSA_METHOD_get_app_data;
++ ECDSA_METHOD_set_sign;
++ ECDSA_METHOD_set_sign_setup;
++ ECDSA_METHOD_set_verify;
++ ECDSA_METHOD_set_flags;
++ ECDSA_METHOD_set_name;
++ EVP_des_ede3_wrap;
++ EVP_aes_128_wrap;
++ EVP_aes_192_wrap;
++ EVP_aes_256_wrap;
++ EVP_aes_128_cbc_hmac_sha256;
++ EVP_aes_256_cbc_hmac_sha256;
++ CRYPTO_128_wrap;
++ CRYPTO_128_unwrap;
++ OCSP_REQ_CTX_nbio;
++ OCSP_REQ_CTX_new;
++ OCSP_set_max_response_length;
++ OCSP_REQ_CTX_i2d;
++ OCSP_REQ_CTX_nbio_d2i;
++ OCSP_REQ_CTX_get0_mem_bio;
++ OCSP_REQ_CTX_http;
++ RSA_padding_add_PKCS1_OAEP_mgf1;
++ RSA_padding_check_PKCS1_OAEP_mgf1;
++ RSA_OAEP_PARAMS_free;
++ RSA_OAEP_PARAMS_it;
++ RSA_OAEP_PARAMS_new;
++ SSL_get_sigalgs;
++ SSL_get_shared_sigalgs;
++ SSL_check_chain;
++ X509_chain_up_ref;
++ X509_http_nbio;
++ X509_CRL_http_nbio;
++ X509_REVOKED_dup;
++ i2d_re_X509_tbs;
++ X509_get0_signature;
++ X509_get_signature_nid;
++ X509_CRL_diff;
++ X509_chain_check_suiteb;
++ X509_CRL_check_suiteb;
++ X509_check_host;
++ X509_check_email;
++ X509_check_ip;
++ X509_check_ip_asc;
++ X509_STORE_set_lookup_crls_cb;
++ X509_STORE_CTX_get0_store;
++ X509_VERIFY_PARAM_set1_host;
++ X509_VERIFY_PARAM_add1_host;
++ X509_VERIFY_PARAM_set_hostflags;
++ X509_VERIFY_PARAM_get0_peername;
++ X509_VERIFY_PARAM_set1_email;
++ X509_VERIFY_PARAM_set1_ip;
++ X509_VERIFY_PARAM_set1_ip_asc;
++ X509_VERIFY_PARAM_get0_name;
++ X509_VERIFY_PARAM_get_count;
++ X509_VERIFY_PARAM_get0;
++ X509V3_EXT_free;
++ EC_GROUP_get_mont_data;
++ EC_curve_nid2nist;
++ EC_curve_nist2nid;
++ PEM_write_bio_DHxparams;
++ PEM_write_DHxparams;
++ SSL_CTX_add_client_custom_ext;
++ SSL_CTX_add_server_custom_ext;
++ SSL_extension_supported;
++ BUF_strnlen;
++ sk_deep_copy;
++ SSL_test_functions;
++} OPENSSL_1.0.1d;
++
+Index: openssl-1.0.2~beta1.obsolete.0.0498436515490575/engines/openssl.ld
===================================================================
--- /dev/null 1970-01-01 00:00:00.000000000 +0000
-+++ openssl-1.0.1d/engines/openssl.ld 2013-02-06 19:41:43.000000000 +0100
++++ openssl-1.0.2~beta1.obsolete.0.0498436515490575/engines/openssl.ld 2014-02-24 21:02:30.000000000 +0100
@@ -0,0 +1,10 @@
+OPENSSL_1.0.0 {
+ global:
@@ -4653,10 +4646,10 @@ Index: openssl-1.0.1d/engines/openssl.ld
+ *;
+};
+
-Index: openssl-1.0.1d/engines/ccgost/openssl.ld
+Index: openssl-1.0.2~beta1.obsolete.0.0498436515490575/engines/ccgost/openssl.ld
===================================================================
--- /dev/null 1970-01-01 00:00:00.000000000 +0000
-+++ openssl-1.0.1d/engines/ccgost/openssl.ld 2013-02-06 19:41:43.000000000 +0100
++++ openssl-1.0.2~beta1.obsolete.0.0498436515490575/engines/ccgost/openssl.ld 2014-02-24 21:02:30.000000000 +0100
@@ -0,0 +1,10 @@
+OPENSSL_1.0.0 {
+ global:
diff --git a/meta/recipes-connectivity/openssl/openssl/debian1.0.2/block_digicert_malaysia.patch b/meta/recipes-connectivity/openssl/openssl/debian1.0.2/block_digicert_malaysia.patch
new file mode 100644
index 0000000..c43bcd1
--- /dev/null
+++ b/meta/recipes-connectivity/openssl/openssl/debian1.0.2/block_digicert_malaysia.patch
@@ -0,0 +1,29 @@
+From: Raphael Geissert <geissert@debian.org>
+Description: make X509_verify_cert indicate that any certificate whose
+ name contains "Digicert Sdn. Bhd." (from Malaysia) is revoked.
+Forwarded: not-needed
+Origin: vendor
+Last-Update: 2011-11-05
+
+Upstream-Status: Backport [debian]
+
+
+Index: openssl-1.0.2~beta1/crypto/x509/x509_vfy.c
+===================================================================
+--- openssl-1.0.2~beta1.orig/crypto/x509/x509_vfy.c 2014-02-25 00:16:12.488028844 +0100
++++ openssl-1.0.2~beta1/crypto/x509/x509_vfy.c 2014-02-25 00:16:12.484028929 +0100
+@@ -964,10 +964,11 @@
+ for (i = sk_X509_num(ctx->chain) - 1; i >= 0; i--)
+ {
+ x = sk_X509_value(ctx->chain, i);
+- /* Mark DigiNotar certificates as revoked, no matter
+- * where in the chain they are.
++ /* Mark certificates containing the following names as
++ * revoked, no matter where in the chain they are.
+ */
+- if (x->name && strstr(x->name, "DigiNotar"))
++ if (x->name && (strstr(x->name, "DigiNotar") ||
++ strstr(x->name, "Digicert Sdn. Bhd.")))
+ {
+ ctx->error = X509_V_ERR_CERT_REVOKED;
+ ctx->error_depth = i;
diff --git a/meta/recipes-connectivity/openssl/openssl/debian1.0.2/block_diginotar.patch b/meta/recipes-connectivity/openssl/openssl/debian1.0.2/block_diginotar.patch
new file mode 100644
index 0000000..0c1a0b6
--- /dev/null
+++ b/meta/recipes-connectivity/openssl/openssl/debian1.0.2/block_diginotar.patch
@@ -0,0 +1,67 @@
+From: Raphael Geissert <geissert@debian.org>
+Description: make X509_verify_cert indicate that any certificate whose
+ name contains "DigiNotar" is revoked.
+Forwarded: not-needed
+Origin: vendor
+Last-Update: 2011-09-08
+Bug: http://bugs.debian.org/639744
+Reviewed-by: Kurt Roeckx <kurt@roeckx.be>
+Reviewed-by: Dr Stephen N Henson <shenson@drh-consultancy.co.uk>
+
+This is not meant as final patch.
+
+Upstream-Status: Backport [debian]
+
+
+Index: openssl-1.0.2/crypto/x509/x509_vfy.c
+===================================================================
+--- openssl-1.0.2.orig/crypto/x509/x509_vfy.c
++++ openssl-1.0.2/crypto/x509/x509_vfy.c
+@@ -119,6 +119,7 @@ static int check_trust(X509_STORE_CTX *c
+ static int check_revocation(X509_STORE_CTX *ctx);
+ static int check_cert(X509_STORE_CTX *ctx);
+ static int check_policy(X509_STORE_CTX *ctx);
++static int check_ca_blacklist(X509_STORE_CTX *ctx);
+
+ static int get_crl_score(X509_STORE_CTX *ctx, X509 **pissuer,
+ unsigned int *preasons, X509_CRL *crl, X509 *x);
+@@ -438,6 +439,9 @@ int X509_verify_cert(X509_STORE_CTX *ctx
+ if (!ok)
+ goto end;
+
++ ok = check_ca_blacklist(ctx);
++ if(!ok) goto end;
++
+ #ifndef OPENSSL_NO_RFC3779
+ /* RFC 3779 path validation, now that CRL check has been done */
+ ok = v3_asid_validate_path(ctx);
+@@ -938,6 +942,29 @@ static int check_crl_time(X509_STORE_CTX
+ return 1;
+ }
+
++static int check_ca_blacklist(X509_STORE_CTX *ctx)
++ {
++ X509 *x;
++ int i;
++ /* Check all certificates against the blacklist */
++ for (i = sk_X509_num(ctx->chain) - 1; i >= 0; i--)
++ {
++ x = sk_X509_value(ctx->chain, i);
++ /* Mark DigiNotar certificates as revoked, no matter
++ * where in the chain they are.
++ */
++ if (x->name && strstr(x->name, "DigiNotar"))
++ {
++ ctx->error = X509_V_ERR_CERT_REVOKED;
++ ctx->error_depth = i;
++ ctx->current_cert = x;
++ if (!ctx->verify_cb(0,ctx))
++ return 0;
++ }
++ }
++ return 1;
++ }
++
+ static int get_crl_sk(X509_STORE_CTX *ctx, X509_CRL **pcrl, X509_CRL **pdcrl,
+ X509 **pissuer, int *pscore, unsigned int *preasons,
+ STACK_OF(X509_CRL) *crls)
diff --git a/meta/recipes-connectivity/openssl/openssl/debian1.0.2/padlock_conf.patch b/meta/recipes-connectivity/openssl/openssl/debian1.0.2/padlock_conf.patch
new file mode 100644
index 0000000..61dcf45
--- /dev/null
+++ b/meta/recipes-connectivity/openssl/openssl/debian1.0.2/padlock_conf.patch
@@ -0,0 +1,31 @@
+
+Upstream-Status: Backport [debian]
+
+--- openssl/apps/openssl.cnf.orig 2012-06-06 00:45:56.000000000 +0200
++++ openssl/apps/openssl.cnf 2012-06-06 00:46:46.000000000 +0200
+@@ -19,6 +19,8 @@
+ # (Alternatively, use a configuration file that has only
+ # X.509v3 extensions in its main [= default] section.)
+
++openssl_conf = openssl_def
++
+ [ new_oids ]
+
+ # We can add new OIDs in here for use by 'ca', 'req' and 'ts'.
+@@ -348,3 +350,16 @@
+ # (optional, default: no)
+ ess_cert_id_chain = no # Must the ESS cert id chain be included?
+ # (optional, default: no)
++
++[openssl_def]
++engines = engine_section
++
++[engine_section]
++padlock = padlock_section
++
++[padlock_section]
++soft_load=1
++init=1
++default_algorithms = ALL
++dynamic_path=padlock
++
diff --git a/meta/recipes-connectivity/openssl/openssl/engines-install-in-libdir-ssl.patch b/meta/recipes-connectivity/openssl/openssl/engines-install-in-libdir-ssl.patch
index d8a6f1a..a574648 100644
--- a/meta/recipes-connectivity/openssl/openssl/engines-install-in-libdir-ssl.patch
+++ b/meta/recipes-connectivity/openssl/openssl/engines-install-in-libdir-ssl.patch
@@ -1,11 +1,11 @@
Upstream-Status: Inappropriate [configuration]
-Index: openssl-1.0.0/engines/Makefile
+Index: openssl-1.0.2/engines/Makefile
===================================================================
---- openssl-1.0.0.orig/engines/Makefile
-+++ openssl-1.0.0/engines/Makefile
-@@ -107,7 +107,7 @@
+--- openssl-1.0.2.orig/engines/Makefile
++++ openssl-1.0.2/engines/Makefile
+@@ -107,13 +107,13 @@ install:
@[ -n "$(INSTALLTOP)" ] # should be set by top Makefile...
@if [ -n "$(SHARED_LIBS)" ]; then \
set -e; \
@@ -14,16 +14,19 @@ Index: openssl-1.0.0/engines/Makefile
for l in $(LIBNAMES); do \
( echo installing $$l; \
pfx=lib; \
-@@ -119,13 +119,13 @@
+ if expr "$(PLATFORM)" : "Cygwin" >/dev/null; then \
+ sfx=".so"; \
+- cp cyg$$l.dll $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/engines/$$pfx$$l$$sfx.new; \
++ cp cyg$$l.dll $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/ssl/engines/$$pfx$$l$$sfx.new; \
+ else \
+ case "$(CFLAGS)" in \
+ *DSO_BEOS*) sfx=".so";; \
+@@ -122,10 +122,10 @@ install:
*DSO_WIN32*) sfx="eay32.dll"; pfx=;; \
*) sfx=".bad";; \
esac; \
- cp $$pfx$$l$$sfx $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/engines/$$pfx$$l$$sfx.new; \
+ cp $$pfx$$l$$sfx $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/ssl/engines/$$pfx$$l$$sfx.new; \
- else \
- sfx=".so"; \
-- cp cyg$$l.dll $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/engines/$$pfx$$l$$sfx.new; \
-+ cp cyg$$l.dll $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/ssl/engines/$$pfx$$l$$sfx.new; \
fi; \
- chmod 555 $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/engines/$$pfx$$l$$sfx.new; \
- mv -f $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/engines/$$pfx$$l$$sfx.new $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/engines/$$pfx$$l$$sfx ); \
@@ -32,20 +35,25 @@ Index: openssl-1.0.0/engines/Makefile
done; \
fi
@target=install; $(RECURSIVE_MAKE)
-Index: openssl-1.0.0/engines/ccgost/Makefile
+Index: openssl-1.0.2/engines/ccgost/Makefile
===================================================================
---- openssl-1.0.0.orig/engines/ccgost/Makefile
-+++ openssl-1.0.0/engines/ccgost/Makefile
-@@ -53,13 +53,13 @@
+--- openssl-1.0.2.orig/engines/ccgost/Makefile
++++ openssl-1.0.2/engines/ccgost/Makefile
+@@ -47,7 +47,7 @@ install:
+ pfx=lib; \
+ if expr "$(PLATFORM)" : "Cygwin" >/dev/null; then \
+ sfx=".so"; \
+- cp cyg$(LIBNAME).dll $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/engines/$${pfx}$(LIBNAME)$$sfx.new; \
++ cp cyg$(LIBNAME).dll $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/ssl/engines/$${pfx}$(LIBNAME)$$sfx.new; \
+ else \
+ case "$(CFLAGS)" in \
+ *DSO_BEOS*) sfx=".so";; \
+@@ -56,10 +56,10 @@ install:
*DSO_WIN32*) sfx="eay32.dll"; pfx=;; \
*) sfx=".bad";; \
esac; \
- cp $${pfx}$(LIBNAME)$$sfx $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/engines/$${pfx}$(LIBNAME)$$sfx.new; \
+ cp $${pfx}$(LIBNAME)$$sfx $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/ssl/engines/$${pfx}$(LIBNAME)$$sfx.new; \
- else \
- sfx=".so"; \
-- cp cyg$(LIBNAME).dll $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/engines/$${pfx}$(LIBNAME)$$sfx.new; \
-+ cp cyg$(LIBNAME).dll $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/ssl/engines/$${pfx}$(LIBNAME)$$sfx.new; \
fi; \
- chmod 555 $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/engines/$${pfx}$(LIBNAME)$$sfx.new; \
- mv -f $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/engines/$${pfx}$(LIBNAME)$$sfx.new $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/engines/$${pfx}$(LIBNAME)$$sfx; \
diff --git a/meta/recipes-connectivity/openssl/openssl/fix-cipher-des-ede3-cfb1.patch b/meta/recipes-connectivity/openssl/openssl/fix-cipher-des-ede3-cfb1.patch
index f0e1778..06d1ea6 100644
--- a/meta/recipes-connectivity/openssl/openssl/fix-cipher-des-ede3-cfb1.patch
+++ b/meta/recipes-connectivity/openssl/openssl/fix-cipher-des-ede3-cfb1.patch
@@ -6,17 +6,16 @@ http://rt.openssl.org/Ticket/Display.html?id=2867
Signed-Off-By: Muhammad Shakeel <muhammad_shakeel@mentor.com>
-diff --git a/crypto/evp/e_des3.c b/crypto/evp/e_des3.c
-index 3232cfe..df84922 100644
+Index: openssl-1.0.2/crypto/evp/e_des3.c
===================================================================
---- a/crypto/evp/e_des3.c
-+++ b/crypto/evp/e_des3.c
-@@ -173,7 +173,7 @@ static int des_ede3_cfb1_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
+--- openssl-1.0.2.orig/crypto/evp/e_des3.c
++++ openssl-1.0.2/crypto/evp/e_des3.c
+@@ -211,7 +211,7 @@ static int des_ede3_cfb1_cipher(EVP_CIPH
size_t n;
- unsigned char c[1],d[1];
+ unsigned char c[1], d[1];
-- for(n=0 ; n < inl ; ++n)
-+ for(n=0 ; n < inl*8 ; ++n)
- {
- c[0]=(in[n/8]&(1 << (7-n%8))) ? 0x80 : 0;
- DES_ede3_cfb_encrypt(c,d,1,1,
+- for (n = 0; n < inl; ++n) {
++ for (n = 0; n * 8 < inl; ++n) {
+ c[0] = (in[n / 8] & (1 << (7 - n % 8))) ? 0x80 : 0;
+ DES_ede3_cfb_encrypt(c, d, 1, 1,
+ &data(ctx)->ks1, &data(ctx)->ks2,
diff --git a/meta/recipes-connectivity/openssl/openssl/initial-aarch64-bits.patch b/meta/recipes-connectivity/openssl/openssl/initial-aarch64-bits.patch
deleted file mode 100644
index 770097d..0000000
--- a/meta/recipes-connectivity/openssl/openssl/initial-aarch64-bits.patch
+++ /dev/null
@@ -1,120 +0,0 @@
-From: Andy Polyakov <appro@openssl.org>
-Date: Sun, 13 Oct 2013 17:15:15 +0000 (+0200)
-Subject: Initial aarch64 bits.
-X-Git-Url: http://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff_plain;h=039081b80977e2a5de84e1f88f8b4d025b559956
-
-Initial aarch64 bits.
-Upstream-Status: backport (will be included in 1.0.2)
----
- crypto/bn/bn_lcl.h | 9 +++++++++
- crypto/md32_common.h | 18 ++++++++++++++++++
- crypto/modes/modes_lcl.h | 8 ++++++++
- crypto/sha/sha512.c | 13 +++++++++++++
- 4 files changed, 48 insertions(+)
-
-Index: openssl-1.0.1f/crypto/bn/bn_lcl.h
-===================================================================
---- openssl-1.0.1f.orig/crypto/bn/bn_lcl.h 2014-01-06 15:47:42.000000000 +0200
-+++ openssl-1.0.1f/crypto/bn/bn_lcl.h 2014-02-28 10:37:55.495979037 +0200
-@@ -300,6 +300,15 @@
- : "r"(a), "r"(b));
- # endif
- # endif
-+# elif defined(__aarch64__) && defined(SIXTY_FOUR_BIT_LONG)
-+# if defined(__GNUC__) && __GNUC__>=2
-+# define BN_UMULT_HIGH(a,b) ({ \
-+ register BN_ULONG ret; \
-+ asm ("umulh %0,%1,%2" \
-+ : "=r"(ret) \
-+ : "r"(a), "r"(b)); \
-+ ret; })
-+# endif
- # endif /* cpu */
- #endif /* OPENSSL_NO_ASM */
-
-Index: openssl-1.0.1f/crypto/md32_common.h
-===================================================================
---- openssl-1.0.1f.orig/crypto/md32_common.h 2014-01-06 15:47:42.000000000 +0200
-+++ openssl-1.0.1f/crypto/md32_common.h 2014-02-28 10:39:21.751979107 +0200
-@@ -213,6 +213,24 @@
- asm ("bswapl %0":"=r"(r):"0"(r)); \
- *((unsigned int *)(c))=r; (c)+=4; r; })
- # endif
-+# elif defined(__aarch64__)
-+# if defined(__BYTE_ORDER__)
-+# if defined(__ORDER_LITTLE_ENDIAN__) && __BYTE_ORDER__==__ORDER_LITTLE_ENDIAN__
-+# define HOST_c2l(c,l) ({ unsigned int r; \
-+ asm ("rev %w0,%w1" \
-+ :"=r"(r) \
-+ :"r"(*((const unsigned int *)(c))));\
-+ (c)+=4; (l)=r; })
-+# define HOST_l2c(l,c) ({ unsigned int r; \
-+ asm ("rev %w0,%w1" \
-+ :"=r"(r) \
-+ :"r"((unsigned int)(l)));\
-+ *((unsigned int *)(c))=r; (c)+=4; r; })
-+# elif defined(__ORDER_BIG_ENDIAN__) && __BYTE_ORDER__==__ORDER_BIG_ENDIAN__
-+# define HOST_c2l(c,l) ((l)=*((const unsigned int *)(c)), (c)+=4, (l))
-+# define HOST_l2c(l,c) (*((unsigned int *)(c))=(l), (c)+=4, (l))
-+# endif
-+# endif
- # endif
- # endif
- #endif
-Index: openssl-1.0.1f/crypto/modes/modes_lcl.h
-===================================================================
---- openssl-1.0.1f.orig/crypto/modes/modes_lcl.h 2014-02-28 10:47:48.731979011 +0200
-+++ openssl-1.0.1f/crypto/modes/modes_lcl.h 2014-02-28 10:48:49.707978919 +0200
-@@ -29,6 +29,7 @@
- #if defined(__i386) || defined(__i386__) || \
- defined(__x86_64) || defined(__x86_64__) || \
- defined(_M_IX86) || defined(_M_AMD64) || defined(_M_X64) || \
-+ defined(__aarch64__) || \
- defined(__s390__) || defined(__s390x__)
- # undef STRICT_ALIGNMENT
- #endif
-@@ -50,6 +51,13 @@
- # define BSWAP4(x) ({ u32 ret=(x); \
- asm ("bswapl %0" \
- : "+r"(ret)); ret; })
-+# elif defined(__aarch64__)
-+# define BSWAP8(x) ({ u64 ret; \
-+ asm ("rev %0,%1" \
-+ : "=r"(ret) : "r"(x)); ret; })
-+# define BSWAP4(x) ({ u32 ret; \
-+ asm ("rev %w0,%w1" \
-+ : "=r"(ret) : "r"(x)); ret; })
- # elif (defined(__arm__) || defined(__arm)) && !defined(STRICT_ALIGNMENT)
- # define BSWAP8(x) ({ u32 lo=(u64)(x)>>32,hi=(x); \
- asm ("rev %0,%0; rev %1,%1" \
-Index: openssl-1.0.1f/crypto/sha/sha512.c
-===================================================================
---- openssl-1.0.1f.orig/crypto/sha/sha512.c 2014-01-06 15:47:42.000000000 +0200
-+++ openssl-1.0.1f/crypto/sha/sha512.c 2014-02-28 10:52:14.579978981 +0200
-@@ -55,6 +55,7 @@
- #if defined(__i386) || defined(__i386__) || defined(_M_IX86) || \
- defined(__x86_64) || defined(_M_AMD64) || defined(_M_X64) || \
- defined(__s390__) || defined(__s390x__) || \
-+ defined(__aarch64__) || \
- defined(SHA512_ASM)
- #define SHA512_BLOCK_CAN_MANAGE_UNALIGNED_DATA
- #endif
-@@ -347,6 +348,18 @@
- asm ("rotrdi %0,%1,%2" \
- : "=r"(ret) \
- : "r"(a),"K"(n)); ret; })
-+# elif defined(__aarch64__)
-+# define ROTR(a,n) ({ SHA_LONG64 ret; \
-+ asm ("ror %0,%1,%2" \
-+ : "=r"(ret) \
-+ : "r"(a),"I"(n)); ret; })
-+# if defined(__BYTE_ORDER__) && defined(__ORDER_LITTLE_ENDIAN__) && \
-+ __BYTE_ORDER__==__ORDER_LITTLE_ENDIAN__
-+# define PULL64(x) ({ SHA_LONG64 ret; \
-+ asm ("rev %0,%1" \
-+ : "=r"(ret) \
-+ : "r"(*((const SHA_LONG64 *)(&(x))))); ret; })
-+# endif
- # endif
- # elif defined(_MSC_VER)
- # if defined(_WIN64) /* applies to both IA-64 and AMD64 */
diff --git a/meta/recipes-connectivity/openssl/openssl/openssl-avoid-NULL-pointer-dereference-in-EVP_DigestInit_ex.patch b/meta/recipes-connectivity/openssl/openssl/openssl-avoid-NULL-pointer-dereference-in-EVP_DigestInit_ex.patch
index c161e62..cebc8cf 100644
--- a/meta/recipes-connectivity/openssl/openssl/openssl-avoid-NULL-pointer-dereference-in-EVP_DigestInit_ex.patch
+++ b/meta/recipes-connectivity/openssl/openssl/openssl-avoid-NULL-pointer-dereference-in-EVP_DigestInit_ex.patch
@@ -8,14 +8,16 @@ http://www.mail-archive.com/openssl-dev@openssl.org/msg32860.html
Signed-off-by: Xufeng Zhang <xufeng.zhang@windriver.com>
---
---- a/crypto/evp/digest.c
-+++ b/crypto/evp/digest.c
-@@ -199,7 +199,7 @@
- return 0;
- }
+Index: openssl-1.0.2/crypto/evp/digest.c
+===================================================================
+--- openssl-1.0.2.orig/crypto/evp/digest.c
++++ openssl-1.0.2/crypto/evp/digest.c
+@@ -208,7 +208,7 @@ int EVP_DigestInit_ex(EVP_MD_CTX *ctx, c
+ return 0;
+ }
#endif
-- if (ctx->digest != type)
-+ if (type && (ctx->digest != type))
- {
- if (ctx->digest && ctx->digest->ctx_size)
- OPENSSL_free(ctx->md_data);
+- if (ctx->digest != type) {
++ if (type && (ctx->digest != type)) {
+ if (ctx->digest && ctx->digest->ctx_size)
+ OPENSSL_free(ctx->md_data);
+ ctx->digest = type;
diff --git a/meta/recipes-connectivity/openssl/openssl/openssl-avoid-NULL-pointer-dereference-in-dh_pub_encode.patch b/meta/recipes-connectivity/openssl/openssl/openssl-avoid-NULL-pointer-dereference-in-dh_pub_encode.patch
index 3e93fe4..d7047bb 100644
--- a/meta/recipes-connectivity/openssl/openssl/openssl-avoid-NULL-pointer-dereference-in-dh_pub_encode.patch
+++ b/meta/recipes-connectivity/openssl/openssl/openssl-avoid-NULL-pointer-dereference-in-dh_pub_encode.patch
@@ -8,32 +8,19 @@ http://www.mail-archive.com/openssl-dev@openssl.org/msg32859.html
Signed-off-by: Xufeng Zhang <xufeng.zhang@windriver.com>
---
---- a/crypto/dh/dh_ameth.c
-+++ b/crypto/dh/dh_ameth.c
-@@ -139,6 +139,12 @@
- dh=pkey->pkey.dh;
+Index: openssl-1.0.2/crypto/dh/dh_ameth.c
+===================================================================
+--- openssl-1.0.2.orig/crypto/dh/dh_ameth.c
++++ openssl-1.0.2/crypto/dh/dh_ameth.c
+@@ -161,6 +161,11 @@ static int dh_pub_encode(X509_PUBKEY *pk
+ dh = pkey->pkey.dh;
- str = ASN1_STRING_new();
-+ if (!str)
-+ {
-+ DHerr(DH_F_DH_PUB_ENCODE, ERR_R_MALLOC_FAILURE);
-+ goto err;
-+ }
+ str = ASN1_STRING_new();
++ if (!str) {
++ DHerr(DH_F_DH_PUB_ENCODE, ERR_R_MALLOC_FAILURE);
++ goto err;
++ }
+
- str->length = i2d_DHparams(dh, &str->data);
- if (str->length <= 0)
- {
---- a/crypto/dsa/dsa_ameth.c
-+++ b/crypto/dsa/dsa_ameth.c
-@@ -148,6 +148,11 @@
- {
- ASN1_STRING *str;
- str = ASN1_STRING_new();
-+ if (!str)
-+ {
-+ DSAerr(DSA_F_DSA_PUB_ENCODE, ERR_R_MALLOC_FAILURE);
-+ goto err;
-+ }
- str->length = i2d_DSAparams(dsa, &str->data);
- if (str->length <= 0)
- {
+ str->length = i2d_dhp(pkey, dh, &str->data);
+ if (str->length <= 0) {
+ DHerr(DH_F_DH_PUB_ENCODE, ERR_R_MALLOC_FAILURE);
diff --git a/meta/recipes-connectivity/openssl/openssl/openssl_fix_for_x32.patch b/meta/recipes-connectivity/openssl/openssl/openssl_fix_for_x32.patch
index 93ce034..cbce32c 100644
--- a/meta/recipes-connectivity/openssl/openssl/openssl_fix_for_x32.patch
+++ b/meta/recipes-connectivity/openssl/openssl/openssl_fix_for_x32.patch
@@ -6,64 +6,13 @@ Signed-Off-By: Nitin A Kamble <nitin.a.kamble@intel.com> 2011/07/13
ported the patch to the 1.0.0e version
Signed-Off-By: Nitin A Kamble <nitin.a.kamble@intel.com> 2011/12/01
-Index: openssl-1.0.1e/Configure
+Index: openssl-1.0.2/crypto/bn/bn.h
===================================================================
---- openssl-1.0.1e.orig/Configure
-+++ openssl-1.0.1e/Configure
-@@ -402,6 +402,7 @@ my %table=(
- "linux-ia64-ecc","ecc:-DL_ENDIAN -DTERMIO -O2 -Wall -no_cpprt::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_INT:${ia64_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
- "linux-ia64-icc","icc:-DL_ENDIAN -DTERMIO -O2 -Wall -no_cpprt::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_RISC1 DES_INT:${ia64_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
- "linux-x86_64", "gcc:-m64 -DL_ENDIAN -DTERMIO -O3 -Wall::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_INT DES_UNROLL:${x86_64_asm}:elf:dlfcn:linux-shared:-fPIC:-m64:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR):::64",
-+"linux-x32", "gcc:-mx32 -DL_ENDIAN -DTERMIO -O3 -Wall -DMD32_REG_T=int::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT RC4_CHUNK DES_INT DES_UNROLL:${x86_64_asm}:elf:dlfcn:linux-shared:-fPIC:-mx32:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR):::x32",
- "linux64-s390x", "gcc:-m64 -DB_ENDIAN -DTERMIO -O3 -Wall::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHAR RC4_CHUNK DES_INT DES_UNROLL:${s390x_asm}:64:dlfcn:linux-shared:-fPIC:-m64:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR):::64",
- #### So called "highgprs" target for z/Architecture CPUs
- # "Highgprs" is kernel feature first implemented in Linux 2.6.32, see
-Index: openssl-1.0.1e/crypto/bn/asm/x86_64-gcc.c
-===================================================================
---- openssl-1.0.1e.orig/crypto/bn/asm/x86_64-gcc.c
-+++ openssl-1.0.1e/crypto/bn/asm/x86_64-gcc.c
-@@ -55,7 +55,7 @@
- * machine.
- */
-
--#ifdef _WIN64
-+#if defined _WIN64 || !defined __LP64__
- #define BN_ULONG unsigned long long
- #else
- #define BN_ULONG unsigned long
-@@ -192,9 +192,9 @@ BN_ULONG bn_add_words (BN_ULONG *rp, con
- asm (
- " subq %2,%2 \n"
- ".p2align 4 \n"
-- "1: movq (%4,%2,8),%0 \n"
-- " adcq (%5,%2,8),%0 \n"
-- " movq %0,(%3,%2,8) \n"
-+ "1: movq (%q4,%2,8),%0 \n"
-+ " adcq (%q5,%2,8),%0 \n"
-+ " movq %0,(%q3,%2,8) \n"
- " leaq 1(%2),%2 \n"
- " loop 1b \n"
- " sbbq %0,%0 \n"
-@@ -215,9 +215,9 @@ BN_ULONG bn_sub_words (BN_ULONG *rp, con
- asm (
- " subq %2,%2 \n"
- ".p2align 4 \n"
-- "1: movq (%4,%2,8),%0 \n"
-- " sbbq (%5,%2,8),%0 \n"
-- " movq %0,(%3,%2,8) \n"
-+ "1: movq (%q4,%2,8),%0 \n"
-+ " sbbq (%q5,%2,8),%0 \n"
-+ " movq %0,(%q3,%2,8) \n"
- " leaq 1(%2),%2 \n"
- " loop 1b \n"
- " sbbq %0,%0 \n"
-Index: openssl-1.0.1e/crypto/bn/bn.h
-===================================================================
---- openssl-1.0.1e.orig/crypto/bn/bn.h
-+++ openssl-1.0.1e/crypto/bn/bn.h
-@@ -172,6 +172,13 @@ extern "C" {
+--- openssl-1.0.2.orig/crypto/bn/bn.h
++++ openssl-1.0.2/crypto/bn/bn.h
+@@ -173,6 +173,13 @@ extern "C" {
+ # endif
# endif
- #endif
+/* Address type. */
+#ifdef _WIN64
@@ -72,19 +21,19 @@ Index: openssl-1.0.1e/crypto/bn/bn.h
+#define BN_ADDR unsigned long
+#endif
+
- /* assuming long is 64bit - this is the DEC Alpha
- * unsigned long long is only 64 bits :-(, don't define
- * BN_LLONG for the DEC Alpha */
-Index: openssl-1.0.1e/crypto/bn/bn_exp.c
+ /*
+ * assuming long is 64bit - this is the DEC Alpha unsigned long long is only
+ * 64 bits :-(, don't define BN_LLONG for the DEC Alpha
+Index: openssl-1.0.2/crypto/bn/bn_exp.c
===================================================================
---- openssl-1.0.1e.orig/crypto/bn/bn_exp.c
-+++ openssl-1.0.1e/crypto/bn/bn_exp.c
-@@ -567,7 +567,7 @@ static int MOD_EXP_CTIME_COPY_FROM_PREBU
-
- /* Given a pointer value, compute the next address that is a cache line multiple. */
+--- openssl-1.0.2.orig/crypto/bn/bn_exp.c
++++ openssl-1.0.2/crypto/bn/bn_exp.c
+@@ -638,7 +638,7 @@ static int MOD_EXP_CTIME_COPY_FROM_PREBU
+ * multiple.
+ */
#define MOD_EXP_CTIME_ALIGN(x_) \
-- ((unsigned char*)(x_) + (MOD_EXP_CTIME_MIN_CACHE_LINE_WIDTH - (((size_t)(x_)) & (MOD_EXP_CTIME_MIN_CACHE_LINE_MASK))))
+- ((unsigned char*)(x_) + (MOD_EXP_CTIME_MIN_CACHE_LINE_WIDTH - (((size_t)(x_)) & (MOD_EXP_CTIME_MIN_CACHE_LINE_MASK))))
+ ((unsigned char*)(x_) + (MOD_EXP_CTIME_MIN_CACHE_LINE_WIDTH - (((BN_ADDR)(x_)) & (MOD_EXP_CTIME_MIN_CACHE_LINE_MASK))))
- /* This variant of BN_mod_exp_mont() uses fixed windows and the special
- * precomputation memory layout to limit data-dependency to a minimum
+ /*
+ * This variant of BN_mod_exp_mont() uses fixed windows and the special
diff --git a/meta/recipes-connectivity/openssl/openssl/ptest-deps.patch b/meta/recipes-connectivity/openssl/openssl/ptest-deps.patch
index 527e10c..ef6d179 100644
--- a/meta/recipes-connectivity/openssl/openssl/ptest-deps.patch
+++ b/meta/recipes-connectivity/openssl/openssl/ptest-deps.patch
@@ -10,11 +10,11 @@ Upstream-Status: Inappropriate [config]
Signed-off-by: Paul Eggleton <paul.eggleton@linux.intel.com>
-diff --git a/test/Makefile b/test/Makefile
-index e6fcfb4..5ae043b 100644
---- a/test/Makefile
-+++ b/test/Makefile
-@@ -322,11 +322,11 @@ test_cms:
+Index: openssl-1.0.2/test/Makefile
+===================================================================
+--- openssl-1.0.2.orig/test/Makefile
++++ openssl-1.0.2/test/Makefile
+@@ -330,7 +330,7 @@ test_cms: ../apps/openssl$(EXE_EXT) cms-
@echo "CMS consistency test"
$(PERL) cms-test.pl
@@ -23,8 +23,12 @@ index e6fcfb4..5ae043b 100644
@echo "Test SRP"
../util/shlib_wrap.sh ./srptest
+@@ -342,7 +342,7 @@ test_v3name: $(V3NAMETEST)$(EXE_EXT)
+ @echo "Test X509v3_check_*"
+ ../util/shlib_wrap.sh ./$(V3NAMETEST)
+
-test_heartbeat: $(HEARTBEATTEST)$(EXE_EXT)
+test_heartbeat:
../util/shlib_wrap.sh ./$(HEARTBEATTEST)
- lint:
+ test_constant_time: $(CONSTTIMETEST)$(EXE_EXT)
diff --git a/meta/recipes-connectivity/openssl/openssl/update-version-script-for-1.0.2.patch b/meta/recipes-connectivity/openssl/openssl/update-version-script-for-1.0.2.patch
new file mode 100644
index 0000000..fcfccfa
--- /dev/null
+++ b/meta/recipes-connectivity/openssl/openssl/update-version-script-for-1.0.2.patch
@@ -0,0 +1,66 @@
+Index: openssl-1.0.2/openssl.ld
+===================================================================
+--- openssl-1.0.2.orig/openssl.ld
++++ openssl-1.0.2/openssl.ld
+@@ -4618,3 +4618,61 @@ OPENSSL_1.0.1d {
+ CRYPTO_memcmp;
+ } OPENSSL_1.0.1;
+
++OPENSSL_1.0.2 {
++ global:
++ ASN1_TIME_diff;
++ CMS_RecipientInfo_get0_pkey_ctx;
++ CMS_RecipientInfo_kari_get0_ctx;
++ CMS_SignerInfo_get0_pkey_ctx;
++ DH_get_1024_160;
++ DH_get_2048_224;
++ DH_get_2048_256;
++ DTLS_client_method;
++ DTLS_server_method;
++ DTLSv1_2_client_method;
++ DTLSv1_2_server_method;
++ EC_curve_nid2nist;
++ EC_curve_nist2nid;
++ EVP_aes_128_cbc_hmac_sha256;
++ EVP_aes_128_wrap;
++ EVP_aes_192_wrap;
++ EVP_aes_256_cbc_hmac_sha256;
++ EVP_aes_256_wrap;
++ EVP_des_ede3_wrap;
++ OCSP_REQ_CTX_http;
++ OCSP_REQ_CTX_new;
++ PEM_write_bio_DHxparams;
++ SSL_CIPHER_find;
++ SSL_CONF_CTX_finish;
++ SSL_CONF_CTX_free;
++ SSL_CONF_CTX_new;
++ SSL_CONF_CTX_set_flags;
++ SSL_CONF_CTX_set_ssl_ctx;
++ SSL_CONF_cmd;
++ SSL_CONF_cmd_argv;
++ SSL_CTX_add_client_custom_ext;
++ SSL_CTX_add_server_custom_ext;
++ SSL_CTX_set_alpn_protos;
++ SSL_CTX_set_alpn_select_cb;
++ SSL_CTX_set_cert_cb;
++ SSL_CTX_use_serverinfo_file;
++ SSL_certs_clear;
++ SSL_check_chain;
++ SSL_get0_alpn_selected;
++ SSL_get_shared_sigalgs;
++ SSL_get_sigalgs;
++ SSL_is_server;
++ X509_CRL_diff;
++ X509_CRL_http_nbio;
++ X509_STORE_set_lookup_crls_cb;
++ X509_VERIFY_PARAM_set1_email;
++ X509_VERIFY_PARAM_set1_host;
++ X509_VERIFY_PARAM_set1_ip_asc;
++ X509_chain_check_suiteb;
++ X509_chain_up_ref;
++ X509_check_email;
++ X509_check_host;
++ X509_check_ip_asc;
++ X509_get_signature_nid;
++ X509_http_nbio;
++} OPENSSL_1.0.1d;
diff --git a/meta/recipes-connectivity/openssl/openssl_1.0.1k.bb b/meta/recipes-connectivity/openssl/openssl_1.0.2.bb
similarity index 84%
rename from meta/recipes-connectivity/openssl/openssl_1.0.1k.bb
rename to meta/recipes-connectivity/openssl/openssl_1.0.2.bb
index 16ffc58..79537f9 100644
--- a/meta/recipes-connectivity/openssl/openssl_1.0.1k.bb
+++ b/meta/recipes-connectivity/openssl/openssl_1.0.2.bb
@@ -16,21 +16,22 @@ SRC_URI += "file://configure-targets.patch \
file://oe-ldflags.patch \
file://engines-install-in-libdir-ssl.patch \
file://openssl-fix-link.patch \
- file://debian/version-script.patch \
- file://debian/pic.patch \
- file://debian/c_rehash-compat.patch \
+ file://debian1.0.2/block_diginotar.patch \
+ file://debian1.0.2/block_digicert_malaysia.patch \
+ file://debian1.0.2/padlock_conf.patch \
file://debian/ca.patch \
- file://debian/make-targets.patch \
- file://debian/no-rpath.patch \
+ file://debian/c_rehash-compat.patch \
+ file://debian/debian-targets.patch \
file://debian/man-dir.patch \
file://debian/man-section.patch \
+ file://debian/no-rpath.patch \
file://debian/no-symbolic.patch \
- file://debian/debian-targets.patch \
+ file://debian/pic.patch \
+ file://debian/version-script.patch \
file://openssl_fix_for_x32.patch \
file://fix-cipher-des-ede3-cfb1.patch \
file://openssl-avoid-NULL-pointer-dereference-in-EVP_DigestInit_ex.patch \
file://openssl-avoid-NULL-pointer-dereference-in-dh_pub_encode.patch \
- file://initial-aarch64-bits.patch \
file://find.pl \
file://openssl-fix-des.pod-error.patch \
file://Makefiles-ptest.patch \
@@ -38,8 +39,8 @@ SRC_URI += "file://configure-targets.patch \
file://run-ptest \
"
-SRC_URI[md5sum] = "d4f002bd22a56881340105028842ae1f"
-SRC_URI[sha256sum] = "8f9faeaebad088e772f4ef5e38252d472be4d878c6b3a2718c10a4fcebe7a41c"
+SRC_URI[md5sum] = "38373013fc85c790aabf8837969c5eba"
+SRC_URI[sha256sum] = "8c48baf3babe0d505d16cfc0cf272589c66d3624264098213db0fb00034728e9"
PACKAGES =+ " \
${PN}-engines \
--
2.1.0
^ permalink raw reply related [flat|nested] 6+ messages in thread
* Re: [PATCH] openssl: Upgrade to 1.0.2
2015-03-04 17:46 [PATCH] openssl: Upgrade to 1.0.2 Saul Wold
@ 2015-03-12 6:18 ` Robert Yang
2015-03-12 19:17 ` Saul Wold
2015-03-13 13:46 ` Martin Jansa
0 siblings, 2 replies; 6+ messages in thread
From: Robert Yang @ 2015-03-12 6:18 UTC (permalink / raw)
To: Saul Wold, openembedded-core
I met this error when building openflow in meta-networking, I guess it maybe
related to the upgraded:
x86_64-wrs-linux-gcc -m64 -march=core2 -mtune=core2 -msse3 -mfpmath=sse
--sysroot=/buildarea/lyang1/test_qemux86-64/bitbake_build/tmp/sysroots/qemux86-64 -Wstrict-prototypes
-O2 -pipe -g -feliminate-unused-debug-types -Wall -Wno-sign-compare
-Wpointer-arith -Wdeclaration-after-statement -Wformat-security -Wswitch-enum
-Wunused-parameter -Wstrict-aliasing -Wbad-function-cast -Wcast-align
-Wstrict-prototypes -Wold-style-definition -Wmissing-prototypes
-Wmissing-field-initializers -Wno-override-init -export-dynamic -Wl,-O1
-Wl,--hash-style=gnu -Wl,--as-needed -o secchan/ofprotocol secchan/discovery.o
secchan/emerg-flow.o secchan/fail-open.o secchan/failover.o secchan/in-band.o
secchan/port-watcher.o secchan/protocol-stat.o secchan/ratelimit.o
secchan/secchan.o secchan/status.o secchan/stp-secchan.o lib/libopenflow.a -ldl
-L/buildarea/lyang1/test_qemux86-64/bitbake_build/tmp/sysroots/qemux86-64/usr/lib64
-lssl
/buildarea/lyang1/test_qemux86-64/bitbake_build/tmp/sysroots/x86_64-linux/usr/libexec/x86_64-wrs-linux/gcc/x86_64-wrs-linux/4.9.2/ld:
lib/libopenflow.a(vconn-ssl.o): undefined reference to symbol
'ERR_error_string@@OPENSSL_1.0.0'
/buildarea/lyang1/test_qemux86-64/bitbake_build/tmp/sysroots/qemux86-64/lib64/libcrypto.so.1.0.0:
error adding symbols: DSO missing from command line
collect2: error: ld returned 1 exit status
// Robert
On 03/05/2015 01:46 AM, Saul Wold wrote:
> Rebased numerous patches
> removed aarch64 initial work since it's part of upstream now
> Imported a few additional patches from Debian to support the version-script
> and blacklist additional bad certificates.
>
> Signed-off-by: Saul Wold <sgw@linux.intel.com>
> ---
> .../openssl/openssl/Makefiles-ptest.patch | 36 +--
> .../openssl/openssl/debian/c_rehash-compat.patch | 58 +++-
> .../openssl/openssl/debian/debian-targets.patch | 25 +-
> .../openssl/openssl/debian/version-script.patch | 311 ++++++++++-----------
> .../debian1.0.2/block_digicert_malaysia.patch | 29 ++
> .../openssl/debian1.0.2/block_diginotar.patch | 67 +++++
> .../openssl/openssl/debian1.0.2/padlock_conf.patch | 31 ++
> .../openssl/engines-install-in-libdir-ssl.patch | 42 +--
> .../openssl/openssl/fix-cipher-des-ede3-cfb1.patch | 21 +-
> .../openssl/openssl/initial-aarch64-bits.patch | 120 --------
> ...-pointer-dereference-in-EVP_DigestInit_ex.patch | 22 +-
> ...NULL-pointer-dereference-in-dh_pub_encode.patch | 41 +--
> .../openssl/openssl/openssl_fix_for_x32.patch | 85 ++----
> .../openssl/openssl/ptest-deps.patch | 16 +-
> .../openssl/update-version-script-for-1.0.2.patch | 66 +++++
> .../{openssl_1.0.1k.bb => openssl_1.0.2.bb} | 19 +-
> 16 files changed, 522 insertions(+), 467 deletions(-)
> create mode 100644 meta/recipes-connectivity/openssl/openssl/debian1.0.2/block_digicert_malaysia.patch
> create mode 100644 meta/recipes-connectivity/openssl/openssl/debian1.0.2/block_diginotar.patch
> create mode 100644 meta/recipes-connectivity/openssl/openssl/debian1.0.2/padlock_conf.patch
> delete mode 100644 meta/recipes-connectivity/openssl/openssl/initial-aarch64-bits.patch
> create mode 100644 meta/recipes-connectivity/openssl/openssl/update-version-script-for-1.0.2.patch
> rename meta/recipes-connectivity/openssl/{openssl_1.0.1k.bb => openssl_1.0.2.bb} (84%)
>
> diff --git a/meta/recipes-connectivity/openssl/openssl/Makefiles-ptest.patch b/meta/recipes-connectivity/openssl/openssl/Makefiles-ptest.patch
> index ac53a91..249446a 100644
> --- a/meta/recipes-connectivity/openssl/openssl/Makefiles-ptest.patch
> +++ b/meta/recipes-connectivity/openssl/openssl/Makefiles-ptest.patch
> @@ -5,10 +5,11 @@ Signed-off-by: Anders Roxell <anders.roxell@enea.com>
> Signed-off-by: Maxin B. John <maxin.john@enea.com>
> Upstream-Status: Pending
> ---
> -diff -uNr a/Makefile b/Makefile
> ---- a/Makefile.org 2012-05-10 17:06:02.000000000 +0200
> -+++ b/Makefile.org 2012-10-27 00:05:55.359424024 +0200
> -@@ -411,8 +411,16 @@
> +Index: openssl-1.0.2/Makefile.org
> +===================================================================
> +--- openssl-1.0.2.orig/Makefile.org
> ++++ openssl-1.0.2/Makefile.org
> +@@ -451,8 +451,16 @@ rehash.time: certs apps
> test: tests
>
> tests: rehash
> @@ -26,11 +27,11 @@ diff -uNr a/Makefile b/Makefile
> OPENSSL_CONF=apps/openssl.cnf util/opensslwrap.sh version -a
>
> report:
> -diff --git a/test/Makefile b/test/Makefile
> -index 3912f82..1696767 100644
> ---- a/test/Makefile
> -+++ b/test/Makefile
> -@@ -128,7 +128,7 @@ tests: exe apps $(TESTS)
> +Index: openssl-1.0.2/test/Makefile
> +===================================================================
> +--- openssl-1.0.2.orig/test/Makefile
> ++++ openssl-1.0.2/test/Makefile
> +@@ -137,7 +137,7 @@ tests: exe apps $(TESTS)
> apps:
> @(cd ..; $(MAKE) DIRS=apps all)
>
> @@ -39,28 +40,28 @@ index 3912f82..1696767 100644
> test_des test_idea test_sha test_md4 test_md5 test_hmac \
> test_md2 test_mdc2 test_wp \
> test_rmd test_rc2 test_rc4 test_rc5 test_bf test_cast test_aes \
> -@@ -138,6 +138,11 @@ alltests: \
> - test_ss test_ca test_engine test_evp test_ssl test_tsa test_ige \
> - test_jpake test_cms
> +@@ -148,6 +148,11 @@ alltests: \
> + test_jpake test_srp test_cms test_ocsp test_v3name test_heartbeat \
> + test_constant_time
>
> +alltests:
> + @(for i in $(all-tests); do \
> + ( $(MAKE) $$i && echo "PASS: $$i" ) || echo "FAIL: $$i"; \
> + done)
> +
> - test_evp:
> + test_evp: $(EVPTEST)$(EXE_EXT) evptests.txt
> ../util/shlib_wrap.sh ./$(EVPTEST) evptests.txt
>
> -@@ -203,7 +208,7 @@ test_x509:
> +@@ -213,7 +218,7 @@ test_x509: ../apps/openssl$(EXE_EXT) tx5
> echo test second x509v3 certificate
> sh ./tx509 v3-cert2.pem 2>/dev/null
>
> --test_rsa: $(RSATEST)$(EXE_EXT)
> -+test_rsa:
> +-test_rsa: $(RSATEST)$(EXE_EXT) ../apps/openssl$(EXE_EXT) trsa testrsa.pem
> ++test_rsa: ../apps/openssl$(EXE_EXT) trsa testrsa.pem
> @sh ./trsa 2>/dev/null
> ../util/shlib_wrap.sh ./$(RSATEST)
>
> -@@ -298,11 +303,11 @@ test_tsa:
> +@@ -313,11 +318,11 @@ test_tsa: ../apps/openssl$(EXE_EXT) test
> sh ./testtsa; \
> fi
>
> @@ -73,3 +74,4 @@ index 3912f82..1696767 100644
> +test_jpake:
> @echo "Test JPAKE"
> ../util/shlib_wrap.sh ./$(JPAKETEST)
> +
> diff --git a/meta/recipes-connectivity/openssl/openssl/debian/c_rehash-compat.patch b/meta/recipes-connectivity/openssl/openssl/debian/c_rehash-compat.patch
> index ac1b19b..3943e2c 100644
> --- a/meta/recipes-connectivity/openssl/openssl/debian/c_rehash-compat.patch
> +++ b/meta/recipes-connectivity/openssl/openssl/debian/c_rehash-compat.patch
> @@ -1,38 +1,58 @@
> -Upstream-Status: Backport [debian]
> -
> From 83f318d68bbdab1ca898c94576a838cc97df4700 Mon Sep 17 00:00:00 2001
> From: Ludwig Nussel <ludwig.nussel@suse.de>
> Date: Wed, 21 Apr 2010 15:52:10 +0200
> Subject: [PATCH] also create old hash for compatibility
>
> +Upstream-Status: Backport [debian]
> +
> ---
> tools/c_rehash.in | 8 +++++++-
> 1 files changed, 7 insertions(+), 1 deletions(-)
>
> -Index: openssl-1.0.0d/tools/c_rehash.in
> +Index: openssl-1.0.2~beta3/tools/c_rehash.in
> ===================================================================
> ---- openssl-1.0.0d.orig/tools/c_rehash.in 2011-04-13 20:41:28.000000000 +0000
> -+++ openssl-1.0.0d/tools/c_rehash.in 2011-04-13 20:41:28.000000000 +0000
> -@@ -86,6 +86,7 @@
> - }
> +--- openssl-1.0.2~beta3.orig/tools/c_rehash.in
> ++++ openssl-1.0.2~beta3/tools/c_rehash.in
> +@@ -8,8 +8,6 @@ my $prefix;
> +
> + my $openssl = $ENV{OPENSSL} || "openssl";
> + my $pwd;
> +-my $x509hash = "-subject_hash";
> +-my $crlhash = "-hash";
> + my $verbose = 0;
> + my $symlink_exists=eval {symlink("",""); 1};
> + my $removelinks = 1;
> +@@ -18,10 +16,7 @@ my $removelinks = 1;
> + while ( $ARGV[0] =~ '-.*' ) {
> + my $flag = shift @ARGV;
> + last if ( $flag eq '--');
> +- if ( $flag =~ /-old/) {
> +- $x509hash = "-subject_hash_old";
> +- $crlhash = "-hash_old";
> +- } elsif ( $flag =~ /-h/) {
> ++ if ( $flag =~ /-h/) {
> + help();
> + } elsif ( $flag eq '-n' ) {
> + $removelinks = 0;
> +@@ -113,7 +108,9 @@ sub hash_dir {
> + next;
> }
> link_hash_cert($fname) if($cert);
> + link_hash_cert_old($fname) if($cert);
> link_hash_crl($fname) if($crl);
> ++ link_hash_crl_old($fname) if($crl);
> }
> }
> -@@ -119,8 +120,9 @@
> +
> +@@ -146,6 +143,7 @@ sub check_file {
>
> sub link_hash_cert {
> my $fname = $_[0];
> -+ my $hashopt = $_[1] || '-subject_hash';
> ++ my $x509hash = $_[1] || '-subject_hash';
> $fname =~ s/'/'\\''/g;
> -- my ($hash, $fprint) = `"$openssl" x509 -hash -fingerprint -noout -in "$fname"`;
> -+ my ($hash, $fprint) = `"$openssl" x509 $hashopt -fingerprint -noout -in "$fname"`;
> + my ($hash, $fprint) = `"$openssl" x509 $x509hash -fingerprint -noout -in "$fname"`;
> chomp $hash;
> - chomp $fprint;
> - $fprint =~ s/^.*=//;
> -@@ -150,6 +152,10 @@
> +@@ -177,10 +175,20 @@ sub link_hash_cert {
> $hashlist{$hash} = $fprint;
> }
>
> @@ -40,6 +60,16 @@ Index: openssl-1.0.0d/tools/c_rehash.in
> + link_hash_cert($_[0], '-subject_hash_old');
> +}
> +
> ++sub link_hash_crl_old {
> ++ link_hash_crl($_[0], '-hash_old');
> ++}
> ++
> ++
> # Same as above except for a CRL. CRL links are of the form <hash>.r<n>
>
> sub link_hash_crl {
> + my $fname = $_[0];
> ++ my $crlhash = $_[1] || "-hash";
> + $fname =~ s/'/'\\''/g;
> + my ($hash, $fprint) = `"$openssl" crl $crlhash -fingerprint -noout -in '$fname'`;
> + chomp $hash;
> diff --git a/meta/recipes-connectivity/openssl/openssl/debian/debian-targets.patch b/meta/recipes-connectivity/openssl/openssl/debian/debian-targets.patch
> index 8101edf..39d4328 100644
> --- a/meta/recipes-connectivity/openssl/openssl/debian/debian-targets.patch
> +++ b/meta/recipes-connectivity/openssl/openssl/debian/debian-targets.patch
> @@ -1,12 +1,12 @@
> Upstream-Status: Backport [debian]
>
> -Index: openssl-1.0.1/Configure
> +Index: openssl-1.0.2/Configure
> ===================================================================
> ---- openssl-1.0.1.orig/Configure 2012-03-17 15:37:54.000000000 +0000
> -+++ openssl-1.0.1/Configure 2012-03-17 16:13:49.000000000 +0000
> -@@ -105,6 +105,10 @@
> +--- openssl-1.0.2.orig/Configure
> ++++ openssl-1.0.2/Configure
> +@@ -107,6 +107,10 @@ my $gcc_devteam_warn = "-Wall -pedantic
>
> - my $gcc_devteam_warn = "-Wall -pedantic -DPEDANTIC -Wno-long-long -Wsign-compare -Wmissing-prototypes -Wshadow -Wformat -Werror -DCRYPTO_MDEBUG_ALL -DCRYPTO_MDEBUG_ABORT -DREF_CHECK -DOPENSSL_NO_DEPRECATED";
> + my $clang_disabled_warnings = "-Wno-language-extension-token -Wno-extended-offsetof -Wno-padded -Wno-shorten-64-to-32 -Wno-format-nonliteral -Wno-missing-noreturn -Wno-unused-parameter -Wno-sign-conversion -Wno-unreachable-code -Wno-conversion -Wno-documentation -Wno-missing-variable-declarations -Wno-cast-align -Wno-incompatible-pointer-types-discards-qualifiers -Wno-missing-variable-declarations -Wno-missing-field-initializers -Wno-unused-macros -Wno-disabled-macro-expansion -Wno-conditional-uninitialized -Wno-switch-enum";
>
> +# There are no separate CFLAGS/CPPFLAGS/LDFLAGS, set everything in CFLAGS
> +my $debian_cflags = `dpkg-buildflags --get CFLAGS` . `dpkg-buildflags --get CPPFLAGS` . `dpkg-buildflags --get LDFLAGS` . "-Wa,--noexecstack -Wall";
> @@ -15,7 +15,7 @@ Index: openssl-1.0.1/Configure
> my $strict_warnings = 0;
>
> my $x86_gcc_des="DES_PTR DES_RISC1 DES_UNROLL";
> -@@ -338,6 +342,48 @@
> +@@ -343,6 +347,55 @@ my %table=(
> "osf1-alpha-cc", "cc:-std1 -tune host -O4 -readonly_strings::(unknown):::SIXTY_FOUR_BIT_LONG RC4_CHUNK:${alpha_asm}:dlfcn:alpha-osf1-shared:::.so",
> "tru64-alpha-cc", "cc:-std1 -tune host -fast -readonly_strings::-pthread:::SIXTY_FOUR_BIT_LONG RC4_CHUNK:${alpha_asm}:dlfcn:alpha-osf1-shared::-msym:.so",
>
> @@ -23,9 +23,9 @@ Index: openssl-1.0.1/Configure
> +"debian-alpha","gcc:-DTERMIO ${debian_cflags}::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_RISC1 DES_UNROLL:${alpha_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
> +"debian-alpha-ev4","gcc:-DTERMIO ${debian_cflags} -mcpu=ev4::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_RISC1 DES_UNROLL:${alpha_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
> +"debian-alpha-ev5","gcc:-DTERMIO ${debian_cflags} -mcpu=ev5::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_RISC1 DES_UNROLL:${alpha_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
> -+"debian-armeb","gcc:-DB_ENDIAN -DTERMIO ${debian_cflags}::-D_REENTRANT::-ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_INT DES_UNROLL BF_PTR:${no_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
> -+"debian-armel","gcc:-DL_ENDIAN -DTERMIO ${debian_cflags}::-D_REENTRANT::-ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_INT DES_UNROLL BF_PTR:${no_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
> -+"debian-armhf","gcc:-DL_ENDIAN -DTERMIO ${debian_cflags}::-D_REENTRANT::-ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_INT DES_UNROLL BF_PTR:${no_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
> ++"debian-arm64","gcc:-DL_ENDIAN -DTERMIO ${debian_cflags}::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHAR RC4_CHUNK DES_INT DES_UNROLL BF_PTR:${no_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
> ++"debian-armel","gcc:-DL_ENDIAN -DTERMIO ${debian_cflags}::-D_REENTRANT::-ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_INT DES_UNROLL BF_PTR:${armv4_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
> ++"debian-armhf","gcc:-DL_ENDIAN -DTERMIO ${debian_cflags}::-D_REENTRANT::-ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_INT DES_UNROLL BF_PTR:${armv4_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
> +"debian-amd64", "gcc:-m64 -DL_ENDIAN -DTERMIO ${debian_cflags} -DMD32_REG_T=int::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_INT DES_UNROLL:${x86_64_asm}:elf:dlfcn:linux-shared:-fPIC:-m64:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR):::",
> +"debian-avr32", "gcc:-DB_ENDIAN -DTERMIO ${debian_cflags} -fomit-frame-pointer::-D_REENTRANT::-ldl:BN_LLONG_BF_PTR:${no_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
> +"debian-kfreebsd-amd64","gcc:-m64 -DL_ENDIAN -DTERMIOS ${debian_cflags} -DMD32_REG_T=int::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_INT DES_UNROLL:${x86_64_asm}:elf:dlfcn:linux-shared:-fPIC:-m64:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
> @@ -40,15 +40,21 @@ Index: openssl-1.0.1/Configure
> +"debian-m68k","gcc:-DB_ENDIAN -DTERMIO ${debian_cflags}::-D_REENTRANT::-ldl:BN_LLONG MD2_CHAR RC4_INDEX:${no_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
> +"debian-mips", "gcc:-DB_ENDIAN -DTERMIO ${debian_cflags}::-D_REENTRANT::-ldl:BN_LLONG RC2_CHAR RC4_INDEX DES_INT DES_UNROLL DES_RISC2:${no_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
> +"debian-mipsel", "gcc:-DL_ENDIAN -DTERMIO ${debian_cflags}::-D_REENTRANT::-ldl:BN_LLONG RC2_CHAR RC4_INDEX DES_INT DES_UNROLL DES_RISC2:${no_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
> ++"debian-mipsn32", "mips64-linux-gnuabin32-gcc:-DB_ENDIAN -DTERMIO ${debian_cflags}::-D_REENTRANT::-ldl:BN_LLONG RC2_CHAR RC4_INDEX DES_INT DES_UNROLL DES_RISC2:${no_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
> ++"debian-mipsn32el", "mips64el-linux-gnuabin32-gcc:-DL_ENDIAN -DTERMIO ${debian_cflags}::-D_REENTRANT::-ldl:BN_LLONG RC2_CHAR RC4_INDEX DES_INT DES_UNROLL DES_RISC2:${no_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
> ++"debian-mips64", "mips64-linux-gnuabi64-gcc:-DB_ENDIAN -DTERMIO ${debian_cflags}::-D_REENTRANT::-ldl:BN_LLONG RC2_CHAR RC4_INDEX DES_INT DES_UNROLL DES_RISC2:${no_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
> ++"debian-mips64el", "mips64el-linux-gnuabi64-gcc:-DL_ENDIAN -DTERMIO ${debian_cflags}::-D_REENTRANT::-ldl:BN_LLONG RC2_CHAR RC4_INDEX DES_INT DES_UNROLL DES_RISC2:${no_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
> +"debian-netbsd-i386", "gcc:-DL_ENDIAN -DTERMIOS ${debian_cflags} -m486::(unknown):::BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${no_asm}:dlfcn:bsd-gcc-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
> +"debian-netbsd-m68k", "gcc:-DB_ENDIAN -DTERMIOS ${debian_cflags}::(unknown):::BN_LLONG MD2_CHAR RC4_INDEX DES_UNROLL:${no_asm}:dlfcn:bsd-gcc-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
> +"debian-netbsd-sparc", "gcc:-DB_ENDIAN -DTERMIOS ${debian_cflags} -mv8::(unknown):::BN_LLONG MD2_CHAR RC4_INDEX DES_UNROLL:${no_asm}:dlfcn:bsd-gcc-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
> +"debian-openbsd-alpha","gcc:-DTERMIOS ${debian_cflags}::(unknown):::SIXTY_FOUR_BIT_LONG DES_INT DES_PTR DES_RISC2:${no_asm}:dlfcn:bsd-gcc-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
> +"debian-openbsd-i386", "gcc:-DL_ENDIAN -DTERMIOS ${debian_cflags} -m486::(unknown):::BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_asm}:a.out:dlfcn:bsd-gcc-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
> +"debian-openbsd-mips","gcc:-DL_ENDIAN ${debian_cflags}::(unknown)::BN_LLONG MD2_CHAR RC4_INDEX RC4_CHAR DES_UNROLL DES_RISC2 DES_PTR BF_PTR:${no_asm}:dlfcn:bsd-gcc-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
> ++"debian-or1k", "gcc:-DB_ENDIAN -DTERMIO ${debian_cflags}::-D_REENTRANT::-ldl:BN_LLONG DES_RISC1:${no_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
> +"debian-powerpc","gcc:-DB_ENDIAN -DTERMIO ${debian_cflags}::-D_REENTRANT::-ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_RISC1 DES_UNROLL:${ppc32_asm}:linux32:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
> +"debian-powerpcspe","gcc:-DB_ENDIAN -DTERMIO ${debian_cflags}::-D_REENTRANT::-ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_RISC1 DES_UNROLL:${ppc32_asm}:linux32:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
> +"debian-ppc64","gcc:-m64 -DB_ENDIAN -DTERMIO ${debian_cflags}::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHAR RC4_CHUNK DES_RISC1 DES_UNROLL:${ppc64_asm}:linux64:dlfcn:linux-shared:-fPIC:-m64:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
> ++"debian-ppc64el","gcc:-m64 -DL_ENDIAN -DTERMIO ${debian_cflags}::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHAR RC4_CHUNK DES_RISC1 DES_UNROLL:${ppc64_asm}:linux64le:dlfcn:linux-shared:-fPIC:-m64:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
> +"debian-s390","gcc:-DB_ENDIAN -DTERMIO ${debian_cflags}::-D_REENTRANT::-ldl:RC4_CHAR RC4_CHUNK DES_INT DES_UNROLL:${no_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
> +"debian-s390x","gcc:-DB_ENDIAN -DTERMIO ${debian_cflags}::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHAR RC4_CHUNK DES_INT DES_UNROLL:${no_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
> +"debian-sh3", "gcc:-DL_ENDIAN -DTERMIO ${debian_cflags}::-D_REENTRANT::-ldl:BN_LLONG:${no_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
> @@ -60,6 +66,7 @@ Index: openssl-1.0.1/Configure
> +"debian-sparc-v8","gcc:-DB_ENDIAN -DTERMIO ${debian_cflags} -mcpu=v8 -DBN_DIV2W::-D_REENTRANT::-ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_UNROLL BF_PTR:${sparcv8_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
> +"debian-sparc-v9","gcc:-DB_ENDIAN -DTERMIO ${debian_cflags} -mcpu=v9 -Wa,-Av8plus -DULTRASPARC -DBN_DIV2W::-D_REENTRANT::-ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_UNROLL BF_PTR:${sparcv9_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
> +"debian-sparc64","gcc:-m64 -DB_ENDIAN -DTERMIO ${debian_cflags} -DULTRASPARC -DBN_DIV2W::-D_REENTRANT::-ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_INT DES_PTR DES_RISC1 DES_UNROLL BF_PTR:${sparcv9_asm}:dlfcn:linux-shared:-fPIC:-m64:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
> ++"debian-x32","gcc:-mx32 -DL_ENDIAN -DTERMIO ${debian_cflags} -DMD32_REG_T=int::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT RC4_CHUNK DES_INT DES_UNROLL:${x86_64_asm}:elf:dlfcn:linux-shared:-fPIC:-mx32:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR):::x32",
> +
> ####
> #### Variety of LINUX:-)
> diff --git a/meta/recipes-connectivity/openssl/openssl/debian/version-script.patch b/meta/recipes-connectivity/openssl/openssl/debian/version-script.patch
> index ece8b9b..a249180 100644
> --- a/meta/recipes-connectivity/openssl/openssl/debian/version-script.patch
> +++ b/meta/recipes-connectivity/openssl/openssl/debian/version-script.patch
> @@ -1,10 +1,8 @@
> -Upstream-Status: Backport [debian]
> -
> -Index: openssl-1.0.1d/Configure
> +Index: openssl-1.0.2~beta1.obsolete.0.0498436515490575/Configure
> ===================================================================
> ---- openssl-1.0.1d.orig/Configure 2013-02-06 19:41:43.000000000 +0100
> -+++ openssl-1.0.1d/Configure 2013-02-06 19:41:43.000000000 +0100
> -@@ -1621,6 +1621,8 @@
> +--- openssl-1.0.2~beta1.obsolete.0.0498436515490575.orig/Configure 2014-02-24 21:02:30.000000000 +0100
> ++++ openssl-1.0.2~beta1.obsolete.0.0498436515490575/Configure 2014-02-24 21:02:30.000000000 +0100
> +@@ -1651,6 +1651,8 @@
> }
> }
>
> @@ -13,11 +11,11 @@ Index: openssl-1.0.1d/Configure
> open(IN,'<Makefile.org') || die "unable to read Makefile.org:$!\n";
> unlink("$Makefile.new") || die "unable to remove old $Makefile.new:$!\n" if -e "$Makefile.new";
> open(OUT,">$Makefile.new") || die "unable to create $Makefile.new:$!\n";
> -Index: openssl-1.0.1d/openssl.ld
> +Index: openssl-1.0.2~beta1.obsolete.0.0498436515490575/openssl.ld
> ===================================================================
> --- /dev/null 1970-01-01 00:00:00.000000000 +0000
> -+++ openssl-1.0.1d/openssl.ld 2013-02-06 19:44:25.000000000 +0100
> -@@ -0,0 +1,4620 @@
> ++++ openssl-1.0.2~beta1.obsolete.0.0498436515490575/openssl.ld 2014-02-24 22:19:08.601827266 +0100
> +@@ -0,0 +1,4615 @@
> +OPENSSL_1.0.0 {
> + global:
> + BIO_f_ssl;
> @@ -2229,20 +2227,16 @@ Index: openssl-1.0.1d/openssl.ld
> + ERR_load_COMP_strings;
> + PKCS12_item_decrypt_d2i;
> + ASN1_UTF8STRING_it;
> -+ ASN1_UTF8STRING_it;
> + ENGINE_unregister_ciphers;
> + ENGINE_get_ciphers;
> + d2i_OCSP_BASICRESP;
> + KRB5_CHECKSUM_it;
> -+ KRB5_CHECKSUM_it;
> + EC_POINT_add;
> + ASN1_item_ex_i2d;
> + OCSP_CERTID_it;
> -+ OCSP_CERTID_it;
> + d2i_OCSP_RESPBYTES;
> + X509V3_add1_i2d;
> + PKCS7_ENVELOPE_it;
> -+ PKCS7_ENVELOPE_it;
> + UI_add_input_boolean;
> + ENGINE_unregister_RSA;
> + X509V3_EXT_nconf;
> @@ -2254,19 +2248,15 @@ Index: openssl-1.0.1d/openssl.ld
> + ENGINE_register_all_RAND;
> + ENGINE_load_dynamic;
> + PBKDF2PARAM_it;
> -+ PBKDF2PARAM_it;
> + EXTENDED_KEY_USAGE_new;
> + EC_GROUP_clear_free;
> + OCSP_sendreq_bio;
> + ASN1_item_digest;
> + OCSP_BASICRESP_delete_ext;
> + OCSP_SIGNATURE_it;
> -+ OCSP_SIGNATURE_it;
> -+ X509_CRL_it;
> + X509_CRL_it;
> + OCSP_BASICRESP_add_ext;
> + KRB5_ENCKEY_it;
> -+ KRB5_ENCKEY_it;
> + UI_method_set_closer;
> + X509_STORE_set_purpose;
> + i2d_ASN1_GENERALSTRING;
> @@ -2277,7 +2267,6 @@ Index: openssl-1.0.1d/openssl.ld
> + OCSP_REQUEST_get_ext_by_OBJ;
> + _ossl_old_des_random_key;
> + ASN1_T61STRING_it;
> -+ ASN1_T61STRING_it;
> + EC_GROUP_method_of;
> + i2d_KRB5_APREQ;
> + _ossl_old_des_encrypt;
> @@ -2293,7 +2282,6 @@ Index: openssl-1.0.1d/openssl.ld
> + OCSP_SINGLERESP_get_ext_count;
> + UI_ctrl;
> + _shadow_DES_rw_mode;
> -+ _shadow_DES_rw_mode;
> + asn1_do_adb;
> + ASN1_template_i2d;
> + ENGINE_register_DH;
> @@ -2307,8 +2295,6 @@ Index: openssl-1.0.1d/openssl.ld
> + KRB5_ENCKEY_free;
> + OCSP_resp_get0;
> + GENERAL_NAME_it;
> -+ GENERAL_NAME_it;
> -+ ASN1_GENERALIZEDTIME_it;
> + ASN1_GENERALIZEDTIME_it;
> + X509_STORE_set_flags;
> + EC_POINT_set_compressed_coordinates_GFp;
> @@ -2330,21 +2316,18 @@ Index: openssl-1.0.1d/openssl.ld
> + EC_POINT_set_affine_coords_GFp;
> + _ossl_old_des_options;
> + SXNET_it;
> -+ SXNET_it;
> + UI_dup_input_boolean;
> + PKCS12_add_CSPName_asc;
> + EC_POINT_is_at_infinity;
> + ENGINE_load_cryptodev;
> + DSO_convert_filename;
> + POLICYQUALINFO_it;
> -+ POLICYQUALINFO_it;
> + ENGINE_register_ciphers;
> + BN_mod_lshift_quick;
> + DSO_set_filename;
> + ASN1_item_free;
> + KRB5_TKTBODY_free;
> + AUTHORITY_KEYID_it;
> -+ AUTHORITY_KEYID_it;
> + KRB5_APREQBODY_new;
> + X509V3_EXT_REQ_add_nconf;
> + ENGINE_ctrl_cmd_string;
> @@ -2352,19 +2335,15 @@ Index: openssl-1.0.1d/openssl.ld
> + EVP_MD_CTX_init;
> + EXTENDED_KEY_USAGE_free;
> + PKCS7_ATTR_SIGN_it;
> -+ PKCS7_ATTR_SIGN_it;
> + UI_add_error_string;
> + KRB5_CHECKSUM_free;
> + OCSP_REQUEST_get_ext;
> + ENGINE_load_ubsec;
> + ENGINE_register_all_digests;
> + PKEY_USAGE_PERIOD_it;
> -+ PKEY_USAGE_PERIOD_it;
> + PKCS12_unpack_authsafes;
> + ASN1_item_unpack;
> + NETSCAPE_SPKAC_it;
> -+ NETSCAPE_SPKAC_it;
> -+ X509_REVOKED_it;
> + X509_REVOKED_it;
> + ASN1_STRING_encode;
> + EVP_aes_128_ecb;
> @@ -2376,7 +2355,6 @@ Index: openssl-1.0.1d/openssl.ld
> + UI_dup_info_string;
> + _ossl_old_des_xwhite_in2out;
> + PKCS12_it;
> -+ PKCS12_it;
> + OCSP_SINGLERESP_get_ext_by_critical;
> + OCSP_SINGLERESP_get_ext_by_crit;
> + OCSP_CERTSTATUS_free;
> @@ -2395,10 +2373,8 @@ Index: openssl-1.0.1d/openssl.ld
> + ENGINE_unregister_DSA;
> + _ossl_old_des_key_sched;
> + X509_EXTENSION_it;
> -+ X509_EXTENSION_it;
> + i2d_KRB5_AUTHENT;
> + SXNETID_it;
> -+ SXNETID_it;
> + d2i_OCSP_SINGLERESP;
> + EDIPARTYNAME_new;
> + PKCS12_certbag2x509;
> @@ -2409,10 +2385,8 @@ Index: openssl-1.0.1d/openssl.ld
> + d2i_KRB5_APREQBODY;
> + UI_method_get_flusher;
> + X509_PUBKEY_it;
> -+ X509_PUBKEY_it;
> + _ossl_old_des_enc_read;
> + PKCS7_ENCRYPT_it;
> -+ PKCS7_ENCRYPT_it;
> + i2d_OCSP_RESPONSE;
> + EC_GROUP_get_cofactor;
> + PKCS12_unpack_p7data;
> @@ -2430,10 +2404,8 @@ Index: openssl-1.0.1d/openssl.ld
> + PKCS12_item_i2d_encrypt;
> + X509_add1_ext_i2d;
> + PKCS7_SIGNER_INFO_it;
> -+ PKCS7_SIGNER_INFO_it;
> + KRB5_PRINCNAME_new;
> + PKCS12_SAFEBAG_it;
> -+ PKCS12_SAFEBAG_it;
> + EC_GROUP_get_order;
> + d2i_OCSP_RESPID;
> + OCSP_request_verify;
> @@ -2448,42 +2420,32 @@ Index: openssl-1.0.1d/openssl.ld
> + EVP_MD_CTX_create;
> + OCSP_resp_find_status;
> + X509_ALGOR_it;
> -+ X509_ALGOR_it;
> -+ ASN1_TIME_it;
> + ASN1_TIME_it;
> + OCSP_request_set1_name;
> + OCSP_ONEREQ_get_ext_count;
> + UI_get0_result;
> + PKCS12_AUTHSAFES_it;
> -+ PKCS12_AUTHSAFES_it;
> + EVP_aes_256_ecb;
> + PKCS12_pack_authsafes;
> + ASN1_IA5STRING_it;
> -+ ASN1_IA5STRING_it;
> + UI_get_input_flags;
> + EC_GROUP_set_generator;
> + _ossl_old_des_string_to_2keys;
> + OCSP_CERTID_free;
> + X509_CERT_AUX_it;
> -+ X509_CERT_AUX_it;
> -+ CERTIFICATEPOLICIES_it;
> + CERTIFICATEPOLICIES_it;
> + _ossl_old_des_ede3_cbc_encrypt;
> + RAND_set_rand_engine;
> + DSO_get_loaded_filename;
> + X509_ATTRIBUTE_it;
> -+ X509_ATTRIBUTE_it;
> + OCSP_ONEREQ_get_ext_by_NID;
> + PKCS12_decrypt_skey;
> + KRB5_AUTHENT_it;
> -+ KRB5_AUTHENT_it;
> + UI_dup_error_string;
> + RSAPublicKey_it;
> -+ RSAPublicKey_it;
> + i2d_OCSP_REQUEST;
> + PKCS12_x509crl2certbag;
> + OCSP_SERVICELOC_it;
> -+ OCSP_SERVICELOC_it;
> + ASN1_item_sign;
> + X509_CRL_set_issuer_name;
> + OBJ_NAME_do_all_sorted;
> @@ -2494,30 +2456,23 @@ Index: openssl-1.0.1d/openssl.ld
> + ENGINE_get_digest;
> + OCSP_RESPONSE_print;
> + KRB5_TKTBODY_it;
> -+ KRB5_TKTBODY_it;
> + ACCESS_DESCRIPTION_it;
> -+ ACCESS_DESCRIPTION_it;
> -+ PKCS7_ISSUER_AND_SERIAL_it;
> + PKCS7_ISSUER_AND_SERIAL_it;
> + PBE2PARAM_it;
> -+ PBE2PARAM_it;
> + PKCS12_certbag2x509crl;
> + PKCS7_SIGNED_it;
> -+ PKCS7_SIGNED_it;
> + ENGINE_get_cipher;
> + i2d_OCSP_CRLID;
> + OCSP_SINGLERESP_new;
> + ENGINE_cmd_is_executable;
> + RSA_up_ref;
> + ASN1_GENERALSTRING_it;
> -+ ASN1_GENERALSTRING_it;
> + ENGINE_register_DSA;
> + X509V3_EXT_add_nconf_sk;
> + ENGINE_set_load_pubkey_function;
> + PKCS8_decrypt;
> + PEM_bytes_read_bio;
> + DIRECTORYSTRING_it;
> -+ DIRECTORYSTRING_it;
> + d2i_OCSP_CRLID;
> + EC_POINT_is_on_curve;
> + CRYPTO_set_locked_mem_ex_functions;
> @@ -2525,7 +2480,6 @@ Index: openssl-1.0.1d/openssl.ld
> + d2i_KRB5_CHECKSUM;
> + ASN1_item_dup;
> + X509_it;
> -+ X509_it;
> + BN_mod_add;
> + KRB5_AUTHDATA_free;
> + _ossl_old_des_cbc_cksum;
> @@ -2534,7 +2488,6 @@ Index: openssl-1.0.1d/openssl.ld
> + EC_POINT_get_Jprojective_coordinates_GFp;
> + EC_POINT_get_Jproj_coords_GFp;
> + ZLONG_it;
> -+ ZLONG_it;
> + CRYPTO_get_locked_mem_ex_functions;
> + CRYPTO_get_locked_mem_ex_funcs;
> + ASN1_TIME_check;
> @@ -2544,41 +2497,30 @@ Index: openssl-1.0.1d/openssl.ld
> + _ossl_old_des_ede3_cfb64_encrypt;
> + _ossl_odes_ede3_cfb64_encrypt;
> + ASN1_BMPSTRING_it;
> -+ ASN1_BMPSTRING_it;
> + ASN1_tag2bit;
> + UI_method_set_flusher;
> + X509_ocspid_print;
> + KRB5_ENCDATA_it;
> -+ KRB5_ENCDATA_it;
> + ENGINE_get_load_pubkey_function;
> + UI_add_user_data;
> + OCSP_REQUEST_delete_ext;
> + UI_get_method;
> + OCSP_ONEREQ_free;
> + ASN1_PRINTABLESTRING_it;
> -+ ASN1_PRINTABLESTRING_it;
> + X509_CRL_set_nextUpdate;
> + OCSP_REQUEST_it;
> -+ OCSP_REQUEST_it;
> -+ OCSP_BASICRESP_it;
> + OCSP_BASICRESP_it;
> + AES_ecb_encrypt;
> + BN_mod_sqr;
> + NETSCAPE_CERT_SEQUENCE_it;
> -+ NETSCAPE_CERT_SEQUENCE_it;
> -+ GENERAL_NAMES_it;
> + GENERAL_NAMES_it;
> + AUTHORITY_INFO_ACCESS_it;
> -+ AUTHORITY_INFO_ACCESS_it;
> -+ ASN1_FBOOLEAN_it;
> + ASN1_FBOOLEAN_it;
> + UI_set_ex_data;
> + _ossl_old_des_string_to_key;
> + ENGINE_register_all_RSA;
> + d2i_KRB5_PRINCNAME;
> + OCSP_RESPBYTES_it;
> -+ OCSP_RESPBYTES_it;
> -+ X509_CINF_it;
> + X509_CINF_it;
> + ENGINE_unregister_digests;
> + d2i_EDIPARTYNAME;
> @@ -2588,7 +2530,6 @@ Index: openssl-1.0.1d/openssl.ld
> + OCSP_RESPDATA_free;
> + d2i_KRB5_TICKET;
> + OTHERNAME_it;
> -+ OTHERNAME_it;
> + EVP_MD_CTX_cleanup;
> + d2i_ASN1_GENERALSTRING;
> + X509_CRL_set_version;
> @@ -2598,7 +2539,6 @@ Index: openssl-1.0.1d/openssl.ld
> + OCSP_REQUEST_free;
> + OCSP_REQUEST_add1_ext_i2d;
> + X509_VAL_it;
> -+ X509_VAL_it;
> + EC_POINTs_make_affine;
> + EC_POINT_mul;
> + X509V3_EXT_add_nconf;
> @@ -2606,7 +2546,6 @@ Index: openssl-1.0.1d/openssl.ld
> + X509_CRL_add1_ext_i2d;
> + _ossl_old_des_fcrypt;
> + DISPLAYTEXT_it;
> -+ DISPLAYTEXT_it;
> + X509_CRL_set_lastUpdate;
> + OCSP_BASICRESP_free;
> + OCSP_BASICRESP_add1_ext_i2d;
> @@ -2619,7 +2558,6 @@ Index: openssl-1.0.1d/openssl.ld
> + UI_get0_result_string;
> + ASN1_GENERALSTRING_new;
> + X509_SIG_it;
> -+ X509_SIG_it;
> + ERR_set_implementation;
> + ERR_load_EC_strings;
> + UI_get0_action_string;
> @@ -2634,35 +2572,27 @@ Index: openssl-1.0.1d/openssl.ld
> + OCSP_ONEREQ_get_ext_by_OBJ;
> + ASN1_primitive_new;
> + ASN1_PRINTABLE_it;
> -+ ASN1_PRINTABLE_it;
> + EVP_aes_192_ecb;
> + OCSP_SIGNATURE_new;
> + LONG_it;
> -+ LONG_it;
> -+ ASN1_VISIBLESTRING_it;
> + ASN1_VISIBLESTRING_it;
> + OCSP_SINGLERESP_add1_ext_i2d;
> + d2i_OCSP_CERTID;
> + ASN1_item_d2i_fp;
> + CRL_DIST_POINTS_it;
> -+ CRL_DIST_POINTS_it;
> + GENERAL_NAME_print;
> + OCSP_SINGLERESP_delete_ext;
> + PKCS12_SAFEBAGS_it;
> -+ PKCS12_SAFEBAGS_it;
> + d2i_OCSP_SIGNATURE;
> + OCSP_request_add1_nonce;
> + ENGINE_set_cmd_defns;
> + OCSP_SERVICELOC_free;
> + EC_GROUP_free;
> + ASN1_BIT_STRING_it;
> -+ ASN1_BIT_STRING_it;
> -+ X509_REQ_it;
> + X509_REQ_it;
> + _ossl_old_des_cbc_encrypt;
> + ERR_unload_strings;
> + PKCS7_SIGN_ENVELOPE_it;
> -+ PKCS7_SIGN_ENVELOPE_it;
> + EDIPARTYNAME_free;
> + OCSP_REQINFO_free;
> + EC_GROUP_new_curve_GFp;
> @@ -2687,7 +2617,6 @@ Index: openssl-1.0.1d/openssl.ld
> + OCSP_CRLID_free;
> + OCSP_BASICRESP_get1_ext_d2i;
> + RSAPrivateKey_it;
> -+ RSAPrivateKey_it;
> + ENGINE_register_all_DH;
> + i2d_EDIPARTYNAME;
> + EC_POINT_get_affine_coordinates_GFp;
> @@ -2695,10 +2624,8 @@ Index: openssl-1.0.1d/openssl.ld
> + OCSP_CRLID_new;
> + ENGINE_get_flags;
> + OCSP_ONEREQ_it;
> -+ OCSP_ONEREQ_it;
> + UI_process;
> + ASN1_INTEGER_it;
> -+ ASN1_INTEGER_it;
> + EVP_CipherInit_ex;
> + UI_get_string_type;
> + ENGINE_unregister_DH;
> @@ -2707,7 +2634,6 @@ Index: openssl-1.0.1d/openssl.ld
> + bn_dup_expand;
> + OCSP_cert_id_new;
> + BASIC_CONSTRAINTS_it;
> -+ BASIC_CONSTRAINTS_it;
> + BN_mod_add_quick;
> + EC_POINT_new;
> + EVP_MD_CTX_destroy;
> @@ -2717,7 +2643,6 @@ Index: openssl-1.0.1d/openssl.ld
> + EC_POINT_free;
> + DH_up_ref;
> + X509_NAME_ENTRY_it;
> -+ X509_NAME_ENTRY_it;
> + UI_get_ex_new_index;
> + BN_mod_sub_quick;
> + OCSP_ONEREQ_add_ext;
> @@ -2730,7 +2655,6 @@ Index: openssl-1.0.1d/openssl.ld
> + ENGINE_register_complete;
> + X509V3_EXT_nconf_nid;
> + ASN1_SEQUENCE_it;
> -+ ASN1_SEQUENCE_it;
> + UI_set_default_method;
> + RAND_query_egd_bytes;
> + UI_method_get_writer;
> @@ -2738,8 +2662,6 @@ Index: openssl-1.0.1d/openssl.ld
> + PEM_def_callback;
> + ENGINE_cleanup;
> + DIST_POINT_it;
> -+ DIST_POINT_it;
> -+ OCSP_SINGLERESP_it;
> + OCSP_SINGLERESP_it;
> + d2i_KRB5_TKTBODY;
> + EC_POINT_cmp;
> @@ -2758,24 +2680,20 @@ Index: openssl-1.0.1d/openssl.ld
> + OCSP_cert_to_id;
> + OCSP_RESPID_new;
> + OCSP_RESPDATA_it;
> -+ OCSP_RESPDATA_it;
> + d2i_OCSP_RESPDATA;
> + ENGINE_register_all_complete;
> + OCSP_check_validity;
> + PKCS12_BAGS_it;
> -+ PKCS12_BAGS_it;
> + OCSP_url_svcloc_new;
> + ASN1_template_free;
> + OCSP_SINGLERESP_add_ext;
> + KRB5_AUTHENTBODY_it;
> -+ KRB5_AUTHENTBODY_it;
> + X509_supported_extension;
> + i2d_KRB5_AUTHDATA;
> + UI_method_get_opener;
> + ENGINE_set_ex_data;
> + OCSP_REQUEST_print;
> + CBIGNUM_it;
> -+ CBIGNUM_it;
> + KRB5_TICKET_new;
> + KRB5_APREQ_new;
> + EC_GROUP_get_curve_GFp;
> @@ -2785,27 +2703,20 @@ Index: openssl-1.0.1d/openssl.ld
> + OCSP_single_get0_status;
> + BN_swap;
> + POLICYINFO_it;
> -+ POLICYINFO_it;
> + ENGINE_set_destroy_function;
> + asn1_enc_free;
> + OCSP_RESPID_it;
> -+ OCSP_RESPID_it;
> + EC_GROUP_new;
> + EVP_aes_256_cbc;
> + i2d_KRB5_PRINCNAME;
> + _ossl_old_des_encrypt2;
> + _ossl_old_des_encrypt3;
> + PKCS8_PRIV_KEY_INFO_it;
> -+ PKCS8_PRIV_KEY_INFO_it;
> -+ OCSP_REQINFO_it;
> + OCSP_REQINFO_it;
> + PBEPARAM_it;
> -+ PBEPARAM_it;
> + KRB5_AUTHENTBODY_new;
> + X509_CRL_add0_revoked;
> + EDIPARTYNAME_it;
> -+ EDIPARTYNAME_it;
> -+ NETSCAPE_SPKI_it;
> + NETSCAPE_SPKI_it;
> + UI_get0_test_string;
> + ENGINE_get_cipher_engine;
> @@ -2817,14 +2728,12 @@ Index: openssl-1.0.1d/openssl.ld
> + UI_method_get_reader;
> + OCSP_BASICRESP_get_ext_count;
> + ASN1_ENUMERATED_it;
> -+ ASN1_ENUMERATED_it;
> + UI_set_result;
> + i2d_KRB5_TICKET;
> + X509_print_ex_fp;
> + EVP_CIPHER_CTX_set_padding;
> + d2i_OCSP_RESPONSE;
> + ASN1_UTCTIME_it;
> -+ ASN1_UTCTIME_it;
> + _ossl_old_des_enc_write;
> + OCSP_RESPONSE_new;
> + AES_set_encrypt_key;
> @@ -2834,14 +2743,11 @@ Index: openssl-1.0.1d/openssl.ld
> + OCSP_onereq_get0_id;
> + ENGINE_set_default_ciphers;
> + NOTICEREF_it;
> -+ NOTICEREF_it;
> + X509V3_EXT_CRL_add_nconf;
> + OCSP_REVOKEDINFO_it;
> -+ OCSP_REVOKEDINFO_it;
> + AES_encrypt;
> + OCSP_REQUEST_new;
> + ASN1_ANY_it;
> -+ ASN1_ANY_it;
> + CRYPTO_ex_data_new_class;
> + _ossl_old_des_ncbc_encrypt;
> + i2d_KRB5_TKTBODY;
> @@ -2864,19 +2770,15 @@ Index: openssl-1.0.1d/openssl.ld
> + ENGINE_load_nuron;
> + _ossl_old_des_pcbc_encrypt;
> + PKCS12_MAC_DATA_it;
> -+ PKCS12_MAC_DATA_it;
> + OCSP_accept_responses_new;
> + asn1_do_lock;
> + PKCS7_ATTR_VERIFY_it;
> -+ PKCS7_ATTR_VERIFY_it;
> -+ KRB5_APREQBODY_it;
> + KRB5_APREQBODY_it;
> + i2d_OCSP_SINGLERESP;
> + ASN1_item_ex_new;
> + UI_add_verify_string;
> + _ossl_old_des_set_key;
> + KRB5_PRINCNAME_it;
> -+ KRB5_PRINCNAME_it;
> + EVP_DecryptInit_ex;
> + i2d_OCSP_CERTID;
> + ASN1_item_d2i_bio;
> @@ -2890,20 +2792,17 @@ Index: openssl-1.0.1d/openssl.ld
> + OCSP_BASICRESP_new;
> + OCSP_REQUEST_get_ext_by_NID;
> + KRB5_APREQ_it;
> -+ KRB5_APREQ_it;
> + ENGINE_get_destroy_function;
> + CONF_set_nconf;
> + ASN1_PRINTABLE_free;
> + OCSP_BASICRESP_get_ext_by_NID;
> + DIST_POINT_NAME_it;
> -+ DIST_POINT_NAME_it;
> + X509V3_extensions_print;
> + _ossl_old_des_cfb64_encrypt;
> + X509_REVOKED_add1_ext_i2d;
> + _ossl_old_des_ofb_encrypt;
> + KRB5_TKTBODY_new;
> + ASN1_OCTET_STRING_it;
> -+ ASN1_OCTET_STRING_it;
> + ERR_load_UI_strings;
> + i2d_KRB5_ENCKEY;
> + ASN1_template_new;
> @@ -2911,8 +2810,6 @@ Index: openssl-1.0.1d/openssl.ld
> + ASN1_item_i2d_fp;
> + KRB5_PRINCNAME_free;
> + PKCS7_RECIP_INFO_it;
> -+ PKCS7_RECIP_INFO_it;
> -+ EXTENDED_KEY_USAGE_it;
> + EXTENDED_KEY_USAGE_it;
> + EC_GFp_simple_method;
> + EC_GROUP_precompute_mult;
> @@ -2920,42 +2817,33 @@ Index: openssl-1.0.1d/openssl.ld
> + UI_method_set_writer;
> + KRB5_AUTHENT_new;
> + X509_CRL_INFO_it;
> -+ X509_CRL_INFO_it;
> + DSO_set_name_converter;
> + AES_set_decrypt_key;
> + PKCS7_DIGEST_it;
> -+ PKCS7_DIGEST_it;
> + PKCS12_x5092certbag;
> + EVP_DigestInit_ex;
> + i2a_ACCESS_DESCRIPTION;
> + OCSP_RESPONSE_it;
> -+ OCSP_RESPONSE_it;
> -+ PKCS7_ENC_CONTENT_it;
> + PKCS7_ENC_CONTENT_it;
> + OCSP_request_add0_id;
> + EC_POINT_make_affine;
> + DSO_get_filename;
> + OCSP_CERTSTATUS_it;
> -+ OCSP_CERTSTATUS_it;
> + OCSP_request_add1_cert;
> + UI_get0_output_string;
> + UI_dup_verify_string;
> + BN_mod_lshift;
> + KRB5_AUTHDATA_it;
> -+ KRB5_AUTHDATA_it;
> + asn1_set_choice_selector;
> + OCSP_basic_add1_status;
> + OCSP_RESPID_free;
> + asn1_get_field_ptr;
> + UI_add_input_string;
> + OCSP_CRLID_it;
> -+ OCSP_CRLID_it;
> + i2d_KRB5_AUTHENTBODY;
> + OCSP_REQUEST_get_ext_count;
> + ENGINE_load_atalla;
> + X509_NAME_it;
> -+ X509_NAME_it;
> -+ USERNOTICE_it;
> + USERNOTICE_it;
> + OCSP_REQINFO_new;
> + OCSP_BASICRESP_get_ext;
> @@ -2965,33 +2853,27 @@ Index: openssl-1.0.1d/openssl.ld
> + i2d_KRB5_ENCDATA;
> + X509_PURPOSE_set;
> + X509_REQ_INFO_it;
> -+ X509_REQ_INFO_it;
> + UI_method_set_opener;
> + ASN1_item_ex_free;
> + ASN1_BOOLEAN_it;
> -+ ASN1_BOOLEAN_it;
> + ENGINE_get_table_flags;
> + UI_create_method;
> + OCSP_ONEREQ_add1_ext_i2d;
> + _shadow_DES_check_key;
> -+ _shadow_DES_check_key;
> + d2i_OCSP_REQINFO;
> + UI_add_info_string;
> + UI_get_result_minsize;
> + ASN1_NULL_it;
> -+ ASN1_NULL_it;
> + BN_mod_lshift1;
> + d2i_OCSP_ONEREQ;
> + OCSP_ONEREQ_new;
> + KRB5_TICKET_it;
> -+ KRB5_TICKET_it;
> + EVP_aes_192_cbc;
> + KRB5_TICKET_free;
> + UI_new;
> + OCSP_response_create;
> + _ossl_old_des_xcbc_encrypt;
> + PKCS7_it;
> -+ PKCS7_it;
> + OCSP_REQUEST_get_ext_by_critical;
> + OCSP_REQUEST_get_ext_by_crit;
> + ENGINE_set_flags;
> @@ -3000,11 +2882,9 @@ Index: openssl-1.0.1d/openssl.ld
> + EVP_Digest;
> + OCSP_ONEREQ_delete_ext;
> + ASN1_TBOOLEAN_it;
> -+ ASN1_TBOOLEAN_it;
> + ASN1_item_new;
> + ASN1_TIME_to_generalizedtime;
> + BIGNUM_it;
> -+ BIGNUM_it;
> + AES_cbc_encrypt;
> + ENGINE_get_load_privkey_function;
> + ENGINE_get_load_privkey_fn;
> @@ -3016,7 +2896,6 @@ Index: openssl-1.0.1d/openssl.ld
> + EC_POINT_point2oct;
> + KRB5_APREQ_free;
> + ASN1_OBJECT_it;
> -+ ASN1_OBJECT_it;
> + OCSP_crlID_new;
> + OCSP_crlID2_new;
> + CONF_modules_load_file;
> @@ -3074,7 +2953,6 @@ Index: openssl-1.0.1d/openssl.ld
> + i2d_ASN1_UNIVERSALSTRING;
> + ASN1_UNIVERSALSTRING_free;
> + ASN1_UNIVERSALSTRING_it;
> -+ ASN1_UNIVERSALSTRING_it;
> + d2i_ASN1_UNIVERSALSTRING;
> + EVP_des_ede3_ecb;
> + X509_REQ_print_ex;
> @@ -3130,14 +3008,12 @@ Index: openssl-1.0.1d/openssl.ld
> + HMAC_CTX_set_flags;
> + d2i_PROXY_CERT_INFO_EXTENSION;
> + PROXY_POLICY_it;
> -+ PROXY_POLICY_it;
> + i2d_PROXY_POLICY;
> + i2d_PROXY_CERT_INFO_EXTENSION;
> + d2i_PROXY_POLICY;
> + PROXY_CERT_INFO_EXTENSION_new;
> + PROXY_CERT_INFO_EXTENSION_free;
> + PROXY_CERT_INFO_EXTENSION_it;
> -+ PROXY_CERT_INFO_EXTENSION_it;
> + PROXY_POLICY_free;
> + PROXY_POLICY_new;
> + BN_MONT_CTX_set_locked;
> @@ -3174,7 +3050,6 @@ Index: openssl-1.0.1d/openssl.ld
> + BN_BLINDING_get_thread_id;
> + X509_STORE_CTX_set0_param;
> + POLICY_MAPPING_it;
> -+ POLICY_MAPPING_it;
> + STORE_parse_attrs_start;
> + POLICY_CONSTRAINTS_free;
> + EVP_PKEY_add1_attr_by_NID;
> @@ -3183,7 +3058,6 @@ Index: openssl-1.0.1d/openssl.ld
> + STORE_set_method;
> + GENERAL_SUBTREE_free;
> + NAME_CONSTRAINTS_it;
> -+ NAME_CONSTRAINTS_it;
> + ECDH_get_default_method;
> + PKCS12_add_safe;
> + EC_KEY_new_by_curve_name;
> @@ -3226,7 +3100,6 @@ Index: openssl-1.0.1d/openssl.ld
> + ENGINE_get_default_ECDH;
> + EC_KEY_get_conv_form;
> + ASN1_OCTET_STRING_NDEF_it;
> -+ ASN1_OCTET_STRING_NDEF_it;
> + STORE_delete_public_key;
> + STORE_get_public_key;
> + STORE_modify_arbitrary;
> @@ -3383,7 +3256,6 @@ Index: openssl-1.0.1d/openssl.ld
> + ENGINE_load_padlock;
> + EC_GROUP_set_curve_name;
> + X509_CERT_PAIR_it;
> -+ X509_CERT_PAIR_it;
> + STORE_meth_get_revoke_fn;
> + STORE_method_get_revoke_function;
> + STORE_method_set_get_function;
> @@ -3510,7 +3382,6 @@ Index: openssl-1.0.1d/openssl.ld
> + pqueue_pop;
> + STORE_ATTR_INFO_get0_cstr;
> + POLICY_CONSTRAINTS_it;
> -+ POLICY_CONSTRAINTS_it;
> + STORE_get_ex_new_index;
> + EVP_PKEY_get_attr_by_OBJ;
> + X509_VERIFY_PARAM_add0_policy;
> @@ -3558,8 +3429,6 @@ Index: openssl-1.0.1d/openssl.ld
> + STORE_modify_crl;
> + STORE_list_private_key_start;
> + POLICY_MAPPINGS_it;
> -+ POLICY_MAPPINGS_it;
> -+ GENERAL_SUBTREE_it;
> + GENERAL_SUBTREE_it;
> + EC_GROUP_get_curve_name;
> + PEM_write_X509_CERT_PAIR;
> @@ -3692,15 +3561,12 @@ Index: openssl-1.0.1d/openssl.ld
> + BIO_set_callback_arg;
> + v3_addr_add_prefix;
> + IPAddressOrRange_it;
> -+ IPAddressOrRange_it;
> + BIO_set_flags;
> + ASIdentifiers_it;
> -+ ASIdentifiers_it;
> + v3_addr_get_range;
> + BIO_method_type;
> + v3_addr_inherits;
> + IPAddressChoice_it;
> -+ IPAddressChoice_it;
> + AES_ige_encrypt;
> + v3_addr_add_range;
> + EVP_CIPHER_CTX_nid;
> @@ -3721,7 +3587,6 @@ Index: openssl-1.0.1d/openssl.ld
> + BIO_clear_flags;
> + i2d_ASRange;
> + IPAddressRange_it;
> -+ IPAddressRange_it;
> + IPAddressChoice_new;
> + ASIdentifierChoice_new;
> + ASRange_free;
> @@ -3742,7 +3607,6 @@ Index: openssl-1.0.1d/openssl.ld
> + BIO_test_flags;
> + i2d_ASIdentifierChoice;
> + ASRange_it;
> -+ ASRange_it;
> + d2i_ASIdentifiers;
> + ASRange_new;
> + d2i_IPAddressChoice;
> @@ -3751,7 +3615,6 @@ Index: openssl-1.0.1d/openssl.ld
> + EVP_Cipher;
> + i2d_IPAddressOrRange;
> + ASIdOrRange_it;
> -+ ASIdOrRange_it;
> + EVP_CIPHER_nid;
> + i2d_IPAddressChoice;
> + EVP_CIPHER_CTX_block_size;
> @@ -3762,7 +3625,6 @@ Index: openssl-1.0.1d/openssl.ld
> + v3_addr_is_canonical;
> + i2d_IPAddressRange;
> + IPAddressFamily_it;
> -+ IPAddressFamily_it;
> + v3_asid_inherits;
> + EVP_CIPHER_CTX_cipher;
> + EVP_CIPHER_CTX_get_app_data;
> @@ -3772,7 +3634,6 @@ Index: openssl-1.0.1d/openssl.ld
> + d2i_IPAddressOrRange;
> + v3_addr_canonize;
> + ASIdentifierChoice_it;
> -+ ASIdentifierChoice_it;
> + EVP_MD_CTX_md;
> + d2i_ASIdentifierChoice;
> + BIO_method_name;
> @@ -3795,7 +3656,6 @@ Index: openssl-1.0.1d/openssl.ld
> + SEED_set_key;
> + EVP_seed_cfb128;
> + X509_EXTENSIONS_it;
> -+ X509_EXTENSIONS_it;
> + X509_get1_ocsp;
> + OCSP_REQ_CTX_free;
> + i2d_X509_EXTENSIONS;
> @@ -3803,7 +3663,6 @@ Index: openssl-1.0.1d/openssl.ld
> + OCSP_sendreq_new;
> + d2i_X509_EXTENSIONS;
> + X509_ALGORS_it;
> -+ X509_ALGORS_it;
> + X509_ALGOR_get0;
> + X509_ALGOR_set0;
> + AES_unwrap_key;
> @@ -3848,7 +3707,6 @@ Index: openssl-1.0.1d/openssl.ld
> + CMS_SignerInfo_verify;
> + CMS_data;
> + CMS_ContentInfo_it;
> -+ CMS_ContentInfo_it;
> + d2i_CMS_ReceiptRequest;
> + CMS_compress;
> + CMS_digest_create;
> @@ -3893,7 +3751,6 @@ Index: openssl-1.0.1d/openssl.ld
> + CMS_RecipientInfo_kekri_get0_id;
> + CMS_verify_receipt;
> + CMS_ReceiptRequest_it;
> -+ CMS_ReceiptRequest_it;
> + PEM_read_bio_CMS;
> + CMS_get1_crls;
> + CMS_add0_recipient_key;
> @@ -4032,7 +3889,6 @@ Index: openssl-1.0.1d/openssl.ld
> + TS_REQ_dup;
> + GENERAL_NAME_dup;
> + ASN1_SEQUENCE_ANY_it;
> -+ ASN1_SEQUENCE_ANY_it;
> + WHIRLPOOL;
> + X509_STORE_get1_crls;
> + ENGINE_get_pkey_asn1_meth;
> @@ -4103,7 +3959,6 @@ Index: openssl-1.0.1d/openssl.ld
> + DIST_POINT_set_dpname;
> + i2d_ISSUING_DIST_POINT;
> + ASN1_SET_ANY_it;
> -+ ASN1_SET_ANY_it;
> + EVP_PKEY_CTX_get_data;
> + TS_STATUS_INFO_print_bio;
> + EVP_PKEY_derive_init;
> @@ -4263,7 +4118,6 @@ Index: openssl-1.0.1d/openssl.ld
> + EVP_DigestSignFinal;
> + TS_RESP_CTX_set_def_policy;
> + NETSCAPE_X509_it;
> -+ NETSCAPE_X509_it;
> + TS_RESP_create_response;
> + PKCS7_SIGNER_INFO_get0_algs;
> + TS_TST_INFO_get_nonce;
> @@ -4322,7 +4176,6 @@ Index: openssl-1.0.1d/openssl.ld
> + EVP_CIPHER_do_all_sorted;
> + EVP_PKEY_CTX_free;
> + ISSUING_DIST_POINT_it;
> -+ ISSUING_DIST_POINT_it;
> + d2i_TS_MSG_IMPRINT_fp;
> + X509_STORE_get1_certs;
> + EVP_PKEY_CTX_get_operation;
> @@ -4615,7 +4468,6 @@ Index: openssl-1.0.1d/openssl.ld
> + X509_signature_dump;
> + d2i_RSA_PSS_PARAMS;
> + RSA_PSS_PARAMS_it;
> -+ RSA_PSS_PARAMS_it;
> + RSA_PSS_PARAMS_free;
> + X509_sign_ctx;
> + i2d_RSA_PSS_PARAMS;
> @@ -4638,10 +4490,151 @@ Index: openssl-1.0.1d/openssl.ld
> + CRYPTO_memcmp;
> +} OPENSSL_1.0.1;
> +
> -Index: openssl-1.0.1d/engines/openssl.ld
> ++OPENSSL_1.0.2 {
> ++ global:
> ++ SSL_CTX_set_alpn_protos;
> ++ SSL_set_alpn_protos;
> ++ SSL_CTX_set_alpn_select_cb;
> ++ SSL_get0_alpn_selected;
> ++ SSL_CTX_set_custom_cli_ext;
> ++ SSL_CTX_set_custom_srv_ext;
> ++ SSL_CTX_set_srv_supp_data;
> ++ SSL_CTX_set_cli_supp_data;
> ++ SSL_set_cert_cb;
> ++ SSL_CTX_use_serverinfo;
> ++ SSL_CTX_use_serverinfo_file;
> ++ SSL_CTX_set_cert_cb;
> ++ SSL_CTX_get0_param;
> ++ SSL_get0_param;
> ++ SSL_certs_clear;
> ++ DTLSv1_2_method;
> ++ DTLSv1_2_server_method;
> ++ DTLSv1_2_client_method;
> ++ DTLS_method;
> ++ DTLS_server_method;
> ++ DTLS_client_method;
> ++ SSL_CTX_get_ssl_method;
> ++ SSL_CTX_get0_certificate;
> ++ SSL_CTX_get0_privatekey;
> ++ SSL_COMP_set0_compression_methods;
> ++ SSL_COMP_free_compression_methods;
> ++ SSL_CIPHER_find;
> ++ SSL_is_server;
> ++ SSL_CONF_CTX_new;
> ++ SSL_CONF_CTX_finish;
> ++ SSL_CONF_CTX_free;
> ++ SSL_CONF_CTX_set_flags;
> ++ SSL_CONF_CTX_clear_flags;
> ++ SSL_CONF_CTX_set1_prefix;
> ++ SSL_CONF_CTX_set_ssl;
> ++ SSL_CONF_CTX_set_ssl_ctx;
> ++ SSL_CONF_cmd;
> ++ SSL_CONF_cmd_argv;
> ++ SSL_CONF_cmd_value_type;
> ++ SSL_trace;
> ++ SSL_CIPHER_standard_name;
> ++ SSL_get_tlsa_record_byname;
> ++ ASN1_TIME_diff;
> ++ BIO_hex_string;
> ++ CMS_RecipientInfo_get0_pkey_ctx;
> ++ CMS_RecipientInfo_encrypt;
> ++ CMS_SignerInfo_get0_pkey_ctx;
> ++ CMS_SignerInfo_get0_md_ctx;
> ++ CMS_SignerInfo_get0_signature;
> ++ CMS_RecipientInfo_kari_get0_alg;
> ++ CMS_RecipientInfo_kari_get0_reks;
> ++ CMS_RecipientInfo_kari_get0_orig_id;
> ++ CMS_RecipientInfo_kari_orig_id_cmp;
> ++ CMS_RecipientEncryptedKey_get0_id;
> ++ CMS_RecipientEncryptedKey_cert_cmp;
> ++ CMS_RecipientInfo_kari_set0_pkey;
> ++ CMS_RecipientInfo_kari_get0_ctx;
> ++ CMS_RecipientInfo_kari_decrypt;
> ++ CMS_SharedInfo_encode;
> ++ DH_compute_key_padded;
> ++ d2i_DHxparams;
> ++ i2d_DHxparams;
> ++ DH_get_1024_160;
> ++ DH_get_2048_224;
> ++ DH_get_2048_256;
> ++ DH_KDF_X9_42;
> ++ ECDH_KDF_X9_62;
> ++ ECDSA_METHOD_new;
> ++ ECDSA_METHOD_free;
> ++ ECDSA_METHOD_set_app_data;
> ++ ECDSA_METHOD_get_app_data;
> ++ ECDSA_METHOD_set_sign;
> ++ ECDSA_METHOD_set_sign_setup;
> ++ ECDSA_METHOD_set_verify;
> ++ ECDSA_METHOD_set_flags;
> ++ ECDSA_METHOD_set_name;
> ++ EVP_des_ede3_wrap;
> ++ EVP_aes_128_wrap;
> ++ EVP_aes_192_wrap;
> ++ EVP_aes_256_wrap;
> ++ EVP_aes_128_cbc_hmac_sha256;
> ++ EVP_aes_256_cbc_hmac_sha256;
> ++ CRYPTO_128_wrap;
> ++ CRYPTO_128_unwrap;
> ++ OCSP_REQ_CTX_nbio;
> ++ OCSP_REQ_CTX_new;
> ++ OCSP_set_max_response_length;
> ++ OCSP_REQ_CTX_i2d;
> ++ OCSP_REQ_CTX_nbio_d2i;
> ++ OCSP_REQ_CTX_get0_mem_bio;
> ++ OCSP_REQ_CTX_http;
> ++ RSA_padding_add_PKCS1_OAEP_mgf1;
> ++ RSA_padding_check_PKCS1_OAEP_mgf1;
> ++ RSA_OAEP_PARAMS_free;
> ++ RSA_OAEP_PARAMS_it;
> ++ RSA_OAEP_PARAMS_new;
> ++ SSL_get_sigalgs;
> ++ SSL_get_shared_sigalgs;
> ++ SSL_check_chain;
> ++ X509_chain_up_ref;
> ++ X509_http_nbio;
> ++ X509_CRL_http_nbio;
> ++ X509_REVOKED_dup;
> ++ i2d_re_X509_tbs;
> ++ X509_get0_signature;
> ++ X509_get_signature_nid;
> ++ X509_CRL_diff;
> ++ X509_chain_check_suiteb;
> ++ X509_CRL_check_suiteb;
> ++ X509_check_host;
> ++ X509_check_email;
> ++ X509_check_ip;
> ++ X509_check_ip_asc;
> ++ X509_STORE_set_lookup_crls_cb;
> ++ X509_STORE_CTX_get0_store;
> ++ X509_VERIFY_PARAM_set1_host;
> ++ X509_VERIFY_PARAM_add1_host;
> ++ X509_VERIFY_PARAM_set_hostflags;
> ++ X509_VERIFY_PARAM_get0_peername;
> ++ X509_VERIFY_PARAM_set1_email;
> ++ X509_VERIFY_PARAM_set1_ip;
> ++ X509_VERIFY_PARAM_set1_ip_asc;
> ++ X509_VERIFY_PARAM_get0_name;
> ++ X509_VERIFY_PARAM_get_count;
> ++ X509_VERIFY_PARAM_get0;
> ++ X509V3_EXT_free;
> ++ EC_GROUP_get_mont_data;
> ++ EC_curve_nid2nist;
> ++ EC_curve_nist2nid;
> ++ PEM_write_bio_DHxparams;
> ++ PEM_write_DHxparams;
> ++ SSL_CTX_add_client_custom_ext;
> ++ SSL_CTX_add_server_custom_ext;
> ++ SSL_extension_supported;
> ++ BUF_strnlen;
> ++ sk_deep_copy;
> ++ SSL_test_functions;
> ++} OPENSSL_1.0.1d;
> ++
> +Index: openssl-1.0.2~beta1.obsolete.0.0498436515490575/engines/openssl.ld
> ===================================================================
> --- /dev/null 1970-01-01 00:00:00.000000000 +0000
> -+++ openssl-1.0.1d/engines/openssl.ld 2013-02-06 19:41:43.000000000 +0100
> ++++ openssl-1.0.2~beta1.obsolete.0.0498436515490575/engines/openssl.ld 2014-02-24 21:02:30.000000000 +0100
> @@ -0,0 +1,10 @@
> +OPENSSL_1.0.0 {
> + global:
> @@ -4653,10 +4646,10 @@ Index: openssl-1.0.1d/engines/openssl.ld
> + *;
> +};
> +
> -Index: openssl-1.0.1d/engines/ccgost/openssl.ld
> +Index: openssl-1.0.2~beta1.obsolete.0.0498436515490575/engines/ccgost/openssl.ld
> ===================================================================
> --- /dev/null 1970-01-01 00:00:00.000000000 +0000
> -+++ openssl-1.0.1d/engines/ccgost/openssl.ld 2013-02-06 19:41:43.000000000 +0100
> ++++ openssl-1.0.2~beta1.obsolete.0.0498436515490575/engines/ccgost/openssl.ld 2014-02-24 21:02:30.000000000 +0100
> @@ -0,0 +1,10 @@
> +OPENSSL_1.0.0 {
> + global:
> diff --git a/meta/recipes-connectivity/openssl/openssl/debian1.0.2/block_digicert_malaysia.patch b/meta/recipes-connectivity/openssl/openssl/debian1.0.2/block_digicert_malaysia.patch
> new file mode 100644
> index 0000000..c43bcd1
> --- /dev/null
> +++ b/meta/recipes-connectivity/openssl/openssl/debian1.0.2/block_digicert_malaysia.patch
> @@ -0,0 +1,29 @@
> +From: Raphael Geissert <geissert@debian.org>
> +Description: make X509_verify_cert indicate that any certificate whose
> + name contains "Digicert Sdn. Bhd." (from Malaysia) is revoked.
> +Forwarded: not-needed
> +Origin: vendor
> +Last-Update: 2011-11-05
> +
> +Upstream-Status: Backport [debian]
> +
> +
> +Index: openssl-1.0.2~beta1/crypto/x509/x509_vfy.c
> +===================================================================
> +--- openssl-1.0.2~beta1.orig/crypto/x509/x509_vfy.c 2014-02-25 00:16:12.488028844 +0100
> ++++ openssl-1.0.2~beta1/crypto/x509/x509_vfy.c 2014-02-25 00:16:12.484028929 +0100
> +@@ -964,10 +964,11 @@
> + for (i = sk_X509_num(ctx->chain) - 1; i >= 0; i--)
> + {
> + x = sk_X509_value(ctx->chain, i);
> +- /* Mark DigiNotar certificates as revoked, no matter
> +- * where in the chain they are.
> ++ /* Mark certificates containing the following names as
> ++ * revoked, no matter where in the chain they are.
> + */
> +- if (x->name && strstr(x->name, "DigiNotar"))
> ++ if (x->name && (strstr(x->name, "DigiNotar") ||
> ++ strstr(x->name, "Digicert Sdn. Bhd.")))
> + {
> + ctx->error = X509_V_ERR_CERT_REVOKED;
> + ctx->error_depth = i;
> diff --git a/meta/recipes-connectivity/openssl/openssl/debian1.0.2/block_diginotar.patch b/meta/recipes-connectivity/openssl/openssl/debian1.0.2/block_diginotar.patch
> new file mode 100644
> index 0000000..0c1a0b6
> --- /dev/null
> +++ b/meta/recipes-connectivity/openssl/openssl/debian1.0.2/block_diginotar.patch
> @@ -0,0 +1,67 @@
> +From: Raphael Geissert <geissert@debian.org>
> +Description: make X509_verify_cert indicate that any certificate whose
> + name contains "DigiNotar" is revoked.
> +Forwarded: not-needed
> +Origin: vendor
> +Last-Update: 2011-09-08
> +Bug: http://bugs.debian.org/639744
> +Reviewed-by: Kurt Roeckx <kurt@roeckx.be>
> +Reviewed-by: Dr Stephen N Henson <shenson@drh-consultancy.co.uk>
> +
> +This is not meant as final patch.
> +
> +Upstream-Status: Backport [debian]
> +
> +
> +Index: openssl-1.0.2/crypto/x509/x509_vfy.c
> +===================================================================
> +--- openssl-1.0.2.orig/crypto/x509/x509_vfy.c
> ++++ openssl-1.0.2/crypto/x509/x509_vfy.c
> +@@ -119,6 +119,7 @@ static int check_trust(X509_STORE_CTX *c
> + static int check_revocation(X509_STORE_CTX *ctx);
> + static int check_cert(X509_STORE_CTX *ctx);
> + static int check_policy(X509_STORE_CTX *ctx);
> ++static int check_ca_blacklist(X509_STORE_CTX *ctx);
> +
> + static int get_crl_score(X509_STORE_CTX *ctx, X509 **pissuer,
> + unsigned int *preasons, X509_CRL *crl, X509 *x);
> +@@ -438,6 +439,9 @@ int X509_verify_cert(X509_STORE_CTX *ctx
> + if (!ok)
> + goto end;
> +
> ++ ok = check_ca_blacklist(ctx);
> ++ if(!ok) goto end;
> ++
> + #ifndef OPENSSL_NO_RFC3779
> + /* RFC 3779 path validation, now that CRL check has been done */
> + ok = v3_asid_validate_path(ctx);
> +@@ -938,6 +942,29 @@ static int check_crl_time(X509_STORE_CTX
> + return 1;
> + }
> +
> ++static int check_ca_blacklist(X509_STORE_CTX *ctx)
> ++ {
> ++ X509 *x;
> ++ int i;
> ++ /* Check all certificates against the blacklist */
> ++ for (i = sk_X509_num(ctx->chain) - 1; i >= 0; i--)
> ++ {
> ++ x = sk_X509_value(ctx->chain, i);
> ++ /* Mark DigiNotar certificates as revoked, no matter
> ++ * where in the chain they are.
> ++ */
> ++ if (x->name && strstr(x->name, "DigiNotar"))
> ++ {
> ++ ctx->error = X509_V_ERR_CERT_REVOKED;
> ++ ctx->error_depth = i;
> ++ ctx->current_cert = x;
> ++ if (!ctx->verify_cb(0,ctx))
> ++ return 0;
> ++ }
> ++ }
> ++ return 1;
> ++ }
> ++
> + static int get_crl_sk(X509_STORE_CTX *ctx, X509_CRL **pcrl, X509_CRL **pdcrl,
> + X509 **pissuer, int *pscore, unsigned int *preasons,
> + STACK_OF(X509_CRL) *crls)
> diff --git a/meta/recipes-connectivity/openssl/openssl/debian1.0.2/padlock_conf.patch b/meta/recipes-connectivity/openssl/openssl/debian1.0.2/padlock_conf.patch
> new file mode 100644
> index 0000000..61dcf45
> --- /dev/null
> +++ b/meta/recipes-connectivity/openssl/openssl/debian1.0.2/padlock_conf.patch
> @@ -0,0 +1,31 @@
> +
> +Upstream-Status: Backport [debian]
> +
> +--- openssl/apps/openssl.cnf.orig 2012-06-06 00:45:56.000000000 +0200
> ++++ openssl/apps/openssl.cnf 2012-06-06 00:46:46.000000000 +0200
> +@@ -19,6 +19,8 @@
> + # (Alternatively, use a configuration file that has only
> + # X.509v3 extensions in its main [= default] section.)
> +
> ++openssl_conf = openssl_def
> ++
> + [ new_oids ]
> +
> + # We can add new OIDs in here for use by 'ca', 'req' and 'ts'.
> +@@ -348,3 +350,16 @@
> + # (optional, default: no)
> + ess_cert_id_chain = no # Must the ESS cert id chain be included?
> + # (optional, default: no)
> ++
> ++[openssl_def]
> ++engines = engine_section
> ++
> ++[engine_section]
> ++padlock = padlock_section
> ++
> ++[padlock_section]
> ++soft_load=1
> ++init=1
> ++default_algorithms = ALL
> ++dynamic_path=padlock
> ++
> diff --git a/meta/recipes-connectivity/openssl/openssl/engines-install-in-libdir-ssl.patch b/meta/recipes-connectivity/openssl/openssl/engines-install-in-libdir-ssl.patch
> index d8a6f1a..a574648 100644
> --- a/meta/recipes-connectivity/openssl/openssl/engines-install-in-libdir-ssl.patch
> +++ b/meta/recipes-connectivity/openssl/openssl/engines-install-in-libdir-ssl.patch
> @@ -1,11 +1,11 @@
> Upstream-Status: Inappropriate [configuration]
>
>
> -Index: openssl-1.0.0/engines/Makefile
> +Index: openssl-1.0.2/engines/Makefile
> ===================================================================
> ---- openssl-1.0.0.orig/engines/Makefile
> -+++ openssl-1.0.0/engines/Makefile
> -@@ -107,7 +107,7 @@
> +--- openssl-1.0.2.orig/engines/Makefile
> ++++ openssl-1.0.2/engines/Makefile
> +@@ -107,13 +107,13 @@ install:
> @[ -n "$(INSTALLTOP)" ] # should be set by top Makefile...
> @if [ -n "$(SHARED_LIBS)" ]; then \
> set -e; \
> @@ -14,16 +14,19 @@ Index: openssl-1.0.0/engines/Makefile
> for l in $(LIBNAMES); do \
> ( echo installing $$l; \
> pfx=lib; \
> -@@ -119,13 +119,13 @@
> + if expr "$(PLATFORM)" : "Cygwin" >/dev/null; then \
> + sfx=".so"; \
> +- cp cyg$$l.dll $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/engines/$$pfx$$l$$sfx.new; \
> ++ cp cyg$$l.dll $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/ssl/engines/$$pfx$$l$$sfx.new; \
> + else \
> + case "$(CFLAGS)" in \
> + *DSO_BEOS*) sfx=".so";; \
> +@@ -122,10 +122,10 @@ install:
> *DSO_WIN32*) sfx="eay32.dll"; pfx=;; \
> *) sfx=".bad";; \
> esac; \
> - cp $$pfx$$l$$sfx $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/engines/$$pfx$$l$$sfx.new; \
> + cp $$pfx$$l$$sfx $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/ssl/engines/$$pfx$$l$$sfx.new; \
> - else \
> - sfx=".so"; \
> -- cp cyg$$l.dll $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/engines/$$pfx$$l$$sfx.new; \
> -+ cp cyg$$l.dll $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/ssl/engines/$$pfx$$l$$sfx.new; \
> fi; \
> - chmod 555 $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/engines/$$pfx$$l$$sfx.new; \
> - mv -f $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/engines/$$pfx$$l$$sfx.new $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/engines/$$pfx$$l$$sfx ); \
> @@ -32,20 +35,25 @@ Index: openssl-1.0.0/engines/Makefile
> done; \
> fi
> @target=install; $(RECURSIVE_MAKE)
> -Index: openssl-1.0.0/engines/ccgost/Makefile
> +Index: openssl-1.0.2/engines/ccgost/Makefile
> ===================================================================
> ---- openssl-1.0.0.orig/engines/ccgost/Makefile
> -+++ openssl-1.0.0/engines/ccgost/Makefile
> -@@ -53,13 +53,13 @@
> +--- openssl-1.0.2.orig/engines/ccgost/Makefile
> ++++ openssl-1.0.2/engines/ccgost/Makefile
> +@@ -47,7 +47,7 @@ install:
> + pfx=lib; \
> + if expr "$(PLATFORM)" : "Cygwin" >/dev/null; then \
> + sfx=".so"; \
> +- cp cyg$(LIBNAME).dll $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/engines/$${pfx}$(LIBNAME)$$sfx.new; \
> ++ cp cyg$(LIBNAME).dll $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/ssl/engines/$${pfx}$(LIBNAME)$$sfx.new; \
> + else \
> + case "$(CFLAGS)" in \
> + *DSO_BEOS*) sfx=".so";; \
> +@@ -56,10 +56,10 @@ install:
> *DSO_WIN32*) sfx="eay32.dll"; pfx=;; \
> *) sfx=".bad";; \
> esac; \
> - cp $${pfx}$(LIBNAME)$$sfx $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/engines/$${pfx}$(LIBNAME)$$sfx.new; \
> + cp $${pfx}$(LIBNAME)$$sfx $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/ssl/engines/$${pfx}$(LIBNAME)$$sfx.new; \
> - else \
> - sfx=".so"; \
> -- cp cyg$(LIBNAME).dll $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/engines/$${pfx}$(LIBNAME)$$sfx.new; \
> -+ cp cyg$(LIBNAME).dll $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/ssl/engines/$${pfx}$(LIBNAME)$$sfx.new; \
> fi; \
> - chmod 555 $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/engines/$${pfx}$(LIBNAME)$$sfx.new; \
> - mv -f $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/engines/$${pfx}$(LIBNAME)$$sfx.new $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/engines/$${pfx}$(LIBNAME)$$sfx; \
> diff --git a/meta/recipes-connectivity/openssl/openssl/fix-cipher-des-ede3-cfb1.patch b/meta/recipes-connectivity/openssl/openssl/fix-cipher-des-ede3-cfb1.patch
> index f0e1778..06d1ea6 100644
> --- a/meta/recipes-connectivity/openssl/openssl/fix-cipher-des-ede3-cfb1.patch
> +++ b/meta/recipes-connectivity/openssl/openssl/fix-cipher-des-ede3-cfb1.patch
> @@ -6,17 +6,16 @@ http://rt.openssl.org/Ticket/Display.html?id=2867
>
> Signed-Off-By: Muhammad Shakeel <muhammad_shakeel@mentor.com>
>
> -diff --git a/crypto/evp/e_des3.c b/crypto/evp/e_des3.c
> -index 3232cfe..df84922 100644
> +Index: openssl-1.0.2/crypto/evp/e_des3.c
> ===================================================================
> ---- a/crypto/evp/e_des3.c
> -+++ b/crypto/evp/e_des3.c
> -@@ -173,7 +173,7 @@ static int des_ede3_cfb1_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
> +--- openssl-1.0.2.orig/crypto/evp/e_des3.c
> ++++ openssl-1.0.2/crypto/evp/e_des3.c
> +@@ -211,7 +211,7 @@ static int des_ede3_cfb1_cipher(EVP_CIPH
> size_t n;
> - unsigned char c[1],d[1];
> + unsigned char c[1], d[1];
>
> -- for(n=0 ; n < inl ; ++n)
> -+ for(n=0 ; n < inl*8 ; ++n)
> - {
> - c[0]=(in[n/8]&(1 << (7-n%8))) ? 0x80 : 0;
> - DES_ede3_cfb_encrypt(c,d,1,1,
> +- for (n = 0; n < inl; ++n) {
> ++ for (n = 0; n * 8 < inl; ++n) {
> + c[0] = (in[n / 8] & (1 << (7 - n % 8))) ? 0x80 : 0;
> + DES_ede3_cfb_encrypt(c, d, 1, 1,
> + &data(ctx)->ks1, &data(ctx)->ks2,
> diff --git a/meta/recipes-connectivity/openssl/openssl/initial-aarch64-bits.patch b/meta/recipes-connectivity/openssl/openssl/initial-aarch64-bits.patch
> deleted file mode 100644
> index 770097d..0000000
> --- a/meta/recipes-connectivity/openssl/openssl/initial-aarch64-bits.patch
> +++ /dev/null
> @@ -1,120 +0,0 @@
> -From: Andy Polyakov <appro@openssl.org>
> -Date: Sun, 13 Oct 2013 17:15:15 +0000 (+0200)
> -Subject: Initial aarch64 bits.
> -X-Git-Url: http://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff_plain;h=039081b80977e2a5de84e1f88f8b4d025b559956
> -
> -Initial aarch64 bits.
> -Upstream-Status: backport (will be included in 1.0.2)
> ----
> - crypto/bn/bn_lcl.h | 9 +++++++++
> - crypto/md32_common.h | 18 ++++++++++++++++++
> - crypto/modes/modes_lcl.h | 8 ++++++++
> - crypto/sha/sha512.c | 13 +++++++++++++
> - 4 files changed, 48 insertions(+)
> -
> -Index: openssl-1.0.1f/crypto/bn/bn_lcl.h
> -===================================================================
> ---- openssl-1.0.1f.orig/crypto/bn/bn_lcl.h 2014-01-06 15:47:42.000000000 +0200
> -+++ openssl-1.0.1f/crypto/bn/bn_lcl.h 2014-02-28 10:37:55.495979037 +0200
> -@@ -300,6 +300,15 @@
> - : "r"(a), "r"(b));
> - # endif
> - # endif
> -+# elif defined(__aarch64__) && defined(SIXTY_FOUR_BIT_LONG)
> -+# if defined(__GNUC__) && __GNUC__>=2
> -+# define BN_UMULT_HIGH(a,b) ({ \
> -+ register BN_ULONG ret; \
> -+ asm ("umulh %0,%1,%2" \
> -+ : "=r"(ret) \
> -+ : "r"(a), "r"(b)); \
> -+ ret; })
> -+# endif
> - # endif /* cpu */
> - #endif /* OPENSSL_NO_ASM */
> -
> -Index: openssl-1.0.1f/crypto/md32_common.h
> -===================================================================
> ---- openssl-1.0.1f.orig/crypto/md32_common.h 2014-01-06 15:47:42.000000000 +0200
> -+++ openssl-1.0.1f/crypto/md32_common.h 2014-02-28 10:39:21.751979107 +0200
> -@@ -213,6 +213,24 @@
> - asm ("bswapl %0":"=r"(r):"0"(r)); \
> - *((unsigned int *)(c))=r; (c)+=4; r; })
> - # endif
> -+# elif defined(__aarch64__)
> -+# if defined(__BYTE_ORDER__)
> -+# if defined(__ORDER_LITTLE_ENDIAN__) && __BYTE_ORDER__==__ORDER_LITTLE_ENDIAN__
> -+# define HOST_c2l(c,l) ({ unsigned int r; \
> -+ asm ("rev %w0,%w1" \
> -+ :"=r"(r) \
> -+ :"r"(*((const unsigned int *)(c))));\
> -+ (c)+=4; (l)=r; })
> -+# define HOST_l2c(l,c) ({ unsigned int r; \
> -+ asm ("rev %w0,%w1" \
> -+ :"=r"(r) \
> -+ :"r"((unsigned int)(l)));\
> -+ *((unsigned int *)(c))=r; (c)+=4; r; })
> -+# elif defined(__ORDER_BIG_ENDIAN__) && __BYTE_ORDER__==__ORDER_BIG_ENDIAN__
> -+# define HOST_c2l(c,l) ((l)=*((const unsigned int *)(c)), (c)+=4, (l))
> -+# define HOST_l2c(l,c) (*((unsigned int *)(c))=(l), (c)+=4, (l))
> -+# endif
> -+# endif
> - # endif
> - # endif
> - #endif
> -Index: openssl-1.0.1f/crypto/modes/modes_lcl.h
> -===================================================================
> ---- openssl-1.0.1f.orig/crypto/modes/modes_lcl.h 2014-02-28 10:47:48.731979011 +0200
> -+++ openssl-1.0.1f/crypto/modes/modes_lcl.h 2014-02-28 10:48:49.707978919 +0200
> -@@ -29,6 +29,7 @@
> - #if defined(__i386) || defined(__i386__) || \
> - defined(__x86_64) || defined(__x86_64__) || \
> - defined(_M_IX86) || defined(_M_AMD64) || defined(_M_X64) || \
> -+ defined(__aarch64__) || \
> - defined(__s390__) || defined(__s390x__)
> - # undef STRICT_ALIGNMENT
> - #endif
> -@@ -50,6 +51,13 @@
> - # define BSWAP4(x) ({ u32 ret=(x); \
> - asm ("bswapl %0" \
> - : "+r"(ret)); ret; })
> -+# elif defined(__aarch64__)
> -+# define BSWAP8(x) ({ u64 ret; \
> -+ asm ("rev %0,%1" \
> -+ : "=r"(ret) : "r"(x)); ret; })
> -+# define BSWAP4(x) ({ u32 ret; \
> -+ asm ("rev %w0,%w1" \
> -+ : "=r"(ret) : "r"(x)); ret; })
> - # elif (defined(__arm__) || defined(__arm)) && !defined(STRICT_ALIGNMENT)
> - # define BSWAP8(x) ({ u32 lo=(u64)(x)>>32,hi=(x); \
> - asm ("rev %0,%0; rev %1,%1" \
> -Index: openssl-1.0.1f/crypto/sha/sha512.c
> -===================================================================
> ---- openssl-1.0.1f.orig/crypto/sha/sha512.c 2014-01-06 15:47:42.000000000 +0200
> -+++ openssl-1.0.1f/crypto/sha/sha512.c 2014-02-28 10:52:14.579978981 +0200
> -@@ -55,6 +55,7 @@
> - #if defined(__i386) || defined(__i386__) || defined(_M_IX86) || \
> - defined(__x86_64) || defined(_M_AMD64) || defined(_M_X64) || \
> - defined(__s390__) || defined(__s390x__) || \
> -+ defined(__aarch64__) || \
> - defined(SHA512_ASM)
> - #define SHA512_BLOCK_CAN_MANAGE_UNALIGNED_DATA
> - #endif
> -@@ -347,6 +348,18 @@
> - asm ("rotrdi %0,%1,%2" \
> - : "=r"(ret) \
> - : "r"(a),"K"(n)); ret; })
> -+# elif defined(__aarch64__)
> -+# define ROTR(a,n) ({ SHA_LONG64 ret; \
> -+ asm ("ror %0,%1,%2" \
> -+ : "=r"(ret) \
> -+ : "r"(a),"I"(n)); ret; })
> -+# if defined(__BYTE_ORDER__) && defined(__ORDER_LITTLE_ENDIAN__) && \
> -+ __BYTE_ORDER__==__ORDER_LITTLE_ENDIAN__
> -+# define PULL64(x) ({ SHA_LONG64 ret; \
> -+ asm ("rev %0,%1" \
> -+ : "=r"(ret) \
> -+ : "r"(*((const SHA_LONG64 *)(&(x))))); ret; })
> -+# endif
> - # endif
> - # elif defined(_MSC_VER)
> - # if defined(_WIN64) /* applies to both IA-64 and AMD64 */
> diff --git a/meta/recipes-connectivity/openssl/openssl/openssl-avoid-NULL-pointer-dereference-in-EVP_DigestInit_ex.patch b/meta/recipes-connectivity/openssl/openssl/openssl-avoid-NULL-pointer-dereference-in-EVP_DigestInit_ex.patch
> index c161e62..cebc8cf 100644
> --- a/meta/recipes-connectivity/openssl/openssl/openssl-avoid-NULL-pointer-dereference-in-EVP_DigestInit_ex.patch
> +++ b/meta/recipes-connectivity/openssl/openssl/openssl-avoid-NULL-pointer-dereference-in-EVP_DigestInit_ex.patch
> @@ -8,14 +8,16 @@ http://www.mail-archive.com/openssl-dev@openssl.org/msg32860.html
>
> Signed-off-by: Xufeng Zhang <xufeng.zhang@windriver.com>
> ---
> ---- a/crypto/evp/digest.c
> -+++ b/crypto/evp/digest.c
> -@@ -199,7 +199,7 @@
> - return 0;
> - }
> +Index: openssl-1.0.2/crypto/evp/digest.c
> +===================================================================
> +--- openssl-1.0.2.orig/crypto/evp/digest.c
> ++++ openssl-1.0.2/crypto/evp/digest.c
> +@@ -208,7 +208,7 @@ int EVP_DigestInit_ex(EVP_MD_CTX *ctx, c
> + return 0;
> + }
> #endif
> -- if (ctx->digest != type)
> -+ if (type && (ctx->digest != type))
> - {
> - if (ctx->digest && ctx->digest->ctx_size)
> - OPENSSL_free(ctx->md_data);
> +- if (ctx->digest != type) {
> ++ if (type && (ctx->digest != type)) {
> + if (ctx->digest && ctx->digest->ctx_size)
> + OPENSSL_free(ctx->md_data);
> + ctx->digest = type;
> diff --git a/meta/recipes-connectivity/openssl/openssl/openssl-avoid-NULL-pointer-dereference-in-dh_pub_encode.patch b/meta/recipes-connectivity/openssl/openssl/openssl-avoid-NULL-pointer-dereference-in-dh_pub_encode.patch
> index 3e93fe4..d7047bb 100644
> --- a/meta/recipes-connectivity/openssl/openssl/openssl-avoid-NULL-pointer-dereference-in-dh_pub_encode.patch
> +++ b/meta/recipes-connectivity/openssl/openssl/openssl-avoid-NULL-pointer-dereference-in-dh_pub_encode.patch
> @@ -8,32 +8,19 @@ http://www.mail-archive.com/openssl-dev@openssl.org/msg32859.html
>
> Signed-off-by: Xufeng Zhang <xufeng.zhang@windriver.com>
> ---
> ---- a/crypto/dh/dh_ameth.c
> -+++ b/crypto/dh/dh_ameth.c
> -@@ -139,6 +139,12 @@
> - dh=pkey->pkey.dh;
> +Index: openssl-1.0.2/crypto/dh/dh_ameth.c
> +===================================================================
> +--- openssl-1.0.2.orig/crypto/dh/dh_ameth.c
> ++++ openssl-1.0.2/crypto/dh/dh_ameth.c
> +@@ -161,6 +161,11 @@ static int dh_pub_encode(X509_PUBKEY *pk
> + dh = pkey->pkey.dh;
>
> - str = ASN1_STRING_new();
> -+ if (!str)
> -+ {
> -+ DHerr(DH_F_DH_PUB_ENCODE, ERR_R_MALLOC_FAILURE);
> -+ goto err;
> -+ }
> + str = ASN1_STRING_new();
> ++ if (!str) {
> ++ DHerr(DH_F_DH_PUB_ENCODE, ERR_R_MALLOC_FAILURE);
> ++ goto err;
> ++ }
> +
> - str->length = i2d_DHparams(dh, &str->data);
> - if (str->length <= 0)
> - {
> ---- a/crypto/dsa/dsa_ameth.c
> -+++ b/crypto/dsa/dsa_ameth.c
> -@@ -148,6 +148,11 @@
> - {
> - ASN1_STRING *str;
> - str = ASN1_STRING_new();
> -+ if (!str)
> -+ {
> -+ DSAerr(DSA_F_DSA_PUB_ENCODE, ERR_R_MALLOC_FAILURE);
> -+ goto err;
> -+ }
> - str->length = i2d_DSAparams(dsa, &str->data);
> - if (str->length <= 0)
> - {
> + str->length = i2d_dhp(pkey, dh, &str->data);
> + if (str->length <= 0) {
> + DHerr(DH_F_DH_PUB_ENCODE, ERR_R_MALLOC_FAILURE);
> diff --git a/meta/recipes-connectivity/openssl/openssl/openssl_fix_for_x32.patch b/meta/recipes-connectivity/openssl/openssl/openssl_fix_for_x32.patch
> index 93ce034..cbce32c 100644
> --- a/meta/recipes-connectivity/openssl/openssl/openssl_fix_for_x32.patch
> +++ b/meta/recipes-connectivity/openssl/openssl/openssl_fix_for_x32.patch
> @@ -6,64 +6,13 @@ Signed-Off-By: Nitin A Kamble <nitin.a.kamble@intel.com> 2011/07/13
>
> ported the patch to the 1.0.0e version
> Signed-Off-By: Nitin A Kamble <nitin.a.kamble@intel.com> 2011/12/01
> -Index: openssl-1.0.1e/Configure
> +Index: openssl-1.0.2/crypto/bn/bn.h
> ===================================================================
> ---- openssl-1.0.1e.orig/Configure
> -+++ openssl-1.0.1e/Configure
> -@@ -402,6 +402,7 @@ my %table=(
> - "linux-ia64-ecc","ecc:-DL_ENDIAN -DTERMIO -O2 -Wall -no_cpprt::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_INT:${ia64_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
> - "linux-ia64-icc","icc:-DL_ENDIAN -DTERMIO -O2 -Wall -no_cpprt::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_RISC1 DES_INT:${ia64_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
> - "linux-x86_64", "gcc:-m64 -DL_ENDIAN -DTERMIO -O3 -Wall::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_INT DES_UNROLL:${x86_64_asm}:elf:dlfcn:linux-shared:-fPIC:-m64:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR):::64",
> -+"linux-x32", "gcc:-mx32 -DL_ENDIAN -DTERMIO -O3 -Wall -DMD32_REG_T=int::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT RC4_CHUNK DES_INT DES_UNROLL:${x86_64_asm}:elf:dlfcn:linux-shared:-fPIC:-mx32:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR):::x32",
> - "linux64-s390x", "gcc:-m64 -DB_ENDIAN -DTERMIO -O3 -Wall::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHAR RC4_CHUNK DES_INT DES_UNROLL:${s390x_asm}:64:dlfcn:linux-shared:-fPIC:-m64:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR):::64",
> - #### So called "highgprs" target for z/Architecture CPUs
> - # "Highgprs" is kernel feature first implemented in Linux 2.6.32, see
> -Index: openssl-1.0.1e/crypto/bn/asm/x86_64-gcc.c
> -===================================================================
> ---- openssl-1.0.1e.orig/crypto/bn/asm/x86_64-gcc.c
> -+++ openssl-1.0.1e/crypto/bn/asm/x86_64-gcc.c
> -@@ -55,7 +55,7 @@
> - * machine.
> - */
> -
> --#ifdef _WIN64
> -+#if defined _WIN64 || !defined __LP64__
> - #define BN_ULONG unsigned long long
> - #else
> - #define BN_ULONG unsigned long
> -@@ -192,9 +192,9 @@ BN_ULONG bn_add_words (BN_ULONG *rp, con
> - asm (
> - " subq %2,%2 \n"
> - ".p2align 4 \n"
> -- "1: movq (%4,%2,8),%0 \n"
> -- " adcq (%5,%2,8),%0 \n"
> -- " movq %0,(%3,%2,8) \n"
> -+ "1: movq (%q4,%2,8),%0 \n"
> -+ " adcq (%q5,%2,8),%0 \n"
> -+ " movq %0,(%q3,%2,8) \n"
> - " leaq 1(%2),%2 \n"
> - " loop 1b \n"
> - " sbbq %0,%0 \n"
> -@@ -215,9 +215,9 @@ BN_ULONG bn_sub_words (BN_ULONG *rp, con
> - asm (
> - " subq %2,%2 \n"
> - ".p2align 4 \n"
> -- "1: movq (%4,%2,8),%0 \n"
> -- " sbbq (%5,%2,8),%0 \n"
> -- " movq %0,(%3,%2,8) \n"
> -+ "1: movq (%q4,%2,8),%0 \n"
> -+ " sbbq (%q5,%2,8),%0 \n"
> -+ " movq %0,(%q3,%2,8) \n"
> - " leaq 1(%2),%2 \n"
> - " loop 1b \n"
> - " sbbq %0,%0 \n"
> -Index: openssl-1.0.1e/crypto/bn/bn.h
> -===================================================================
> ---- openssl-1.0.1e.orig/crypto/bn/bn.h
> -+++ openssl-1.0.1e/crypto/bn/bn.h
> -@@ -172,6 +172,13 @@ extern "C" {
> +--- openssl-1.0.2.orig/crypto/bn/bn.h
> ++++ openssl-1.0.2/crypto/bn/bn.h
> +@@ -173,6 +173,13 @@ extern "C" {
> + # endif
> # endif
> - #endif
>
> +/* Address type. */
> +#ifdef _WIN64
> @@ -72,19 +21,19 @@ Index: openssl-1.0.1e/crypto/bn/bn.h
> +#define BN_ADDR unsigned long
> +#endif
> +
> - /* assuming long is 64bit - this is the DEC Alpha
> - * unsigned long long is only 64 bits :-(, don't define
> - * BN_LLONG for the DEC Alpha */
> -Index: openssl-1.0.1e/crypto/bn/bn_exp.c
> + /*
> + * assuming long is 64bit - this is the DEC Alpha unsigned long long is only
> + * 64 bits :-(, don't define BN_LLONG for the DEC Alpha
> +Index: openssl-1.0.2/crypto/bn/bn_exp.c
> ===================================================================
> ---- openssl-1.0.1e.orig/crypto/bn/bn_exp.c
> -+++ openssl-1.0.1e/crypto/bn/bn_exp.c
> -@@ -567,7 +567,7 @@ static int MOD_EXP_CTIME_COPY_FROM_PREBU
> -
> - /* Given a pointer value, compute the next address that is a cache line multiple. */
> +--- openssl-1.0.2.orig/crypto/bn/bn_exp.c
> ++++ openssl-1.0.2/crypto/bn/bn_exp.c
> +@@ -638,7 +638,7 @@ static int MOD_EXP_CTIME_COPY_FROM_PREBU
> + * multiple.
> + */
> #define MOD_EXP_CTIME_ALIGN(x_) \
> -- ((unsigned char*)(x_) + (MOD_EXP_CTIME_MIN_CACHE_LINE_WIDTH - (((size_t)(x_)) & (MOD_EXP_CTIME_MIN_CACHE_LINE_MASK))))
> +- ((unsigned char*)(x_) + (MOD_EXP_CTIME_MIN_CACHE_LINE_WIDTH - (((size_t)(x_)) & (MOD_EXP_CTIME_MIN_CACHE_LINE_MASK))))
> + ((unsigned char*)(x_) + (MOD_EXP_CTIME_MIN_CACHE_LINE_WIDTH - (((BN_ADDR)(x_)) & (MOD_EXP_CTIME_MIN_CACHE_LINE_MASK))))
>
> - /* This variant of BN_mod_exp_mont() uses fixed windows and the special
> - * precomputation memory layout to limit data-dependency to a minimum
> + /*
> + * This variant of BN_mod_exp_mont() uses fixed windows and the special
> diff --git a/meta/recipes-connectivity/openssl/openssl/ptest-deps.patch b/meta/recipes-connectivity/openssl/openssl/ptest-deps.patch
> index 527e10c..ef6d179 100644
> --- a/meta/recipes-connectivity/openssl/openssl/ptest-deps.patch
> +++ b/meta/recipes-connectivity/openssl/openssl/ptest-deps.patch
> @@ -10,11 +10,11 @@ Upstream-Status: Inappropriate [config]
>
> Signed-off-by: Paul Eggleton <paul.eggleton@linux.intel.com>
>
> -diff --git a/test/Makefile b/test/Makefile
> -index e6fcfb4..5ae043b 100644
> ---- a/test/Makefile
> -+++ b/test/Makefile
> -@@ -322,11 +322,11 @@ test_cms:
> +Index: openssl-1.0.2/test/Makefile
> +===================================================================
> +--- openssl-1.0.2.orig/test/Makefile
> ++++ openssl-1.0.2/test/Makefile
> +@@ -330,7 +330,7 @@ test_cms: ../apps/openssl$(EXE_EXT) cms-
> @echo "CMS consistency test"
> $(PERL) cms-test.pl
>
> @@ -23,8 +23,12 @@ index e6fcfb4..5ae043b 100644
> @echo "Test SRP"
> ../util/shlib_wrap.sh ./srptest
>
> +@@ -342,7 +342,7 @@ test_v3name: $(V3NAMETEST)$(EXE_EXT)
> + @echo "Test X509v3_check_*"
> + ../util/shlib_wrap.sh ./$(V3NAMETEST)
> +
> -test_heartbeat: $(HEARTBEATTEST)$(EXE_EXT)
> +test_heartbeat:
> ../util/shlib_wrap.sh ./$(HEARTBEATTEST)
>
> - lint:
> + test_constant_time: $(CONSTTIMETEST)$(EXE_EXT)
> diff --git a/meta/recipes-connectivity/openssl/openssl/update-version-script-for-1.0.2.patch b/meta/recipes-connectivity/openssl/openssl/update-version-script-for-1.0.2.patch
> new file mode 100644
> index 0000000..fcfccfa
> --- /dev/null
> +++ b/meta/recipes-connectivity/openssl/openssl/update-version-script-for-1.0.2.patch
> @@ -0,0 +1,66 @@
> +Index: openssl-1.0.2/openssl.ld
> +===================================================================
> +--- openssl-1.0.2.orig/openssl.ld
> ++++ openssl-1.0.2/openssl.ld
> +@@ -4618,3 +4618,61 @@ OPENSSL_1.0.1d {
> + CRYPTO_memcmp;
> + } OPENSSL_1.0.1;
> +
> ++OPENSSL_1.0.2 {
> ++ global:
> ++ ASN1_TIME_diff;
> ++ CMS_RecipientInfo_get0_pkey_ctx;
> ++ CMS_RecipientInfo_kari_get0_ctx;
> ++ CMS_SignerInfo_get0_pkey_ctx;
> ++ DH_get_1024_160;
> ++ DH_get_2048_224;
> ++ DH_get_2048_256;
> ++ DTLS_client_method;
> ++ DTLS_server_method;
> ++ DTLSv1_2_client_method;
> ++ DTLSv1_2_server_method;
> ++ EC_curve_nid2nist;
> ++ EC_curve_nist2nid;
> ++ EVP_aes_128_cbc_hmac_sha256;
> ++ EVP_aes_128_wrap;
> ++ EVP_aes_192_wrap;
> ++ EVP_aes_256_cbc_hmac_sha256;
> ++ EVP_aes_256_wrap;
> ++ EVP_des_ede3_wrap;
> ++ OCSP_REQ_CTX_http;
> ++ OCSP_REQ_CTX_new;
> ++ PEM_write_bio_DHxparams;
> ++ SSL_CIPHER_find;
> ++ SSL_CONF_CTX_finish;
> ++ SSL_CONF_CTX_free;
> ++ SSL_CONF_CTX_new;
> ++ SSL_CONF_CTX_set_flags;
> ++ SSL_CONF_CTX_set_ssl_ctx;
> ++ SSL_CONF_cmd;
> ++ SSL_CONF_cmd_argv;
> ++ SSL_CTX_add_client_custom_ext;
> ++ SSL_CTX_add_server_custom_ext;
> ++ SSL_CTX_set_alpn_protos;
> ++ SSL_CTX_set_alpn_select_cb;
> ++ SSL_CTX_set_cert_cb;
> ++ SSL_CTX_use_serverinfo_file;
> ++ SSL_certs_clear;
> ++ SSL_check_chain;
> ++ SSL_get0_alpn_selected;
> ++ SSL_get_shared_sigalgs;
> ++ SSL_get_sigalgs;
> ++ SSL_is_server;
> ++ X509_CRL_diff;
> ++ X509_CRL_http_nbio;
> ++ X509_STORE_set_lookup_crls_cb;
> ++ X509_VERIFY_PARAM_set1_email;
> ++ X509_VERIFY_PARAM_set1_host;
> ++ X509_VERIFY_PARAM_set1_ip_asc;
> ++ X509_chain_check_suiteb;
> ++ X509_chain_up_ref;
> ++ X509_check_email;
> ++ X509_check_host;
> ++ X509_check_ip_asc;
> ++ X509_get_signature_nid;
> ++ X509_http_nbio;
> ++} OPENSSL_1.0.1d;
> diff --git a/meta/recipes-connectivity/openssl/openssl_1.0.1k.bb b/meta/recipes-connectivity/openssl/openssl_1.0.2.bb
> similarity index 84%
> rename from meta/recipes-connectivity/openssl/openssl_1.0.1k.bb
> rename to meta/recipes-connectivity/openssl/openssl_1.0.2.bb
> index 16ffc58..79537f9 100644
> --- a/meta/recipes-connectivity/openssl/openssl_1.0.1k.bb
> +++ b/meta/recipes-connectivity/openssl/openssl_1.0.2.bb
> @@ -16,21 +16,22 @@ SRC_URI += "file://configure-targets.patch \
> file://oe-ldflags.patch \
> file://engines-install-in-libdir-ssl.patch \
> file://openssl-fix-link.patch \
> - file://debian/version-script.patch \
> - file://debian/pic.patch \
> - file://debian/c_rehash-compat.patch \
> + file://debian1.0.2/block_diginotar.patch \
> + file://debian1.0.2/block_digicert_malaysia.patch \
> + file://debian1.0.2/padlock_conf.patch \
> file://debian/ca.patch \
> - file://debian/make-targets.patch \
> - file://debian/no-rpath.patch \
> + file://debian/c_rehash-compat.patch \
> + file://debian/debian-targets.patch \
> file://debian/man-dir.patch \
> file://debian/man-section.patch \
> + file://debian/no-rpath.patch \
> file://debian/no-symbolic.patch \
> - file://debian/debian-targets.patch \
> + file://debian/pic.patch \
> + file://debian/version-script.patch \
> file://openssl_fix_for_x32.patch \
> file://fix-cipher-des-ede3-cfb1.patch \
> file://openssl-avoid-NULL-pointer-dereference-in-EVP_DigestInit_ex.patch \
> file://openssl-avoid-NULL-pointer-dereference-in-dh_pub_encode.patch \
> - file://initial-aarch64-bits.patch \
> file://find.pl \
> file://openssl-fix-des.pod-error.patch \
> file://Makefiles-ptest.patch \
> @@ -38,8 +39,8 @@ SRC_URI += "file://configure-targets.patch \
> file://run-ptest \
> "
>
> -SRC_URI[md5sum] = "d4f002bd22a56881340105028842ae1f"
> -SRC_URI[sha256sum] = "8f9faeaebad088e772f4ef5e38252d472be4d878c6b3a2718c10a4fcebe7a41c"
> +SRC_URI[md5sum] = "38373013fc85c790aabf8837969c5eba"
> +SRC_URI[sha256sum] = "8c48baf3babe0d505d16cfc0cf272589c66d3624264098213db0fb00034728e9"
>
> PACKAGES =+ " \
> ${PN}-engines \
>
^ permalink raw reply [flat|nested] 6+ messages in thread
* Re: [PATCH] openssl: Upgrade to 1.0.2
2015-03-12 6:18 ` Robert Yang
@ 2015-03-12 19:17 ` Saul Wold
2015-03-16 6:21 ` Robert Yang
2015-03-13 13:46 ` Martin Jansa
1 sibling, 1 reply; 6+ messages in thread
From: Saul Wold @ 2015-03-12 19:17 UTC (permalink / raw)
To: Robert Yang, openembedded-core
On 03/11/2015 11:18 PM, Robert Yang wrote:
>
> I met this error when building openflow in meta-networking, I guess it
> maybe
> related to the upgraded:
>
> x86_64-wrs-linux-gcc -m64 -march=core2 -mtune=core2 -msse3 -mfpmath=sse
> --sysroot=/buildarea/lyang1/test_qemux86-64/bitbake_build/tmp/sysroots/qemux86-64
> -Wstrict-prototypes -O2 -pipe -g -feliminate-unused-debug-types -Wall
> -Wno-sign-compare -Wpointer-arith -Wdeclaration-after-statement
> -Wformat-security -Wswitch-enum -Wunused-parameter -Wstrict-aliasing
> -Wbad-function-cast -Wcast-align -Wstrict-prototypes
> -Wold-style-definition -Wmissing-prototypes -Wmissing-field-initializers
> -Wno-override-init -export-dynamic -Wl,-O1 -Wl,--hash-style=gnu
> -Wl,--as-needed -o secchan/ofprotocol secchan/discovery.o
> secchan/emerg-flow.o secchan/fail-open.o secchan/failover.o
> secchan/in-band.o secchan/port-watcher.o secchan/protocol-stat.o
> secchan/ratelimit.o secchan/secchan.o secchan/status.o
> secchan/stp-secchan.o lib/libopenflow.a -ldl
> -L/buildarea/lyang1/test_qemux86-64/bitbake_build/tmp/sysroots/qemux86-64/usr/lib64
> -lssl
> /buildarea/lyang1/test_qemux86-64/bitbake_build/tmp/sysroots/x86_64-linux/usr/libexec/x86_64-wrs-linux/gcc/x86_64-wrs-linux/4.9.2/ld:
> lib/libopenflow.a(vconn-ssl.o): undefined reference to symbol
> 'ERR_error_string@@OPENSSL_1.0.0'
> /buildarea/lyang1/test_qemux86-64/bitbake_build/tmp/sysroots/qemux86-64/lib64/libcrypto.so.1.0.0:
> error adding symbols: DSO missing from command line
> collect2: error: ld returned 1 exit status
>
Robert, I am not sure about this, I just verified that ERR_error_string
is a valid symbol in libcrypto.so, maybe you nbeed to have -lcrypto in
addition to the -lssl on the command line for building openflow? I don't
see it explicitly and maybe that's needed.
Sau!
^ permalink raw reply [flat|nested] 6+ messages in thread
* Re: [PATCH] openssl: Upgrade to 1.0.2
2015-03-12 6:18 ` Robert Yang
2015-03-12 19:17 ` Saul Wold
@ 2015-03-13 13:46 ` Martin Jansa
2015-03-16 5:41 ` Saul Wold
1 sibling, 1 reply; 6+ messages in thread
From: Martin Jansa @ 2015-03-13 13:46 UTC (permalink / raw)
To: Robert Yang; +Cc: openembedded-core
[-- Attachment #1: Type: text/plain, Size: 91690 bytes --]
On Thu, Mar 12, 2015 at 02:18:27PM +0800, Robert Yang wrote:
>
> I met this error when building openflow in meta-networking, I guess it maybe
> related to the upgraded:
>
> x86_64-wrs-linux-gcc -m64 -march=core2 -mtune=core2 -msse3 -mfpmath=sse
> --sysroot=/buildarea/lyang1/test_qemux86-64/bitbake_build/tmp/sysroots/qemux86-64 -Wstrict-prototypes
> -O2 -pipe -g -feliminate-unused-debug-types -Wall -Wno-sign-compare
> -Wpointer-arith -Wdeclaration-after-statement -Wformat-security -Wswitch-enum
> -Wunused-parameter -Wstrict-aliasing -Wbad-function-cast -Wcast-align
> -Wstrict-prototypes -Wold-style-definition -Wmissing-prototypes
> -Wmissing-field-initializers -Wno-override-init -export-dynamic -Wl,-O1
> -Wl,--hash-style=gnu -Wl,--as-needed -o secchan/ofprotocol secchan/discovery.o
> secchan/emerg-flow.o secchan/fail-open.o secchan/failover.o secchan/in-band.o
> secchan/port-watcher.o secchan/protocol-stat.o secchan/ratelimit.o
> secchan/secchan.o secchan/status.o secchan/stp-secchan.o lib/libopenflow.a -ldl
> -L/buildarea/lyang1/test_qemux86-64/bitbake_build/tmp/sysroots/qemux86-64/usr/lib64
> -lssl
> /buildarea/lyang1/test_qemux86-64/bitbake_build/tmp/sysroots/x86_64-linux/usr/libexec/x86_64-wrs-linux/gcc/x86_64-wrs-linux/4.9.2/ld:
> lib/libopenflow.a(vconn-ssl.o): undefined reference to symbol
> 'ERR_error_string@@OPENSSL_1.0.0'
> /buildarea/lyang1/test_qemux86-64/bitbake_build/tmp/sysroots/qemux86-64/lib64/libcrypto.so.1.0.0:
> error adding symbols: DSO missing from command line
> collect2: error: ld returned 1 exit status
python-pyopenssl is also failing since this upgrade:
| x86_64-oe-linux-gcc -m64 -march=core2 -mtune=core2 -msse3 -mfpmath=sse --sysroot=/home/jenkins/oe/world/shr-core/tmp-glibc/sysroots/qemux86-64 -DNDEBUG -g -O3 -Wall -Wstrict-prototypes -O2 -pipe -g -feliminate-unused-debug-types -fPIC -I/home/jenkins/oe/world/shr-core/tmp-glibc/sysroots/qemux86-64/usr/include/python2.7 -c OpenSSL/crypto/crl.c -o build/temp.linux-x86_64-2.7/OpenSSL/crypto/crl.o
| OpenSSL/crypto/crl.c:6:23: error: static declaration of 'X509_REVOKED_dup' follows non-static declaration
| static X509_REVOKED * X509_REVOKED_dup(X509_REVOKED *orig) {
| ^
| In file included from /home/jenkins/oe/world/shr-core/tmp-glibc/sysroots/qemux86-64/usr/include/openssl/ssl.h:156:0,
| from OpenSSL/crypto/x509.h:17,
| from OpenSSL/crypto/crypto.h:30,
| from OpenSSL/crypto/crl.c:3:
| /home/jenkins/oe/world/shr-core/tmp-glibc/sysroots/qemux86-64/usr/include/openssl/x509.h:751:15: note: previous declaration of 'X509_REVOKED_dup' was here
| X509_REVOKED *X509_REVOKED_dup(X509_REVOKED *rev);
| ^
| OpenSSL/crypto/crl.c: In function 'init_crypto_crl':
| OpenSSL/crypto/crl.c:285:5: warning: dereferencing type-punned pointer will break strict-aliasing rules [-Wstrict-aliasing]
| Py_INCREF((PyObject *)&crypto_CRL_Type);
| ^
| error: command 'x86_64-oe-linux-gcc' failed with exit status 1
| ERROR: python setup.py build_ext execution failed.
| WARNING: exit code 1 from a shell command.
| ERROR: Function failed: do_compile (log file is located at /home/jenkins/oe/world/shr-core/tmp-glibc/work/core2-64-oe-linux/python-pyopenssl/0.13-r1/temp/log.do_compile.21838)
NOTE: recipe python-pyopenssl-0.13-r1: task do_compile: Failed
ERROR: Task 19005 (/home/jenkins/oe/world/shr-core/meta-openembedded/meta-oe/recipes-devtools/python/python-pyopenssl_0.13.bb, do_compile) failed with exit code '1'
>
> // Robert
>
> On 03/05/2015 01:46 AM, Saul Wold wrote:
> > Rebased numerous patches
> > removed aarch64 initial work since it's part of upstream now
> > Imported a few additional patches from Debian to support the version-script
> > and blacklist additional bad certificates.
> >
> > Signed-off-by: Saul Wold <sgw@linux.intel.com>
> > ---
> > .../openssl/openssl/Makefiles-ptest.patch | 36 +--
> > .../openssl/openssl/debian/c_rehash-compat.patch | 58 +++-
> > .../openssl/openssl/debian/debian-targets.patch | 25 +-
> > .../openssl/openssl/debian/version-script.patch | 311 ++++++++++-----------
> > .../debian1.0.2/block_digicert_malaysia.patch | 29 ++
> > .../openssl/debian1.0.2/block_diginotar.patch | 67 +++++
> > .../openssl/openssl/debian1.0.2/padlock_conf.patch | 31 ++
> > .../openssl/engines-install-in-libdir-ssl.patch | 42 +--
> > .../openssl/openssl/fix-cipher-des-ede3-cfb1.patch | 21 +-
> > .../openssl/openssl/initial-aarch64-bits.patch | 120 --------
> > ...-pointer-dereference-in-EVP_DigestInit_ex.patch | 22 +-
> > ...NULL-pointer-dereference-in-dh_pub_encode.patch | 41 +--
> > .../openssl/openssl/openssl_fix_for_x32.patch | 85 ++----
> > .../openssl/openssl/ptest-deps.patch | 16 +-
> > .../openssl/update-version-script-for-1.0.2.patch | 66 +++++
> > .../{openssl_1.0.1k.bb => openssl_1.0.2.bb} | 19 +-
> > 16 files changed, 522 insertions(+), 467 deletions(-)
> > create mode 100644 meta/recipes-connectivity/openssl/openssl/debian1.0.2/block_digicert_malaysia.patch
> > create mode 100644 meta/recipes-connectivity/openssl/openssl/debian1.0.2/block_diginotar.patch
> > create mode 100644 meta/recipes-connectivity/openssl/openssl/debian1.0.2/padlock_conf.patch
> > delete mode 100644 meta/recipes-connectivity/openssl/openssl/initial-aarch64-bits.patch
> > create mode 100644 meta/recipes-connectivity/openssl/openssl/update-version-script-for-1.0.2.patch
> > rename meta/recipes-connectivity/openssl/{openssl_1.0.1k.bb => openssl_1.0.2.bb} (84%)
> >
> > diff --git a/meta/recipes-connectivity/openssl/openssl/Makefiles-ptest.patch b/meta/recipes-connectivity/openssl/openssl/Makefiles-ptest.patch
> > index ac53a91..249446a 100644
> > --- a/meta/recipes-connectivity/openssl/openssl/Makefiles-ptest.patch
> > +++ b/meta/recipes-connectivity/openssl/openssl/Makefiles-ptest.patch
> > @@ -5,10 +5,11 @@ Signed-off-by: Anders Roxell <anders.roxell@enea.com>
> > Signed-off-by: Maxin B. John <maxin.john@enea.com>
> > Upstream-Status: Pending
> > ---
> > -diff -uNr a/Makefile b/Makefile
> > ---- a/Makefile.org 2012-05-10 17:06:02.000000000 +0200
> > -+++ b/Makefile.org 2012-10-27 00:05:55.359424024 +0200
> > -@@ -411,8 +411,16 @@
> > +Index: openssl-1.0.2/Makefile.org
> > +===================================================================
> > +--- openssl-1.0.2.orig/Makefile.org
> > ++++ openssl-1.0.2/Makefile.org
> > +@@ -451,8 +451,16 @@ rehash.time: certs apps
> > test: tests
> >
> > tests: rehash
> > @@ -26,11 +27,11 @@ diff -uNr a/Makefile b/Makefile
> > OPENSSL_CONF=apps/openssl.cnf util/opensslwrap.sh version -a
> >
> > report:
> > -diff --git a/test/Makefile b/test/Makefile
> > -index 3912f82..1696767 100644
> > ---- a/test/Makefile
> > -+++ b/test/Makefile
> > -@@ -128,7 +128,7 @@ tests: exe apps $(TESTS)
> > +Index: openssl-1.0.2/test/Makefile
> > +===================================================================
> > +--- openssl-1.0.2.orig/test/Makefile
> > ++++ openssl-1.0.2/test/Makefile
> > +@@ -137,7 +137,7 @@ tests: exe apps $(TESTS)
> > apps:
> > @(cd ..; $(MAKE) DIRS=apps all)
> >
> > @@ -39,28 +40,28 @@ index 3912f82..1696767 100644
> > test_des test_idea test_sha test_md4 test_md5 test_hmac \
> > test_md2 test_mdc2 test_wp \
> > test_rmd test_rc2 test_rc4 test_rc5 test_bf test_cast test_aes \
> > -@@ -138,6 +138,11 @@ alltests: \
> > - test_ss test_ca test_engine test_evp test_ssl test_tsa test_ige \
> > - test_jpake test_cms
> > +@@ -148,6 +148,11 @@ alltests: \
> > + test_jpake test_srp test_cms test_ocsp test_v3name test_heartbeat \
> > + test_constant_time
> >
> > +alltests:
> > + @(for i in $(all-tests); do \
> > + ( $(MAKE) $$i && echo "PASS: $$i" ) || echo "FAIL: $$i"; \
> > + done)
> > +
> > - test_evp:
> > + test_evp: $(EVPTEST)$(EXE_EXT) evptests.txt
> > ../util/shlib_wrap.sh ./$(EVPTEST) evptests.txt
> >
> > -@@ -203,7 +208,7 @@ test_x509:
> > +@@ -213,7 +218,7 @@ test_x509: ../apps/openssl$(EXE_EXT) tx5
> > echo test second x509v3 certificate
> > sh ./tx509 v3-cert2.pem 2>/dev/null
> >
> > --test_rsa: $(RSATEST)$(EXE_EXT)
> > -+test_rsa:
> > +-test_rsa: $(RSATEST)$(EXE_EXT) ../apps/openssl$(EXE_EXT) trsa testrsa.pem
> > ++test_rsa: ../apps/openssl$(EXE_EXT) trsa testrsa.pem
> > @sh ./trsa 2>/dev/null
> > ../util/shlib_wrap.sh ./$(RSATEST)
> >
> > -@@ -298,11 +303,11 @@ test_tsa:
> > +@@ -313,11 +318,11 @@ test_tsa: ../apps/openssl$(EXE_EXT) test
> > sh ./testtsa; \
> > fi
> >
> > @@ -73,3 +74,4 @@ index 3912f82..1696767 100644
> > +test_jpake:
> > @echo "Test JPAKE"
> > ../util/shlib_wrap.sh ./$(JPAKETEST)
> > +
> > diff --git a/meta/recipes-connectivity/openssl/openssl/debian/c_rehash-compat.patch b/meta/recipes-connectivity/openssl/openssl/debian/c_rehash-compat.patch
> > index ac1b19b..3943e2c 100644
> > --- a/meta/recipes-connectivity/openssl/openssl/debian/c_rehash-compat.patch
> > +++ b/meta/recipes-connectivity/openssl/openssl/debian/c_rehash-compat.patch
> > @@ -1,38 +1,58 @@
> > -Upstream-Status: Backport [debian]
> > -
> > From 83f318d68bbdab1ca898c94576a838cc97df4700 Mon Sep 17 00:00:00 2001
> > From: Ludwig Nussel <ludwig.nussel@suse.de>
> > Date: Wed, 21 Apr 2010 15:52:10 +0200
> > Subject: [PATCH] also create old hash for compatibility
> >
> > +Upstream-Status: Backport [debian]
> > +
> > ---
> > tools/c_rehash.in | 8 +++++++-
> > 1 files changed, 7 insertions(+), 1 deletions(-)
> >
> > -Index: openssl-1.0.0d/tools/c_rehash.in
> > +Index: openssl-1.0.2~beta3/tools/c_rehash.in
> > ===================================================================
> > ---- openssl-1.0.0d.orig/tools/c_rehash.in 2011-04-13 20:41:28.000000000 +0000
> > -+++ openssl-1.0.0d/tools/c_rehash.in 2011-04-13 20:41:28.000000000 +0000
> > -@@ -86,6 +86,7 @@
> > - }
> > +--- openssl-1.0.2~beta3.orig/tools/c_rehash.in
> > ++++ openssl-1.0.2~beta3/tools/c_rehash.in
> > +@@ -8,8 +8,6 @@ my $prefix;
> > +
> > + my $openssl = $ENV{OPENSSL} || "openssl";
> > + my $pwd;
> > +-my $x509hash = "-subject_hash";
> > +-my $crlhash = "-hash";
> > + my $verbose = 0;
> > + my $symlink_exists=eval {symlink("",""); 1};
> > + my $removelinks = 1;
> > +@@ -18,10 +16,7 @@ my $removelinks = 1;
> > + while ( $ARGV[0] =~ '-.*' ) {
> > + my $flag = shift @ARGV;
> > + last if ( $flag eq '--');
> > +- if ( $flag =~ /-old/) {
> > +- $x509hash = "-subject_hash_old";
> > +- $crlhash = "-hash_old";
> > +- } elsif ( $flag =~ /-h/) {
> > ++ if ( $flag =~ /-h/) {
> > + help();
> > + } elsif ( $flag eq '-n' ) {
> > + $removelinks = 0;
> > +@@ -113,7 +108,9 @@ sub hash_dir {
> > + next;
> > }
> > link_hash_cert($fname) if($cert);
> > + link_hash_cert_old($fname) if($cert);
> > link_hash_crl($fname) if($crl);
> > ++ link_hash_crl_old($fname) if($crl);
> > }
> > }
> > -@@ -119,8 +120,9 @@
> > +
> > +@@ -146,6 +143,7 @@ sub check_file {
> >
> > sub link_hash_cert {
> > my $fname = $_[0];
> > -+ my $hashopt = $_[1] || '-subject_hash';
> > ++ my $x509hash = $_[1] || '-subject_hash';
> > $fname =~ s/'/'\\''/g;
> > -- my ($hash, $fprint) = `"$openssl" x509 -hash -fingerprint -noout -in "$fname"`;
> > -+ my ($hash, $fprint) = `"$openssl" x509 $hashopt -fingerprint -noout -in "$fname"`;
> > + my ($hash, $fprint) = `"$openssl" x509 $x509hash -fingerprint -noout -in "$fname"`;
> > chomp $hash;
> > - chomp $fprint;
> > - $fprint =~ s/^.*=//;
> > -@@ -150,6 +152,10 @@
> > +@@ -177,10 +175,20 @@ sub link_hash_cert {
> > $hashlist{$hash} = $fprint;
> > }
> >
> > @@ -40,6 +60,16 @@ Index: openssl-1.0.0d/tools/c_rehash.in
> > + link_hash_cert($_[0], '-subject_hash_old');
> > +}
> > +
> > ++sub link_hash_crl_old {
> > ++ link_hash_crl($_[0], '-hash_old');
> > ++}
> > ++
> > ++
> > # Same as above except for a CRL. CRL links are of the form <hash>.r<n>
> >
> > sub link_hash_crl {
> > + my $fname = $_[0];
> > ++ my $crlhash = $_[1] || "-hash";
> > + $fname =~ s/'/'\\''/g;
> > + my ($hash, $fprint) = `"$openssl" crl $crlhash -fingerprint -noout -in '$fname'`;
> > + chomp $hash;
> > diff --git a/meta/recipes-connectivity/openssl/openssl/debian/debian-targets.patch b/meta/recipes-connectivity/openssl/openssl/debian/debian-targets.patch
> > index 8101edf..39d4328 100644
> > --- a/meta/recipes-connectivity/openssl/openssl/debian/debian-targets.patch
> > +++ b/meta/recipes-connectivity/openssl/openssl/debian/debian-targets.patch
> > @@ -1,12 +1,12 @@
> > Upstream-Status: Backport [debian]
> >
> > -Index: openssl-1.0.1/Configure
> > +Index: openssl-1.0.2/Configure
> > ===================================================================
> > ---- openssl-1.0.1.orig/Configure 2012-03-17 15:37:54.000000000 +0000
> > -+++ openssl-1.0.1/Configure 2012-03-17 16:13:49.000000000 +0000
> > -@@ -105,6 +105,10 @@
> > +--- openssl-1.0.2.orig/Configure
> > ++++ openssl-1.0.2/Configure
> > +@@ -107,6 +107,10 @@ my $gcc_devteam_warn = "-Wall -pedantic
> >
> > - my $gcc_devteam_warn = "-Wall -pedantic -DPEDANTIC -Wno-long-long -Wsign-compare -Wmissing-prototypes -Wshadow -Wformat -Werror -DCRYPTO_MDEBUG_ALL -DCRYPTO_MDEBUG_ABORT -DREF_CHECK -DOPENSSL_NO_DEPRECATED";
> > + my $clang_disabled_warnings = "-Wno-language-extension-token -Wno-extended-offsetof -Wno-padded -Wno-shorten-64-to-32 -Wno-format-nonliteral -Wno-missing-noreturn -Wno-unused-parameter -Wno-sign-conversion -Wno-unreachable-code -Wno-conversion -Wno-documentation -Wno-missing-variable-declarations -Wno-cast-align -Wno-incompatible-pointer-types-discards-qualifiers -Wno-missing-variable-declarations -Wno-missing-field-initializers -Wno-unused-macros -Wno-disabled-macro-expansion -Wno-conditional-uninitialized -Wno-switch-enum";
> >
> > +# There are no separate CFLAGS/CPPFLAGS/LDFLAGS, set everything in CFLAGS
> > +my $debian_cflags = `dpkg-buildflags --get CFLAGS` . `dpkg-buildflags --get CPPFLAGS` . `dpkg-buildflags --get LDFLAGS` . "-Wa,--noexecstack -Wall";
> > @@ -15,7 +15,7 @@ Index: openssl-1.0.1/Configure
> > my $strict_warnings = 0;
> >
> > my $x86_gcc_des="DES_PTR DES_RISC1 DES_UNROLL";
> > -@@ -338,6 +342,48 @@
> > +@@ -343,6 +347,55 @@ my %table=(
> > "osf1-alpha-cc", "cc:-std1 -tune host -O4 -readonly_strings::(unknown):::SIXTY_FOUR_BIT_LONG RC4_CHUNK:${alpha_asm}:dlfcn:alpha-osf1-shared:::.so",
> > "tru64-alpha-cc", "cc:-std1 -tune host -fast -readonly_strings::-pthread:::SIXTY_FOUR_BIT_LONG RC4_CHUNK:${alpha_asm}:dlfcn:alpha-osf1-shared::-msym:.so",
> >
> > @@ -23,9 +23,9 @@ Index: openssl-1.0.1/Configure
> > +"debian-alpha","gcc:-DTERMIO ${debian_cflags}::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_RISC1 DES_UNROLL:${alpha_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
> > +"debian-alpha-ev4","gcc:-DTERMIO ${debian_cflags} -mcpu=ev4::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_RISC1 DES_UNROLL:${alpha_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
> > +"debian-alpha-ev5","gcc:-DTERMIO ${debian_cflags} -mcpu=ev5::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_RISC1 DES_UNROLL:${alpha_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
> > -+"debian-armeb","gcc:-DB_ENDIAN -DTERMIO ${debian_cflags}::-D_REENTRANT::-ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_INT DES_UNROLL BF_PTR:${no_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
> > -+"debian-armel","gcc:-DL_ENDIAN -DTERMIO ${debian_cflags}::-D_REENTRANT::-ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_INT DES_UNROLL BF_PTR:${no_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
> > -+"debian-armhf","gcc:-DL_ENDIAN -DTERMIO ${debian_cflags}::-D_REENTRANT::-ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_INT DES_UNROLL BF_PTR:${no_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
> > ++"debian-arm64","gcc:-DL_ENDIAN -DTERMIO ${debian_cflags}::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHAR RC4_CHUNK DES_INT DES_UNROLL BF_PTR:${no_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
> > ++"debian-armel","gcc:-DL_ENDIAN -DTERMIO ${debian_cflags}::-D_REENTRANT::-ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_INT DES_UNROLL BF_PTR:${armv4_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
> > ++"debian-armhf","gcc:-DL_ENDIAN -DTERMIO ${debian_cflags}::-D_REENTRANT::-ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_INT DES_UNROLL BF_PTR:${armv4_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
> > +"debian-amd64", "gcc:-m64 -DL_ENDIAN -DTERMIO ${debian_cflags} -DMD32_REG_T=int::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_INT DES_UNROLL:${x86_64_asm}:elf:dlfcn:linux-shared:-fPIC:-m64:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR):::",
> > +"debian-avr32", "gcc:-DB_ENDIAN -DTERMIO ${debian_cflags} -fomit-frame-pointer::-D_REENTRANT::-ldl:BN_LLONG_BF_PTR:${no_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
> > +"debian-kfreebsd-amd64","gcc:-m64 -DL_ENDIAN -DTERMIOS ${debian_cflags} -DMD32_REG_T=int::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_INT DES_UNROLL:${x86_64_asm}:elf:dlfcn:linux-shared:-fPIC:-m64:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
> > @@ -40,15 +40,21 @@ Index: openssl-1.0.1/Configure
> > +"debian-m68k","gcc:-DB_ENDIAN -DTERMIO ${debian_cflags}::-D_REENTRANT::-ldl:BN_LLONG MD2_CHAR RC4_INDEX:${no_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
> > +"debian-mips", "gcc:-DB_ENDIAN -DTERMIO ${debian_cflags}::-D_REENTRANT::-ldl:BN_LLONG RC2_CHAR RC4_INDEX DES_INT DES_UNROLL DES_RISC2:${no_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
> > +"debian-mipsel", "gcc:-DL_ENDIAN -DTERMIO ${debian_cflags}::-D_REENTRANT::-ldl:BN_LLONG RC2_CHAR RC4_INDEX DES_INT DES_UNROLL DES_RISC2:${no_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
> > ++"debian-mipsn32", "mips64-linux-gnuabin32-gcc:-DB_ENDIAN -DTERMIO ${debian_cflags}::-D_REENTRANT::-ldl:BN_LLONG RC2_CHAR RC4_INDEX DES_INT DES_UNROLL DES_RISC2:${no_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
> > ++"debian-mipsn32el", "mips64el-linux-gnuabin32-gcc:-DL_ENDIAN -DTERMIO ${debian_cflags}::-D_REENTRANT::-ldl:BN_LLONG RC2_CHAR RC4_INDEX DES_INT DES_UNROLL DES_RISC2:${no_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
> > ++"debian-mips64", "mips64-linux-gnuabi64-gcc:-DB_ENDIAN -DTERMIO ${debian_cflags}::-D_REENTRANT::-ldl:BN_LLONG RC2_CHAR RC4_INDEX DES_INT DES_UNROLL DES_RISC2:${no_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
> > ++"debian-mips64el", "mips64el-linux-gnuabi64-gcc:-DL_ENDIAN -DTERMIO ${debian_cflags}::-D_REENTRANT::-ldl:BN_LLONG RC2_CHAR RC4_INDEX DES_INT DES_UNROLL DES_RISC2:${no_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
> > +"debian-netbsd-i386", "gcc:-DL_ENDIAN -DTERMIOS ${debian_cflags} -m486::(unknown):::BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${no_asm}:dlfcn:bsd-gcc-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
> > +"debian-netbsd-m68k", "gcc:-DB_ENDIAN -DTERMIOS ${debian_cflags}::(unknown):::BN_LLONG MD2_CHAR RC4_INDEX DES_UNROLL:${no_asm}:dlfcn:bsd-gcc-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
> > +"debian-netbsd-sparc", "gcc:-DB_ENDIAN -DTERMIOS ${debian_cflags} -mv8::(unknown):::BN_LLONG MD2_CHAR RC4_INDEX DES_UNROLL:${no_asm}:dlfcn:bsd-gcc-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
> > +"debian-openbsd-alpha","gcc:-DTERMIOS ${debian_cflags}::(unknown):::SIXTY_FOUR_BIT_LONG DES_INT DES_PTR DES_RISC2:${no_asm}:dlfcn:bsd-gcc-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
> > +"debian-openbsd-i386", "gcc:-DL_ENDIAN -DTERMIOS ${debian_cflags} -m486::(unknown):::BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_asm}:a.out:dlfcn:bsd-gcc-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
> > +"debian-openbsd-mips","gcc:-DL_ENDIAN ${debian_cflags}::(unknown)::BN_LLONG MD2_CHAR RC4_INDEX RC4_CHAR DES_UNROLL DES_RISC2 DES_PTR BF_PTR:${no_asm}:dlfcn:bsd-gcc-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
> > ++"debian-or1k", "gcc:-DB_ENDIAN -DTERMIO ${debian_cflags}::-D_REENTRANT::-ldl:BN_LLONG DES_RISC1:${no_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
> > +"debian-powerpc","gcc:-DB_ENDIAN -DTERMIO ${debian_cflags}::-D_REENTRANT::-ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_RISC1 DES_UNROLL:${ppc32_asm}:linux32:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
> > +"debian-powerpcspe","gcc:-DB_ENDIAN -DTERMIO ${debian_cflags}::-D_REENTRANT::-ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_RISC1 DES_UNROLL:${ppc32_asm}:linux32:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
> > +"debian-ppc64","gcc:-m64 -DB_ENDIAN -DTERMIO ${debian_cflags}::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHAR RC4_CHUNK DES_RISC1 DES_UNROLL:${ppc64_asm}:linux64:dlfcn:linux-shared:-fPIC:-m64:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
> > ++"debian-ppc64el","gcc:-m64 -DL_ENDIAN -DTERMIO ${debian_cflags}::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHAR RC4_CHUNK DES_RISC1 DES_UNROLL:${ppc64_asm}:linux64le:dlfcn:linux-shared:-fPIC:-m64:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
> > +"debian-s390","gcc:-DB_ENDIAN -DTERMIO ${debian_cflags}::-D_REENTRANT::-ldl:RC4_CHAR RC4_CHUNK DES_INT DES_UNROLL:${no_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
> > +"debian-s390x","gcc:-DB_ENDIAN -DTERMIO ${debian_cflags}::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHAR RC4_CHUNK DES_INT DES_UNROLL:${no_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
> > +"debian-sh3", "gcc:-DL_ENDIAN -DTERMIO ${debian_cflags}::-D_REENTRANT::-ldl:BN_LLONG:${no_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
> > @@ -60,6 +66,7 @@ Index: openssl-1.0.1/Configure
> > +"debian-sparc-v8","gcc:-DB_ENDIAN -DTERMIO ${debian_cflags} -mcpu=v8 -DBN_DIV2W::-D_REENTRANT::-ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_UNROLL BF_PTR:${sparcv8_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
> > +"debian-sparc-v9","gcc:-DB_ENDIAN -DTERMIO ${debian_cflags} -mcpu=v9 -Wa,-Av8plus -DULTRASPARC -DBN_DIV2W::-D_REENTRANT::-ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_UNROLL BF_PTR:${sparcv9_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
> > +"debian-sparc64","gcc:-m64 -DB_ENDIAN -DTERMIO ${debian_cflags} -DULTRASPARC -DBN_DIV2W::-D_REENTRANT::-ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_INT DES_PTR DES_RISC1 DES_UNROLL BF_PTR:${sparcv9_asm}:dlfcn:linux-shared:-fPIC:-m64:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
> > ++"debian-x32","gcc:-mx32 -DL_ENDIAN -DTERMIO ${debian_cflags} -DMD32_REG_T=int::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT RC4_CHUNK DES_INT DES_UNROLL:${x86_64_asm}:elf:dlfcn:linux-shared:-fPIC:-mx32:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR):::x32",
> > +
> > ####
> > #### Variety of LINUX:-)
> > diff --git a/meta/recipes-connectivity/openssl/openssl/debian/version-script.patch b/meta/recipes-connectivity/openssl/openssl/debian/version-script.patch
> > index ece8b9b..a249180 100644
> > --- a/meta/recipes-connectivity/openssl/openssl/debian/version-script.patch
> > +++ b/meta/recipes-connectivity/openssl/openssl/debian/version-script.patch
> > @@ -1,10 +1,8 @@
> > -Upstream-Status: Backport [debian]
> > -
> > -Index: openssl-1.0.1d/Configure
> > +Index: openssl-1.0.2~beta1.obsolete.0.0498436515490575/Configure
> > ===================================================================
> > ---- openssl-1.0.1d.orig/Configure 2013-02-06 19:41:43.000000000 +0100
> > -+++ openssl-1.0.1d/Configure 2013-02-06 19:41:43.000000000 +0100
> > -@@ -1621,6 +1621,8 @@
> > +--- openssl-1.0.2~beta1.obsolete.0.0498436515490575.orig/Configure 2014-02-24 21:02:30.000000000 +0100
> > ++++ openssl-1.0.2~beta1.obsolete.0.0498436515490575/Configure 2014-02-24 21:02:30.000000000 +0100
> > +@@ -1651,6 +1651,8 @@
> > }
> > }
> >
> > @@ -13,11 +11,11 @@ Index: openssl-1.0.1d/Configure
> > open(IN,'<Makefile.org') || die "unable to read Makefile.org:$!\n";
> > unlink("$Makefile.new") || die "unable to remove old $Makefile.new:$!\n" if -e "$Makefile.new";
> > open(OUT,">$Makefile.new") || die "unable to create $Makefile.new:$!\n";
> > -Index: openssl-1.0.1d/openssl.ld
> > +Index: openssl-1.0.2~beta1.obsolete.0.0498436515490575/openssl.ld
> > ===================================================================
> > --- /dev/null 1970-01-01 00:00:00.000000000 +0000
> > -+++ openssl-1.0.1d/openssl.ld 2013-02-06 19:44:25.000000000 +0100
> > -@@ -0,0 +1,4620 @@
> > ++++ openssl-1.0.2~beta1.obsolete.0.0498436515490575/openssl.ld 2014-02-24 22:19:08.601827266 +0100
> > +@@ -0,0 +1,4615 @@
> > +OPENSSL_1.0.0 {
> > + global:
> > + BIO_f_ssl;
> > @@ -2229,20 +2227,16 @@ Index: openssl-1.0.1d/openssl.ld
> > + ERR_load_COMP_strings;
> > + PKCS12_item_decrypt_d2i;
> > + ASN1_UTF8STRING_it;
> > -+ ASN1_UTF8STRING_it;
> > + ENGINE_unregister_ciphers;
> > + ENGINE_get_ciphers;
> > + d2i_OCSP_BASICRESP;
> > + KRB5_CHECKSUM_it;
> > -+ KRB5_CHECKSUM_it;
> > + EC_POINT_add;
> > + ASN1_item_ex_i2d;
> > + OCSP_CERTID_it;
> > -+ OCSP_CERTID_it;
> > + d2i_OCSP_RESPBYTES;
> > + X509V3_add1_i2d;
> > + PKCS7_ENVELOPE_it;
> > -+ PKCS7_ENVELOPE_it;
> > + UI_add_input_boolean;
> > + ENGINE_unregister_RSA;
> > + X509V3_EXT_nconf;
> > @@ -2254,19 +2248,15 @@ Index: openssl-1.0.1d/openssl.ld
> > + ENGINE_register_all_RAND;
> > + ENGINE_load_dynamic;
> > + PBKDF2PARAM_it;
> > -+ PBKDF2PARAM_it;
> > + EXTENDED_KEY_USAGE_new;
> > + EC_GROUP_clear_free;
> > + OCSP_sendreq_bio;
> > + ASN1_item_digest;
> > + OCSP_BASICRESP_delete_ext;
> > + OCSP_SIGNATURE_it;
> > -+ OCSP_SIGNATURE_it;
> > -+ X509_CRL_it;
> > + X509_CRL_it;
> > + OCSP_BASICRESP_add_ext;
> > + KRB5_ENCKEY_it;
> > -+ KRB5_ENCKEY_it;
> > + UI_method_set_closer;
> > + X509_STORE_set_purpose;
> > + i2d_ASN1_GENERALSTRING;
> > @@ -2277,7 +2267,6 @@ Index: openssl-1.0.1d/openssl.ld
> > + OCSP_REQUEST_get_ext_by_OBJ;
> > + _ossl_old_des_random_key;
> > + ASN1_T61STRING_it;
> > -+ ASN1_T61STRING_it;
> > + EC_GROUP_method_of;
> > + i2d_KRB5_APREQ;
> > + _ossl_old_des_encrypt;
> > @@ -2293,7 +2282,6 @@ Index: openssl-1.0.1d/openssl.ld
> > + OCSP_SINGLERESP_get_ext_count;
> > + UI_ctrl;
> > + _shadow_DES_rw_mode;
> > -+ _shadow_DES_rw_mode;
> > + asn1_do_adb;
> > + ASN1_template_i2d;
> > + ENGINE_register_DH;
> > @@ -2307,8 +2295,6 @@ Index: openssl-1.0.1d/openssl.ld
> > + KRB5_ENCKEY_free;
> > + OCSP_resp_get0;
> > + GENERAL_NAME_it;
> > -+ GENERAL_NAME_it;
> > -+ ASN1_GENERALIZEDTIME_it;
> > + ASN1_GENERALIZEDTIME_it;
> > + X509_STORE_set_flags;
> > + EC_POINT_set_compressed_coordinates_GFp;
> > @@ -2330,21 +2316,18 @@ Index: openssl-1.0.1d/openssl.ld
> > + EC_POINT_set_affine_coords_GFp;
> > + _ossl_old_des_options;
> > + SXNET_it;
> > -+ SXNET_it;
> > + UI_dup_input_boolean;
> > + PKCS12_add_CSPName_asc;
> > + EC_POINT_is_at_infinity;
> > + ENGINE_load_cryptodev;
> > + DSO_convert_filename;
> > + POLICYQUALINFO_it;
> > -+ POLICYQUALINFO_it;
> > + ENGINE_register_ciphers;
> > + BN_mod_lshift_quick;
> > + DSO_set_filename;
> > + ASN1_item_free;
> > + KRB5_TKTBODY_free;
> > + AUTHORITY_KEYID_it;
> > -+ AUTHORITY_KEYID_it;
> > + KRB5_APREQBODY_new;
> > + X509V3_EXT_REQ_add_nconf;
> > + ENGINE_ctrl_cmd_string;
> > @@ -2352,19 +2335,15 @@ Index: openssl-1.0.1d/openssl.ld
> > + EVP_MD_CTX_init;
> > + EXTENDED_KEY_USAGE_free;
> > + PKCS7_ATTR_SIGN_it;
> > -+ PKCS7_ATTR_SIGN_it;
> > + UI_add_error_string;
> > + KRB5_CHECKSUM_free;
> > + OCSP_REQUEST_get_ext;
> > + ENGINE_load_ubsec;
> > + ENGINE_register_all_digests;
> > + PKEY_USAGE_PERIOD_it;
> > -+ PKEY_USAGE_PERIOD_it;
> > + PKCS12_unpack_authsafes;
> > + ASN1_item_unpack;
> > + NETSCAPE_SPKAC_it;
> > -+ NETSCAPE_SPKAC_it;
> > -+ X509_REVOKED_it;
> > + X509_REVOKED_it;
> > + ASN1_STRING_encode;
> > + EVP_aes_128_ecb;
> > @@ -2376,7 +2355,6 @@ Index: openssl-1.0.1d/openssl.ld
> > + UI_dup_info_string;
> > + _ossl_old_des_xwhite_in2out;
> > + PKCS12_it;
> > -+ PKCS12_it;
> > + OCSP_SINGLERESP_get_ext_by_critical;
> > + OCSP_SINGLERESP_get_ext_by_crit;
> > + OCSP_CERTSTATUS_free;
> > @@ -2395,10 +2373,8 @@ Index: openssl-1.0.1d/openssl.ld
> > + ENGINE_unregister_DSA;
> > + _ossl_old_des_key_sched;
> > + X509_EXTENSION_it;
> > -+ X509_EXTENSION_it;
> > + i2d_KRB5_AUTHENT;
> > + SXNETID_it;
> > -+ SXNETID_it;
> > + d2i_OCSP_SINGLERESP;
> > + EDIPARTYNAME_new;
> > + PKCS12_certbag2x509;
> > @@ -2409,10 +2385,8 @@ Index: openssl-1.0.1d/openssl.ld
> > + d2i_KRB5_APREQBODY;
> > + UI_method_get_flusher;
> > + X509_PUBKEY_it;
> > -+ X509_PUBKEY_it;
> > + _ossl_old_des_enc_read;
> > + PKCS7_ENCRYPT_it;
> > -+ PKCS7_ENCRYPT_it;
> > + i2d_OCSP_RESPONSE;
> > + EC_GROUP_get_cofactor;
> > + PKCS12_unpack_p7data;
> > @@ -2430,10 +2404,8 @@ Index: openssl-1.0.1d/openssl.ld
> > + PKCS12_item_i2d_encrypt;
> > + X509_add1_ext_i2d;
> > + PKCS7_SIGNER_INFO_it;
> > -+ PKCS7_SIGNER_INFO_it;
> > + KRB5_PRINCNAME_new;
> > + PKCS12_SAFEBAG_it;
> > -+ PKCS12_SAFEBAG_it;
> > + EC_GROUP_get_order;
> > + d2i_OCSP_RESPID;
> > + OCSP_request_verify;
> > @@ -2448,42 +2420,32 @@ Index: openssl-1.0.1d/openssl.ld
> > + EVP_MD_CTX_create;
> > + OCSP_resp_find_status;
> > + X509_ALGOR_it;
> > -+ X509_ALGOR_it;
> > -+ ASN1_TIME_it;
> > + ASN1_TIME_it;
> > + OCSP_request_set1_name;
> > + OCSP_ONEREQ_get_ext_count;
> > + UI_get0_result;
> > + PKCS12_AUTHSAFES_it;
> > -+ PKCS12_AUTHSAFES_it;
> > + EVP_aes_256_ecb;
> > + PKCS12_pack_authsafes;
> > + ASN1_IA5STRING_it;
> > -+ ASN1_IA5STRING_it;
> > + UI_get_input_flags;
> > + EC_GROUP_set_generator;
> > + _ossl_old_des_string_to_2keys;
> > + OCSP_CERTID_free;
> > + X509_CERT_AUX_it;
> > -+ X509_CERT_AUX_it;
> > -+ CERTIFICATEPOLICIES_it;
> > + CERTIFICATEPOLICIES_it;
> > + _ossl_old_des_ede3_cbc_encrypt;
> > + RAND_set_rand_engine;
> > + DSO_get_loaded_filename;
> > + X509_ATTRIBUTE_it;
> > -+ X509_ATTRIBUTE_it;
> > + OCSP_ONEREQ_get_ext_by_NID;
> > + PKCS12_decrypt_skey;
> > + KRB5_AUTHENT_it;
> > -+ KRB5_AUTHENT_it;
> > + UI_dup_error_string;
> > + RSAPublicKey_it;
> > -+ RSAPublicKey_it;
> > + i2d_OCSP_REQUEST;
> > + PKCS12_x509crl2certbag;
> > + OCSP_SERVICELOC_it;
> > -+ OCSP_SERVICELOC_it;
> > + ASN1_item_sign;
> > + X509_CRL_set_issuer_name;
> > + OBJ_NAME_do_all_sorted;
> > @@ -2494,30 +2456,23 @@ Index: openssl-1.0.1d/openssl.ld
> > + ENGINE_get_digest;
> > + OCSP_RESPONSE_print;
> > + KRB5_TKTBODY_it;
> > -+ KRB5_TKTBODY_it;
> > + ACCESS_DESCRIPTION_it;
> > -+ ACCESS_DESCRIPTION_it;
> > -+ PKCS7_ISSUER_AND_SERIAL_it;
> > + PKCS7_ISSUER_AND_SERIAL_it;
> > + PBE2PARAM_it;
> > -+ PBE2PARAM_it;
> > + PKCS12_certbag2x509crl;
> > + PKCS7_SIGNED_it;
> > -+ PKCS7_SIGNED_it;
> > + ENGINE_get_cipher;
> > + i2d_OCSP_CRLID;
> > + OCSP_SINGLERESP_new;
> > + ENGINE_cmd_is_executable;
> > + RSA_up_ref;
> > + ASN1_GENERALSTRING_it;
> > -+ ASN1_GENERALSTRING_it;
> > + ENGINE_register_DSA;
> > + X509V3_EXT_add_nconf_sk;
> > + ENGINE_set_load_pubkey_function;
> > + PKCS8_decrypt;
> > + PEM_bytes_read_bio;
> > + DIRECTORYSTRING_it;
> > -+ DIRECTORYSTRING_it;
> > + d2i_OCSP_CRLID;
> > + EC_POINT_is_on_curve;
> > + CRYPTO_set_locked_mem_ex_functions;
> > @@ -2525,7 +2480,6 @@ Index: openssl-1.0.1d/openssl.ld
> > + d2i_KRB5_CHECKSUM;
> > + ASN1_item_dup;
> > + X509_it;
> > -+ X509_it;
> > + BN_mod_add;
> > + KRB5_AUTHDATA_free;
> > + _ossl_old_des_cbc_cksum;
> > @@ -2534,7 +2488,6 @@ Index: openssl-1.0.1d/openssl.ld
> > + EC_POINT_get_Jprojective_coordinates_GFp;
> > + EC_POINT_get_Jproj_coords_GFp;
> > + ZLONG_it;
> > -+ ZLONG_it;
> > + CRYPTO_get_locked_mem_ex_functions;
> > + CRYPTO_get_locked_mem_ex_funcs;
> > + ASN1_TIME_check;
> > @@ -2544,41 +2497,30 @@ Index: openssl-1.0.1d/openssl.ld
> > + _ossl_old_des_ede3_cfb64_encrypt;
> > + _ossl_odes_ede3_cfb64_encrypt;
> > + ASN1_BMPSTRING_it;
> > -+ ASN1_BMPSTRING_it;
> > + ASN1_tag2bit;
> > + UI_method_set_flusher;
> > + X509_ocspid_print;
> > + KRB5_ENCDATA_it;
> > -+ KRB5_ENCDATA_it;
> > + ENGINE_get_load_pubkey_function;
> > + UI_add_user_data;
> > + OCSP_REQUEST_delete_ext;
> > + UI_get_method;
> > + OCSP_ONEREQ_free;
> > + ASN1_PRINTABLESTRING_it;
> > -+ ASN1_PRINTABLESTRING_it;
> > + X509_CRL_set_nextUpdate;
> > + OCSP_REQUEST_it;
> > -+ OCSP_REQUEST_it;
> > -+ OCSP_BASICRESP_it;
> > + OCSP_BASICRESP_it;
> > + AES_ecb_encrypt;
> > + BN_mod_sqr;
> > + NETSCAPE_CERT_SEQUENCE_it;
> > -+ NETSCAPE_CERT_SEQUENCE_it;
> > -+ GENERAL_NAMES_it;
> > + GENERAL_NAMES_it;
> > + AUTHORITY_INFO_ACCESS_it;
> > -+ AUTHORITY_INFO_ACCESS_it;
> > -+ ASN1_FBOOLEAN_it;
> > + ASN1_FBOOLEAN_it;
> > + UI_set_ex_data;
> > + _ossl_old_des_string_to_key;
> > + ENGINE_register_all_RSA;
> > + d2i_KRB5_PRINCNAME;
> > + OCSP_RESPBYTES_it;
> > -+ OCSP_RESPBYTES_it;
> > -+ X509_CINF_it;
> > + X509_CINF_it;
> > + ENGINE_unregister_digests;
> > + d2i_EDIPARTYNAME;
> > @@ -2588,7 +2530,6 @@ Index: openssl-1.0.1d/openssl.ld
> > + OCSP_RESPDATA_free;
> > + d2i_KRB5_TICKET;
> > + OTHERNAME_it;
> > -+ OTHERNAME_it;
> > + EVP_MD_CTX_cleanup;
> > + d2i_ASN1_GENERALSTRING;
> > + X509_CRL_set_version;
> > @@ -2598,7 +2539,6 @@ Index: openssl-1.0.1d/openssl.ld
> > + OCSP_REQUEST_free;
> > + OCSP_REQUEST_add1_ext_i2d;
> > + X509_VAL_it;
> > -+ X509_VAL_it;
> > + EC_POINTs_make_affine;
> > + EC_POINT_mul;
> > + X509V3_EXT_add_nconf;
> > @@ -2606,7 +2546,6 @@ Index: openssl-1.0.1d/openssl.ld
> > + X509_CRL_add1_ext_i2d;
> > + _ossl_old_des_fcrypt;
> > + DISPLAYTEXT_it;
> > -+ DISPLAYTEXT_it;
> > + X509_CRL_set_lastUpdate;
> > + OCSP_BASICRESP_free;
> > + OCSP_BASICRESP_add1_ext_i2d;
> > @@ -2619,7 +2558,6 @@ Index: openssl-1.0.1d/openssl.ld
> > + UI_get0_result_string;
> > + ASN1_GENERALSTRING_new;
> > + X509_SIG_it;
> > -+ X509_SIG_it;
> > + ERR_set_implementation;
> > + ERR_load_EC_strings;
> > + UI_get0_action_string;
> > @@ -2634,35 +2572,27 @@ Index: openssl-1.0.1d/openssl.ld
> > + OCSP_ONEREQ_get_ext_by_OBJ;
> > + ASN1_primitive_new;
> > + ASN1_PRINTABLE_it;
> > -+ ASN1_PRINTABLE_it;
> > + EVP_aes_192_ecb;
> > + OCSP_SIGNATURE_new;
> > + LONG_it;
> > -+ LONG_it;
> > -+ ASN1_VISIBLESTRING_it;
> > + ASN1_VISIBLESTRING_it;
> > + OCSP_SINGLERESP_add1_ext_i2d;
> > + d2i_OCSP_CERTID;
> > + ASN1_item_d2i_fp;
> > + CRL_DIST_POINTS_it;
> > -+ CRL_DIST_POINTS_it;
> > + GENERAL_NAME_print;
> > + OCSP_SINGLERESP_delete_ext;
> > + PKCS12_SAFEBAGS_it;
> > -+ PKCS12_SAFEBAGS_it;
> > + d2i_OCSP_SIGNATURE;
> > + OCSP_request_add1_nonce;
> > + ENGINE_set_cmd_defns;
> > + OCSP_SERVICELOC_free;
> > + EC_GROUP_free;
> > + ASN1_BIT_STRING_it;
> > -+ ASN1_BIT_STRING_it;
> > -+ X509_REQ_it;
> > + X509_REQ_it;
> > + _ossl_old_des_cbc_encrypt;
> > + ERR_unload_strings;
> > + PKCS7_SIGN_ENVELOPE_it;
> > -+ PKCS7_SIGN_ENVELOPE_it;
> > + EDIPARTYNAME_free;
> > + OCSP_REQINFO_free;
> > + EC_GROUP_new_curve_GFp;
> > @@ -2687,7 +2617,6 @@ Index: openssl-1.0.1d/openssl.ld
> > + OCSP_CRLID_free;
> > + OCSP_BASICRESP_get1_ext_d2i;
> > + RSAPrivateKey_it;
> > -+ RSAPrivateKey_it;
> > + ENGINE_register_all_DH;
> > + i2d_EDIPARTYNAME;
> > + EC_POINT_get_affine_coordinates_GFp;
> > @@ -2695,10 +2624,8 @@ Index: openssl-1.0.1d/openssl.ld
> > + OCSP_CRLID_new;
> > + ENGINE_get_flags;
> > + OCSP_ONEREQ_it;
> > -+ OCSP_ONEREQ_it;
> > + UI_process;
> > + ASN1_INTEGER_it;
> > -+ ASN1_INTEGER_it;
> > + EVP_CipherInit_ex;
> > + UI_get_string_type;
> > + ENGINE_unregister_DH;
> > @@ -2707,7 +2634,6 @@ Index: openssl-1.0.1d/openssl.ld
> > + bn_dup_expand;
> > + OCSP_cert_id_new;
> > + BASIC_CONSTRAINTS_it;
> > -+ BASIC_CONSTRAINTS_it;
> > + BN_mod_add_quick;
> > + EC_POINT_new;
> > + EVP_MD_CTX_destroy;
> > @@ -2717,7 +2643,6 @@ Index: openssl-1.0.1d/openssl.ld
> > + EC_POINT_free;
> > + DH_up_ref;
> > + X509_NAME_ENTRY_it;
> > -+ X509_NAME_ENTRY_it;
> > + UI_get_ex_new_index;
> > + BN_mod_sub_quick;
> > + OCSP_ONEREQ_add_ext;
> > @@ -2730,7 +2655,6 @@ Index: openssl-1.0.1d/openssl.ld
> > + ENGINE_register_complete;
> > + X509V3_EXT_nconf_nid;
> > + ASN1_SEQUENCE_it;
> > -+ ASN1_SEQUENCE_it;
> > + UI_set_default_method;
> > + RAND_query_egd_bytes;
> > + UI_method_get_writer;
> > @@ -2738,8 +2662,6 @@ Index: openssl-1.0.1d/openssl.ld
> > + PEM_def_callback;
> > + ENGINE_cleanup;
> > + DIST_POINT_it;
> > -+ DIST_POINT_it;
> > -+ OCSP_SINGLERESP_it;
> > + OCSP_SINGLERESP_it;
> > + d2i_KRB5_TKTBODY;
> > + EC_POINT_cmp;
> > @@ -2758,24 +2680,20 @@ Index: openssl-1.0.1d/openssl.ld
> > + OCSP_cert_to_id;
> > + OCSP_RESPID_new;
> > + OCSP_RESPDATA_it;
> > -+ OCSP_RESPDATA_it;
> > + d2i_OCSP_RESPDATA;
> > + ENGINE_register_all_complete;
> > + OCSP_check_validity;
> > + PKCS12_BAGS_it;
> > -+ PKCS12_BAGS_it;
> > + OCSP_url_svcloc_new;
> > + ASN1_template_free;
> > + OCSP_SINGLERESP_add_ext;
> > + KRB5_AUTHENTBODY_it;
> > -+ KRB5_AUTHENTBODY_it;
> > + X509_supported_extension;
> > + i2d_KRB5_AUTHDATA;
> > + UI_method_get_opener;
> > + ENGINE_set_ex_data;
> > + OCSP_REQUEST_print;
> > + CBIGNUM_it;
> > -+ CBIGNUM_it;
> > + KRB5_TICKET_new;
> > + KRB5_APREQ_new;
> > + EC_GROUP_get_curve_GFp;
> > @@ -2785,27 +2703,20 @@ Index: openssl-1.0.1d/openssl.ld
> > + OCSP_single_get0_status;
> > + BN_swap;
> > + POLICYINFO_it;
> > -+ POLICYINFO_it;
> > + ENGINE_set_destroy_function;
> > + asn1_enc_free;
> > + OCSP_RESPID_it;
> > -+ OCSP_RESPID_it;
> > + EC_GROUP_new;
> > + EVP_aes_256_cbc;
> > + i2d_KRB5_PRINCNAME;
> > + _ossl_old_des_encrypt2;
> > + _ossl_old_des_encrypt3;
> > + PKCS8_PRIV_KEY_INFO_it;
> > -+ PKCS8_PRIV_KEY_INFO_it;
> > -+ OCSP_REQINFO_it;
> > + OCSP_REQINFO_it;
> > + PBEPARAM_it;
> > -+ PBEPARAM_it;
> > + KRB5_AUTHENTBODY_new;
> > + X509_CRL_add0_revoked;
> > + EDIPARTYNAME_it;
> > -+ EDIPARTYNAME_it;
> > -+ NETSCAPE_SPKI_it;
> > + NETSCAPE_SPKI_it;
> > + UI_get0_test_string;
> > + ENGINE_get_cipher_engine;
> > @@ -2817,14 +2728,12 @@ Index: openssl-1.0.1d/openssl.ld
> > + UI_method_get_reader;
> > + OCSP_BASICRESP_get_ext_count;
> > + ASN1_ENUMERATED_it;
> > -+ ASN1_ENUMERATED_it;
> > + UI_set_result;
> > + i2d_KRB5_TICKET;
> > + X509_print_ex_fp;
> > + EVP_CIPHER_CTX_set_padding;
> > + d2i_OCSP_RESPONSE;
> > + ASN1_UTCTIME_it;
> > -+ ASN1_UTCTIME_it;
> > + _ossl_old_des_enc_write;
> > + OCSP_RESPONSE_new;
> > + AES_set_encrypt_key;
> > @@ -2834,14 +2743,11 @@ Index: openssl-1.0.1d/openssl.ld
> > + OCSP_onereq_get0_id;
> > + ENGINE_set_default_ciphers;
> > + NOTICEREF_it;
> > -+ NOTICEREF_it;
> > + X509V3_EXT_CRL_add_nconf;
> > + OCSP_REVOKEDINFO_it;
> > -+ OCSP_REVOKEDINFO_it;
> > + AES_encrypt;
> > + OCSP_REQUEST_new;
> > + ASN1_ANY_it;
> > -+ ASN1_ANY_it;
> > + CRYPTO_ex_data_new_class;
> > + _ossl_old_des_ncbc_encrypt;
> > + i2d_KRB5_TKTBODY;
> > @@ -2864,19 +2770,15 @@ Index: openssl-1.0.1d/openssl.ld
> > + ENGINE_load_nuron;
> > + _ossl_old_des_pcbc_encrypt;
> > + PKCS12_MAC_DATA_it;
> > -+ PKCS12_MAC_DATA_it;
> > + OCSP_accept_responses_new;
> > + asn1_do_lock;
> > + PKCS7_ATTR_VERIFY_it;
> > -+ PKCS7_ATTR_VERIFY_it;
> > -+ KRB5_APREQBODY_it;
> > + KRB5_APREQBODY_it;
> > + i2d_OCSP_SINGLERESP;
> > + ASN1_item_ex_new;
> > + UI_add_verify_string;
> > + _ossl_old_des_set_key;
> > + KRB5_PRINCNAME_it;
> > -+ KRB5_PRINCNAME_it;
> > + EVP_DecryptInit_ex;
> > + i2d_OCSP_CERTID;
> > + ASN1_item_d2i_bio;
> > @@ -2890,20 +2792,17 @@ Index: openssl-1.0.1d/openssl.ld
> > + OCSP_BASICRESP_new;
> > + OCSP_REQUEST_get_ext_by_NID;
> > + KRB5_APREQ_it;
> > -+ KRB5_APREQ_it;
> > + ENGINE_get_destroy_function;
> > + CONF_set_nconf;
> > + ASN1_PRINTABLE_free;
> > + OCSP_BASICRESP_get_ext_by_NID;
> > + DIST_POINT_NAME_it;
> > -+ DIST_POINT_NAME_it;
> > + X509V3_extensions_print;
> > + _ossl_old_des_cfb64_encrypt;
> > + X509_REVOKED_add1_ext_i2d;
> > + _ossl_old_des_ofb_encrypt;
> > + KRB5_TKTBODY_new;
> > + ASN1_OCTET_STRING_it;
> > -+ ASN1_OCTET_STRING_it;
> > + ERR_load_UI_strings;
> > + i2d_KRB5_ENCKEY;
> > + ASN1_template_new;
> > @@ -2911,8 +2810,6 @@ Index: openssl-1.0.1d/openssl.ld
> > + ASN1_item_i2d_fp;
> > + KRB5_PRINCNAME_free;
> > + PKCS7_RECIP_INFO_it;
> > -+ PKCS7_RECIP_INFO_it;
> > -+ EXTENDED_KEY_USAGE_it;
> > + EXTENDED_KEY_USAGE_it;
> > + EC_GFp_simple_method;
> > + EC_GROUP_precompute_mult;
> > @@ -2920,42 +2817,33 @@ Index: openssl-1.0.1d/openssl.ld
> > + UI_method_set_writer;
> > + KRB5_AUTHENT_new;
> > + X509_CRL_INFO_it;
> > -+ X509_CRL_INFO_it;
> > + DSO_set_name_converter;
> > + AES_set_decrypt_key;
> > + PKCS7_DIGEST_it;
> > -+ PKCS7_DIGEST_it;
> > + PKCS12_x5092certbag;
> > + EVP_DigestInit_ex;
> > + i2a_ACCESS_DESCRIPTION;
> > + OCSP_RESPONSE_it;
> > -+ OCSP_RESPONSE_it;
> > -+ PKCS7_ENC_CONTENT_it;
> > + PKCS7_ENC_CONTENT_it;
> > + OCSP_request_add0_id;
> > + EC_POINT_make_affine;
> > + DSO_get_filename;
> > + OCSP_CERTSTATUS_it;
> > -+ OCSP_CERTSTATUS_it;
> > + OCSP_request_add1_cert;
> > + UI_get0_output_string;
> > + UI_dup_verify_string;
> > + BN_mod_lshift;
> > + KRB5_AUTHDATA_it;
> > -+ KRB5_AUTHDATA_it;
> > + asn1_set_choice_selector;
> > + OCSP_basic_add1_status;
> > + OCSP_RESPID_free;
> > + asn1_get_field_ptr;
> > + UI_add_input_string;
> > + OCSP_CRLID_it;
> > -+ OCSP_CRLID_it;
> > + i2d_KRB5_AUTHENTBODY;
> > + OCSP_REQUEST_get_ext_count;
> > + ENGINE_load_atalla;
> > + X509_NAME_it;
> > -+ X509_NAME_it;
> > -+ USERNOTICE_it;
> > + USERNOTICE_it;
> > + OCSP_REQINFO_new;
> > + OCSP_BASICRESP_get_ext;
> > @@ -2965,33 +2853,27 @@ Index: openssl-1.0.1d/openssl.ld
> > + i2d_KRB5_ENCDATA;
> > + X509_PURPOSE_set;
> > + X509_REQ_INFO_it;
> > -+ X509_REQ_INFO_it;
> > + UI_method_set_opener;
> > + ASN1_item_ex_free;
> > + ASN1_BOOLEAN_it;
> > -+ ASN1_BOOLEAN_it;
> > + ENGINE_get_table_flags;
> > + UI_create_method;
> > + OCSP_ONEREQ_add1_ext_i2d;
> > + _shadow_DES_check_key;
> > -+ _shadow_DES_check_key;
> > + d2i_OCSP_REQINFO;
> > + UI_add_info_string;
> > + UI_get_result_minsize;
> > + ASN1_NULL_it;
> > -+ ASN1_NULL_it;
> > + BN_mod_lshift1;
> > + d2i_OCSP_ONEREQ;
> > + OCSP_ONEREQ_new;
> > + KRB5_TICKET_it;
> > -+ KRB5_TICKET_it;
> > + EVP_aes_192_cbc;
> > + KRB5_TICKET_free;
> > + UI_new;
> > + OCSP_response_create;
> > + _ossl_old_des_xcbc_encrypt;
> > + PKCS7_it;
> > -+ PKCS7_it;
> > + OCSP_REQUEST_get_ext_by_critical;
> > + OCSP_REQUEST_get_ext_by_crit;
> > + ENGINE_set_flags;
> > @@ -3000,11 +2882,9 @@ Index: openssl-1.0.1d/openssl.ld
> > + EVP_Digest;
> > + OCSP_ONEREQ_delete_ext;
> > + ASN1_TBOOLEAN_it;
> > -+ ASN1_TBOOLEAN_it;
> > + ASN1_item_new;
> > + ASN1_TIME_to_generalizedtime;
> > + BIGNUM_it;
> > -+ BIGNUM_it;
> > + AES_cbc_encrypt;
> > + ENGINE_get_load_privkey_function;
> > + ENGINE_get_load_privkey_fn;
> > @@ -3016,7 +2896,6 @@ Index: openssl-1.0.1d/openssl.ld
> > + EC_POINT_point2oct;
> > + KRB5_APREQ_free;
> > + ASN1_OBJECT_it;
> > -+ ASN1_OBJECT_it;
> > + OCSP_crlID_new;
> > + OCSP_crlID2_new;
> > + CONF_modules_load_file;
> > @@ -3074,7 +2953,6 @@ Index: openssl-1.0.1d/openssl.ld
> > + i2d_ASN1_UNIVERSALSTRING;
> > + ASN1_UNIVERSALSTRING_free;
> > + ASN1_UNIVERSALSTRING_it;
> > -+ ASN1_UNIVERSALSTRING_it;
> > + d2i_ASN1_UNIVERSALSTRING;
> > + EVP_des_ede3_ecb;
> > + X509_REQ_print_ex;
> > @@ -3130,14 +3008,12 @@ Index: openssl-1.0.1d/openssl.ld
> > + HMAC_CTX_set_flags;
> > + d2i_PROXY_CERT_INFO_EXTENSION;
> > + PROXY_POLICY_it;
> > -+ PROXY_POLICY_it;
> > + i2d_PROXY_POLICY;
> > + i2d_PROXY_CERT_INFO_EXTENSION;
> > + d2i_PROXY_POLICY;
> > + PROXY_CERT_INFO_EXTENSION_new;
> > + PROXY_CERT_INFO_EXTENSION_free;
> > + PROXY_CERT_INFO_EXTENSION_it;
> > -+ PROXY_CERT_INFO_EXTENSION_it;
> > + PROXY_POLICY_free;
> > + PROXY_POLICY_new;
> > + BN_MONT_CTX_set_locked;
> > @@ -3174,7 +3050,6 @@ Index: openssl-1.0.1d/openssl.ld
> > + BN_BLINDING_get_thread_id;
> > + X509_STORE_CTX_set0_param;
> > + POLICY_MAPPING_it;
> > -+ POLICY_MAPPING_it;
> > + STORE_parse_attrs_start;
> > + POLICY_CONSTRAINTS_free;
> > + EVP_PKEY_add1_attr_by_NID;
> > @@ -3183,7 +3058,6 @@ Index: openssl-1.0.1d/openssl.ld
> > + STORE_set_method;
> > + GENERAL_SUBTREE_free;
> > + NAME_CONSTRAINTS_it;
> > -+ NAME_CONSTRAINTS_it;
> > + ECDH_get_default_method;
> > + PKCS12_add_safe;
> > + EC_KEY_new_by_curve_name;
> > @@ -3226,7 +3100,6 @@ Index: openssl-1.0.1d/openssl.ld
> > + ENGINE_get_default_ECDH;
> > + EC_KEY_get_conv_form;
> > + ASN1_OCTET_STRING_NDEF_it;
> > -+ ASN1_OCTET_STRING_NDEF_it;
> > + STORE_delete_public_key;
> > + STORE_get_public_key;
> > + STORE_modify_arbitrary;
> > @@ -3383,7 +3256,6 @@ Index: openssl-1.0.1d/openssl.ld
> > + ENGINE_load_padlock;
> > + EC_GROUP_set_curve_name;
> > + X509_CERT_PAIR_it;
> > -+ X509_CERT_PAIR_it;
> > + STORE_meth_get_revoke_fn;
> > + STORE_method_get_revoke_function;
> > + STORE_method_set_get_function;
> > @@ -3510,7 +3382,6 @@ Index: openssl-1.0.1d/openssl.ld
> > + pqueue_pop;
> > + STORE_ATTR_INFO_get0_cstr;
> > + POLICY_CONSTRAINTS_it;
> > -+ POLICY_CONSTRAINTS_it;
> > + STORE_get_ex_new_index;
> > + EVP_PKEY_get_attr_by_OBJ;
> > + X509_VERIFY_PARAM_add0_policy;
> > @@ -3558,8 +3429,6 @@ Index: openssl-1.0.1d/openssl.ld
> > + STORE_modify_crl;
> > + STORE_list_private_key_start;
> > + POLICY_MAPPINGS_it;
> > -+ POLICY_MAPPINGS_it;
> > -+ GENERAL_SUBTREE_it;
> > + GENERAL_SUBTREE_it;
> > + EC_GROUP_get_curve_name;
> > + PEM_write_X509_CERT_PAIR;
> > @@ -3692,15 +3561,12 @@ Index: openssl-1.0.1d/openssl.ld
> > + BIO_set_callback_arg;
> > + v3_addr_add_prefix;
> > + IPAddressOrRange_it;
> > -+ IPAddressOrRange_it;
> > + BIO_set_flags;
> > + ASIdentifiers_it;
> > -+ ASIdentifiers_it;
> > + v3_addr_get_range;
> > + BIO_method_type;
> > + v3_addr_inherits;
> > + IPAddressChoice_it;
> > -+ IPAddressChoice_it;
> > + AES_ige_encrypt;
> > + v3_addr_add_range;
> > + EVP_CIPHER_CTX_nid;
> > @@ -3721,7 +3587,6 @@ Index: openssl-1.0.1d/openssl.ld
> > + BIO_clear_flags;
> > + i2d_ASRange;
> > + IPAddressRange_it;
> > -+ IPAddressRange_it;
> > + IPAddressChoice_new;
> > + ASIdentifierChoice_new;
> > + ASRange_free;
> > @@ -3742,7 +3607,6 @@ Index: openssl-1.0.1d/openssl.ld
> > + BIO_test_flags;
> > + i2d_ASIdentifierChoice;
> > + ASRange_it;
> > -+ ASRange_it;
> > + d2i_ASIdentifiers;
> > + ASRange_new;
> > + d2i_IPAddressChoice;
> > @@ -3751,7 +3615,6 @@ Index: openssl-1.0.1d/openssl.ld
> > + EVP_Cipher;
> > + i2d_IPAddressOrRange;
> > + ASIdOrRange_it;
> > -+ ASIdOrRange_it;
> > + EVP_CIPHER_nid;
> > + i2d_IPAddressChoice;
> > + EVP_CIPHER_CTX_block_size;
> > @@ -3762,7 +3625,6 @@ Index: openssl-1.0.1d/openssl.ld
> > + v3_addr_is_canonical;
> > + i2d_IPAddressRange;
> > + IPAddressFamily_it;
> > -+ IPAddressFamily_it;
> > + v3_asid_inherits;
> > + EVP_CIPHER_CTX_cipher;
> > + EVP_CIPHER_CTX_get_app_data;
> > @@ -3772,7 +3634,6 @@ Index: openssl-1.0.1d/openssl.ld
> > + d2i_IPAddressOrRange;
> > + v3_addr_canonize;
> > + ASIdentifierChoice_it;
> > -+ ASIdentifierChoice_it;
> > + EVP_MD_CTX_md;
> > + d2i_ASIdentifierChoice;
> > + BIO_method_name;
> > @@ -3795,7 +3656,6 @@ Index: openssl-1.0.1d/openssl.ld
> > + SEED_set_key;
> > + EVP_seed_cfb128;
> > + X509_EXTENSIONS_it;
> > -+ X509_EXTENSIONS_it;
> > + X509_get1_ocsp;
> > + OCSP_REQ_CTX_free;
> > + i2d_X509_EXTENSIONS;
> > @@ -3803,7 +3663,6 @@ Index: openssl-1.0.1d/openssl.ld
> > + OCSP_sendreq_new;
> > + d2i_X509_EXTENSIONS;
> > + X509_ALGORS_it;
> > -+ X509_ALGORS_it;
> > + X509_ALGOR_get0;
> > + X509_ALGOR_set0;
> > + AES_unwrap_key;
> > @@ -3848,7 +3707,6 @@ Index: openssl-1.0.1d/openssl.ld
> > + CMS_SignerInfo_verify;
> > + CMS_data;
> > + CMS_ContentInfo_it;
> > -+ CMS_ContentInfo_it;
> > + d2i_CMS_ReceiptRequest;
> > + CMS_compress;
> > + CMS_digest_create;
> > @@ -3893,7 +3751,6 @@ Index: openssl-1.0.1d/openssl.ld
> > + CMS_RecipientInfo_kekri_get0_id;
> > + CMS_verify_receipt;
> > + CMS_ReceiptRequest_it;
> > -+ CMS_ReceiptRequest_it;
> > + PEM_read_bio_CMS;
> > + CMS_get1_crls;
> > + CMS_add0_recipient_key;
> > @@ -4032,7 +3889,6 @@ Index: openssl-1.0.1d/openssl.ld
> > + TS_REQ_dup;
> > + GENERAL_NAME_dup;
> > + ASN1_SEQUENCE_ANY_it;
> > -+ ASN1_SEQUENCE_ANY_it;
> > + WHIRLPOOL;
> > + X509_STORE_get1_crls;
> > + ENGINE_get_pkey_asn1_meth;
> > @@ -4103,7 +3959,6 @@ Index: openssl-1.0.1d/openssl.ld
> > + DIST_POINT_set_dpname;
> > + i2d_ISSUING_DIST_POINT;
> > + ASN1_SET_ANY_it;
> > -+ ASN1_SET_ANY_it;
> > + EVP_PKEY_CTX_get_data;
> > + TS_STATUS_INFO_print_bio;
> > + EVP_PKEY_derive_init;
> > @@ -4263,7 +4118,6 @@ Index: openssl-1.0.1d/openssl.ld
> > + EVP_DigestSignFinal;
> > + TS_RESP_CTX_set_def_policy;
> > + NETSCAPE_X509_it;
> > -+ NETSCAPE_X509_it;
> > + TS_RESP_create_response;
> > + PKCS7_SIGNER_INFO_get0_algs;
> > + TS_TST_INFO_get_nonce;
> > @@ -4322,7 +4176,6 @@ Index: openssl-1.0.1d/openssl.ld
> > + EVP_CIPHER_do_all_sorted;
> > + EVP_PKEY_CTX_free;
> > + ISSUING_DIST_POINT_it;
> > -+ ISSUING_DIST_POINT_it;
> > + d2i_TS_MSG_IMPRINT_fp;
> > + X509_STORE_get1_certs;
> > + EVP_PKEY_CTX_get_operation;
> > @@ -4615,7 +4468,6 @@ Index: openssl-1.0.1d/openssl.ld
> > + X509_signature_dump;
> > + d2i_RSA_PSS_PARAMS;
> > + RSA_PSS_PARAMS_it;
> > -+ RSA_PSS_PARAMS_it;
> > + RSA_PSS_PARAMS_free;
> > + X509_sign_ctx;
> > + i2d_RSA_PSS_PARAMS;
> > @@ -4638,10 +4490,151 @@ Index: openssl-1.0.1d/openssl.ld
> > + CRYPTO_memcmp;
> > +} OPENSSL_1.0.1;
> > +
> > -Index: openssl-1.0.1d/engines/openssl.ld
> > ++OPENSSL_1.0.2 {
> > ++ global:
> > ++ SSL_CTX_set_alpn_protos;
> > ++ SSL_set_alpn_protos;
> > ++ SSL_CTX_set_alpn_select_cb;
> > ++ SSL_get0_alpn_selected;
> > ++ SSL_CTX_set_custom_cli_ext;
> > ++ SSL_CTX_set_custom_srv_ext;
> > ++ SSL_CTX_set_srv_supp_data;
> > ++ SSL_CTX_set_cli_supp_data;
> > ++ SSL_set_cert_cb;
> > ++ SSL_CTX_use_serverinfo;
> > ++ SSL_CTX_use_serverinfo_file;
> > ++ SSL_CTX_set_cert_cb;
> > ++ SSL_CTX_get0_param;
> > ++ SSL_get0_param;
> > ++ SSL_certs_clear;
> > ++ DTLSv1_2_method;
> > ++ DTLSv1_2_server_method;
> > ++ DTLSv1_2_client_method;
> > ++ DTLS_method;
> > ++ DTLS_server_method;
> > ++ DTLS_client_method;
> > ++ SSL_CTX_get_ssl_method;
> > ++ SSL_CTX_get0_certificate;
> > ++ SSL_CTX_get0_privatekey;
> > ++ SSL_COMP_set0_compression_methods;
> > ++ SSL_COMP_free_compression_methods;
> > ++ SSL_CIPHER_find;
> > ++ SSL_is_server;
> > ++ SSL_CONF_CTX_new;
> > ++ SSL_CONF_CTX_finish;
> > ++ SSL_CONF_CTX_free;
> > ++ SSL_CONF_CTX_set_flags;
> > ++ SSL_CONF_CTX_clear_flags;
> > ++ SSL_CONF_CTX_set1_prefix;
> > ++ SSL_CONF_CTX_set_ssl;
> > ++ SSL_CONF_CTX_set_ssl_ctx;
> > ++ SSL_CONF_cmd;
> > ++ SSL_CONF_cmd_argv;
> > ++ SSL_CONF_cmd_value_type;
> > ++ SSL_trace;
> > ++ SSL_CIPHER_standard_name;
> > ++ SSL_get_tlsa_record_byname;
> > ++ ASN1_TIME_diff;
> > ++ BIO_hex_string;
> > ++ CMS_RecipientInfo_get0_pkey_ctx;
> > ++ CMS_RecipientInfo_encrypt;
> > ++ CMS_SignerInfo_get0_pkey_ctx;
> > ++ CMS_SignerInfo_get0_md_ctx;
> > ++ CMS_SignerInfo_get0_signature;
> > ++ CMS_RecipientInfo_kari_get0_alg;
> > ++ CMS_RecipientInfo_kari_get0_reks;
> > ++ CMS_RecipientInfo_kari_get0_orig_id;
> > ++ CMS_RecipientInfo_kari_orig_id_cmp;
> > ++ CMS_RecipientEncryptedKey_get0_id;
> > ++ CMS_RecipientEncryptedKey_cert_cmp;
> > ++ CMS_RecipientInfo_kari_set0_pkey;
> > ++ CMS_RecipientInfo_kari_get0_ctx;
> > ++ CMS_RecipientInfo_kari_decrypt;
> > ++ CMS_SharedInfo_encode;
> > ++ DH_compute_key_padded;
> > ++ d2i_DHxparams;
> > ++ i2d_DHxparams;
> > ++ DH_get_1024_160;
> > ++ DH_get_2048_224;
> > ++ DH_get_2048_256;
> > ++ DH_KDF_X9_42;
> > ++ ECDH_KDF_X9_62;
> > ++ ECDSA_METHOD_new;
> > ++ ECDSA_METHOD_free;
> > ++ ECDSA_METHOD_set_app_data;
> > ++ ECDSA_METHOD_get_app_data;
> > ++ ECDSA_METHOD_set_sign;
> > ++ ECDSA_METHOD_set_sign_setup;
> > ++ ECDSA_METHOD_set_verify;
> > ++ ECDSA_METHOD_set_flags;
> > ++ ECDSA_METHOD_set_name;
> > ++ EVP_des_ede3_wrap;
> > ++ EVP_aes_128_wrap;
> > ++ EVP_aes_192_wrap;
> > ++ EVP_aes_256_wrap;
> > ++ EVP_aes_128_cbc_hmac_sha256;
> > ++ EVP_aes_256_cbc_hmac_sha256;
> > ++ CRYPTO_128_wrap;
> > ++ CRYPTO_128_unwrap;
> > ++ OCSP_REQ_CTX_nbio;
> > ++ OCSP_REQ_CTX_new;
> > ++ OCSP_set_max_response_length;
> > ++ OCSP_REQ_CTX_i2d;
> > ++ OCSP_REQ_CTX_nbio_d2i;
> > ++ OCSP_REQ_CTX_get0_mem_bio;
> > ++ OCSP_REQ_CTX_http;
> > ++ RSA_padding_add_PKCS1_OAEP_mgf1;
> > ++ RSA_padding_check_PKCS1_OAEP_mgf1;
> > ++ RSA_OAEP_PARAMS_free;
> > ++ RSA_OAEP_PARAMS_it;
> > ++ RSA_OAEP_PARAMS_new;
> > ++ SSL_get_sigalgs;
> > ++ SSL_get_shared_sigalgs;
> > ++ SSL_check_chain;
> > ++ X509_chain_up_ref;
> > ++ X509_http_nbio;
> > ++ X509_CRL_http_nbio;
> > ++ X509_REVOKED_dup;
> > ++ i2d_re_X509_tbs;
> > ++ X509_get0_signature;
> > ++ X509_get_signature_nid;
> > ++ X509_CRL_diff;
> > ++ X509_chain_check_suiteb;
> > ++ X509_CRL_check_suiteb;
> > ++ X509_check_host;
> > ++ X509_check_email;
> > ++ X509_check_ip;
> > ++ X509_check_ip_asc;
> > ++ X509_STORE_set_lookup_crls_cb;
> > ++ X509_STORE_CTX_get0_store;
> > ++ X509_VERIFY_PARAM_set1_host;
> > ++ X509_VERIFY_PARAM_add1_host;
> > ++ X509_VERIFY_PARAM_set_hostflags;
> > ++ X509_VERIFY_PARAM_get0_peername;
> > ++ X509_VERIFY_PARAM_set1_email;
> > ++ X509_VERIFY_PARAM_set1_ip;
> > ++ X509_VERIFY_PARAM_set1_ip_asc;
> > ++ X509_VERIFY_PARAM_get0_name;
> > ++ X509_VERIFY_PARAM_get_count;
> > ++ X509_VERIFY_PARAM_get0;
> > ++ X509V3_EXT_free;
> > ++ EC_GROUP_get_mont_data;
> > ++ EC_curve_nid2nist;
> > ++ EC_curve_nist2nid;
> > ++ PEM_write_bio_DHxparams;
> > ++ PEM_write_DHxparams;
> > ++ SSL_CTX_add_client_custom_ext;
> > ++ SSL_CTX_add_server_custom_ext;
> > ++ SSL_extension_supported;
> > ++ BUF_strnlen;
> > ++ sk_deep_copy;
> > ++ SSL_test_functions;
> > ++} OPENSSL_1.0.1d;
> > ++
> > +Index: openssl-1.0.2~beta1.obsolete.0.0498436515490575/engines/openssl.ld
> > ===================================================================
> > --- /dev/null 1970-01-01 00:00:00.000000000 +0000
> > -+++ openssl-1.0.1d/engines/openssl.ld 2013-02-06 19:41:43.000000000 +0100
> > ++++ openssl-1.0.2~beta1.obsolete.0.0498436515490575/engines/openssl.ld 2014-02-24 21:02:30.000000000 +0100
> > @@ -0,0 +1,10 @@
> > +OPENSSL_1.0.0 {
> > + global:
> > @@ -4653,10 +4646,10 @@ Index: openssl-1.0.1d/engines/openssl.ld
> > + *;
> > +};
> > +
> > -Index: openssl-1.0.1d/engines/ccgost/openssl.ld
> > +Index: openssl-1.0.2~beta1.obsolete.0.0498436515490575/engines/ccgost/openssl.ld
> > ===================================================================
> > --- /dev/null 1970-01-01 00:00:00.000000000 +0000
> > -+++ openssl-1.0.1d/engines/ccgost/openssl.ld 2013-02-06 19:41:43.000000000 +0100
> > ++++ openssl-1.0.2~beta1.obsolete.0.0498436515490575/engines/ccgost/openssl.ld 2014-02-24 21:02:30.000000000 +0100
> > @@ -0,0 +1,10 @@
> > +OPENSSL_1.0.0 {
> > + global:
> > diff --git a/meta/recipes-connectivity/openssl/openssl/debian1.0.2/block_digicert_malaysia.patch b/meta/recipes-connectivity/openssl/openssl/debian1.0.2/block_digicert_malaysia.patch
> > new file mode 100644
> > index 0000000..c43bcd1
> > --- /dev/null
> > +++ b/meta/recipes-connectivity/openssl/openssl/debian1.0.2/block_digicert_malaysia.patch
> > @@ -0,0 +1,29 @@
> > +From: Raphael Geissert <geissert@debian.org>
> > +Description: make X509_verify_cert indicate that any certificate whose
> > + name contains "Digicert Sdn. Bhd." (from Malaysia) is revoked.
> > +Forwarded: not-needed
> > +Origin: vendor
> > +Last-Update: 2011-11-05
> > +
> > +Upstream-Status: Backport [debian]
> > +
> > +
> > +Index: openssl-1.0.2~beta1/crypto/x509/x509_vfy.c
> > +===================================================================
> > +--- openssl-1.0.2~beta1.orig/crypto/x509/x509_vfy.c 2014-02-25 00:16:12.488028844 +0100
> > ++++ openssl-1.0.2~beta1/crypto/x509/x509_vfy.c 2014-02-25 00:16:12.484028929 +0100
> > +@@ -964,10 +964,11 @@
> > + for (i = sk_X509_num(ctx->chain) - 1; i >= 0; i--)
> > + {
> > + x = sk_X509_value(ctx->chain, i);
> > +- /* Mark DigiNotar certificates as revoked, no matter
> > +- * where in the chain they are.
> > ++ /* Mark certificates containing the following names as
> > ++ * revoked, no matter where in the chain they are.
> > + */
> > +- if (x->name && strstr(x->name, "DigiNotar"))
> > ++ if (x->name && (strstr(x->name, "DigiNotar") ||
> > ++ strstr(x->name, "Digicert Sdn. Bhd.")))
> > + {
> > + ctx->error = X509_V_ERR_CERT_REVOKED;
> > + ctx->error_depth = i;
> > diff --git a/meta/recipes-connectivity/openssl/openssl/debian1.0.2/block_diginotar.patch b/meta/recipes-connectivity/openssl/openssl/debian1.0.2/block_diginotar.patch
> > new file mode 100644
> > index 0000000..0c1a0b6
> > --- /dev/null
> > +++ b/meta/recipes-connectivity/openssl/openssl/debian1.0.2/block_diginotar.patch
> > @@ -0,0 +1,67 @@
> > +From: Raphael Geissert <geissert@debian.org>
> > +Description: make X509_verify_cert indicate that any certificate whose
> > + name contains "DigiNotar" is revoked.
> > +Forwarded: not-needed
> > +Origin: vendor
> > +Last-Update: 2011-09-08
> > +Bug: http://bugs.debian.org/639744
> > +Reviewed-by: Kurt Roeckx <kurt@roeckx.be>
> > +Reviewed-by: Dr Stephen N Henson <shenson@drh-consultancy.co.uk>
> > +
> > +This is not meant as final patch.
> > +
> > +Upstream-Status: Backport [debian]
> > +
> > +
> > +Index: openssl-1.0.2/crypto/x509/x509_vfy.c
> > +===================================================================
> > +--- openssl-1.0.2.orig/crypto/x509/x509_vfy.c
> > ++++ openssl-1.0.2/crypto/x509/x509_vfy.c
> > +@@ -119,6 +119,7 @@ static int check_trust(X509_STORE_CTX *c
> > + static int check_revocation(X509_STORE_CTX *ctx);
> > + static int check_cert(X509_STORE_CTX *ctx);
> > + static int check_policy(X509_STORE_CTX *ctx);
> > ++static int check_ca_blacklist(X509_STORE_CTX *ctx);
> > +
> > + static int get_crl_score(X509_STORE_CTX *ctx, X509 **pissuer,
> > + unsigned int *preasons, X509_CRL *crl, X509 *x);
> > +@@ -438,6 +439,9 @@ int X509_verify_cert(X509_STORE_CTX *ctx
> > + if (!ok)
> > + goto end;
> > +
> > ++ ok = check_ca_blacklist(ctx);
> > ++ if(!ok) goto end;
> > ++
> > + #ifndef OPENSSL_NO_RFC3779
> > + /* RFC 3779 path validation, now that CRL check has been done */
> > + ok = v3_asid_validate_path(ctx);
> > +@@ -938,6 +942,29 @@ static int check_crl_time(X509_STORE_CTX
> > + return 1;
> > + }
> > +
> > ++static int check_ca_blacklist(X509_STORE_CTX *ctx)
> > ++ {
> > ++ X509 *x;
> > ++ int i;
> > ++ /* Check all certificates against the blacklist */
> > ++ for (i = sk_X509_num(ctx->chain) - 1; i >= 0; i--)
> > ++ {
> > ++ x = sk_X509_value(ctx->chain, i);
> > ++ /* Mark DigiNotar certificates as revoked, no matter
> > ++ * where in the chain they are.
> > ++ */
> > ++ if (x->name && strstr(x->name, "DigiNotar"))
> > ++ {
> > ++ ctx->error = X509_V_ERR_CERT_REVOKED;
> > ++ ctx->error_depth = i;
> > ++ ctx->current_cert = x;
> > ++ if (!ctx->verify_cb(0,ctx))
> > ++ return 0;
> > ++ }
> > ++ }
> > ++ return 1;
> > ++ }
> > ++
> > + static int get_crl_sk(X509_STORE_CTX *ctx, X509_CRL **pcrl, X509_CRL **pdcrl,
> > + X509 **pissuer, int *pscore, unsigned int *preasons,
> > + STACK_OF(X509_CRL) *crls)
> > diff --git a/meta/recipes-connectivity/openssl/openssl/debian1.0.2/padlock_conf.patch b/meta/recipes-connectivity/openssl/openssl/debian1.0.2/padlock_conf.patch
> > new file mode 100644
> > index 0000000..61dcf45
> > --- /dev/null
> > +++ b/meta/recipes-connectivity/openssl/openssl/debian1.0.2/padlock_conf.patch
> > @@ -0,0 +1,31 @@
> > +
> > +Upstream-Status: Backport [debian]
> > +
> > +--- openssl/apps/openssl.cnf.orig 2012-06-06 00:45:56.000000000 +0200
> > ++++ openssl/apps/openssl.cnf 2012-06-06 00:46:46.000000000 +0200
> > +@@ -19,6 +19,8 @@
> > + # (Alternatively, use a configuration file that has only
> > + # X.509v3 extensions in its main [= default] section.)
> > +
> > ++openssl_conf = openssl_def
> > ++
> > + [ new_oids ]
> > +
> > + # We can add new OIDs in here for use by 'ca', 'req' and 'ts'.
> > +@@ -348,3 +350,16 @@
> > + # (optional, default: no)
> > + ess_cert_id_chain = no # Must the ESS cert id chain be included?
> > + # (optional, default: no)
> > ++
> > ++[openssl_def]
> > ++engines = engine_section
> > ++
> > ++[engine_section]
> > ++padlock = padlock_section
> > ++
> > ++[padlock_section]
> > ++soft_load=1
> > ++init=1
> > ++default_algorithms = ALL
> > ++dynamic_path=padlock
> > ++
> > diff --git a/meta/recipes-connectivity/openssl/openssl/engines-install-in-libdir-ssl.patch b/meta/recipes-connectivity/openssl/openssl/engines-install-in-libdir-ssl.patch
> > index d8a6f1a..a574648 100644
> > --- a/meta/recipes-connectivity/openssl/openssl/engines-install-in-libdir-ssl.patch
> > +++ b/meta/recipes-connectivity/openssl/openssl/engines-install-in-libdir-ssl.patch
> > @@ -1,11 +1,11 @@
> > Upstream-Status: Inappropriate [configuration]
> >
> >
> > -Index: openssl-1.0.0/engines/Makefile
> > +Index: openssl-1.0.2/engines/Makefile
> > ===================================================================
> > ---- openssl-1.0.0.orig/engines/Makefile
> > -+++ openssl-1.0.0/engines/Makefile
> > -@@ -107,7 +107,7 @@
> > +--- openssl-1.0.2.orig/engines/Makefile
> > ++++ openssl-1.0.2/engines/Makefile
> > +@@ -107,13 +107,13 @@ install:
> > @[ -n "$(INSTALLTOP)" ] # should be set by top Makefile...
> > @if [ -n "$(SHARED_LIBS)" ]; then \
> > set -e; \
> > @@ -14,16 +14,19 @@ Index: openssl-1.0.0/engines/Makefile
> > for l in $(LIBNAMES); do \
> > ( echo installing $$l; \
> > pfx=lib; \
> > -@@ -119,13 +119,13 @@
> > + if expr "$(PLATFORM)" : "Cygwin" >/dev/null; then \
> > + sfx=".so"; \
> > +- cp cyg$$l.dll $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/engines/$$pfx$$l$$sfx.new; \
> > ++ cp cyg$$l.dll $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/ssl/engines/$$pfx$$l$$sfx.new; \
> > + else \
> > + case "$(CFLAGS)" in \
> > + *DSO_BEOS*) sfx=".so";; \
> > +@@ -122,10 +122,10 @@ install:
> > *DSO_WIN32*) sfx="eay32.dll"; pfx=;; \
> > *) sfx=".bad";; \
> > esac; \
> > - cp $$pfx$$l$$sfx $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/engines/$$pfx$$l$$sfx.new; \
> > + cp $$pfx$$l$$sfx $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/ssl/engines/$$pfx$$l$$sfx.new; \
> > - else \
> > - sfx=".so"; \
> > -- cp cyg$$l.dll $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/engines/$$pfx$$l$$sfx.new; \
> > -+ cp cyg$$l.dll $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/ssl/engines/$$pfx$$l$$sfx.new; \
> > fi; \
> > - chmod 555 $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/engines/$$pfx$$l$$sfx.new; \
> > - mv -f $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/engines/$$pfx$$l$$sfx.new $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/engines/$$pfx$$l$$sfx ); \
> > @@ -32,20 +35,25 @@ Index: openssl-1.0.0/engines/Makefile
> > done; \
> > fi
> > @target=install; $(RECURSIVE_MAKE)
> > -Index: openssl-1.0.0/engines/ccgost/Makefile
> > +Index: openssl-1.0.2/engines/ccgost/Makefile
> > ===================================================================
> > ---- openssl-1.0.0.orig/engines/ccgost/Makefile
> > -+++ openssl-1.0.0/engines/ccgost/Makefile
> > -@@ -53,13 +53,13 @@
> > +--- openssl-1.0.2.orig/engines/ccgost/Makefile
> > ++++ openssl-1.0.2/engines/ccgost/Makefile
> > +@@ -47,7 +47,7 @@ install:
> > + pfx=lib; \
> > + if expr "$(PLATFORM)" : "Cygwin" >/dev/null; then \
> > + sfx=".so"; \
> > +- cp cyg$(LIBNAME).dll $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/engines/$${pfx}$(LIBNAME)$$sfx.new; \
> > ++ cp cyg$(LIBNAME).dll $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/ssl/engines/$${pfx}$(LIBNAME)$$sfx.new; \
> > + else \
> > + case "$(CFLAGS)" in \
> > + *DSO_BEOS*) sfx=".so";; \
> > +@@ -56,10 +56,10 @@ install:
> > *DSO_WIN32*) sfx="eay32.dll"; pfx=;; \
> > *) sfx=".bad";; \
> > esac; \
> > - cp $${pfx}$(LIBNAME)$$sfx $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/engines/$${pfx}$(LIBNAME)$$sfx.new; \
> > + cp $${pfx}$(LIBNAME)$$sfx $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/ssl/engines/$${pfx}$(LIBNAME)$$sfx.new; \
> > - else \
> > - sfx=".so"; \
> > -- cp cyg$(LIBNAME).dll $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/engines/$${pfx}$(LIBNAME)$$sfx.new; \
> > -+ cp cyg$(LIBNAME).dll $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/ssl/engines/$${pfx}$(LIBNAME)$$sfx.new; \
> > fi; \
> > - chmod 555 $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/engines/$${pfx}$(LIBNAME)$$sfx.new; \
> > - mv -f $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/engines/$${pfx}$(LIBNAME)$$sfx.new $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/engines/$${pfx}$(LIBNAME)$$sfx; \
> > diff --git a/meta/recipes-connectivity/openssl/openssl/fix-cipher-des-ede3-cfb1.patch b/meta/recipes-connectivity/openssl/openssl/fix-cipher-des-ede3-cfb1.patch
> > index f0e1778..06d1ea6 100644
> > --- a/meta/recipes-connectivity/openssl/openssl/fix-cipher-des-ede3-cfb1.patch
> > +++ b/meta/recipes-connectivity/openssl/openssl/fix-cipher-des-ede3-cfb1.patch
> > @@ -6,17 +6,16 @@ http://rt.openssl.org/Ticket/Display.html?id=2867
> >
> > Signed-Off-By: Muhammad Shakeel <muhammad_shakeel@mentor.com>
> >
> > -diff --git a/crypto/evp/e_des3.c b/crypto/evp/e_des3.c
> > -index 3232cfe..df84922 100644
> > +Index: openssl-1.0.2/crypto/evp/e_des3.c
> > ===================================================================
> > ---- a/crypto/evp/e_des3.c
> > -+++ b/crypto/evp/e_des3.c
> > -@@ -173,7 +173,7 @@ static int des_ede3_cfb1_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
> > +--- openssl-1.0.2.orig/crypto/evp/e_des3.c
> > ++++ openssl-1.0.2/crypto/evp/e_des3.c
> > +@@ -211,7 +211,7 @@ static int des_ede3_cfb1_cipher(EVP_CIPH
> > size_t n;
> > - unsigned char c[1],d[1];
> > + unsigned char c[1], d[1];
> >
> > -- for(n=0 ; n < inl ; ++n)
> > -+ for(n=0 ; n < inl*8 ; ++n)
> > - {
> > - c[0]=(in[n/8]&(1 << (7-n%8))) ? 0x80 : 0;
> > - DES_ede3_cfb_encrypt(c,d,1,1,
> > +- for (n = 0; n < inl; ++n) {
> > ++ for (n = 0; n * 8 < inl; ++n) {
> > + c[0] = (in[n / 8] & (1 << (7 - n % 8))) ? 0x80 : 0;
> > + DES_ede3_cfb_encrypt(c, d, 1, 1,
> > + &data(ctx)->ks1, &data(ctx)->ks2,
> > diff --git a/meta/recipes-connectivity/openssl/openssl/initial-aarch64-bits.patch b/meta/recipes-connectivity/openssl/openssl/initial-aarch64-bits.patch
> > deleted file mode 100644
> > index 770097d..0000000
> > --- a/meta/recipes-connectivity/openssl/openssl/initial-aarch64-bits.patch
> > +++ /dev/null
> > @@ -1,120 +0,0 @@
> > -From: Andy Polyakov <appro@openssl.org>
> > -Date: Sun, 13 Oct 2013 17:15:15 +0000 (+0200)
> > -Subject: Initial aarch64 bits.
> > -X-Git-Url: http://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff_plain;h=039081b80977e2a5de84e1f88f8b4d025b559956
> > -
> > -Initial aarch64 bits.
> > -Upstream-Status: backport (will be included in 1.0.2)
> > ----
> > - crypto/bn/bn_lcl.h | 9 +++++++++
> > - crypto/md32_common.h | 18 ++++++++++++++++++
> > - crypto/modes/modes_lcl.h | 8 ++++++++
> > - crypto/sha/sha512.c | 13 +++++++++++++
> > - 4 files changed, 48 insertions(+)
> > -
> > -Index: openssl-1.0.1f/crypto/bn/bn_lcl.h
> > -===================================================================
> > ---- openssl-1.0.1f.orig/crypto/bn/bn_lcl.h 2014-01-06 15:47:42.000000000 +0200
> > -+++ openssl-1.0.1f/crypto/bn/bn_lcl.h 2014-02-28 10:37:55.495979037 +0200
> > -@@ -300,6 +300,15 @@
> > - : "r"(a), "r"(b));
> > - # endif
> > - # endif
> > -+# elif defined(__aarch64__) && defined(SIXTY_FOUR_BIT_LONG)
> > -+# if defined(__GNUC__) && __GNUC__>=2
> > -+# define BN_UMULT_HIGH(a,b) ({ \
> > -+ register BN_ULONG ret; \
> > -+ asm ("umulh %0,%1,%2" \
> > -+ : "=r"(ret) \
> > -+ : "r"(a), "r"(b)); \
> > -+ ret; })
> > -+# endif
> > - # endif /* cpu */
> > - #endif /* OPENSSL_NO_ASM */
> > -
> > -Index: openssl-1.0.1f/crypto/md32_common.h
> > -===================================================================
> > ---- openssl-1.0.1f.orig/crypto/md32_common.h 2014-01-06 15:47:42.000000000 +0200
> > -+++ openssl-1.0.1f/crypto/md32_common.h 2014-02-28 10:39:21.751979107 +0200
> > -@@ -213,6 +213,24 @@
> > - asm ("bswapl %0":"=r"(r):"0"(r)); \
> > - *((unsigned int *)(c))=r; (c)+=4; r; })
> > - # endif
> > -+# elif defined(__aarch64__)
> > -+# if defined(__BYTE_ORDER__)
> > -+# if defined(__ORDER_LITTLE_ENDIAN__) && __BYTE_ORDER__==__ORDER_LITTLE_ENDIAN__
> > -+# define HOST_c2l(c,l) ({ unsigned int r; \
> > -+ asm ("rev %w0,%w1" \
> > -+ :"=r"(r) \
> > -+ :"r"(*((const unsigned int *)(c))));\
> > -+ (c)+=4; (l)=r; })
> > -+# define HOST_l2c(l,c) ({ unsigned int r; \
> > -+ asm ("rev %w0,%w1" \
> > -+ :"=r"(r) \
> > -+ :"r"((unsigned int)(l)));\
> > -+ *((unsigned int *)(c))=r; (c)+=4; r; })
> > -+# elif defined(__ORDER_BIG_ENDIAN__) && __BYTE_ORDER__==__ORDER_BIG_ENDIAN__
> > -+# define HOST_c2l(c,l) ((l)=*((const unsigned int *)(c)), (c)+=4, (l))
> > -+# define HOST_l2c(l,c) (*((unsigned int *)(c))=(l), (c)+=4, (l))
> > -+# endif
> > -+# endif
> > - # endif
> > - # endif
> > - #endif
> > -Index: openssl-1.0.1f/crypto/modes/modes_lcl.h
> > -===================================================================
> > ---- openssl-1.0.1f.orig/crypto/modes/modes_lcl.h 2014-02-28 10:47:48.731979011 +0200
> > -+++ openssl-1.0.1f/crypto/modes/modes_lcl.h 2014-02-28 10:48:49.707978919 +0200
> > -@@ -29,6 +29,7 @@
> > - #if defined(__i386) || defined(__i386__) || \
> > - defined(__x86_64) || defined(__x86_64__) || \
> > - defined(_M_IX86) || defined(_M_AMD64) || defined(_M_X64) || \
> > -+ defined(__aarch64__) || \
> > - defined(__s390__) || defined(__s390x__)
> > - # undef STRICT_ALIGNMENT
> > - #endif
> > -@@ -50,6 +51,13 @@
> > - # define BSWAP4(x) ({ u32 ret=(x); \
> > - asm ("bswapl %0" \
> > - : "+r"(ret)); ret; })
> > -+# elif defined(__aarch64__)
> > -+# define BSWAP8(x) ({ u64 ret; \
> > -+ asm ("rev %0,%1" \
> > -+ : "=r"(ret) : "r"(x)); ret; })
> > -+# define BSWAP4(x) ({ u32 ret; \
> > -+ asm ("rev %w0,%w1" \
> > -+ : "=r"(ret) : "r"(x)); ret; })
> > - # elif (defined(__arm__) || defined(__arm)) && !defined(STRICT_ALIGNMENT)
> > - # define BSWAP8(x) ({ u32 lo=(u64)(x)>>32,hi=(x); \
> > - asm ("rev %0,%0; rev %1,%1" \
> > -Index: openssl-1.0.1f/crypto/sha/sha512.c
> > -===================================================================
> > ---- openssl-1.0.1f.orig/crypto/sha/sha512.c 2014-01-06 15:47:42.000000000 +0200
> > -+++ openssl-1.0.1f/crypto/sha/sha512.c 2014-02-28 10:52:14.579978981 +0200
> > -@@ -55,6 +55,7 @@
> > - #if defined(__i386) || defined(__i386__) || defined(_M_IX86) || \
> > - defined(__x86_64) || defined(_M_AMD64) || defined(_M_X64) || \
> > - defined(__s390__) || defined(__s390x__) || \
> > -+ defined(__aarch64__) || \
> > - defined(SHA512_ASM)
> > - #define SHA512_BLOCK_CAN_MANAGE_UNALIGNED_DATA
> > - #endif
> > -@@ -347,6 +348,18 @@
> > - asm ("rotrdi %0,%1,%2" \
> > - : "=r"(ret) \
> > - : "r"(a),"K"(n)); ret; })
> > -+# elif defined(__aarch64__)
> > -+# define ROTR(a,n) ({ SHA_LONG64 ret; \
> > -+ asm ("ror %0,%1,%2" \
> > -+ : "=r"(ret) \
> > -+ : "r"(a),"I"(n)); ret; })
> > -+# if defined(__BYTE_ORDER__) && defined(__ORDER_LITTLE_ENDIAN__) && \
> > -+ __BYTE_ORDER__==__ORDER_LITTLE_ENDIAN__
> > -+# define PULL64(x) ({ SHA_LONG64 ret; \
> > -+ asm ("rev %0,%1" \
> > -+ : "=r"(ret) \
> > -+ : "r"(*((const SHA_LONG64 *)(&(x))))); ret; })
> > -+# endif
> > - # endif
> > - # elif defined(_MSC_VER)
> > - # if defined(_WIN64) /* applies to both IA-64 and AMD64 */
> > diff --git a/meta/recipes-connectivity/openssl/openssl/openssl-avoid-NULL-pointer-dereference-in-EVP_DigestInit_ex.patch b/meta/recipes-connectivity/openssl/openssl/openssl-avoid-NULL-pointer-dereference-in-EVP_DigestInit_ex.patch
> > index c161e62..cebc8cf 100644
> > --- a/meta/recipes-connectivity/openssl/openssl/openssl-avoid-NULL-pointer-dereference-in-EVP_DigestInit_ex.patch
> > +++ b/meta/recipes-connectivity/openssl/openssl/openssl-avoid-NULL-pointer-dereference-in-EVP_DigestInit_ex.patch
> > @@ -8,14 +8,16 @@ http://www.mail-archive.com/openssl-dev@openssl.org/msg32860.html
> >
> > Signed-off-by: Xufeng Zhang <xufeng.zhang@windriver.com>
> > ---
> > ---- a/crypto/evp/digest.c
> > -+++ b/crypto/evp/digest.c
> > -@@ -199,7 +199,7 @@
> > - return 0;
> > - }
> > +Index: openssl-1.0.2/crypto/evp/digest.c
> > +===================================================================
> > +--- openssl-1.0.2.orig/crypto/evp/digest.c
> > ++++ openssl-1.0.2/crypto/evp/digest.c
> > +@@ -208,7 +208,7 @@ int EVP_DigestInit_ex(EVP_MD_CTX *ctx, c
> > + return 0;
> > + }
> > #endif
> > -- if (ctx->digest != type)
> > -+ if (type && (ctx->digest != type))
> > - {
> > - if (ctx->digest && ctx->digest->ctx_size)
> > - OPENSSL_free(ctx->md_data);
> > +- if (ctx->digest != type) {
> > ++ if (type && (ctx->digest != type)) {
> > + if (ctx->digest && ctx->digest->ctx_size)
> > + OPENSSL_free(ctx->md_data);
> > + ctx->digest = type;
> > diff --git a/meta/recipes-connectivity/openssl/openssl/openssl-avoid-NULL-pointer-dereference-in-dh_pub_encode.patch b/meta/recipes-connectivity/openssl/openssl/openssl-avoid-NULL-pointer-dereference-in-dh_pub_encode.patch
> > index 3e93fe4..d7047bb 100644
> > --- a/meta/recipes-connectivity/openssl/openssl/openssl-avoid-NULL-pointer-dereference-in-dh_pub_encode.patch
> > +++ b/meta/recipes-connectivity/openssl/openssl/openssl-avoid-NULL-pointer-dereference-in-dh_pub_encode.patch
> > @@ -8,32 +8,19 @@ http://www.mail-archive.com/openssl-dev@openssl.org/msg32859.html
> >
> > Signed-off-by: Xufeng Zhang <xufeng.zhang@windriver.com>
> > ---
> > ---- a/crypto/dh/dh_ameth.c
> > -+++ b/crypto/dh/dh_ameth.c
> > -@@ -139,6 +139,12 @@
> > - dh=pkey->pkey.dh;
> > +Index: openssl-1.0.2/crypto/dh/dh_ameth.c
> > +===================================================================
> > +--- openssl-1.0.2.orig/crypto/dh/dh_ameth.c
> > ++++ openssl-1.0.2/crypto/dh/dh_ameth.c
> > +@@ -161,6 +161,11 @@ static int dh_pub_encode(X509_PUBKEY *pk
> > + dh = pkey->pkey.dh;
> >
> > - str = ASN1_STRING_new();
> > -+ if (!str)
> > -+ {
> > -+ DHerr(DH_F_DH_PUB_ENCODE, ERR_R_MALLOC_FAILURE);
> > -+ goto err;
> > -+ }
> > + str = ASN1_STRING_new();
> > ++ if (!str) {
> > ++ DHerr(DH_F_DH_PUB_ENCODE, ERR_R_MALLOC_FAILURE);
> > ++ goto err;
> > ++ }
> > +
> > - str->length = i2d_DHparams(dh, &str->data);
> > - if (str->length <= 0)
> > - {
> > ---- a/crypto/dsa/dsa_ameth.c
> > -+++ b/crypto/dsa/dsa_ameth.c
> > -@@ -148,6 +148,11 @@
> > - {
> > - ASN1_STRING *str;
> > - str = ASN1_STRING_new();
> > -+ if (!str)
> > -+ {
> > -+ DSAerr(DSA_F_DSA_PUB_ENCODE, ERR_R_MALLOC_FAILURE);
> > -+ goto err;
> > -+ }
> > - str->length = i2d_DSAparams(dsa, &str->data);
> > - if (str->length <= 0)
> > - {
> > + str->length = i2d_dhp(pkey, dh, &str->data);
> > + if (str->length <= 0) {
> > + DHerr(DH_F_DH_PUB_ENCODE, ERR_R_MALLOC_FAILURE);
> > diff --git a/meta/recipes-connectivity/openssl/openssl/openssl_fix_for_x32.patch b/meta/recipes-connectivity/openssl/openssl/openssl_fix_for_x32.patch
> > index 93ce034..cbce32c 100644
> > --- a/meta/recipes-connectivity/openssl/openssl/openssl_fix_for_x32.patch
> > +++ b/meta/recipes-connectivity/openssl/openssl/openssl_fix_for_x32.patch
> > @@ -6,64 +6,13 @@ Signed-Off-By: Nitin A Kamble <nitin.a.kamble@intel.com> 2011/07/13
> >
> > ported the patch to the 1.0.0e version
> > Signed-Off-By: Nitin A Kamble <nitin.a.kamble@intel.com> 2011/12/01
> > -Index: openssl-1.0.1e/Configure
> > +Index: openssl-1.0.2/crypto/bn/bn.h
> > ===================================================================
> > ---- openssl-1.0.1e.orig/Configure
> > -+++ openssl-1.0.1e/Configure
> > -@@ -402,6 +402,7 @@ my %table=(
> > - "linux-ia64-ecc","ecc:-DL_ENDIAN -DTERMIO -O2 -Wall -no_cpprt::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_INT:${ia64_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
> > - "linux-ia64-icc","icc:-DL_ENDIAN -DTERMIO -O2 -Wall -no_cpprt::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_RISC1 DES_INT:${ia64_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
> > - "linux-x86_64", "gcc:-m64 -DL_ENDIAN -DTERMIO -O3 -Wall::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_INT DES_UNROLL:${x86_64_asm}:elf:dlfcn:linux-shared:-fPIC:-m64:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR):::64",
> > -+"linux-x32", "gcc:-mx32 -DL_ENDIAN -DTERMIO -O3 -Wall -DMD32_REG_T=int::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT RC4_CHUNK DES_INT DES_UNROLL:${x86_64_asm}:elf:dlfcn:linux-shared:-fPIC:-mx32:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR):::x32",
> > - "linux64-s390x", "gcc:-m64 -DB_ENDIAN -DTERMIO -O3 -Wall::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHAR RC4_CHUNK DES_INT DES_UNROLL:${s390x_asm}:64:dlfcn:linux-shared:-fPIC:-m64:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR):::64",
> > - #### So called "highgprs" target for z/Architecture CPUs
> > - # "Highgprs" is kernel feature first implemented in Linux 2.6.32, see
> > -Index: openssl-1.0.1e/crypto/bn/asm/x86_64-gcc.c
> > -===================================================================
> > ---- openssl-1.0.1e.orig/crypto/bn/asm/x86_64-gcc.c
> > -+++ openssl-1.0.1e/crypto/bn/asm/x86_64-gcc.c
> > -@@ -55,7 +55,7 @@
> > - * machine.
> > - */
> > -
> > --#ifdef _WIN64
> > -+#if defined _WIN64 || !defined __LP64__
> > - #define BN_ULONG unsigned long long
> > - #else
> > - #define BN_ULONG unsigned long
> > -@@ -192,9 +192,9 @@ BN_ULONG bn_add_words (BN_ULONG *rp, con
> > - asm (
> > - " subq %2,%2 \n"
> > - ".p2align 4 \n"
> > -- "1: movq (%4,%2,8),%0 \n"
> > -- " adcq (%5,%2,8),%0 \n"
> > -- " movq %0,(%3,%2,8) \n"
> > -+ "1: movq (%q4,%2,8),%0 \n"
> > -+ " adcq (%q5,%2,8),%0 \n"
> > -+ " movq %0,(%q3,%2,8) \n"
> > - " leaq 1(%2),%2 \n"
> > - " loop 1b \n"
> > - " sbbq %0,%0 \n"
> > -@@ -215,9 +215,9 @@ BN_ULONG bn_sub_words (BN_ULONG *rp, con
> > - asm (
> > - " subq %2,%2 \n"
> > - ".p2align 4 \n"
> > -- "1: movq (%4,%2,8),%0 \n"
> > -- " sbbq (%5,%2,8),%0 \n"
> > -- " movq %0,(%3,%2,8) \n"
> > -+ "1: movq (%q4,%2,8),%0 \n"
> > -+ " sbbq (%q5,%2,8),%0 \n"
> > -+ " movq %0,(%q3,%2,8) \n"
> > - " leaq 1(%2),%2 \n"
> > - " loop 1b \n"
> > - " sbbq %0,%0 \n"
> > -Index: openssl-1.0.1e/crypto/bn/bn.h
> > -===================================================================
> > ---- openssl-1.0.1e.orig/crypto/bn/bn.h
> > -+++ openssl-1.0.1e/crypto/bn/bn.h
> > -@@ -172,6 +172,13 @@ extern "C" {
> > +--- openssl-1.0.2.orig/crypto/bn/bn.h
> > ++++ openssl-1.0.2/crypto/bn/bn.h
> > +@@ -173,6 +173,13 @@ extern "C" {
> > + # endif
> > # endif
> > - #endif
> >
> > +/* Address type. */
> > +#ifdef _WIN64
> > @@ -72,19 +21,19 @@ Index: openssl-1.0.1e/crypto/bn/bn.h
> > +#define BN_ADDR unsigned long
> > +#endif
> > +
> > - /* assuming long is 64bit - this is the DEC Alpha
> > - * unsigned long long is only 64 bits :-(, don't define
> > - * BN_LLONG for the DEC Alpha */
> > -Index: openssl-1.0.1e/crypto/bn/bn_exp.c
> > + /*
> > + * assuming long is 64bit - this is the DEC Alpha unsigned long long is only
> > + * 64 bits :-(, don't define BN_LLONG for the DEC Alpha
> > +Index: openssl-1.0.2/crypto/bn/bn_exp.c
> > ===================================================================
> > ---- openssl-1.0.1e.orig/crypto/bn/bn_exp.c
> > -+++ openssl-1.0.1e/crypto/bn/bn_exp.c
> > -@@ -567,7 +567,7 @@ static int MOD_EXP_CTIME_COPY_FROM_PREBU
> > -
> > - /* Given a pointer value, compute the next address that is a cache line multiple. */
> > +--- openssl-1.0.2.orig/crypto/bn/bn_exp.c
> > ++++ openssl-1.0.2/crypto/bn/bn_exp.c
> > +@@ -638,7 +638,7 @@ static int MOD_EXP_CTIME_COPY_FROM_PREBU
> > + * multiple.
> > + */
> > #define MOD_EXP_CTIME_ALIGN(x_) \
> > -- ((unsigned char*)(x_) + (MOD_EXP_CTIME_MIN_CACHE_LINE_WIDTH - (((size_t)(x_)) & (MOD_EXP_CTIME_MIN_CACHE_LINE_MASK))))
> > +- ((unsigned char*)(x_) + (MOD_EXP_CTIME_MIN_CACHE_LINE_WIDTH - (((size_t)(x_)) & (MOD_EXP_CTIME_MIN_CACHE_LINE_MASK))))
> > + ((unsigned char*)(x_) + (MOD_EXP_CTIME_MIN_CACHE_LINE_WIDTH - (((BN_ADDR)(x_)) & (MOD_EXP_CTIME_MIN_CACHE_LINE_MASK))))
> >
> > - /* This variant of BN_mod_exp_mont() uses fixed windows and the special
> > - * precomputation memory layout to limit data-dependency to a minimum
> > + /*
> > + * This variant of BN_mod_exp_mont() uses fixed windows and the special
> > diff --git a/meta/recipes-connectivity/openssl/openssl/ptest-deps.patch b/meta/recipes-connectivity/openssl/openssl/ptest-deps.patch
> > index 527e10c..ef6d179 100644
> > --- a/meta/recipes-connectivity/openssl/openssl/ptest-deps.patch
> > +++ b/meta/recipes-connectivity/openssl/openssl/ptest-deps.patch
> > @@ -10,11 +10,11 @@ Upstream-Status: Inappropriate [config]
> >
> > Signed-off-by: Paul Eggleton <paul.eggleton@linux.intel.com>
> >
> > -diff --git a/test/Makefile b/test/Makefile
> > -index e6fcfb4..5ae043b 100644
> > ---- a/test/Makefile
> > -+++ b/test/Makefile
> > -@@ -322,11 +322,11 @@ test_cms:
> > +Index: openssl-1.0.2/test/Makefile
> > +===================================================================
> > +--- openssl-1.0.2.orig/test/Makefile
> > ++++ openssl-1.0.2/test/Makefile
> > +@@ -330,7 +330,7 @@ test_cms: ../apps/openssl$(EXE_EXT) cms-
> > @echo "CMS consistency test"
> > $(PERL) cms-test.pl
> >
> > @@ -23,8 +23,12 @@ index e6fcfb4..5ae043b 100644
> > @echo "Test SRP"
> > ../util/shlib_wrap.sh ./srptest
> >
> > +@@ -342,7 +342,7 @@ test_v3name: $(V3NAMETEST)$(EXE_EXT)
> > + @echo "Test X509v3_check_*"
> > + ../util/shlib_wrap.sh ./$(V3NAMETEST)
> > +
> > -test_heartbeat: $(HEARTBEATTEST)$(EXE_EXT)
> > +test_heartbeat:
> > ../util/shlib_wrap.sh ./$(HEARTBEATTEST)
> >
> > - lint:
> > + test_constant_time: $(CONSTTIMETEST)$(EXE_EXT)
> > diff --git a/meta/recipes-connectivity/openssl/openssl/update-version-script-for-1.0.2.patch b/meta/recipes-connectivity/openssl/openssl/update-version-script-for-1.0.2.patch
> > new file mode 100644
> > index 0000000..fcfccfa
> > --- /dev/null
> > +++ b/meta/recipes-connectivity/openssl/openssl/update-version-script-for-1.0.2.patch
> > @@ -0,0 +1,66 @@
> > +Index: openssl-1.0.2/openssl.ld
> > +===================================================================
> > +--- openssl-1.0.2.orig/openssl.ld
> > ++++ openssl-1.0.2/openssl.ld
> > +@@ -4618,3 +4618,61 @@ OPENSSL_1.0.1d {
> > + CRYPTO_memcmp;
> > + } OPENSSL_1.0.1;
> > +
> > ++OPENSSL_1.0.2 {
> > ++ global:
> > ++ ASN1_TIME_diff;
> > ++ CMS_RecipientInfo_get0_pkey_ctx;
> > ++ CMS_RecipientInfo_kari_get0_ctx;
> > ++ CMS_SignerInfo_get0_pkey_ctx;
> > ++ DH_get_1024_160;
> > ++ DH_get_2048_224;
> > ++ DH_get_2048_256;
> > ++ DTLS_client_method;
> > ++ DTLS_server_method;
> > ++ DTLSv1_2_client_method;
> > ++ DTLSv1_2_server_method;
> > ++ EC_curve_nid2nist;
> > ++ EC_curve_nist2nid;
> > ++ EVP_aes_128_cbc_hmac_sha256;
> > ++ EVP_aes_128_wrap;
> > ++ EVP_aes_192_wrap;
> > ++ EVP_aes_256_cbc_hmac_sha256;
> > ++ EVP_aes_256_wrap;
> > ++ EVP_des_ede3_wrap;
> > ++ OCSP_REQ_CTX_http;
> > ++ OCSP_REQ_CTX_new;
> > ++ PEM_write_bio_DHxparams;
> > ++ SSL_CIPHER_find;
> > ++ SSL_CONF_CTX_finish;
> > ++ SSL_CONF_CTX_free;
> > ++ SSL_CONF_CTX_new;
> > ++ SSL_CONF_CTX_set_flags;
> > ++ SSL_CONF_CTX_set_ssl_ctx;
> > ++ SSL_CONF_cmd;
> > ++ SSL_CONF_cmd_argv;
> > ++ SSL_CTX_add_client_custom_ext;
> > ++ SSL_CTX_add_server_custom_ext;
> > ++ SSL_CTX_set_alpn_protos;
> > ++ SSL_CTX_set_alpn_select_cb;
> > ++ SSL_CTX_set_cert_cb;
> > ++ SSL_CTX_use_serverinfo_file;
> > ++ SSL_certs_clear;
> > ++ SSL_check_chain;
> > ++ SSL_get0_alpn_selected;
> > ++ SSL_get_shared_sigalgs;
> > ++ SSL_get_sigalgs;
> > ++ SSL_is_server;
> > ++ X509_CRL_diff;
> > ++ X509_CRL_http_nbio;
> > ++ X509_STORE_set_lookup_crls_cb;
> > ++ X509_VERIFY_PARAM_set1_email;
> > ++ X509_VERIFY_PARAM_set1_host;
> > ++ X509_VERIFY_PARAM_set1_ip_asc;
> > ++ X509_chain_check_suiteb;
> > ++ X509_chain_up_ref;
> > ++ X509_check_email;
> > ++ X509_check_host;
> > ++ X509_check_ip_asc;
> > ++ X509_get_signature_nid;
> > ++ X509_http_nbio;
> > ++} OPENSSL_1.0.1d;
> > diff --git a/meta/recipes-connectivity/openssl/openssl_1.0.1k.bb b/meta/recipes-connectivity/openssl/openssl_1.0.2.bb
> > similarity index 84%
> > rename from meta/recipes-connectivity/openssl/openssl_1.0.1k.bb
> > rename to meta/recipes-connectivity/openssl/openssl_1.0.2.bb
> > index 16ffc58..79537f9 100644
> > --- a/meta/recipes-connectivity/openssl/openssl_1.0.1k.bb
> > +++ b/meta/recipes-connectivity/openssl/openssl_1.0.2.bb
> > @@ -16,21 +16,22 @@ SRC_URI += "file://configure-targets.patch \
> > file://oe-ldflags.patch \
> > file://engines-install-in-libdir-ssl.patch \
> > file://openssl-fix-link.patch \
> > - file://debian/version-script.patch \
> > - file://debian/pic.patch \
> > - file://debian/c_rehash-compat.patch \
> > + file://debian1.0.2/block_diginotar.patch \
> > + file://debian1.0.2/block_digicert_malaysia.patch \
> > + file://debian1.0.2/padlock_conf.patch \
> > file://debian/ca.patch \
> > - file://debian/make-targets.patch \
> > - file://debian/no-rpath.patch \
> > + file://debian/c_rehash-compat.patch \
> > + file://debian/debian-targets.patch \
> > file://debian/man-dir.patch \
> > file://debian/man-section.patch \
> > + file://debian/no-rpath.patch \
> > file://debian/no-symbolic.patch \
> > - file://debian/debian-targets.patch \
> > + file://debian/pic.patch \
> > + file://debian/version-script.patch \
> > file://openssl_fix_for_x32.patch \
> > file://fix-cipher-des-ede3-cfb1.patch \
> > file://openssl-avoid-NULL-pointer-dereference-in-EVP_DigestInit_ex.patch \
> > file://openssl-avoid-NULL-pointer-dereference-in-dh_pub_encode.patch \
> > - file://initial-aarch64-bits.patch \
> > file://find.pl \
> > file://openssl-fix-des.pod-error.patch \
> > file://Makefiles-ptest.patch \
> > @@ -38,8 +39,8 @@ SRC_URI += "file://configure-targets.patch \
> > file://run-ptest \
> > "
> >
> > -SRC_URI[md5sum] = "d4f002bd22a56881340105028842ae1f"
> > -SRC_URI[sha256sum] = "8f9faeaebad088e772f4ef5e38252d472be4d878c6b3a2718c10a4fcebe7a41c"
> > +SRC_URI[md5sum] = "38373013fc85c790aabf8837969c5eba"
> > +SRC_URI[sha256sum] = "8c48baf3babe0d505d16cfc0cf272589c66d3624264098213db0fb00034728e9"
> >
> > PACKAGES =+ " \
> > ${PN}-engines \
> >
> --
> _______________________________________________
> Openembedded-core mailing list
> Openembedded-core@lists.openembedded.org
> http://lists.openembedded.org/mailman/listinfo/openembedded-core
--
Martin 'JaMa' Jansa jabber: Martin.Jansa@gmail.com
[-- Attachment #2: Digital signature --]
[-- Type: application/pgp-signature, Size: 188 bytes --]
^ permalink raw reply [flat|nested] 6+ messages in thread
* Re: [PATCH] openssl: Upgrade to 1.0.2
2015-03-13 13:46 ` Martin Jansa
@ 2015-03-16 5:41 ` Saul Wold
0 siblings, 0 replies; 6+ messages in thread
From: Saul Wold @ 2015-03-16 5:41 UTC (permalink / raw)
To: Martin Jansa, Robert Yang; +Cc: openembedded-core
On 03/13/2015 07:46 AM, Martin Jansa wrote:
> On Thu, Mar 12, 2015 at 02:18:27PM +0800, Robert Yang wrote:
>>
>> I met this error when building openflow in meta-networking, I guess it maybe
>> related to the upgraded:
>>
>> x86_64-wrs-linux-gcc -m64 -march=core2 -mtune=core2 -msse3 -mfpmath=sse
>> --sysroot=/buildarea/lyang1/test_qemux86-64/bitbake_build/tmp/sysroots/qemux86-64 -Wstrict-prototypes
>> -O2 -pipe -g -feliminate-unused-debug-types -Wall -Wno-sign-compare
>> -Wpointer-arith -Wdeclaration-after-statement -Wformat-security -Wswitch-enum
>> -Wunused-parameter -Wstrict-aliasing -Wbad-function-cast -Wcast-align
>> -Wstrict-prototypes -Wold-style-definition -Wmissing-prototypes
>> -Wmissing-field-initializers -Wno-override-init -export-dynamic -Wl,-O1
>> -Wl,--hash-style=gnu -Wl,--as-needed -o secchan/ofprotocol secchan/discovery.o
>> secchan/emerg-flow.o secchan/fail-open.o secchan/failover.o secchan/in-band.o
>> secchan/port-watcher.o secchan/protocol-stat.o secchan/ratelimit.o
>> secchan/secchan.o secchan/status.o secchan/stp-secchan.o lib/libopenflow.a -ldl
>> -L/buildarea/lyang1/test_qemux86-64/bitbake_build/tmp/sysroots/qemux86-64/usr/lib64
>> -lssl
>> /buildarea/lyang1/test_qemux86-64/bitbake_build/tmp/sysroots/x86_64-linux/usr/libexec/x86_64-wrs-linux/gcc/x86_64-wrs-linux/4.9.2/ld:
>> lib/libopenflow.a(vconn-ssl.o): undefined reference to symbol
>> 'ERR_error_string@@OPENSSL_1.0.0'
>> /buildarea/lyang1/test_qemux86-64/bitbake_build/tmp/sysroots/qemux86-64/lib64/libcrypto.so.1.0.0:
>> error adding symbols: DSO missing from command line
>> collect2: error: ld returned 1 exit status
>
I think I have a fix for this coming with a change to the libssl.pc file
to Require libcrypto instead of Require.private it.
> python-pyopenssl is also failing since this upgrade:
>
> | x86_64-oe-linux-gcc -m64 -march=core2 -mtune=core2 -msse3 -mfpmath=sse --sysroot=/home/jenkins/oe/world/shr-core/tmp-glibc/sysroots/qemux86-64 -DNDEBUG -g -O3 -Wall -Wstrict-prototypes -O2 -pipe -g -feliminate-unused-debug-types -fPIC -I/home/jenkins/oe/world/shr-core/tmp-glibc/sysroots/qemux86-64/usr/include/python2.7 -c OpenSSL/crypto/crl.c -o build/temp.linux-x86_64-2.7/OpenSSL/crypto/crl.o
> | OpenSSL/crypto/crl.c:6:23: error: static declaration of 'X509_REVOKED_dup' follows non-static declaration
> | static X509_REVOKED * X509_REVOKED_dup(X509_REVOKED *orig) {
> | ^
> | In file included from /home/jenkins/oe/world/shr-core/tmp-glibc/sysroots/qemux86-64/usr/include/openssl/ssl.h:156:0,
> | from OpenSSL/crypto/x509.h:17,
> | from OpenSSL/crypto/crypto.h:30,
> | from OpenSSL/crypto/crl.c:3:
> | /home/jenkins/oe/world/shr-core/tmp-glibc/sysroots/qemux86-64/usr/include/openssl/x509.h:751:15: note: previous declaration of 'X509_REVOKED_dup' was here
> | X509_REVOKED *X509_REVOKED_dup(X509_REVOKED *rev);
> | ^
> | OpenSSL/crypto/crl.c: In function 'init_crypto_crl':
> | OpenSSL/crypto/crl.c:285:5: warning: dereferencing type-punned pointer will break strict-aliasing rules [-Wstrict-aliasing]
> | Py_INCREF((PyObject *)&crypto_CRL_Type);
> | ^
> | error: command 'x86_64-oe-linux-gcc' failed with exit status 1
> | ERROR: python setup.py build_ext execution failed.
> | WARNING: exit code 1 from a shell command.
> | ERROR: Function failed: do_compile (log file is located at /home/jenkins/oe/world/shr-core/tmp-glibc/work/core2-64-oe-linux/python-pyopenssl/0.13-r1/temp/log.do_compile.21838)
> NOTE: recipe python-pyopenssl-0.13-r1: task do_compile: Failed
> ERROR: Task 19005 (/home/jenkins/oe/world/shr-core/meta-openembedded/meta-oe/recipes-devtools/python/python-pyopenssl_0.13.bb, do_compile) failed with exit code '1'
>
I think this one needs a fix in the pyopenssl code which may be part of
the 0.14, can you look into that update?
Sau!
>>
>> // Robert
>>
>> On 03/05/2015 01:46 AM, Saul Wold wrote:
>>> Rebased numerous patches
>>> removed aarch64 initial work since it's part of upstream now
>>> Imported a few additional patches from Debian to support the version-script
>>> and blacklist additional bad certificates.
>>>
>>> Signed-off-by: Saul Wold <sgw@linux.intel.com>
>>> ---
>>> .../openssl/openssl/Makefiles-ptest.patch | 36 +--
>>> .../openssl/openssl/debian/c_rehash-compat.patch | 58 +++-
>>> .../openssl/openssl/debian/debian-targets.patch | 25 +-
>>> .../openssl/openssl/debian/version-script.patch | 311 ++++++++++-----------
>>> .../debian1.0.2/block_digicert_malaysia.patch | 29 ++
>>> .../openssl/debian1.0.2/block_diginotar.patch | 67 +++++
>>> .../openssl/openssl/debian1.0.2/padlock_conf.patch | 31 ++
>>> .../openssl/engines-install-in-libdir-ssl.patch | 42 +--
>>> .../openssl/openssl/fix-cipher-des-ede3-cfb1.patch | 21 +-
>>> .../openssl/openssl/initial-aarch64-bits.patch | 120 --------
>>> ...-pointer-dereference-in-EVP_DigestInit_ex.patch | 22 +-
>>> ...NULL-pointer-dereference-in-dh_pub_encode.patch | 41 +--
>>> .../openssl/openssl/openssl_fix_for_x32.patch | 85 ++----
>>> .../openssl/openssl/ptest-deps.patch | 16 +-
>>> .../openssl/update-version-script-for-1.0.2.patch | 66 +++++
>>> .../{openssl_1.0.1k.bb => openssl_1.0.2.bb} | 19 +-
>>> 16 files changed, 522 insertions(+), 467 deletions(-)
>>> create mode 100644 meta/recipes-connectivity/openssl/openssl/debian1.0.2/block_digicert_malaysia.patch
>>> create mode 100644 meta/recipes-connectivity/openssl/openssl/debian1.0.2/block_diginotar.patch
>>> create mode 100644 meta/recipes-connectivity/openssl/openssl/debian1.0.2/padlock_conf.patch
>>> delete mode 100644 meta/recipes-connectivity/openssl/openssl/initial-aarch64-bits.patch
>>> create mode 100644 meta/recipes-connectivity/openssl/openssl/update-version-script-for-1.0.2.patch
>>> rename meta/recipes-connectivity/openssl/{openssl_1.0.1k.bb => openssl_1.0.2.bb} (84%)
>>>
>>> diff --git a/meta/recipes-connectivity/openssl/openssl/Makefiles-ptest.patch b/meta/recipes-connectivity/openssl/openssl/Makefiles-ptest.patch
>>> index ac53a91..249446a 100644
>>> --- a/meta/recipes-connectivity/openssl/openssl/Makefiles-ptest.patch
>>> +++ b/meta/recipes-connectivity/openssl/openssl/Makefiles-ptest.patch
>>> @@ -5,10 +5,11 @@ Signed-off-by: Anders Roxell <anders.roxell@enea.com>
>>> Signed-off-by: Maxin B. John <maxin.john@enea.com>
>>> Upstream-Status: Pending
>>> ---
>>> -diff -uNr a/Makefile b/Makefile
>>> ---- a/Makefile.org 2012-05-10 17:06:02.000000000 +0200
>>> -+++ b/Makefile.org 2012-10-27 00:05:55.359424024 +0200
>>> -@@ -411,8 +411,16 @@
>>> +Index: openssl-1.0.2/Makefile.org
>>> +===================================================================
>>> +--- openssl-1.0.2.orig/Makefile.org
>>> ++++ openssl-1.0.2/Makefile.org
>>> +@@ -451,8 +451,16 @@ rehash.time: certs apps
>>> test: tests
>>>
>>> tests: rehash
>>> @@ -26,11 +27,11 @@ diff -uNr a/Makefile b/Makefile
>>> OPENSSL_CONF=apps/openssl.cnf util/opensslwrap.sh version -a
>>>
>>> report:
>>> -diff --git a/test/Makefile b/test/Makefile
>>> -index 3912f82..1696767 100644
>>> ---- a/test/Makefile
>>> -+++ b/test/Makefile
>>> -@@ -128,7 +128,7 @@ tests: exe apps $(TESTS)
>>> +Index: openssl-1.0.2/test/Makefile
>>> +===================================================================
>>> +--- openssl-1.0.2.orig/test/Makefile
>>> ++++ openssl-1.0.2/test/Makefile
>>> +@@ -137,7 +137,7 @@ tests: exe apps $(TESTS)
>>> apps:
>>> @(cd ..; $(MAKE) DIRS=apps all)
>>>
>>> @@ -39,28 +40,28 @@ index 3912f82..1696767 100644
>>> test_des test_idea test_sha test_md4 test_md5 test_hmac \
>>> test_md2 test_mdc2 test_wp \
>>> test_rmd test_rc2 test_rc4 test_rc5 test_bf test_cast test_aes \
>>> -@@ -138,6 +138,11 @@ alltests: \
>>> - test_ss test_ca test_engine test_evp test_ssl test_tsa test_ige \
>>> - test_jpake test_cms
>>> +@@ -148,6 +148,11 @@ alltests: \
>>> + test_jpake test_srp test_cms test_ocsp test_v3name test_heartbeat \
>>> + test_constant_time
>>>
>>> +alltests:
>>> + @(for i in $(all-tests); do \
>>> + ( $(MAKE) $$i && echo "PASS: $$i" ) || echo "FAIL: $$i"; \
>>> + done)
>>> +
>>> - test_evp:
>>> + test_evp: $(EVPTEST)$(EXE_EXT) evptests.txt
>>> ../util/shlib_wrap.sh ./$(EVPTEST) evptests.txt
>>>
>>> -@@ -203,7 +208,7 @@ test_x509:
>>> +@@ -213,7 +218,7 @@ test_x509: ../apps/openssl$(EXE_EXT) tx5
>>> echo test second x509v3 certificate
>>> sh ./tx509 v3-cert2.pem 2>/dev/null
>>>
>>> --test_rsa: $(RSATEST)$(EXE_EXT)
>>> -+test_rsa:
>>> +-test_rsa: $(RSATEST)$(EXE_EXT) ../apps/openssl$(EXE_EXT) trsa testrsa.pem
>>> ++test_rsa: ../apps/openssl$(EXE_EXT) trsa testrsa.pem
>>> @sh ./trsa 2>/dev/null
>>> ../util/shlib_wrap.sh ./$(RSATEST)
>>>
>>> -@@ -298,11 +303,11 @@ test_tsa:
>>> +@@ -313,11 +318,11 @@ test_tsa: ../apps/openssl$(EXE_EXT) test
>>> sh ./testtsa; \
>>> fi
>>>
>>> @@ -73,3 +74,4 @@ index 3912f82..1696767 100644
>>> +test_jpake:
>>> @echo "Test JPAKE"
>>> ../util/shlib_wrap.sh ./$(JPAKETEST)
>>> +
>>> diff --git a/meta/recipes-connectivity/openssl/openssl/debian/c_rehash-compat.patch b/meta/recipes-connectivity/openssl/openssl/debian/c_rehash-compat.patch
>>> index ac1b19b..3943e2c 100644
>>> --- a/meta/recipes-connectivity/openssl/openssl/debian/c_rehash-compat.patch
>>> +++ b/meta/recipes-connectivity/openssl/openssl/debian/c_rehash-compat.patch
>>> @@ -1,38 +1,58 @@
>>> -Upstream-Status: Backport [debian]
>>> -
>>> From 83f318d68bbdab1ca898c94576a838cc97df4700 Mon Sep 17 00:00:00 2001
>>> From: Ludwig Nussel <ludwig.nussel@suse.de>
>>> Date: Wed, 21 Apr 2010 15:52:10 +0200
>>> Subject: [PATCH] also create old hash for compatibility
>>>
>>> +Upstream-Status: Backport [debian]
>>> +
>>> ---
>>> tools/c_rehash.in | 8 +++++++-
>>> 1 files changed, 7 insertions(+), 1 deletions(-)
>>>
>>> -Index: openssl-1.0.0d/tools/c_rehash.in
>>> +Index: openssl-1.0.2~beta3/tools/c_rehash.in
>>> ===================================================================
>>> ---- openssl-1.0.0d.orig/tools/c_rehash.in 2011-04-13 20:41:28.000000000 +0000
>>> -+++ openssl-1.0.0d/tools/c_rehash.in 2011-04-13 20:41:28.000000000 +0000
>>> -@@ -86,6 +86,7 @@
>>> - }
>>> +--- openssl-1.0.2~beta3.orig/tools/c_rehash.in
>>> ++++ openssl-1.0.2~beta3/tools/c_rehash.in
>>> +@@ -8,8 +8,6 @@ my $prefix;
>>> +
>>> + my $openssl = $ENV{OPENSSL} || "openssl";
>>> + my $pwd;
>>> +-my $x509hash = "-subject_hash";
>>> +-my $crlhash = "-hash";
>>> + my $verbose = 0;
>>> + my $symlink_exists=eval {symlink("",""); 1};
>>> + my $removelinks = 1;
>>> +@@ -18,10 +16,7 @@ my $removelinks = 1;
>>> + while ( $ARGV[0] =~ '-.*' ) {
>>> + my $flag = shift @ARGV;
>>> + last if ( $flag eq '--');
>>> +- if ( $flag =~ /-old/) {
>>> +- $x509hash = "-subject_hash_old";
>>> +- $crlhash = "-hash_old";
>>> +- } elsif ( $flag =~ /-h/) {
>>> ++ if ( $flag =~ /-h/) {
>>> + help();
>>> + } elsif ( $flag eq '-n' ) {
>>> + $removelinks = 0;
>>> +@@ -113,7 +108,9 @@ sub hash_dir {
>>> + next;
>>> }
>>> link_hash_cert($fname) if($cert);
>>> + link_hash_cert_old($fname) if($cert);
>>> link_hash_crl($fname) if($crl);
>>> ++ link_hash_crl_old($fname) if($crl);
>>> }
>>> }
>>> -@@ -119,8 +120,9 @@
>>> +
>>> +@@ -146,6 +143,7 @@ sub check_file {
>>>
>>> sub link_hash_cert {
>>> my $fname = $_[0];
>>> -+ my $hashopt = $_[1] || '-subject_hash';
>>> ++ my $x509hash = $_[1] || '-subject_hash';
>>> $fname =~ s/'/'\\''/g;
>>> -- my ($hash, $fprint) = `"$openssl" x509 -hash -fingerprint -noout -in "$fname"`;
>>> -+ my ($hash, $fprint) = `"$openssl" x509 $hashopt -fingerprint -noout -in "$fname"`;
>>> + my ($hash, $fprint) = `"$openssl" x509 $x509hash -fingerprint -noout -in "$fname"`;
>>> chomp $hash;
>>> - chomp $fprint;
>>> - $fprint =~ s/^.*=//;
>>> -@@ -150,6 +152,10 @@
>>> +@@ -177,10 +175,20 @@ sub link_hash_cert {
>>> $hashlist{$hash} = $fprint;
>>> }
>>>
>>> @@ -40,6 +60,16 @@ Index: openssl-1.0.0d/tools/c_rehash.in
>>> + link_hash_cert($_[0], '-subject_hash_old');
>>> +}
>>> +
>>> ++sub link_hash_crl_old {
>>> ++ link_hash_crl($_[0], '-hash_old');
>>> ++}
>>> ++
>>> ++
>>> # Same as above except for a CRL. CRL links are of the form <hash>.r<n>
>>>
>>> sub link_hash_crl {
>>> + my $fname = $_[0];
>>> ++ my $crlhash = $_[1] || "-hash";
>>> + $fname =~ s/'/'\\''/g;
>>> + my ($hash, $fprint) = `"$openssl" crl $crlhash -fingerprint -noout -in '$fname'`;
>>> + chomp $hash;
>>> diff --git a/meta/recipes-connectivity/openssl/openssl/debian/debian-targets.patch b/meta/recipes-connectivity/openssl/openssl/debian/debian-targets.patch
>>> index 8101edf..39d4328 100644
>>> --- a/meta/recipes-connectivity/openssl/openssl/debian/debian-targets.patch
>>> +++ b/meta/recipes-connectivity/openssl/openssl/debian/debian-targets.patch
>>> @@ -1,12 +1,12 @@
>>> Upstream-Status: Backport [debian]
>>>
>>> -Index: openssl-1.0.1/Configure
>>> +Index: openssl-1.0.2/Configure
>>> ===================================================================
>>> ---- openssl-1.0.1.orig/Configure 2012-03-17 15:37:54.000000000 +0000
>>> -+++ openssl-1.0.1/Configure 2012-03-17 16:13:49.000000000 +0000
>>> -@@ -105,6 +105,10 @@
>>> +--- openssl-1.0.2.orig/Configure
>>> ++++ openssl-1.0.2/Configure
>>> +@@ -107,6 +107,10 @@ my $gcc_devteam_warn = "-Wall -pedantic
>>>
>>> - my $gcc_devteam_warn = "-Wall -pedantic -DPEDANTIC -Wno-long-long -Wsign-compare -Wmissing-prototypes -Wshadow -Wformat -Werror -DCRYPTO_MDEBUG_ALL -DCRYPTO_MDEBUG_ABORT -DREF_CHECK -DOPENSSL_NO_DEPRECATED";
>>> + my $clang_disabled_warnings = "-Wno-language-extension-token -Wno-extended-offsetof -Wno-padded -Wno-shorten-64-to-32 -Wno-format-nonliteral -Wno-missing-noreturn -Wno-unused-parameter -Wno-sign-conversion -Wno-unreachable-code -Wno-conversion -Wno-documentation -Wno-missing-variable-declarations -Wno-cast-align -Wno-incompatible-pointer-types-discards-qualifiers -Wno-missing-variable-declarations -Wno-missing-field-initializers -Wno-unused-macros -Wno-disabled-macro-expansion -Wno-conditional-uninitialized -Wno-switch-enum";
>>>
>>> +# There are no separate CFLAGS/CPPFLAGS/LDFLAGS, set everything in CFLAGS
>>> +my $debian_cflags = `dpkg-buildflags --get CFLAGS` . `dpkg-buildflags --get CPPFLAGS` . `dpkg-buildflags --get LDFLAGS` . "-Wa,--noexecstack -Wall";
>>> @@ -15,7 +15,7 @@ Index: openssl-1.0.1/Configure
>>> my $strict_warnings = 0;
>>>
>>> my $x86_gcc_des="DES_PTR DES_RISC1 DES_UNROLL";
>>> -@@ -338,6 +342,48 @@
>>> +@@ -343,6 +347,55 @@ my %table=(
>>> "osf1-alpha-cc", "cc:-std1 -tune host -O4 -readonly_strings::(unknown):::SIXTY_FOUR_BIT_LONG RC4_CHUNK:${alpha_asm}:dlfcn:alpha-osf1-shared:::.so",
>>> "tru64-alpha-cc", "cc:-std1 -tune host -fast -readonly_strings::-pthread:::SIXTY_FOUR_BIT_LONG RC4_CHUNK:${alpha_asm}:dlfcn:alpha-osf1-shared::-msym:.so",
>>>
>>> @@ -23,9 +23,9 @@ Index: openssl-1.0.1/Configure
>>> +"debian-alpha","gcc:-DTERMIO ${debian_cflags}::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_RISC1 DES_UNROLL:${alpha_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
>>> +"debian-alpha-ev4","gcc:-DTERMIO ${debian_cflags} -mcpu=ev4::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_RISC1 DES_UNROLL:${alpha_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
>>> +"debian-alpha-ev5","gcc:-DTERMIO ${debian_cflags} -mcpu=ev5::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_RISC1 DES_UNROLL:${alpha_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
>>> -+"debian-armeb","gcc:-DB_ENDIAN -DTERMIO ${debian_cflags}::-D_REENTRANT::-ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_INT DES_UNROLL BF_PTR:${no_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
>>> -+"debian-armel","gcc:-DL_ENDIAN -DTERMIO ${debian_cflags}::-D_REENTRANT::-ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_INT DES_UNROLL BF_PTR:${no_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
>>> -+"debian-armhf","gcc:-DL_ENDIAN -DTERMIO ${debian_cflags}::-D_REENTRANT::-ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_INT DES_UNROLL BF_PTR:${no_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
>>> ++"debian-arm64","gcc:-DL_ENDIAN -DTERMIO ${debian_cflags}::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHAR RC4_CHUNK DES_INT DES_UNROLL BF_PTR:${no_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
>>> ++"debian-armel","gcc:-DL_ENDIAN -DTERMIO ${debian_cflags}::-D_REENTRANT::-ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_INT DES_UNROLL BF_PTR:${armv4_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
>>> ++"debian-armhf","gcc:-DL_ENDIAN -DTERMIO ${debian_cflags}::-D_REENTRANT::-ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_INT DES_UNROLL BF_PTR:${armv4_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
>>> +"debian-amd64", "gcc:-m64 -DL_ENDIAN -DTERMIO ${debian_cflags} -DMD32_REG_T=int::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_INT DES_UNROLL:${x86_64_asm}:elf:dlfcn:linux-shared:-fPIC:-m64:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR):::",
>>> +"debian-avr32", "gcc:-DB_ENDIAN -DTERMIO ${debian_cflags} -fomit-frame-pointer::-D_REENTRANT::-ldl:BN_LLONG_BF_PTR:${no_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
>>> +"debian-kfreebsd-amd64","gcc:-m64 -DL_ENDIAN -DTERMIOS ${debian_cflags} -DMD32_REG_T=int::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_INT DES_UNROLL:${x86_64_asm}:elf:dlfcn:linux-shared:-fPIC:-m64:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
>>> @@ -40,15 +40,21 @@ Index: openssl-1.0.1/Configure
>>> +"debian-m68k","gcc:-DB_ENDIAN -DTERMIO ${debian_cflags}::-D_REENTRANT::-ldl:BN_LLONG MD2_CHAR RC4_INDEX:${no_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
>>> +"debian-mips", "gcc:-DB_ENDIAN -DTERMIO ${debian_cflags}::-D_REENTRANT::-ldl:BN_LLONG RC2_CHAR RC4_INDEX DES_INT DES_UNROLL DES_RISC2:${no_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
>>> +"debian-mipsel", "gcc:-DL_ENDIAN -DTERMIO ${debian_cflags}::-D_REENTRANT::-ldl:BN_LLONG RC2_CHAR RC4_INDEX DES_INT DES_UNROLL DES_RISC2:${no_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
>>> ++"debian-mipsn32", "mips64-linux-gnuabin32-gcc:-DB_ENDIAN -DTERMIO ${debian_cflags}::-D_REENTRANT::-ldl:BN_LLONG RC2_CHAR RC4_INDEX DES_INT DES_UNROLL DES_RISC2:${no_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
>>> ++"debian-mipsn32el", "mips64el-linux-gnuabin32-gcc:-DL_ENDIAN -DTERMIO ${debian_cflags}::-D_REENTRANT::-ldl:BN_LLONG RC2_CHAR RC4_INDEX DES_INT DES_UNROLL DES_RISC2:${no_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
>>> ++"debian-mips64", "mips64-linux-gnuabi64-gcc:-DB_ENDIAN -DTERMIO ${debian_cflags}::-D_REENTRANT::-ldl:BN_LLONG RC2_CHAR RC4_INDEX DES_INT DES_UNROLL DES_RISC2:${no_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
>>> ++"debian-mips64el", "mips64el-linux-gnuabi64-gcc:-DL_ENDIAN -DTERMIO ${debian_cflags}::-D_REENTRANT::-ldl:BN_LLONG RC2_CHAR RC4_INDEX DES_INT DES_UNROLL DES_RISC2:${no_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
>>> +"debian-netbsd-i386", "gcc:-DL_ENDIAN -DTERMIOS ${debian_cflags} -m486::(unknown):::BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${no_asm}:dlfcn:bsd-gcc-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
>>> +"debian-netbsd-m68k", "gcc:-DB_ENDIAN -DTERMIOS ${debian_cflags}::(unknown):::BN_LLONG MD2_CHAR RC4_INDEX DES_UNROLL:${no_asm}:dlfcn:bsd-gcc-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
>>> +"debian-netbsd-sparc", "gcc:-DB_ENDIAN -DTERMIOS ${debian_cflags} -mv8::(unknown):::BN_LLONG MD2_CHAR RC4_INDEX DES_UNROLL:${no_asm}:dlfcn:bsd-gcc-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
>>> +"debian-openbsd-alpha","gcc:-DTERMIOS ${debian_cflags}::(unknown):::SIXTY_FOUR_BIT_LONG DES_INT DES_PTR DES_RISC2:${no_asm}:dlfcn:bsd-gcc-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
>>> +"debian-openbsd-i386", "gcc:-DL_ENDIAN -DTERMIOS ${debian_cflags} -m486::(unknown):::BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_asm}:a.out:dlfcn:bsd-gcc-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
>>> +"debian-openbsd-mips","gcc:-DL_ENDIAN ${debian_cflags}::(unknown)::BN_LLONG MD2_CHAR RC4_INDEX RC4_CHAR DES_UNROLL DES_RISC2 DES_PTR BF_PTR:${no_asm}:dlfcn:bsd-gcc-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
>>> ++"debian-or1k", "gcc:-DB_ENDIAN -DTERMIO ${debian_cflags}::-D_REENTRANT::-ldl:BN_LLONG DES_RISC1:${no_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
>>> +"debian-powerpc","gcc:-DB_ENDIAN -DTERMIO ${debian_cflags}::-D_REENTRANT::-ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_RISC1 DES_UNROLL:${ppc32_asm}:linux32:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
>>> +"debian-powerpcspe","gcc:-DB_ENDIAN -DTERMIO ${debian_cflags}::-D_REENTRANT::-ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_RISC1 DES_UNROLL:${ppc32_asm}:linux32:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
>>> +"debian-ppc64","gcc:-m64 -DB_ENDIAN -DTERMIO ${debian_cflags}::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHAR RC4_CHUNK DES_RISC1 DES_UNROLL:${ppc64_asm}:linux64:dlfcn:linux-shared:-fPIC:-m64:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
>>> ++"debian-ppc64el","gcc:-m64 -DL_ENDIAN -DTERMIO ${debian_cflags}::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHAR RC4_CHUNK DES_RISC1 DES_UNROLL:${ppc64_asm}:linux64le:dlfcn:linux-shared:-fPIC:-m64:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
>>> +"debian-s390","gcc:-DB_ENDIAN -DTERMIO ${debian_cflags}::-D_REENTRANT::-ldl:RC4_CHAR RC4_CHUNK DES_INT DES_UNROLL:${no_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
>>> +"debian-s390x","gcc:-DB_ENDIAN -DTERMIO ${debian_cflags}::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHAR RC4_CHUNK DES_INT DES_UNROLL:${no_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
>>> +"debian-sh3", "gcc:-DL_ENDIAN -DTERMIO ${debian_cflags}::-D_REENTRANT::-ldl:BN_LLONG:${no_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
>>> @@ -60,6 +66,7 @@ Index: openssl-1.0.1/Configure
>>> +"debian-sparc-v8","gcc:-DB_ENDIAN -DTERMIO ${debian_cflags} -mcpu=v8 -DBN_DIV2W::-D_REENTRANT::-ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_UNROLL BF_PTR:${sparcv8_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
>>> +"debian-sparc-v9","gcc:-DB_ENDIAN -DTERMIO ${debian_cflags} -mcpu=v9 -Wa,-Av8plus -DULTRASPARC -DBN_DIV2W::-D_REENTRANT::-ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_UNROLL BF_PTR:${sparcv9_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
>>> +"debian-sparc64","gcc:-m64 -DB_ENDIAN -DTERMIO ${debian_cflags} -DULTRASPARC -DBN_DIV2W::-D_REENTRANT::-ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_INT DES_PTR DES_RISC1 DES_UNROLL BF_PTR:${sparcv9_asm}:dlfcn:linux-shared:-fPIC:-m64:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
>>> ++"debian-x32","gcc:-mx32 -DL_ENDIAN -DTERMIO ${debian_cflags} -DMD32_REG_T=int::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT RC4_CHUNK DES_INT DES_UNROLL:${x86_64_asm}:elf:dlfcn:linux-shared:-fPIC:-mx32:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR):::x32",
>>> +
>>> ####
>>> #### Variety of LINUX:-)
>>> diff --git a/meta/recipes-connectivity/openssl/openssl/debian/version-script.patch b/meta/recipes-connectivity/openssl/openssl/debian/version-script.patch
>>> index ece8b9b..a249180 100644
>>> --- a/meta/recipes-connectivity/openssl/openssl/debian/version-script.patch
>>> +++ b/meta/recipes-connectivity/openssl/openssl/debian/version-script.patch
>>> @@ -1,10 +1,8 @@
>>> -Upstream-Status: Backport [debian]
>>> -
>>> -Index: openssl-1.0.1d/Configure
>>> +Index: openssl-1.0.2~beta1.obsolete.0.0498436515490575/Configure
>>> ===================================================================
>>> ---- openssl-1.0.1d.orig/Configure 2013-02-06 19:41:43.000000000 +0100
>>> -+++ openssl-1.0.1d/Configure 2013-02-06 19:41:43.000000000 +0100
>>> -@@ -1621,6 +1621,8 @@
>>> +--- openssl-1.0.2~beta1.obsolete.0.0498436515490575.orig/Configure 2014-02-24 21:02:30.000000000 +0100
>>> ++++ openssl-1.0.2~beta1.obsolete.0.0498436515490575/Configure 2014-02-24 21:02:30.000000000 +0100
>>> +@@ -1651,6 +1651,8 @@
>>> }
>>> }
>>>
>>> @@ -13,11 +11,11 @@ Index: openssl-1.0.1d/Configure
>>> open(IN,'<Makefile.org') || die "unable to read Makefile.org:$!\n";
>>> unlink("$Makefile.new") || die "unable to remove old $Makefile.new:$!\n" if -e "$Makefile.new";
>>> open(OUT,">$Makefile.new") || die "unable to create $Makefile.new:$!\n";
>>> -Index: openssl-1.0.1d/openssl.ld
>>> +Index: openssl-1.0.2~beta1.obsolete.0.0498436515490575/openssl.ld
>>> ===================================================================
>>> --- /dev/null 1970-01-01 00:00:00.000000000 +0000
>>> -+++ openssl-1.0.1d/openssl.ld 2013-02-06 19:44:25.000000000 +0100
>>> -@@ -0,0 +1,4620 @@
>>> ++++ openssl-1.0.2~beta1.obsolete.0.0498436515490575/openssl.ld 2014-02-24 22:19:08.601827266 +0100
>>> +@@ -0,0 +1,4615 @@
>>> +OPENSSL_1.0.0 {
>>> + global:
>>> + BIO_f_ssl;
>>> @@ -2229,20 +2227,16 @@ Index: openssl-1.0.1d/openssl.ld
>>> + ERR_load_COMP_strings;
>>> + PKCS12_item_decrypt_d2i;
>>> + ASN1_UTF8STRING_it;
>>> -+ ASN1_UTF8STRING_it;
>>> + ENGINE_unregister_ciphers;
>>> + ENGINE_get_ciphers;
>>> + d2i_OCSP_BASICRESP;
>>> + KRB5_CHECKSUM_it;
>>> -+ KRB5_CHECKSUM_it;
>>> + EC_POINT_add;
>>> + ASN1_item_ex_i2d;
>>> + OCSP_CERTID_it;
>>> -+ OCSP_CERTID_it;
>>> + d2i_OCSP_RESPBYTES;
>>> + X509V3_add1_i2d;
>>> + PKCS7_ENVELOPE_it;
>>> -+ PKCS7_ENVELOPE_it;
>>> + UI_add_input_boolean;
>>> + ENGINE_unregister_RSA;
>>> + X509V3_EXT_nconf;
>>> @@ -2254,19 +2248,15 @@ Index: openssl-1.0.1d/openssl.ld
>>> + ENGINE_register_all_RAND;
>>> + ENGINE_load_dynamic;
>>> + PBKDF2PARAM_it;
>>> -+ PBKDF2PARAM_it;
>>> + EXTENDED_KEY_USAGE_new;
>>> + EC_GROUP_clear_free;
>>> + OCSP_sendreq_bio;
>>> + ASN1_item_digest;
>>> + OCSP_BASICRESP_delete_ext;
>>> + OCSP_SIGNATURE_it;
>>> -+ OCSP_SIGNATURE_it;
>>> -+ X509_CRL_it;
>>> + X509_CRL_it;
>>> + OCSP_BASICRESP_add_ext;
>>> + KRB5_ENCKEY_it;
>>> -+ KRB5_ENCKEY_it;
>>> + UI_method_set_closer;
>>> + X509_STORE_set_purpose;
>>> + i2d_ASN1_GENERALSTRING;
>>> @@ -2277,7 +2267,6 @@ Index: openssl-1.0.1d/openssl.ld
>>> + OCSP_REQUEST_get_ext_by_OBJ;
>>> + _ossl_old_des_random_key;
>>> + ASN1_T61STRING_it;
>>> -+ ASN1_T61STRING_it;
>>> + EC_GROUP_method_of;
>>> + i2d_KRB5_APREQ;
>>> + _ossl_old_des_encrypt;
>>> @@ -2293,7 +2282,6 @@ Index: openssl-1.0.1d/openssl.ld
>>> + OCSP_SINGLERESP_get_ext_count;
>>> + UI_ctrl;
>>> + _shadow_DES_rw_mode;
>>> -+ _shadow_DES_rw_mode;
>>> + asn1_do_adb;
>>> + ASN1_template_i2d;
>>> + ENGINE_register_DH;
>>> @@ -2307,8 +2295,6 @@ Index: openssl-1.0.1d/openssl.ld
>>> + KRB5_ENCKEY_free;
>>> + OCSP_resp_get0;
>>> + GENERAL_NAME_it;
>>> -+ GENERAL_NAME_it;
>>> -+ ASN1_GENERALIZEDTIME_it;
>>> + ASN1_GENERALIZEDTIME_it;
>>> + X509_STORE_set_flags;
>>> + EC_POINT_set_compressed_coordinates_GFp;
>>> @@ -2330,21 +2316,18 @@ Index: openssl-1.0.1d/openssl.ld
>>> + EC_POINT_set_affine_coords_GFp;
>>> + _ossl_old_des_options;
>>> + SXNET_it;
>>> -+ SXNET_it;
>>> + UI_dup_input_boolean;
>>> + PKCS12_add_CSPName_asc;
>>> + EC_POINT_is_at_infinity;
>>> + ENGINE_load_cryptodev;
>>> + DSO_convert_filename;
>>> + POLICYQUALINFO_it;
>>> -+ POLICYQUALINFO_it;
>>> + ENGINE_register_ciphers;
>>> + BN_mod_lshift_quick;
>>> + DSO_set_filename;
>>> + ASN1_item_free;
>>> + KRB5_TKTBODY_free;
>>> + AUTHORITY_KEYID_it;
>>> -+ AUTHORITY_KEYID_it;
>>> + KRB5_APREQBODY_new;
>>> + X509V3_EXT_REQ_add_nconf;
>>> + ENGINE_ctrl_cmd_string;
>>> @@ -2352,19 +2335,15 @@ Index: openssl-1.0.1d/openssl.ld
>>> + EVP_MD_CTX_init;
>>> + EXTENDED_KEY_USAGE_free;
>>> + PKCS7_ATTR_SIGN_it;
>>> -+ PKCS7_ATTR_SIGN_it;
>>> + UI_add_error_string;
>>> + KRB5_CHECKSUM_free;
>>> + OCSP_REQUEST_get_ext;
>>> + ENGINE_load_ubsec;
>>> + ENGINE_register_all_digests;
>>> + PKEY_USAGE_PERIOD_it;
>>> -+ PKEY_USAGE_PERIOD_it;
>>> + PKCS12_unpack_authsafes;
>>> + ASN1_item_unpack;
>>> + NETSCAPE_SPKAC_it;
>>> -+ NETSCAPE_SPKAC_it;
>>> -+ X509_REVOKED_it;
>>> + X509_REVOKED_it;
>>> + ASN1_STRING_encode;
>>> + EVP_aes_128_ecb;
>>> @@ -2376,7 +2355,6 @@ Index: openssl-1.0.1d/openssl.ld
>>> + UI_dup_info_string;
>>> + _ossl_old_des_xwhite_in2out;
>>> + PKCS12_it;
>>> -+ PKCS12_it;
>>> + OCSP_SINGLERESP_get_ext_by_critical;
>>> + OCSP_SINGLERESP_get_ext_by_crit;
>>> + OCSP_CERTSTATUS_free;
>>> @@ -2395,10 +2373,8 @@ Index: openssl-1.0.1d/openssl.ld
>>> + ENGINE_unregister_DSA;
>>> + _ossl_old_des_key_sched;
>>> + X509_EXTENSION_it;
>>> -+ X509_EXTENSION_it;
>>> + i2d_KRB5_AUTHENT;
>>> + SXNETID_it;
>>> -+ SXNETID_it;
>>> + d2i_OCSP_SINGLERESP;
>>> + EDIPARTYNAME_new;
>>> + PKCS12_certbag2x509;
>>> @@ -2409,10 +2385,8 @@ Index: openssl-1.0.1d/openssl.ld
>>> + d2i_KRB5_APREQBODY;
>>> + UI_method_get_flusher;
>>> + X509_PUBKEY_it;
>>> -+ X509_PUBKEY_it;
>>> + _ossl_old_des_enc_read;
>>> + PKCS7_ENCRYPT_it;
>>> -+ PKCS7_ENCRYPT_it;
>>> + i2d_OCSP_RESPONSE;
>>> + EC_GROUP_get_cofactor;
>>> + PKCS12_unpack_p7data;
>>> @@ -2430,10 +2404,8 @@ Index: openssl-1.0.1d/openssl.ld
>>> + PKCS12_item_i2d_encrypt;
>>> + X509_add1_ext_i2d;
>>> + PKCS7_SIGNER_INFO_it;
>>> -+ PKCS7_SIGNER_INFO_it;
>>> + KRB5_PRINCNAME_new;
>>> + PKCS12_SAFEBAG_it;
>>> -+ PKCS12_SAFEBAG_it;
>>> + EC_GROUP_get_order;
>>> + d2i_OCSP_RESPID;
>>> + OCSP_request_verify;
>>> @@ -2448,42 +2420,32 @@ Index: openssl-1.0.1d/openssl.ld
>>> + EVP_MD_CTX_create;
>>> + OCSP_resp_find_status;
>>> + X509_ALGOR_it;
>>> -+ X509_ALGOR_it;
>>> -+ ASN1_TIME_it;
>>> + ASN1_TIME_it;
>>> + OCSP_request_set1_name;
>>> + OCSP_ONEREQ_get_ext_count;
>>> + UI_get0_result;
>>> + PKCS12_AUTHSAFES_it;
>>> -+ PKCS12_AUTHSAFES_it;
>>> + EVP_aes_256_ecb;
>>> + PKCS12_pack_authsafes;
>>> + ASN1_IA5STRING_it;
>>> -+ ASN1_IA5STRING_it;
>>> + UI_get_input_flags;
>>> + EC_GROUP_set_generator;
>>> + _ossl_old_des_string_to_2keys;
>>> + OCSP_CERTID_free;
>>> + X509_CERT_AUX_it;
>>> -+ X509_CERT_AUX_it;
>>> -+ CERTIFICATEPOLICIES_it;
>>> + CERTIFICATEPOLICIES_it;
>>> + _ossl_old_des_ede3_cbc_encrypt;
>>> + RAND_set_rand_engine;
>>> + DSO_get_loaded_filename;
>>> + X509_ATTRIBUTE_it;
>>> -+ X509_ATTRIBUTE_it;
>>> + OCSP_ONEREQ_get_ext_by_NID;
>>> + PKCS12_decrypt_skey;
>>> + KRB5_AUTHENT_it;
>>> -+ KRB5_AUTHENT_it;
>>> + UI_dup_error_string;
>>> + RSAPublicKey_it;
>>> -+ RSAPublicKey_it;
>>> + i2d_OCSP_REQUEST;
>>> + PKCS12_x509crl2certbag;
>>> + OCSP_SERVICELOC_it;
>>> -+ OCSP_SERVICELOC_it;
>>> + ASN1_item_sign;
>>> + X509_CRL_set_issuer_name;
>>> + OBJ_NAME_do_all_sorted;
>>> @@ -2494,30 +2456,23 @@ Index: openssl-1.0.1d/openssl.ld
>>> + ENGINE_get_digest;
>>> + OCSP_RESPONSE_print;
>>> + KRB5_TKTBODY_it;
>>> -+ KRB5_TKTBODY_it;
>>> + ACCESS_DESCRIPTION_it;
>>> -+ ACCESS_DESCRIPTION_it;
>>> -+ PKCS7_ISSUER_AND_SERIAL_it;
>>> + PKCS7_ISSUER_AND_SERIAL_it;
>>> + PBE2PARAM_it;
>>> -+ PBE2PARAM_it;
>>> + PKCS12_certbag2x509crl;
>>> + PKCS7_SIGNED_it;
>>> -+ PKCS7_SIGNED_it;
>>> + ENGINE_get_cipher;
>>> + i2d_OCSP_CRLID;
>>> + OCSP_SINGLERESP_new;
>>> + ENGINE_cmd_is_executable;
>>> + RSA_up_ref;
>>> + ASN1_GENERALSTRING_it;
>>> -+ ASN1_GENERALSTRING_it;
>>> + ENGINE_register_DSA;
>>> + X509V3_EXT_add_nconf_sk;
>>> + ENGINE_set_load_pubkey_function;
>>> + PKCS8_decrypt;
>>> + PEM_bytes_read_bio;
>>> + DIRECTORYSTRING_it;
>>> -+ DIRECTORYSTRING_it;
>>> + d2i_OCSP_CRLID;
>>> + EC_POINT_is_on_curve;
>>> + CRYPTO_set_locked_mem_ex_functions;
>>> @@ -2525,7 +2480,6 @@ Index: openssl-1.0.1d/openssl.ld
>>> + d2i_KRB5_CHECKSUM;
>>> + ASN1_item_dup;
>>> + X509_it;
>>> -+ X509_it;
>>> + BN_mod_add;
>>> + KRB5_AUTHDATA_free;
>>> + _ossl_old_des_cbc_cksum;
>>> @@ -2534,7 +2488,6 @@ Index: openssl-1.0.1d/openssl.ld
>>> + EC_POINT_get_Jprojective_coordinates_GFp;
>>> + EC_POINT_get_Jproj_coords_GFp;
>>> + ZLONG_it;
>>> -+ ZLONG_it;
>>> + CRYPTO_get_locked_mem_ex_functions;
>>> + CRYPTO_get_locked_mem_ex_funcs;
>>> + ASN1_TIME_check;
>>> @@ -2544,41 +2497,30 @@ Index: openssl-1.0.1d/openssl.ld
>>> + _ossl_old_des_ede3_cfb64_encrypt;
>>> + _ossl_odes_ede3_cfb64_encrypt;
>>> + ASN1_BMPSTRING_it;
>>> -+ ASN1_BMPSTRING_it;
>>> + ASN1_tag2bit;
>>> + UI_method_set_flusher;
>>> + X509_ocspid_print;
>>> + KRB5_ENCDATA_it;
>>> -+ KRB5_ENCDATA_it;
>>> + ENGINE_get_load_pubkey_function;
>>> + UI_add_user_data;
>>> + OCSP_REQUEST_delete_ext;
>>> + UI_get_method;
>>> + OCSP_ONEREQ_free;
>>> + ASN1_PRINTABLESTRING_it;
>>> -+ ASN1_PRINTABLESTRING_it;
>>> + X509_CRL_set_nextUpdate;
>>> + OCSP_REQUEST_it;
>>> -+ OCSP_REQUEST_it;
>>> -+ OCSP_BASICRESP_it;
>>> + OCSP_BASICRESP_it;
>>> + AES_ecb_encrypt;
>>> + BN_mod_sqr;
>>> + NETSCAPE_CERT_SEQUENCE_it;
>>> -+ NETSCAPE_CERT_SEQUENCE_it;
>>> -+ GENERAL_NAMES_it;
>>> + GENERAL_NAMES_it;
>>> + AUTHORITY_INFO_ACCESS_it;
>>> -+ AUTHORITY_INFO_ACCESS_it;
>>> -+ ASN1_FBOOLEAN_it;
>>> + ASN1_FBOOLEAN_it;
>>> + UI_set_ex_data;
>>> + _ossl_old_des_string_to_key;
>>> + ENGINE_register_all_RSA;
>>> + d2i_KRB5_PRINCNAME;
>>> + OCSP_RESPBYTES_it;
>>> -+ OCSP_RESPBYTES_it;
>>> -+ X509_CINF_it;
>>> + X509_CINF_it;
>>> + ENGINE_unregister_digests;
>>> + d2i_EDIPARTYNAME;
>>> @@ -2588,7 +2530,6 @@ Index: openssl-1.0.1d/openssl.ld
>>> + OCSP_RESPDATA_free;
>>> + d2i_KRB5_TICKET;
>>> + OTHERNAME_it;
>>> -+ OTHERNAME_it;
>>> + EVP_MD_CTX_cleanup;
>>> + d2i_ASN1_GENERALSTRING;
>>> + X509_CRL_set_version;
>>> @@ -2598,7 +2539,6 @@ Index: openssl-1.0.1d/openssl.ld
>>> + OCSP_REQUEST_free;
>>> + OCSP_REQUEST_add1_ext_i2d;
>>> + X509_VAL_it;
>>> -+ X509_VAL_it;
>>> + EC_POINTs_make_affine;
>>> + EC_POINT_mul;
>>> + X509V3_EXT_add_nconf;
>>> @@ -2606,7 +2546,6 @@ Index: openssl-1.0.1d/openssl.ld
>>> + X509_CRL_add1_ext_i2d;
>>> + _ossl_old_des_fcrypt;
>>> + DISPLAYTEXT_it;
>>> -+ DISPLAYTEXT_it;
>>> + X509_CRL_set_lastUpdate;
>>> + OCSP_BASICRESP_free;
>>> + OCSP_BASICRESP_add1_ext_i2d;
>>> @@ -2619,7 +2558,6 @@ Index: openssl-1.0.1d/openssl.ld
>>> + UI_get0_result_string;
>>> + ASN1_GENERALSTRING_new;
>>> + X509_SIG_it;
>>> -+ X509_SIG_it;
>>> + ERR_set_implementation;
>>> + ERR_load_EC_strings;
>>> + UI_get0_action_string;
>>> @@ -2634,35 +2572,27 @@ Index: openssl-1.0.1d/openssl.ld
>>> + OCSP_ONEREQ_get_ext_by_OBJ;
>>> + ASN1_primitive_new;
>>> + ASN1_PRINTABLE_it;
>>> -+ ASN1_PRINTABLE_it;
>>> + EVP_aes_192_ecb;
>>> + OCSP_SIGNATURE_new;
>>> + LONG_it;
>>> -+ LONG_it;
>>> -+ ASN1_VISIBLESTRING_it;
>>> + ASN1_VISIBLESTRING_it;
>>> + OCSP_SINGLERESP_add1_ext_i2d;
>>> + d2i_OCSP_CERTID;
>>> + ASN1_item_d2i_fp;
>>> + CRL_DIST_POINTS_it;
>>> -+ CRL_DIST_POINTS_it;
>>> + GENERAL_NAME_print;
>>> + OCSP_SINGLERESP_delete_ext;
>>> + PKCS12_SAFEBAGS_it;
>>> -+ PKCS12_SAFEBAGS_it;
>>> + d2i_OCSP_SIGNATURE;
>>> + OCSP_request_add1_nonce;
>>> + ENGINE_set_cmd_defns;
>>> + OCSP_SERVICELOC_free;
>>> + EC_GROUP_free;
>>> + ASN1_BIT_STRING_it;
>>> -+ ASN1_BIT_STRING_it;
>>> -+ X509_REQ_it;
>>> + X509_REQ_it;
>>> + _ossl_old_des_cbc_encrypt;
>>> + ERR_unload_strings;
>>> + PKCS7_SIGN_ENVELOPE_it;
>>> -+ PKCS7_SIGN_ENVELOPE_it;
>>> + EDIPARTYNAME_free;
>>> + OCSP_REQINFO_free;
>>> + EC_GROUP_new_curve_GFp;
>>> @@ -2687,7 +2617,6 @@ Index: openssl-1.0.1d/openssl.ld
>>> + OCSP_CRLID_free;
>>> + OCSP_BASICRESP_get1_ext_d2i;
>>> + RSAPrivateKey_it;
>>> -+ RSAPrivateKey_it;
>>> + ENGINE_register_all_DH;
>>> + i2d_EDIPARTYNAME;
>>> + EC_POINT_get_affine_coordinates_GFp;
>>> @@ -2695,10 +2624,8 @@ Index: openssl-1.0.1d/openssl.ld
>>> + OCSP_CRLID_new;
>>> + ENGINE_get_flags;
>>> + OCSP_ONEREQ_it;
>>> -+ OCSP_ONEREQ_it;
>>> + UI_process;
>>> + ASN1_INTEGER_it;
>>> -+ ASN1_INTEGER_it;
>>> + EVP_CipherInit_ex;
>>> + UI_get_string_type;
>>> + ENGINE_unregister_DH;
>>> @@ -2707,7 +2634,6 @@ Index: openssl-1.0.1d/openssl.ld
>>> + bn_dup_expand;
>>> + OCSP_cert_id_new;
>>> + BASIC_CONSTRAINTS_it;
>>> -+ BASIC_CONSTRAINTS_it;
>>> + BN_mod_add_quick;
>>> + EC_POINT_new;
>>> + EVP_MD_CTX_destroy;
>>> @@ -2717,7 +2643,6 @@ Index: openssl-1.0.1d/openssl.ld
>>> + EC_POINT_free;
>>> + DH_up_ref;
>>> + X509_NAME_ENTRY_it;
>>> -+ X509_NAME_ENTRY_it;
>>> + UI_get_ex_new_index;
>>> + BN_mod_sub_quick;
>>> + OCSP_ONEREQ_add_ext;
>>> @@ -2730,7 +2655,6 @@ Index: openssl-1.0.1d/openssl.ld
>>> + ENGINE_register_complete;
>>> + X509V3_EXT_nconf_nid;
>>> + ASN1_SEQUENCE_it;
>>> -+ ASN1_SEQUENCE_it;
>>> + UI_set_default_method;
>>> + RAND_query_egd_bytes;
>>> + UI_method_get_writer;
>>> @@ -2738,8 +2662,6 @@ Index: openssl-1.0.1d/openssl.ld
>>> + PEM_def_callback;
>>> + ENGINE_cleanup;
>>> + DIST_POINT_it;
>>> -+ DIST_POINT_it;
>>> -+ OCSP_SINGLERESP_it;
>>> + OCSP_SINGLERESP_it;
>>> + d2i_KRB5_TKTBODY;
>>> + EC_POINT_cmp;
>>> @@ -2758,24 +2680,20 @@ Index: openssl-1.0.1d/openssl.ld
>>> + OCSP_cert_to_id;
>>> + OCSP_RESPID_new;
>>> + OCSP_RESPDATA_it;
>>> -+ OCSP_RESPDATA_it;
>>> + d2i_OCSP_RESPDATA;
>>> + ENGINE_register_all_complete;
>>> + OCSP_check_validity;
>>> + PKCS12_BAGS_it;
>>> -+ PKCS12_BAGS_it;
>>> + OCSP_url_svcloc_new;
>>> + ASN1_template_free;
>>> + OCSP_SINGLERESP_add_ext;
>>> + KRB5_AUTHENTBODY_it;
>>> -+ KRB5_AUTHENTBODY_it;
>>> + X509_supported_extension;
>>> + i2d_KRB5_AUTHDATA;
>>> + UI_method_get_opener;
>>> + ENGINE_set_ex_data;
>>> + OCSP_REQUEST_print;
>>> + CBIGNUM_it;
>>> -+ CBIGNUM_it;
>>> + KRB5_TICKET_new;
>>> + KRB5_APREQ_new;
>>> + EC_GROUP_get_curve_GFp;
>>> @@ -2785,27 +2703,20 @@ Index: openssl-1.0.1d/openssl.ld
>>> + OCSP_single_get0_status;
>>> + BN_swap;
>>> + POLICYINFO_it;
>>> -+ POLICYINFO_it;
>>> + ENGINE_set_destroy_function;
>>> + asn1_enc_free;
>>> + OCSP_RESPID_it;
>>> -+ OCSP_RESPID_it;
>>> + EC_GROUP_new;
>>> + EVP_aes_256_cbc;
>>> + i2d_KRB5_PRINCNAME;
>>> + _ossl_old_des_encrypt2;
>>> + _ossl_old_des_encrypt3;
>>> + PKCS8_PRIV_KEY_INFO_it;
>>> -+ PKCS8_PRIV_KEY_INFO_it;
>>> -+ OCSP_REQINFO_it;
>>> + OCSP_REQINFO_it;
>>> + PBEPARAM_it;
>>> -+ PBEPARAM_it;
>>> + KRB5_AUTHENTBODY_new;
>>> + X509_CRL_add0_revoked;
>>> + EDIPARTYNAME_it;
>>> -+ EDIPARTYNAME_it;
>>> -+ NETSCAPE_SPKI_it;
>>> + NETSCAPE_SPKI_it;
>>> + UI_get0_test_string;
>>> + ENGINE_get_cipher_engine;
>>> @@ -2817,14 +2728,12 @@ Index: openssl-1.0.1d/openssl.ld
>>> + UI_method_get_reader;
>>> + OCSP_BASICRESP_get_ext_count;
>>> + ASN1_ENUMERATED_it;
>>> -+ ASN1_ENUMERATED_it;
>>> + UI_set_result;
>>> + i2d_KRB5_TICKET;
>>> + X509_print_ex_fp;
>>> + EVP_CIPHER_CTX_set_padding;
>>> + d2i_OCSP_RESPONSE;
>>> + ASN1_UTCTIME_it;
>>> -+ ASN1_UTCTIME_it;
>>> + _ossl_old_des_enc_write;
>>> + OCSP_RESPONSE_new;
>>> + AES_set_encrypt_key;
>>> @@ -2834,14 +2743,11 @@ Index: openssl-1.0.1d/openssl.ld
>>> + OCSP_onereq_get0_id;
>>> + ENGINE_set_default_ciphers;
>>> + NOTICEREF_it;
>>> -+ NOTICEREF_it;
>>> + X509V3_EXT_CRL_add_nconf;
>>> + OCSP_REVOKEDINFO_it;
>>> -+ OCSP_REVOKEDINFO_it;
>>> + AES_encrypt;
>>> + OCSP_REQUEST_new;
>>> + ASN1_ANY_it;
>>> -+ ASN1_ANY_it;
>>> + CRYPTO_ex_data_new_class;
>>> + _ossl_old_des_ncbc_encrypt;
>>> + i2d_KRB5_TKTBODY;
>>> @@ -2864,19 +2770,15 @@ Index: openssl-1.0.1d/openssl.ld
>>> + ENGINE_load_nuron;
>>> + _ossl_old_des_pcbc_encrypt;
>>> + PKCS12_MAC_DATA_it;
>>> -+ PKCS12_MAC_DATA_it;
>>> + OCSP_accept_responses_new;
>>> + asn1_do_lock;
>>> + PKCS7_ATTR_VERIFY_it;
>>> -+ PKCS7_ATTR_VERIFY_it;
>>> -+ KRB5_APREQBODY_it;
>>> + KRB5_APREQBODY_it;
>>> + i2d_OCSP_SINGLERESP;
>>> + ASN1_item_ex_new;
>>> + UI_add_verify_string;
>>> + _ossl_old_des_set_key;
>>> + KRB5_PRINCNAME_it;
>>> -+ KRB5_PRINCNAME_it;
>>> + EVP_DecryptInit_ex;
>>> + i2d_OCSP_CERTID;
>>> + ASN1_item_d2i_bio;
>>> @@ -2890,20 +2792,17 @@ Index: openssl-1.0.1d/openssl.ld
>>> + OCSP_BASICRESP_new;
>>> + OCSP_REQUEST_get_ext_by_NID;
>>> + KRB5_APREQ_it;
>>> -+ KRB5_APREQ_it;
>>> + ENGINE_get_destroy_function;
>>> + CONF_set_nconf;
>>> + ASN1_PRINTABLE_free;
>>> + OCSP_BASICRESP_get_ext_by_NID;
>>> + DIST_POINT_NAME_it;
>>> -+ DIST_POINT_NAME_it;
>>> + X509V3_extensions_print;
>>> + _ossl_old_des_cfb64_encrypt;
>>> + X509_REVOKED_add1_ext_i2d;
>>> + _ossl_old_des_ofb_encrypt;
>>> + KRB5_TKTBODY_new;
>>> + ASN1_OCTET_STRING_it;
>>> -+ ASN1_OCTET_STRING_it;
>>> + ERR_load_UI_strings;
>>> + i2d_KRB5_ENCKEY;
>>> + ASN1_template_new;
>>> @@ -2911,8 +2810,6 @@ Index: openssl-1.0.1d/openssl.ld
>>> + ASN1_item_i2d_fp;
>>> + KRB5_PRINCNAME_free;
>>> + PKCS7_RECIP_INFO_it;
>>> -+ PKCS7_RECIP_INFO_it;
>>> -+ EXTENDED_KEY_USAGE_it;
>>> + EXTENDED_KEY_USAGE_it;
>>> + EC_GFp_simple_method;
>>> + EC_GROUP_precompute_mult;
>>> @@ -2920,42 +2817,33 @@ Index: openssl-1.0.1d/openssl.ld
>>> + UI_method_set_writer;
>>> + KRB5_AUTHENT_new;
>>> + X509_CRL_INFO_it;
>>> -+ X509_CRL_INFO_it;
>>> + DSO_set_name_converter;
>>> + AES_set_decrypt_key;
>>> + PKCS7_DIGEST_it;
>>> -+ PKCS7_DIGEST_it;
>>> + PKCS12_x5092certbag;
>>> + EVP_DigestInit_ex;
>>> + i2a_ACCESS_DESCRIPTION;
>>> + OCSP_RESPONSE_it;
>>> -+ OCSP_RESPONSE_it;
>>> -+ PKCS7_ENC_CONTENT_it;
>>> + PKCS7_ENC_CONTENT_it;
>>> + OCSP_request_add0_id;
>>> + EC_POINT_make_affine;
>>> + DSO_get_filename;
>>> + OCSP_CERTSTATUS_it;
>>> -+ OCSP_CERTSTATUS_it;
>>> + OCSP_request_add1_cert;
>>> + UI_get0_output_string;
>>> + UI_dup_verify_string;
>>> + BN_mod_lshift;
>>> + KRB5_AUTHDATA_it;
>>> -+ KRB5_AUTHDATA_it;
>>> + asn1_set_choice_selector;
>>> + OCSP_basic_add1_status;
>>> + OCSP_RESPID_free;
>>> + asn1_get_field_ptr;
>>> + UI_add_input_string;
>>> + OCSP_CRLID_it;
>>> -+ OCSP_CRLID_it;
>>> + i2d_KRB5_AUTHENTBODY;
>>> + OCSP_REQUEST_get_ext_count;
>>> + ENGINE_load_atalla;
>>> + X509_NAME_it;
>>> -+ X509_NAME_it;
>>> -+ USERNOTICE_it;
>>> + USERNOTICE_it;
>>> + OCSP_REQINFO_new;
>>> + OCSP_BASICRESP_get_ext;
>>> @@ -2965,33 +2853,27 @@ Index: openssl-1.0.1d/openssl.ld
>>> + i2d_KRB5_ENCDATA;
>>> + X509_PURPOSE_set;
>>> + X509_REQ_INFO_it;
>>> -+ X509_REQ_INFO_it;
>>> + UI_method_set_opener;
>>> + ASN1_item_ex_free;
>>> + ASN1_BOOLEAN_it;
>>> -+ ASN1_BOOLEAN_it;
>>> + ENGINE_get_table_flags;
>>> + UI_create_method;
>>> + OCSP_ONEREQ_add1_ext_i2d;
>>> + _shadow_DES_check_key;
>>> -+ _shadow_DES_check_key;
>>> + d2i_OCSP_REQINFO;
>>> + UI_add_info_string;
>>> + UI_get_result_minsize;
>>> + ASN1_NULL_it;
>>> -+ ASN1_NULL_it;
>>> + BN_mod_lshift1;
>>> + d2i_OCSP_ONEREQ;
>>> + OCSP_ONEREQ_new;
>>> + KRB5_TICKET_it;
>>> -+ KRB5_TICKET_it;
>>> + EVP_aes_192_cbc;
>>> + KRB5_TICKET_free;
>>> + UI_new;
>>> + OCSP_response_create;
>>> + _ossl_old_des_xcbc_encrypt;
>>> + PKCS7_it;
>>> -+ PKCS7_it;
>>> + OCSP_REQUEST_get_ext_by_critical;
>>> + OCSP_REQUEST_get_ext_by_crit;
>>> + ENGINE_set_flags;
>>> @@ -3000,11 +2882,9 @@ Index: openssl-1.0.1d/openssl.ld
>>> + EVP_Digest;
>>> + OCSP_ONEREQ_delete_ext;
>>> + ASN1_TBOOLEAN_it;
>>> -+ ASN1_TBOOLEAN_it;
>>> + ASN1_item_new;
>>> + ASN1_TIME_to_generalizedtime;
>>> + BIGNUM_it;
>>> -+ BIGNUM_it;
>>> + AES_cbc_encrypt;
>>> + ENGINE_get_load_privkey_function;
>>> + ENGINE_get_load_privkey_fn;
>>> @@ -3016,7 +2896,6 @@ Index: openssl-1.0.1d/openssl.ld
>>> + EC_POINT_point2oct;
>>> + KRB5_APREQ_free;
>>> + ASN1_OBJECT_it;
>>> -+ ASN1_OBJECT_it;
>>> + OCSP_crlID_new;
>>> + OCSP_crlID2_new;
>>> + CONF_modules_load_file;
>>> @@ -3074,7 +2953,6 @@ Index: openssl-1.0.1d/openssl.ld
>>> + i2d_ASN1_UNIVERSALSTRING;
>>> + ASN1_UNIVERSALSTRING_free;
>>> + ASN1_UNIVERSALSTRING_it;
>>> -+ ASN1_UNIVERSALSTRING_it;
>>> + d2i_ASN1_UNIVERSALSTRING;
>>> + EVP_des_ede3_ecb;
>>> + X509_REQ_print_ex;
>>> @@ -3130,14 +3008,12 @@ Index: openssl-1.0.1d/openssl.ld
>>> + HMAC_CTX_set_flags;
>>> + d2i_PROXY_CERT_INFO_EXTENSION;
>>> + PROXY_POLICY_it;
>>> -+ PROXY_POLICY_it;
>>> + i2d_PROXY_POLICY;
>>> + i2d_PROXY_CERT_INFO_EXTENSION;
>>> + d2i_PROXY_POLICY;
>>> + PROXY_CERT_INFO_EXTENSION_new;
>>> + PROXY_CERT_INFO_EXTENSION_free;
>>> + PROXY_CERT_INFO_EXTENSION_it;
>>> -+ PROXY_CERT_INFO_EXTENSION_it;
>>> + PROXY_POLICY_free;
>>> + PROXY_POLICY_new;
>>> + BN_MONT_CTX_set_locked;
>>> @@ -3174,7 +3050,6 @@ Index: openssl-1.0.1d/openssl.ld
>>> + BN_BLINDING_get_thread_id;
>>> + X509_STORE_CTX_set0_param;
>>> + POLICY_MAPPING_it;
>>> -+ POLICY_MAPPING_it;
>>> + STORE_parse_attrs_start;
>>> + POLICY_CONSTRAINTS_free;
>>> + EVP_PKEY_add1_attr_by_NID;
>>> @@ -3183,7 +3058,6 @@ Index: openssl-1.0.1d/openssl.ld
>>> + STORE_set_method;
>>> + GENERAL_SUBTREE_free;
>>> + NAME_CONSTRAINTS_it;
>>> -+ NAME_CONSTRAINTS_it;
>>> + ECDH_get_default_method;
>>> + PKCS12_add_safe;
>>> + EC_KEY_new_by_curve_name;
>>> @@ -3226,7 +3100,6 @@ Index: openssl-1.0.1d/openssl.ld
>>> + ENGINE_get_default_ECDH;
>>> + EC_KEY_get_conv_form;
>>> + ASN1_OCTET_STRING_NDEF_it;
>>> -+ ASN1_OCTET_STRING_NDEF_it;
>>> + STORE_delete_public_key;
>>> + STORE_get_public_key;
>>> + STORE_modify_arbitrary;
>>> @@ -3383,7 +3256,6 @@ Index: openssl-1.0.1d/openssl.ld
>>> + ENGINE_load_padlock;
>>> + EC_GROUP_set_curve_name;
>>> + X509_CERT_PAIR_it;
>>> -+ X509_CERT_PAIR_it;
>>> + STORE_meth_get_revoke_fn;
>>> + STORE_method_get_revoke_function;
>>> + STORE_method_set_get_function;
>>> @@ -3510,7 +3382,6 @@ Index: openssl-1.0.1d/openssl.ld
>>> + pqueue_pop;
>>> + STORE_ATTR_INFO_get0_cstr;
>>> + POLICY_CONSTRAINTS_it;
>>> -+ POLICY_CONSTRAINTS_it;
>>> + STORE_get_ex_new_index;
>>> + EVP_PKEY_get_attr_by_OBJ;
>>> + X509_VERIFY_PARAM_add0_policy;
>>> @@ -3558,8 +3429,6 @@ Index: openssl-1.0.1d/openssl.ld
>>> + STORE_modify_crl;
>>> + STORE_list_private_key_start;
>>> + POLICY_MAPPINGS_it;
>>> -+ POLICY_MAPPINGS_it;
>>> -+ GENERAL_SUBTREE_it;
>>> + GENERAL_SUBTREE_it;
>>> + EC_GROUP_get_curve_name;
>>> + PEM_write_X509_CERT_PAIR;
>>> @@ -3692,15 +3561,12 @@ Index: openssl-1.0.1d/openssl.ld
>>> + BIO_set_callback_arg;
>>> + v3_addr_add_prefix;
>>> + IPAddressOrRange_it;
>>> -+ IPAddressOrRange_it;
>>> + BIO_set_flags;
>>> + ASIdentifiers_it;
>>> -+ ASIdentifiers_it;
>>> + v3_addr_get_range;
>>> + BIO_method_type;
>>> + v3_addr_inherits;
>>> + IPAddressChoice_it;
>>> -+ IPAddressChoice_it;
>>> + AES_ige_encrypt;
>>> + v3_addr_add_range;
>>> + EVP_CIPHER_CTX_nid;
>>> @@ -3721,7 +3587,6 @@ Index: openssl-1.0.1d/openssl.ld
>>> + BIO_clear_flags;
>>> + i2d_ASRange;
>>> + IPAddressRange_it;
>>> -+ IPAddressRange_it;
>>> + IPAddressChoice_new;
>>> + ASIdentifierChoice_new;
>>> + ASRange_free;
>>> @@ -3742,7 +3607,6 @@ Index: openssl-1.0.1d/openssl.ld
>>> + BIO_test_flags;
>>> + i2d_ASIdentifierChoice;
>>> + ASRange_it;
>>> -+ ASRange_it;
>>> + d2i_ASIdentifiers;
>>> + ASRange_new;
>>> + d2i_IPAddressChoice;
>>> @@ -3751,7 +3615,6 @@ Index: openssl-1.0.1d/openssl.ld
>>> + EVP_Cipher;
>>> + i2d_IPAddressOrRange;
>>> + ASIdOrRange_it;
>>> -+ ASIdOrRange_it;
>>> + EVP_CIPHER_nid;
>>> + i2d_IPAddressChoice;
>>> + EVP_CIPHER_CTX_block_size;
>>> @@ -3762,7 +3625,6 @@ Index: openssl-1.0.1d/openssl.ld
>>> + v3_addr_is_canonical;
>>> + i2d_IPAddressRange;
>>> + IPAddressFamily_it;
>>> -+ IPAddressFamily_it;
>>> + v3_asid_inherits;
>>> + EVP_CIPHER_CTX_cipher;
>>> + EVP_CIPHER_CTX_get_app_data;
>>> @@ -3772,7 +3634,6 @@ Index: openssl-1.0.1d/openssl.ld
>>> + d2i_IPAddressOrRange;
>>> + v3_addr_canonize;
>>> + ASIdentifierChoice_it;
>>> -+ ASIdentifierChoice_it;
>>> + EVP_MD_CTX_md;
>>> + d2i_ASIdentifierChoice;
>>> + BIO_method_name;
>>> @@ -3795,7 +3656,6 @@ Index: openssl-1.0.1d/openssl.ld
>>> + SEED_set_key;
>>> + EVP_seed_cfb128;
>>> + X509_EXTENSIONS_it;
>>> -+ X509_EXTENSIONS_it;
>>> + X509_get1_ocsp;
>>> + OCSP_REQ_CTX_free;
>>> + i2d_X509_EXTENSIONS;
>>> @@ -3803,7 +3663,6 @@ Index: openssl-1.0.1d/openssl.ld
>>> + OCSP_sendreq_new;
>>> + d2i_X509_EXTENSIONS;
>>> + X509_ALGORS_it;
>>> -+ X509_ALGORS_it;
>>> + X509_ALGOR_get0;
>>> + X509_ALGOR_set0;
>>> + AES_unwrap_key;
>>> @@ -3848,7 +3707,6 @@ Index: openssl-1.0.1d/openssl.ld
>>> + CMS_SignerInfo_verify;
>>> + CMS_data;
>>> + CMS_ContentInfo_it;
>>> -+ CMS_ContentInfo_it;
>>> + d2i_CMS_ReceiptRequest;
>>> + CMS_compress;
>>> + CMS_digest_create;
>>> @@ -3893,7 +3751,6 @@ Index: openssl-1.0.1d/openssl.ld
>>> + CMS_RecipientInfo_kekri_get0_id;
>>> + CMS_verify_receipt;
>>> + CMS_ReceiptRequest_it;
>>> -+ CMS_ReceiptRequest_it;
>>> + PEM_read_bio_CMS;
>>> + CMS_get1_crls;
>>> + CMS_add0_recipient_key;
>>> @@ -4032,7 +3889,6 @@ Index: openssl-1.0.1d/openssl.ld
>>> + TS_REQ_dup;
>>> + GENERAL_NAME_dup;
>>> + ASN1_SEQUENCE_ANY_it;
>>> -+ ASN1_SEQUENCE_ANY_it;
>>> + WHIRLPOOL;
>>> + X509_STORE_get1_crls;
>>> + ENGINE_get_pkey_asn1_meth;
>>> @@ -4103,7 +3959,6 @@ Index: openssl-1.0.1d/openssl.ld
>>> + DIST_POINT_set_dpname;
>>> + i2d_ISSUING_DIST_POINT;
>>> + ASN1_SET_ANY_it;
>>> -+ ASN1_SET_ANY_it;
>>> + EVP_PKEY_CTX_get_data;
>>> + TS_STATUS_INFO_print_bio;
>>> + EVP_PKEY_derive_init;
>>> @@ -4263,7 +4118,6 @@ Index: openssl-1.0.1d/openssl.ld
>>> + EVP_DigestSignFinal;
>>> + TS_RESP_CTX_set_def_policy;
>>> + NETSCAPE_X509_it;
>>> -+ NETSCAPE_X509_it;
>>> + TS_RESP_create_response;
>>> + PKCS7_SIGNER_INFO_get0_algs;
>>> + TS_TST_INFO_get_nonce;
>>> @@ -4322,7 +4176,6 @@ Index: openssl-1.0.1d/openssl.ld
>>> + EVP_CIPHER_do_all_sorted;
>>> + EVP_PKEY_CTX_free;
>>> + ISSUING_DIST_POINT_it;
>>> -+ ISSUING_DIST_POINT_it;
>>> + d2i_TS_MSG_IMPRINT_fp;
>>> + X509_STORE_get1_certs;
>>> + EVP_PKEY_CTX_get_operation;
>>> @@ -4615,7 +4468,6 @@ Index: openssl-1.0.1d/openssl.ld
>>> + X509_signature_dump;
>>> + d2i_RSA_PSS_PARAMS;
>>> + RSA_PSS_PARAMS_it;
>>> -+ RSA_PSS_PARAMS_it;
>>> + RSA_PSS_PARAMS_free;
>>> + X509_sign_ctx;
>>> + i2d_RSA_PSS_PARAMS;
>>> @@ -4638,10 +4490,151 @@ Index: openssl-1.0.1d/openssl.ld
>>> + CRYPTO_memcmp;
>>> +} OPENSSL_1.0.1;
>>> +
>>> -Index: openssl-1.0.1d/engines/openssl.ld
>>> ++OPENSSL_1.0.2 {
>>> ++ global:
>>> ++ SSL_CTX_set_alpn_protos;
>>> ++ SSL_set_alpn_protos;
>>> ++ SSL_CTX_set_alpn_select_cb;
>>> ++ SSL_get0_alpn_selected;
>>> ++ SSL_CTX_set_custom_cli_ext;
>>> ++ SSL_CTX_set_custom_srv_ext;
>>> ++ SSL_CTX_set_srv_supp_data;
>>> ++ SSL_CTX_set_cli_supp_data;
>>> ++ SSL_set_cert_cb;
>>> ++ SSL_CTX_use_serverinfo;
>>> ++ SSL_CTX_use_serverinfo_file;
>>> ++ SSL_CTX_set_cert_cb;
>>> ++ SSL_CTX_get0_param;
>>> ++ SSL_get0_param;
>>> ++ SSL_certs_clear;
>>> ++ DTLSv1_2_method;
>>> ++ DTLSv1_2_server_method;
>>> ++ DTLSv1_2_client_method;
>>> ++ DTLS_method;
>>> ++ DTLS_server_method;
>>> ++ DTLS_client_method;
>>> ++ SSL_CTX_get_ssl_method;
>>> ++ SSL_CTX_get0_certificate;
>>> ++ SSL_CTX_get0_privatekey;
>>> ++ SSL_COMP_set0_compression_methods;
>>> ++ SSL_COMP_free_compression_methods;
>>> ++ SSL_CIPHER_find;
>>> ++ SSL_is_server;
>>> ++ SSL_CONF_CTX_new;
>>> ++ SSL_CONF_CTX_finish;
>>> ++ SSL_CONF_CTX_free;
>>> ++ SSL_CONF_CTX_set_flags;
>>> ++ SSL_CONF_CTX_clear_flags;
>>> ++ SSL_CONF_CTX_set1_prefix;
>>> ++ SSL_CONF_CTX_set_ssl;
>>> ++ SSL_CONF_CTX_set_ssl_ctx;
>>> ++ SSL_CONF_cmd;
>>> ++ SSL_CONF_cmd_argv;
>>> ++ SSL_CONF_cmd_value_type;
>>> ++ SSL_trace;
>>> ++ SSL_CIPHER_standard_name;
>>> ++ SSL_get_tlsa_record_byname;
>>> ++ ASN1_TIME_diff;
>>> ++ BIO_hex_string;
>>> ++ CMS_RecipientInfo_get0_pkey_ctx;
>>> ++ CMS_RecipientInfo_encrypt;
>>> ++ CMS_SignerInfo_get0_pkey_ctx;
>>> ++ CMS_SignerInfo_get0_md_ctx;
>>> ++ CMS_SignerInfo_get0_signature;
>>> ++ CMS_RecipientInfo_kari_get0_alg;
>>> ++ CMS_RecipientInfo_kari_get0_reks;
>>> ++ CMS_RecipientInfo_kari_get0_orig_id;
>>> ++ CMS_RecipientInfo_kari_orig_id_cmp;
>>> ++ CMS_RecipientEncryptedKey_get0_id;
>>> ++ CMS_RecipientEncryptedKey_cert_cmp;
>>> ++ CMS_RecipientInfo_kari_set0_pkey;
>>> ++ CMS_RecipientInfo_kari_get0_ctx;
>>> ++ CMS_RecipientInfo_kari_decrypt;
>>> ++ CMS_SharedInfo_encode;
>>> ++ DH_compute_key_padded;
>>> ++ d2i_DHxparams;
>>> ++ i2d_DHxparams;
>>> ++ DH_get_1024_160;
>>> ++ DH_get_2048_224;
>>> ++ DH_get_2048_256;
>>> ++ DH_KDF_X9_42;
>>> ++ ECDH_KDF_X9_62;
>>> ++ ECDSA_METHOD_new;
>>> ++ ECDSA_METHOD_free;
>>> ++ ECDSA_METHOD_set_app_data;
>>> ++ ECDSA_METHOD_get_app_data;
>>> ++ ECDSA_METHOD_set_sign;
>>> ++ ECDSA_METHOD_set_sign_setup;
>>> ++ ECDSA_METHOD_set_verify;
>>> ++ ECDSA_METHOD_set_flags;
>>> ++ ECDSA_METHOD_set_name;
>>> ++ EVP_des_ede3_wrap;
>>> ++ EVP_aes_128_wrap;
>>> ++ EVP_aes_192_wrap;
>>> ++ EVP_aes_256_wrap;
>>> ++ EVP_aes_128_cbc_hmac_sha256;
>>> ++ EVP_aes_256_cbc_hmac_sha256;
>>> ++ CRYPTO_128_wrap;
>>> ++ CRYPTO_128_unwrap;
>>> ++ OCSP_REQ_CTX_nbio;
>>> ++ OCSP_REQ_CTX_new;
>>> ++ OCSP_set_max_response_length;
>>> ++ OCSP_REQ_CTX_i2d;
>>> ++ OCSP_REQ_CTX_nbio_d2i;
>>> ++ OCSP_REQ_CTX_get0_mem_bio;
>>> ++ OCSP_REQ_CTX_http;
>>> ++ RSA_padding_add_PKCS1_OAEP_mgf1;
>>> ++ RSA_padding_check_PKCS1_OAEP_mgf1;
>>> ++ RSA_OAEP_PARAMS_free;
>>> ++ RSA_OAEP_PARAMS_it;
>>> ++ RSA_OAEP_PARAMS_new;
>>> ++ SSL_get_sigalgs;
>>> ++ SSL_get_shared_sigalgs;
>>> ++ SSL_check_chain;
>>> ++ X509_chain_up_ref;
>>> ++ X509_http_nbio;
>>> ++ X509_CRL_http_nbio;
>>> ++ X509_REVOKED_dup;
>>> ++ i2d_re_X509_tbs;
>>> ++ X509_get0_signature;
>>> ++ X509_get_signature_nid;
>>> ++ X509_CRL_diff;
>>> ++ X509_chain_check_suiteb;
>>> ++ X509_CRL_check_suiteb;
>>> ++ X509_check_host;
>>> ++ X509_check_email;
>>> ++ X509_check_ip;
>>> ++ X509_check_ip_asc;
>>> ++ X509_STORE_set_lookup_crls_cb;
>>> ++ X509_STORE_CTX_get0_store;
>>> ++ X509_VERIFY_PARAM_set1_host;
>>> ++ X509_VERIFY_PARAM_add1_host;
>>> ++ X509_VERIFY_PARAM_set_hostflags;
>>> ++ X509_VERIFY_PARAM_get0_peername;
>>> ++ X509_VERIFY_PARAM_set1_email;
>>> ++ X509_VERIFY_PARAM_set1_ip;
>>> ++ X509_VERIFY_PARAM_set1_ip_asc;
>>> ++ X509_VERIFY_PARAM_get0_name;
>>> ++ X509_VERIFY_PARAM_get_count;
>>> ++ X509_VERIFY_PARAM_get0;
>>> ++ X509V3_EXT_free;
>>> ++ EC_GROUP_get_mont_data;
>>> ++ EC_curve_nid2nist;
>>> ++ EC_curve_nist2nid;
>>> ++ PEM_write_bio_DHxparams;
>>> ++ PEM_write_DHxparams;
>>> ++ SSL_CTX_add_client_custom_ext;
>>> ++ SSL_CTX_add_server_custom_ext;
>>> ++ SSL_extension_supported;
>>> ++ BUF_strnlen;
>>> ++ sk_deep_copy;
>>> ++ SSL_test_functions;
>>> ++} OPENSSL_1.0.1d;
>>> ++
>>> +Index: openssl-1.0.2~beta1.obsolete.0.0498436515490575/engines/openssl.ld
>>> ===================================================================
>>> --- /dev/null 1970-01-01 00:00:00.000000000 +0000
>>> -+++ openssl-1.0.1d/engines/openssl.ld 2013-02-06 19:41:43.000000000 +0100
>>> ++++ openssl-1.0.2~beta1.obsolete.0.0498436515490575/engines/openssl.ld 2014-02-24 21:02:30.000000000 +0100
>>> @@ -0,0 +1,10 @@
>>> +OPENSSL_1.0.0 {
>>> + global:
>>> @@ -4653,10 +4646,10 @@ Index: openssl-1.0.1d/engines/openssl.ld
>>> + *;
>>> +};
>>> +
>>> -Index: openssl-1.0.1d/engines/ccgost/openssl.ld
>>> +Index: openssl-1.0.2~beta1.obsolete.0.0498436515490575/engines/ccgost/openssl.ld
>>> ===================================================================
>>> --- /dev/null 1970-01-01 00:00:00.000000000 +0000
>>> -+++ openssl-1.0.1d/engines/ccgost/openssl.ld 2013-02-06 19:41:43.000000000 +0100
>>> ++++ openssl-1.0.2~beta1.obsolete.0.0498436515490575/engines/ccgost/openssl.ld 2014-02-24 21:02:30.000000000 +0100
>>> @@ -0,0 +1,10 @@
>>> +OPENSSL_1.0.0 {
>>> + global:
>>> diff --git a/meta/recipes-connectivity/openssl/openssl/debian1.0.2/block_digicert_malaysia.patch b/meta/recipes-connectivity/openssl/openssl/debian1.0.2/block_digicert_malaysia.patch
>>> new file mode 100644
>>> index 0000000..c43bcd1
>>> --- /dev/null
>>> +++ b/meta/recipes-connectivity/openssl/openssl/debian1.0.2/block_digicert_malaysia.patch
>>> @@ -0,0 +1,29 @@
>>> +From: Raphael Geissert <geissert@debian.org>
>>> +Description: make X509_verify_cert indicate that any certificate whose
>>> + name contains "Digicert Sdn. Bhd." (from Malaysia) is revoked.
>>> +Forwarded: not-needed
>>> +Origin: vendor
>>> +Last-Update: 2011-11-05
>>> +
>>> +Upstream-Status: Backport [debian]
>>> +
>>> +
>>> +Index: openssl-1.0.2~beta1/crypto/x509/x509_vfy.c
>>> +===================================================================
>>> +--- openssl-1.0.2~beta1.orig/crypto/x509/x509_vfy.c 2014-02-25 00:16:12.488028844 +0100
>>> ++++ openssl-1.0.2~beta1/crypto/x509/x509_vfy.c 2014-02-25 00:16:12.484028929 +0100
>>> +@@ -964,10 +964,11 @@
>>> + for (i = sk_X509_num(ctx->chain) - 1; i >= 0; i--)
>>> + {
>>> + x = sk_X509_value(ctx->chain, i);
>>> +- /* Mark DigiNotar certificates as revoked, no matter
>>> +- * where in the chain they are.
>>> ++ /* Mark certificates containing the following names as
>>> ++ * revoked, no matter where in the chain they are.
>>> + */
>>> +- if (x->name && strstr(x->name, "DigiNotar"))
>>> ++ if (x->name && (strstr(x->name, "DigiNotar") ||
>>> ++ strstr(x->name, "Digicert Sdn. Bhd.")))
>>> + {
>>> + ctx->error = X509_V_ERR_CERT_REVOKED;
>>> + ctx->error_depth = i;
>>> diff --git a/meta/recipes-connectivity/openssl/openssl/debian1.0.2/block_diginotar.patch b/meta/recipes-connectivity/openssl/openssl/debian1.0.2/block_diginotar.patch
>>> new file mode 100644
>>> index 0000000..0c1a0b6
>>> --- /dev/null
>>> +++ b/meta/recipes-connectivity/openssl/openssl/debian1.0.2/block_diginotar.patch
>>> @@ -0,0 +1,67 @@
>>> +From: Raphael Geissert <geissert@debian.org>
>>> +Description: make X509_verify_cert indicate that any certificate whose
>>> + name contains "DigiNotar" is revoked.
>>> +Forwarded: not-needed
>>> +Origin: vendor
>>> +Last-Update: 2011-09-08
>>> +Bug: http://bugs.debian.org/639744
>>> +Reviewed-by: Kurt Roeckx <kurt@roeckx.be>
>>> +Reviewed-by: Dr Stephen N Henson <shenson@drh-consultancy.co.uk>
>>> +
>>> +This is not meant as final patch.
>>> +
>>> +Upstream-Status: Backport [debian]
>>> +
>>> +
>>> +Index: openssl-1.0.2/crypto/x509/x509_vfy.c
>>> +===================================================================
>>> +--- openssl-1.0.2.orig/crypto/x509/x509_vfy.c
>>> ++++ openssl-1.0.2/crypto/x509/x509_vfy.c
>>> +@@ -119,6 +119,7 @@ static int check_trust(X509_STORE_CTX *c
>>> + static int check_revocation(X509_STORE_CTX *ctx);
>>> + static int check_cert(X509_STORE_CTX *ctx);
>>> + static int check_policy(X509_STORE_CTX *ctx);
>>> ++static int check_ca_blacklist(X509_STORE_CTX *ctx);
>>> +
>>> + static int get_crl_score(X509_STORE_CTX *ctx, X509 **pissuer,
>>> + unsigned int *preasons, X509_CRL *crl, X509 *x);
>>> +@@ -438,6 +439,9 @@ int X509_verify_cert(X509_STORE_CTX *ctx
>>> + if (!ok)
>>> + goto end;
>>> +
>>> ++ ok = check_ca_blacklist(ctx);
>>> ++ if(!ok) goto end;
>>> ++
>>> + #ifndef OPENSSL_NO_RFC3779
>>> + /* RFC 3779 path validation, now that CRL check has been done */
>>> + ok = v3_asid_validate_path(ctx);
>>> +@@ -938,6 +942,29 @@ static int check_crl_time(X509_STORE_CTX
>>> + return 1;
>>> + }
>>> +
>>> ++static int check_ca_blacklist(X509_STORE_CTX *ctx)
>>> ++ {
>>> ++ X509 *x;
>>> ++ int i;
>>> ++ /* Check all certificates against the blacklist */
>>> ++ for (i = sk_X509_num(ctx->chain) - 1; i >= 0; i--)
>>> ++ {
>>> ++ x = sk_X509_value(ctx->chain, i);
>>> ++ /* Mark DigiNotar certificates as revoked, no matter
>>> ++ * where in the chain they are.
>>> ++ */
>>> ++ if (x->name && strstr(x->name, "DigiNotar"))
>>> ++ {
>>> ++ ctx->error = X509_V_ERR_CERT_REVOKED;
>>> ++ ctx->error_depth = i;
>>> ++ ctx->current_cert = x;
>>> ++ if (!ctx->verify_cb(0,ctx))
>>> ++ return 0;
>>> ++ }
>>> ++ }
>>> ++ return 1;
>>> ++ }
>>> ++
>>> + static int get_crl_sk(X509_STORE_CTX *ctx, X509_CRL **pcrl, X509_CRL **pdcrl,
>>> + X509 **pissuer, int *pscore, unsigned int *preasons,
>>> + STACK_OF(X509_CRL) *crls)
>>> diff --git a/meta/recipes-connectivity/openssl/openssl/debian1.0.2/padlock_conf.patch b/meta/recipes-connectivity/openssl/openssl/debian1.0.2/padlock_conf.patch
>>> new file mode 100644
>>> index 0000000..61dcf45
>>> --- /dev/null
>>> +++ b/meta/recipes-connectivity/openssl/openssl/debian1.0.2/padlock_conf.patch
>>> @@ -0,0 +1,31 @@
>>> +
>>> +Upstream-Status: Backport [debian]
>>> +
>>> +--- openssl/apps/openssl.cnf.orig 2012-06-06 00:45:56.000000000 +0200
>>> ++++ openssl/apps/openssl.cnf 2012-06-06 00:46:46.000000000 +0200
>>> +@@ -19,6 +19,8 @@
>>> + # (Alternatively, use a configuration file that has only
>>> + # X.509v3 extensions in its main [= default] section.)
>>> +
>>> ++openssl_conf = openssl_def
>>> ++
>>> + [ new_oids ]
>>> +
>>> + # We can add new OIDs in here for use by 'ca', 'req' and 'ts'.
>>> +@@ -348,3 +350,16 @@
>>> + # (optional, default: no)
>>> + ess_cert_id_chain = no # Must the ESS cert id chain be included?
>>> + # (optional, default: no)
>>> ++
>>> ++[openssl_def]
>>> ++engines = engine_section
>>> ++
>>> ++[engine_section]
>>> ++padlock = padlock_section
>>> ++
>>> ++[padlock_section]
>>> ++soft_load=1
>>> ++init=1
>>> ++default_algorithms = ALL
>>> ++dynamic_path=padlock
>>> ++
>>> diff --git a/meta/recipes-connectivity/openssl/openssl/engines-install-in-libdir-ssl.patch b/meta/recipes-connectivity/openssl/openssl/engines-install-in-libdir-ssl.patch
>>> index d8a6f1a..a574648 100644
>>> --- a/meta/recipes-connectivity/openssl/openssl/engines-install-in-libdir-ssl.patch
>>> +++ b/meta/recipes-connectivity/openssl/openssl/engines-install-in-libdir-ssl.patch
>>> @@ -1,11 +1,11 @@
>>> Upstream-Status: Inappropriate [configuration]
>>>
>>>
>>> -Index: openssl-1.0.0/engines/Makefile
>>> +Index: openssl-1.0.2/engines/Makefile
>>> ===================================================================
>>> ---- openssl-1.0.0.orig/engines/Makefile
>>> -+++ openssl-1.0.0/engines/Makefile
>>> -@@ -107,7 +107,7 @@
>>> +--- openssl-1.0.2.orig/engines/Makefile
>>> ++++ openssl-1.0.2/engines/Makefile
>>> +@@ -107,13 +107,13 @@ install:
>>> @[ -n "$(INSTALLTOP)" ] # should be set by top Makefile...
>>> @if [ -n "$(SHARED_LIBS)" ]; then \
>>> set -e; \
>>> @@ -14,16 +14,19 @@ Index: openssl-1.0.0/engines/Makefile
>>> for l in $(LIBNAMES); do \
>>> ( echo installing $$l; \
>>> pfx=lib; \
>>> -@@ -119,13 +119,13 @@
>>> + if expr "$(PLATFORM)" : "Cygwin" >/dev/null; then \
>>> + sfx=".so"; \
>>> +- cp cyg$$l.dll $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/engines/$$pfx$$l$$sfx.new; \
>>> ++ cp cyg$$l.dll $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/ssl/engines/$$pfx$$l$$sfx.new; \
>>> + else \
>>> + case "$(CFLAGS)" in \
>>> + *DSO_BEOS*) sfx=".so";; \
>>> +@@ -122,10 +122,10 @@ install:
>>> *DSO_WIN32*) sfx="eay32.dll"; pfx=;; \
>>> *) sfx=".bad";; \
>>> esac; \
>>> - cp $$pfx$$l$$sfx $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/engines/$$pfx$$l$$sfx.new; \
>>> + cp $$pfx$$l$$sfx $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/ssl/engines/$$pfx$$l$$sfx.new; \
>>> - else \
>>> - sfx=".so"; \
>>> -- cp cyg$$l.dll $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/engines/$$pfx$$l$$sfx.new; \
>>> -+ cp cyg$$l.dll $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/ssl/engines/$$pfx$$l$$sfx.new; \
>>> fi; \
>>> - chmod 555 $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/engines/$$pfx$$l$$sfx.new; \
>>> - mv -f $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/engines/$$pfx$$l$$sfx.new $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/engines/$$pfx$$l$$sfx ); \
>>> @@ -32,20 +35,25 @@ Index: openssl-1.0.0/engines/Makefile
>>> done; \
>>> fi
>>> @target=install; $(RECURSIVE_MAKE)
>>> -Index: openssl-1.0.0/engines/ccgost/Makefile
>>> +Index: openssl-1.0.2/engines/ccgost/Makefile
>>> ===================================================================
>>> ---- openssl-1.0.0.orig/engines/ccgost/Makefile
>>> -+++ openssl-1.0.0/engines/ccgost/Makefile
>>> -@@ -53,13 +53,13 @@
>>> +--- openssl-1.0.2.orig/engines/ccgost/Makefile
>>> ++++ openssl-1.0.2/engines/ccgost/Makefile
>>> +@@ -47,7 +47,7 @@ install:
>>> + pfx=lib; \
>>> + if expr "$(PLATFORM)" : "Cygwin" >/dev/null; then \
>>> + sfx=".so"; \
>>> +- cp cyg$(LIBNAME).dll $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/engines/$${pfx}$(LIBNAME)$$sfx.new; \
>>> ++ cp cyg$(LIBNAME).dll $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/ssl/engines/$${pfx}$(LIBNAME)$$sfx.new; \
>>> + else \
>>> + case "$(CFLAGS)" in \
>>> + *DSO_BEOS*) sfx=".so";; \
>>> +@@ -56,10 +56,10 @@ install:
>>> *DSO_WIN32*) sfx="eay32.dll"; pfx=;; \
>>> *) sfx=".bad";; \
>>> esac; \
>>> - cp $${pfx}$(LIBNAME)$$sfx $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/engines/$${pfx}$(LIBNAME)$$sfx.new; \
>>> + cp $${pfx}$(LIBNAME)$$sfx $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/ssl/engines/$${pfx}$(LIBNAME)$$sfx.new; \
>>> - else \
>>> - sfx=".so"; \
>>> -- cp cyg$(LIBNAME).dll $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/engines/$${pfx}$(LIBNAME)$$sfx.new; \
>>> -+ cp cyg$(LIBNAME).dll $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/ssl/engines/$${pfx}$(LIBNAME)$$sfx.new; \
>>> fi; \
>>> - chmod 555 $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/engines/$${pfx}$(LIBNAME)$$sfx.new; \
>>> - mv -f $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/engines/$${pfx}$(LIBNAME)$$sfx.new $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/engines/$${pfx}$(LIBNAME)$$sfx; \
>>> diff --git a/meta/recipes-connectivity/openssl/openssl/fix-cipher-des-ede3-cfb1.patch b/meta/recipes-connectivity/openssl/openssl/fix-cipher-des-ede3-cfb1.patch
>>> index f0e1778..06d1ea6 100644
>>> --- a/meta/recipes-connectivity/openssl/openssl/fix-cipher-des-ede3-cfb1.patch
>>> +++ b/meta/recipes-connectivity/openssl/openssl/fix-cipher-des-ede3-cfb1.patch
>>> @@ -6,17 +6,16 @@ http://rt.openssl.org/Ticket/Display.html?id=2867
>>>
>>> Signed-Off-By: Muhammad Shakeel <muhammad_shakeel@mentor.com>
>>>
>>> -diff --git a/crypto/evp/e_des3.c b/crypto/evp/e_des3.c
>>> -index 3232cfe..df84922 100644
>>> +Index: openssl-1.0.2/crypto/evp/e_des3.c
>>> ===================================================================
>>> ---- a/crypto/evp/e_des3.c
>>> -+++ b/crypto/evp/e_des3.c
>>> -@@ -173,7 +173,7 @@ static int des_ede3_cfb1_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
>>> +--- openssl-1.0.2.orig/crypto/evp/e_des3.c
>>> ++++ openssl-1.0.2/crypto/evp/e_des3.c
>>> +@@ -211,7 +211,7 @@ static int des_ede3_cfb1_cipher(EVP_CIPH
>>> size_t n;
>>> - unsigned char c[1],d[1];
>>> + unsigned char c[1], d[1];
>>>
>>> -- for(n=0 ; n < inl ; ++n)
>>> -+ for(n=0 ; n < inl*8 ; ++n)
>>> - {
>>> - c[0]=(in[n/8]&(1 << (7-n%8))) ? 0x80 : 0;
>>> - DES_ede3_cfb_encrypt(c,d,1,1,
>>> +- for (n = 0; n < inl; ++n) {
>>> ++ for (n = 0; n * 8 < inl; ++n) {
>>> + c[0] = (in[n / 8] & (1 << (7 - n % 8))) ? 0x80 : 0;
>>> + DES_ede3_cfb_encrypt(c, d, 1, 1,
>>> + &data(ctx)->ks1, &data(ctx)->ks2,
>>> diff --git a/meta/recipes-connectivity/openssl/openssl/initial-aarch64-bits.patch b/meta/recipes-connectivity/openssl/openssl/initial-aarch64-bits.patch
>>> deleted file mode 100644
>>> index 770097d..0000000
>>> --- a/meta/recipes-connectivity/openssl/openssl/initial-aarch64-bits.patch
>>> +++ /dev/null
>>> @@ -1,120 +0,0 @@
>>> -From: Andy Polyakov <appro@openssl.org>
>>> -Date: Sun, 13 Oct 2013 17:15:15 +0000 (+0200)
>>> -Subject: Initial aarch64 bits.
>>> -X-Git-Url: http://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff_plain;h=039081b80977e2a5de84e1f88f8b4d025b559956
>>> -
>>> -Initial aarch64 bits.
>>> -Upstream-Status: backport (will be included in 1.0.2)
>>> ----
>>> - crypto/bn/bn_lcl.h | 9 +++++++++
>>> - crypto/md32_common.h | 18 ++++++++++++++++++
>>> - crypto/modes/modes_lcl.h | 8 ++++++++
>>> - crypto/sha/sha512.c | 13 +++++++++++++
>>> - 4 files changed, 48 insertions(+)
>>> -
>>> -Index: openssl-1.0.1f/crypto/bn/bn_lcl.h
>>> -===================================================================
>>> ---- openssl-1.0.1f.orig/crypto/bn/bn_lcl.h 2014-01-06 15:47:42.000000000 +0200
>>> -+++ openssl-1.0.1f/crypto/bn/bn_lcl.h 2014-02-28 10:37:55.495979037 +0200
>>> -@@ -300,6 +300,15 @@
>>> - : "r"(a), "r"(b));
>>> - # endif
>>> - # endif
>>> -+# elif defined(__aarch64__) && defined(SIXTY_FOUR_BIT_LONG)
>>> -+# if defined(__GNUC__) && __GNUC__>=2
>>> -+# define BN_UMULT_HIGH(a,b) ({ \
>>> -+ register BN_ULONG ret; \
>>> -+ asm ("umulh %0,%1,%2" \
>>> -+ : "=r"(ret) \
>>> -+ : "r"(a), "r"(b)); \
>>> -+ ret; })
>>> -+# endif
>>> - # endif /* cpu */
>>> - #endif /* OPENSSL_NO_ASM */
>>> -
>>> -Index: openssl-1.0.1f/crypto/md32_common.h
>>> -===================================================================
>>> ---- openssl-1.0.1f.orig/crypto/md32_common.h 2014-01-06 15:47:42.000000000 +0200
>>> -+++ openssl-1.0.1f/crypto/md32_common.h 2014-02-28 10:39:21.751979107 +0200
>>> -@@ -213,6 +213,24 @@
>>> - asm ("bswapl %0":"=r"(r):"0"(r)); \
>>> - *((unsigned int *)(c))=r; (c)+=4; r; })
>>> - # endif
>>> -+# elif defined(__aarch64__)
>>> -+# if defined(__BYTE_ORDER__)
>>> -+# if defined(__ORDER_LITTLE_ENDIAN__) && __BYTE_ORDER__==__ORDER_LITTLE_ENDIAN__
>>> -+# define HOST_c2l(c,l) ({ unsigned int r; \
>>> -+ asm ("rev %w0,%w1" \
>>> -+ :"=r"(r) \
>>> -+ :"r"(*((const unsigned int *)(c))));\
>>> -+ (c)+=4; (l)=r; })
>>> -+# define HOST_l2c(l,c) ({ unsigned int r; \
>>> -+ asm ("rev %w0,%w1" \
>>> -+ :"=r"(r) \
>>> -+ :"r"((unsigned int)(l)));\
>>> -+ *((unsigned int *)(c))=r; (c)+=4; r; })
>>> -+# elif defined(__ORDER_BIG_ENDIAN__) && __BYTE_ORDER__==__ORDER_BIG_ENDIAN__
>>> -+# define HOST_c2l(c,l) ((l)=*((const unsigned int *)(c)), (c)+=4, (l))
>>> -+# define HOST_l2c(l,c) (*((unsigned int *)(c))=(l), (c)+=4, (l))
>>> -+# endif
>>> -+# endif
>>> - # endif
>>> - # endif
>>> - #endif
>>> -Index: openssl-1.0.1f/crypto/modes/modes_lcl.h
>>> -===================================================================
>>> ---- openssl-1.0.1f.orig/crypto/modes/modes_lcl.h 2014-02-28 10:47:48.731979011 +0200
>>> -+++ openssl-1.0.1f/crypto/modes/modes_lcl.h 2014-02-28 10:48:49.707978919 +0200
>>> -@@ -29,6 +29,7 @@
>>> - #if defined(__i386) || defined(__i386__) || \
>>> - defined(__x86_64) || defined(__x86_64__) || \
>>> - defined(_M_IX86) || defined(_M_AMD64) || defined(_M_X64) || \
>>> -+ defined(__aarch64__) || \
>>> - defined(__s390__) || defined(__s390x__)
>>> - # undef STRICT_ALIGNMENT
>>> - #endif
>>> -@@ -50,6 +51,13 @@
>>> - # define BSWAP4(x) ({ u32 ret=(x); \
>>> - asm ("bswapl %0" \
>>> - : "+r"(ret)); ret; })
>>> -+# elif defined(__aarch64__)
>>> -+# define BSWAP8(x) ({ u64 ret; \
>>> -+ asm ("rev %0,%1" \
>>> -+ : "=r"(ret) : "r"(x)); ret; })
>>> -+# define BSWAP4(x) ({ u32 ret; \
>>> -+ asm ("rev %w0,%w1" \
>>> -+ : "=r"(ret) : "r"(x)); ret; })
>>> - # elif (defined(__arm__) || defined(__arm)) && !defined(STRICT_ALIGNMENT)
>>> - # define BSWAP8(x) ({ u32 lo=(u64)(x)>>32,hi=(x); \
>>> - asm ("rev %0,%0; rev %1,%1" \
>>> -Index: openssl-1.0.1f/crypto/sha/sha512.c
>>> -===================================================================
>>> ---- openssl-1.0.1f.orig/crypto/sha/sha512.c 2014-01-06 15:47:42.000000000 +0200
>>> -+++ openssl-1.0.1f/crypto/sha/sha512.c 2014-02-28 10:52:14.579978981 +0200
>>> -@@ -55,6 +55,7 @@
>>> - #if defined(__i386) || defined(__i386__) || defined(_M_IX86) || \
>>> - defined(__x86_64) || defined(_M_AMD64) || defined(_M_X64) || \
>>> - defined(__s390__) || defined(__s390x__) || \
>>> -+ defined(__aarch64__) || \
>>> - defined(SHA512_ASM)
>>> - #define SHA512_BLOCK_CAN_MANAGE_UNALIGNED_DATA
>>> - #endif
>>> -@@ -347,6 +348,18 @@
>>> - asm ("rotrdi %0,%1,%2" \
>>> - : "=r"(ret) \
>>> - : "r"(a),"K"(n)); ret; })
>>> -+# elif defined(__aarch64__)
>>> -+# define ROTR(a,n) ({ SHA_LONG64 ret; \
>>> -+ asm ("ror %0,%1,%2" \
>>> -+ : "=r"(ret) \
>>> -+ : "r"(a),"I"(n)); ret; })
>>> -+# if defined(__BYTE_ORDER__) && defined(__ORDER_LITTLE_ENDIAN__) && \
>>> -+ __BYTE_ORDER__==__ORDER_LITTLE_ENDIAN__
>>> -+# define PULL64(x) ({ SHA_LONG64 ret; \
>>> -+ asm ("rev %0,%1" \
>>> -+ : "=r"(ret) \
>>> -+ : "r"(*((const SHA_LONG64 *)(&(x))))); ret; })
>>> -+# endif
>>> - # endif
>>> - # elif defined(_MSC_VER)
>>> - # if defined(_WIN64) /* applies to both IA-64 and AMD64 */
>>> diff --git a/meta/recipes-connectivity/openssl/openssl/openssl-avoid-NULL-pointer-dereference-in-EVP_DigestInit_ex.patch b/meta/recipes-connectivity/openssl/openssl/openssl-avoid-NULL-pointer-dereference-in-EVP_DigestInit_ex.patch
>>> index c161e62..cebc8cf 100644
>>> --- a/meta/recipes-connectivity/openssl/openssl/openssl-avoid-NULL-pointer-dereference-in-EVP_DigestInit_ex.patch
>>> +++ b/meta/recipes-connectivity/openssl/openssl/openssl-avoid-NULL-pointer-dereference-in-EVP_DigestInit_ex.patch
>>> @@ -8,14 +8,16 @@ http://www.mail-archive.com/openssl-dev@openssl.org/msg32860.html
>>>
>>> Signed-off-by: Xufeng Zhang <xufeng.zhang@windriver.com>
>>> ---
>>> ---- a/crypto/evp/digest.c
>>> -+++ b/crypto/evp/digest.c
>>> -@@ -199,7 +199,7 @@
>>> - return 0;
>>> - }
>>> +Index: openssl-1.0.2/crypto/evp/digest.c
>>> +===================================================================
>>> +--- openssl-1.0.2.orig/crypto/evp/digest.c
>>> ++++ openssl-1.0.2/crypto/evp/digest.c
>>> +@@ -208,7 +208,7 @@ int EVP_DigestInit_ex(EVP_MD_CTX *ctx, c
>>> + return 0;
>>> + }
>>> #endif
>>> -- if (ctx->digest != type)
>>> -+ if (type && (ctx->digest != type))
>>> - {
>>> - if (ctx->digest && ctx->digest->ctx_size)
>>> - OPENSSL_free(ctx->md_data);
>>> +- if (ctx->digest != type) {
>>> ++ if (type && (ctx->digest != type)) {
>>> + if (ctx->digest && ctx->digest->ctx_size)
>>> + OPENSSL_free(ctx->md_data);
>>> + ctx->digest = type;
>>> diff --git a/meta/recipes-connectivity/openssl/openssl/openssl-avoid-NULL-pointer-dereference-in-dh_pub_encode.patch b/meta/recipes-connectivity/openssl/openssl/openssl-avoid-NULL-pointer-dereference-in-dh_pub_encode.patch
>>> index 3e93fe4..d7047bb 100644
>>> --- a/meta/recipes-connectivity/openssl/openssl/openssl-avoid-NULL-pointer-dereference-in-dh_pub_encode.patch
>>> +++ b/meta/recipes-connectivity/openssl/openssl/openssl-avoid-NULL-pointer-dereference-in-dh_pub_encode.patch
>>> @@ -8,32 +8,19 @@ http://www.mail-archive.com/openssl-dev@openssl.org/msg32859.html
>>>
>>> Signed-off-by: Xufeng Zhang <xufeng.zhang@windriver.com>
>>> ---
>>> ---- a/crypto/dh/dh_ameth.c
>>> -+++ b/crypto/dh/dh_ameth.c
>>> -@@ -139,6 +139,12 @@
>>> - dh=pkey->pkey.dh;
>>> +Index: openssl-1.0.2/crypto/dh/dh_ameth.c
>>> +===================================================================
>>> +--- openssl-1.0.2.orig/crypto/dh/dh_ameth.c
>>> ++++ openssl-1.0.2/crypto/dh/dh_ameth.c
>>> +@@ -161,6 +161,11 @@ static int dh_pub_encode(X509_PUBKEY *pk
>>> + dh = pkey->pkey.dh;
>>>
>>> - str = ASN1_STRING_new();
>>> -+ if (!str)
>>> -+ {
>>> -+ DHerr(DH_F_DH_PUB_ENCODE, ERR_R_MALLOC_FAILURE);
>>> -+ goto err;
>>> -+ }
>>> + str = ASN1_STRING_new();
>>> ++ if (!str) {
>>> ++ DHerr(DH_F_DH_PUB_ENCODE, ERR_R_MALLOC_FAILURE);
>>> ++ goto err;
>>> ++ }
>>> +
>>> - str->length = i2d_DHparams(dh, &str->data);
>>> - if (str->length <= 0)
>>> - {
>>> ---- a/crypto/dsa/dsa_ameth.c
>>> -+++ b/crypto/dsa/dsa_ameth.c
>>> -@@ -148,6 +148,11 @@
>>> - {
>>> - ASN1_STRING *str;
>>> - str = ASN1_STRING_new();
>>> -+ if (!str)
>>> -+ {
>>> -+ DSAerr(DSA_F_DSA_PUB_ENCODE, ERR_R_MALLOC_FAILURE);
>>> -+ goto err;
>>> -+ }
>>> - str->length = i2d_DSAparams(dsa, &str->data);
>>> - if (str->length <= 0)
>>> - {
>>> + str->length = i2d_dhp(pkey, dh, &str->data);
>>> + if (str->length <= 0) {
>>> + DHerr(DH_F_DH_PUB_ENCODE, ERR_R_MALLOC_FAILURE);
>>> diff --git a/meta/recipes-connectivity/openssl/openssl/openssl_fix_for_x32.patch b/meta/recipes-connectivity/openssl/openssl/openssl_fix_for_x32.patch
>>> index 93ce034..cbce32c 100644
>>> --- a/meta/recipes-connectivity/openssl/openssl/openssl_fix_for_x32.patch
>>> +++ b/meta/recipes-connectivity/openssl/openssl/openssl_fix_for_x32.patch
>>> @@ -6,64 +6,13 @@ Signed-Off-By: Nitin A Kamble <nitin.a.kamble@intel.com> 2011/07/13
>>>
>>> ported the patch to the 1.0.0e version
>>> Signed-Off-By: Nitin A Kamble <nitin.a.kamble@intel.com> 2011/12/01
>>> -Index: openssl-1.0.1e/Configure
>>> +Index: openssl-1.0.2/crypto/bn/bn.h
>>> ===================================================================
>>> ---- openssl-1.0.1e.orig/Configure
>>> -+++ openssl-1.0.1e/Configure
>>> -@@ -402,6 +402,7 @@ my %table=(
>>> - "linux-ia64-ecc","ecc:-DL_ENDIAN -DTERMIO -O2 -Wall -no_cpprt::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_INT:${ia64_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
>>> - "linux-ia64-icc","icc:-DL_ENDIAN -DTERMIO -O2 -Wall -no_cpprt::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_RISC1 DES_INT:${ia64_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
>>> - "linux-x86_64", "gcc:-m64 -DL_ENDIAN -DTERMIO -O3 -Wall::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_INT DES_UNROLL:${x86_64_asm}:elf:dlfcn:linux-shared:-fPIC:-m64:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR):::64",
>>> -+"linux-x32", "gcc:-mx32 -DL_ENDIAN -DTERMIO -O3 -Wall -DMD32_REG_T=int::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT RC4_CHUNK DES_INT DES_UNROLL:${x86_64_asm}:elf:dlfcn:linux-shared:-fPIC:-mx32:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR):::x32",
>>> - "linux64-s390x", "gcc:-m64 -DB_ENDIAN -DTERMIO -O3 -Wall::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHAR RC4_CHUNK DES_INT DES_UNROLL:${s390x_asm}:64:dlfcn:linux-shared:-fPIC:-m64:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR):::64",
>>> - #### So called "highgprs" target for z/Architecture CPUs
>>> - # "Highgprs" is kernel feature first implemented in Linux 2.6.32, see
>>> -Index: openssl-1.0.1e/crypto/bn/asm/x86_64-gcc.c
>>> -===================================================================
>>> ---- openssl-1.0.1e.orig/crypto/bn/asm/x86_64-gcc.c
>>> -+++ openssl-1.0.1e/crypto/bn/asm/x86_64-gcc.c
>>> -@@ -55,7 +55,7 @@
>>> - * machine.
>>> - */
>>> -
>>> --#ifdef _WIN64
>>> -+#if defined _WIN64 || !defined __LP64__
>>> - #define BN_ULONG unsigned long long
>>> - #else
>>> - #define BN_ULONG unsigned long
>>> -@@ -192,9 +192,9 @@ BN_ULONG bn_add_words (BN_ULONG *rp, con
>>> - asm (
>>> - " subq %2,%2 \n"
>>> - ".p2align 4 \n"
>>> -- "1: movq (%4,%2,8),%0 \n"
>>> -- " adcq (%5,%2,8),%0 \n"
>>> -- " movq %0,(%3,%2,8) \n"
>>> -+ "1: movq (%q4,%2,8),%0 \n"
>>> -+ " adcq (%q5,%2,8),%0 \n"
>>> -+ " movq %0,(%q3,%2,8) \n"
>>> - " leaq 1(%2),%2 \n"
>>> - " loop 1b \n"
>>> - " sbbq %0,%0 \n"
>>> -@@ -215,9 +215,9 @@ BN_ULONG bn_sub_words (BN_ULONG *rp, con
>>> - asm (
>>> - " subq %2,%2 \n"
>>> - ".p2align 4 \n"
>>> -- "1: movq (%4,%2,8),%0 \n"
>>> -- " sbbq (%5,%2,8),%0 \n"
>>> -- " movq %0,(%3,%2,8) \n"
>>> -+ "1: movq (%q4,%2,8),%0 \n"
>>> -+ " sbbq (%q5,%2,8),%0 \n"
>>> -+ " movq %0,(%q3,%2,8) \n"
>>> - " leaq 1(%2),%2 \n"
>>> - " loop 1b \n"
>>> - " sbbq %0,%0 \n"
>>> -Index: openssl-1.0.1e/crypto/bn/bn.h
>>> -===================================================================
>>> ---- openssl-1.0.1e.orig/crypto/bn/bn.h
>>> -+++ openssl-1.0.1e/crypto/bn/bn.h
>>> -@@ -172,6 +172,13 @@ extern "C" {
>>> +--- openssl-1.0.2.orig/crypto/bn/bn.h
>>> ++++ openssl-1.0.2/crypto/bn/bn.h
>>> +@@ -173,6 +173,13 @@ extern "C" {
>>> + # endif
>>> # endif
>>> - #endif
>>>
>>> +/* Address type. */
>>> +#ifdef _WIN64
>>> @@ -72,19 +21,19 @@ Index: openssl-1.0.1e/crypto/bn/bn.h
>>> +#define BN_ADDR unsigned long
>>> +#endif
>>> +
>>> - /* assuming long is 64bit - this is the DEC Alpha
>>> - * unsigned long long is only 64 bits :-(, don't define
>>> - * BN_LLONG for the DEC Alpha */
>>> -Index: openssl-1.0.1e/crypto/bn/bn_exp.c
>>> + /*
>>> + * assuming long is 64bit - this is the DEC Alpha unsigned long long is only
>>> + * 64 bits :-(, don't define BN_LLONG for the DEC Alpha
>>> +Index: openssl-1.0.2/crypto/bn/bn_exp.c
>>> ===================================================================
>>> ---- openssl-1.0.1e.orig/crypto/bn/bn_exp.c
>>> -+++ openssl-1.0.1e/crypto/bn/bn_exp.c
>>> -@@ -567,7 +567,7 @@ static int MOD_EXP_CTIME_COPY_FROM_PREBU
>>> -
>>> - /* Given a pointer value, compute the next address that is a cache line multiple. */
>>> +--- openssl-1.0.2.orig/crypto/bn/bn_exp.c
>>> ++++ openssl-1.0.2/crypto/bn/bn_exp.c
>>> +@@ -638,7 +638,7 @@ static int MOD_EXP_CTIME_COPY_FROM_PREBU
>>> + * multiple.
>>> + */
>>> #define MOD_EXP_CTIME_ALIGN(x_) \
>>> -- ((unsigned char*)(x_) + (MOD_EXP_CTIME_MIN_CACHE_LINE_WIDTH - (((size_t)(x_)) & (MOD_EXP_CTIME_MIN_CACHE_LINE_MASK))))
>>> +- ((unsigned char*)(x_) + (MOD_EXP_CTIME_MIN_CACHE_LINE_WIDTH - (((size_t)(x_)) & (MOD_EXP_CTIME_MIN_CACHE_LINE_MASK))))
>>> + ((unsigned char*)(x_) + (MOD_EXP_CTIME_MIN_CACHE_LINE_WIDTH - (((BN_ADDR)(x_)) & (MOD_EXP_CTIME_MIN_CACHE_LINE_MASK))))
>>>
>>> - /* This variant of BN_mod_exp_mont() uses fixed windows and the special
>>> - * precomputation memory layout to limit data-dependency to a minimum
>>> + /*
>>> + * This variant of BN_mod_exp_mont() uses fixed windows and the special
>>> diff --git a/meta/recipes-connectivity/openssl/openssl/ptest-deps.patch b/meta/recipes-connectivity/openssl/openssl/ptest-deps.patch
>>> index 527e10c..ef6d179 100644
>>> --- a/meta/recipes-connectivity/openssl/openssl/ptest-deps.patch
>>> +++ b/meta/recipes-connectivity/openssl/openssl/ptest-deps.patch
>>> @@ -10,11 +10,11 @@ Upstream-Status: Inappropriate [config]
>>>
>>> Signed-off-by: Paul Eggleton <paul.eggleton@linux.intel.com>
>>>
>>> -diff --git a/test/Makefile b/test/Makefile
>>> -index e6fcfb4..5ae043b 100644
>>> ---- a/test/Makefile
>>> -+++ b/test/Makefile
>>> -@@ -322,11 +322,11 @@ test_cms:
>>> +Index: openssl-1.0.2/test/Makefile
>>> +===================================================================
>>> +--- openssl-1.0.2.orig/test/Makefile
>>> ++++ openssl-1.0.2/test/Makefile
>>> +@@ -330,7 +330,7 @@ test_cms: ../apps/openssl$(EXE_EXT) cms-
>>> @echo "CMS consistency test"
>>> $(PERL) cms-test.pl
>>>
>>> @@ -23,8 +23,12 @@ index e6fcfb4..5ae043b 100644
>>> @echo "Test SRP"
>>> ../util/shlib_wrap.sh ./srptest
>>>
>>> +@@ -342,7 +342,7 @@ test_v3name: $(V3NAMETEST)$(EXE_EXT)
>>> + @echo "Test X509v3_check_*"
>>> + ../util/shlib_wrap.sh ./$(V3NAMETEST)
>>> +
>>> -test_heartbeat: $(HEARTBEATTEST)$(EXE_EXT)
>>> +test_heartbeat:
>>> ../util/shlib_wrap.sh ./$(HEARTBEATTEST)
>>>
>>> - lint:
>>> + test_constant_time: $(CONSTTIMETEST)$(EXE_EXT)
>>> diff --git a/meta/recipes-connectivity/openssl/openssl/update-version-script-for-1.0.2.patch b/meta/recipes-connectivity/openssl/openssl/update-version-script-for-1.0.2.patch
>>> new file mode 100644
>>> index 0000000..fcfccfa
>>> --- /dev/null
>>> +++ b/meta/recipes-connectivity/openssl/openssl/update-version-script-for-1.0.2.patch
>>> @@ -0,0 +1,66 @@
>>> +Index: openssl-1.0.2/openssl.ld
>>> +===================================================================
>>> +--- openssl-1.0.2.orig/openssl.ld
>>> ++++ openssl-1.0.2/openssl.ld
>>> +@@ -4618,3 +4618,61 @@ OPENSSL_1.0.1d {
>>> + CRYPTO_memcmp;
>>> + } OPENSSL_1.0.1;
>>> +
>>> ++OPENSSL_1.0.2 {
>>> ++ global:
>>> ++ ASN1_TIME_diff;
>>> ++ CMS_RecipientInfo_get0_pkey_ctx;
>>> ++ CMS_RecipientInfo_kari_get0_ctx;
>>> ++ CMS_SignerInfo_get0_pkey_ctx;
>>> ++ DH_get_1024_160;
>>> ++ DH_get_2048_224;
>>> ++ DH_get_2048_256;
>>> ++ DTLS_client_method;
>>> ++ DTLS_server_method;
>>> ++ DTLSv1_2_client_method;
>>> ++ DTLSv1_2_server_method;
>>> ++ EC_curve_nid2nist;
>>> ++ EC_curve_nist2nid;
>>> ++ EVP_aes_128_cbc_hmac_sha256;
>>> ++ EVP_aes_128_wrap;
>>> ++ EVP_aes_192_wrap;
>>> ++ EVP_aes_256_cbc_hmac_sha256;
>>> ++ EVP_aes_256_wrap;
>>> ++ EVP_des_ede3_wrap;
>>> ++ OCSP_REQ_CTX_http;
>>> ++ OCSP_REQ_CTX_new;
>>> ++ PEM_write_bio_DHxparams;
>>> ++ SSL_CIPHER_find;
>>> ++ SSL_CONF_CTX_finish;
>>> ++ SSL_CONF_CTX_free;
>>> ++ SSL_CONF_CTX_new;
>>> ++ SSL_CONF_CTX_set_flags;
>>> ++ SSL_CONF_CTX_set_ssl_ctx;
>>> ++ SSL_CONF_cmd;
>>> ++ SSL_CONF_cmd_argv;
>>> ++ SSL_CTX_add_client_custom_ext;
>>> ++ SSL_CTX_add_server_custom_ext;
>>> ++ SSL_CTX_set_alpn_protos;
>>> ++ SSL_CTX_set_alpn_select_cb;
>>> ++ SSL_CTX_set_cert_cb;
>>> ++ SSL_CTX_use_serverinfo_file;
>>> ++ SSL_certs_clear;
>>> ++ SSL_check_chain;
>>> ++ SSL_get0_alpn_selected;
>>> ++ SSL_get_shared_sigalgs;
>>> ++ SSL_get_sigalgs;
>>> ++ SSL_is_server;
>>> ++ X509_CRL_diff;
>>> ++ X509_CRL_http_nbio;
>>> ++ X509_STORE_set_lookup_crls_cb;
>>> ++ X509_VERIFY_PARAM_set1_email;
>>> ++ X509_VERIFY_PARAM_set1_host;
>>> ++ X509_VERIFY_PARAM_set1_ip_asc;
>>> ++ X509_chain_check_suiteb;
>>> ++ X509_chain_up_ref;
>>> ++ X509_check_email;
>>> ++ X509_check_host;
>>> ++ X509_check_ip_asc;
>>> ++ X509_get_signature_nid;
>>> ++ X509_http_nbio;
>>> ++} OPENSSL_1.0.1d;
>>> diff --git a/meta/recipes-connectivity/openssl/openssl_1.0.1k.bb b/meta/recipes-connectivity/openssl/openssl_1.0.2.bb
>>> similarity index 84%
>>> rename from meta/recipes-connectivity/openssl/openssl_1.0.1k.bb
>>> rename to meta/recipes-connectivity/openssl/openssl_1.0.2.bb
>>> index 16ffc58..79537f9 100644
>>> --- a/meta/recipes-connectivity/openssl/openssl_1.0.1k.bb
>>> +++ b/meta/recipes-connectivity/openssl/openssl_1.0.2.bb
>>> @@ -16,21 +16,22 @@ SRC_URI += "file://configure-targets.patch \
>>> file://oe-ldflags.patch \
>>> file://engines-install-in-libdir-ssl.patch \
>>> file://openssl-fix-link.patch \
>>> - file://debian/version-script.patch \
>>> - file://debian/pic.patch \
>>> - file://debian/c_rehash-compat.patch \
>>> + file://debian1.0.2/block_diginotar.patch \
>>> + file://debian1.0.2/block_digicert_malaysia.patch \
>>> + file://debian1.0.2/padlock_conf.patch \
>>> file://debian/ca.patch \
>>> - file://debian/make-targets.patch \
>>> - file://debian/no-rpath.patch \
>>> + file://debian/c_rehash-compat.patch \
>>> + file://debian/debian-targets.patch \
>>> file://debian/man-dir.patch \
>>> file://debian/man-section.patch \
>>> + file://debian/no-rpath.patch \
>>> file://debian/no-symbolic.patch \
>>> - file://debian/debian-targets.patch \
>>> + file://debian/pic.patch \
>>> + file://debian/version-script.patch \
>>> file://openssl_fix_for_x32.patch \
>>> file://fix-cipher-des-ede3-cfb1.patch \
>>> file://openssl-avoid-NULL-pointer-dereference-in-EVP_DigestInit_ex.patch \
>>> file://openssl-avoid-NULL-pointer-dereference-in-dh_pub_encode.patch \
>>> - file://initial-aarch64-bits.patch \
>>> file://find.pl \
>>> file://openssl-fix-des.pod-error.patch \
>>> file://Makefiles-ptest.patch \
>>> @@ -38,8 +39,8 @@ SRC_URI += "file://configure-targets.patch \
>>> file://run-ptest \
>>> "
>>>
>>> -SRC_URI[md5sum] = "d4f002bd22a56881340105028842ae1f"
>>> -SRC_URI[sha256sum] = "8f9faeaebad088e772f4ef5e38252d472be4d878c6b3a2718c10a4fcebe7a41c"
>>> +SRC_URI[md5sum] = "38373013fc85c790aabf8837969c5eba"
>>> +SRC_URI[sha256sum] = "8c48baf3babe0d505d16cfc0cf272589c66d3624264098213db0fb00034728e9"
>>>
>>> PACKAGES =+ " \
>>> ${PN}-engines \
>>>
>> --
>> _______________________________________________
>> Openembedded-core mailing list
>> Openembedded-core@lists.openembedded.org
>> http://lists.openembedded.org/mailman/listinfo/openembedded-core
>
^ permalink raw reply [flat|nested] 6+ messages in thread
* Re: [PATCH] openssl: Upgrade to 1.0.2
2015-03-12 19:17 ` Saul Wold
@ 2015-03-16 6:21 ` Robert Yang
0 siblings, 0 replies; 6+ messages in thread
From: Robert Yang @ 2015-03-16 6:21 UTC (permalink / raw)
To: Saul Wold, openembedded-core
On 03/13/2015 03:17 AM, Saul Wold wrote:
> On 03/11/2015 11:18 PM, Robert Yang wrote:
>>
>> I met this error when building openflow in meta-networking, I guess it
>> maybe
>> related to the upgraded:
>>
>> x86_64-wrs-linux-gcc -m64 -march=core2 -mtune=core2 -msse3 -mfpmath=sse
>> --sysroot=/buildarea/lyang1/test_qemux86-64/bitbake_build/tmp/sysroots/qemux86-64
>> -Wstrict-prototypes -O2 -pipe -g -feliminate-unused-debug-types -Wall
>> -Wno-sign-compare -Wpointer-arith -Wdeclaration-after-statement
>> -Wformat-security -Wswitch-enum -Wunused-parameter -Wstrict-aliasing
>> -Wbad-function-cast -Wcast-align -Wstrict-prototypes
>> -Wold-style-definition -Wmissing-prototypes -Wmissing-field-initializers
>> -Wno-override-init -export-dynamic -Wl,-O1 -Wl,--hash-style=gnu
>> -Wl,--as-needed -o secchan/ofprotocol secchan/discovery.o
>> secchan/emerg-flow.o secchan/fail-open.o secchan/failover.o
>> secchan/in-band.o secchan/port-watcher.o secchan/protocol-stat.o
>> secchan/ratelimit.o secchan/secchan.o secchan/status.o
>> secchan/stp-secchan.o lib/libopenflow.a -ldl
>> -L/buildarea/lyang1/test_qemux86-64/bitbake_build/tmp/sysroots/qemux86-64/usr/lib64
>>
>> -lssl
>> /buildarea/lyang1/test_qemux86-64/bitbake_build/tmp/sysroots/x86_64-linux/usr/libexec/x86_64-wrs-linux/gcc/x86_64-wrs-linux/4.9.2/ld:
>>
>> lib/libopenflow.a(vconn-ssl.o): undefined reference to symbol
>> 'ERR_error_string@@OPENSSL_1.0.0'
>> /buildarea/lyang1/test_qemux86-64/bitbake_build/tmp/sysroots/qemux86-64/lib64/libcrypto.so.1.0.0:
>>
>> error adding symbols: DSO missing from command line
>> collect2: error: ld returned 1 exit status
>>
> Robert, I am not sure about this, I just verified that ERR_error_string is a
> valid symbol in libcrypto.so, maybe you nbeed to have -lcrypto in addition to
> the -lssl on the command line for building openflow? I don't see it explicitly
> and maybe that's needed.
Yes, add -lcrypto works.
// Robert
>
> Sau!
>
>
>
^ permalink raw reply [flat|nested] 6+ messages in thread
end of thread, other threads:[~2015-03-16 6:21 UTC | newest]
Thread overview: 6+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2015-03-04 17:46 [PATCH] openssl: Upgrade to 1.0.2 Saul Wold
2015-03-12 6:18 ` Robert Yang
2015-03-12 19:17 ` Saul Wold
2015-03-16 6:21 ` Robert Yang
2015-03-13 13:46 ` Martin Jansa
2015-03-16 5:41 ` Saul Wold
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox