From 87d2e400facc8da0681a7872a67de56bccd50c6c Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Timo=20Ter=C3=A4s?= Date: Thu, 19 Mar 2015 16:13:02 +0000 Subject: main/openssl: security upgrade to 1.0.1m CVE-2015-0286, CVE-2015-0287, CVE-2015-0289, CVE-2015-0293, CVE-2015-0209, CVE-2015-0288 all patches refreshed (cherry picked from commit 277a95771cd6d25fda3bfa77ba5bf04ceb34210a) --- ...-support-EVP_MD_CTX_FLAG_ONESHOT-and-set-.patch | 97 - main/openssl/0001-fix-manpages.patch | 577 +++ main/openssl/0002-busybox-basename.patch | 34 + ...gines-e_padlock-backport-cvs-head-changes.patch | 193 - ...adlock-implement-sha1-sha224-sha256-accel.patch | 781 ---- main/openssl/0003-use-termios.patch | 26 + ...to-engine-autoload-padlock-dynamic-engine.patch | 33 - .../0004-fix-default-ca-path-for-apps.patch | 104 + main/openssl/0005-fix-parallel-build.patch | 354 ++ main/openssl/0005-s_client-ircv3-starttls.patch | 56 - ...cv3-tls-3.1-extension-support-to-s_client.patch | 68 + main/openssl/0007-reimplement-c_rehash-in-C.patch | 447 ++ ...i-compat-with-no-freelist-and-regular-bui.patch | 27 + ...-support-EVP_MD_CTX_FLAG_ONESHOT-and-set-.patch | 88 + ...port-changes-from-upstream-padlock-module.patch | 200 + ...adlock-implement-sha1-sha224-sha256-accel.patch | 782 ++++ ...to-engine-autoload-padlock-dynamic-engine.patch | 32 + main/openssl/APKBUILD | 139 +- main/openssl/c_rehash.sh | 210 - main/openssl/fix-default-apps-capath.patch | 102 - main/openssl/fix-manpages.patch | 599 --- main/openssl/openssl-1.0.1-version-eglibc.patch | 55 - main/openssl/openssl-bb-basename.patch | 20 - main/openssl/version-script-eglibc.patch | 4664 -------------------- 24 files changed, 2806 insertions(+), 6882 deletions(-) delete mode 100644 main/openssl/0001-crypto-hmac-support-EVP_MD_CTX_FLAG_ONESHOT-and-set-.patch create mode 100644 main/openssl/0001-fix-manpages.patch create mode 100644 main/openssl/0002-busybox-basename.patch delete mode 100644 main/openssl/0002-engines-e_padlock-backport-cvs-head-changes.patch delete mode 100644 main/openssl/0003-engines-e_padlock-implement-sha1-sha224-sha256-accel.patch create mode 100644 main/openssl/0003-use-termios.patch delete mode 100644 main/openssl/0004-crypto-engine-autoload-padlock-dynamic-engine.patch create mode 100644 main/openssl/0004-fix-default-ca-path-for-apps.patch create mode 100644 main/openssl/0005-fix-parallel-build.patch delete mode 100644 main/openssl/0005-s_client-ircv3-starttls.patch create mode 100644 main/openssl/0006-add-ircv3-tls-3.1-extension-support-to-s_client.patch create mode 100644 main/openssl/0007-reimplement-c_rehash-in-C.patch create mode 100644 main/openssl/0008-maintain-abi-compat-with-no-freelist-and-regular-bui.patch create mode 100644 main/openssl/0009-crypto-hmac-support-EVP_MD_CTX_FLAG_ONESHOT-and-set-.patch create mode 100644 main/openssl/0010-backport-changes-from-upstream-padlock-module.patch create mode 100644 main/openssl/0011-engines-e_padlock-implement-sha1-sha224-sha256-accel.patch create mode 100644 main/openssl/0012-crypto-engine-autoload-padlock-dynamic-engine.patch delete mode 100644 main/openssl/c_rehash.sh delete mode 100644 main/openssl/fix-default-apps-capath.patch delete mode 100644 main/openssl/fix-manpages.patch delete mode 100644 main/openssl/openssl-1.0.1-version-eglibc.patch delete mode 100644 main/openssl/openssl-bb-basename.patch delete mode 100644 main/openssl/version-script-eglibc.patch diff --git a/main/openssl/0001-crypto-hmac-support-EVP_MD_CTX_FLAG_ONESHOT-and-set-.patch b/main/openssl/0001-crypto-hmac-support-EVP_MD_CTX_FLAG_ONESHOT-and-set-.patch deleted file mode 100644 index 7d8092607b..0000000000 --- a/main/openssl/0001-crypto-hmac-support-EVP_MD_CTX_FLAG_ONESHOT-and-set-.patch +++ /dev/null @@ -1,97 +0,0 @@ -From ca3e27975dce1d969eeb41f5d882b34cb3eb1efb Mon Sep 17 00:00:00 2001 -From: =?UTF-8?q?Timo=20Ter=C3=A4s?= -Date: Fri, 4 Jun 2010 09:48:39 +0300 -Subject: [PATCH 1/4] crypto/hmac: support EVP_MD_CTX_FLAG_ONESHOT and set it - properly - -Some engines (namely VIA C7 Padlock) work only if EVP_MD_CTX_FLAG_ONESHOT -is set before final update. This is because some crypto accelerators cannot -perform non-finalizing transform of the digest. - -The usage of EVP_MD_CTX_FLAG_ONESHOT is used semantically slightly -differently here. It is set before the final EVP_DigestUpdate call, not -necessarily before EVP_DigestInit call. This will not cause any problems -though. ---- - crypto/hmac/hmac.c | 15 ++++++++++++--- - 1 file changed, 12 insertions(+), 3 deletions(-) - -diff --git a/crypto/hmac/hmac.c b/crypto/hmac/hmac.c -index ba27cbf..cffa0ba 100644 ---- a/crypto/hmac/hmac.c -+++ b/crypto/hmac/hmac.c -@@ -104,6 +104,7 @@ int HMAC_Init_ex(HMAC_CTX *ctx, const void *key, int len, - OPENSSL_assert(j <= (int)sizeof(ctx->key)); - if (j < len) - { -+ EVP_MD_CTX_set_flags(&ctx->md_ctx, EVP_MD_CTX_FLAG_ONESHOT); - if (!EVP_DigestInit_ex(&ctx->md_ctx,md, impl)) - goto err; - if (!EVP_DigestUpdate(&ctx->md_ctx,key,len)) -@@ -127,6 +128,7 @@ int HMAC_Init_ex(HMAC_CTX *ctx, const void *key, int len, - { - for (i=0; ikey[i]; -+ EVP_MD_CTX_clear_flags(&ctx->i_ctx, EVP_MD_CTX_FLAG_ONESHOT); - if (!EVP_DigestInit_ex(&ctx->i_ctx,md, impl)) - goto err; - if (!EVP_DigestUpdate(&ctx->i_ctx,pad,EVP_MD_block_size(md))) -@@ -134,14 +136,18 @@ int HMAC_Init_ex(HMAC_CTX *ctx, const void *key, int len, - - for (i=0; ikey[i]; -+ EVP_MD_CTX_clear_flags(&ctx->o_ctx, EVP_MD_CTX_FLAG_ONESHOT); - if (!EVP_DigestInit_ex(&ctx->o_ctx,md, impl)) - goto err; - if (!EVP_DigestUpdate(&ctx->o_ctx,pad,EVP_MD_block_size(md))) - goto err; - } -+ - if (!EVP_MD_CTX_copy_ex(&ctx->md_ctx,&ctx->i_ctx)) - goto err; -+ EVP_MD_CTX_clear_flags(&ctx->md_ctx, EVP_MD_CTX_FLAG_ONESHOT); - return 1; -+ - err: - return 0; - } -@@ -166,6 +172,7 @@ int HMAC_Final(HMAC_CTX *ctx, unsigned char *md, unsigned int *len) - { - unsigned int i; - unsigned char buf[EVP_MAX_MD_SIZE]; -+ - #ifdef OPENSSL_FIPS - if (FIPS_mode() && !ctx->i_ctx.engine) - return FIPS_hmac_final(ctx, md, len); -@@ -175,6 +182,7 @@ int HMAC_Final(HMAC_CTX *ctx, unsigned char *md, unsigned int *len) - goto err; - if (!EVP_MD_CTX_copy_ex(&ctx->md_ctx,&ctx->o_ctx)) - goto err; -+ EVP_MD_CTX_set_flags(&ctx->md_ctx,EVP_MD_CTX_FLAG_ONESHOT); - if (!EVP_DigestUpdate(&ctx->md_ctx,buf,i)) - goto err; - if (!EVP_DigestFinal_ex(&ctx->md_ctx,md,len)) -@@ -231,8 +239,9 @@ unsigned char *HMAC(const EVP_MD *evp_md, const void *key, int key_len, - - if (md == NULL) md=m; - HMAC_CTX_init(&c); -- if (!HMAC_Init(&c,key,key_len,evp_md)) -+ if (!HMAC_Init_ex(&c,key,key_len,evp_md,NULL)) - goto err; -+ HMAC_CTX_set_flags(&c,EVP_MD_CTX_FLAG_ONESHOT); - if (!HMAC_Update(&c,d,n)) - goto err; - if (!HMAC_Final(&c,md,md_len)) -@@ -245,7 +254,7 @@ unsigned char *HMAC(const EVP_MD *evp_md, const void *key, int key_len, - - void HMAC_CTX_set_flags(HMAC_CTX *ctx, unsigned long flags) - { -- EVP_MD_CTX_set_flags(&ctx->i_ctx, flags); -- EVP_MD_CTX_set_flags(&ctx->o_ctx, flags); -+ EVP_MD_CTX_set_flags(&ctx->i_ctx, flags & ~EVP_MD_CTX_FLAG_ONESHOT); -+ EVP_MD_CTX_set_flags(&ctx->o_ctx, flags & ~EVP_MD_CTX_FLAG_ONESHOT); - EVP_MD_CTX_set_flags(&ctx->md_ctx, flags); - } --- -1.7.11.3 - diff --git a/main/openssl/0001-fix-manpages.patch b/main/openssl/0001-fix-manpages.patch new file mode 100644 index 0000000000..144cf59201 --- /dev/null +++ b/main/openssl/0001-fix-manpages.patch @@ -0,0 +1,577 @@ +diff --git a/FAQ b/FAQ +index 2134e3a..18a8831 100644 +--- a/FAQ ++++ b/FAQ +@@ -724,7 +724,7 @@ OpenSSL by calling CRYPTO_set_locking_callback() and + CRYPTO_set_id_callback(), for all versions of OpenSSL up to and + including 0.9.8[abc...]. As of version 0.9.9, CRYPTO_set_id_callback() + and associated APIs are deprecated by CRYPTO_THREADID_set_callback() +-and friends. This is described in the threads(3) manpage. ++and friends. This is described in the openssl_threads(3) manpage. + + * I've compiled a program under Windows and it crashes: why? + +diff --git a/doc/apps/openssl.pod b/doc/apps/openssl.pod +index 738142e..e904f05 100644 +--- a/doc/apps/openssl.pod ++++ b/doc/apps/openssl.pod +@@ -163,7 +163,7 @@ Create or examine a netscape certificate sequence + + Online Certificate Status Protocol utility. + +-=item L|passwd(1)> ++=item L|openssl-passwd(1)> + + Generation of hashed passwords. + +@@ -401,7 +401,7 @@ L, L, L, + L, L, L, + L, L, L, + L, L, L, +-L, ++L, + L, L, L, + L, L, L, + L, L, +diff --git a/doc/crypto/BN_generate_prime.pod b/doc/crypto/BN_generate_prime.pod +index 7dccacb..71e7078 100644 +--- a/doc/crypto/BN_generate_prime.pod ++++ b/doc/crypto/BN_generate_prime.pod +@@ -90,7 +90,7 @@ The error codes can be obtained by L. + + =head1 SEE ALSO + +-L, L, L ++L, L, L + + =head1 HISTORY + +diff --git a/doc/crypto/BN_rand.pod b/doc/crypto/BN_rand.pod +index 81f93c2..690aa85 100644 +--- a/doc/crypto/BN_rand.pod ++++ b/doc/crypto/BN_rand.pod +@@ -45,7 +45,7 @@ The error codes can be obtained by L. + + =head1 SEE ALSO + +-L, L, L, ++L, L, L, + L, L + + =head1 HISTORY +diff --git a/doc/crypto/DH_generate_key.pod b/doc/crypto/DH_generate_key.pod +index 81f09fd..0d9f1e5 100644 +--- a/doc/crypto/DH_generate_key.pod ++++ b/doc/crypto/DH_generate_key.pod +@@ -40,7 +40,7 @@ The error codes can be obtained by L. + + =head1 SEE ALSO + +-L, L, L, L ++L, L, L, L + + =head1 HISTORY + +diff --git a/doc/crypto/DH_generate_parameters.pod b/doc/crypto/DH_generate_parameters.pod +index 9081e9e..0c0f78c 100644 +--- a/doc/crypto/DH_generate_parameters.pod ++++ b/doc/crypto/DH_generate_parameters.pod +@@ -59,7 +59,7 @@ a usable generator. + + =head1 SEE ALSO + +-L, L, L, ++L, L, L, + L + + =head1 HISTORY +diff --git a/doc/crypto/DSA_do_sign.pod b/doc/crypto/DSA_do_sign.pod +index 5dfc733..0a6d5f1 100644 +--- a/doc/crypto/DSA_do_sign.pod ++++ b/doc/crypto/DSA_do_sign.pod +@@ -36,7 +36,7 @@ L. + + =head1 SEE ALSO + +-L, L, L, ++L, L, L, + L, + L + +diff --git a/doc/crypto/DSA_generate_key.pod b/doc/crypto/DSA_generate_key.pod +index af83ccf..95080eb 100644 +--- a/doc/crypto/DSA_generate_key.pod ++++ b/doc/crypto/DSA_generate_key.pod +@@ -24,7 +24,7 @@ The error codes can be obtained by L. + + =head1 SEE ALSO + +-L, L, L, ++L, L, L, + L + + =head1 HISTORY +diff --git a/doc/crypto/DSA_generate_parameters.pod b/doc/crypto/DSA_generate_parameters.pod +index be7c924..2b1f78f 100644 +--- a/doc/crypto/DSA_generate_parameters.pod ++++ b/doc/crypto/DSA_generate_parameters.pod +@@ -90,7 +90,7 @@ Seed lengths E 20 are not supported. + + =head1 SEE ALSO + +-L, L, L, ++L, L, L, + L + + =head1 HISTORY +diff --git a/doc/crypto/DSA_sign.pod b/doc/crypto/DSA_sign.pod +index 97389e8..2e6f6f3 100644 +--- a/doc/crypto/DSA_sign.pod ++++ b/doc/crypto/DSA_sign.pod +@@ -55,7 +55,7 @@ Standard, DSS), ANSI X9.30 + + =head1 SEE ALSO + +-L, L, L, ++L, L, L, + L + + =head1 HISTORY +diff --git a/doc/crypto/ERR_GET_LIB.pod b/doc/crypto/ERR_GET_LIB.pod +index 2a129da..a881bdb 100644 +--- a/doc/crypto/ERR_GET_LIB.pod ++++ b/doc/crypto/ERR_GET_LIB.pod +@@ -41,7 +41,7 @@ The library number, function code and reason code respectively. + + =head1 SEE ALSO + +-L, L ++L, L + + =head1 HISTORY + +diff --git a/doc/crypto/ERR_clear_error.pod b/doc/crypto/ERR_clear_error.pod +index 566e1f4..0f503e7 100644 +--- a/doc/crypto/ERR_clear_error.pod ++++ b/doc/crypto/ERR_clear_error.pod +@@ -20,7 +20,7 @@ ERR_clear_error() has no return value. + + =head1 SEE ALSO + +-L, L ++L, L + + =head1 HISTORY + +diff --git a/doc/crypto/ERR_error_string.pod b/doc/crypto/ERR_error_string.pod +index cdfa7fe..d774ec1 100644 +--- a/doc/crypto/ERR_error_string.pod ++++ b/doc/crypto/ERR_error_string.pod +@@ -60,7 +60,7 @@ none is registered for the error code. + + =head1 SEE ALSO + +-L, L, ++L, L, + L, + L + L +diff --git a/doc/crypto/ERR_get_error.pod b/doc/crypto/ERR_get_error.pod +index 3444304..cd3d7ce 100644 +--- a/doc/crypto/ERR_get_error.pod ++++ b/doc/crypto/ERR_get_error.pod +@@ -61,7 +61,7 @@ The error code, or 0 if there is no error in the queue. + + =head1 SEE ALSO + +-L, L, ++L, L, + L + + =head1 HISTORY +diff --git a/doc/crypto/ERR_load_crypto_strings.pod b/doc/crypto/ERR_load_crypto_strings.pod +index 9bdec75..9c1b991 100644 +--- a/doc/crypto/ERR_load_crypto_strings.pod ++++ b/doc/crypto/ERR_load_crypto_strings.pod +@@ -35,7 +35,7 @@ ERR_free_strings() return no values. + + =head1 SEE ALSO + +-L, L ++L, L + + =head1 HISTORY + +diff --git a/doc/crypto/ERR_load_strings.pod b/doc/crypto/ERR_load_strings.pod +index 5acdd0e..261c87d 100644 +--- a/doc/crypto/ERR_load_strings.pod ++++ b/doc/crypto/ERR_load_strings.pod +@@ -43,7 +43,7 @@ ERR_get_next_error_library() returns a new library number. + + =head1 SEE ALSO + +-L, L ++L, L + + =head1 HISTORY + +diff --git a/doc/crypto/ERR_print_errors.pod b/doc/crypto/ERR_print_errors.pod +index b100a5f..a8b34b7 100644 +--- a/doc/crypto/ERR_print_errors.pod ++++ b/doc/crypto/ERR_print_errors.pod +@@ -38,7 +38,7 @@ ERR_print_errors() and ERR_print_errors_fp() return no values. + + =head1 SEE ALSO + +-L, L, ++L, L, + L, + L, + L +diff --git a/doc/crypto/ERR_put_error.pod b/doc/crypto/ERR_put_error.pod +index acd241f..9c0263a 100644 +--- a/doc/crypto/ERR_put_error.pod ++++ b/doc/crypto/ERR_put_error.pod +@@ -34,7 +34,7 @@ no values. + + =head1 SEE ALSO + +-L, L ++L, L + + =head1 HISTORY + +diff --git a/doc/crypto/ERR_remove_state.pod b/doc/crypto/ERR_remove_state.pod +index 72925fb..8dd63da 100644 +--- a/doc/crypto/ERR_remove_state.pod ++++ b/doc/crypto/ERR_remove_state.pod +@@ -25,7 +25,7 @@ ERR_remove_state() returns no value. + + =head1 SEE ALSO + +-L ++L + + =head1 HISTORY + +diff --git a/doc/crypto/EVP_BytesToKey.pod b/doc/crypto/EVP_BytesToKey.pod +index d375c46..6d6cf39 100644 +--- a/doc/crypto/EVP_BytesToKey.pod ++++ b/doc/crypto/EVP_BytesToKey.pod +@@ -59,7 +59,7 @@ EVP_BytesToKey() returns the size of the derived key in bytes. + + =head1 SEE ALSO + +-L, L, ++L, L, + L + + =head1 HISTORY +diff --git a/doc/crypto/EVP_OpenInit.pod b/doc/crypto/EVP_OpenInit.pod +index 2e710da..31172e4 100644 +--- a/doc/crypto/EVP_OpenInit.pod ++++ b/doc/crypto/EVP_OpenInit.pod +@@ -54,7 +54,7 @@ EVP_OpenFinal() returns 0 if the decrypt failed or 1 for success. + + =head1 SEE ALSO + +-L, L, ++L, L, + L, + L + +diff --git a/doc/crypto/EVP_SealInit.pod b/doc/crypto/EVP_SealInit.pod +index 7d793e1..a37101f 100644 +--- a/doc/crypto/EVP_SealInit.pod ++++ b/doc/crypto/EVP_SealInit.pod +@@ -74,7 +74,7 @@ with B set to NULL. + + =head1 SEE ALSO + +-L, L, ++L, L, + L, + L + +diff --git a/doc/crypto/EVP_SignInit.pod b/doc/crypto/EVP_SignInit.pod +index 620a623..090f6e1 100644 +--- a/doc/crypto/EVP_SignInit.pod ++++ b/doc/crypto/EVP_SignInit.pod +@@ -89,7 +89,7 @@ The previous two bugs are fixed in the newer EVP_SignDigest*() function. + =head1 SEE ALSO + + L, +-L, L, ++L, L, + L, L, L, + L, L, L, + L, L +diff --git a/doc/crypto/EVP_VerifyInit.pod b/doc/crypto/EVP_VerifyInit.pod +index 9097f09..2a8d225 100644 +--- a/doc/crypto/EVP_VerifyInit.pod ++++ b/doc/crypto/EVP_VerifyInit.pod +@@ -80,7 +80,7 @@ The previous two bugs are fixed in the newer EVP_VerifyDigest*() function. + + L, + L, +-L, L, ++L, L, + L, L, L, + L, L, L, + L, L +diff --git a/doc/crypto/RAND_add.pod b/doc/crypto/RAND_add.pod +index 67c66f3..a6fc28a 100644 +--- a/doc/crypto/RAND_add.pod ++++ b/doc/crypto/RAND_add.pod +@@ -65,7 +65,7 @@ The other functions do not return values. + + =head1 SEE ALSO + +-L, L, ++L, L, + L, L + + =head1 HISTORY +diff --git a/doc/crypto/RAND_bytes.pod b/doc/crypto/RAND_bytes.pod +index 1a9b91e..20c4110 100644 +--- a/doc/crypto/RAND_bytes.pod ++++ b/doc/crypto/RAND_bytes.pod +@@ -38,7 +38,7 @@ method. + + =head1 SEE ALSO + +-L, L, ++L, L, + L + + =head1 HISTORY +diff --git a/doc/crypto/RAND_cleanup.pod b/doc/crypto/RAND_cleanup.pod +index 3a8f074..c99537d 100644 +--- a/doc/crypto/RAND_cleanup.pod ++++ b/doc/crypto/RAND_cleanup.pod +@@ -20,7 +20,7 @@ RAND_cleanup() returns no value. + + =head1 SEE ALSO + +-L ++L + + =head1 HISTORY + +diff --git a/doc/crypto/RAND_egd.pod b/doc/crypto/RAND_egd.pod +index 8b8c61d..c367290 100644 +--- a/doc/crypto/RAND_egd.pod ++++ b/doc/crypto/RAND_egd.pod +@@ -72,7 +72,7 @@ success, and -1 if the connection failed. The PRNG state is not considered. + + =head1 SEE ALSO + +-L, L, ++L, L, + L + + =head1 HISTORY +diff --git a/doc/crypto/RAND_load_file.pod b/doc/crypto/RAND_load_file.pod +index d8c134e..a079013 100644 +--- a/doc/crypto/RAND_load_file.pod ++++ b/doc/crypto/RAND_load_file.pod +@@ -43,7 +43,7 @@ error. + + =head1 SEE ALSO + +-L, L, L ++L, L, L + + =head1 HISTORY + +diff --git a/doc/crypto/RAND_set_rand_method.pod b/doc/crypto/RAND_set_rand_method.pod +index e5b780f..7f3ad1b 100644 +--- a/doc/crypto/RAND_set_rand_method.pod ++++ b/doc/crypto/RAND_set_rand_method.pod +@@ -67,7 +67,7 @@ algorithms. + + =head1 SEE ALSO + +-L, L ++L, L + + =head1 HISTORY + +diff --git a/doc/crypto/RSA_blinding_on.pod b/doc/crypto/RSA_blinding_on.pod +index fd2c69a..7b98614 100644 +--- a/doc/crypto/RSA_blinding_on.pod ++++ b/doc/crypto/RSA_blinding_on.pod +@@ -34,7 +34,7 @@ RSA_blinding_off() returns no value. + + =head1 SEE ALSO + +-L, L ++L, L + + =head1 HISTORY + +diff --git a/doc/crypto/RSA_generate_key.pod b/doc/crypto/RSA_generate_key.pod +index 52dbb14..3db3487 100644 +--- a/doc/crypto/RSA_generate_key.pod ++++ b/doc/crypto/RSA_generate_key.pod +@@ -59,7 +59,7 @@ RSA_generate_key() goes into an infinite loop for illegal input values. + + =head1 SEE ALSO + +-L, L, L, ++L, L, L, + L + + =head1 HISTORY +diff --git a/doc/crypto/RSA_public_encrypt.pod b/doc/crypto/RSA_public_encrypt.pod +index ab0fe3b..3b00daf 100644 +--- a/doc/crypto/RSA_public_encrypt.pod ++++ b/doc/crypto/RSA_public_encrypt.pod +@@ -73,7 +73,7 @@ SSL, PKCS #1 v2.0 + + =head1 SEE ALSO + +-L, L, L, ++L, L, L, + L + + =head1 HISTORY +diff --git a/doc/crypto/RSA_sign_ASN1_OCTET_STRING.pod b/doc/crypto/RSA_sign_ASN1_OCTET_STRING.pod +index e70380b..121f3df 100644 +--- a/doc/crypto/RSA_sign_ASN1_OCTET_STRING.pod ++++ b/doc/crypto/RSA_sign_ASN1_OCTET_STRING.pod +@@ -48,7 +48,7 @@ These functions serve no recognizable purpose. + =head1 SEE ALSO + + L, L, +-L, L, L, ++L, L, L, + L + + =head1 HISTORY +diff --git a/doc/crypto/bn.pod b/doc/crypto/bn.pod +index cd2f8e5..a6f8c58 100644 +--- a/doc/crypto/bn.pod ++++ b/doc/crypto/bn.pod +@@ -167,7 +167,7 @@ of Bs to external formats is described in L. + =head1 SEE ALSO + + L, +-L, L, L, L, ++L, L, L, L, + L, L, + L, L, L, + L, L, +diff --git a/doc/crypto/crypto.pod b/doc/crypto/crypto.pod +index 7a52799..ca71202 100644 +--- a/doc/crypto/crypto.pod ++++ b/doc/crypto/crypto.pod +@@ -46,7 +46,7 @@ L + + =item AUXILIARY FUNCTIONS + +-L, L, L, ++L, L, L, + L + + =item INPUT/OUTPUT, DATA ENCODING +diff --git a/doc/crypto/des.pod b/doc/crypto/des.pod +index 6f0cf1c..3fd2c47 100644 +--- a/doc/crypto/des.pod ++++ b/doc/crypto/des.pod +@@ -115,7 +115,7 @@ each byte is the parity bit. The key schedule is an expanded form of + the key; it is used to speed the encryption process. + + DES_random_key() generates a random key. The PRNG must be seeded +-prior to using this function (see L). If the PRNG ++prior to using this function (see L). If the PRNG + could not generate a secure key, 0 is returned. + + Before a DES key can be used, it must be converted into the +@@ -317,7 +317,7 @@ the MIT Kerberos library. + + =head1 SEE ALSO + +-crypt(3), L, L, L ++crypt(3), L, L, L + + =head1 HISTORY + +diff --git a/doc/crypto/dh.pod b/doc/crypto/dh.pod +index c3ccd06..28707bf 100644 +--- a/doc/crypto/dh.pod ++++ b/doc/crypto/dh.pod +@@ -67,8 +67,8 @@ modify keys. + + =head1 SEE ALSO + +-L, L, L, L, +-L, L, L, ++L, L, L, L, ++L, L, L, + L, L, + L, + L, +diff --git a/doc/crypto/dsa.pod b/doc/crypto/dsa.pod +index da07d2b..3187a73 100644 +--- a/doc/crypto/dsa.pod ++++ b/doc/crypto/dsa.pod +@@ -100,7 +100,7 @@ Standard, DSS), ANSI X9.30 + + =head1 SEE ALSO + +-L, L, L, L, ++L, L, L, L, + L, L, L, + L, + L, +diff --git a/doc/crypto/engine.pod b/doc/crypto/engine.pod +index f5ab1c3..63f7ebc 100644 +--- a/doc/crypto/engine.pod ++++ b/doc/crypto/engine.pod +@@ -594,6 +594,6 @@ implementations. + + =head1 SEE ALSO + +-L, L, L, L ++L, L, L, L + + =cut +diff --git a/doc/crypto/rsa.pod b/doc/crypto/rsa.pod +index 45ac53f..5fa0dcc 100644 +--- a/doc/crypto/rsa.pod ++++ b/doc/crypto/rsa.pod +@@ -108,7 +108,7 @@ RSA was covered by a US patent which expired in September 2000. + =head1 SEE ALSO + + L, L, L, L, +-L, L, L, ++L, L, L, + L, + L, L, + L, +diff --git a/doc/ssl/SSL_get_error.pod b/doc/ssl/SSL_get_error.pod +index 48c6b15..5432293 100644 +--- a/doc/ssl/SSL_get_error.pod ++++ b/doc/ssl/SSL_get_error.pod +@@ -105,7 +105,7 @@ OpenSSL error queue contains more information on the error. + + =head1 SEE ALSO + +-L, L ++L, L + + =head1 HISTORY + +diff --git a/doc/ssl/SSL_want.pod b/doc/ssl/SSL_want.pod +index c0059c0..2e51a75 100644 +--- a/doc/ssl/SSL_want.pod ++++ b/doc/ssl/SSL_want.pod +@@ -72,6 +72,6 @@ return 1, when the corresponding condition is true or 0 otherwise. + + =head1 SEE ALSO + +-L, L, L ++L, L, L + + =cut diff --git a/main/openssl/0002-busybox-basename.patch b/main/openssl/0002-busybox-basename.patch new file mode 100644 index 0000000000..9bbc284f31 --- /dev/null +++ b/main/openssl/0002-busybox-basename.patch @@ -0,0 +1,34 @@ +From c276ddc394dd402327603959271eac63a2e1ec1c Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?Timo=20Ter=C3=A4s?= +Date: Thu, 5 Feb 2015 08:40:00 +0200 +Subject: [PATCH] busybox basename + +--- + Makefile.org | 4 ++-- + 1 file changed, 2 insertions(+), 2 deletions(-) + +diff --git a/Makefile.org b/Makefile.org +index b7a3f96..035fa83 100644 +--- a/Makefile.org ++++ b/Makefile.org +@@ -649,7 +649,7 @@ install_docs: + filecase=-i; \ + esac; \ + set -e; for i in doc/apps/*.pod; do \ +- fn=`basename $$i .pod`; \ ++ fn=`basename $$i .pod || true`; \ + sec=`$(PERL) util/extract-section.pl 1 < $$i`; \ + echo "installing man$$sec/$$fn.$${sec}$(MANSUFFIX)"; \ + (cd `$(PERL) util/dirname.pl $$i`; \ +@@ -666,7 +666,7 @@ install_docs: + done); \ + done; \ + set -e; for i in doc/crypto/*.pod doc/ssl/*.pod; do \ +- fn=`basename $$i .pod`; \ ++ fn=`basename $$i .pod || true`; \ + sec=`$(PERL) util/extract-section.pl 3 < $$i`; \ + echo "installing man$$sec/$$fn.$${sec}$(MANSUFFIX)"; \ + (cd `$(PERL) util/dirname.pl $$i`; \ +-- +2.2.2 + diff --git a/main/openssl/0002-engines-e_padlock-backport-cvs-head-changes.patch b/main/openssl/0002-engines-e_padlock-backport-cvs-head-changes.patch deleted file mode 100644 index 74fc3d8e74..0000000000 --- a/main/openssl/0002-engines-e_padlock-backport-cvs-head-changes.patch +++ /dev/null @@ -1,193 +0,0 @@ -Backport changes from upstream padlock module. -Includes support for VIA Nano 64-bit mode. - -Signed-off-by: Timo Teräs - -diff -ru openssl-1.0.1k.orig/engines/e_padlock.c openssl-1.0.1k/engines/e_padlock.c ---- openssl-1.0.1k.orig/engines/e_padlock.c 2015-01-08 16:00:56.000000000 -0200 -+++ openssl-1.0.1k/engines/e_padlock.c 2015-01-09 08:08:35.421516799 -0200 -@@ -101,7 +101,10 @@ - compiler choice is limited to GCC and Microsoft C. */ - #undef COMPILE_HW_PADLOCK - #if !defined(I386_ONLY) && !defined(OPENSSL_NO_INLINE_ASM) --# if (defined(__GNUC__) && (defined(__i386__) || defined(__i386))) || \ -+# if (defined(__GNUC__) && __GNUC__>=2 && \ -+ (defined(__i386__) || defined(__i386) || \ -+ defined(__x86_64__) || defined(__x86_64)) \ -+ ) || \ - (defined(_MSC_VER) && defined(_M_IX86)) - # define COMPILE_HW_PADLOCK - # endif -@@ -304,6 +307,7 @@ - * ======================================================= - */ - #if defined(__GNUC__) && __GNUC__>=2 -+#if defined(__i386__) || defined(__i386) - /* - * As for excessive "push %ebx"/"pop %ebx" found all over. - * When generating position-independent code GCC won't let -@@ -383,23 +387,6 @@ - return padlock_use_ace + padlock_use_rng; - } - --#ifndef OPENSSL_NO_AES --#ifndef AES_ASM --/* Our own htonl()/ntohl() */ --static inline void --padlock_bswapl(AES_KEY *ks) --{ -- size_t i = sizeof(ks->rd_key)/sizeof(ks->rd_key[0]); -- unsigned int *key = ks->rd_key; -- -- while (i--) { -- asm volatile ("bswapl %0" : "+r"(*key)); -- key++; -- } --} --#endif --#endif -- - /* Force key reload from memory to the CPU microcode. - Loading EFLAGS from the stack clears EFLAGS[30] - which does the trick. */ -@@ -457,12 +444,129 @@ - : "edx", "cc", "memory"); \ - return iv; \ - } -+#endif -+ -+#elif defined(__x86_64__) || defined(__x86_64) -+ -+/* Load supported features of the CPU to see if -+ the PadLock is available. */ -+static int -+padlock_available(void) -+{ -+ char vendor_string[16]; -+ unsigned int eax, edx; - -+ /* Are we running on the Centaur (VIA) CPU? */ -+ eax = 0x00000000; -+ vendor_string[12] = 0; -+ asm volatile ( -+ "cpuid\n" -+ "movl %%ebx,(%1)\n" -+ "movl %%edx,4(%1)\n" -+ "movl %%ecx,8(%1)\n" -+ : "+a"(eax) : "r"(vendor_string) : "rbx", "rcx", "rdx"); -+ if (strcmp(vendor_string, "CentaurHauls") != 0) -+ return 0; -+ -+ /* Check for Centaur Extended Feature Flags presence */ -+ eax = 0xC0000000; -+ asm volatile ("cpuid" -+ : "+a"(eax) : : "rbx", "rcx", "rdx"); -+ if (eax < 0xC0000001) -+ return 0; -+ -+ /* Read the Centaur Extended Feature Flags */ -+ eax = 0xC0000001; -+ asm volatile ("cpuid" -+ : "+a"(eax), "=d"(edx) : : "rbx", "rcx"); -+ -+ /* Fill up some flags */ -+ padlock_use_ace = ((edx & (0x3<<6)) == (0x3<<6)); -+ padlock_use_rng = ((edx & (0x3<<2)) == (0x3<<2)); -+ -+ return padlock_use_ace + padlock_use_rng; -+} -+ -+/* Force key reload from memory to the CPU microcode. -+ Loading EFLAGS from the stack clears EFLAGS[30] -+ which does the trick. */ -+static inline void -+padlock_reload_key(void) -+{ -+ asm volatile ("pushfq; popfq"); -+} -+ -+#ifndef OPENSSL_NO_AES -+/* -+ * This is heuristic key context tracing. At first one -+ * believes that one should use atomic swap instructions, -+ * but it's not actually necessary. Point is that if -+ * padlock_saved_context was changed by another thread -+ * after we've read it and before we compare it with cdata, -+ * our key *shall* be reloaded upon thread context switch -+ * and we are therefore set in either case... -+ */ -+static inline void -+padlock_verify_context(struct padlock_cipher_data *cdata) -+{ -+ asm volatile ( -+ "pushfq\n" -+" btl $30,(%%rsp)\n" -+" jnc 1f\n" -+" cmpq %2,%1\n" -+" je 1f\n" -+" popfq\n" -+" subq $8,%%rsp\n" -+"1: addq $8,%%rsp\n" -+" movq %2,%0" -+ :"+m"(padlock_saved_context) -+ : "r"(padlock_saved_context), "r"(cdata) : "cc"); -+} -+ -+/* Template for padlock_xcrypt_* modes */ -+/* BIG FAT WARNING: -+ * The offsets used with 'leal' instructions -+ * describe items of the 'padlock_cipher_data' -+ * structure. -+ */ -+#define PADLOCK_XCRYPT_ASM(name,rep_xcrypt) \ -+static inline void *name(size_t cnt, \ -+ struct padlock_cipher_data *cdata, \ -+ void *out, const void *inp) \ -+{ void *iv; \ -+ asm volatile ( "leaq 16(%0),%%rdx\n" \ -+ " leaq 32(%0),%%rbx\n" \ -+ rep_xcrypt "\n" \ -+ : "=a"(iv), "=c"(cnt), "=D"(out), "=S"(inp) \ -+ : "0"(cdata), "1"(cnt), "2"(out), "3"(inp) \ -+ : "rbx", "rdx", "cc", "memory"); \ -+ return iv; \ -+} -+#endif -+ -+#endif /* cpu */ -+ -+#ifndef OPENSSL_NO_AES - /* Generate all functions with appropriate opcodes */ - PADLOCK_XCRYPT_ASM(padlock_xcrypt_ecb, ".byte 0xf3,0x0f,0xa7,0xc8") /* rep xcryptecb */ - PADLOCK_XCRYPT_ASM(padlock_xcrypt_cbc, ".byte 0xf3,0x0f,0xa7,0xd0") /* rep xcryptcbc */ - PADLOCK_XCRYPT_ASM(padlock_xcrypt_cfb, ".byte 0xf3,0x0f,0xa7,0xe0") /* rep xcryptcfb */ - PADLOCK_XCRYPT_ASM(padlock_xcrypt_ofb, ".byte 0xf3,0x0f,0xa7,0xe8") /* rep xcryptofb */ -+ -+#ifndef AES_ASM -+/* Our own htonl()/ntohl() */ -+static inline void -+padlock_bswapl(AES_KEY *ks) -+{ -+ size_t i = sizeof(ks->rd_key)/sizeof(ks->rd_key[0]); -+ unsigned int *key = ks->rd_key; -+ -+ while (i--) { -+ asm volatile ("bswapl %0" : "+r"(*key)); -+ key++; -+ } -+} -+#endif - #endif - - /* The RNG call itself */ -@@ -493,8 +597,8 @@ - static inline unsigned char * - padlock_memcpy(void *dst,const void *src,size_t n) - { -- long *d=dst; -- const long *s=src; -+ size_t *d=dst; -+ const size_t *s=src; - - n /= sizeof(*d); - do { *d++ = *s++; } while (--n); diff --git a/main/openssl/0003-engines-e_padlock-implement-sha1-sha224-sha256-accel.patch b/main/openssl/0003-engines-e_padlock-implement-sha1-sha224-sha256-accel.patch deleted file mode 100644 index c88edbf8fe..0000000000 --- a/main/openssl/0003-engines-e_padlock-implement-sha1-sha224-sha256-accel.patch +++ /dev/null @@ -1,781 +0,0 @@ -From 77b32d0906eaac4d9adf3e6b7c3b52d927e10b41 Mon Sep 17 00:00:00 2001 -From: =?UTF-8?q?Timo=20Ter=C3=A4s?= -Date: Wed, 28 Jul 2010 08:37:58 +0300 -Subject: [PATCH 3/4] engines/e_padlock: implement sha1/sha224/sha256 - acceleration - -Limited support for VIA C7 that works only when EVP_MD_CTX_FLAG_ONESHOT -is used appropriately (as done by EVP_Digest, and my previous HMAC patch). - -Full support for VIA Nano including partial transformation and 64-bit mode. - -Benchmarks from VIA Nano 1.6GHz, done with including the previous HMAC and -apps/speed patches done. From single run, error margin of about 100-200k. - -No padlock - -type 16 bytes 64 bytes 256 bytes 1024 bytes 8192 bytes -sha1 20057.60k 51514.05k 99721.39k 130167.81k 142811.14k -sha256 7757.72k 16907.18k 28937.05k 35181.23k 37568.51k -hmac(sha1) 8582.53k 27644.69k 70402.30k 114602.67k 140167.85k - -With the patch - -sha1 37713.77k 114562.71k 259637.33k 379907.41k 438818.13k -sha256 34262.86k 103233.75k 232476.07k 338386.60k 389860.01k -hmac(sha1) 8424.70k 31475.11k 104036.10k 245559.30k 406667.26k ---- - engines/e_padlock.c | 660 ++++++++++++++++++++++++++++++++++++++++++++++++---- - 1 file changed, 613 insertions(+), 47 deletions(-) - -diff --git a/engines/e_padlock.c b/engines/e_padlock.c -index 6ab42d2..e107d3c 100644 ---- a/engines/e_padlock.c -+++ b/engines/e_padlock.c -@@ -3,6 +3,9 @@ - * Written by Michal Ludvig - * http://www.logix.cz/michal - * -+ * SHA support by Timo Teras . Portions based on -+ * code originally written by Michal Ludvig. -+ * - * Big thanks to Andy Polyakov for a help with optimization, - * assembler fixes, port to MS Windows and a lot of other - * valuable work on this engine! -@@ -64,7 +67,9 @@ - - - #include -+#include - #include -+#include - - #include - #include -@@ -74,12 +79,33 @@ - #ifndef OPENSSL_NO_AES - #include - #endif -+#ifndef OPENSSL_NO_SHA -+#include -+#endif - #include - #include - - #ifndef OPENSSL_NO_HW - #ifndef OPENSSL_NO_HW_PADLOCK - -+/* PadLock RNG is disabled by default */ -+#define PADLOCK_NO_RNG 1 -+ -+/* No ASM routines for SHA in MSC yet */ -+#ifdef _MSC_VER -+#define OPENSSL_NO_SHA -+#endif -+ -+/* 64-bit mode does not need software SHA1 as fallback, we can -+ * do all operations with padlock */ -+#if defined(__x86_64__) || defined(__x86_64) -+#define PADLOCK_NEED_FALLBACK_SHA 0 -+#else -+#define PADLOCK_NEED_FALLBACK_SHA 1 -+#endif -+ -+#define PADLOCK_MAX_FINALIZING_LENGTH 0x1FFFFFFE -+ - /* Attempt to have a single source for both 0.9.7 and 0.9.8 :-) */ - #if (OPENSSL_VERSION_NUMBER >= 0x00908000L) - # ifndef OPENSSL_NO_DYNAMIC_ENGINE -@@ -149,58 +175,40 @@ static int padlock_available(void); - static int padlock_init(ENGINE *e); - - /* RNG Stuff */ -+#ifndef PADLOCK_NO_RNG - static RAND_METHOD padlock_rand; -- --/* Cipher Stuff */ --#ifndef OPENSSL_NO_AES --static int padlock_ciphers(ENGINE *e, const EVP_CIPHER **cipher, const int **nids, int nid); - #endif - - /* Engine names */ - static const char *padlock_id = "padlock"; - static char padlock_name[100]; - --/* Available features */ --static int padlock_use_ace = 0; /* Advanced Cryptography Engine */ --static int padlock_use_rng = 0; /* Random Number Generator */ --#ifndef OPENSSL_NO_AES --static int padlock_aes_align_required = 1; --#endif -+static int padlock_bind_helper(ENGINE *e); - --/* ===== Engine "management" functions ===== */ -- --/* Prepare the ENGINE structure for registration */ --static int --padlock_bind_helper(ENGINE *e) --{ -- /* Check available features */ -- padlock_available(); -- --#if 1 /* disable RNG for now, see commentary in vicinity of RNG code */ -- padlock_use_rng=0; --#endif -- -- /* Generate a nice engine name with available features */ -- BIO_snprintf(padlock_name, sizeof(padlock_name), -- "VIA PadLock (%s, %s)", -- padlock_use_rng ? "RNG" : "no-RNG", -- padlock_use_ace ? "ACE" : "no-ACE"); -+ /* Available features */ -+enum padlock_flags { -+ PADLOCK_RNG = 0x01, -+ PADLOCK_ACE = 0x02, -+ PADLOCK_ACE2 = 0x04, -+ PADLOCK_PHE = 0x08, -+ PADLOCK_PMM = 0x10, -+ PADLOCK_NANO = 0x20, -+}; -+enum padlock_flags padlock_flags; - -- /* Register everything or return with an error */ -- if (!ENGINE_set_id(e, padlock_id) || -- !ENGINE_set_name(e, padlock_name) || -+#define PADLOCK_HAVE_RNG (padlock_flags & PADLOCK_RNG) -+#define PADLOCK_HAVE_ACE (padlock_flags & (PADLOCK_ACE|PADLOCK_ACE2)) -+#define PADLOCK_HAVE_ACE1 (padlock_flags & PADLOCK_ACE) -+#define PADLOCK_HAVE_ACE2 (padlock_flags & PADLOCK_ACE2) -+#define PADLOCK_HAVE_PHE (padlock_flags & PADLOCK_PHE) -+#define PADLOCK_HAVE_PMM (padlock_flags & PADLOCK_PMM) -+#define PADLOCK_HAVE_NANO (padlock_flags & PADLOCK_NANO) - -- !ENGINE_set_init_function(e, padlock_init) || - #ifndef OPENSSL_NO_AES -- (padlock_use_ace && !ENGINE_set_ciphers (e, padlock_ciphers)) || -+static int padlock_aes_align_required = 1; - #endif -- (padlock_use_rng && !ENGINE_set_RAND (e, &padlock_rand))) { -- return 0; -- } - -- /* Everything looks good */ -- return 1; --} -+/* ===== Engine "management" functions ===== */ - - #ifdef OPENSSL_NO_DYNAMIC_ENGINE - -@@ -228,7 +236,7 @@ ENGINE_padlock(void) - static int - padlock_init(ENGINE *e) - { -- return (padlock_use_rng || padlock_use_ace); -+ return padlock_flags; - } - - /* This stuff is needed if this ENGINE is being compiled into a self-contained -@@ -381,10 +389,20 @@ padlock_available(void) - : "+a"(eax), "=d"(edx) : : "ecx"); - - /* Fill up some flags */ -- padlock_use_ace = ((edx & (0x3<<6)) == (0x3<<6)); -- padlock_use_rng = ((edx & (0x3<<2)) == (0x3<<2)); -+ padlock_flags |= ((edx & (0x3<<3)) ? PADLOCK_RNG : 0); -+ padlock_flags |= ((edx & (0x3<<7)) ? PADLOCK_ACE : 0); -+ padlock_flags |= ((edx & (0x3<<9)) ? PADLOCK_ACE2 : 0); -+ padlock_flags |= ((edx & (0x3<<11)) ? PADLOCK_PHE : 0); -+ padlock_flags |= ((edx & (0x3<<13)) ? PADLOCK_PMM : 0); -+ -+ /* Check for VIA Nano CPU */ -+ eax = 0x00000001; -+ asm volatile ("pushl %%ebx; cpuid; popl %%ebx" -+ : "+a"(eax) : : "ecx", "edx"); -+ if ((eax | 0x000F) == 0x06FF) -+ padlock_flags |= PADLOCK_NANO; - -- return padlock_use_ace + padlock_use_rng; -+ return padlock_flags; - } - - /* Force key reload from memory to the CPU microcode. -@@ -481,10 +499,14 @@ padlock_available(void) - : "+a"(eax), "=d"(edx) : : "rbx", "rcx"); - - /* Fill up some flags */ -- padlock_use_ace = ((edx & (0x3<<6)) == (0x3<<6)); -- padlock_use_rng = ((edx & (0x3<<2)) == (0x3<<2)); -- -- return padlock_use_ace + padlock_use_rng; -+ padlock_flags |= ((edx & (0x3<<3)) ? PADLOCK_RNG : 0); -+ padlock_flags |= ((edx & (0x3<<7)) ? PADLOCK_ACE : 0); -+ padlock_flags |= ((edx & (0x3<<9)) ? PADLOCK_ACE2 : 0); -+ padlock_flags |= ((edx & (0x3<<11)) ? PADLOCK_PHE : 0); -+ padlock_flags |= ((edx & (0x3<<13)) ? PADLOCK_PMM : 0); -+ padlock_flags |= PADLOCK_NANO; -+ -+ return padlock_flags; - } - - /* Force key reload from memory to the CPU microcode. -@@ -1273,6 +1295,496 @@ padlock_aes_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out_arg, - - #endif /* OPENSSL_NO_AES */ - -+#ifndef OPENSSL_NO_SHA -+ -+static inline void -+padlock_copy_bswap(void *dst, void *src, size_t count) -+{ -+ uint32_t *udst = dst, *usrc = src; -+ int i = 0; -+ -+ for (i = 0; i < count; i++) -+ udst[i] = htonl(usrc[i]); -+} -+ -+static unsigned long padlock_sha_prepare_padding( -+ EVP_MD_CTX *ctx, -+ unsigned char *padding, -+ unsigned char *data, size_t data_len, -+ uint64_t total) -+{ -+ unsigned int padding_len; -+ -+ padding_len = data_len < 56 ? SHA_CBLOCK : 2 * SHA_CBLOCK; -+ if (data_len) -+ memcpy(padding, data, data_len); -+ -+ memset(padding + data_len, 0, padding_len - data_len); -+ padding[data_len] = 0x80; -+ *(uint32_t *)(padding + padding_len - 8) = htonl(total >> 32); -+ *(uint32_t *)(padding + padding_len - 4) = htonl(total & 0xffffffff); -+ -+ return data_len < 56 ? 1 : 2; -+} -+ -+#define PADLOCK_SHA_ALIGN(dd) (uint32_t*)(((uintptr_t)(dd) + 15) & ~15) -+#define PADLOCK_SHA_HWCTX (128+16) -+ -+static void -+padlock_sha1(void *hwctx, const void *buf, unsigned long total, unsigned long now) -+{ -+ unsigned long pos = total - now; -+ -+ asm volatile ("xsha1" -+ : "+S"(buf), "+D"(hwctx), "+a"(pos), "+c"(total) -+ : : "memory"); -+} -+ -+static void -+padlock_sha1_partial(void *hwctx, const void *buf, unsigned long blocks) -+{ -+ asm volatile ("xsha1" -+ : "+S"(buf), "+D"(hwctx), "+c"(blocks) -+ : "a"(-1L) : "memory"); -+} -+ -+static int padlock_sha1_init(EVP_MD_CTX *ctx) -+{ -+ return SHA1_Init(ctx->md_data); -+} -+ -+#if PADLOCK_NEED_FALLBACK_SHA -+ -+static int padlock_sha1_update_eden(EVP_MD_CTX *ctx, const void *data, -+ size_t len) -+{ -+ unsigned char hwctx[PADLOCK_SHA_HWCTX]; -+ uint32_t *aligned = PADLOCK_SHA_ALIGN(hwctx); -+ SHA_CTX *c = ctx->md_data; -+ uint_fast64_t total; -+ const unsigned char *p = data; -+ unsigned long l = 0; -+ -+ /* Calculate total length (Nl,Nh) is length in bits */ -+ total = (((uint_fast64_t) c->Nh) << 29) + (c->Nl >> 3); -+ total += len; -+ -+ if ((ctx->flags & EVP_MD_CTX_FLAG_ONESHOT) && -+ (total <= PADLOCK_MAX_FINALIZING_LENGTH)) { -+ if (c->num != 0) { -+ l = (len < SHA_CBLOCK - c->num) ? len : (SHA_CBLOCK - c->num); -+ if (!SHA1_Update(c, data, l)) -+ return 0; -+ p += l; -+ if (c->num != 0) { -+ p = (unsigned char *) c->data; -+ len = c->num; -+ l = 0; -+ } -+ } -+ memcpy(aligned, &c->h0, 5 * sizeof(SHA_LONG)); -+ padlock_sha1(aligned, p, total, len - l); -+ memcpy(&c->h0, aligned, 5 * sizeof(SHA_LONG)); -+ c->num = -1; -+ return 1; -+ } -+ -+ return SHA1_Update(c, data, len); -+} -+#endif -+ -+static int padlock_sha1_update(EVP_MD_CTX *ctx, const void *data, -+ size_t len) -+{ -+ unsigned char hwctx[PADLOCK_SHA_HWCTX]; -+ uint32_t *aligned = PADLOCK_SHA_ALIGN(hwctx); -+ SHA_CTX *c = ctx->md_data; -+ uint_fast64_t total; -+ unsigned char *p; -+ unsigned long n; -+ -+ /* Calculate total length (Nl,Nh) is length in bits */ -+ total = (((uint_fast64_t) c->Nh) << 29) + (c->Nl >> 3); -+ total += len; -+ c->Nh = total >> 29; -+ c->Nl = (total << 3) & 0xffffffffUL; -+ -+ memcpy(aligned, &c->h0, 5 * sizeof(SHA_LONG)); -+ -+ /* Check partial data */ -+ n = c->num; -+ if (n) { -+ p = (unsigned char *) c->data; -+ if (len >= SHA_CBLOCK || len+n >= SHA_CBLOCK) { -+ memcpy(p+n, data, SHA_CBLOCK-n); -+ padlock_sha1_partial(aligned, p, 1); -+ n = SHA_CBLOCK - n; -+ data += n; -+ len -= n; -+ c->num = 0; -+ memset(p, 0, SHA_CBLOCK); -+ } else { -+ memcpy(p+n, data, len); -+ c->num += (unsigned int)len; -+ return 1; -+ } -+ } -+ -+ /* Can we finalize straight away? */ -+ if ((ctx->flags & EVP_MD_CTX_FLAG_ONESHOT) && -+ (total <= PADLOCK_MAX_FINALIZING_LENGTH)) { -+ padlock_sha1(aligned, data, total, len); -+ memcpy(&c->h0, aligned, 5 * sizeof(SHA_LONG)); -+ c->num = -1; -+ return 1; -+ } -+ -+ /* Use nonfinalizing update */ -+ n = len / SHA_CBLOCK; -+ if (n != 0) { -+ padlock_sha1_partial(aligned, data, n); -+ data += n * SHA_CBLOCK; -+ len -= n * SHA_CBLOCK; -+ } -+ memcpy(&c->h0, aligned, 5 * sizeof(SHA_LONG)); -+ -+ /* Buffer remaining bytes */ -+ if (len) { -+ memcpy(c->data, data, len); -+ c->num = len; -+ } -+ -+ return 1; -+} -+ -+static int padlock_sha1_final(EVP_MD_CTX *ctx, unsigned char *md) -+{ -+ unsigned char hwctx[PADLOCK_SHA_HWCTX]; -+ uint32_t *aligned = PADLOCK_SHA_ALIGN(hwctx); -+ uint64_t total; -+ SHA_CTX *c = ctx->md_data; -+ -+ if (c->num == -1) { -+ padlock_copy_bswap(md, &c->h0, 5); -+ c->num = 0; -+ return 1; -+ } -+ -+ total = (((uint_fast64_t) c->Nh) << 29) + (c->Nl >> 3); -+#if PADLOCK_NEED_FALLBACK_SHA -+ if ((!PADLOCK_HAVE_NANO) && (total > PADLOCK_MAX_FINALIZING_LENGTH)) -+ return SHA1_Final(md, c); -+#endif -+ -+ memcpy(aligned, &c->h0, 5 * sizeof(SHA_LONG)); -+ if (total > PADLOCK_MAX_FINALIZING_LENGTH) { -+ unsigned char padding[2 * SHA_CBLOCK]; -+ unsigned long n; -+ -+ n = padlock_sha_prepare_padding(ctx, padding, -+ (unsigned char *) c->data, c->num, total << 3); -+ padlock_sha1_partial(aligned, padding, n); -+ } else { -+ padlock_sha1(aligned, c->data, total, c->num); -+ } -+ padlock_copy_bswap(md, aligned, 5); -+ c->num = 0; -+ -+ return 1; -+} -+ -+static EVP_MD padlock_sha1_md = { -+ NID_sha1, -+ NID_sha1WithRSAEncryption, -+ SHA_DIGEST_LENGTH, -+ EVP_MD_FLAG_PKEY_METHOD_SIGNATURE, -+ padlock_sha1_init, -+ padlock_sha1_update, -+ padlock_sha1_final, -+ NULL, -+ NULL, -+ EVP_PKEY_RSA_method, -+ SHA_CBLOCK, -+ sizeof(SHA_CTX), -+}; -+ -+static EVP_MD padlock_dss1_md = { -+ NID_dsa, -+ NID_dsaWithSHA1, -+ SHA_DIGEST_LENGTH, -+ 0, -+ padlock_sha1_init, -+ padlock_sha1_update, -+ padlock_sha1_final, -+ NULL, -+ NULL, -+ EVP_PKEY_DSA_method, -+ SHA_CBLOCK, -+ sizeof(SHA_CTX), -+}; -+ -+ -+#if !defined(OPENSSL_NO_SHA256) -+ -+static void -+padlock_sha256(void *hwctx, const void *buf, unsigned long total, unsigned long now) -+{ -+ unsigned long pos = total - now; -+ -+ asm volatile ("xsha256" -+ : "+S"(buf), "+D"(hwctx), "+a"(pos), "+c"(total) -+ : : "memory"); -+} -+ -+static void -+padlock_sha256_partial(void *hwctx, const void *buf, unsigned long blocks) -+{ -+ asm volatile ("xsha256" -+ : "+S"(buf), "+D"(hwctx), "+c"(blocks) -+ : "a"(-1L) : "memory"); -+} -+ -+#if PADLOCK_NEED_FALLBACK_SHA -+ -+static int padlock_sha256_update_eden(EVP_MD_CTX *ctx, const void *data, -+ size_t len) -+{ -+ unsigned char hwctx[PADLOCK_SHA_HWCTX]; -+ uint32_t *aligned = PADLOCK_SHA_ALIGN(hwctx); -+ SHA256_CTX *c = ctx->md_data; -+ uint_fast64_t total; -+ const unsigned char *p = data; -+ unsigned int l = 0; -+ -+ /* Calculate total length (Nl,Nh) is length in bits */ -+ total = (((uint_fast64_t) c->Nh) << 29) + (c->Nl >> 3); -+ total += len; -+ -+ if ((ctx->flags & EVP_MD_CTX_FLAG_ONESHOT) && -+ (total <= PADLOCK_MAX_FINALIZING_LENGTH)) { -+ if (c->num != 0) { -+ l = (len < SHA256_CBLOCK - c->num) ? len : (SHA256_CBLOCK - c->num); -+ if (!SHA256_Update(c, data, l)) -+ return 0; -+ p += l; -+ if (c->num != 0) { -+ p = (unsigned char *) c->data; -+ len = c->num; -+ l = 0; -+ } -+ } -+ memcpy(aligned, c->h, sizeof(c->h)); -+ padlock_sha256(aligned, p, total, len - l); -+ memcpy(c->h, aligned, sizeof(c->h)); -+ c->num = -1; -+ return 1; -+ } -+ -+ return SHA256_Update(c, data, len); -+} -+ -+#endif -+ -+static int padlock_sha256_update(EVP_MD_CTX *ctx, const void *data, -+ size_t len) -+{ -+ unsigned char hwctx[PADLOCK_SHA_HWCTX]; -+ uint32_t *aligned = PADLOCK_SHA_ALIGN(hwctx); -+ SHA256_CTX *c = ctx->md_data; -+ uint_fast64_t total; -+ unsigned char *p; -+ unsigned long n; -+ -+ /* Calculate total length (Nl,Nh) is length in bits */ -+ total = (((uint_fast64_t) c->Nh) << 29) + (c->Nl >> 3); -+ total += len; -+ c->Nh = total >> 29; -+ c->Nl = (total << 3) & 0xffffffffUL; -+ -+ memcpy(aligned, c->h, sizeof(c->h)); -+ -+ /* Check partial data */ -+ n = c->num; -+ if (n) { -+ p = (unsigned char *) c->data; -+ if (len >= SHA256_CBLOCK || len+n >= SHA256_CBLOCK) { -+ memcpy(p+n, data, SHA256_CBLOCK-n); -+ padlock_sha256_partial(aligned, p, 1); -+ n = SHA256_CBLOCK - n; -+ data += n; -+ len -= n; -+ c->num = 0; -+ memset(p, 0, SHA256_CBLOCK); -+ } else { -+ memcpy(p+n, data, len); -+ c->num += (unsigned int)len; -+ return 1; -+ } -+ } -+ -+ /* Can we finalize straight away? */ -+ if ((ctx->flags & EVP_MD_CTX_FLAG_ONESHOT) && -+ (total <= PADLOCK_MAX_FINALIZING_LENGTH)) { -+ padlock_sha256(aligned, data, total, len); -+ memcpy(c->h, aligned, sizeof(c->h)); -+ c->num = -1; -+ return 1; -+ } -+ -+ /* Use nonfinalizing update */ -+ n = len / SHA256_CBLOCK; -+ if (n != 0) { -+ padlock_sha256_partial(aligned, data, n); -+ data += n * SHA256_CBLOCK; -+ len -= n * SHA256_CBLOCK; -+ } -+ memcpy(c->h, aligned, sizeof(c->h)); -+ -+ /* Buffer remaining bytes */ -+ if (len) { -+ memcpy(c->data, data, len); -+ c->num = len; -+ } -+ -+ return 1; -+} -+ -+static int padlock_sha256_final(EVP_MD_CTX *ctx, unsigned char *md) -+{ -+ unsigned char hwctx[PADLOCK_SHA_HWCTX]; -+ uint32_t *aligned = PADLOCK_SHA_ALIGN(hwctx); -+ uint64_t total; -+ SHA256_CTX *c = ctx->md_data; -+ -+ if (c->num == -1) { -+ padlock_copy_bswap(md, c->h, sizeof(c->h)/sizeof(c->h[0])); -+ c->num = 0; -+ return 1; -+ } -+ -+ total = (((uint_fast64_t) c->Nh) << 29) + (c->Nl >> 3); -+#if PADLOCK_NEED_FALLBACK_SHA -+ if ((!PADLOCK_HAVE_NANO) && (total > PADLOCK_MAX_FINALIZING_LENGTH)) -+ return SHA256_Final(md, c); -+#endif -+ -+ memcpy(aligned, c->h, sizeof(c->h)); -+ if (total > PADLOCK_MAX_FINALIZING_LENGTH) { -+ unsigned char padding[2 * SHA_CBLOCK]; -+ unsigned long n; -+ -+ n = padlock_sha_prepare_padding(ctx, padding, -+ (unsigned char *) c->data, c->num, total << 3); -+ padlock_sha256_partial(aligned, padding, n); -+ } else { -+ padlock_sha256(aligned, c->data, total, c->num); -+ } -+ padlock_copy_bswap(md, aligned, sizeof(c->h)/sizeof(c->h[0])); -+ c->num = 0; -+ return 1; -+} -+ -+#if !defined(OPENSSL_NO_SHA224) -+ -+static int padlock_sha224_init(EVP_MD_CTX *ctx) -+{ -+ return SHA224_Init(ctx->md_data); -+} -+ -+static EVP_MD padlock_sha224_md = { -+ NID_sha224, -+ NID_sha224WithRSAEncryption, -+ SHA224_DIGEST_LENGTH, -+ 0, -+ padlock_sha224_init, -+ padlock_sha256_update, -+ padlock_sha256_final, -+ NULL, -+ NULL, -+ EVP_PKEY_RSA_method, -+ SHA_CBLOCK, -+ sizeof(SHA256_CTX), -+}; -+#endif /* !OPENSSL_NO_SHA224 */ -+ -+static int padlock_sha256_init(EVP_MD_CTX *ctx) -+{ -+ return SHA256_Init(ctx->md_data); -+} -+ -+static EVP_MD padlock_sha256_md = { -+ NID_sha256, -+ NID_sha256WithRSAEncryption, -+ SHA256_DIGEST_LENGTH, -+ 0, -+ padlock_sha256_init, -+ padlock_sha256_update, -+ padlock_sha256_final, -+ NULL, -+ NULL, -+ EVP_PKEY_RSA_method, -+ SHA_CBLOCK, -+ sizeof(SHA256_CTX), -+}; -+#endif /* !OPENSSL_NO_SHA256 */ -+ -+static int padlock_digest_nids[] = { -+#if !defined(OPENSSL_NO_SHA) -+ NID_sha1, -+ NID_dsa, -+#endif -+#if !defined(OPENSSL_NO_SHA256) -+#if !defined(OPENSSL_NO_SHA224) -+ NID_sha224, -+#endif -+ NID_sha256, -+#endif -+}; -+ -+static int padlock_digest_nids_num = sizeof(padlock_digest_nids)/sizeof(padlock_digest_nids[0]); -+ -+static int -+padlock_digests (ENGINE *e, const EVP_MD **digest, const int **nids, int nid) -+{ -+ /* No specific digest => return a list of supported nids ... */ -+ if (!digest) { -+ *nids = padlock_digest_nids; -+ return padlock_digest_nids_num; -+ } -+ -+ /* ... or the requested "digest" otherwise */ -+ switch (nid) { -+#if !defined(OPENSSL_NO_SHA) -+ case NID_sha1: -+ *digest = &padlock_sha1_md; -+ break; -+ case NID_dsa: -+ *digest = &padlock_dss1_md; -+ break; -+#endif -+#if !defined(OPENSSL_NO_SHA256) -+#if !defined(OPENSSL_NO_SHA224) -+ case NID_sha224: -+ *digest = &padlock_sha224_md; -+ break; -+#endif /* OPENSSL_NO_SHA224 */ -+ case NID_sha256: -+ *digest = &padlock_sha256_md; -+ break; -+#endif /* OPENSSL_NO_SHA256 */ -+ default: -+ /* Sorry, we don't support this NID */ -+ *digest = NULL; -+ return 0; -+ } -+ -+ return 1; -+} -+ -+#endif /* OPENSSL_NO_SHA */ -+ -+#ifndef PADLOCK_NO_RNG -+ - /* ===== Random Number Generator ===== */ - /* - * This code is not engaged. The reason is that it does not comply -@@ -1329,6 +1841,60 @@ static RAND_METHOD padlock_rand = { - padlock_rand_status, /* rand status */ - }; - -+#endif /* PADLOCK_NO_RNG */ -+ -+/* Prepare the ENGINE structure for registration */ -+static int -+padlock_bind_helper(ENGINE *e) -+{ -+ /* Check available features */ -+ padlock_available(); -+ -+ /* Generate a nice engine name with available features */ -+ BIO_snprintf(padlock_name, sizeof(padlock_name), -+ "VIA PadLock: %s%s%s%s%s%s", -+ padlock_flags ? "" : "not supported", -+ PADLOCK_HAVE_RNG ? "RNG " : "", -+ PADLOCK_HAVE_ACE ? (PADLOCK_HAVE_ACE2 ? "ACE2 " : "ACE ") : "", -+ PADLOCK_HAVE_PHE ? "PHE " : "", -+ PADLOCK_HAVE_PMM ? "PMM " : "", -+ PADLOCK_HAVE_NANO ? "NANO " : "" -+ ); -+ -+#if PADLOCK_NEED_FALLBACK_SHA && !defined(OPENSSL_NO_SHA) -+ if (!PADLOCK_HAVE_NANO) { -+ padlock_sha1_md.update = padlock_sha1_update_eden; -+ padlock_dss1_md.update = padlock_sha1_update_eden; -+#if !defined(OPENSSL_NO_SHA256) -+#if !defined(OPENSSL_NO_SHA224) -+ padlock_sha224_md.update = padlock_sha256_update_eden; -+#endif -+ padlock_sha256_md.update = padlock_sha256_update_eden; -+#endif -+ } -+#endif -+ -+ /* Register everything or return with an error */ -+ if (!ENGINE_set_id(e, padlock_id) || -+ !ENGINE_set_name(e, padlock_name) || -+ !ENGINE_set_init_function(e, padlock_init) -+#ifndef OPENSSL_NO_AES -+ || (PADLOCK_HAVE_ACE && !ENGINE_set_ciphers (e, padlock_ciphers)) -+#endif -+#ifndef OPENSSL_NO_SHA -+ || (PADLOCK_HAVE_PHE && !ENGINE_set_digests (e, padlock_digests)) -+#endif -+#ifndef PADLOCK_NO_RNG -+ || (PADLOCK_HAVE_RNG && !ENGINE_set_RAND (e, &padlock_rand)) -+#endif -+ ) { -+ return 0; -+ } -+ -+ /* Everything looks good */ -+ return 1; -+} -+ - #else /* !COMPILE_HW_PADLOCK */ - #ifndef OPENSSL_NO_DYNAMIC_ENGINE - OPENSSL_EXPORT --- -1.7.11.3 - diff --git a/main/openssl/0003-use-termios.patch b/main/openssl/0003-use-termios.patch new file mode 100644 index 0000000000..3312d18567 --- /dev/null +++ b/main/openssl/0003-use-termios.patch @@ -0,0 +1,26 @@ +From 5caf1bdcdb56358c0ce38ef404fedbe323e66cb9 Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?Timo=20Ter=C3=A4s?= +Date: Thu, 5 Feb 2015 08:40:32 +0200 +Subject: [PATCH] use termios + +--- + crypto/ui/ui_openssl.c | 3 +++ + 1 file changed, 3 insertions(+) + +diff --git a/crypto/ui/ui_openssl.c b/crypto/ui/ui_openssl.c +index 8bda83c..a89b5f2 100644 +--- a/crypto/ui/ui_openssl.c ++++ b/crypto/ui/ui_openssl.c +@@ -224,6 +224,9 @@ + # undef SGTTY + #endif + ++#define TERMIOS ++#undef TERMIO ++ + #ifdef TERMIOS + # include + # define TTY_STRUCT struct termios +-- +2.2.2 + diff --git a/main/openssl/0004-crypto-engine-autoload-padlock-dynamic-engine.patch b/main/openssl/0004-crypto-engine-autoload-padlock-dynamic-engine.patch deleted file mode 100644 index f83fc965e0..0000000000 --- a/main/openssl/0004-crypto-engine-autoload-padlock-dynamic-engine.patch +++ /dev/null @@ -1,33 +0,0 @@ -From 21668119c0f83f309b423b8a443dbef5206ab778 Mon Sep 17 00:00:00 2001 -From: =?UTF-8?q?Timo=20Ter=C3=A4s?= -Date: Fri, 4 Jun 2010 18:02:39 +0300 -Subject: [PATCH 4/4] crypto/engine: autoload padlock dynamic engine - ---- - crypto/engine/eng_all.c | 10 ++++++++++ - 1 file changed, 10 insertions(+) - -diff --git a/crypto/engine/eng_all.c b/crypto/engine/eng_all.c -index 6093376..210b2d7 100644 ---- a/crypto/engine/eng_all.c -+++ b/crypto/engine/eng_all.c -@@ -120,6 +120,16 @@ void ENGINE_load_builtin_engines(void) - ENGINE_load_capi(); - #endif - #endif -+#ifdef OPENSSL_NO_STATIC_ENGINE -+ { -+ ENGINE *e; -+ e = ENGINE_by_id("padlock"); -+ if (e != NULL) { -+ ENGINE_add(e); -+ ENGINE_free(e); -+ } -+ } -+#endif - ENGINE_register_all_complete(); - } - --- -1.7.11.3 - diff --git a/main/openssl/0004-fix-default-ca-path-for-apps.patch b/main/openssl/0004-fix-default-ca-path-for-apps.patch new file mode 100644 index 0000000000..6e17a71f3a --- /dev/null +++ b/main/openssl/0004-fix-default-ca-path-for-apps.patch @@ -0,0 +1,104 @@ +From 09e6425ad6927a825b077af85c50b2fb04773757 Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?Timo=20Ter=C3=A4s?= +Date: Thu, 5 Feb 2015 08:52:05 +0200 +Subject: [PATCH] fix default ca path for apps + +--- + apps/s_client.c | 13 ++++++------- + apps/s_server.c | 22 ++++++++++++++-------- + apps/s_time.c | 13 ++++++------- + 3 files changed, 26 insertions(+), 22 deletions(-) + +diff --git a/apps/s_client.c b/apps/s_client.c +index b1152aa..8aee02a 100644 +--- a/apps/s_client.c ++++ b/apps/s_client.c +@@ -1337,13 +1337,12 @@ int MAIN(int argc, char **argv) + + SSL_CTX_set_verify(ctx, verify, verify_callback); + +- if ((!SSL_CTX_load_verify_locations(ctx, CAfile, CApath)) || +- (!SSL_CTX_set_default_verify_paths(ctx))) { +- /* +- * BIO_printf(bio_err,"error setting default verify locations\n"); +- */ +- ERR_print_errors(bio_err); +- /* goto end; */ ++ if (CAfile == NULL && CApath == NULL) { ++ if (!SSL_CTX_set_default_verify_paths(ctx)) ++ ERR_print_errors(bio_err); ++ } else { ++ if (!SSL_CTX_load_verify_locations(ctx, CAfile, CApath)) ++ ERR_print_errors(bio_err); + } + + ssl_ctx_add_crls(ctx, crls, crl_download); +diff --git a/apps/s_server.c b/apps/s_server.c +index baa2455..2d5dc97 100644 +--- a/apps/s_server.c ++++ b/apps/s_server.c +@@ -1770,12 +1770,14 @@ int MAIN(int argc, char *argv[]) + } + #endif + +- if ((!SSL_CTX_load_verify_locations(ctx, CAfile, CApath)) || +- (!SSL_CTX_set_default_verify_paths(ctx))) { +- /* BIO_printf(bio_err,"X509_load_verify_locations\n"); */ +- ERR_print_errors(bio_err); +- /* goto end; */ ++ if (CAfile == NULL && CApath == NULL) { ++ if (!SSL_CTX_set_default_verify_paths(ctx)) ++ ERR_print_errors(bio_err); ++ } else { ++ if (!SSL_CTX_load_verify_locations(ctx, CAfile, CApath)) ++ ERR_print_errors(bio_err); + } ++ + if (vpm) + SSL_CTX_set1_param(ctx, vpm); + +@@ -1838,10 +1840,14 @@ int MAIN(int argc, char *argv[]) + else + SSL_CTX_sess_set_cache_size(ctx2, 128); + +- if ((!SSL_CTX_load_verify_locations(ctx2, CAfile, CApath)) || +- (!SSL_CTX_set_default_verify_paths(ctx2))) { +- ERR_print_errors(bio_err); ++ if (CAfile == NULL && CApath == NULL) { ++ if (!SSL_CTX_set_default_verify_paths(ctx2)) ++ ERR_print_errors(bio_err); ++ } else { ++ if (!SSL_CTX_load_verify_locations(ctx2, CAfile, CApath)) ++ ERR_print_errors(bio_err); + } ++ + if (vpm) + SSL_CTX_set1_param(ctx2, vpm); + +diff --git a/apps/s_time.c b/apps/s_time.c +index 5846f3a..c8f371a 100644 +--- a/apps/s_time.c ++++ b/apps/s_time.c +@@ -377,13 +377,12 @@ int MAIN(int argc, char **argv) + + SSL_load_error_strings(); + +- if ((!SSL_CTX_load_verify_locations(tm_ctx, CAfile, CApath)) || +- (!SSL_CTX_set_default_verify_paths(tm_ctx))) { +- /* +- * BIO_printf(bio_err,"error setting default verify locations\n"); +- */ +- ERR_print_errors(bio_err); +- /* goto end; */ ++ if (CAfile == NULL && CApath == NULL) { ++ if (!SSL_CTX_set_default_verify_paths(tm_ctx)) ++ ERR_print_errors(bio_err); ++ } else { ++ if (!SSL_CTX_load_verify_locations(tm_ctx, CAfile, CApath)) ++ ERR_print_errors(bio_err); + } + + if (tm_cipher == NULL) +-- +2.2.2 + diff --git a/main/openssl/0005-fix-parallel-build.patch b/main/openssl/0005-fix-parallel-build.patch new file mode 100644 index 0000000000..6232c780d8 --- /dev/null +++ b/main/openssl/0005-fix-parallel-build.patch @@ -0,0 +1,354 @@ +diff -ru openssl-1.0.1m.orig/Makefile.org openssl-1.0.1m/Makefile.org +--- openssl-1.0.1m.orig/Makefile.org 2015-03-19 13:37:10.000000000 +0000 ++++ openssl-1.0.1m/Makefile.org 2015-03-19 16:07:39.311988611 +0000 +@@ -273,17 +273,17 @@ + build_libs: build_crypto build_ssl build_engines + + build_crypto: +- @dir=crypto; target=all; $(BUILD_ONE_CMD) +-build_ssl: +- @dir=ssl; target=all; $(BUILD_ONE_CMD) +-build_engines: +- @dir=engines; target=all; $(BUILD_ONE_CMD) +-build_apps: +- @dir=apps; target=all; $(BUILD_ONE_CMD) +-build_tests: +- @dir=test; target=all; $(BUILD_ONE_CMD) +-build_tools: +- @dir=tools; target=all; $(BUILD_ONE_CMD) ++ +@dir=crypto; target=all; $(BUILD_ONE_CMD) ++build_ssl: build_crypto ++ +@dir=ssl; target=all; $(BUILD_ONE_CMD) ++build_engines: build_crypto ++ +@dir=engines; target=all; $(BUILD_ONE_CMD) ++build_apps: build_libs ++ +@dir=apps; target=all; $(BUILD_ONE_CMD) ++build_tests: build_libs ++ +@dir=test; target=all; $(BUILD_ONE_CMD) ++build_tools: build_libs ++ +@dir=tools; target=all; $(BUILD_ONE_CMD) + + all_testapps: build_libs build_testapps + build_testapps: +@@ -538,9 +538,9 @@ + dist_pem_h: + (cd crypto/pem; $(MAKE) -e $(BUILDENV) pem.h; $(MAKE) clean) + +-install: all install_docs install_sw ++install: install_docs install_sw + +-install_sw: ++install_dirs: + @$(PERL) $(TOP)/util/mkdir-p.pl $(INSTALL_PREFIX)$(INSTALLTOP)/bin \ + $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR) \ + $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/engines \ +@@ -549,12 +549,19 @@ + $(INSTALL_PREFIX)$(OPENSSLDIR)/misc \ + $(INSTALL_PREFIX)$(OPENSSLDIR)/certs \ + $(INSTALL_PREFIX)$(OPENSSLDIR)/private ++ @$(PERL) $(TOP)/util/mkdir-p.pl \ ++ $(INSTALL_PREFIX)$(MANDIR)/man1 \ ++ $(INSTALL_PREFIX)$(MANDIR)/man3 \ ++ $(INSTALL_PREFIX)$(MANDIR)/man5 \ ++ $(INSTALL_PREFIX)$(MANDIR)/man7 ++ ++install_sw: install_dirs + @set -e; headerlist="$(EXHEADER)"; for i in $$headerlist;\ + do \ + (cp $$i $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i; \ + chmod 644 $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i ); \ + done; +- @set -e; target=install; $(RECURSIVE_BUILD_CMD) ++ +@set -e; target=install; $(RECURSIVE_BUILD_CMD) + @set -e; liblist="$(LIBS)"; for i in $$liblist ;\ + do \ + if [ -f "$$i" ]; then \ +@@ -634,12 +641,7 @@ + done; \ + done + +-install_docs: +- @$(PERL) $(TOP)/util/mkdir-p.pl \ +- $(INSTALL_PREFIX)$(MANDIR)/man1 \ +- $(INSTALL_PREFIX)$(MANDIR)/man3 \ +- $(INSTALL_PREFIX)$(MANDIR)/man5 \ +- $(INSTALL_PREFIX)$(MANDIR)/man7 ++install_docs: install_dirs + @pod2man="`cd ./util; ./pod2mantest $(PERL)`"; \ + here="`pwd`"; \ + filecase=; \ +diff -ru openssl-1.0.1m.orig/Makefile.shared openssl-1.0.1m/Makefile.shared +--- openssl-1.0.1m.orig/Makefile.shared 2015-01-20 12:33:36.000000000 +0000 ++++ openssl-1.0.1m/Makefile.shared 2015-03-19 16:07:39.311988611 +0000 +@@ -105,6 +105,7 @@ + SHAREDFLAGS="$${SHAREDFLAGS:-$(CFLAGS) $(SHARED_LDFLAGS)}"; \ + LIBPATH=`for x in $$LIBDEPS; do echo $$x; done | sed -e 's/^ *-L//;t' -e d | uniq`; \ + LIBPATH=`echo $$LIBPATH | sed -e 's/ /:/g'`; \ ++ [ -e $$SHLIB$$SHLIB_SOVER$$SHLIB_SUFFIX ] && exit 0; \ + LD_LIBRARY_PATH=$$LIBPATH:$$LD_LIBRARY_PATH \ + $${SHAREDCMD} $${SHAREDFLAGS} \ + -o $$SHLIB$$SHLIB_SOVER$$SHLIB_SUFFIX \ +@@ -122,6 +123,7 @@ + done; \ + fi; \ + if [ -n "$$SHLIB_SOVER" ]; then \ ++ [ -e "$$SHLIB$$SHLIB_SUFFIX" ] || \ + ( $(SET_X); rm -f $$SHLIB$$SHLIB_SUFFIX; \ + ln -s $$prev $$SHLIB$$SHLIB_SUFFIX ); \ + fi; \ +diff -ru openssl-1.0.1m.orig/crypto/Makefile openssl-1.0.1m/crypto/Makefile +--- openssl-1.0.1m.orig/crypto/Makefile 2015-03-19 13:38:24.000000000 +0000 ++++ openssl-1.0.1m/crypto/Makefile 2015-03-19 16:08:31.056272678 +0000 +@@ -85,22 +85,22 @@ + @if [ -z "$(THIS)" ]; then $(MAKE) -f $(TOP)/Makefile reflect THIS=$@; fi + + subdirs: +- @target=all; $(RECURSIVE_MAKE) ++ +@target=all; $(RECURSIVE_MAKE) + + files: + $(PERL) $(TOP)/util/files.pl Makefile >> $(TOP)/MINFO +- @target=files; $(RECURSIVE_MAKE) ++ +@target=files; $(RECURSIVE_MAKE) + + links: + @$(PERL) $(TOP)/util/mklink.pl ../include/openssl $(EXHEADER) + @$(PERL) $(TOP)/util/mklink.pl ../test $(TEST) + @$(PERL) $(TOP)/util/mklink.pl ../apps $(APPS) +- @target=links; $(RECURSIVE_MAKE) ++ +@target=links; $(RECURSIVE_MAKE) + + # lib: $(LIB): are splitted to avoid end-less loop + lib: $(LIB) + @touch lib +-$(LIB): $(LIBOBJ) ++$(LIB): $(LIBOBJ) | subdirs + $(AR) $(LIB) $(LIBOBJ) + [ -z "$(FIPSLIBDIR)" ] || $(AR) $(LIB) $(FIPSLIBDIR)fipscanister.o + $(RANLIB) $(LIB) || echo Never mind. +@@ -111,7 +111,7 @@ + fi + + libs: +- @target=lib; $(RECURSIVE_MAKE) ++ +@target=lib; $(RECURSIVE_MAKE) + + install: + @[ -n "$(INSTALLTOP)" ] # should be set by top Makefile... +@@ -120,7 +120,7 @@ + (cp $$i $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i; \ + chmod 644 $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i ); \ + done; +- @target=install; $(RECURSIVE_MAKE) ++ +@target=install; $(RECURSIVE_MAKE) + + lint: + @target=lint; $(RECURSIVE_MAKE) +diff -ru openssl-1.0.1m.orig/engines/Makefile openssl-1.0.1m/engines/Makefile +--- openssl-1.0.1m.orig/engines/Makefile 2015-03-19 13:38:35.000000000 +0000 ++++ openssl-1.0.1m/engines/Makefile 2015-03-19 16:07:39.311988611 +0000 +@@ -72,7 +72,7 @@ + + all: lib subdirs + +-lib: $(LIBOBJ) ++lib: $(LIBOBJ) | subdirs + @if [ -n "$(SHARED_LIBS)" ]; then \ + set -e; \ + for l in $(LIBNAMES); do \ +@@ -89,7 +89,7 @@ + + subdirs: + echo $(EDIRS) +- @target=all; $(RECURSIVE_MAKE) ++ +@target=all; $(RECURSIVE_MAKE) + + files: + $(PERL) $(TOP)/util/files.pl Makefile >> $(TOP)/MINFO +@@ -128,7 +128,7 @@ + mv -f $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/engines/$$pfx$$l$$sfx.new $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/engines/$$pfx$$l$$sfx ); \ + done; \ + fi +- @target=install; $(RECURSIVE_MAKE) ++ +@target=install; $(RECURSIVE_MAKE) + + tags: + ctags $(SRC) +diff -ru openssl-1.0.1m.orig/test/Makefile openssl-1.0.1m/test/Makefile +--- openssl-1.0.1m.orig/test/Makefile 2015-03-19 13:38:37.000000000 +0000 ++++ openssl-1.0.1m/test/Makefile 2015-03-19 16:09:59.571232753 +0000 +@@ -130,7 +130,7 @@ + tags: + ctags $(SRC) + +-tests: exe apps $(TESTS) ++tests: exe $(TESTS) + + apps: + @(cd ..; $(MAKE) DIRS=apps all) +@@ -388,118 +388,118 @@ + link_app.$${shlib_target} + + $(RSATEST)$(EXE_EXT): $(RSATEST).o $(DLIBCRYPTO) +- @target=$(RSATEST); $(BUILD_CMD) ++ +@target=$(RSATEST); $(BUILD_CMD) + + $(BNTEST)$(EXE_EXT): $(BNTEST).o $(DLIBCRYPTO) +- @target=$(BNTEST); $(BUILD_CMD) ++ +@target=$(BNTEST); $(BUILD_CMD) + + $(ECTEST)$(EXE_EXT): $(ECTEST).o $(DLIBCRYPTO) +- @target=$(ECTEST); $(BUILD_CMD) ++ +@target=$(ECTEST); $(BUILD_CMD) + + $(EXPTEST)$(EXE_EXT): $(EXPTEST).o $(DLIBCRYPTO) +- @target=$(EXPTEST); $(BUILD_CMD) ++ +@target=$(EXPTEST); $(BUILD_CMD) + + $(IDEATEST)$(EXE_EXT): $(IDEATEST).o $(DLIBCRYPTO) +- @target=$(IDEATEST); $(BUILD_CMD) ++ +@target=$(IDEATEST); $(BUILD_CMD) + + $(MD2TEST)$(EXE_EXT): $(MD2TEST).o $(DLIBCRYPTO) +- @target=$(MD2TEST); $(BUILD_CMD) ++ +@target=$(MD2TEST); $(BUILD_CMD) + + $(SHATEST)$(EXE_EXT): $(SHATEST).o $(DLIBCRYPTO) +- @target=$(SHATEST); $(BUILD_CMD) ++ +@target=$(SHATEST); $(BUILD_CMD) + + $(SHA1TEST)$(EXE_EXT): $(SHA1TEST).o $(DLIBCRYPTO) +- @target=$(SHA1TEST); $(BUILD_CMD) ++ +@target=$(SHA1TEST); $(BUILD_CMD) + + $(SHA256TEST)$(EXE_EXT): $(SHA256TEST).o $(DLIBCRYPTO) +- @target=$(SHA256TEST); $(BUILD_CMD) ++ +@target=$(SHA256TEST); $(BUILD_CMD) + + $(SHA512TEST)$(EXE_EXT): $(SHA512TEST).o $(DLIBCRYPTO) +- @target=$(SHA512TEST); $(BUILD_CMD) ++ +@target=$(SHA512TEST); $(BUILD_CMD) + + $(RMDTEST)$(EXE_EXT): $(RMDTEST).o $(DLIBCRYPTO) +- @target=$(RMDTEST); $(BUILD_CMD) ++ +@target=$(RMDTEST); $(BUILD_CMD) + + $(MDC2TEST)$(EXE_EXT): $(MDC2TEST).o $(DLIBCRYPTO) +- @target=$(MDC2TEST); $(BUILD_CMD) ++ +@target=$(MDC2TEST); $(BUILD_CMD) + + $(MD4TEST)$(EXE_EXT): $(MD4TEST).o $(DLIBCRYPTO) +- @target=$(MD4TEST); $(BUILD_CMD) ++ +@target=$(MD4TEST); $(BUILD_CMD) + + $(MD5TEST)$(EXE_EXT): $(MD5TEST).o $(DLIBCRYPTO) +- @target=$(MD5TEST); $(BUILD_CMD) ++ +@target=$(MD5TEST); $(BUILD_CMD) + + $(HMACTEST)$(EXE_EXT): $(HMACTEST).o $(DLIBCRYPTO) +- @target=$(HMACTEST); $(BUILD_CMD) ++ +@target=$(HMACTEST); $(BUILD_CMD) + + $(WPTEST)$(EXE_EXT): $(WPTEST).o $(DLIBCRYPTO) +- @target=$(WPTEST); $(BUILD_CMD) ++ +@target=$(WPTEST); $(BUILD_CMD) + + $(RC2TEST)$(EXE_EXT): $(RC2TEST).o $(DLIBCRYPTO) +- @target=$(RC2TEST); $(BUILD_CMD) ++ +@target=$(RC2TEST); $(BUILD_CMD) + + $(BFTEST)$(EXE_EXT): $(BFTEST).o $(DLIBCRYPTO) +- @target=$(BFTEST); $(BUILD_CMD) ++ +@target=$(BFTEST); $(BUILD_CMD) + + $(CASTTEST)$(EXE_EXT): $(CASTTEST).o $(DLIBCRYPTO) +- @target=$(CASTTEST); $(BUILD_CMD) ++ +@target=$(CASTTEST); $(BUILD_CMD) + + $(RC4TEST)$(EXE_EXT): $(RC4TEST).o $(DLIBCRYPTO) +- @target=$(RC4TEST); $(BUILD_CMD) ++ +@target=$(RC4TEST); $(BUILD_CMD) + + $(RC5TEST)$(EXE_EXT): $(RC5TEST).o $(DLIBCRYPTO) +- @target=$(RC5TEST); $(BUILD_CMD) ++ +@target=$(RC5TEST); $(BUILD_CMD) + + $(DESTEST)$(EXE_EXT): $(DESTEST).o $(DLIBCRYPTO) +- @target=$(DESTEST); $(BUILD_CMD) ++ +@target=$(DESTEST); $(BUILD_CMD) + + $(RANDTEST)$(EXE_EXT): $(RANDTEST).o $(DLIBCRYPTO) +- @target=$(RANDTEST); $(BUILD_CMD) ++ +@target=$(RANDTEST); $(BUILD_CMD) + + $(DHTEST)$(EXE_EXT): $(DHTEST).o $(DLIBCRYPTO) +- @target=$(DHTEST); $(BUILD_CMD) ++ +@target=$(DHTEST); $(BUILD_CMD) + + $(DSATEST)$(EXE_EXT): $(DSATEST).o $(DLIBCRYPTO) +- @target=$(DSATEST); $(BUILD_CMD) ++ +@target=$(DSATEST); $(BUILD_CMD) + + $(METHTEST)$(EXE_EXT): $(METHTEST).o $(DLIBCRYPTO) +- @target=$(METHTEST); $(BUILD_CMD) ++ +@target=$(METHTEST); $(BUILD_CMD) + + $(SSLTEST)$(EXE_EXT): $(SSLTEST).o $(DLIBSSL) $(DLIBCRYPTO) +- @target=$(SSLTEST); $(FIPS_BUILD_CMD) ++ +@target=$(SSLTEST); $(FIPS_BUILD_CMD) + + $(ENGINETEST)$(EXE_EXT): $(ENGINETEST).o $(DLIBCRYPTO) +- @target=$(ENGINETEST); $(BUILD_CMD) ++ +@target=$(ENGINETEST); $(BUILD_CMD) + + $(EVPTEST)$(EXE_EXT): $(EVPTEST).o $(DLIBCRYPTO) +- @target=$(EVPTEST); $(BUILD_CMD) ++ +@target=$(EVPTEST); $(BUILD_CMD) + + $(EVPEXTRATEST)$(EXE_EXT): $(EVPEXTRATEST).o $(DLIBCRYPTO) +- @target=$(EVPEXTRATEST); $(BUILD_CMD) ++ +@target=$(EVPEXTRATEST); $(BUILD_CMD) + + $(ECDSATEST)$(EXE_EXT): $(ECDSATEST).o $(DLIBCRYPTO) +- @target=$(ECDSATEST); $(BUILD_CMD) ++ +@target=$(ECDSATEST); $(BUILD_CMD) + + $(ECDHTEST)$(EXE_EXT): $(ECDHTEST).o $(DLIBCRYPTO) +- @target=$(ECDHTEST); $(BUILD_CMD) ++ +@target=$(ECDHTEST); $(BUILD_CMD) + + $(IGETEST)$(EXE_EXT): $(IGETEST).o $(DLIBCRYPTO) +- @target=$(IGETEST); $(BUILD_CMD) ++ +@target=$(IGETEST); $(BUILD_CMD) + + $(JPAKETEST)$(EXE_EXT): $(JPAKETEST).o $(DLIBCRYPTO) +- @target=$(JPAKETEST); $(BUILD_CMD) ++ +@target=$(JPAKETEST); $(BUILD_CMD) + + $(ASN1TEST)$(EXE_EXT): $(ASN1TEST).o $(DLIBCRYPTO) +- @target=$(ASN1TEST); $(BUILD_CMD) ++ +@target=$(ASN1TEST); $(BUILD_CMD) + + $(SRPTEST)$(EXE_EXT): $(SRPTEST).o $(DLIBCRYPTO) +- @target=$(SRPTEST); $(BUILD_CMD) ++ +@target=$(SRPTEST); $(BUILD_CMD) + + $(HEARTBEATTEST)$(EXE_EXT): $(HEARTBEATTEST).o $(DLIBCRYPTO) +- @target=$(HEARTBEATTEST); $(BUILD_CMD_STATIC) ++ +@target=$(HEARTBEATTEST); $(BUILD_CMD_STATIC) + + $(CONSTTIMETEST)$(EXE_EXT): $(CONSTTIMETEST).o +- @target=$(CONSTTIMETEST) $(BUILD_CMD) ++ +@target=$(CONSTTIMETEST) $(BUILD_CMD) + + #$(AESTEST).o: $(AESTEST).c + # $(CC) -c $(CFLAGS) -DINTERMEDIATE_VALUE_KAT -DTRACE_KAT_MCT $(AESTEST).c +@@ -512,7 +512,7 @@ + # fi + + dummytest$(EXE_EXT): dummytest.o $(DLIBCRYPTO) +- @target=dummytest; $(BUILD_CMD) ++ +@target=dummytest; $(BUILD_CMD) + + # DO NOT DELETE THIS LINE -- make depend depends on it. + diff --git a/main/openssl/0005-s_client-ircv3-starttls.patch b/main/openssl/0005-s_client-ircv3-starttls.patch deleted file mode 100644 index 880cbb6518..0000000000 --- a/main/openssl/0005-s_client-ircv3-starttls.patch +++ /dev/null @@ -1,56 +0,0 @@ ---- openssl-1.0.1c/apps/s_client.c -+++ openssl-1.0.1c.mod/apps/s_client.c -@@ -344,7 +344,7 @@ - BIO_printf(bio_err," -starttls prot - use the STARTTLS command before starting TLS\n"); - BIO_printf(bio_err," for those protocols that support it, where\n"); - BIO_printf(bio_err," 'prot' defines which one to assume. Currently,\n"); -- BIO_printf(bio_err," only \"smtp\", \"pop3\", \"imap\", \"ftp\" and \"xmpp\"\n"); -+ BIO_printf(bio_err," only \"smtp\", \"pop3\", \"imap\", \"ftp\", \"xmpp\" and \"ircv3\"\n"); - BIO_printf(bio_err," are supported.\n"); - #ifndef OPENSSL_NO_ENGINE - BIO_printf(bio_err," -engine id - Initialise and use the specified engine\n"); -@@ -546,7 +546,8 @@ - PROTO_POP3, - PROTO_IMAP, - PROTO_FTP, -- PROTO_XMPP -+ PROTO_XMPP, -+ PROTO_IRCV3 - }; - - int MAIN(int, char **); -@@ -910,6 +911,8 @@ - starttls_proto = PROTO_FTP; - else if (strcmp(*argv, "xmpp") == 0) - starttls_proto = PROTO_XMPP; -+ else if (strcmp(*argv, "ircv3") == 0) -+ starttls_proto = PROTO_IRCV3; - else - goto bad; - } -@@ -1484,6 +1487,25 @@ - sbuf[seen] = 0; - if (!strstr(sbuf, " +Date: Thu, 5 Feb 2015 09:02:00 +0200 +Subject: [PATCH] add ircv3 tls-3.1 extension support to s_client + +--- + apps/s_client.c | 24 ++++++++++++++++++++++-- + 1 file changed, 22 insertions(+), 2 deletions(-) + +diff --git a/apps/s_client.c b/apps/s_client.c +index 8aee02a..0a28b89 100644 +--- a/apps/s_client.c ++++ b/apps/s_client.c +@@ -401,7 +401,7 @@ static void sc_usage(void) + BIO_printf(bio_err, + " 'prot' defines which one to assume. Currently,\n"); + BIO_printf(bio_err, +- " only \"smtp\", \"pop3\", \"imap\", \"ftp\" and \"xmpp\"\n"); ++ " only \"smtp\", \"pop3\", \"imap\", \"ftp\", \"xmpp\" and \"ircv3\"\n"); + BIO_printf(bio_err, " are supported.\n"); + #ifndef OPENSSL_NO_ENGINE + BIO_printf(bio_err, +@@ -640,7 +640,8 @@ enum { + PROTO_POP3, + PROTO_IMAP, + PROTO_FTP, +- PROTO_XMPP ++ PROTO_XMPP, ++ PROTO_IRCV3, + }; + + int MAIN(int, char **); +@@ -1062,6 +1063,8 @@ int MAIN(int argc, char **argv) + starttls_proto = PROTO_FTP; + else if (strcmp(*argv, "xmpp") == 0) + starttls_proto = PROTO_XMPP; ++ else if (strcmp(*argv, "ircv3") == 0) ++ starttls_proto = PROTO_IRCV3; + else + goto bad; + } +@@ -1646,6 +1649,23 @@ int MAIN(int argc, char **argv) + goto shut; + mbuf[0] = 0; + } ++ if (starttls_proto == PROTO_IRCV3) { ++ int seen = 0; ++ BIO_printf(sbio,"CAP REQ :tls\r\n"); ++ ++ while (!strstr(mbuf,"CAP")) { ++ seen = BIO_read(sbio,mbuf,BUFSIZZ); ++ mbuf[seen] = 0; ++ } ++ if (!strstr(mbuf,"ACK")) ++ goto shut; ++ BIO_printf(sbio,"CAP END\r\nSTARTTLS\r\n"); ++ while (!strstr(sbuf, "670")) { ++ seen = BIO_read(sbio,sbuf,BUFSIZZ); ++ sbuf[seen] = 0; ++ } ++ mbuf[0] = 0; ++ } + + for (;;) { + FD_ZERO(&readfds); +-- +2.2.2 + diff --git a/main/openssl/0007-reimplement-c_rehash-in-C.patch b/main/openssl/0007-reimplement-c_rehash-in-C.patch new file mode 100644 index 0000000000..eee75d14f5 --- /dev/null +++ b/main/openssl/0007-reimplement-c_rehash-in-C.patch @@ -0,0 +1,447 @@ +From f9044ad2a216f984481645671ccc30a043849fb1 Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?Timo=20Ter=C3=A4s?= +Date: Thu, 5 Feb 2015 09:11:27 +0200 +Subject: [PATCH] reimplement c_rehash in C + +--- + apps/Makefile | 4 +- + apps/c_rehash.c | 383 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++ + tools/Makefile | 3 +- + 3 files changed, 386 insertions(+), 4 deletions(-) + create mode 100644 apps/c_rehash.c + +diff --git a/apps/Makefile b/apps/Makefile +index 72657ea..3aa03e0 100644 +--- a/apps/Makefile ++++ b/apps/Makefile +@@ -36,7 +36,7 @@ SCRIPTS=CA.sh CA.pl tsget + EXE= $(PROGRAM)$(EXE_EXT) + + E_EXE= verify asn1pars req dgst dh dhparam enc passwd gendh errstr \ +- ca crl rsa rsautl dsa dsaparam ec ecparam \ ++ ca crl c_rehash rsa rsautl dsa dsaparam ec ecparam \ + x509 genrsa gendsa genpkey s_server s_client speed \ + s_time version pkcs7 cms crl2pkcs7 sess_id ciphers nseq pkcs12 \ + pkcs8 pkey pkeyparam pkeyutl spkac smime rand engine ocsp prime ts srp +@@ -51,7 +51,7 @@ RAND_OBJ=app_rand.o + RAND_SRC=app_rand.c + + E_OBJ= verify.o asn1pars.o req.o dgst.o dh.o dhparam.o enc.o passwd.o gendh.o errstr.o \ +- ca.o pkcs7.o crl2p7.o crl.o \ ++ ca.o pkcs7.o crl2p7.o crl.o c_rehash.o \ + rsa.o rsautl.o dsa.o dsaparam.o ec.o ecparam.o \ + x509.o genrsa.o gendsa.o genpkey.o s_server.o s_client.o speed.o \ + s_time.o $(A_OBJ) $(S_OBJ) $(RAND_OBJ) version.o sess_id.o \ +diff --git a/apps/c_rehash.c b/apps/c_rehash.c +new file mode 100644 +index 0000000..e8d0b86 +--- /dev/null ++++ b/apps/c_rehash.c +@@ -0,0 +1,383 @@ ++/* c_rehash.c - Create hash symlinks for certificates ++ * C implementation based on the original Perl and shell versions ++ * ++ * Copyright (c) 2013-2014 Timo Teräs ++ * All rights reserved. ++ * ++ * This software is licensed under the MIT License. ++ * Full license available at: http://opensource.org/licenses/MIT ++ */ ++ ++#include ++#include ++#include ++#include ++#include ++#include ++ ++#include ++#include ++#include ++ ++#include "apps.h" ++ ++#undef PROG ++#define PROG c_rehash_main ++ ++ ++#define MAX_COLLISIONS 256 ++#define countof(x) (sizeof(x) / sizeof(x[0])) ++ ++#if 0 ++#define DEBUG(args...) fprintf(stderr, args) ++#else ++#define DEBUG(args...) ++#endif ++ ++struct entry_info { ++ struct entry_info *next; ++ char *filename; ++ unsigned short old_id; ++ unsigned char need_symlink; ++ unsigned char digest[EVP_MAX_MD_SIZE]; ++}; ++ ++struct bucket_info { ++ struct bucket_info *next; ++ struct entry_info *first_entry, *last_entry; ++ unsigned int hash; ++ unsigned short type; ++ unsigned short num_needed; ++}; ++ ++enum Type { ++ TYPE_CERT = 0, ++ TYPE_CRL ++}; ++ ++static const char *symlink_extensions[] = { "", "r" }; ++static const char *file_extensions[] = { "pem", "crt", "cer", "crl" }; ++ ++static int evpmdsize; ++static const EVP_MD *evpmd; ++ ++static int do_hash_new = 1; ++static int do_hash_old = 0; ++static int do_remove_links = 1; ++static int do_verbose = 0; ++ ++static struct bucket_info *hash_table[257]; ++ ++static void bit_set(unsigned char *set, unsigned bit) ++{ ++ set[bit / 8] |= 1 << (bit % 8); ++} ++ ++static int bit_isset(unsigned char *set, unsigned bit) ++{ ++ return set[bit / 8] & (1 << (bit % 8)); ++} ++ ++static void add_entry( ++ int type, unsigned int hash, ++ const char *filename, const unsigned char *digest, ++ int need_symlink, unsigned short old_id) ++{ ++ struct bucket_info *bi; ++ struct entry_info *ei, *found = NULL; ++ unsigned int ndx = (type + hash) % countof(hash_table); ++ ++ for (bi = hash_table[ndx]; bi; bi = bi->next) ++ if (bi->type == type && bi->hash == hash) ++ break; ++ if (!bi) { ++ bi = calloc(1, sizeof(*bi)); ++ if (!bi) return; ++ bi->next = hash_table[ndx]; ++ bi->type = type; ++ bi->hash = hash; ++ hash_table[ndx] = bi; ++ } ++ ++ for (ei = bi->first_entry; ei; ei = ei->next) { ++ if (digest && memcmp(digest, ei->digest, evpmdsize) == 0) { ++ BIO_printf(bio_err, ++ "WARNING: Skipping duplicate certificate in file %s\n", ++ filename); ++ return; ++ } ++ if (!strcmp(filename, ei->filename)) { ++ found = ei; ++ if (!digest) break; ++ } ++ } ++ ei = found; ++ if (!ei) { ++ if (bi->num_needed >= MAX_COLLISIONS) return; ++ ei = calloc(1, sizeof(*ei)); ++ if (!ei) return; ++ ++ ei->old_id = ~0; ++ ei->filename = strdup(filename); ++ if (bi->last_entry) bi->last_entry->next = ei; ++ if (!bi->first_entry) bi->first_entry = ei; ++ bi->last_entry = ei; ++ } ++ ++ if (old_id < ei->old_id) ei->old_id = old_id; ++ if (need_symlink && !ei->need_symlink) { ++ ei->need_symlink = 1; ++ bi->num_needed++; ++ memcpy(ei->digest, digest, evpmdsize); ++ } ++} ++ ++static int handle_symlink(const char *filename, const char *fullpath) ++{ ++ static char xdigit[] = { ++ 0, 1, 2, 3, 4, 5, 6, 7, 8, 9,-1,-1,-1,-1,-1,-1, ++ -1,10,11,12,13,14,15,-1,-1,-1,-1,-1,-1,-1,-1,-1, ++ -1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1, ++ -1,10,11,12,13,14,15 ++ }; ++ char linktarget[NAME_MAX], *endptr; ++ unsigned int hash = 0; ++ unsigned char ch; ++ int i, type, id; ++ ssize_t n; ++ ++ for (i = 0; i < 8; i++) { ++ ch = filename[i] - '0'; ++ if (ch >= countof(xdigit) || xdigit[ch] < 0) ++ return -1; ++ hash <<= 4; ++ hash += xdigit[ch]; ++ } ++ if (filename[i++] != '.') return -1; ++ for (type = countof(symlink_extensions) - 1; type > 0; type--) ++ if (strcasecmp(symlink_extensions[type], &filename[i]) == 0) ++ break; ++ i += strlen(symlink_extensions[type]); ++ ++ id = strtoul(&filename[i], &endptr, 10); ++ if (*endptr != 0) return -1; ++ ++ n = readlink(fullpath, linktarget, sizeof(linktarget)); ++ if (n >= sizeof(linktarget) || n < 0) return -1; ++ linktarget[n] = 0; ++ ++ DEBUG("Found existing symlink %s for %08x (%d), certname %s\n", ++ filename, hash, type, linktarget); ++ add_entry(type, hash, linktarget, NULL, 0, id); ++ return 0; ++} ++ ++static int handle_certificate(const char *filename, const char *fullpath) ++{ ++ STACK_OF(X509_INFO) *inf; ++ X509_INFO *x; ++ BIO *b; ++ const char *ext; ++ unsigned char digest[EVP_MAX_MD_SIZE]; ++ X509_NAME *name = NULL; ++ int i, type, ret = -1; ++ ++ ext = strrchr(filename, '.'); ++ if (ext == NULL) return 0; ++ for (i = 0; i < countof(file_extensions); i++) { ++ if (strcasecmp(file_extensions[i], ext+1) == 0) ++ break; ++ } ++ if (i >= countof(file_extensions)) return -1; ++ ++ b = BIO_new_file(fullpath, "r"); ++ if (!b) return -1; ++ inf = PEM_X509_INFO_read_bio(b, NULL, NULL, NULL); ++ BIO_free(b); ++ if (!inf) return -1; ++ ++ if (sk_X509_INFO_num(inf) == 1) { ++ x = sk_X509_INFO_value(inf, 0); ++ if (x->x509) { ++ type = TYPE_CERT; ++ name = X509_get_subject_name(x->x509); ++ X509_digest(x->x509, evpmd, digest, NULL); ++ } else if (x->crl) { ++ type = TYPE_CRL; ++ name = X509_CRL_get_issuer(x->crl); ++ X509_CRL_digest(x->crl, evpmd, digest, NULL); ++ } ++ if (name && do_hash_new) ++ add_entry(type, X509_NAME_hash(name), filename, digest, 1, ~0); ++ if (name && do_hash_old) ++ add_entry(type, X509_NAME_hash_old(name), filename, digest, 1, ~0); ++ } else { ++ BIO_printf(bio_err, ++ "WARNING: %s does not contain exactly one certificate or CRL: skipping\n", ++ filename); ++ } ++ ++ sk_X509_INFO_pop_free(inf, X509_INFO_free); ++ ++ return ret; ++} ++ ++static int hash_dir(const char *dirname) ++{ ++ struct bucket_info *bi, *nextbi; ++ struct entry_info *ei, *nextei; ++ struct dirent *de; ++ struct stat st; ++ unsigned char idmask[MAX_COLLISIONS / 8]; ++ int i, n, nextid, buflen, ret = -1; ++ const char *pathsep; ++ char *buf; ++ DIR *d; ++ ++ if (access(dirname, R_OK|W_OK|X_OK) != 0) { ++ BIO_printf(bio_err, ++ "ERROR: Access denied '%s'\n", ++ dirname); ++ return -1; ++ } ++ ++ buflen = strlen(dirname); ++ pathsep = (buflen && dirname[buflen-1] == '/') ? "" : "/"; ++ buflen += NAME_MAX + 2; ++ buf = malloc(buflen); ++ if (buf == NULL) ++ goto err; ++ ++ if (do_verbose) printf("Doing %s\n", dirname); ++ d = opendir(dirname); ++ if (!d) goto err; ++ ++ while ((de = readdir(d)) != NULL) { ++ if (snprintf(buf, buflen, "%s%s%s", dirname, pathsep, de->d_name) >= buflen) ++ continue; ++ if (lstat(buf, &st) < 0) ++ continue; ++ if (S_ISLNK(st.st_mode) && handle_symlink(de->d_name, buf) == 0) ++ continue; ++ handle_certificate(de->d_name, buf); ++ } ++ closedir(d); ++ ++ for (i = 0; i < countof(hash_table); i++) { ++ for (bi = hash_table[i]; bi; bi = nextbi) { ++ nextbi = bi->next; ++ DEBUG("Type %d, hash %08x, num entries %d:\n", bi->type, bi->hash, bi->num_needed); ++ ++ nextid = 0; ++ memset(idmask, 0, (bi->num_needed+7)/8); ++ for (ei = bi->first_entry; ei; ei = ei->next) ++ if (ei->old_id < bi->num_needed) ++ bit_set(idmask, ei->old_id); ++ ++ for (ei = bi->first_entry; ei; ei = nextei) { ++ nextei = ei->next; ++ DEBUG("\t(old_id %d, need_symlink %d) Cert %s\n", ++ ei->old_id, ei->need_symlink, ++ ei->filename); ++ ++ if (ei->old_id < bi->num_needed) { ++ /* Link exists, and is used as-is */ ++ snprintf(buf, buflen, "%08x.%s%d", bi->hash, symlink_extensions[bi->type], ei->old_id); ++ if (do_verbose) printf("link %s -> %s\n", ei->filename, buf); ++ } else if (ei->need_symlink) { ++ /* New link needed (it may replace something) */ ++ while (bit_isset(idmask, nextid)) ++ nextid++; ++ ++ snprintf(buf, buflen, "%s%s%n%08x.%s%d", ++ dirname, pathsep, &n, bi->hash, ++ symlink_extensions[bi->type], ++ nextid); ++ if (do_verbose) printf("link %s -> %s\n", ei->filename, &buf[n]); ++ unlink(buf); ++ symlink(ei->filename, buf); ++ } else if (do_remove_links) { ++ /* Link to be deleted */ ++ snprintf(buf, buflen, "%s%s%n%08x.%s%d", ++ dirname, pathsep, &n, bi->hash, ++ symlink_extensions[bi->type], ++ ei->old_id); ++ if (do_verbose) printf("unlink %s\n", &buf[n]); ++ unlink(buf); ++ } ++ free(ei->filename); ++ free(ei); ++ } ++ free(bi); ++ } ++ hash_table[i] = NULL; ++ } ++ ++ ret = 0; ++err: ++ free(buf); ++ return ret; ++} ++ ++static void c_rehash_usage(void) ++{ ++ printf("\ ++usage: c_rehash \n\ ++\n\ ++-compat - create new- and old-style hashed links\n\ ++-old - use old-style hashing for generating links\n\ ++-h - display this help\n\ ++-n - do not remove existing links\n\ ++-v - be more verbose\n\ ++\n"); ++} ++ ++int MAIN(int argc, char **argv) ++{ ++ const char *env, *opt; ++ int i, numargs, r = 0; ++ ++ evpmd = EVP_sha1(); ++ evpmdsize = EVP_MD_size(evpmd); ++ if (bio_err == NULL) ++ bio_err = BIO_new_fp(stderr, BIO_NOCLOSE); ++ ++ numargs = argc; ++ for (i = 1; i < argc; i++) { ++ if (argv[i][0] != '-') continue; ++ if (strcmp(argv[i], "--") == 0) { argv[i] = 0; numargs--; break; } ++ opt = &argv[i][1]; ++ if (strcmp(opt, "compat") == 0) { ++ do_hash_new = do_hash_old = 1; ++ } else if (strcmp(opt, "old") == 0) { ++ do_hash_new = 0; ++ do_hash_old = 1; ++ } else if (strcmp(opt, "n") == 0) { ++ do_remove_links = 0; ++ } else if (strcmp(opt, "v") == 0) { ++ do_verbose++; ++ } else { ++ if (strcmp(opt, "h") != 0) ++ BIO_printf(bio_err,"unknown option %s\n", argv[i]); ++ c_rehash_usage(); ++ return 1; ++ } ++ argv[i] = 0; ++ numargs--; ++ } ++ ++ if (numargs > 1) { ++ for (i = 1; i < argc; i++) ++ if (argv[i]) r |= hash_dir(argv[i]); ++ } else if ((env = getenv("SSL_CERT_DIR")) != NULL) { ++ char *e, *m; ++ m = strdup(env); ++ for (e = strtok(m, ":"); e != NULL; e = strtok(NULL, ":")) ++ r |= hash_dir(e); ++ free(m); ++ } else { ++ r |= hash_dir("/etc/ssl/certs"); ++ } ++ ++ return r ? 2 : 0; ++} +diff --git a/tools/Makefile b/tools/Makefile +index bb6fb71..51190fc 100644 +--- a/tools/Makefile ++++ b/tools/Makefile +@@ -13,7 +13,7 @@ CFLAGS= $(INCLUDES) $(CFLAG) + + GENERAL=Makefile + TEST= +-APPS= c_rehash ++APPS= + MISC_APPS= c_hash c_info c_issuer c_name + + all: +@@ -49,7 +49,6 @@ depend: + dclean: + $(PERL) -pe 'if (/^# DO NOT DELETE THIS LINE/) {print; exit(0);}' $(MAKEFILE) >Makefile.new + mv -f Makefile.new $(MAKEFILE) +- rm -f c_rehash + + clean: + rm -f *.o *.obj lib tags core .pure .nfs* *.old *.bak fluff +-- +2.2.2 + diff --git a/main/openssl/0008-maintain-abi-compat-with-no-freelist-and-regular-bui.patch b/main/openssl/0008-maintain-abi-compat-with-no-freelist-and-regular-bui.patch new file mode 100644 index 0000000000..ff3d25eff0 --- /dev/null +++ b/main/openssl/0008-maintain-abi-compat-with-no-freelist-and-regular-bui.patch @@ -0,0 +1,27 @@ +From 7457e26d3a78c7cd923242d87d04febadddea086 Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?Timo=20Ter=C3=A4s?= +Date: Thu, 5 Feb 2015 10:06:31 +0200 +Subject: [PATCH] maintain abi compat with no-freelist and regular build + +--- + ssl/ssl.h | 4 ++++ + 1 file changed, 4 insertions(+) + +diff --git a/ssl/ssl.h b/ssl/ssl.h +index 2b0f662..636cb5d 100644 +--- a/ssl/ssl.h ++++ b/ssl/ssl.h +@@ -1113,6 +1113,10 @@ struct ssl_ctx_st { + unsigned int freelist_max_len; + struct ssl3_buf_freelist_st *wbuf_freelist; + struct ssl3_buf_freelist_st *rbuf_freelist; ++# else ++ unsigned int freelist_dummy0; ++ void *freelist_dummy1; ++ void *freelist_dummy2; + # endif + # ifndef OPENSSL_NO_SRP + SRP_CTX srp_ctx; /* ctx for SRP authentication */ +-- +2.2.2 + diff --git a/main/openssl/0009-crypto-hmac-support-EVP_MD_CTX_FLAG_ONESHOT-and-set-.patch b/main/openssl/0009-crypto-hmac-support-EVP_MD_CTX_FLAG_ONESHOT-and-set-.patch new file mode 100644 index 0000000000..ef46faa848 --- /dev/null +++ b/main/openssl/0009-crypto-hmac-support-EVP_MD_CTX_FLAG_ONESHOT-and-set-.patch @@ -0,0 +1,88 @@ +From 83c96cbc76604daccbc31cea9411555aea96fd6d Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?Timo=20Ter=C3=A4s?= +Date: Thu, 5 Feb 2015 09:16:51 +0200 +Subject: [PATCH] crypto/hmac: support EVP_MD_CTX_FLAG_ONESHOT and set it + properly + +Some engines (namely VIA C7 Padlock) work only if EVP_MD_CTX_FLAG_ONESHOT +is set before final update. This is because some crypto accelerators cannot +perform non-finalizing transform of the digest. + +The usage of EVP_MD_CTX_FLAG_ONESHOT is used semantically slightly +differently here. It is set before the final EVP_DigestUpdate call, not +necessarily before EVP_DigestInit call. This will not cause any problems +though. +--- + crypto/hmac/hmac.c | 14 ++++++++++---- + 1 file changed, 10 insertions(+), 4 deletions(-) + +diff --git a/crypto/hmac/hmac.c b/crypto/hmac/hmac.c +index 1fc9e2c..6f16578 100644 +--- a/crypto/hmac/hmac.c ++++ b/crypto/hmac/hmac.c +@@ -109,7 +109,8 @@ int HMAC_Init_ex(HMAC_CTX *ctx, const void *key, int len, + j = EVP_MD_block_size(md); + OPENSSL_assert(j <= (int)sizeof(ctx->key)); + if (j < len) { +- if (!EVP_DigestInit_ex(&ctx->md_ctx, md, impl)) ++ EVP_MD_CTX_set_flags(&ctx->md_ctx, EVP_MD_CTX_FLAG_ONESHOT); ++ if (!EVP_DigestInit_ex(&ctx->md_ctx, md, impl)) + goto err; + if (!EVP_DigestUpdate(&ctx->md_ctx, key, len)) + goto err; +@@ -129,6 +130,7 @@ int HMAC_Init_ex(HMAC_CTX *ctx, const void *key, int len, + if (reset) { + for (i = 0; i < HMAC_MAX_MD_CBLOCK; i++) + pad[i] = 0x36 ^ ctx->key[i]; ++ EVP_MD_CTX_clear_flags(&ctx->i_ctx, EVP_MD_CTX_FLAG_ONESHOT); + if (!EVP_DigestInit_ex(&ctx->i_ctx, md, impl)) + goto err; + if (!EVP_DigestUpdate(&ctx->i_ctx, pad, EVP_MD_block_size(md))) +@@ -136,6 +138,7 @@ int HMAC_Init_ex(HMAC_CTX *ctx, const void *key, int len, + + for (i = 0; i < HMAC_MAX_MD_CBLOCK; i++) + pad[i] = 0x5c ^ ctx->key[i]; ++ EVP_MD_CTX_clear_flags(&ctx->o_ctx, EVP_MD_CTX_FLAG_ONESHOT); + if (!EVP_DigestInit_ex(&ctx->o_ctx, md, impl)) + goto err; + if (!EVP_DigestUpdate(&ctx->o_ctx, pad, EVP_MD_block_size(md))) +@@ -143,6 +146,7 @@ int HMAC_Init_ex(HMAC_CTX *ctx, const void *key, int len, + } + if (!EVP_MD_CTX_copy_ex(&ctx->md_ctx, &ctx->i_ctx)) + goto err; ++ EVP_MD_CTX_clear_flags(&ctx->md_ctx, EVP_MD_CTX_FLAG_ONESHOT); + return 1; + err: + return 0; +@@ -177,6 +181,7 @@ int HMAC_Final(HMAC_CTX *ctx, unsigned char *md, unsigned int *len) + goto err; + if (!EVP_MD_CTX_copy_ex(&ctx->md_ctx, &ctx->o_ctx)) + goto err; ++ EVP_MD_CTX_set_flags(&ctx->md_ctx,EVP_MD_CTX_FLAG_ONESHOT); + if (!EVP_DigestUpdate(&ctx->md_ctx, buf, i)) + goto err; + if (!EVP_DigestFinal_ex(&ctx->md_ctx, md, len)) +@@ -233,8 +238,9 @@ unsigned char *HMAC(const EVP_MD *evp_md, const void *key, int key_len, + if (md == NULL) + md = m; + HMAC_CTX_init(&c); +- if (!HMAC_Init(&c, key, key_len, evp_md)) ++ if (!HMAC_Init_ex(&c, key, key_len, evp_md, NULL)) + goto err; ++ HMAC_CTX_set_flags(&c,EVP_MD_CTX_FLAG_ONESHOT); + if (!HMAC_Update(&c, d, n)) + goto err; + if (!HMAC_Final(&c, md, md_len)) +@@ -247,7 +253,7 @@ unsigned char *HMAC(const EVP_MD *evp_md, const void *key, int key_len, + + void HMAC_CTX_set_flags(HMAC_CTX *ctx, unsigned long flags) + { +- EVP_MD_CTX_set_flags(&ctx->i_ctx, flags); +- EVP_MD_CTX_set_flags(&ctx->o_ctx, flags); ++ EVP_MD_CTX_set_flags(&ctx->i_ctx, flags & ~EVP_MD_CTX_FLAG_ONESHOT); ++ EVP_MD_CTX_set_flags(&ctx->o_ctx, flags & ~EVP_MD_CTX_FLAG_ONESHOT); + EVP_MD_CTX_set_flags(&ctx->md_ctx, flags); + } +-- +2.2.2 + diff --git a/main/openssl/0010-backport-changes-from-upstream-padlock-module.patch b/main/openssl/0010-backport-changes-from-upstream-padlock-module.patch new file mode 100644 index 0000000000..f63bbcd1ce --- /dev/null +++ b/main/openssl/0010-backport-changes-from-upstream-padlock-module.patch @@ -0,0 +1,200 @@ +From ba17588a940ee712c3ef6d458adb1087f0c84521 Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?Timo=20Ter=C3=A4s?= +Date: Thu, 5 Feb 2015 09:28:10 +0200 +Subject: [PATCH] backport changes from upstream padlock module. +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +Includes support for VIA Nano 64-bit mode. + +Signed-off-by: Timo Teräs +--- + engines/e_padlock.c | 142 +++++++++++++++++++++++++++++++++++++++++++++------- + 1 file changed, 125 insertions(+), 17 deletions(-) + +diff --git a/engines/e_padlock.c b/engines/e_padlock.c +index 2898e4c..94406cb 100644 +--- a/engines/e_padlock.c ++++ b/engines/e_padlock.c +@@ -101,7 +101,10 @@ + */ + # undef COMPILE_HW_PADLOCK + # if !defined(I386_ONLY) && !defined(OPENSSL_NO_INLINE_ASM) +-# if (defined(__GNUC__) && (defined(__i386__) || defined(__i386))) || \ ++# if (defined(__GNUC__) && __GNUC__>=2 && \ ++ (defined(__i386__) || defined(__i386) || \ ++ defined(__x86_64__) || defined(__x86_64)) \ ++ ) || \ + (defined(_MSC_VER) && defined(_M_IX86)) + # define COMPILE_HW_PADLOCK + # endif +@@ -303,6 +306,7 @@ static volatile struct padlock_cipher_data *padlock_saved_context; + * ======================================================= + */ + # if defined(__GNUC__) && __GNUC__>=2 ++# if defined(__i386__) || defined(__i386) + /* + * As for excessive "push %ebx"/"pop %ebx" found all over. + * When generating position-independent code GCC won't let +@@ -379,22 +383,6 @@ static int padlock_available(void) + return padlock_use_ace + padlock_use_rng; + } + +-# ifndef OPENSSL_NO_AES +-# ifndef AES_ASM +-/* Our own htonl()/ntohl() */ +-static inline void padlock_bswapl(AES_KEY *ks) +-{ +- size_t i = sizeof(ks->rd_key) / sizeof(ks->rd_key[0]); +- unsigned int *key = ks->rd_key; +- +- while (i--) { +- asm volatile ("bswapl %0":"+r" (*key)); +- key++; +- } +-} +-# endif +-# endif +- + /* + * Force key reload from memory to the CPU microcode. Loading EFLAGS from the + * stack clears EFLAGS[30] which does the trick. +@@ -448,6 +436,110 @@ static inline void *name(size_t cnt, \ + : "edx", "cc", "memory"); \ + return iv; \ + } ++#endif ++ ++#elif defined(__x86_64__) || defined(__x86_64) ++ ++/* Load supported features of the CPU to see if ++ the PadLock is available. */ ++static int ++padlock_available(void) ++{ ++ char vendor_string[16]; ++ unsigned int eax, edx; ++ ++ /* Are we running on the Centaur (VIA) CPU? */ ++ eax = 0x00000000; ++ vendor_string[12] = 0; ++ asm volatile ( ++ "cpuid\n" ++ "movl %%ebx,(%1)\n" ++ "movl %%edx,4(%1)\n" ++ "movl %%ecx,8(%1)\n" ++ : "+a"(eax) : "r"(vendor_string) : "rbx", "rcx", "rdx"); ++ if (strcmp(vendor_string, "CentaurHauls") != 0) ++ return 0; ++ ++ /* Check for Centaur Extended Feature Flags presence */ ++ eax = 0xC0000000; ++ asm volatile ("cpuid" ++ : "+a"(eax) : : "rbx", "rcx", "rdx"); ++ if (eax < 0xC0000001) ++ return 0; ++ ++ /* Read the Centaur Extended Feature Flags */ ++ eax = 0xC0000001; ++ asm volatile ("cpuid" ++ : "+a"(eax), "=d"(edx) : : "rbx", "rcx"); ++ ++ /* Fill up some flags */ ++ padlock_use_ace = ((edx & (0x3<<6)) == (0x3<<6)); ++ padlock_use_rng = ((edx & (0x3<<2)) == (0x3<<2)); ++ ++ return padlock_use_ace + padlock_use_rng; ++} ++ ++/* Force key reload from memory to the CPU microcode. ++ Loading EFLAGS from the stack clears EFLAGS[30] ++ which does the trick. */ ++static inline void ++padlock_reload_key(void) ++{ ++ asm volatile ("pushfq; popfq"); ++} ++ ++#ifndef OPENSSL_NO_AES ++/* ++ * This is heuristic key context tracing. At first one ++ * believes that one should use atomic swap instructions, ++ * but it's not actually necessary. Point is that if ++ * padlock_saved_context was changed by another thread ++ * after we've read it and before we compare it with cdata, ++ * our key *shall* be reloaded upon thread context switch ++ * and we are therefore set in either case... ++ */ ++static inline void ++padlock_verify_context(struct padlock_cipher_data *cdata) ++{ ++ asm volatile ( ++ "pushfq\n" ++" btl $30,(%%rsp)\n" ++" jnc 1f\n" ++" cmpq %2,%1\n" ++" je 1f\n" ++" popfq\n" ++" subq $8,%%rsp\n" ++"1: addq $8,%%rsp\n" ++" movq %2,%0" ++ :"+m"(padlock_saved_context) ++ : "r"(padlock_saved_context), "r"(cdata) : "cc"); ++} ++ ++/* Template for padlock_xcrypt_* modes */ ++/* BIG FAT WARNING: ++ * The offsets used with 'leal' instructions ++ * describe items of the 'padlock_cipher_data' ++ * structure. ++ */ ++#define PADLOCK_XCRYPT_ASM(name,rep_xcrypt) \ ++static inline void *name(size_t cnt, \ ++ struct padlock_cipher_data *cdata, \ ++ void *out, const void *inp) \ ++{ void *iv; \ ++ asm volatile ( "leaq 16(%0),%%rdx\n" \ ++ " leaq 32(%0),%%rbx\n" \ ++ rep_xcrypt "\n" \ ++ : "=a"(iv), "=c"(cnt), "=D"(out), "=S"(inp) \ ++ : "0"(cdata), "1"(cnt), "2"(out), "3"(inp) \ ++ : "rbx", "rdx", "cc", "memory"); \ ++ return iv; \ ++} ++#endif ++ ++#endif /* cpu */ ++ ++ ++# ifndef OPENSSL_NO_AES + + /* Generate all functions with appropriate opcodes */ + /* rep xcryptecb */ +@@ -458,7 +550,23 @@ PADLOCK_XCRYPT_ASM(padlock_xcrypt_ecb, ".byte 0xf3,0x0f,0xa7,0xc8") + PADLOCK_XCRYPT_ASM(padlock_xcrypt_cfb, ".byte 0xf3,0x0f,0xa7,0xe0") + /* rep xcryptofb */ + PADLOCK_XCRYPT_ASM(padlock_xcrypt_ofb, ".byte 0xf3,0x0f,0xa7,0xe8") ++ ++# ifndef AES_ASM ++/* Our own htonl()/ntohl() */ ++static inline void padlock_bswapl(AES_KEY *ks) ++{ ++ size_t i = sizeof(ks->rd_key) / sizeof(ks->rd_key[0]); ++ unsigned int *key = ks->rd_key; ++ ++ while (i--) { ++ asm volatile ("bswapl %0":"+r" (*key)); ++ key++; ++ } ++} ++# endif ++ + # endif ++ + /* The RNG call itself */ + static inline unsigned int padlock_xstore(void *addr, unsigned int edx_in) + { +-- +2.2.2 + diff --git a/main/openssl/0011-engines-e_padlock-implement-sha1-sha224-sha256-accel.patch b/main/openssl/0011-engines-e_padlock-implement-sha1-sha224-sha256-accel.patch new file mode 100644 index 0000000000..5a2cdd633a --- /dev/null +++ b/main/openssl/0011-engines-e_padlock-implement-sha1-sha224-sha256-accel.patch @@ -0,0 +1,782 @@ +From 728af0306505f1ff91364ac2175fb6bf5da90ec3 Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?Timo=20Ter=C3=A4s?= +Date: Thu, 5 Feb 2015 09:41:12 +0200 +Subject: [PATCH] engines/e_padlock: implement sha1/sha224/sha256 acceleration + +Limited support for VIA C7 that works only when EVP_MD_CTX_FLAG_ONESHOT +is used appropriately (as done by EVP_Digest, and my previous HMAC patch). + +Full support for VIA Nano including partial transformation and 64-bit mode. + +Benchmarks from VIA Nano 1.6GHz, done with including the previous HMAC and +apps/speed patches done. From single run, error margin of about 100-200k. + +No padlock + +type 16 bytes 64 bytes 256 bytes 1024 bytes 8192 bytes +sha1 20057.60k 51514.05k 99721.39k 130167.81k 142811.14k +sha256 7757.72k 16907.18k 28937.05k 35181.23k 37568.51k +hmac(sha1) 8582.53k 27644.69k 70402.30k 114602.67k 140167.85k + +With the patch + +sha1 37713.77k 114562.71k 259637.33k 379907.41k 438818.13k +sha256 34262.86k 103233.75k 232476.07k 338386.60k 389860.01k +hmac(sha1) 8424.70k 31475.11k 104036.10k 245559.30k 406667.26k +--- + engines/e_padlock.c | 663 ++++++++++++++++++++++++++++++++++++++++++++++++---- + 1 file changed, 614 insertions(+), 49 deletions(-) + +diff --git a/engines/e_padlock.c b/engines/e_padlock.c +index 94406cb..5e99114 100644 +--- a/engines/e_padlock.c ++++ b/engines/e_padlock.c +@@ -3,6 +3,9 @@ + * Written by Michal Ludvig + * http://www.logix.cz/michal + * ++ * SHA support by Timo Teras . Portions based on ++ * code originally written by Michal Ludvig. ++ * + * Big thanks to Andy Polyakov for a help with optimization, + * assembler fixes, port to MS Windows and a lot of other + * valuable work on this engine! +@@ -63,7 +66,9 @@ + */ + + #include ++#include + #include ++#include + + #include + #include +@@ -73,11 +78,32 @@ + #ifndef OPENSSL_NO_AES + # include + #endif ++#ifndef OPENSSL_NO_SHA ++# include ++#endif + #include + #include + + #ifndef OPENSSL_NO_HW +-# ifndef OPENSSL_NO_HW_PADLOCK ++# ifndef OPENSSL_NO_HW_PADLOCK ++ ++/* PadLock RNG is disabled by default */ ++# define PADLOCK_NO_RNG 1 ++ ++/* No ASM routines for SHA in MSC yet */ ++# ifdef _MSC_VER ++# define OPENSSL_NO_SHA ++# endif ++ ++/* 64-bit mode does not need software SHA1 as fallback, we can ++ * do all operations with padlock */ ++# if defined(__x86_64__) || defined(__x86_64) ++# define PADLOCK_NEED_FALLBACK_SHA 0 ++# else ++# define PADLOCK_NEED_FALLBACK_SHA 1 ++# endif ++ ++# define PADLOCK_MAX_FINALIZING_LENGTH 0x1FFFFFFE + + /* Attempt to have a single source for both 0.9.7 and 0.9.8 :-) */ + # if (OPENSSL_VERSION_NUMBER >= 0x00908000L) +@@ -151,60 +177,42 @@ void ENGINE_load_padlock(void) + static int padlock_available(void); + static int padlock_init(ENGINE *e); + ++# ifndef PADLOCK_NO_RNG + /* RNG Stuff */ + static RAND_METHOD padlock_rand; +- +-/* Cipher Stuff */ +-# ifndef OPENSSL_NO_AES +-static int padlock_ciphers(ENGINE *e, const EVP_CIPHER **cipher, +- const int **nids, int nid); + # endif + + /* Engine names */ + static const char *padlock_id = "padlock"; + static char padlock_name[100]; + ++static int padlock_bind_helper(ENGINE *e); ++ + /* Available features */ +-static int padlock_use_ace = 0; /* Advanced Cryptography Engine */ +-static int padlock_use_rng = 0; /* Random Number Generator */ ++enum padlock_flags { ++ PADLOCK_RNG = 0x01, ++ PADLOCK_ACE = 0x02, ++ PADLOCK_ACE2 = 0x04, ++ PADLOCK_PHE = 0x08, ++ PADLOCK_PMM = 0x10, ++ PADLOCK_NANO = 0x20, ++}; ++enum padlock_flags padlock_flags; ++ ++#define PADLOCK_HAVE_RNG (padlock_flags & PADLOCK_RNG) ++#define PADLOCK_HAVE_ACE (padlock_flags & (PADLOCK_ACE|PADLOCK_ACE2)) ++#define PADLOCK_HAVE_ACE1 (padlock_flags & PADLOCK_ACE) ++#define PADLOCK_HAVE_ACE2 (padlock_flags & PADLOCK_ACE2) ++#define PADLOCK_HAVE_PHE (padlock_flags & PADLOCK_PHE) ++#define PADLOCK_HAVE_PMM (padlock_flags & PADLOCK_PMM) ++#define PADLOCK_HAVE_NANO (padlock_flags & PADLOCK_NANO) ++ + # ifndef OPENSSL_NO_AES + static int padlock_aes_align_required = 1; + # endif + + /* ===== Engine "management" functions ===== */ + +-/* Prepare the ENGINE structure for registration */ +-static int padlock_bind_helper(ENGINE *e) +-{ +- /* Check available features */ +- padlock_available(); +- +-# if 1 /* disable RNG for now, see commentary in +- * vicinity of RNG code */ +- padlock_use_rng = 0; +-# endif +- +- /* Generate a nice engine name with available features */ +- BIO_snprintf(padlock_name, sizeof(padlock_name), +- "VIA PadLock (%s, %s)", +- padlock_use_rng ? "RNG" : "no-RNG", +- padlock_use_ace ? "ACE" : "no-ACE"); +- +- /* Register everything or return with an error */ +- if (!ENGINE_set_id(e, padlock_id) || +- !ENGINE_set_name(e, padlock_name) || +- !ENGINE_set_init_function(e, padlock_init) || +-# ifndef OPENSSL_NO_AES +- (padlock_use_ace && !ENGINE_set_ciphers(e, padlock_ciphers)) || +-# endif +- (padlock_use_rng && !ENGINE_set_RAND(e, &padlock_rand))) { +- return 0; +- } +- +- /* Everything looks good */ +- return 1; +-} +- + # ifdef OPENSSL_NO_DYNAMIC_ENGINE + + /* Constructor */ +@@ -229,7 +237,7 @@ static ENGINE *ENGINE_padlock(void) + /* Check availability of the engine */ + static int padlock_init(ENGINE *e) + { +- return (padlock_use_rng || padlock_use_ace); ++ return padlock_flags; + } + + /* +@@ -377,10 +385,20 @@ static int padlock_available(void) + "=d"(edx)::"ecx"); + + /* Fill up some flags */ +- padlock_use_ace = ((edx & (0x3 << 6)) == (0x3 << 6)); +- padlock_use_rng = ((edx & (0x3 << 2)) == (0x3 << 2)); +- +- return padlock_use_ace + padlock_use_rng; ++ padlock_flags |= ((edx & (0x3<<3)) ? PADLOCK_RNG : 0); ++ padlock_flags |= ((edx & (0x3<<7)) ? PADLOCK_ACE : 0); ++ padlock_flags |= ((edx & (0x3<<9)) ? PADLOCK_ACE2 : 0); ++ padlock_flags |= ((edx & (0x3<<11)) ? PADLOCK_PHE : 0); ++ padlock_flags |= ((edx & (0x3<<13)) ? PADLOCK_PMM : 0); ++ ++ /* Check for VIA Nano CPU */ ++ eax = 0x00000001; ++ asm volatile ("pushl %%ebx; cpuid; popl %%ebx" ++ : "+a"(eax) : : "ecx", "edx"); ++ if ((eax | 0x000F) == 0x06FF) ++ padlock_flags |= PADLOCK_NANO; ++ ++ return padlock_flags; + } + + /* +@@ -473,10 +491,14 @@ padlock_available(void) + : "+a"(eax), "=d"(edx) : : "rbx", "rcx"); + + /* Fill up some flags */ +- padlock_use_ace = ((edx & (0x3<<6)) == (0x3<<6)); +- padlock_use_rng = ((edx & (0x3<<2)) == (0x3<<2)); +- +- return padlock_use_ace + padlock_use_rng; ++ padlock_flags |= ((edx & (0x3<<3)) ? PADLOCK_RNG : 0); ++ padlock_flags |= ((edx & (0x3<<7)) ? PADLOCK_ACE : 0); ++ padlock_flags |= ((edx & (0x3<<9)) ? PADLOCK_ACE2 : 0); ++ padlock_flags |= ((edx & (0x3<<11)) ? PADLOCK_PHE : 0); ++ padlock_flags |= ((edx & (0x3<<13)) ? PADLOCK_PMM : 0); ++ padlock_flags |= PADLOCK_NANO; ++ ++ return padlock_flags; + } + + /* Force key reload from memory to the CPU microcode. +@@ -1293,6 +1315,496 @@ padlock_aes_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out_arg, + + # endif /* OPENSSL_NO_AES */ + ++#ifndef OPENSSL_NO_SHA ++ ++static inline void ++padlock_copy_bswap(void *dst, void *src, size_t count) ++{ ++ uint32_t *udst = dst, *usrc = src; ++ int i = 0; ++ ++ for (i = 0; i < count; i++) ++ udst[i] = htonl(usrc[i]); ++} ++ ++static unsigned long padlock_sha_prepare_padding( ++ EVP_MD_CTX *ctx, ++ unsigned char *padding, ++ unsigned char *data, size_t data_len, ++ uint64_t total) ++{ ++ unsigned int padding_len; ++ ++ padding_len = data_len < 56 ? SHA_CBLOCK : 2 * SHA_CBLOCK; ++ if (data_len) ++ memcpy(padding, data, data_len); ++ ++ memset(padding + data_len, 0, padding_len - data_len); ++ padding[data_len] = 0x80; ++ *(uint32_t *)(padding + padding_len - 8) = htonl(total >> 32); ++ *(uint32_t *)(padding + padding_len - 4) = htonl(total & 0xffffffff); ++ ++ return data_len < 56 ? 1 : 2; ++} ++ ++#define PADLOCK_SHA_ALIGN(dd) (uint32_t*)(((uintptr_t)(dd) + 15) & ~15) ++#define PADLOCK_SHA_HWCTX (128+16) ++ ++static void ++padlock_sha1(void *hwctx, const void *buf, unsigned long total, unsigned long now) ++{ ++ unsigned long pos = total - now; ++ ++ asm volatile ("xsha1" ++ : "+S"(buf), "+D"(hwctx), "+a"(pos), "+c"(total) ++ : : "memory"); ++} ++ ++static void ++padlock_sha1_partial(void *hwctx, const void *buf, unsigned long blocks) ++{ ++ asm volatile ("xsha1" ++ : "+S"(buf), "+D"(hwctx), "+c"(blocks) ++ : "a"(-1L) : "memory"); ++} ++ ++static int padlock_sha1_init(EVP_MD_CTX *ctx) ++{ ++ return SHA1_Init(ctx->md_data); ++} ++ ++#if PADLOCK_NEED_FALLBACK_SHA ++ ++static int padlock_sha1_update_eden(EVP_MD_CTX *ctx, const void *data, ++ size_t len) ++{ ++ unsigned char hwctx[PADLOCK_SHA_HWCTX]; ++ uint32_t *aligned = PADLOCK_SHA_ALIGN(hwctx); ++ SHA_CTX *c = ctx->md_data; ++ uint_fast64_t total; ++ const unsigned char *p = data; ++ unsigned long l = 0; ++ ++ /* Calculate total length (Nl,Nh) is length in bits */ ++ total = (((uint_fast64_t) c->Nh) << 29) + (c->Nl >> 3); ++ total += len; ++ ++ if ((ctx->flags & EVP_MD_CTX_FLAG_ONESHOT) && ++ (total <= PADLOCK_MAX_FINALIZING_LENGTH)) { ++ if (c->num != 0) { ++ l = (len < SHA_CBLOCK - c->num) ? len : (SHA_CBLOCK - c->num); ++ if (!SHA1_Update(c, data, l)) ++ return 0; ++ p += l; ++ if (c->num != 0) { ++ p = (unsigned char *) c->data; ++ len = c->num; ++ l = 0; ++ } ++ } ++ memcpy(aligned, &c->h0, 5 * sizeof(SHA_LONG)); ++ padlock_sha1(aligned, p, total, len - l); ++ memcpy(&c->h0, aligned, 5 * sizeof(SHA_LONG)); ++ c->num = -1; ++ return 1; ++ } ++ ++ return SHA1_Update(c, data, len); ++} ++#endif ++ ++static int padlock_sha1_update(EVP_MD_CTX *ctx, const void *data, ++ size_t len) ++{ ++ unsigned char hwctx[PADLOCK_SHA_HWCTX]; ++ uint32_t *aligned = PADLOCK_SHA_ALIGN(hwctx); ++ SHA_CTX *c = ctx->md_data; ++ uint_fast64_t total; ++ unsigned char *p; ++ unsigned long n; ++ ++ /* Calculate total length (Nl,Nh) is length in bits */ ++ total = (((uint_fast64_t) c->Nh) << 29) + (c->Nl >> 3); ++ total += len; ++ c->Nh = total >> 29; ++ c->Nl = (total << 3) & 0xffffffffUL; ++ ++ memcpy(aligned, &c->h0, 5 * sizeof(SHA_LONG)); ++ ++ /* Check partial data */ ++ n = c->num; ++ if (n) { ++ p = (unsigned char *) c->data; ++ if (len >= SHA_CBLOCK || len+n >= SHA_CBLOCK) { ++ memcpy(p+n, data, SHA_CBLOCK-n); ++ padlock_sha1_partial(aligned, p, 1); ++ n = SHA_CBLOCK - n; ++ data += n; ++ len -= n; ++ c->num = 0; ++ memset(p, 0, SHA_CBLOCK); ++ } else { ++ memcpy(p+n, data, len); ++ c->num += (unsigned int)len; ++ return 1; ++ } ++ } ++ ++ /* Can we finalize straight away? */ ++ if ((ctx->flags & EVP_MD_CTX_FLAG_ONESHOT) && ++ (total <= PADLOCK_MAX_FINALIZING_LENGTH)) { ++ padlock_sha1(aligned, data, total, len); ++ memcpy(&c->h0, aligned, 5 * sizeof(SHA_LONG)); ++ c->num = -1; ++ return 1; ++ } ++ ++ /* Use nonfinalizing update */ ++ n = len / SHA_CBLOCK; ++ if (n != 0) { ++ padlock_sha1_partial(aligned, data, n); ++ data += n * SHA_CBLOCK; ++ len -= n * SHA_CBLOCK; ++ } ++ memcpy(&c->h0, aligned, 5 * sizeof(SHA_LONG)); ++ ++ /* Buffer remaining bytes */ ++ if (len) { ++ memcpy(c->data, data, len); ++ c->num = len; ++ } ++ ++ return 1; ++} ++ ++static int padlock_sha1_final(EVP_MD_CTX *ctx, unsigned char *md) ++{ ++ unsigned char hwctx[PADLOCK_SHA_HWCTX]; ++ uint32_t *aligned = PADLOCK_SHA_ALIGN(hwctx); ++ uint64_t total; ++ SHA_CTX *c = ctx->md_data; ++ ++ if (c->num == -1) { ++ padlock_copy_bswap(md, &c->h0, 5); ++ c->num = 0; ++ return 1; ++ } ++ ++ total = (((uint_fast64_t) c->Nh) << 29) + (c->Nl >> 3); ++#if PADLOCK_NEED_FALLBACK_SHA ++ if ((!PADLOCK_HAVE_NANO) && (total > PADLOCK_MAX_FINALIZING_LENGTH)) ++ return SHA1_Final(md, c); ++#endif ++ ++ memcpy(aligned, &c->h0, 5 * sizeof(SHA_LONG)); ++ if (total > PADLOCK_MAX_FINALIZING_LENGTH) { ++ unsigned char padding[2 * SHA_CBLOCK]; ++ unsigned long n; ++ ++ n = padlock_sha_prepare_padding(ctx, padding, ++ (unsigned char *) c->data, c->num, total << 3); ++ padlock_sha1_partial(aligned, padding, n); ++ } else { ++ padlock_sha1(aligned, c->data, total, c->num); ++ } ++ padlock_copy_bswap(md, aligned, 5); ++ c->num = 0; ++ ++ return 1; ++} ++ ++static EVP_MD padlock_sha1_md = { ++ NID_sha1, ++ NID_sha1WithRSAEncryption, ++ SHA_DIGEST_LENGTH, ++ EVP_MD_FLAG_PKEY_METHOD_SIGNATURE, ++ padlock_sha1_init, ++ padlock_sha1_update, ++ padlock_sha1_final, ++ NULL, ++ NULL, ++ EVP_PKEY_RSA_method, ++ SHA_CBLOCK, ++ sizeof(SHA_CTX), ++}; ++ ++static EVP_MD padlock_dss1_md = { ++ NID_dsa, ++ NID_dsaWithSHA1, ++ SHA_DIGEST_LENGTH, ++ 0, ++ padlock_sha1_init, ++ padlock_sha1_update, ++ padlock_sha1_final, ++ NULL, ++ NULL, ++ EVP_PKEY_DSA_method, ++ SHA_CBLOCK, ++ sizeof(SHA_CTX), ++}; ++ ++ ++#if !defined(OPENSSL_NO_SHA256) ++ ++static void ++padlock_sha256(void *hwctx, const void *buf, unsigned long total, unsigned long now) ++{ ++ unsigned long pos = total - now; ++ ++ asm volatile ("xsha256" ++ : "+S"(buf), "+D"(hwctx), "+a"(pos), "+c"(total) ++ : : "memory"); ++} ++ ++static void ++padlock_sha256_partial(void *hwctx, const void *buf, unsigned long blocks) ++{ ++ asm volatile ("xsha256" ++ : "+S"(buf), "+D"(hwctx), "+c"(blocks) ++ : "a"(-1L) : "memory"); ++} ++ ++#if PADLOCK_NEED_FALLBACK_SHA ++ ++static int padlock_sha256_update_eden(EVP_MD_CTX *ctx, const void *data, ++ size_t len) ++{ ++ unsigned char hwctx[PADLOCK_SHA_HWCTX]; ++ uint32_t *aligned = PADLOCK_SHA_ALIGN(hwctx); ++ SHA256_CTX *c = ctx->md_data; ++ uint_fast64_t total; ++ const unsigned char *p = data; ++ unsigned int l = 0; ++ ++ /* Calculate total length (Nl,Nh) is length in bits */ ++ total = (((uint_fast64_t) c->Nh) << 29) + (c->Nl >> 3); ++ total += len; ++ ++ if ((ctx->flags & EVP_MD_CTX_FLAG_ONESHOT) && ++ (total <= PADLOCK_MAX_FINALIZING_LENGTH)) { ++ if (c->num != 0) { ++ l = (len < SHA256_CBLOCK - c->num) ? len : (SHA256_CBLOCK - c->num); ++ if (!SHA256_Update(c, data, l)) ++ return 0; ++ p += l; ++ if (c->num != 0) { ++ p = (unsigned char *) c->data; ++ len = c->num; ++ l = 0; ++ } ++ } ++ memcpy(aligned, c->h, sizeof(c->h)); ++ padlock_sha256(aligned, p, total, len - l); ++ memcpy(c->h, aligned, sizeof(c->h)); ++ c->num = -1; ++ return 1; ++ } ++ ++ return SHA256_Update(c, data, len); ++} ++ ++#endif ++ ++static int padlock_sha256_update(EVP_MD_CTX *ctx, const void *data, ++ size_t len) ++{ ++ unsigned char hwctx[PADLOCK_SHA_HWCTX]; ++ uint32_t *aligned = PADLOCK_SHA_ALIGN(hwctx); ++ SHA256_CTX *c = ctx->md_data; ++ uint_fast64_t total; ++ unsigned char *p; ++ unsigned long n; ++ ++ /* Calculate total length (Nl,Nh) is length in bits */ ++ total = (((uint_fast64_t) c->Nh) << 29) + (c->Nl >> 3); ++ total += len; ++ c->Nh = total >> 29; ++ c->Nl = (total << 3) & 0xffffffffUL; ++ ++ memcpy(aligned, c->h, sizeof(c->h)); ++ ++ /* Check partial data */ ++ n = c->num; ++ if (n) { ++ p = (unsigned char *) c->data; ++ if (len >= SHA256_CBLOCK || len+n >= SHA256_CBLOCK) { ++ memcpy(p+n, data, SHA256_CBLOCK-n); ++ padlock_sha256_partial(aligned, p, 1); ++ n = SHA256_CBLOCK - n; ++ data += n; ++ len -= n; ++ c->num = 0; ++ memset(p, 0, SHA256_CBLOCK); ++ } else { ++ memcpy(p+n, data, len); ++ c->num += (unsigned int)len; ++ return 1; ++ } ++ } ++ ++ /* Can we finalize straight away? */ ++ if ((ctx->flags & EVP_MD_CTX_FLAG_ONESHOT) && ++ (total <= PADLOCK_MAX_FINALIZING_LENGTH)) { ++ padlock_sha256(aligned, data, total, len); ++ memcpy(c->h, aligned, sizeof(c->h)); ++ c->num = -1; ++ return 1; ++ } ++ ++ /* Use nonfinalizing update */ ++ n = len / SHA256_CBLOCK; ++ if (n != 0) { ++ padlock_sha256_partial(aligned, data, n); ++ data += n * SHA256_CBLOCK; ++ len -= n * SHA256_CBLOCK; ++ } ++ memcpy(c->h, aligned, sizeof(c->h)); ++ ++ /* Buffer remaining bytes */ ++ if (len) { ++ memcpy(c->data, data, len); ++ c->num = len; ++ } ++ ++ return 1; ++} ++ ++static int padlock_sha256_final(EVP_MD_CTX *ctx, unsigned char *md) ++{ ++ unsigned char hwctx[PADLOCK_SHA_HWCTX]; ++ uint32_t *aligned = PADLOCK_SHA_ALIGN(hwctx); ++ uint64_t total; ++ SHA256_CTX *c = ctx->md_data; ++ ++ if (c->num == -1) { ++ padlock_copy_bswap(md, c->h, sizeof(c->h)/sizeof(c->h[0])); ++ c->num = 0; ++ return 1; ++ } ++ ++ total = (((uint_fast64_t) c->Nh) << 29) + (c->Nl >> 3); ++#if PADLOCK_NEED_FALLBACK_SHA ++ if ((!PADLOCK_HAVE_NANO) && (total > PADLOCK_MAX_FINALIZING_LENGTH)) ++ return SHA256_Final(md, c); ++#endif ++ ++ memcpy(aligned, c->h, sizeof(c->h)); ++ if (total > PADLOCK_MAX_FINALIZING_LENGTH) { ++ unsigned char padding[2 * SHA_CBLOCK]; ++ unsigned long n; ++ ++ n = padlock_sha_prepare_padding(ctx, padding, ++ (unsigned char *) c->data, c->num, total << 3); ++ padlock_sha256_partial(aligned, padding, n); ++ } else { ++ padlock_sha256(aligned, c->data, total, c->num); ++ } ++ padlock_copy_bswap(md, aligned, sizeof(c->h)/sizeof(c->h[0])); ++ c->num = 0; ++ return 1; ++} ++ ++#if !defined(OPENSSL_NO_SHA224) ++ ++static int padlock_sha224_init(EVP_MD_CTX *ctx) ++{ ++ return SHA224_Init(ctx->md_data); ++} ++ ++static EVP_MD padlock_sha224_md = { ++ NID_sha224, ++ NID_sha224WithRSAEncryption, ++ SHA224_DIGEST_LENGTH, ++ 0, ++ padlock_sha224_init, ++ padlock_sha256_update, ++ padlock_sha256_final, ++ NULL, ++ NULL, ++ EVP_PKEY_RSA_method, ++ SHA_CBLOCK, ++ sizeof(SHA256_CTX), ++}; ++#endif /* !OPENSSL_NO_SHA224 */ ++ ++static int padlock_sha256_init(EVP_MD_CTX *ctx) ++{ ++ return SHA256_Init(ctx->md_data); ++} ++ ++static EVP_MD padlock_sha256_md = { ++ NID_sha256, ++ NID_sha256WithRSAEncryption, ++ SHA256_DIGEST_LENGTH, ++ 0, ++ padlock_sha256_init, ++ padlock_sha256_update, ++ padlock_sha256_final, ++ NULL, ++ NULL, ++ EVP_PKEY_RSA_method, ++ SHA_CBLOCK, ++ sizeof(SHA256_CTX), ++}; ++#endif /* !OPENSSL_NO_SHA256 */ ++ ++static int padlock_digest_nids[] = { ++#if !defined(OPENSSL_NO_SHA) ++ NID_sha1, ++ NID_dsa, ++#endif ++#if !defined(OPENSSL_NO_SHA256) ++#if !defined(OPENSSL_NO_SHA224) ++ NID_sha224, ++#endif ++ NID_sha256, ++#endif ++}; ++ ++static int padlock_digest_nids_num = sizeof(padlock_digest_nids)/sizeof(padlock_digest_nids[0]); ++ ++static int ++padlock_digests (ENGINE *e, const EVP_MD **digest, const int **nids, int nid) ++{ ++ /* No specific digest => return a list of supported nids ... */ ++ if (!digest) { ++ *nids = padlock_digest_nids; ++ return padlock_digest_nids_num; ++ } ++ ++ /* ... or the requested "digest" otherwise */ ++ switch (nid) { ++#if !defined(OPENSSL_NO_SHA) ++ case NID_sha1: ++ *digest = &padlock_sha1_md; ++ break; ++ case NID_dsa: ++ *digest = &padlock_dss1_md; ++ break; ++#endif ++#if !defined(OPENSSL_NO_SHA256) ++#if !defined(OPENSSL_NO_SHA224) ++ case NID_sha224: ++ *digest = &padlock_sha224_md; ++ break; ++#endif /* OPENSSL_NO_SHA224 */ ++ case NID_sha256: ++ *digest = &padlock_sha256_md; ++ break; ++#endif /* OPENSSL_NO_SHA256 */ ++ default: ++ /* Sorry, we don't support this NID */ ++ *digest = NULL; ++ return 0; ++ } ++ ++ return 1; ++} ++ ++#endif /* OPENSSL_NO_SHA */ ++ ++#ifndef PADLOCK_NO_RNG ++ + /* ===== Random Number Generator ===== */ + /* + * This code is not engaged. The reason is that it does not comply +@@ -1356,6 +1868,59 @@ static RAND_METHOD padlock_rand = { + padlock_rand_bytes, /* pseudorand */ + padlock_rand_status, /* rand status */ + }; ++#endif /* PADLOCK_NO_RNG */ ++ ++/* Prepare the ENGINE structure for registration */ ++static int ++padlock_bind_helper(ENGINE *e) ++{ ++ /* Check available features */ ++ padlock_available(); ++ ++ /* Generate a nice engine name with available features */ ++ BIO_snprintf(padlock_name, sizeof(padlock_name), ++ "VIA PadLock: %s%s%s%s%s%s", ++ padlock_flags ? "" : "not supported", ++ PADLOCK_HAVE_RNG ? "RNG " : "", ++ PADLOCK_HAVE_ACE ? (PADLOCK_HAVE_ACE2 ? "ACE2 " : "ACE ") : "", ++ PADLOCK_HAVE_PHE ? "PHE " : "", ++ PADLOCK_HAVE_PMM ? "PMM " : "", ++ PADLOCK_HAVE_NANO ? "NANO " : "" ++ ); ++ ++#if PADLOCK_NEED_FALLBACK_SHA && !defined(OPENSSL_NO_SHA) ++ if (!PADLOCK_HAVE_NANO) { ++ padlock_sha1_md.update = padlock_sha1_update_eden; ++ padlock_dss1_md.update = padlock_sha1_update_eden; ++#if !defined(OPENSSL_NO_SHA256) ++#if !defined(OPENSSL_NO_SHA224) ++ padlock_sha224_md.update = padlock_sha256_update_eden; ++#endif ++ padlock_sha256_md.update = padlock_sha256_update_eden; ++#endif ++ } ++#endif ++ ++ /* Register everything or return with an error */ ++ if (!ENGINE_set_id(e, padlock_id) || ++ !ENGINE_set_name(e, padlock_name) || ++ !ENGINE_set_init_function(e, padlock_init) ++#ifndef OPENSSL_NO_AES ++ || (PADLOCK_HAVE_ACE && !ENGINE_set_ciphers (e, padlock_ciphers)) ++#endif ++#ifndef OPENSSL_NO_SHA ++ || (PADLOCK_HAVE_PHE && !ENGINE_set_digests (e, padlock_digests)) ++#endif ++#ifndef PADLOCK_NO_RNG ++ || (PADLOCK_HAVE_RNG && !ENGINE_set_RAND (e, &padlock_rand)) ++#endif ++ ) { ++ return 0; ++ } ++ ++ /* Everything looks good */ ++ return 1; ++} + + # else /* !COMPILE_HW_PADLOCK */ + # ifndef OPENSSL_NO_DYNAMIC_ENGINE +-- +2.2.2 + diff --git a/main/openssl/0012-crypto-engine-autoload-padlock-dynamic-engine.patch b/main/openssl/0012-crypto-engine-autoload-padlock-dynamic-engine.patch new file mode 100644 index 0000000000..d0cdfb3b3a --- /dev/null +++ b/main/openssl/0012-crypto-engine-autoload-padlock-dynamic-engine.patch @@ -0,0 +1,32 @@ +From a358a1267644829144d6ad35116733ceeef46bf1 Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?Timo=20Ter=C3=A4s?= +Date: Thu, 5 Feb 2015 09:43:37 +0200 +Subject: [PATCH] crypto/engine: autoload padlock dynamic engine + +--- + crypto/engine/eng_all.c | 9 +++++++++ + 1 file changed, 9 insertions(+) + +diff --git a/crypto/engine/eng_all.c b/crypto/engine/eng_all.c +index 195a3a9..bd05e4c 100644 +--- a/crypto/engine/eng_all.c ++++ b/crypto/engine/eng_all.c +@@ -120,6 +120,15 @@ void ENGINE_load_builtin_engines(void) + ENGINE_load_capi(); + # endif + #endif ++#ifdef OPENSSL_NO_STATIC_ENGINE ++ { ++ ENGINE *e = ENGINE_by_id("padlock"); ++ if (e != NULL) { ++ ENGINE_add(e); ++ ENGINE_free(e); ++ } ++ } ++#endif + ENGINE_register_all_complete(); + } + +-- +2.2.2 + diff --git a/main/openssl/APKBUILD b/main/openssl/APKBUILD index f81602c487..6a033e776b 100644 --- a/main/openssl/APKBUILD +++ b/main/openssl/APKBUILD @@ -1,6 +1,6 @@ # Maintainer: Timo Teras pkgname=openssl -pkgver=1.0.1k +pkgver=1.0.1m pkgrel=0 pkgdesc="Toolkit for SSL v2/v3 and TLS v1" url="http://openssl.org" @@ -13,45 +13,35 @@ license="openssl" subpackages="$pkgname-dev $pkgname-doc libcrypto1.0:libcrypto libssl1.0:libssl" source="http://www.openssl.org/source/${pkgname}-${pkgver}.tar.gz - fix-manpages.patch - openssl-bb-basename.patch - 0001-crypto-hmac-support-EVP_MD_CTX_FLAG_ONESHOT-and-set-.patch - 0002-engines-e_padlock-backport-cvs-head-changes.patch - 0003-engines-e_padlock-implement-sha1-sha224-sha256-accel.patch - 0004-crypto-engine-autoload-padlock-dynamic-engine.patch - 0005-s_client-ircv3-starttls.patch - openssl-1.0.1-version-eglibc.patch - fix-default-apps-capath.patch - c_rehash.sh + 0001-fix-manpages.patch + 0002-busybox-basename.patch + 0003-use-termios.patch + 0004-fix-default-ca-path-for-apps.patch + 0005-fix-parallel-build.patch + 0006-add-ircv3-tls-3.1-extension-support-to-s_client.patch + 0007-reimplement-c_rehash-in-C.patch + 0008-maintain-abi-compat-with-no-freelist-and-regular-bui.patch + 0009-crypto-hmac-support-EVP_MD_CTX_FLAG_ONESHOT-and-set-.patch + 0010-backport-changes-from-upstream-padlock-module.patch + 0011-engines-e_padlock-implement-sha1-sha224-sha256-accel.patch + 0012-crypto-engine-autoload-padlock-dynamic-engine.patch " _builddir="$srcdir"/$pkgname-$pkgver prepare() { - cd "$_builddir" - for patch in $source; do - case $patch in - # we concider patches with uclibc in its name - # only usefull on uclibc install - *uclibc*.patch) - if [ "$ALPINE_LIBC" != "eglibc" ]; then - msg "Applying patch $patch" - patch -p1 -i "$srcdir"/$patch || return 1 - fi - ;; - # same applied to eglibc - *eglibc*.patch) - if [ "$ALPINE_LIBC" = "eglibc" ]; then - msg "Applying patch $patch" - patch -p1 -i "$srcdir"/$patch || return 1 - fi - ;; - *.patch) - msg "Applying patch $patch" - patch -p1 -i "$srcdir"/$patch || return 1 - ;; - esac -done + cd "$_builddir" + for patch in $source; do + case $patch in + *.patch) + msg "Applying patch $patch" + patch -p1 -i "$srcdir"/$patch || return 1 + ;; + esac + done + + # force generate apps, due to c_rehash patch + rm -rf "$_builddir"/apps/progs.h } build() { @@ -63,16 +53,15 @@ build() { -Wa,--noexecstack \ || return 1 - make -j1 || return 1 + make && make build-shared || return 1 } package() { cd "$_builddir" make -j1 INSTALL_PREFIX="$pkgdir" MANDIR=/usr/share/man install || return 1 - # replace the perl script with a shell script - rm -f "$pkgdir"/usr/bin/c_rehash - install -m 755 "$srcdir"/c_rehash.sh "$pkgdir"/usr/bin/c_rehash || return 1 + # c_rehash compat link + ln -sf openssl "$pkgdir"/usr/bin/c_rehash # rename man pages that conflict with man-pages local m @@ -104,36 +93,42 @@ libssl() { done } -md5sums="d4f002bd22a56881340105028842ae1f openssl-1.0.1k.tar.gz -f75151bfdd0e1f5191e0d0e7147e1638 fix-manpages.patch -c6a9857a5dbd30cead0404aa7dd73977 openssl-bb-basename.patch -ddb5fc155145d5b852425adaec32234d 0001-crypto-hmac-support-EVP_MD_CTX_FLAG_ONESHOT-and-set-.patch -a7717dd564ef876d4923a80751714d63 0002-engines-e_padlock-backport-cvs-head-changes.patch -cef4633142031b59960200e87ce3bb18 0003-engines-e_padlock-implement-sha1-sha224-sha256-accel.patch -c32f42451a07267ee5dfb3781fa40c00 0004-crypto-engine-autoload-padlock-dynamic-engine.patch -c5b1042a3acaf3591f3f5620b7086e12 0005-s_client-ircv3-starttls.patch -d1f3aaad7c36590f21355682983cd14e openssl-1.0.1-version-eglibc.patch -efec1bce615256961b1756e575ee1d0a fix-default-apps-capath.patch -b1068a6dd30ec8adf63b4fd0057491a0 c_rehash.sh" -sha256sums="8f9faeaebad088e772f4ef5e38252d472be4d878c6b3a2718c10a4fcebe7a41c openssl-1.0.1k.tar.gz -92296c9e121af10ecc1e302695bf2ceacaa9b00702e580504fc0ed04a9fba86e fix-manpages.patch -82863c2fed659a7186c7f3905a1853b8bd8060350ad101ce159fa7e7d2ba27e8 openssl-bb-basename.patch -18dd81fefb39b3328a444774ed10871ed50348ca171d2da9f826f916127b2dae 0001-crypto-hmac-support-EVP_MD_CTX_FLAG_ONESHOT-and-set-.patch -30fbadf31dc13d9bcc758741f5560f6e13dd66c067f62d1b9066fb656f6aaaf2 0002-engines-e_padlock-backport-cvs-head-changes.patch -cbb2493ec9157e78035e9cc02be17655996ee9cd0a71b79507fc19f3862f452b 0003-engines-e_padlock-implement-sha1-sha224-sha256-accel.patch -157ec6d17add25b96956abc7c44259c91eebe8a6c1026cdb976b895bf42ec56f 0004-crypto-engine-autoload-padlock-dynamic-engine.patch -44b553d92e33c48f854a8e15b23830375bc400e987505c74956ac196266f0d46 0005-s_client-ircv3-starttls.patch -51146851d8454dcb73138f794ced8bd629658b4a0524c466f61b653fff536c93 openssl-1.0.1-version-eglibc.patch -1e11d6b8cdcdd6957c69d33ab670c5918fc96c12fdb9b76b4287cb8f69c3545d fix-default-apps-capath.patch -4999ee79892f52bd6a4a7baba9fac62262454d573bbffd72685d3aae9e48cee0 c_rehash.sh" -sha512sums="8b000fbd1bf919d9913a314f99aedd48a69f6caa4ccf43237889e73e08cbe0d82bfc27e9c7c4cade09fc459f91d6c4a831a9b3fc8bca0344fb864eadd7d1e8e8 openssl-1.0.1k.tar.gz -b0eda7e9b53195b0855da68617201c3c7026eb7464ab58f0bc9923013663ec6b826d1868fe88b87118d3134114cbd9ac15d2c8389c85ef9c1bb4d18575b68a5b fix-manpages.patch -6c4f4b0c1b606b3e5a8175618c4398923392f9c25ad8d3f5b65b0424fe51e104c4f456d2da590d9f572382225ab320278e88db1585790092450cad60a02819a5 openssl-bb-basename.patch -ea282b09d4692a29e5a554e19b0798fa921717d4892decc68cba92cad11e85e4064d8ac78d98f6fa8bb45c65fdd1a5d1a6f6755e53102d520e9d8b807c3a7822 0001-crypto-hmac-support-EVP_MD_CTX_FLAG_ONESHOT-and-set-.patch -c86694b1931ef16eb467f5228a7ea2c36c90570daedb405bb24e7915b2e29f9ba20386cdef0ebea6af23ca04839d713bd05f0c8f3b7f6377331a6ab96c505f44 0002-engines-e_padlock-backport-cvs-head-changes.patch -b019320869d215014ad46e0b29aa239e31243571c4d45256b3ce6449a67fdc106a381c1cf3abd55ddbfd6a0e9ffa3e3167377317cbc72b254b1f9bcc0e22b8b6 0003-engines-e_padlock-implement-sha1-sha224-sha256-accel.patch -3bedc326ca3e5945bc4ec4dccfe596042ee87aaeaf90b5063110a99cc8e38584838d68289907e4a3fcdb8e04635052ad0759c94e1d7070bb317c2066e2506bbe 0004-crypto-engine-autoload-padlock-dynamic-engine.patch -70cd257bbd5a86685dc2508399e67746b60ed5d581eb84fe4d4fc6af214f31b71e2a58ad758d572976a61f67bf64c37a935a9788db160f75bced75397b9bcce3 0005-s_client-ircv3-starttls.patch -6db9d9ee62048d27f80e392eda99a46712ee85f1c8fd49f4931be73c880da8b84844a72657f7bceddb7db0026daddd31870d9c5065494f8d359ee8560284fd4a openssl-1.0.1-version-eglibc.patch -f2e737146a473d55b99f27457718ca299a02a0c74009026a30c3d1347c575bc264962b5708995e02ef7d68521b8366ccea7320523efb87b1ab2632d73fec5658 fix-default-apps-capath.patch -55e8c2e827750a4f375cb83c86bfe2d166c01ffa5d7e9b16657b72b38b747c8985dd2c98f854c911dfbbee2ff3e92aff39fdf089d979b2e3534b7685ee8b80da c_rehash.sh" +md5sums="d143d1555d842a069cb7cc34ba745a06 openssl-1.0.1m.tar.gz +d0e8c6e64fef345fed08010915e12c73 0001-fix-manpages.patch +67bdfe450143a41042d2c318003e963a 0002-busybox-basename.patch +84c03f201f55ca7fbfde364cfdfc9cf4 0003-use-termios.patch +451efb6471e55a57064b73bfe6edddee 0004-fix-default-ca-path-for-apps.patch +99753d86ab1334ac61415d6152168e91 0005-fix-parallel-build.patch +5a5753f52b9f54f769f1ad915d0119bd 0006-add-ircv3-tls-3.1-extension-support-to-s_client.patch +106b2c7590d49a28c782cf3f5d623543 0007-reimplement-c_rehash-in-C.patch +7a2f9c883ecdfca3087062df4a68150a 0008-maintain-abi-compat-with-no-freelist-and-regular-bui.patch +25091afb907de2b504f8bad6bf70002c 0009-crypto-hmac-support-EVP_MD_CTX_FLAG_ONESHOT-and-set-.patch +aa16c89b283faf0fe546e3f897279c44 0010-backport-changes-from-upstream-padlock-module.patch +57cca845e22c178c3b317010be56edf0 0011-engines-e_padlock-implement-sha1-sha224-sha256-accel.patch +2ac874d1249f5f68d8c7cd58d157d29a 0012-crypto-engine-autoload-padlock-dynamic-engine.patch" +sha256sums="095f0b7b09116c0c5526422088058dc7e6e000aa14d22acca6a4e2babcdfef74 openssl-1.0.1m.tar.gz +75ce7e499e12f65db12181282198ab8172bd63265d6ec469b58680d74f8438c7 0001-fix-manpages.patch +b449fb998b5f60a3a1779ac2f432b2c7f08ae52fc6dfa98bca37d735f863d400 0002-busybox-basename.patch +c3e6a9710726dac72e3eeffd78961d3bae67a480f6bde7890e066547da25cdfd 0003-use-termios.patch +d438a36b2b0adf342ebef4b5e9793bcdae3b3027061100f660749c322acbe93d 0004-fix-default-ca-path-for-apps.patch +722079e4c758b51c955d4e31befbd0b1f77193db91f8a6505e7a431626ce3218 0005-fix-parallel-build.patch +9baecc8024bd5004ef045c6c53537f7453029c1e273874ce639834145564ca6d 0006-add-ircv3-tls-3.1-extension-support-to-s_client.patch +c934b5d1a2cb58b5235da2dfee423f0f66bb83e1d479f511b444751899637c37 0007-reimplement-c_rehash-in-C.patch +1030f885dc76f352854a7a95d73e68cfd1479c5f9ee198d6afef6b0755ee1c81 0008-maintain-abi-compat-with-no-freelist-and-regular-bui.patch +2eddcb7ab342285cb637ce6b6be143cca835f449f35dd9bb8c7b9167ba2117a7 0009-crypto-hmac-support-EVP_MD_CTX_FLAG_ONESHOT-and-set-.patch +aee88a24622ce9d71e38deeb874e58435dcf8ff5690f56194f0e4a00fb09b260 0010-backport-changes-from-upstream-padlock-module.patch +c10b8aaf56a4f4f79ca195fc587e0bb533f643e777d7a3e6fb0350399a6060ea 0011-engines-e_padlock-implement-sha1-sha224-sha256-accel.patch +2f7c850af078a3ae71b2dd38d5d0b3964ea4262e52673e36ff33498cc6223e6c 0012-crypto-engine-autoload-padlock-dynamic-engine.patch" +sha512sums="f37b60cb4449674d5c06a4056acc3d11f1c9773da6111148fa3fbf8d14362ba1ff5eb5e0c0e06c2b5c84543b2b974584617e393ca83de2230cbbe69b52975afc openssl-1.0.1m.tar.gz +04baa895f0f8f893c3109e7eb03e019e6e6217b1c2a69dcee70f48907d63d83079e61ee54d21f1282c699d2fc8c7201905fda8dfc26f61f70a59d20892098cfb 0001-fix-manpages.patch +2244f46cb18e6b98f075051dd2446c47f7590abccd108fbab707f168a20cad8d32220d704635973f09e3b2879f523be5160f1ffbc12ab3900f8a8891dc855c5c 0002-busybox-basename.patch +58e42058a0c8086c49d681b1e226da39a8cf8cb88c51cf739dec2ff12e1bb5d7208ac5033264b186d58e9bdfe992fe9ddb95701d01caf1824396b2cefe30c0a4 0003-use-termios.patch +82340da695de51a8df9e76289ea1cbb9b3ad2f10d3b793b0d2155ddfce573d497ed1e35e68fdfea8e3b6c1007908698e1a5354041f9567175f2d480920d86f63 0004-fix-default-ca-path-for-apps.patch +c8a393db2fef476f8c1fb7618e9231166f0a00fbdf3538f3eb0cf4095e751fbb671ce03a6dcab71461f936e2012332f5c0ec97c4163aa1dd2b9554b84995b2e3 0005-fix-parallel-build.patch +820d4ce1c222696fe3f1dd0d11815c06262ec230fdb174532fd507286667a0aefbf858ea5edac4245a54b950cd0556545ecd0c5cf494692a2ba131c667e7bcd5 0006-add-ircv3-tls-3.1-extension-support-to-s_client.patch +fc4e383ec85c6543e4e82520904122a5a5601c68042ece1e95a0cae95e02d89174f06f78ba2f8aacae8df16052df6ec628b568519a41706428a3fa07984cc8e3 0007-reimplement-c_rehash-in-C.patch +17ad683bb91a3a3c5bcc456c8aed7f0b42414c6de06ebafa4753af93c42d9827c9978a43d4d53d741a45df7f7895c6f6163172af57cc7b391cfd15f45ce6c351 0008-maintain-abi-compat-with-no-freelist-and-regular-bui.patch +8c181760d7a149aa18d246d50f1c0438ffb63c98677b05306dfc00400ad0429b47d31e7c8d85126005c67f743d23e7a8a81174ffe98556f4caf9cf6b04d9ff17 0009-crypto-hmac-support-EVP_MD_CTX_FLAG_ONESHOT-and-set-.patch +a3555440b5f544bfd6b9ad97557d8f4c1d673f6a35219f65056a72035d186be5f354717ddf9784899b602464d48657b090ade24379552d43af97609c0f48c389 0010-backport-changes-from-upstream-padlock-module.patch +6353c7a94016c20db5d683dde37775f6780952ecdb1a5f39f878d04ba37f6ad79ae10fb6d65d181d912505a5d1e22463004cd855d548b364c00b120da2b0fdbc 0011-engines-e_padlock-implement-sha1-sha224-sha256-accel.patch +b72436eb8d4dac42d8da76a51d46cfc03e92e162f692a7a1761201221b9c6d66b738c08270b2260f02ce47b42043538474df73a7185dd4a809dd3b14cc8af7c3 0012-crypto-engine-autoload-padlock-dynamic-engine.patch" diff --git a/main/openssl/c_rehash.sh b/main/openssl/c_rehash.sh deleted file mode 100644 index 75a774945c..0000000000 --- a/main/openssl/c_rehash.sh +++ /dev/null @@ -1,210 +0,0 @@ -#!/bin/sh -# -# Ben Secrest -# -# sh c_rehash script, scan all files in a directory -# and add symbolic links to their hash values. -# -# based on the c_rehash perl script distributed with openssl -# -# LICENSE: See OpenSSL license -# ^^acceptable?^^ -# - -# default certificate location -DIR=/etc/openssl - -# for filetype bitfield -IS_CERT=$(( 1 << 0 )) -IS_CRL=$(( 1 << 1 )) - - -# check to see if a file is a certificate file or a CRL file -# arguments: -# 1. the filename to be scanned -# returns: -# bitfield of file type; uses ${IS_CERT} and ${IS_CRL} -# -check_file() -{ - local IS_TYPE=0 - - # make IFS a newline so we can process grep output line by line - local OLDIFS=${IFS} - IFS=$( printf "\n" ) - - # XXX: could be more efficient to have two 'grep -m' but is -m portable? - for LINE in $( grep '^-----BEGIN .*-----' ${1} ) - do - if echo ${LINE} \ - | grep -q -E '^-----BEGIN (X509 |TRUSTED )?CERTIFICATE-----' - then - IS_TYPE=$(( ${IS_TYPE} | ${IS_CERT} )) - - if [ $(( ${IS_TYPE} & ${IS_CRL} )) -ne 0 ] - then - break - fi - elif echo ${LINE} | grep -q '^-----BEGIN X509 CRL-----' - then - IS_TYPE=$(( ${IS_TYPE} | ${IS_CRL} )) - - if [ $(( ${IS_TYPE} & ${IS_CERT} )) -ne 0 ] - then - break - fi - fi - done - - # restore IFS - IFS=${OLDIFS} - - return ${IS_TYPE} -} - - -# -# use openssl to fingerprint a file -# arguments: -# 1. the filename to fingerprint -# 2. the method to use (x509, crl) -# returns: -# none -# assumptions: -# user will capture output from last stage of pipeline -# -fingerprint() -{ - ${SSL_CMD} ${2} -fingerprint -noout -in ${1} | sed 's/^.*=//' | tr -d ':' -} - - -# -# link_hash - create links to certificate files -# arguments: -# 1. the filename to create a link for -# 2. the type of certificate being linked (x509, crl) -# returns: -# 0 on success, 1 otherwise -# -link_hash() -{ - local FINGERPRINT=$( fingerprint ${1} ${2} ) - local HASH=$( ${SSL_CMD} ${2} -hash -noout -in ${1} ) - local SUFFIX=0 - local LINKFILE='' - local TAG='' - - if [ ${2} = "crl" ] - then - TAG='r' - fi - - LINKFILE=${HASH}.${TAG}${SUFFIX} - - while [ -f ${LINKFILE} ] - do - if [ ${FINGERPRINT} = $( fingerprint ${LINKFILE} ${2} ) ] - then - echo "WARNING: Skipping duplicate file ${1}" >&2 - return 1 - fi - - SUFFIX=$(( ${SUFFIX} + 1 )) - LINKFILE=${HASH}.${TAG}${SUFFIX} - done - - echo "${1} => ${LINKFILE}" - - # assume any system with a POSIX shell will either support symlinks or - # do something to handle this gracefully - ln -s ${1} ${LINKFILE} - - return 0 -} - - -# hash_dir create hash links in a given directory -hash_dir() -{ - echo "Doing ${1}" - - cd ${1} - - ls -1 * 2>/dev/null | while read FILE - do - if echo ${FILE} | grep -q -E '^[[:xdigit:]]{8}\.r?[[:digit:]]+$' \ - && [ -h "${FILE}" ] - then - rm ${FILE} - fi - done - - ls -1 *.pem 2>/dev/null | while read FILE - do - check_file ${FILE} - local FILE_TYPE=${?} - local TYPE_STR='' - - if [ $(( ${FILE_TYPE} & ${IS_CERT} )) -ne 0 ] - then - TYPE_STR='x509' - elif [ $(( ${FILE_TYPE} & ${IS_CRL} )) -ne 0 ] - then - TYPE_STR='crl' - else - echo "WARNING: ${FILE} does not contain a certificate or CRL: skipping" >&2 - continue - fi - - link_hash ${FILE} ${TYPE_STR} - done -} - - -# choose the name of an ssl application -if [ -n "${OPENSSL}" ] -then - SSL_CMD=$(which ${OPENSSL} 2>/dev/null) -else - SSL_CMD=/usr/bin/openssl - OPENSSL=${SSL_CMD} - export OPENSSL -fi - -# fix paths -PATH=${PATH}:${DIR}/bin -export PATH - -# confirm existance/executability of ssl command -if ! [ -x ${SSL_CMD} ] -then - echo "${0}: rehashing skipped ('openssl' program not available)" >&2 - exit 0 -fi - -# determine which directories to process -old_IFS=$IFS -if [ ${#} -gt 0 ] -then - IFS=':' - DIRLIST=${*} -elif [ -n "${SSL_CERT_DIR}" ] -then - DIRLIST=$SSL_CERT_DIR -else - DIRLIST=${DIR}/certs -fi - -IFS=':' - -# process directories -for CERT_DIR in ${DIRLIST} -do - if [ -d ${CERT_DIR} -a -w ${CERT_DIR} ] - then - IFS=$old_IFS - hash_dir ${CERT_DIR} - IFS=':' - fi -done diff --git a/main/openssl/fix-default-apps-capath.patch b/main/openssl/fix-default-apps-capath.patch deleted file mode 100644 index 4c48f26612..0000000000 --- a/main/openssl/fix-default-apps-capath.patch +++ /dev/null @@ -1,102 +0,0 @@ -http://rt.openssl.org/Ticket/Display.html?id=2936&user=guest&pass=guest - -diff -up openssl-1.0.1c/apps/s_client.c.default-paths openssl-1.0.1c/apps/s_client.c ---- openssl-1.0.1c/apps/s_client.c.default-paths 2012-03-18 19:16:05.000000000 +0100 -+++ openssl-1.0.1c/apps/s_client.c 2012-12-06 18:24:06.425933203 +0100 -@@ -1166,12 +1166,19 @@ bad: - if (!set_cert_key_stuff(ctx,cert,key)) - goto end; - -- if ((!SSL_CTX_load_verify_locations(ctx,CAfile,CApath)) || -- (!SSL_CTX_set_default_verify_paths(ctx))) -+ if (CAfile == NULL && CApath == NULL) - { -- /* BIO_printf(bio_err,"error setting default verify locations\n"); */ -- ERR_print_errors(bio_err); -- /* goto end; */ -+ if (!SSL_CTX_set_default_verify_paths(ctx)) -+ { -+ ERR_print_errors(bio_err); -+ } -+ } -+ else -+ { -+ if (!SSL_CTX_load_verify_locations(ctx,CAfile,CApath)) -+ { -+ ERR_print_errors(bio_err); -+ } - } - - #ifndef OPENSSL_NO_TLSEXT -diff -up openssl-1.0.1c/apps/s_server.c.default-paths openssl-1.0.1c/apps/s_server.c ---- openssl-1.0.1c/apps/s_server.c.default-paths 2012-03-18 19:16:05.000000000 +0100 -+++ openssl-1.0.1c/apps/s_server.c 2012-12-06 18:25:11.199329611 +0100 -@@ -1565,13 +1565,21 @@ bad: - } - #endif - -- if ((!SSL_CTX_load_verify_locations(ctx,CAfile,CApath)) || -- (!SSL_CTX_set_default_verify_paths(ctx))) -+ if (CAfile == NULL && CApath == NULL) - { -- /* BIO_printf(bio_err,"X509_load_verify_locations\n"); */ -- ERR_print_errors(bio_err); -- /* goto end; */ -+ if (!SSL_CTX_set_default_verify_paths(ctx)) -+ { -+ ERR_print_errors(bio_err); -+ } -+ } -+ else -+ { -+ if (!SSL_CTX_load_verify_locations(ctx,CAfile,CApath)) -+ { -+ ERR_print_errors(bio_err); -+ } - } -+ - if (vpm) - SSL_CTX_set1_param(ctx, vpm); - -@@ -1622,8 +1630,11 @@ bad: - else - SSL_CTX_sess_set_cache_size(ctx2,128); - -- if ((!SSL_CTX_load_verify_locations(ctx2,CAfile,CApath)) || -- (!SSL_CTX_set_default_verify_paths(ctx2))) -+ if (!SSL_CTX_load_verify_locations(ctx2,CAfile,CApath)) -+ { -+ ERR_print_errors(bio_err); -+ } -+ if (!SSL_CTX_set_default_verify_paths(ctx2)) - { - ERR_print_errors(bio_err); - } -diff -up openssl-1.0.1c/apps/s_time.c.default-paths openssl-1.0.1c/apps/s_time.c ---- openssl-1.0.1c/apps/s_time.c.default-paths 2006-04-17 14:22:13.000000000 +0200 -+++ openssl-1.0.1c/apps/s_time.c 2012-12-06 18:27:41.694574044 +0100 -@@ -373,12 +373,19 @@ int MAIN(int argc, char **argv) - - SSL_load_error_strings(); - -- if ((!SSL_CTX_load_verify_locations(tm_ctx,CAfile,CApath)) || -- (!SSL_CTX_set_default_verify_paths(tm_ctx))) -+ if (CAfile == NULL && CApath == NULL) - { -- /* BIO_printf(bio_err,"error setting default verify locations\n"); */ -- ERR_print_errors(bio_err); -- /* goto end; */ -+ if (!SSL_CTX_set_default_verify_paths(tm_ctx)) -+ { -+ ERR_print_errors(bio_err); -+ } -+ } -+ else -+ { -+ if (!SSL_CTX_load_verify_locations(tm_ctx,CAfile,CApath)) -+ { -+ ERR_print_errors(bio_err); -+ } - } - - if (tm_cipher == NULL) diff --git a/main/openssl/fix-manpages.patch b/main/openssl/fix-manpages.patch deleted file mode 100644 index 082f8a5788..0000000000 --- a/main/openssl/fix-manpages.patch +++ /dev/null @@ -1,599 +0,0 @@ -diff --git a/FAQ b/FAQ -index 2134e3a..18a8831 100644 ---- a/FAQ -+++ b/FAQ -@@ -724,7 +724,7 @@ OpenSSL by calling CRYPTO_set_locking_callback() and - CRYPTO_set_id_callback(), for all versions of OpenSSL up to and - including 0.9.8[abc...]. As of version 0.9.9, CRYPTO_set_id_callback() - and associated APIs are deprecated by CRYPTO_THREADID_set_callback() --and friends. This is described in the threads(3) manpage. -+and friends. This is described in the openssl_threads(3) manpage. - - * I've compiled a program under Windows and it crashes: why? - -diff --git a/crypto/rand/md_rand.c b/crypto/rand/md_rand.c -index 88088ce..e5da17f 100644 ---- a/crypto/rand/md_rand.c -+++ b/crypto/rand/md_rand.c -@@ -196,7 +196,7 @@ static void ssleay_rand_add(const void *buf, int num, double add) - int do_not_lock; - - /* -- * (Based on the rand(3) manpage) -+ * (Based on the openssl_rand(3) manpage) - * - * The input is chopped up into units of 20 bytes (or less for - * the last block). Each of these blocks is run through the hash -@@ -361,7 +361,7 @@ static int ssleay_rand_bytes(unsigned char *buf, int num) - num_ceil = (1 + (num-1)/(MD_DIGEST_LENGTH/2)) * (MD_DIGEST_LENGTH/2); - - /* -- * (Based on the rand(3) manpage:) -+ * (Based on the openssl_rand(3) manpage) - * - * For each group of 10 bytes (or less), we do the following: - * -diff --git a/doc/apps/openssl.pod b/doc/apps/openssl.pod -index 738142e..e904f05 100644 ---- a/doc/apps/openssl.pod -+++ b/doc/apps/openssl.pod -@@ -163,7 +163,7 @@ Create or examine a netscape certificate sequence - - Online Certificate Status Protocol utility. - --=item L|passwd(1)> -+=item L|openssl-passwd(1)> - - Generation of hashed passwords. - -@@ -401,7 +401,7 @@ L, L, L, - L, L, L, - L, L, L, - L, L, L, --L, -+L, - L, L, L, - L, L, L, - L, L, -diff --git a/doc/crypto/BN_generate_prime.pod b/doc/crypto/BN_generate_prime.pod -index 7dccacb..71e7078 100644 ---- a/doc/crypto/BN_generate_prime.pod -+++ b/doc/crypto/BN_generate_prime.pod -@@ -90,7 +90,7 @@ The error codes can be obtained by L. - - =head1 SEE ALSO - --L, L, L -+L, L, L - - =head1 HISTORY - -diff --git a/doc/crypto/BN_rand.pod b/doc/crypto/BN_rand.pod -index 81f93c2..690aa85 100644 ---- a/doc/crypto/BN_rand.pod -+++ b/doc/crypto/BN_rand.pod -@@ -45,7 +45,7 @@ The error codes can be obtained by L. - - =head1 SEE ALSO - --L, L, L, -+L, L, L, - L, L - - =head1 HISTORY -diff --git a/doc/crypto/DH_generate_key.pod b/doc/crypto/DH_generate_key.pod -index 81f09fd..0d9f1e5 100644 ---- a/doc/crypto/DH_generate_key.pod -+++ b/doc/crypto/DH_generate_key.pod -@@ -40,7 +40,7 @@ The error codes can be obtained by L. - - =head1 SEE ALSO - --L, L, L, L -+L, L, L, L - - =head1 HISTORY - -diff --git a/doc/crypto/DH_generate_parameters.pod b/doc/crypto/DH_generate_parameters.pod -index 9081e9e..0c0f78c 100644 ---- a/doc/crypto/DH_generate_parameters.pod -+++ b/doc/crypto/DH_generate_parameters.pod -@@ -59,7 +59,7 @@ a usable generator. - - =head1 SEE ALSO - --L, L, L, -+L, L, L, - L - - =head1 HISTORY -diff --git a/doc/crypto/DSA_do_sign.pod b/doc/crypto/DSA_do_sign.pod -index 5dfc733..0a6d5f1 100644 ---- a/doc/crypto/DSA_do_sign.pod -+++ b/doc/crypto/DSA_do_sign.pod -@@ -36,7 +36,7 @@ L. - - =head1 SEE ALSO - --L, L, L, -+L, L, L, - L, - L - -diff --git a/doc/crypto/DSA_generate_key.pod b/doc/crypto/DSA_generate_key.pod -index af83ccf..95080eb 100644 ---- a/doc/crypto/DSA_generate_key.pod -+++ b/doc/crypto/DSA_generate_key.pod -@@ -24,7 +24,7 @@ The error codes can be obtained by L. - - =head1 SEE ALSO - --L, L, L, -+L, L, L, - L - - =head1 HISTORY -diff --git a/doc/crypto/DSA_generate_parameters.pod b/doc/crypto/DSA_generate_parameters.pod -index be7c924..2b1f78f 100644 ---- a/doc/crypto/DSA_generate_parameters.pod -+++ b/doc/crypto/DSA_generate_parameters.pod -@@ -90,7 +90,7 @@ Seed lengths E 20 are not supported. - - =head1 SEE ALSO - --L, L, L, -+L, L, L, - L - - =head1 HISTORY -diff --git a/doc/crypto/DSA_sign.pod b/doc/crypto/DSA_sign.pod -index 97389e8..2e6f6f3 100644 ---- a/doc/crypto/DSA_sign.pod -+++ b/doc/crypto/DSA_sign.pod -@@ -55,7 +55,7 @@ Standard, DSS), ANSI X9.30 - - =head1 SEE ALSO - --L, L, L, -+L, L, L, - L - - =head1 HISTORY -diff --git a/doc/crypto/ERR_GET_LIB.pod b/doc/crypto/ERR_GET_LIB.pod -index 2a129da..a881bdb 100644 ---- a/doc/crypto/ERR_GET_LIB.pod -+++ b/doc/crypto/ERR_GET_LIB.pod -@@ -41,7 +41,7 @@ The library number, function code and reason code respectively. - - =head1 SEE ALSO - --L, L -+L, L - - =head1 HISTORY - -diff --git a/doc/crypto/ERR_clear_error.pod b/doc/crypto/ERR_clear_error.pod -index 566e1f4..0f503e7 100644 ---- a/doc/crypto/ERR_clear_error.pod -+++ b/doc/crypto/ERR_clear_error.pod -@@ -20,7 +20,7 @@ ERR_clear_error() has no return value. - - =head1 SEE ALSO - --L, L -+L, L - - =head1 HISTORY - -diff --git a/doc/crypto/ERR_error_string.pod b/doc/crypto/ERR_error_string.pod -index cdfa7fe..d774ec1 100644 ---- a/doc/crypto/ERR_error_string.pod -+++ b/doc/crypto/ERR_error_string.pod -@@ -60,7 +60,7 @@ none is registered for the error code. - - =head1 SEE ALSO - --L, L, -+L, L, - L, - L - L -diff --git a/doc/crypto/ERR_get_error.pod b/doc/crypto/ERR_get_error.pod -index 3444304..cd3d7ce 100644 ---- a/doc/crypto/ERR_get_error.pod -+++ b/doc/crypto/ERR_get_error.pod -@@ -61,7 +61,7 @@ The error code, or 0 if there is no error in the queue. - - =head1 SEE ALSO - --L, L, -+L, L, - L - - =head1 HISTORY -diff --git a/doc/crypto/ERR_load_crypto_strings.pod b/doc/crypto/ERR_load_crypto_strings.pod -index 9bdec75..9c1b991 100644 ---- a/doc/crypto/ERR_load_crypto_strings.pod -+++ b/doc/crypto/ERR_load_crypto_strings.pod -@@ -35,7 +35,7 @@ ERR_free_strings() return no values. - - =head1 SEE ALSO - --L, L -+L, L - - =head1 HISTORY - -diff --git a/doc/crypto/ERR_load_strings.pod b/doc/crypto/ERR_load_strings.pod -index 5acdd0e..261c87d 100644 ---- a/doc/crypto/ERR_load_strings.pod -+++ b/doc/crypto/ERR_load_strings.pod -@@ -43,7 +43,7 @@ ERR_get_next_error_library() returns a new library number. - - =head1 SEE ALSO - --L, L -+L, L - - =head1 HISTORY - -diff --git a/doc/crypto/ERR_print_errors.pod b/doc/crypto/ERR_print_errors.pod -index b100a5f..a8b34b7 100644 ---- a/doc/crypto/ERR_print_errors.pod -+++ b/doc/crypto/ERR_print_errors.pod -@@ -38,7 +38,7 @@ ERR_print_errors() and ERR_print_errors_fp() return no values. - - =head1 SEE ALSO - --L, L, -+L, L, - L, - L, - L -diff --git a/doc/crypto/ERR_put_error.pod b/doc/crypto/ERR_put_error.pod -index acd241f..9c0263a 100644 ---- a/doc/crypto/ERR_put_error.pod -+++ b/doc/crypto/ERR_put_error.pod -@@ -34,7 +34,7 @@ no values. - - =head1 SEE ALSO - --L, L -+L, L - - =head1 HISTORY - -diff --git a/doc/crypto/ERR_remove_state.pod b/doc/crypto/ERR_remove_state.pod -index 72925fb..8dd63da 100644 ---- a/doc/crypto/ERR_remove_state.pod -+++ b/doc/crypto/ERR_remove_state.pod -@@ -25,7 +25,7 @@ ERR_remove_state() returns no value. - - =head1 SEE ALSO - --L -+L - - =head1 HISTORY - -diff --git a/doc/crypto/EVP_BytesToKey.pod b/doc/crypto/EVP_BytesToKey.pod -index d375c46..6d6cf39 100644 ---- a/doc/crypto/EVP_BytesToKey.pod -+++ b/doc/crypto/EVP_BytesToKey.pod -@@ -59,7 +59,7 @@ EVP_BytesToKey() returns the size of the derived key in bytes. - - =head1 SEE ALSO - --L, L, -+L, L, - L - - =head1 HISTORY -diff --git a/doc/crypto/EVP_OpenInit.pod b/doc/crypto/EVP_OpenInit.pod -index 2e710da..31172e4 100644 ---- a/doc/crypto/EVP_OpenInit.pod -+++ b/doc/crypto/EVP_OpenInit.pod -@@ -54,7 +54,7 @@ EVP_OpenFinal() returns 0 if the decrypt failed or 1 for success. - - =head1 SEE ALSO - --L, L, -+L, L, - L, - L - -diff --git a/doc/crypto/EVP_SealInit.pod b/doc/crypto/EVP_SealInit.pod -index 7d793e1..a37101f 100644 ---- a/doc/crypto/EVP_SealInit.pod -+++ b/doc/crypto/EVP_SealInit.pod -@@ -74,7 +74,7 @@ with B set to NULL. - - =head1 SEE ALSO - --L, L, -+L, L, - L, - L - -diff --git a/doc/crypto/EVP_SignInit.pod b/doc/crypto/EVP_SignInit.pod -index 620a623..090f6e1 100644 ---- a/doc/crypto/EVP_SignInit.pod -+++ b/doc/crypto/EVP_SignInit.pod -@@ -89,7 +89,7 @@ The previous two bugs are fixed in the newer EVP_SignDigest*() function. - =head1 SEE ALSO - - L, --L, L, -+L, L, - L, L, L, - L, L, L, - L, L -diff --git a/doc/crypto/EVP_VerifyInit.pod b/doc/crypto/EVP_VerifyInit.pod -index 9097f09..2a8d225 100644 ---- a/doc/crypto/EVP_VerifyInit.pod -+++ b/doc/crypto/EVP_VerifyInit.pod -@@ -80,7 +80,7 @@ The previous two bugs are fixed in the newer EVP_VerifyDigest*() function. - - L, - L, --L, L, -+L, L, - L, L, L, - L, L, L, - L, L -diff --git a/doc/crypto/RAND_add.pod b/doc/crypto/RAND_add.pod -index 67c66f3..a6fc28a 100644 ---- a/doc/crypto/RAND_add.pod -+++ b/doc/crypto/RAND_add.pod -@@ -65,7 +65,7 @@ The other functions do not return values. - - =head1 SEE ALSO - --L, L, -+L, L, - L, L - - =head1 HISTORY -diff --git a/doc/crypto/RAND_bytes.pod b/doc/crypto/RAND_bytes.pod -index 1a9b91e..20c4110 100644 ---- a/doc/crypto/RAND_bytes.pod -+++ b/doc/crypto/RAND_bytes.pod -@@ -38,7 +38,7 @@ method. - - =head1 SEE ALSO - --L, L, -+L, L, - L - - =head1 HISTORY -diff --git a/doc/crypto/RAND_cleanup.pod b/doc/crypto/RAND_cleanup.pod -index 3a8f074..c99537d 100644 ---- a/doc/crypto/RAND_cleanup.pod -+++ b/doc/crypto/RAND_cleanup.pod -@@ -20,7 +20,7 @@ RAND_cleanup() returns no value. - - =head1 SEE ALSO - --L -+L - - =head1 HISTORY - -diff --git a/doc/crypto/RAND_egd.pod b/doc/crypto/RAND_egd.pod -index 8b8c61d..c367290 100644 ---- a/doc/crypto/RAND_egd.pod -+++ b/doc/crypto/RAND_egd.pod -@@ -72,7 +72,7 @@ success, and -1 if the connection failed. The PRNG state is not considered. - - =head1 SEE ALSO - --L, L, -+L, L, - L - - =head1 HISTORY -diff --git a/doc/crypto/RAND_load_file.pod b/doc/crypto/RAND_load_file.pod -index d8c134e..a079013 100644 ---- a/doc/crypto/RAND_load_file.pod -+++ b/doc/crypto/RAND_load_file.pod -@@ -43,7 +43,7 @@ error. - - =head1 SEE ALSO - --L, L, L -+L, L, L - - =head1 HISTORY - -diff --git a/doc/crypto/RAND_set_rand_method.pod b/doc/crypto/RAND_set_rand_method.pod -index e5b780f..7f3ad1b 100644 ---- a/doc/crypto/RAND_set_rand_method.pod -+++ b/doc/crypto/RAND_set_rand_method.pod -@@ -67,7 +67,7 @@ algorithms. - - =head1 SEE ALSO - --L, L -+L, L - - =head1 HISTORY - -diff --git a/doc/crypto/RSA_blinding_on.pod b/doc/crypto/RSA_blinding_on.pod -index fd2c69a..7b98614 100644 ---- a/doc/crypto/RSA_blinding_on.pod -+++ b/doc/crypto/RSA_blinding_on.pod -@@ -34,7 +34,7 @@ RSA_blinding_off() returns no value. - - =head1 SEE ALSO - --L, L -+L, L - - =head1 HISTORY - -diff --git a/doc/crypto/RSA_generate_key.pod b/doc/crypto/RSA_generate_key.pod -index 52dbb14..3db3487 100644 ---- a/doc/crypto/RSA_generate_key.pod -+++ b/doc/crypto/RSA_generate_key.pod -@@ -59,7 +59,7 @@ RSA_generate_key() goes into an infinite loop for illegal input values. - - =head1 SEE ALSO - --L, L, L, -+L, L, L, - L - - =head1 HISTORY -diff --git a/doc/crypto/RSA_public_encrypt.pod b/doc/crypto/RSA_public_encrypt.pod -index ab0fe3b..3b00daf 100644 ---- a/doc/crypto/RSA_public_encrypt.pod -+++ b/doc/crypto/RSA_public_encrypt.pod -@@ -73,7 +73,7 @@ SSL, PKCS #1 v2.0 - - =head1 SEE ALSO - --L, L, L, -+L, L, L, - L - - =head1 HISTORY -diff --git a/doc/crypto/RSA_sign_ASN1_OCTET_STRING.pod b/doc/crypto/RSA_sign_ASN1_OCTET_STRING.pod -index e70380b..121f3df 100644 ---- a/doc/crypto/RSA_sign_ASN1_OCTET_STRING.pod -+++ b/doc/crypto/RSA_sign_ASN1_OCTET_STRING.pod -@@ -48,7 +48,7 @@ These functions serve no recognizable purpose. - =head1 SEE ALSO - - L, L, --L, L, L, -+L, L, L, - L - - =head1 HISTORY -diff --git a/doc/crypto/bn.pod b/doc/crypto/bn.pod -index cd2f8e5..a6f8c58 100644 ---- a/doc/crypto/bn.pod -+++ b/doc/crypto/bn.pod -@@ -167,7 +167,7 @@ of Bs to external formats is described in L. - =head1 SEE ALSO - - L, --L, L, L, L, -+L, L, L, L, - L, L, - L, L, L, - L, L, -diff --git a/doc/crypto/crypto.pod b/doc/crypto/crypto.pod -index 7a52799..ca71202 100644 ---- a/doc/crypto/crypto.pod -+++ b/doc/crypto/crypto.pod -@@ -46,7 +46,7 @@ L - - =item AUXILIARY FUNCTIONS - --L, L, L, -+L, L, L, - L - - =item INPUT/OUTPUT, DATA ENCODING -diff --git a/doc/crypto/des.pod b/doc/crypto/des.pod -index 6f0cf1c..3fd2c47 100644 ---- a/doc/crypto/des.pod -+++ b/doc/crypto/des.pod -@@ -115,7 +115,7 @@ each byte is the parity bit. The key schedule is an expanded form of - the key; it is used to speed the encryption process. - - DES_random_key() generates a random key. The PRNG must be seeded --prior to using this function (see L). If the PRNG -+prior to using this function (see L). If the PRNG - could not generate a secure key, 0 is returned. - - Before a DES key can be used, it must be converted into the -@@ -317,7 +317,7 @@ the MIT Kerberos library. - - =head1 SEE ALSO - --crypt(3), L, L, L -+crypt(3), L, L, L - - =head1 HISTORY - -diff --git a/doc/crypto/dh.pod b/doc/crypto/dh.pod -index c3ccd06..28707bf 100644 ---- a/doc/crypto/dh.pod -+++ b/doc/crypto/dh.pod -@@ -67,8 +67,8 @@ modify keys. - - =head1 SEE ALSO - --L, L, L, L, --L, L, L, -+L, L, L, L, -+L, L, L, - L, L, - L, - L, -diff --git a/doc/crypto/dsa.pod b/doc/crypto/dsa.pod -index da07d2b..3187a73 100644 ---- a/doc/crypto/dsa.pod -+++ b/doc/crypto/dsa.pod -@@ -100,7 +100,7 @@ Standard, DSS), ANSI X9.30 - - =head1 SEE ALSO - --L, L, L, L, -+L, L, L, L, - L, L, L, - L, - L, -diff --git a/doc/crypto/engine.pod b/doc/crypto/engine.pod -index f5ab1c3..63f7ebc 100644 ---- a/doc/crypto/engine.pod -+++ b/doc/crypto/engine.pod -@@ -594,6 +594,6 @@ implementations. - - =head1 SEE ALSO - --L, L, L, L -+L, L, L, L - - =cut -diff --git a/doc/crypto/rsa.pod b/doc/crypto/rsa.pod -index 45ac53f..5fa0dcc 100644 ---- a/doc/crypto/rsa.pod -+++ b/doc/crypto/rsa.pod -@@ -108,7 +108,7 @@ RSA was covered by a US patent which expired in September 2000. - =head1 SEE ALSO - - L, L, L, L, --L, L, L, -+L, L, L, - L, - L, L, - L, -diff --git a/doc/ssl/SSL_get_error.pod b/doc/ssl/SSL_get_error.pod -index 48c6b15..5432293 100644 ---- a/doc/ssl/SSL_get_error.pod -+++ b/doc/ssl/SSL_get_error.pod -@@ -105,7 +105,7 @@ OpenSSL error queue contains more information on the error. - - =head1 SEE ALSO - --L, L -+L, L - - =head1 HISTORY - -diff --git a/doc/ssl/SSL_want.pod b/doc/ssl/SSL_want.pod -index c0059c0..2e51a75 100644 ---- a/doc/ssl/SSL_want.pod -+++ b/doc/ssl/SSL_want.pod -@@ -72,6 +72,6 @@ return 1, when the corresponding condition is true or 0 otherwise. - - =head1 SEE ALSO - --L, L, L -+L, L, L - - =cut diff --git a/main/openssl/openssl-1.0.1-version-eglibc.patch b/main/openssl/openssl-1.0.1-version-eglibc.patch deleted file mode 100644 index eb5bb2ed50..0000000000 --- a/main/openssl/openssl-1.0.1-version-eglibc.patch +++ /dev/null @@ -1,55 +0,0 @@ -diff -up openssl-1.0.1/crypto/cversion.c.version openssl-1.0.1/crypto/cversion.c ---- openssl-1.0.1/crypto/cversion.c.version 2004-04-19 20:09:22.000000000 +0200 -+++ openssl-1.0.1/crypto/cversion.c 2012-03-14 20:58:20.630352536 +0100 -@@ -110,8 +110,15 @@ const char *SSLeay_version(int t) - return("not available"); - } - --unsigned long SSLeay(void) -+unsigned long _original_SSLeay(void) -+ { -+ return(0x10000003); -+ } -+ -+unsigned long _current_SSLeay(void) - { - return(SSLEAY_VERSION_NUMBER); - } - -+__asm__(".symver _original_SSLeay,SSLeay@"); -+__asm__(".symver _current_SSLeay,SSLeay@@OPENSSL_1.0.1"); -diff -up openssl-1.0.1/crypto/opensslv.h.version openssl-1.0.1/crypto/opensslv.h ---- openssl-1.0.1/crypto/opensslv.h.version 2012-03-14 20:58:19.914337879 +0100 -+++ openssl-1.0.1/crypto/opensslv.h 2012-03-14 20:58:20.630352536 +0100 -@@ -83,7 +83,7 @@ - * should only keep the versions that are binary compatible with the current. - */ - #define SHLIB_VERSION_HISTORY "" --#define SHLIB_VERSION_NUMBER "1.0.0" -+#define SHLIB_VERSION_NUMBER "1.0.1d" - - - #endif /* HEADER_OPENSSLV_H */ -diff -up openssl-1.0.1/Makefile.shared.version openssl-1.0.1/Makefile.shared ---- openssl-1.0.1/Makefile.shared.version 2012-03-14 20:58:20.553350959 +0100 -+++ openssl-1.0.1/Makefile.shared 2012-03-14 20:58:20.631352556 +0100 -@@ -151,7 +151,7 @@ DO_GNU_SO=$(CALC_VERSIONS); \ - SHLIB_SUFFIX=; \ - ALLSYMSFLAGS='-Wl,--whole-archive'; \ - NOALLSYMSFLAGS='-Wl,--no-whole-archive'; \ -- SHAREDFLAGS="$(CFLAGS) $(SHARED_LDFLAGS) -shared -Wl,-Bsymbolic -Wl,-soname=$$SHLIB$$SHLIB_SOVER$$SHLIB_SUFFIX" -+ SHAREDFLAGS="$(CFLAGS) $(SHARED_LDFLAGS) -shared -Wl,-Bsymbolic -Wl,--default-symver,--version-script=version.map -Wl,-soname=$$SHLIB$$SHLIB_SOVER$$SHLIB_SUFFIX" - - DO_GNU_APP=LDFLAGS="$(CFLAGS)" - -diff -up openssl-1.0.1/version.map.version openssl-1.0.1/version.map ---- openssl-1.0.1/version.map.version 2012-03-14 20:58:20.631352556 +0100 -+++ openssl-1.0.1/version.map 2012-03-14 20:58:20.631352556 +0100 -@@ -0,0 +1,7 @@ -+OPENSSL_1.0.1 { -+ global: -+ SSLeay; -+ local: -+ _original*; -+ _current*; -+}; diff --git a/main/openssl/openssl-bb-basename.patch b/main/openssl/openssl-bb-basename.patch deleted file mode 100644 index 441c7b91e3..0000000000 --- a/main/openssl/openssl-bb-basename.patch +++ /dev/null @@ -1,20 +0,0 @@ ---- openssl-0.9.8i.orig/Makefile.org Wed Nov 5 21:43:31 2008 -+++ openssl-0.9.8i/Makefile.org Wed Nov 5 22:26:40 2008 -@@ -551,7 +551,7 @@ - filecase=-i; \ - fi; \ - set -e; for i in doc/apps/*.pod; do \ -- fn=`basename $$i .pod`; \ -+ fn=`basename $$i .pod || true`; \ - sec=`$(PERL) util/extract-section.pl 1 < $$i`; \ - echo "installing man$$sec/$$fn.$${sec}$(MANSUFFIX)"; \ - (cd `$(PERL) util/dirname.pl $$i`; \ -@@ -568,7 +568,7 @@ - done); \ - done; \ - set -e; for i in doc/crypto/*.pod doc/ssl/*.pod; do \ -- fn=`basename $$i .pod`; \ -+ fn=`basename $$i .pod || true`; \ - sec=`$(PERL) util/extract-section.pl 3 < $$i`; \ - echo "installing man$$sec/$$fn.$${sec}$(MANSUFFIX)"; \ - (cd `$(PERL) util/dirname.pl $$i`; \ diff --git a/main/openssl/version-script-eglibc.patch b/main/openssl/version-script-eglibc.patch deleted file mode 100644 index 48a74213af..0000000000 --- a/main/openssl/version-script-eglibc.patch +++ /dev/null @@ -1,4664 +0,0 @@ -Index: openssl-1.0.1/Configure -=================================================================== ---- openssl-1.0.1.orig/Configure 2012-03-17 11:25:15.000000000 +0000 -+++ openssl-1.0.1/Configure 2012-03-17 11:48:15.000000000 +0000 -@@ -1616,6 +1616,8 @@ - } - } - -+$shared_ldflag .= " -Wl,--version-script=openssl.ld"; -+ - open(IN,'$Makefile.new") || die "unable to create $Makefile.new:$!\n"; -Index: openssl-1.0.1/openssl.ld -=================================================================== ---- /dev/null 1970-01-01 00:00:00.000000000 +0000 -+++ openssl-1.0.1/openssl.ld 2012-03-17 11:46:37.000000000 +0000 -@@ -0,0 +1,4615 @@ -+OPENSSL_1.0.0 { -+ global: -+ BIO_f_ssl; -+ BIO_new_buffer_ssl_connect; -+ BIO_new_ssl; -+ BIO_new_ssl_connect; -+ BIO_proxy_ssl_copy_session_id; -+ BIO_ssl_copy_session_id; -+ BIO_ssl_shutdown; -+ d2i_SSL_SESSION; -+ DTLSv1_client_method; -+ DTLSv1_method; -+ DTLSv1_server_method; -+ ERR_load_SSL_strings; -+ i2d_SSL_SESSION; -+ kssl_build_principal_2; -+ kssl_cget_tkt; -+ kssl_check_authent; -+ kssl_ctx_free; -+ kssl_ctx_new; -+ kssl_ctx_setkey; -+ kssl_ctx_setprinc; -+ kssl_ctx_setstring; -+ kssl_ctx_show; -+ kssl_err_set; -+ kssl_krb5_free_data_contents; -+ kssl_sget_tkt; -+ kssl_skip_confound; -+ kssl_validate_times; -+ PEM_read_bio_SSL_SESSION; -+ PEM_read_SSL_SESSION; -+ PEM_write_bio_SSL_SESSION; -+ PEM_write_SSL_SESSION; -+ SSL_accept; -+ SSL_add_client_CA; -+ SSL_add_dir_cert_subjects_to_stack; -+ SSL_add_dir_cert_subjs_to_stk; -+ SSL_add_file_cert_subjects_to_stack; -+ SSL_add_file_cert_subjs_to_stk; -+ SSL_alert_desc_string; -+ SSL_alert_desc_string_long; -+ SSL_alert_type_string; -+ SSL_alert_type_string_long; -+ SSL_callback_ctrl; -+ SSL_check_private_key; -+ SSL_CIPHER_description; -+ SSL_CIPHER_get_bits; -+ SSL_CIPHER_get_name; -+ SSL_CIPHER_get_version; -+ SSL_clear; -+ SSL_COMP_add_compression_method; -+ SSL_COMP_get_compression_methods; -+ SSL_COMP_get_compress_methods; -+ SSL_COMP_get_name; -+ SSL_connect; -+ SSL_copy_session_id; -+ SSL_ctrl; -+ SSL_CTX_add_client_CA; -+ SSL_CTX_add_session; -+ SSL_CTX_callback_ctrl; -+ SSL_CTX_check_private_key; -+ SSL_CTX_ctrl; -+ SSL_CTX_flush_sessions; -+ SSL_CTX_free; -+ SSL_CTX_get_cert_store; -+ SSL_CTX_get_client_CA_list; -+ SSL_CTX_get_client_cert_cb; -+ SSL_CTX_get_ex_data; -+ SSL_CTX_get_ex_new_index; -+ SSL_CTX_get_info_callback; -+ SSL_CTX_get_quiet_shutdown; -+ SSL_CTX_get_timeout; -+ SSL_CTX_get_verify_callback; -+ SSL_CTX_get_verify_depth; -+ SSL_CTX_get_verify_mode; -+ SSL_CTX_load_verify_locations; -+ SSL_CTX_new; -+ SSL_CTX_remove_session; -+ SSL_CTX_sess_get_get_cb; -+ SSL_CTX_sess_get_new_cb; -+ SSL_CTX_sess_get_remove_cb; -+ SSL_CTX_sessions; -+ SSL_CTX_sess_set_get_cb; -+ SSL_CTX_sess_set_new_cb; -+ SSL_CTX_sess_set_remove_cb; -+ SSL_CTX_set1_param; -+ SSL_CTX_set_cert_store; -+ SSL_CTX_set_cert_verify_callback; -+ SSL_CTX_set_cert_verify_cb; -+ SSL_CTX_set_cipher_list; -+ SSL_CTX_set_client_CA_list; -+ SSL_CTX_set_client_cert_cb; -+ SSL_CTX_set_client_cert_engine; -+ SSL_CTX_set_cookie_generate_cb; -+ SSL_CTX_set_cookie_verify_cb; -+ SSL_CTX_set_default_passwd_cb; -+ SSL_CTX_set_default_passwd_cb_userdata; -+ SSL_CTX_set_default_verify_paths; -+ SSL_CTX_set_def_passwd_cb_ud; -+ SSL_CTX_set_def_verify_paths; -+ SSL_CTX_set_ex_data; -+ SSL_CTX_set_generate_session_id; -+ SSL_CTX_set_info_callback; -+ SSL_CTX_set_msg_callback; -+ SSL_CTX_set_psk_client_callback; -+ SSL_CTX_set_psk_server_callback; -+ SSL_CTX_set_purpose; -+ SSL_CTX_set_quiet_shutdown; -+ SSL_CTX_set_session_id_context; -+ SSL_CTX_set_ssl_version; -+ SSL_CTX_set_timeout; -+ SSL_CTX_set_tmp_dh_callback; -+ SSL_CTX_set_tmp_ecdh_callback; -+ SSL_CTX_set_tmp_rsa_callback; -+ SSL_CTX_set_trust; -+ SSL_CTX_set_verify; -+ SSL_CTX_set_verify_depth; -+ SSL_CTX_use_cert_chain_file; -+ SSL_CTX_use_certificate; -+ SSL_CTX_use_certificate_ASN1; -+ SSL_CTX_use_certificate_chain_file; -+ SSL_CTX_use_certificate_file; -+ SSL_CTX_use_PrivateKey; -+ SSL_CTX_use_PrivateKey_ASN1; -+ SSL_CTX_use_PrivateKey_file; -+ SSL_CTX_use_psk_identity_hint; -+ SSL_CTX_use_RSAPrivateKey; -+ SSL_CTX_use_RSAPrivateKey_ASN1; -+ SSL_CTX_use_RSAPrivateKey_file; -+ SSL_do_handshake; -+ SSL_dup; -+ SSL_dup_CA_list; -+ SSLeay_add_ssl_algorithms; -+ SSL_free; -+ SSL_get1_session; -+ SSL_get_certificate; -+ SSL_get_cipher_list; -+ SSL_get_ciphers; -+ SSL_get_client_CA_list; -+ SSL_get_current_cipher; -+ SSL_get_current_compression; -+ SSL_get_current_expansion; -+ SSL_get_default_timeout; -+ SSL_get_error; -+ SSL_get_ex_data; -+ SSL_get_ex_data_X509_STORE_CTX_idx; -+ SSL_get_ex_d_X509_STORE_CTX_idx; -+ SSL_get_ex_new_index; -+ SSL_get_fd; -+ SSL_get_finished; -+ SSL_get_info_callback; -+ SSL_get_peer_cert_chain; -+ SSL_get_peer_certificate; -+ SSL_get_peer_finished; -+ SSL_get_privatekey; -+ SSL_get_psk_identity; -+ SSL_get_psk_identity_hint; -+ SSL_get_quiet_shutdown; -+ SSL_get_rbio; -+ SSL_get_read_ahead; -+ SSL_get_rfd; -+ SSL_get_servername; -+ SSL_get_servername_type; -+ SSL_get_session; -+ SSL_get_shared_ciphers; -+ SSL_get_shutdown; -+ SSL_get_SSL_CTX; -+ SSL_get_ssl_method; -+ SSL_get_verify_callback; -+ SSL_get_verify_depth; -+ SSL_get_verify_mode; -+ SSL_get_verify_result; -+ SSL_get_version; -+ SSL_get_wbio; -+ SSL_get_wfd; -+ SSL_has_matching_session_id; -+ SSL_library_init; -+ SSL_load_client_CA_file; -+ SSL_load_error_strings; -+ SSL_new; -+ SSL_peek; -+ SSL_pending; -+ SSL_read; -+ SSL_renegotiate; -+ SSL_renegotiate_pending; -+ SSL_rstate_string; -+ SSL_rstate_string_long; -+ SSL_SESSION_cmp; -+ SSL_SESSION_free; -+ SSL_SESSION_get_ex_data; -+ SSL_SESSION_get_ex_new_index; -+ SSL_SESSION_get_id; -+ SSL_SESSION_get_time; -+ SSL_SESSION_get_timeout; -+ SSL_SESSION_hash; -+ SSL_SESSION_new; -+ SSL_SESSION_print; -+ SSL_SESSION_print_fp; -+ SSL_SESSION_set_ex_data; -+ SSL_SESSION_set_time; -+ SSL_SESSION_set_timeout; -+ SSL_set1_param; -+ SSL_set_accept_state; -+ SSL_set_bio; -+ SSL_set_cipher_list; -+ SSL_set_client_CA_list; -+ SSL_set_connect_state; -+ SSL_set_ex_data; -+ SSL_set_fd; -+ SSL_set_generate_session_id; -+ SSL_set_info_callback; -+ SSL_set_msg_callback; -+ SSL_set_psk_client_callback; -+ SSL_set_psk_server_callback; -+ SSL_set_purpose; -+ SSL_set_quiet_shutdown; -+ SSL_set_read_ahead; -+ SSL_set_rfd; -+ SSL_set_session; -+ SSL_set_session_id_context; -+ SSL_set_session_secret_cb; -+ SSL_set_session_ticket_ext; -+ SSL_set_session_ticket_ext_cb; -+ SSL_set_shutdown; -+ SSL_set_SSL_CTX; -+ SSL_set_ssl_method; -+ SSL_set_tmp_dh_callback; -+ SSL_set_tmp_ecdh_callback; -+ SSL_set_tmp_rsa_callback; -+ SSL_set_trust; -+ SSL_set_verify; -+ SSL_set_verify_depth; -+ SSL_set_verify_result; -+ SSL_set_wfd; -+ SSL_shutdown; -+ SSL_state; -+ SSL_state_string; -+ SSL_state_string_long; -+ SSL_use_certificate; -+ SSL_use_certificate_ASN1; -+ SSL_use_certificate_file; -+ SSL_use_PrivateKey; -+ SSL_use_PrivateKey_ASN1; -+ SSL_use_PrivateKey_file; -+ SSL_use_psk_identity_hint; -+ SSL_use_RSAPrivateKey; -+ SSL_use_RSAPrivateKey_ASN1; -+ SSL_use_RSAPrivateKey_file; -+ SSLv23_client_method; -+ SSLv23_method; -+ SSLv23_server_method; -+ SSLv2_client_method; -+ SSLv2_method; -+ SSLv2_server_method; -+ SSLv3_client_method; -+ SSLv3_method; -+ SSLv3_server_method; -+ SSL_version; -+ SSL_want; -+ SSL_write; -+ TLSv1_client_method; -+ TLSv1_method; -+ TLSv1_server_method; -+ -+ -+ SSLeay; -+ SSLeay_version; -+ ASN1_BIT_STRING_asn1_meth; -+ ASN1_HEADER_free; -+ ASN1_HEADER_new; -+ ASN1_IA5STRING_asn1_meth; -+ ASN1_INTEGER_get; -+ ASN1_INTEGER_set; -+ ASN1_INTEGER_to_BN; -+ ASN1_OBJECT_create; -+ ASN1_OBJECT_free; -+ ASN1_OBJECT_new; -+ ASN1_PRINTABLE_type; -+ ASN1_STRING_cmp; -+ ASN1_STRING_dup; -+ ASN1_STRING_free; -+ ASN1_STRING_new; -+ ASN1_STRING_print; -+ ASN1_STRING_set; -+ ASN1_STRING_type_new; -+ ASN1_TYPE_free; -+ ASN1_TYPE_new; -+ ASN1_UNIVERSALSTRING_to_string; -+ ASN1_UTCTIME_check; -+ ASN1_UTCTIME_print; -+ ASN1_UTCTIME_set; -+ ASN1_check_infinite_end; -+ ASN1_d2i_bio; -+ ASN1_d2i_fp; -+ ASN1_digest; -+ ASN1_dup; -+ ASN1_get_object; -+ ASN1_i2d_bio; -+ ASN1_i2d_fp; -+ ASN1_object_size; -+ ASN1_parse; -+ ASN1_put_object; -+ ASN1_sign; -+ ASN1_verify; -+ BF_cbc_encrypt; -+ BF_cfb64_encrypt; -+ BF_ecb_encrypt; -+ BF_encrypt; -+ BF_ofb64_encrypt; -+ BF_options; -+ BF_set_key; -+ BIO_CONNECT_free; -+ BIO_CONNECT_new; -+ BIO_accept; -+ BIO_ctrl; -+ BIO_int_ctrl; -+ BIO_debug_callback; -+ BIO_dump; -+ BIO_dup_chain; -+ BIO_f_base64; -+ BIO_f_buffer; -+ BIO_f_cipher; -+ BIO_f_md; -+ BIO_f_null; -+ BIO_f_proxy_server; -+ BIO_fd_non_fatal_error; -+ BIO_fd_should_retry; -+ BIO_find_type; -+ BIO_free; -+ BIO_free_all; -+ BIO_get_accept_socket; -+ BIO_get_filter_bio; -+ BIO_get_host_ip; -+ BIO_get_port; -+ BIO_get_retry_BIO; -+ BIO_get_retry_reason; -+ BIO_gethostbyname; -+ BIO_gets; -+ BIO_new; -+ BIO_new_accept; -+ BIO_new_connect; -+ BIO_new_fd; -+ BIO_new_file; -+ BIO_new_fp; -+ BIO_new_socket; -+ BIO_pop; -+ BIO_printf; -+ BIO_push; -+ BIO_puts; -+ BIO_read; -+ BIO_s_accept; -+ BIO_s_connect; -+ BIO_s_fd; -+ BIO_s_file; -+ BIO_s_mem; -+ BIO_s_null; -+ BIO_s_proxy_client; -+ BIO_s_socket; -+ BIO_set; -+ BIO_set_cipher; -+ BIO_set_tcp_ndelay; -+ BIO_sock_cleanup; -+ BIO_sock_error; -+ BIO_sock_init; -+ BIO_sock_non_fatal_error; -+ BIO_sock_should_retry; -+ BIO_socket_ioctl; -+ BIO_write; -+ BN_CTX_free; -+ BN_CTX_new; -+ BN_MONT_CTX_free; -+ BN_MONT_CTX_new; -+ BN_MONT_CTX_set; -+ BN_add; -+ BN_add_word; -+ BN_hex2bn; -+ BN_bin2bn; -+ BN_bn2hex; -+ BN_bn2bin; -+ BN_clear; -+ BN_clear_bit; -+ BN_clear_free; -+ BN_cmp; -+ BN_copy; -+ BN_div; -+ BN_div_word; -+ BN_dup; -+ BN_free; -+ BN_from_montgomery; -+ BN_gcd; -+ BN_generate_prime; -+ BN_get_word; -+ BN_is_bit_set; -+ BN_is_prime; -+ BN_lshift; -+ BN_lshift1; -+ BN_mask_bits; -+ BN_mod; -+ BN_mod_exp; -+ BN_mod_exp_mont; -+ BN_mod_exp_simple; -+ BN_mod_inverse; -+ BN_mod_mul; -+ BN_mod_mul_montgomery; -+ BN_mod_word; -+ BN_mul; -+ BN_new; -+ BN_num_bits; -+ BN_num_bits_word; -+ BN_options; -+ BN_print; -+ BN_print_fp; -+ BN_rand; -+ BN_reciprocal; -+ BN_rshift; -+ BN_rshift1; -+ BN_set_bit; -+ BN_set_word; -+ BN_sqr; -+ BN_sub; -+ BN_to_ASN1_INTEGER; -+ BN_ucmp; -+ BN_value_one; -+ BUF_MEM_free; -+ BUF_MEM_grow; -+ BUF_MEM_new; -+ BUF_strdup; -+ CONF_free; -+ CONF_get_number; -+ CONF_get_section; -+ CONF_get_string; -+ CONF_load; -+ CRYPTO_add_lock; -+ CRYPTO_dbg_free; -+ CRYPTO_dbg_malloc; -+ CRYPTO_dbg_realloc; -+ CRYPTO_dbg_remalloc; -+ CRYPTO_free; -+ CRYPTO_get_add_lock_callback; -+ CRYPTO_get_id_callback; -+ CRYPTO_get_lock_name; -+ CRYPTO_get_locking_callback; -+ CRYPTO_get_mem_functions; -+ CRYPTO_lock; -+ CRYPTO_malloc; -+ CRYPTO_mem_ctrl; -+ CRYPTO_mem_leaks; -+ CRYPTO_mem_leaks_cb; -+ CRYPTO_mem_leaks_fp; -+ CRYPTO_realloc; -+ CRYPTO_remalloc; -+ CRYPTO_set_add_lock_callback; -+ CRYPTO_set_id_callback; -+ CRYPTO_set_locking_callback; -+ CRYPTO_set_mem_functions; -+ CRYPTO_thread_id; -+ DH_check; -+ DH_compute_key; -+ DH_free; -+ DH_generate_key; -+ DH_generate_parameters; -+ DH_new; -+ DH_size; -+ DHparams_print; -+ DHparams_print_fp; -+ DSA_free; -+ DSA_generate_key; -+ DSA_generate_parameters; -+ DSA_is_prime; -+ DSA_new; -+ DSA_print; -+ DSA_print_fp; -+ DSA_sign; -+ DSA_sign_setup; -+ DSA_size; -+ DSA_verify; -+ DSAparams_print; -+ DSAparams_print_fp; -+ ERR_clear_error; -+ ERR_error_string; -+ ERR_free_strings; -+ ERR_func_error_string; -+ ERR_get_err_state_table; -+ ERR_get_error; -+ ERR_get_error_line; -+ ERR_get_state; -+ ERR_get_string_table; -+ ERR_lib_error_string; -+ ERR_load_ASN1_strings; -+ ERR_load_BIO_strings; -+ ERR_load_BN_strings; -+ ERR_load_BUF_strings; -+ ERR_load_CONF_strings; -+ ERR_load_DH_strings; -+ ERR_load_DSA_strings; -+ ERR_load_ERR_strings; -+ ERR_load_EVP_strings; -+ ERR_load_OBJ_strings; -+ ERR_load_PEM_strings; -+ ERR_load_PROXY_strings; -+ ERR_load_RSA_strings; -+ ERR_load_X509_strings; -+ ERR_load_crypto_strings; -+ ERR_load_strings; -+ ERR_peek_error; -+ ERR_peek_error_line; -+ ERR_print_errors; -+ ERR_print_errors_fp; -+ ERR_put_error; -+ ERR_reason_error_string; -+ ERR_remove_state; -+ EVP_BytesToKey; -+ EVP_CIPHER_CTX_cleanup; -+ EVP_CipherFinal; -+ EVP_CipherInit; -+ EVP_CipherUpdate; -+ EVP_DecodeBlock; -+ EVP_DecodeFinal; -+ EVP_DecodeInit; -+ EVP_DecodeUpdate; -+ EVP_DecryptFinal; -+ EVP_DecryptInit; -+ EVP_DecryptUpdate; -+ EVP_DigestFinal; -+ EVP_DigestInit; -+ EVP_DigestUpdate; -+ EVP_EncodeBlock; -+ EVP_EncodeFinal; -+ EVP_EncodeInit; -+ EVP_EncodeUpdate; -+ EVP_EncryptFinal; -+ EVP_EncryptInit; -+ EVP_EncryptUpdate; -+ EVP_OpenFinal; -+ EVP_OpenInit; -+ EVP_PKEY_assign; -+ EVP_PKEY_copy_parameters; -+ EVP_PKEY_free; -+ EVP_PKEY_missing_parameters; -+ EVP_PKEY_new; -+ EVP_PKEY_save_parameters; -+ EVP_PKEY_size; -+ EVP_PKEY_type; -+ EVP_SealFinal; -+ EVP_SealInit; -+ EVP_SignFinal; -+ EVP_VerifyFinal; -+ EVP_add_alias; -+ EVP_add_cipher; -+ EVP_add_digest; -+ EVP_bf_cbc; -+ EVP_bf_cfb64; -+ EVP_bf_ecb; -+ EVP_bf_ofb; -+ EVP_cleanup; -+ EVP_des_cbc; -+ EVP_des_cfb64; -+ EVP_des_ecb; -+ EVP_des_ede; -+ EVP_des_ede3; -+ EVP_des_ede3_cbc; -+ EVP_des_ede3_cfb64; -+ EVP_des_ede3_ofb; -+ EVP_des_ede_cbc; -+ EVP_des_ede_cfb64; -+ EVP_des_ede_ofb; -+ EVP_des_ofb; -+ EVP_desx_cbc; -+ EVP_dss; -+ EVP_dss1; -+ EVP_enc_null; -+ EVP_get_cipherbyname; -+ EVP_get_digestbyname; -+ EVP_get_pw_prompt; -+ EVP_idea_cbc; -+ EVP_idea_cfb64; -+ EVP_idea_ecb; -+ EVP_idea_ofb; -+ EVP_md2; -+ EVP_md5; -+ EVP_md_null; -+ EVP_rc2_cbc; -+ EVP_rc2_cfb64; -+ EVP_rc2_ecb; -+ EVP_rc2_ofb; -+ EVP_rc4; -+ EVP_read_pw_string; -+ EVP_set_pw_prompt; -+ EVP_sha; -+ EVP_sha1; -+ MD2; -+ MD2_Final; -+ MD2_Init; -+ MD2_Update; -+ MD2_options; -+ MD5; -+ MD5_Final; -+ MD5_Init; -+ MD5_Update; -+ MDC2; -+ MDC2_Final; -+ MDC2_Init; -+ MDC2_Update; -+ NETSCAPE_SPKAC_free; -+ NETSCAPE_SPKAC_new; -+ NETSCAPE_SPKI_free; -+ NETSCAPE_SPKI_new; -+ NETSCAPE_SPKI_sign; -+ NETSCAPE_SPKI_verify; -+ OBJ_add_object; -+ OBJ_bsearch; -+ OBJ_cleanup; -+ OBJ_cmp; -+ OBJ_create; -+ OBJ_dup; -+ OBJ_ln2nid; -+ OBJ_new_nid; -+ OBJ_nid2ln; -+ OBJ_nid2obj; -+ OBJ_nid2sn; -+ OBJ_obj2nid; -+ OBJ_sn2nid; -+ OBJ_txt2nid; -+ PEM_ASN1_read; -+ PEM_ASN1_read_bio; -+ PEM_ASN1_write; -+ PEM_ASN1_write_bio; -+ PEM_SealFinal; -+ PEM_SealInit; -+ PEM_SealUpdate; -+ PEM_SignFinal; -+ PEM_SignInit; -+ PEM_SignUpdate; -+ PEM_X509_INFO_read; -+ PEM_X509_INFO_read_bio; -+ PEM_X509_INFO_write_bio; -+ PEM_dek_info; -+ PEM_do_header; -+ PEM_get_EVP_CIPHER_INFO; -+ PEM_proc_type; -+ PEM_read; -+ PEM_read_DHparams; -+ PEM_read_DSAPrivateKey; -+ PEM_read_DSAparams; -+ PEM_read_PKCS7; -+ PEM_read_PrivateKey; -+ PEM_read_RSAPrivateKey; -+ PEM_read_X509; -+ PEM_read_X509_CRL; -+ PEM_read_X509_REQ; -+ PEM_read_bio; -+ PEM_read_bio_DHparams; -+ PEM_read_bio_DSAPrivateKey; -+ PEM_read_bio_DSAparams; -+ PEM_read_bio_PKCS7; -+ PEM_read_bio_PrivateKey; -+ PEM_read_bio_RSAPrivateKey; -+ PEM_read_bio_X509; -+ PEM_read_bio_X509_CRL; -+ PEM_read_bio_X509_REQ; -+ PEM_write; -+ PEM_write_DHparams; -+ PEM_write_DSAPrivateKey; -+ PEM_write_DSAparams; -+ PEM_write_PKCS7; -+ PEM_write_PrivateKey; -+ PEM_write_RSAPrivateKey; -+ PEM_write_X509; -+ PEM_write_X509_CRL; -+ PEM_write_X509_REQ; -+ PEM_write_bio; -+ PEM_write_bio_DHparams; -+ PEM_write_bio_DSAPrivateKey; -+ PEM_write_bio_DSAparams; -+ PEM_write_bio_PKCS7; -+ PEM_write_bio_PrivateKey; -+ PEM_write_bio_RSAPrivateKey; -+ PEM_write_bio_X509; -+ PEM_write_bio_X509_CRL; -+ PEM_write_bio_X509_REQ; -+ PKCS7_DIGEST_free; -+ PKCS7_DIGEST_new; -+ PKCS7_ENCRYPT_free; -+ PKCS7_ENCRYPT_new; -+ PKCS7_ENC_CONTENT_free; -+ PKCS7_ENC_CONTENT_new; -+ PKCS7_ENVELOPE_free; -+ PKCS7_ENVELOPE_new; -+ PKCS7_ISSUER_AND_SERIAL_digest; -+ PKCS7_ISSUER_AND_SERIAL_free; -+ PKCS7_ISSUER_AND_SERIAL_new; -+ PKCS7_RECIP_INFO_free; -+ PKCS7_RECIP_INFO_new; -+ PKCS7_SIGNED_free; -+ PKCS7_SIGNED_new; -+ PKCS7_SIGNER_INFO_free; -+ PKCS7_SIGNER_INFO_new; -+ PKCS7_SIGN_ENVELOPE_free; -+ PKCS7_SIGN_ENVELOPE_new; -+ PKCS7_dup; -+ PKCS7_free; -+ PKCS7_new; -+ PROXY_ENTRY_add_noproxy; -+ PROXY_ENTRY_clear_noproxy; -+ PROXY_ENTRY_free; -+ PROXY_ENTRY_get_noproxy; -+ PROXY_ENTRY_new; -+ PROXY_ENTRY_set_server; -+ PROXY_add_noproxy; -+ PROXY_add_server; -+ PROXY_check_by_host; -+ PROXY_check_url; -+ PROXY_clear_noproxy; -+ PROXY_free; -+ PROXY_get_noproxy; -+ PROXY_get_proxies; -+ PROXY_get_proxy_entry; -+ PROXY_load_conf; -+ PROXY_new; -+ PROXY_print; -+ RAND_bytes; -+ RAND_cleanup; -+ RAND_file_name; -+ RAND_load_file; -+ RAND_screen; -+ RAND_seed; -+ RAND_write_file; -+ RC2_cbc_encrypt; -+ RC2_cfb64_encrypt; -+ RC2_ecb_encrypt; -+ RC2_encrypt; -+ RC2_ofb64_encrypt; -+ RC2_set_key; -+ RC4; -+ RC4_options; -+ RC4_set_key; -+ RSAPrivateKey_asn1_meth; -+ RSAPrivateKey_dup; -+ RSAPublicKey_dup; -+ RSA_PKCS1_SSLeay; -+ RSA_free; -+ RSA_generate_key; -+ RSA_new; -+ RSA_new_method; -+ RSA_print; -+ RSA_print_fp; -+ RSA_private_decrypt; -+ RSA_private_encrypt; -+ RSA_public_decrypt; -+ RSA_public_encrypt; -+ RSA_set_default_method; -+ RSA_sign; -+ RSA_sign_ASN1_OCTET_STRING; -+ RSA_size; -+ RSA_verify; -+ RSA_verify_ASN1_OCTET_STRING; -+ SHA; -+ SHA1; -+ SHA1_Final; -+ SHA1_Init; -+ SHA1_Update; -+ SHA_Final; -+ SHA_Init; -+ SHA_Update; -+ OpenSSL_add_all_algorithms; -+ OpenSSL_add_all_ciphers; -+ OpenSSL_add_all_digests; -+ TXT_DB_create_index; -+ TXT_DB_free; -+ TXT_DB_get_by_index; -+ TXT_DB_insert; -+ TXT_DB_read; -+ TXT_DB_write; -+ X509_ALGOR_free; -+ X509_ALGOR_new; -+ X509_ATTRIBUTE_free; -+ X509_ATTRIBUTE_new; -+ X509_CINF_free; -+ X509_CINF_new; -+ X509_CRL_INFO_free; -+ X509_CRL_INFO_new; -+ X509_CRL_add_ext; -+ X509_CRL_cmp; -+ X509_CRL_delete_ext; -+ X509_CRL_dup; -+ X509_CRL_free; -+ X509_CRL_get_ext; -+ X509_CRL_get_ext_by_NID; -+ X509_CRL_get_ext_by_OBJ; -+ X509_CRL_get_ext_by_critical; -+ X509_CRL_get_ext_count; -+ X509_CRL_new; -+ X509_CRL_sign; -+ X509_CRL_verify; -+ X509_EXTENSION_create_by_NID; -+ X509_EXTENSION_create_by_OBJ; -+ X509_EXTENSION_dup; -+ X509_EXTENSION_free; -+ X509_EXTENSION_get_critical; -+ X509_EXTENSION_get_data; -+ X509_EXTENSION_get_object; -+ X509_EXTENSION_new; -+ X509_EXTENSION_set_critical; -+ X509_EXTENSION_set_data; -+ X509_EXTENSION_set_object; -+ X509_INFO_free; -+ X509_INFO_new; -+ X509_LOOKUP_by_alias; -+ X509_LOOKUP_by_fingerprint; -+ X509_LOOKUP_by_issuer_serial; -+ X509_LOOKUP_by_subject; -+ X509_LOOKUP_ctrl; -+ X509_LOOKUP_file; -+ X509_LOOKUP_free; -+ X509_LOOKUP_hash_dir; -+ X509_LOOKUP_init; -+ X509_LOOKUP_new; -+ X509_LOOKUP_shutdown; -+ X509_NAME_ENTRY_create_by_NID; -+ X509_NAME_ENTRY_create_by_OBJ; -+ X509_NAME_ENTRY_dup; -+ X509_NAME_ENTRY_free; -+ X509_NAME_ENTRY_get_data; -+ X509_NAME_ENTRY_get_object; -+ X509_NAME_ENTRY_new; -+ X509_NAME_ENTRY_set_data; -+ X509_NAME_ENTRY_set_object; -+ X509_NAME_add_entry; -+ X509_NAME_cmp; -+ X509_NAME_delete_entry; -+ X509_NAME_digest; -+ X509_NAME_dup; -+ X509_NAME_entry_count; -+ X509_NAME_free; -+ X509_NAME_get_entry; -+ X509_NAME_get_index_by_NID; -+ X509_NAME_get_index_by_OBJ; -+ X509_NAME_get_text_by_NID; -+ X509_NAME_get_text_by_OBJ; -+ X509_NAME_hash; -+ X509_NAME_new; -+ X509_NAME_oneline; -+ X509_NAME_print; -+ X509_NAME_set; -+ X509_OBJECT_free_contents; -+ X509_OBJECT_retrieve_by_subject; -+ X509_OBJECT_up_ref_count; -+ X509_PKEY_free; -+ X509_PKEY_new; -+ X509_PUBKEY_free; -+ X509_PUBKEY_get; -+ X509_PUBKEY_new; -+ X509_PUBKEY_set; -+ X509_REQ_INFO_free; -+ X509_REQ_INFO_new; -+ X509_REQ_dup; -+ X509_REQ_free; -+ X509_REQ_get_pubkey; -+ X509_REQ_new; -+ X509_REQ_print; -+ X509_REQ_print_fp; -+ X509_REQ_set_pubkey; -+ X509_REQ_set_subject_name; -+ X509_REQ_set_version; -+ X509_REQ_sign; -+ X509_REQ_to_X509; -+ X509_REQ_verify; -+ X509_REVOKED_add_ext; -+ X509_REVOKED_delete_ext; -+ X509_REVOKED_free; -+ X509_REVOKED_get_ext; -+ X509_REVOKED_get_ext_by_NID; -+ X509_REVOKED_get_ext_by_OBJ; -+ X509_REVOKED_get_ext_by_critical; -+ X509_REVOKED_get_ext_by_critic; -+ X509_REVOKED_get_ext_count; -+ X509_REVOKED_new; -+ X509_SIG_free; -+ X509_SIG_new; -+ X509_STORE_CTX_cleanup; -+ X509_STORE_CTX_init; -+ X509_STORE_add_cert; -+ X509_STORE_add_lookup; -+ X509_STORE_free; -+ X509_STORE_get_by_subject; -+ X509_STORE_load_locations; -+ X509_STORE_new; -+ X509_STORE_set_default_paths; -+ X509_VAL_free; -+ X509_VAL_new; -+ X509_add_ext; -+ X509_asn1_meth; -+ X509_certificate_type; -+ X509_check_private_key; -+ X509_cmp_current_time; -+ X509_delete_ext; -+ X509_digest; -+ X509_dup; -+ X509_free; -+ X509_get_default_cert_area; -+ X509_get_default_cert_dir; -+ X509_get_default_cert_dir_env; -+ X509_get_default_cert_file; -+ X509_get_default_cert_file_env; -+ X509_get_default_private_dir; -+ X509_get_ext; -+ X509_get_ext_by_NID; -+ X509_get_ext_by_OBJ; -+ X509_get_ext_by_critical; -+ X509_get_ext_count; -+ X509_get_issuer_name; -+ X509_get_pubkey; -+ X509_get_pubkey_parameters; -+ X509_get_serialNumber; -+ X509_get_subject_name; -+ X509_gmtime_adj; -+ X509_issuer_and_serial_cmp; -+ X509_issuer_and_serial_hash; -+ X509_issuer_name_cmp; -+ X509_issuer_name_hash; -+ X509_load_cert_file; -+ X509_new; -+ X509_print; -+ X509_print_fp; -+ X509_set_issuer_name; -+ X509_set_notAfter; -+ X509_set_notBefore; -+ X509_set_pubkey; -+ X509_set_serialNumber; -+ X509_set_subject_name; -+ X509_set_version; -+ X509_sign; -+ X509_subject_name_cmp; -+ X509_subject_name_hash; -+ X509_to_X509_REQ; -+ X509_verify; -+ X509_verify_cert; -+ X509_verify_cert_error_string; -+ X509v3_add_ext; -+ X509v3_add_extension; -+ X509v3_add_netscape_extensions; -+ X509v3_add_standard_extensions; -+ X509v3_cleanup_extensions; -+ X509v3_data_type_by_NID; -+ X509v3_data_type_by_OBJ; -+ X509v3_delete_ext; -+ X509v3_get_ext; -+ X509v3_get_ext_by_NID; -+ X509v3_get_ext_by_OBJ; -+ X509v3_get_ext_by_critical; -+ X509v3_get_ext_count; -+ X509v3_pack_string; -+ X509v3_pack_type_by_NID; -+ X509v3_pack_type_by_OBJ; -+ X509v3_unpack_string; -+ _des_crypt; -+ a2d_ASN1_OBJECT; -+ a2i_ASN1_INTEGER; -+ a2i_ASN1_STRING; -+ asn1_Finish; -+ asn1_GetSequence; -+ bn_div_words; -+ bn_expand2; -+ bn_mul_add_words; -+ bn_mul_words; -+ BN_uadd; -+ BN_usub; -+ bn_sqr_words; -+ _ossl_old_crypt; -+ d2i_ASN1_BIT_STRING; -+ d2i_ASN1_BOOLEAN; -+ d2i_ASN1_HEADER; -+ d2i_ASN1_IA5STRING; -+ d2i_ASN1_INTEGER; -+ d2i_ASN1_OBJECT; -+ d2i_ASN1_OCTET_STRING; -+ d2i_ASN1_PRINTABLE; -+ d2i_ASN1_PRINTABLESTRING; -+ d2i_ASN1_SET; -+ d2i_ASN1_T61STRING; -+ d2i_ASN1_TYPE; -+ d2i_ASN1_UTCTIME; -+ d2i_ASN1_bytes; -+ d2i_ASN1_type_bytes; -+ d2i_DHparams; -+ d2i_DSAPrivateKey; -+ d2i_DSAPrivateKey_bio; -+ d2i_DSAPrivateKey_fp; -+ d2i_DSAPublicKey; -+ d2i_DSAparams; -+ d2i_NETSCAPE_SPKAC; -+ d2i_NETSCAPE_SPKI; -+ d2i_Netscape_RSA; -+ d2i_PKCS7; -+ d2i_PKCS7_DIGEST; -+ d2i_PKCS7_ENCRYPT; -+ d2i_PKCS7_ENC_CONTENT; -+ d2i_PKCS7_ENVELOPE; -+ d2i_PKCS7_ISSUER_AND_SERIAL; -+ d2i_PKCS7_RECIP_INFO; -+ d2i_PKCS7_SIGNED; -+ d2i_PKCS7_SIGNER_INFO; -+ d2i_PKCS7_SIGN_ENVELOPE; -+ d2i_PKCS7_bio; -+ d2i_PKCS7_fp; -+ d2i_PrivateKey; -+ d2i_PublicKey; -+ d2i_RSAPrivateKey; -+ d2i_RSAPrivateKey_bio; -+ d2i_RSAPrivateKey_fp; -+ d2i_RSAPublicKey; -+ d2i_X509; -+ d2i_X509_ALGOR; -+ d2i_X509_ATTRIBUTE; -+ d2i_X509_CINF; -+ d2i_X509_CRL; -+ d2i_X509_CRL_INFO; -+ d2i_X509_CRL_bio; -+ d2i_X509_CRL_fp; -+ d2i_X509_EXTENSION; -+ d2i_X509_NAME; -+ d2i_X509_NAME_ENTRY; -+ d2i_X509_PKEY; -+ d2i_X509_PUBKEY; -+ d2i_X509_REQ; -+ d2i_X509_REQ_INFO; -+ d2i_X509_REQ_bio; -+ d2i_X509_REQ_fp; -+ d2i_X509_REVOKED; -+ d2i_X509_SIG; -+ d2i_X509_VAL; -+ d2i_X509_bio; -+ d2i_X509_fp; -+ DES_cbc_cksum; -+ DES_cbc_encrypt; -+ DES_cblock_print_file; -+ DES_cfb64_encrypt; -+ DES_cfb_encrypt; -+ DES_decrypt3; -+ DES_ecb3_encrypt; -+ DES_ecb_encrypt; -+ DES_ede3_cbc_encrypt; -+ DES_ede3_cfb64_encrypt; -+ DES_ede3_ofb64_encrypt; -+ DES_enc_read; -+ DES_enc_write; -+ DES_encrypt1; -+ DES_encrypt2; -+ DES_encrypt3; -+ DES_fcrypt; -+ DES_is_weak_key; -+ DES_key_sched; -+ DES_ncbc_encrypt; -+ DES_ofb64_encrypt; -+ DES_ofb_encrypt; -+ DES_options; -+ DES_pcbc_encrypt; -+ DES_quad_cksum; -+ DES_random_key; -+ _ossl_old_des_random_seed; -+ _ossl_old_des_read_2passwords; -+ _ossl_old_des_read_password; -+ _ossl_old_des_read_pw; -+ _ossl_old_des_read_pw_string; -+ DES_set_key; -+ DES_set_odd_parity; -+ DES_string_to_2keys; -+ DES_string_to_key; -+ DES_xcbc_encrypt; -+ DES_xwhite_in2out; -+ fcrypt_body; -+ i2a_ASN1_INTEGER; -+ i2a_ASN1_OBJECT; -+ i2a_ASN1_STRING; -+ i2d_ASN1_BIT_STRING; -+ i2d_ASN1_BOOLEAN; -+ i2d_ASN1_HEADER; -+ i2d_ASN1_IA5STRING; -+ i2d_ASN1_INTEGER; -+ i2d_ASN1_OBJECT; -+ i2d_ASN1_OCTET_STRING; -+ i2d_ASN1_PRINTABLE; -+ i2d_ASN1_SET; -+ i2d_ASN1_TYPE; -+ i2d_ASN1_UTCTIME; -+ i2d_ASN1_bytes; -+ i2d_DHparams; -+ i2d_DSAPrivateKey; -+ i2d_DSAPrivateKey_bio; -+ i2d_DSAPrivateKey_fp; -+ i2d_DSAPublicKey; -+ i2d_DSAparams; -+ i2d_NETSCAPE_SPKAC; -+ i2d_NETSCAPE_SPKI; -+ i2d_Netscape_RSA; -+ i2d_PKCS7; -+ i2d_PKCS7_DIGEST; -+ i2d_PKCS7_ENCRYPT; -+ i2d_PKCS7_ENC_CONTENT; -+ i2d_PKCS7_ENVELOPE; -+ i2d_PKCS7_ISSUER_AND_SERIAL; -+ i2d_PKCS7_RECIP_INFO; -+ i2d_PKCS7_SIGNED; -+ i2d_PKCS7_SIGNER_INFO; -+ i2d_PKCS7_SIGN_ENVELOPE; -+ i2d_PKCS7_bio; -+ i2d_PKCS7_fp; -+ i2d_PrivateKey; -+ i2d_PublicKey; -+ i2d_RSAPrivateKey; -+ i2d_RSAPrivateKey_bio; -+ i2d_RSAPrivateKey_fp; -+ i2d_RSAPublicKey; -+ i2d_X509; -+ i2d_X509_ALGOR; -+ i2d_X509_ATTRIBUTE; -+ i2d_X509_CINF; -+ i2d_X509_CRL; -+ i2d_X509_CRL_INFO; -+ i2d_X509_CRL_bio; -+ i2d_X509_CRL_fp; -+ i2d_X509_EXTENSION; -+ i2d_X509_NAME; -+ i2d_X509_NAME_ENTRY; -+ i2d_X509_PKEY; -+ i2d_X509_PUBKEY; -+ i2d_X509_REQ; -+ i2d_X509_REQ_INFO; -+ i2d_X509_REQ_bio; -+ i2d_X509_REQ_fp; -+ i2d_X509_REVOKED; -+ i2d_X509_SIG; -+ i2d_X509_VAL; -+ i2d_X509_bio; -+ i2d_X509_fp; -+ idea_cbc_encrypt; -+ idea_cfb64_encrypt; -+ idea_ecb_encrypt; -+ idea_encrypt; -+ idea_ofb64_encrypt; -+ idea_options; -+ idea_set_decrypt_key; -+ idea_set_encrypt_key; -+ lh_delete; -+ lh_doall; -+ lh_doall_arg; -+ lh_free; -+ lh_insert; -+ lh_new; -+ lh_node_stats; -+ lh_node_stats_bio; -+ lh_node_usage_stats; -+ lh_node_usage_stats_bio; -+ lh_retrieve; -+ lh_stats; -+ lh_stats_bio; -+ lh_strhash; -+ sk_delete; -+ sk_delete_ptr; -+ sk_dup; -+ sk_find; -+ sk_free; -+ sk_insert; -+ sk_new; -+ sk_pop; -+ sk_pop_free; -+ sk_push; -+ sk_set_cmp_func; -+ sk_shift; -+ sk_unshift; -+ sk_zero; -+ BIO_f_nbio_test; -+ ASN1_TYPE_get; -+ ASN1_TYPE_set; -+ PKCS7_content_free; -+ ERR_load_PKCS7_strings; -+ X509_find_by_issuer_and_serial; -+ X509_find_by_subject; -+ PKCS7_ctrl; -+ PKCS7_set_type; -+ PKCS7_set_content; -+ PKCS7_SIGNER_INFO_set; -+ PKCS7_add_signer; -+ PKCS7_add_certificate; -+ PKCS7_add_crl; -+ PKCS7_content_new; -+ PKCS7_dataSign; -+ PKCS7_dataVerify; -+ PKCS7_dataInit; -+ PKCS7_add_signature; -+ PKCS7_cert_from_signer_info; -+ PKCS7_get_signer_info; -+ EVP_delete_alias; -+ EVP_mdc2; -+ PEM_read_bio_RSAPublicKey; -+ PEM_write_bio_RSAPublicKey; -+ d2i_RSAPublicKey_bio; -+ i2d_RSAPublicKey_bio; -+ PEM_read_RSAPublicKey; -+ PEM_write_RSAPublicKey; -+ d2i_RSAPublicKey_fp; -+ i2d_RSAPublicKey_fp; -+ BIO_copy_next_retry; -+ RSA_flags; -+ X509_STORE_add_crl; -+ X509_load_crl_file; -+ EVP_rc2_40_cbc; -+ EVP_rc4_40; -+ EVP_CIPHER_CTX_init; -+ HMAC; -+ HMAC_Init; -+ HMAC_Update; -+ HMAC_Final; -+ ERR_get_next_error_library; -+ EVP_PKEY_cmp_parameters; -+ HMAC_cleanup; -+ BIO_ptr_ctrl; -+ BIO_new_file_internal; -+ BIO_new_fp_internal; -+ BIO_s_file_internal; -+ BN_BLINDING_convert; -+ BN_BLINDING_invert; -+ BN_BLINDING_update; -+ RSA_blinding_on; -+ RSA_blinding_off; -+ i2t_ASN1_OBJECT; -+ BN_BLINDING_new; -+ BN_BLINDING_free; -+ EVP_cast5_cbc; -+ EVP_cast5_cfb64; -+ EVP_cast5_ecb; -+ EVP_cast5_ofb; -+ BF_decrypt; -+ CAST_set_key; -+ CAST_encrypt; -+ CAST_decrypt; -+ CAST_ecb_encrypt; -+ CAST_cbc_encrypt; -+ CAST_cfb64_encrypt; -+ CAST_ofb64_encrypt; -+ RC2_decrypt; -+ OBJ_create_objects; -+ BN_exp; -+ BN_mul_word; -+ BN_sub_word; -+ BN_dec2bn; -+ BN_bn2dec; -+ BIO_ghbn_ctrl; -+ CRYPTO_free_ex_data; -+ CRYPTO_get_ex_data; -+ CRYPTO_set_ex_data; -+ ERR_load_CRYPTO_strings; -+ ERR_load_CRYPTOlib_strings; -+ EVP_PKEY_bits; -+ MD5_Transform; -+ SHA1_Transform; -+ SHA_Transform; -+ X509_STORE_CTX_get_chain; -+ X509_STORE_CTX_get_current_cert; -+ X509_STORE_CTX_get_error; -+ X509_STORE_CTX_get_error_depth; -+ X509_STORE_CTX_get_ex_data; -+ X509_STORE_CTX_set_cert; -+ X509_STORE_CTX_set_chain; -+ X509_STORE_CTX_set_error; -+ X509_STORE_CTX_set_ex_data; -+ CRYPTO_dup_ex_data; -+ CRYPTO_get_new_lockid; -+ CRYPTO_new_ex_data; -+ RSA_set_ex_data; -+ RSA_get_ex_data; -+ RSA_get_ex_new_index; -+ RSA_padding_add_PKCS1_type_1; -+ RSA_padding_add_PKCS1_type_2; -+ RSA_padding_add_SSLv23; -+ RSA_padding_add_none; -+ RSA_padding_check_PKCS1_type_1; -+ RSA_padding_check_PKCS1_type_2; -+ RSA_padding_check_SSLv23; -+ RSA_padding_check_none; -+ bn_add_words; -+ d2i_Netscape_RSA_2; -+ CRYPTO_get_ex_new_index; -+ RIPEMD160_Init; -+ RIPEMD160_Update; -+ RIPEMD160_Final; -+ RIPEMD160; -+ RIPEMD160_Transform; -+ RC5_32_set_key; -+ RC5_32_ecb_encrypt; -+ RC5_32_encrypt; -+ RC5_32_decrypt; -+ RC5_32_cbc_encrypt; -+ RC5_32_cfb64_encrypt; -+ RC5_32_ofb64_encrypt; -+ BN_bn2mpi; -+ BN_mpi2bn; -+ ASN1_BIT_STRING_get_bit; -+ ASN1_BIT_STRING_set_bit; -+ BIO_get_ex_data; -+ BIO_get_ex_new_index; -+ BIO_set_ex_data; -+ X509v3_get_key_usage; -+ X509v3_set_key_usage; -+ a2i_X509v3_key_usage; -+ i2a_X509v3_key_usage; -+ EVP_PKEY_decrypt; -+ EVP_PKEY_encrypt; -+ PKCS7_RECIP_INFO_set; -+ PKCS7_add_recipient; -+ PKCS7_add_recipient_info; -+ PKCS7_set_cipher; -+ ASN1_TYPE_get_int_octetstring; -+ ASN1_TYPE_get_octetstring; -+ ASN1_TYPE_set_int_octetstring; -+ ASN1_TYPE_set_octetstring; -+ ASN1_UTCTIME_set_string; -+ ERR_add_error_data; -+ ERR_set_error_data; -+ EVP_CIPHER_asn1_to_param; -+ EVP_CIPHER_param_to_asn1; -+ EVP_CIPHER_get_asn1_iv; -+ EVP_CIPHER_set_asn1_iv; -+ EVP_rc5_32_12_16_cbc; -+ EVP_rc5_32_12_16_cfb64; -+ EVP_rc5_32_12_16_ecb; -+ EVP_rc5_32_12_16_ofb; -+ asn1_add_error; -+ d2i_ASN1_BMPSTRING; -+ i2d_ASN1_BMPSTRING; -+ BIO_f_ber; -+ BN_init; -+ COMP_CTX_new; -+ COMP_CTX_free; -+ COMP_CTX_compress_block; -+ COMP_CTX_expand_block; -+ X509_STORE_CTX_get_ex_new_index; -+ OBJ_NAME_add; -+ BIO_socket_nbio; -+ EVP_rc2_64_cbc; -+ OBJ_NAME_cleanup; -+ OBJ_NAME_get; -+ OBJ_NAME_init; -+ OBJ_NAME_new_index; -+ OBJ_NAME_remove; -+ BN_MONT_CTX_copy; -+ BIO_new_socks4a_connect; -+ BIO_s_socks4a_connect; -+ PROXY_set_connect_mode; -+ RAND_SSLeay; -+ RAND_set_rand_method; -+ RSA_memory_lock; -+ bn_sub_words; -+ bn_mul_normal; -+ bn_mul_comba8; -+ bn_mul_comba4; -+ bn_sqr_normal; -+ bn_sqr_comba8; -+ bn_sqr_comba4; -+ bn_cmp_words; -+ bn_mul_recursive; -+ bn_mul_part_recursive; -+ bn_sqr_recursive; -+ bn_mul_low_normal; -+ BN_RECP_CTX_init; -+ BN_RECP_CTX_new; -+ BN_RECP_CTX_free; -+ BN_RECP_CTX_set; -+ BN_mod_mul_reciprocal; -+ BN_mod_exp_recp; -+ BN_div_recp; -+ BN_CTX_init; -+ BN_MONT_CTX_init; -+ RAND_get_rand_method; -+ PKCS7_add_attribute; -+ PKCS7_add_signed_attribute; -+ PKCS7_digest_from_attributes; -+ PKCS7_get_attribute; -+ PKCS7_get_issuer_and_serial; -+ PKCS7_get_signed_attribute; -+ COMP_compress_block; -+ COMP_expand_block; -+ COMP_rle; -+ COMP_zlib; -+ ms_time_diff; -+ ms_time_new; -+ ms_time_free; -+ ms_time_cmp; -+ ms_time_get; -+ PKCS7_set_attributes; -+ PKCS7_set_signed_attributes; -+ X509_ATTRIBUTE_create; -+ X509_ATTRIBUTE_dup; -+ ASN1_GENERALIZEDTIME_check; -+ ASN1_GENERALIZEDTIME_print; -+ ASN1_GENERALIZEDTIME_set; -+ ASN1_GENERALIZEDTIME_set_string; -+ ASN1_TIME_print; -+ BASIC_CONSTRAINTS_free; -+ BASIC_CONSTRAINTS_new; -+ ERR_load_X509V3_strings; -+ NETSCAPE_CERT_SEQUENCE_free; -+ NETSCAPE_CERT_SEQUENCE_new; -+ OBJ_txt2obj; -+ PEM_read_NETSCAPE_CERT_SEQUENCE; -+ PEM_read_NS_CERT_SEQ; -+ PEM_read_bio_NETSCAPE_CERT_SEQUENCE; -+ PEM_read_bio_NS_CERT_SEQ; -+ PEM_write_NETSCAPE_CERT_SEQUENCE; -+ PEM_write_NS_CERT_SEQ; -+ PEM_write_bio_NETSCAPE_CERT_SEQUENCE; -+ PEM_write_bio_NS_CERT_SEQ; -+ X509V3_EXT_add; -+ X509V3_EXT_add_alias; -+ X509V3_EXT_add_conf; -+ X509V3_EXT_cleanup; -+ X509V3_EXT_conf; -+ X509V3_EXT_conf_nid; -+ X509V3_EXT_get; -+ X509V3_EXT_get_nid; -+ X509V3_EXT_print; -+ X509V3_EXT_print_fp; -+ X509V3_add_standard_extensions; -+ X509V3_add_value; -+ X509V3_add_value_bool; -+ X509V3_add_value_int; -+ X509V3_conf_free; -+ X509V3_get_value_bool; -+ X509V3_get_value_int; -+ X509V3_parse_list; -+ d2i_ASN1_GENERALIZEDTIME; -+ d2i_ASN1_TIME; -+ d2i_BASIC_CONSTRAINTS; -+ d2i_NETSCAPE_CERT_SEQUENCE; -+ d2i_ext_ku; -+ ext_ku_free; -+ ext_ku_new; -+ i2d_ASN1_GENERALIZEDTIME; -+ i2d_ASN1_TIME; -+ i2d_BASIC_CONSTRAINTS; -+ i2d_NETSCAPE_CERT_SEQUENCE; -+ i2d_ext_ku; -+ EVP_MD_CTX_copy; -+ i2d_ASN1_ENUMERATED; -+ d2i_ASN1_ENUMERATED; -+ ASN1_ENUMERATED_set; -+ ASN1_ENUMERATED_get; -+ BN_to_ASN1_ENUMERATED; -+ ASN1_ENUMERATED_to_BN; -+ i2a_ASN1_ENUMERATED; -+ a2i_ASN1_ENUMERATED; -+ i2d_GENERAL_NAME; -+ d2i_GENERAL_NAME; -+ GENERAL_NAME_new; -+ GENERAL_NAME_free; -+ GENERAL_NAMES_new; -+ GENERAL_NAMES_free; -+ d2i_GENERAL_NAMES; -+ i2d_GENERAL_NAMES; -+ i2v_GENERAL_NAMES; -+ i2s_ASN1_OCTET_STRING; -+ s2i_ASN1_OCTET_STRING; -+ X509V3_EXT_check_conf; -+ hex_to_string; -+ string_to_hex; -+ DES_ede3_cbcm_encrypt; -+ RSA_padding_add_PKCS1_OAEP; -+ RSA_padding_check_PKCS1_OAEP; -+ X509_CRL_print_fp; -+ X509_CRL_print; -+ i2v_GENERAL_NAME; -+ v2i_GENERAL_NAME; -+ i2d_PKEY_USAGE_PERIOD; -+ d2i_PKEY_USAGE_PERIOD; -+ PKEY_USAGE_PERIOD_new; -+ PKEY_USAGE_PERIOD_free; -+ v2i_GENERAL_NAMES; -+ i2s_ASN1_INTEGER; -+ X509V3_EXT_d2i; -+ name_cmp; -+ str_dup; -+ i2s_ASN1_ENUMERATED; -+ i2s_ASN1_ENUMERATED_TABLE; -+ BIO_s_log; -+ BIO_f_reliable; -+ PKCS7_dataFinal; -+ PKCS7_dataDecode; -+ X509V3_EXT_CRL_add_conf; -+ BN_set_params; -+ BN_get_params; -+ BIO_get_ex_num; -+ BIO_set_ex_free_func; -+ EVP_ripemd160; -+ ASN1_TIME_set; -+ i2d_AUTHORITY_KEYID; -+ d2i_AUTHORITY_KEYID; -+ AUTHORITY_KEYID_new; -+ AUTHORITY_KEYID_free; -+ ASN1_seq_unpack; -+ ASN1_seq_pack; -+ ASN1_unpack_string; -+ ASN1_pack_string; -+ PKCS12_pack_safebag; -+ PKCS12_MAKE_KEYBAG; -+ PKCS8_encrypt; -+ PKCS12_MAKE_SHKEYBAG; -+ PKCS12_pack_p7data; -+ PKCS12_pack_p7encdata; -+ PKCS12_add_localkeyid; -+ PKCS12_add_friendlyname_asc; -+ PKCS12_add_friendlyname_uni; -+ PKCS12_get_friendlyname; -+ PKCS12_pbe_crypt; -+ PKCS12_decrypt_d2i; -+ PKCS12_i2d_encrypt; -+ PKCS12_init; -+ PKCS12_key_gen_asc; -+ PKCS12_key_gen_uni; -+ PKCS12_gen_mac; -+ PKCS12_verify_mac; -+ PKCS12_set_mac; -+ PKCS12_setup_mac; -+ OPENSSL_asc2uni; -+ OPENSSL_uni2asc; -+ i2d_PKCS12_BAGS; -+ PKCS12_BAGS_new; -+ d2i_PKCS12_BAGS; -+ PKCS12_BAGS_free; -+ i2d_PKCS12; -+ d2i_PKCS12; -+ PKCS12_new; -+ PKCS12_free; -+ i2d_PKCS12_MAC_DATA; -+ PKCS12_MAC_DATA_new; -+ d2i_PKCS12_MAC_DATA; -+ PKCS12_MAC_DATA_free; -+ i2d_PKCS12_SAFEBAG; -+ PKCS12_SAFEBAG_new; -+ d2i_PKCS12_SAFEBAG; -+ PKCS12_SAFEBAG_free; -+ ERR_load_PKCS12_strings; -+ PKCS12_PBE_add; -+ PKCS8_add_keyusage; -+ PKCS12_get_attr_gen; -+ PKCS12_parse; -+ PKCS12_create; -+ i2d_PKCS12_bio; -+ i2d_PKCS12_fp; -+ d2i_PKCS12_bio; -+ d2i_PKCS12_fp; -+ i2d_PBEPARAM; -+ PBEPARAM_new; -+ d2i_PBEPARAM; -+ PBEPARAM_free; -+ i2d_PKCS8_PRIV_KEY_INFO; -+ PKCS8_PRIV_KEY_INFO_new; -+ d2i_PKCS8_PRIV_KEY_INFO; -+ PKCS8_PRIV_KEY_INFO_free; -+ EVP_PKCS82PKEY; -+ EVP_PKEY2PKCS8; -+ PKCS8_set_broken; -+ EVP_PBE_ALGOR_CipherInit; -+ EVP_PBE_alg_add; -+ PKCS5_pbe_set; -+ EVP_PBE_cleanup; -+ i2d_SXNET; -+ d2i_SXNET; -+ SXNET_new; -+ SXNET_free; -+ i2d_SXNETID; -+ d2i_SXNETID; -+ SXNETID_new; -+ SXNETID_free; -+ DSA_SIG_new; -+ DSA_SIG_free; -+ DSA_do_sign; -+ DSA_do_verify; -+ d2i_DSA_SIG; -+ i2d_DSA_SIG; -+ i2d_ASN1_VISIBLESTRING; -+ d2i_ASN1_VISIBLESTRING; -+ i2d_ASN1_UTF8STRING; -+ d2i_ASN1_UTF8STRING; -+ i2d_DIRECTORYSTRING; -+ d2i_DIRECTORYSTRING; -+ i2d_DISPLAYTEXT; -+ d2i_DISPLAYTEXT; -+ d2i_ASN1_SET_OF_X509; -+ i2d_ASN1_SET_OF_X509; -+ i2d_PBKDF2PARAM; -+ PBKDF2PARAM_new; -+ d2i_PBKDF2PARAM; -+ PBKDF2PARAM_free; -+ i2d_PBE2PARAM; -+ PBE2PARAM_new; -+ d2i_PBE2PARAM; -+ PBE2PARAM_free; -+ d2i_ASN1_SET_OF_GENERAL_NAME; -+ i2d_ASN1_SET_OF_GENERAL_NAME; -+ d2i_ASN1_SET_OF_SXNETID; -+ i2d_ASN1_SET_OF_SXNETID; -+ d2i_ASN1_SET_OF_POLICYQUALINFO; -+ i2d_ASN1_SET_OF_POLICYQUALINFO; -+ d2i_ASN1_SET_OF_POLICYINFO; -+ i2d_ASN1_SET_OF_POLICYINFO; -+ SXNET_add_id_asc; -+ SXNET_add_id_ulong; -+ SXNET_add_id_INTEGER; -+ SXNET_get_id_asc; -+ SXNET_get_id_ulong; -+ SXNET_get_id_INTEGER; -+ X509V3_set_conf_lhash; -+ i2d_CERTIFICATEPOLICIES; -+ CERTIFICATEPOLICIES_new; -+ CERTIFICATEPOLICIES_free; -+ d2i_CERTIFICATEPOLICIES; -+ i2d_POLICYINFO; -+ POLICYINFO_new; -+ d2i_POLICYINFO; -+ POLICYINFO_free; -+ i2d_POLICYQUALINFO; -+ POLICYQUALINFO_new; -+ d2i_POLICYQUALINFO; -+ POLICYQUALINFO_free; -+ i2d_USERNOTICE; -+ USERNOTICE_new; -+ d2i_USERNOTICE; -+ USERNOTICE_free; -+ i2d_NOTICEREF; -+ NOTICEREF_new; -+ d2i_NOTICEREF; -+ NOTICEREF_free; -+ X509V3_get_string; -+ X509V3_get_section; -+ X509V3_string_free; -+ X509V3_section_free; -+ X509V3_set_ctx; -+ s2i_ASN1_INTEGER; -+ CRYPTO_set_locked_mem_functions; -+ CRYPTO_get_locked_mem_functions; -+ CRYPTO_malloc_locked; -+ CRYPTO_free_locked; -+ BN_mod_exp2_mont; -+ ERR_get_error_line_data; -+ ERR_peek_error_line_data; -+ PKCS12_PBE_keyivgen; -+ X509_ALGOR_dup; -+ d2i_ASN1_SET_OF_DIST_POINT; -+ i2d_ASN1_SET_OF_DIST_POINT; -+ i2d_CRL_DIST_POINTS; -+ CRL_DIST_POINTS_new; -+ CRL_DIST_POINTS_free; -+ d2i_CRL_DIST_POINTS; -+ i2d_DIST_POINT; -+ DIST_POINT_new; -+ d2i_DIST_POINT; -+ DIST_POINT_free; -+ i2d_DIST_POINT_NAME; -+ DIST_POINT_NAME_new; -+ DIST_POINT_NAME_free; -+ d2i_DIST_POINT_NAME; -+ X509V3_add_value_uchar; -+ d2i_ASN1_SET_OF_X509_ATTRIBUTE; -+ i2d_ASN1_SET_OF_ASN1_TYPE; -+ d2i_ASN1_SET_OF_X509_EXTENSION; -+ d2i_ASN1_SET_OF_X509_NAME_ENTRY; -+ d2i_ASN1_SET_OF_ASN1_TYPE; -+ i2d_ASN1_SET_OF_X509_ATTRIBUTE; -+ i2d_ASN1_SET_OF_X509_EXTENSION; -+ i2d_ASN1_SET_OF_X509_NAME_ENTRY; -+ X509V3_EXT_i2d; -+ X509V3_EXT_val_prn; -+ X509V3_EXT_add_list; -+ EVP_CIPHER_type; -+ EVP_PBE_CipherInit; -+ X509V3_add_value_bool_nf; -+ d2i_ASN1_UINTEGER; -+ sk_value; -+ sk_num; -+ sk_set; -+ i2d_ASN1_SET_OF_X509_REVOKED; -+ sk_sort; -+ d2i_ASN1_SET_OF_X509_REVOKED; -+ i2d_ASN1_SET_OF_X509_ALGOR; -+ i2d_ASN1_SET_OF_X509_CRL; -+ d2i_ASN1_SET_OF_X509_ALGOR; -+ d2i_ASN1_SET_OF_X509_CRL; -+ i2d_ASN1_SET_OF_PKCS7_SIGNER_INFO; -+ i2d_ASN1_SET_OF_PKCS7_RECIP_INFO; -+ d2i_ASN1_SET_OF_PKCS7_SIGNER_INFO; -+ d2i_ASN1_SET_OF_PKCS7_RECIP_INFO; -+ PKCS5_PBE_add; -+ PEM_write_bio_PKCS8; -+ i2d_PKCS8_fp; -+ PEM_read_bio_PKCS8_PRIV_KEY_INFO; -+ PEM_read_bio_P8_PRIV_KEY_INFO; -+ d2i_PKCS8_bio; -+ d2i_PKCS8_PRIV_KEY_INFO_fp; -+ PEM_write_bio_PKCS8_PRIV_KEY_INFO; -+ PEM_write_bio_P8_PRIV_KEY_INFO; -+ PEM_read_PKCS8; -+ d2i_PKCS8_PRIV_KEY_INFO_bio; -+ d2i_PKCS8_fp; -+ PEM_write_PKCS8; -+ PEM_read_PKCS8_PRIV_KEY_INFO; -+ PEM_read_P8_PRIV_KEY_INFO; -+ PEM_read_bio_PKCS8; -+ PEM_write_PKCS8_PRIV_KEY_INFO; -+ PEM_write_P8_PRIV_KEY_INFO; -+ PKCS5_PBE_keyivgen; -+ i2d_PKCS8_bio; -+ i2d_PKCS8_PRIV_KEY_INFO_fp; -+ i2d_PKCS8_PRIV_KEY_INFO_bio; -+ BIO_s_bio; -+ PKCS5_pbe2_set; -+ PKCS5_PBKDF2_HMAC_SHA1; -+ PKCS5_v2_PBE_keyivgen; -+ PEM_write_bio_PKCS8PrivateKey; -+ PEM_write_PKCS8PrivateKey; -+ BIO_ctrl_get_read_request; -+ BIO_ctrl_pending; -+ BIO_ctrl_wpending; -+ BIO_new_bio_pair; -+ BIO_ctrl_get_write_guarantee; -+ CRYPTO_num_locks; -+ CONF_load_bio; -+ CONF_load_fp; -+ i2d_ASN1_SET_OF_ASN1_OBJECT; -+ d2i_ASN1_SET_OF_ASN1_OBJECT; -+ PKCS7_signatureVerify; -+ RSA_set_method; -+ RSA_get_method; -+ RSA_get_default_method; -+ RSA_check_key; -+ OBJ_obj2txt; -+ DSA_dup_DH; -+ X509_REQ_get_extensions; -+ X509_REQ_set_extension_nids; -+ BIO_nwrite; -+ X509_REQ_extension_nid; -+ BIO_nread; -+ X509_REQ_get_extension_nids; -+ BIO_nwrite0; -+ X509_REQ_add_extensions_nid; -+ BIO_nread0; -+ X509_REQ_add_extensions; -+ BIO_new_mem_buf; -+ DH_set_ex_data; -+ DH_set_method; -+ DSA_OpenSSL; -+ DH_get_ex_data; -+ DH_get_ex_new_index; -+ DSA_new_method; -+ DH_new_method; -+ DH_OpenSSL; -+ DSA_get_ex_new_index; -+ DH_get_default_method; -+ DSA_set_ex_data; -+ DH_set_default_method; -+ DSA_get_ex_data; -+ X509V3_EXT_REQ_add_conf; -+ NETSCAPE_SPKI_print; -+ NETSCAPE_SPKI_set_pubkey; -+ NETSCAPE_SPKI_b64_encode; -+ NETSCAPE_SPKI_get_pubkey; -+ NETSCAPE_SPKI_b64_decode; -+ UTF8_putc; -+ UTF8_getc; -+ RSA_null_method; -+ ASN1_tag2str; -+ BIO_ctrl_reset_read_request; -+ DISPLAYTEXT_new; -+ ASN1_GENERALIZEDTIME_free; -+ X509_REVOKED_get_ext_d2i; -+ X509_set_ex_data; -+ X509_reject_set_bit_asc; -+ X509_NAME_add_entry_by_txt; -+ X509_NAME_add_entry_by_NID; -+ X509_PURPOSE_get0; -+ PEM_read_X509_AUX; -+ d2i_AUTHORITY_INFO_ACCESS; -+ PEM_write_PUBKEY; -+ ACCESS_DESCRIPTION_new; -+ X509_CERT_AUX_free; -+ d2i_ACCESS_DESCRIPTION; -+ X509_trust_clear; -+ X509_TRUST_add; -+ ASN1_VISIBLESTRING_new; -+ X509_alias_set1; -+ ASN1_PRINTABLESTRING_free; -+ EVP_PKEY_get1_DSA; -+ ASN1_BMPSTRING_new; -+ ASN1_mbstring_copy; -+ ASN1_UTF8STRING_new; -+ DSA_get_default_method; -+ i2d_ASN1_SET_OF_ACCESS_DESCRIPTION; -+ ASN1_T61STRING_free; -+ DSA_set_method; -+ X509_get_ex_data; -+ ASN1_STRING_type; -+ X509_PURPOSE_get_by_sname; -+ ASN1_TIME_free; -+ ASN1_OCTET_STRING_cmp; -+ ASN1_BIT_STRING_new; -+ X509_get_ext_d2i; -+ PEM_read_bio_X509_AUX; -+ ASN1_STRING_set_default_mask_asc; -+ ASN1_STRING_set_def_mask_asc; -+ PEM_write_bio_RSA_PUBKEY; -+ ASN1_INTEGER_cmp; -+ d2i_RSA_PUBKEY_fp; -+ X509_trust_set_bit_asc; -+ PEM_write_bio_DSA_PUBKEY; -+ X509_STORE_CTX_free; -+ EVP_PKEY_set1_DSA; -+ i2d_DSA_PUBKEY_fp; -+ X509_load_cert_crl_file; -+ ASN1_TIME_new; -+ i2d_RSA_PUBKEY; -+ X509_STORE_CTX_purpose_inherit; -+ PEM_read_RSA_PUBKEY; -+ d2i_X509_AUX; -+ i2d_DSA_PUBKEY; -+ X509_CERT_AUX_print; -+ PEM_read_DSA_PUBKEY; -+ i2d_RSA_PUBKEY_bio; -+ ASN1_BIT_STRING_num_asc; -+ i2d_PUBKEY; -+ ASN1_UTCTIME_free; -+ DSA_set_default_method; -+ X509_PURPOSE_get_by_id; -+ ACCESS_DESCRIPTION_free; -+ PEM_read_bio_PUBKEY; -+ ASN1_STRING_set_by_NID; -+ X509_PURPOSE_get_id; -+ DISPLAYTEXT_free; -+ OTHERNAME_new; -+ X509_CERT_AUX_new; -+ X509_TRUST_cleanup; -+ X509_NAME_add_entry_by_OBJ; -+ X509_CRL_get_ext_d2i; -+ X509_PURPOSE_get0_name; -+ PEM_read_PUBKEY; -+ i2d_DSA_PUBKEY_bio; -+ i2d_OTHERNAME; -+ ASN1_OCTET_STRING_free; -+ ASN1_BIT_STRING_set_asc; -+ X509_get_ex_new_index; -+ ASN1_STRING_TABLE_cleanup; -+ X509_TRUST_get_by_id; -+ X509_PURPOSE_get_trust; -+ ASN1_STRING_length; -+ d2i_ASN1_SET_OF_ACCESS_DESCRIPTION; -+ ASN1_PRINTABLESTRING_new; -+ X509V3_get_d2i; -+ ASN1_ENUMERATED_free; -+ i2d_X509_CERT_AUX; -+ X509_STORE_CTX_set_trust; -+ ASN1_STRING_set_default_mask; -+ X509_STORE_CTX_new; -+ EVP_PKEY_get1_RSA; -+ DIRECTORYSTRING_free; -+ PEM_write_X509_AUX; -+ ASN1_OCTET_STRING_set; -+ d2i_DSA_PUBKEY_fp; -+ d2i_RSA_PUBKEY; -+ X509_TRUST_get0_name; -+ X509_TRUST_get0; -+ AUTHORITY_INFO_ACCESS_free; -+ ASN1_IA5STRING_new; -+ d2i_DSA_PUBKEY; -+ X509_check_purpose; -+ ASN1_ENUMERATED_new; -+ d2i_RSA_PUBKEY_bio; -+ d2i_PUBKEY; -+ X509_TRUST_get_trust; -+ X509_TRUST_get_flags; -+ ASN1_BMPSTRING_free; -+ ASN1_T61STRING_new; -+ ASN1_UTCTIME_new; -+ i2d_AUTHORITY_INFO_ACCESS; -+ EVP_PKEY_set1_RSA; -+ X509_STORE_CTX_set_purpose; -+ ASN1_IA5STRING_free; -+ PEM_write_bio_X509_AUX; -+ X509_PURPOSE_get_count; -+ CRYPTO_add_info; -+ X509_NAME_ENTRY_create_by_txt; -+ ASN1_STRING_get_default_mask; -+ X509_alias_get0; -+ ASN1_STRING_data; -+ i2d_ACCESS_DESCRIPTION; -+ X509_trust_set_bit; -+ ASN1_BIT_STRING_free; -+ PEM_read_bio_RSA_PUBKEY; -+ X509_add1_reject_object; -+ X509_check_trust; -+ PEM_read_bio_DSA_PUBKEY; -+ X509_PURPOSE_add; -+ ASN1_STRING_TABLE_get; -+ ASN1_UTF8STRING_free; -+ d2i_DSA_PUBKEY_bio; -+ PEM_write_RSA_PUBKEY; -+ d2i_OTHERNAME; -+ X509_reject_set_bit; -+ PEM_write_DSA_PUBKEY; -+ X509_PURPOSE_get0_sname; -+ EVP_PKEY_set1_DH; -+ ASN1_OCTET_STRING_dup; -+ ASN1_BIT_STRING_set; -+ X509_TRUST_get_count; -+ ASN1_INTEGER_free; -+ OTHERNAME_free; -+ i2d_RSA_PUBKEY_fp; -+ ASN1_INTEGER_dup; -+ d2i_X509_CERT_AUX; -+ PEM_write_bio_PUBKEY; -+ ASN1_VISIBLESTRING_free; -+ X509_PURPOSE_cleanup; -+ ASN1_mbstring_ncopy; -+ ASN1_GENERALIZEDTIME_new; -+ EVP_PKEY_get1_DH; -+ ASN1_OCTET_STRING_new; -+ ASN1_INTEGER_new; -+ i2d_X509_AUX; -+ ASN1_BIT_STRING_name_print; -+ X509_cmp; -+ ASN1_STRING_length_set; -+ DIRECTORYSTRING_new; -+ X509_add1_trust_object; -+ PKCS12_newpass; -+ SMIME_write_PKCS7; -+ SMIME_read_PKCS7; -+ DES_set_key_checked; -+ PKCS7_verify; -+ PKCS7_encrypt; -+ DES_set_key_unchecked; -+ SMIME_crlf_copy; -+ i2d_ASN1_PRINTABLESTRING; -+ PKCS7_get0_signers; -+ PKCS7_decrypt; -+ SMIME_text; -+ PKCS7_simple_smimecap; -+ PKCS7_get_smimecap; -+ PKCS7_sign; -+ PKCS7_add_attrib_smimecap; -+ CRYPTO_dbg_set_options; -+ CRYPTO_remove_all_info; -+ CRYPTO_get_mem_debug_functions; -+ CRYPTO_is_mem_check_on; -+ CRYPTO_set_mem_debug_functions; -+ CRYPTO_pop_info; -+ CRYPTO_push_info_; -+ CRYPTO_set_mem_debug_options; -+ PEM_write_PKCS8PrivateKey_nid; -+ PEM_write_bio_PKCS8PrivateKey_nid; -+ PEM_write_bio_PKCS8PrivKey_nid; -+ d2i_PKCS8PrivateKey_bio; -+ ASN1_NULL_free; -+ d2i_ASN1_NULL; -+ ASN1_NULL_new; -+ i2d_PKCS8PrivateKey_bio; -+ i2d_PKCS8PrivateKey_fp; -+ i2d_ASN1_NULL; -+ i2d_PKCS8PrivateKey_nid_fp; -+ d2i_PKCS8PrivateKey_fp; -+ i2d_PKCS8PrivateKey_nid_bio; -+ i2d_PKCS8PrivateKeyInfo_fp; -+ i2d_PKCS8PrivateKeyInfo_bio; -+ PEM_cb; -+ i2d_PrivateKey_fp; -+ d2i_PrivateKey_bio; -+ d2i_PrivateKey_fp; -+ i2d_PrivateKey_bio; -+ X509_reject_clear; -+ X509_TRUST_set_default; -+ d2i_AutoPrivateKey; -+ X509_ATTRIBUTE_get0_type; -+ X509_ATTRIBUTE_set1_data; -+ X509at_get_attr; -+ X509at_get_attr_count; -+ X509_ATTRIBUTE_create_by_NID; -+ X509_ATTRIBUTE_set1_object; -+ X509_ATTRIBUTE_count; -+ X509_ATTRIBUTE_create_by_OBJ; -+ X509_ATTRIBUTE_get0_object; -+ X509at_get_attr_by_NID; -+ X509at_add1_attr; -+ X509_ATTRIBUTE_get0_data; -+ X509at_delete_attr; -+ X509at_get_attr_by_OBJ; -+ RAND_add; -+ BIO_number_written; -+ BIO_number_read; -+ X509_STORE_CTX_get1_chain; -+ ERR_load_RAND_strings; -+ RAND_pseudo_bytes; -+ X509_REQ_get_attr_by_NID; -+ X509_REQ_get_attr; -+ X509_REQ_add1_attr_by_NID; -+ X509_REQ_get_attr_by_OBJ; -+ X509at_add1_attr_by_NID; -+ X509_REQ_add1_attr_by_OBJ; -+ X509_REQ_get_attr_count; -+ X509_REQ_add1_attr; -+ X509_REQ_delete_attr; -+ X509at_add1_attr_by_OBJ; -+ X509_REQ_add1_attr_by_txt; -+ X509_ATTRIBUTE_create_by_txt; -+ X509at_add1_attr_by_txt; -+ BN_pseudo_rand; -+ BN_is_prime_fasttest; -+ BN_CTX_end; -+ BN_CTX_start; -+ BN_CTX_get; -+ EVP_PKEY2PKCS8_broken; -+ ASN1_STRING_TABLE_add; -+ CRYPTO_dbg_get_options; -+ AUTHORITY_INFO_ACCESS_new; -+ CRYPTO_get_mem_debug_options; -+ DES_crypt; -+ PEM_write_bio_X509_REQ_NEW; -+ PEM_write_X509_REQ_NEW; -+ BIO_callback_ctrl; -+ RAND_egd; -+ RAND_status; -+ bn_dump1; -+ DES_check_key_parity; -+ lh_num_items; -+ RAND_event; -+ DSO_new; -+ DSO_new_method; -+ DSO_free; -+ DSO_flags; -+ DSO_up; -+ DSO_set_default_method; -+ DSO_get_default_method; -+ DSO_get_method; -+ DSO_set_method; -+ DSO_load; -+ DSO_bind_var; -+ DSO_METHOD_null; -+ DSO_METHOD_openssl; -+ DSO_METHOD_dlfcn; -+ DSO_METHOD_win32; -+ ERR_load_DSO_strings; -+ DSO_METHOD_dl; -+ NCONF_load; -+ NCONF_load_fp; -+ NCONF_new; -+ NCONF_get_string; -+ NCONF_free; -+ NCONF_get_number; -+ CONF_dump_fp; -+ NCONF_load_bio; -+ NCONF_dump_fp; -+ NCONF_get_section; -+ NCONF_dump_bio; -+ CONF_dump_bio; -+ NCONF_free_data; -+ CONF_set_default_method; -+ ERR_error_string_n; -+ BIO_snprintf; -+ DSO_ctrl; -+ i2d_ASN1_SET_OF_ASN1_INTEGER; -+ i2d_ASN1_SET_OF_PKCS12_SAFEBAG; -+ i2d_ASN1_SET_OF_PKCS7; -+ BIO_vfree; -+ d2i_ASN1_SET_OF_ASN1_INTEGER; -+ d2i_ASN1_SET_OF_PKCS12_SAFEBAG; -+ ASN1_UTCTIME_get; -+ X509_REQ_digest; -+ X509_CRL_digest; -+ d2i_ASN1_SET_OF_PKCS7; -+ EVP_CIPHER_CTX_set_key_length; -+ EVP_CIPHER_CTX_ctrl; -+ BN_mod_exp_mont_word; -+ RAND_egd_bytes; -+ X509_REQ_get1_email; -+ X509_get1_email; -+ X509_email_free; -+ i2d_RSA_NET; -+ d2i_RSA_NET_2; -+ d2i_RSA_NET; -+ DSO_bind_func; -+ CRYPTO_get_new_dynlockid; -+ sk_new_null; -+ CRYPTO_set_dynlock_destroy_callback; -+ CRYPTO_set_dynlock_destroy_cb; -+ CRYPTO_destroy_dynlockid; -+ CRYPTO_set_dynlock_size; -+ CRYPTO_set_dynlock_create_callback; -+ CRYPTO_set_dynlock_create_cb; -+ CRYPTO_set_dynlock_lock_callback; -+ CRYPTO_set_dynlock_lock_cb; -+ CRYPTO_get_dynlock_lock_callback; -+ CRYPTO_get_dynlock_lock_cb; -+ CRYPTO_get_dynlock_destroy_callback; -+ CRYPTO_get_dynlock_destroy_cb; -+ CRYPTO_get_dynlock_value; -+ CRYPTO_get_dynlock_create_callback; -+ CRYPTO_get_dynlock_create_cb; -+ c2i_ASN1_BIT_STRING; -+ i2c_ASN1_BIT_STRING; -+ RAND_poll; -+ c2i_ASN1_INTEGER; -+ i2c_ASN1_INTEGER; -+ BIO_dump_indent; -+ ASN1_parse_dump; -+ c2i_ASN1_OBJECT; -+ X509_NAME_print_ex_fp; -+ ASN1_STRING_print_ex_fp; -+ X509_NAME_print_ex; -+ ASN1_STRING_print_ex; -+ MD4; -+ MD4_Transform; -+ MD4_Final; -+ MD4_Update; -+ MD4_Init; -+ EVP_md4; -+ i2d_PUBKEY_bio; -+ i2d_PUBKEY_fp; -+ d2i_PUBKEY_bio; -+ ASN1_STRING_to_UTF8; -+ BIO_vprintf; -+ BIO_vsnprintf; -+ d2i_PUBKEY_fp; -+ X509_cmp_time; -+ X509_STORE_CTX_set_time; -+ X509_STORE_CTX_get1_issuer; -+ X509_OBJECT_retrieve_match; -+ X509_OBJECT_idx_by_subject; -+ X509_STORE_CTX_set_flags; -+ X509_STORE_CTX_trusted_stack; -+ X509_time_adj; -+ X509_check_issued; -+ ASN1_UTCTIME_cmp_time_t; -+ DES_set_weak_key_flag; -+ DES_check_key; -+ DES_rw_mode; -+ RSA_PKCS1_RSAref; -+ X509_keyid_set1; -+ BIO_next; -+ DSO_METHOD_vms; -+ BIO_f_linebuffer; -+ BN_bntest_rand; -+ OPENSSL_issetugid; -+ BN_rand_range; -+ ERR_load_ENGINE_strings; -+ ENGINE_set_DSA; -+ ENGINE_get_finish_function; -+ ENGINE_get_default_RSA; -+ ENGINE_get_BN_mod_exp; -+ DSA_get_default_openssl_method; -+ ENGINE_set_DH; -+ ENGINE_set_def_BN_mod_exp_crt; -+ ENGINE_set_default_BN_mod_exp_crt; -+ ENGINE_init; -+ DH_get_default_openssl_method; -+ RSA_set_default_openssl_method; -+ ENGINE_finish; -+ ENGINE_load_public_key; -+ ENGINE_get_DH; -+ ENGINE_ctrl; -+ ENGINE_get_init_function; -+ ENGINE_set_init_function; -+ ENGINE_set_default_DSA; -+ ENGINE_get_name; -+ ENGINE_get_last; -+ ENGINE_get_prev; -+ ENGINE_get_default_DH; -+ ENGINE_get_RSA; -+ ENGINE_set_default; -+ ENGINE_get_RAND; -+ ENGINE_get_first; -+ ENGINE_by_id; -+ ENGINE_set_finish_function; -+ ENGINE_get_def_BN_mod_exp_crt; -+ ENGINE_get_default_BN_mod_exp_crt; -+ RSA_get_default_openssl_method; -+ ENGINE_set_RSA; -+ ENGINE_load_private_key; -+ ENGINE_set_default_RAND; -+ ENGINE_set_BN_mod_exp; -+ ENGINE_remove; -+ ENGINE_free; -+ ENGINE_get_BN_mod_exp_crt; -+ ENGINE_get_next; -+ ENGINE_set_name; -+ ENGINE_get_default_DSA; -+ ENGINE_set_default_BN_mod_exp; -+ ENGINE_set_default_RSA; -+ ENGINE_get_default_RAND; -+ ENGINE_get_default_BN_mod_exp; -+ ENGINE_set_RAND; -+ ENGINE_set_id; -+ ENGINE_set_BN_mod_exp_crt; -+ ENGINE_set_default_DH; -+ ENGINE_new; -+ ENGINE_get_id; -+ DSA_set_default_openssl_method; -+ ENGINE_add; -+ DH_set_default_openssl_method; -+ ENGINE_get_DSA; -+ ENGINE_get_ctrl_function; -+ ENGINE_set_ctrl_function; -+ BN_pseudo_rand_range; -+ X509_STORE_CTX_set_verify_cb; -+ ERR_load_COMP_strings; -+ PKCS12_item_decrypt_d2i; -+ ASN1_UTF8STRING_it; -+ ASN1_UTF8STRING_it; -+ ENGINE_unregister_ciphers; -+ ENGINE_get_ciphers; -+ d2i_OCSP_BASICRESP; -+ KRB5_CHECKSUM_it; -+ KRB5_CHECKSUM_it; -+ EC_POINT_add; -+ ASN1_item_ex_i2d; -+ OCSP_CERTID_it; -+ OCSP_CERTID_it; -+ d2i_OCSP_RESPBYTES; -+ X509V3_add1_i2d; -+ PKCS7_ENVELOPE_it; -+ PKCS7_ENVELOPE_it; -+ UI_add_input_boolean; -+ ENGINE_unregister_RSA; -+ X509V3_EXT_nconf; -+ ASN1_GENERALSTRING_free; -+ d2i_OCSP_CERTSTATUS; -+ X509_REVOKED_set_serialNumber; -+ X509_print_ex; -+ OCSP_ONEREQ_get1_ext_d2i; -+ ENGINE_register_all_RAND; -+ ENGINE_load_dynamic; -+ PBKDF2PARAM_it; -+ PBKDF2PARAM_it; -+ EXTENDED_KEY_USAGE_new; -+ EC_GROUP_clear_free; -+ OCSP_sendreq_bio; -+ ASN1_item_digest; -+ OCSP_BASICRESP_delete_ext; -+ OCSP_SIGNATURE_it; -+ OCSP_SIGNATURE_it; -+ X509_CRL_it; -+ X509_CRL_it; -+ OCSP_BASICRESP_add_ext; -+ KRB5_ENCKEY_it; -+ KRB5_ENCKEY_it; -+ UI_method_set_closer; -+ X509_STORE_set_purpose; -+ i2d_ASN1_GENERALSTRING; -+ OCSP_response_status; -+ i2d_OCSP_SERVICELOC; -+ ENGINE_get_digest_engine; -+ EC_GROUP_set_curve_GFp; -+ OCSP_REQUEST_get_ext_by_OBJ; -+ _ossl_old_des_random_key; -+ ASN1_T61STRING_it; -+ ASN1_T61STRING_it; -+ EC_GROUP_method_of; -+ i2d_KRB5_APREQ; -+ _ossl_old_des_encrypt; -+ ASN1_PRINTABLE_new; -+ HMAC_Init_ex; -+ d2i_KRB5_AUTHENT; -+ OCSP_archive_cutoff_new; -+ EC_POINT_set_Jprojective_coordinates_GFp; -+ EC_POINT_set_Jproj_coords_GFp; -+ _ossl_old_des_is_weak_key; -+ OCSP_BASICRESP_get_ext_by_OBJ; -+ EC_POINT_oct2point; -+ OCSP_SINGLERESP_get_ext_count; -+ UI_ctrl; -+ _shadow_DES_rw_mode; -+ _shadow_DES_rw_mode; -+ asn1_do_adb; -+ ASN1_template_i2d; -+ ENGINE_register_DH; -+ UI_construct_prompt; -+ X509_STORE_set_trust; -+ UI_dup_input_string; -+ d2i_KRB5_APREQ; -+ EVP_MD_CTX_copy_ex; -+ OCSP_request_is_signed; -+ i2d_OCSP_REQINFO; -+ KRB5_ENCKEY_free; -+ OCSP_resp_get0; -+ GENERAL_NAME_it; -+ GENERAL_NAME_it; -+ ASN1_GENERALIZEDTIME_it; -+ ASN1_GENERALIZEDTIME_it; -+ X509_STORE_set_flags; -+ EC_POINT_set_compressed_coordinates_GFp; -+ EC_POINT_set_compr_coords_GFp; -+ OCSP_response_status_str; -+ d2i_OCSP_REVOKEDINFO; -+ OCSP_basic_add1_cert; -+ ERR_get_implementation; -+ EVP_CipherFinal_ex; -+ OCSP_CERTSTATUS_new; -+ CRYPTO_cleanup_all_ex_data; -+ OCSP_resp_find; -+ BN_nnmod; -+ X509_CRL_sort; -+ X509_REVOKED_set_revocationDate; -+ ENGINE_register_RAND; -+ OCSP_SERVICELOC_new; -+ EC_POINT_set_affine_coordinates_GFp; -+ EC_POINT_set_affine_coords_GFp; -+ _ossl_old_des_options; -+ SXNET_it; -+ SXNET_it; -+ UI_dup_input_boolean; -+ PKCS12_add_CSPName_asc; -+ EC_POINT_is_at_infinity; -+ ENGINE_load_cryptodev; -+ DSO_convert_filename; -+ POLICYQUALINFO_it; -+ POLICYQUALINFO_it; -+ ENGINE_register_ciphers; -+ BN_mod_lshift_quick; -+ DSO_set_filename; -+ ASN1_item_free; -+ KRB5_TKTBODY_free; -+ AUTHORITY_KEYID_it; -+ AUTHORITY_KEYID_it; -+ KRB5_APREQBODY_new; -+ X509V3_EXT_REQ_add_nconf; -+ ENGINE_ctrl_cmd_string; -+ i2d_OCSP_RESPDATA; -+ EVP_MD_CTX_init; -+ EXTENDED_KEY_USAGE_free; -+ PKCS7_ATTR_SIGN_it; -+ PKCS7_ATTR_SIGN_it; -+ UI_add_error_string; -+ KRB5_CHECKSUM_free; -+ OCSP_REQUEST_get_ext; -+ ENGINE_load_ubsec; -+ ENGINE_register_all_digests; -+ PKEY_USAGE_PERIOD_it; -+ PKEY_USAGE_PERIOD_it; -+ PKCS12_unpack_authsafes; -+ ASN1_item_unpack; -+ NETSCAPE_SPKAC_it; -+ NETSCAPE_SPKAC_it; -+ X509_REVOKED_it; -+ X509_REVOKED_it; -+ ASN1_STRING_encode; -+ EVP_aes_128_ecb; -+ KRB5_AUTHENT_free; -+ OCSP_BASICRESP_get_ext_by_critical; -+ OCSP_BASICRESP_get_ext_by_crit; -+ OCSP_cert_status_str; -+ d2i_OCSP_REQUEST; -+ UI_dup_info_string; -+ _ossl_old_des_xwhite_in2out; -+ PKCS12_it; -+ PKCS12_it; -+ OCSP_SINGLERESP_get_ext_by_critical; -+ OCSP_SINGLERESP_get_ext_by_crit; -+ OCSP_CERTSTATUS_free; -+ _ossl_old_des_crypt; -+ ASN1_item_i2d; -+ EVP_DecryptFinal_ex; -+ ENGINE_load_openssl; -+ ENGINE_get_cmd_defns; -+ ENGINE_set_load_privkey_function; -+ ENGINE_set_load_privkey_fn; -+ EVP_EncryptFinal_ex; -+ ENGINE_set_default_digests; -+ X509_get0_pubkey_bitstr; -+ asn1_ex_i2c; -+ ENGINE_register_RSA; -+ ENGINE_unregister_DSA; -+ _ossl_old_des_key_sched; -+ X509_EXTENSION_it; -+ X509_EXTENSION_it; -+ i2d_KRB5_AUTHENT; -+ SXNETID_it; -+ SXNETID_it; -+ d2i_OCSP_SINGLERESP; -+ EDIPARTYNAME_new; -+ PKCS12_certbag2x509; -+ _ossl_old_des_ofb64_encrypt; -+ d2i_EXTENDED_KEY_USAGE; -+ ERR_print_errors_cb; -+ ENGINE_set_ciphers; -+ d2i_KRB5_APREQBODY; -+ UI_method_get_flusher; -+ X509_PUBKEY_it; -+ X509_PUBKEY_it; -+ _ossl_old_des_enc_read; -+ PKCS7_ENCRYPT_it; -+ PKCS7_ENCRYPT_it; -+ i2d_OCSP_RESPONSE; -+ EC_GROUP_get_cofactor; -+ PKCS12_unpack_p7data; -+ d2i_KRB5_AUTHDATA; -+ OCSP_copy_nonce; -+ KRB5_AUTHDATA_new; -+ OCSP_RESPDATA_new; -+ EC_GFp_mont_method; -+ OCSP_REVOKEDINFO_free; -+ UI_get_ex_data; -+ KRB5_APREQBODY_free; -+ EC_GROUP_get0_generator; -+ UI_get_default_method; -+ X509V3_set_nconf; -+ PKCS12_item_i2d_encrypt; -+ X509_add1_ext_i2d; -+ PKCS7_SIGNER_INFO_it; -+ PKCS7_SIGNER_INFO_it; -+ KRB5_PRINCNAME_new; -+ PKCS12_SAFEBAG_it; -+ PKCS12_SAFEBAG_it; -+ EC_GROUP_get_order; -+ d2i_OCSP_RESPID; -+ OCSP_request_verify; -+ NCONF_get_number_e; -+ _ossl_old_des_decrypt3; -+ X509_signature_print; -+ OCSP_SINGLERESP_free; -+ ENGINE_load_builtin_engines; -+ i2d_OCSP_ONEREQ; -+ OCSP_REQUEST_add_ext; -+ OCSP_RESPBYTES_new; -+ EVP_MD_CTX_create; -+ OCSP_resp_find_status; -+ X509_ALGOR_it; -+ X509_ALGOR_it; -+ ASN1_TIME_it; -+ ASN1_TIME_it; -+ OCSP_request_set1_name; -+ OCSP_ONEREQ_get_ext_count; -+ UI_get0_result; -+ PKCS12_AUTHSAFES_it; -+ PKCS12_AUTHSAFES_it; -+ EVP_aes_256_ecb; -+ PKCS12_pack_authsafes; -+ ASN1_IA5STRING_it; -+ ASN1_IA5STRING_it; -+ UI_get_input_flags; -+ EC_GROUP_set_generator; -+ _ossl_old_des_string_to_2keys; -+ OCSP_CERTID_free; -+ X509_CERT_AUX_it; -+ X509_CERT_AUX_it; -+ CERTIFICATEPOLICIES_it; -+ CERTIFICATEPOLICIES_it; -+ _ossl_old_des_ede3_cbc_encrypt; -+ RAND_set_rand_engine; -+ DSO_get_loaded_filename; -+ X509_ATTRIBUTE_it; -+ X509_ATTRIBUTE_it; -+ OCSP_ONEREQ_get_ext_by_NID; -+ PKCS12_decrypt_skey; -+ KRB5_AUTHENT_it; -+ KRB5_AUTHENT_it; -+ UI_dup_error_string; -+ RSAPublicKey_it; -+ RSAPublicKey_it; -+ i2d_OCSP_REQUEST; -+ PKCS12_x509crl2certbag; -+ OCSP_SERVICELOC_it; -+ OCSP_SERVICELOC_it; -+ ASN1_item_sign; -+ X509_CRL_set_issuer_name; -+ OBJ_NAME_do_all_sorted; -+ i2d_OCSP_BASICRESP; -+ i2d_OCSP_RESPBYTES; -+ PKCS12_unpack_p7encdata; -+ HMAC_CTX_init; -+ ENGINE_get_digest; -+ OCSP_RESPONSE_print; -+ KRB5_TKTBODY_it; -+ KRB5_TKTBODY_it; -+ ACCESS_DESCRIPTION_it; -+ ACCESS_DESCRIPTION_it; -+ PKCS7_ISSUER_AND_SERIAL_it; -+ PKCS7_ISSUER_AND_SERIAL_it; -+ PBE2PARAM_it; -+ PBE2PARAM_it; -+ PKCS12_certbag2x509crl; -+ PKCS7_SIGNED_it; -+ PKCS7_SIGNED_it; -+ ENGINE_get_cipher; -+ i2d_OCSP_CRLID; -+ OCSP_SINGLERESP_new; -+ ENGINE_cmd_is_executable; -+ RSA_up_ref; -+ ASN1_GENERALSTRING_it; -+ ASN1_GENERALSTRING_it; -+ ENGINE_register_DSA; -+ X509V3_EXT_add_nconf_sk; -+ ENGINE_set_load_pubkey_function; -+ PKCS8_decrypt; -+ PEM_bytes_read_bio; -+ DIRECTORYSTRING_it; -+ DIRECTORYSTRING_it; -+ d2i_OCSP_CRLID; -+ EC_POINT_is_on_curve; -+ CRYPTO_set_locked_mem_ex_functions; -+ CRYPTO_set_locked_mem_ex_funcs; -+ d2i_KRB5_CHECKSUM; -+ ASN1_item_dup; -+ X509_it; -+ X509_it; -+ BN_mod_add; -+ KRB5_AUTHDATA_free; -+ _ossl_old_des_cbc_cksum; -+ ASN1_item_verify; -+ CRYPTO_set_mem_ex_functions; -+ EC_POINT_get_Jprojective_coordinates_GFp; -+ EC_POINT_get_Jproj_coords_GFp; -+ ZLONG_it; -+ ZLONG_it; -+ CRYPTO_get_locked_mem_ex_functions; -+ CRYPTO_get_locked_mem_ex_funcs; -+ ASN1_TIME_check; -+ UI_get0_user_data; -+ HMAC_CTX_cleanup; -+ DSA_up_ref; -+ _ossl_old_des_ede3_cfb64_encrypt; -+ _ossl_odes_ede3_cfb64_encrypt; -+ ASN1_BMPSTRING_it; -+ ASN1_BMPSTRING_it; -+ ASN1_tag2bit; -+ UI_method_set_flusher; -+ X509_ocspid_print; -+ KRB5_ENCDATA_it; -+ KRB5_ENCDATA_it; -+ ENGINE_get_load_pubkey_function; -+ UI_add_user_data; -+ OCSP_REQUEST_delete_ext; -+ UI_get_method; -+ OCSP_ONEREQ_free; -+ ASN1_PRINTABLESTRING_it; -+ ASN1_PRINTABLESTRING_it; -+ X509_CRL_set_nextUpdate; -+ OCSP_REQUEST_it; -+ OCSP_REQUEST_it; -+ OCSP_BASICRESP_it; -+ OCSP_BASICRESP_it; -+ AES_ecb_encrypt; -+ BN_mod_sqr; -+ NETSCAPE_CERT_SEQUENCE_it; -+ NETSCAPE_CERT_SEQUENCE_it; -+ GENERAL_NAMES_it; -+ GENERAL_NAMES_it; -+ AUTHORITY_INFO_ACCESS_it; -+ AUTHORITY_INFO_ACCESS_it; -+ ASN1_FBOOLEAN_it; -+ ASN1_FBOOLEAN_it; -+ UI_set_ex_data; -+ _ossl_old_des_string_to_key; -+ ENGINE_register_all_RSA; -+ d2i_KRB5_PRINCNAME; -+ OCSP_RESPBYTES_it; -+ OCSP_RESPBYTES_it; -+ X509_CINF_it; -+ X509_CINF_it; -+ ENGINE_unregister_digests; -+ d2i_EDIPARTYNAME; -+ d2i_OCSP_SERVICELOC; -+ ENGINE_get_digests; -+ _ossl_old_des_set_odd_parity; -+ OCSP_RESPDATA_free; -+ d2i_KRB5_TICKET; -+ OTHERNAME_it; -+ OTHERNAME_it; -+ EVP_MD_CTX_cleanup; -+ d2i_ASN1_GENERALSTRING; -+ X509_CRL_set_version; -+ BN_mod_sub; -+ OCSP_SINGLERESP_get_ext_by_NID; -+ ENGINE_get_ex_new_index; -+ OCSP_REQUEST_free; -+ OCSP_REQUEST_add1_ext_i2d; -+ X509_VAL_it; -+ X509_VAL_it; -+ EC_POINTs_make_affine; -+ EC_POINT_mul; -+ X509V3_EXT_add_nconf; -+ X509_TRUST_set; -+ X509_CRL_add1_ext_i2d; -+ _ossl_old_des_fcrypt; -+ DISPLAYTEXT_it; -+ DISPLAYTEXT_it; -+ X509_CRL_set_lastUpdate; -+ OCSP_BASICRESP_free; -+ OCSP_BASICRESP_add1_ext_i2d; -+ d2i_KRB5_AUTHENTBODY; -+ CRYPTO_set_ex_data_implementation; -+ CRYPTO_set_ex_data_impl; -+ KRB5_ENCDATA_new; -+ DSO_up_ref; -+ OCSP_crl_reason_str; -+ UI_get0_result_string; -+ ASN1_GENERALSTRING_new; -+ X509_SIG_it; -+ X509_SIG_it; -+ ERR_set_implementation; -+ ERR_load_EC_strings; -+ UI_get0_action_string; -+ OCSP_ONEREQ_get_ext; -+ EC_POINT_method_of; -+ i2d_KRB5_APREQBODY; -+ _ossl_old_des_ecb3_encrypt; -+ CRYPTO_get_mem_ex_functions; -+ ENGINE_get_ex_data; -+ UI_destroy_method; -+ ASN1_item_i2d_bio; -+ OCSP_ONEREQ_get_ext_by_OBJ; -+ ASN1_primitive_new; -+ ASN1_PRINTABLE_it; -+ ASN1_PRINTABLE_it; -+ EVP_aes_192_ecb; -+ OCSP_SIGNATURE_new; -+ LONG_it; -+ LONG_it; -+ ASN1_VISIBLESTRING_it; -+ ASN1_VISIBLESTRING_it; -+ OCSP_SINGLERESP_add1_ext_i2d; -+ d2i_OCSP_CERTID; -+ ASN1_item_d2i_fp; -+ CRL_DIST_POINTS_it; -+ CRL_DIST_POINTS_it; -+ GENERAL_NAME_print; -+ OCSP_SINGLERESP_delete_ext; -+ PKCS12_SAFEBAGS_it; -+ PKCS12_SAFEBAGS_it; -+ d2i_OCSP_SIGNATURE; -+ OCSP_request_add1_nonce; -+ ENGINE_set_cmd_defns; -+ OCSP_SERVICELOC_free; -+ EC_GROUP_free; -+ ASN1_BIT_STRING_it; -+ ASN1_BIT_STRING_it; -+ X509_REQ_it; -+ X509_REQ_it; -+ _ossl_old_des_cbc_encrypt; -+ ERR_unload_strings; -+ PKCS7_SIGN_ENVELOPE_it; -+ PKCS7_SIGN_ENVELOPE_it; -+ EDIPARTYNAME_free; -+ OCSP_REQINFO_free; -+ EC_GROUP_new_curve_GFp; -+ OCSP_REQUEST_get1_ext_d2i; -+ PKCS12_item_pack_safebag; -+ asn1_ex_c2i; -+ ENGINE_register_digests; -+ i2d_OCSP_REVOKEDINFO; -+ asn1_enc_restore; -+ UI_free; -+ UI_new_method; -+ EVP_EncryptInit_ex; -+ X509_pubkey_digest; -+ EC_POINT_invert; -+ OCSP_basic_sign; -+ i2d_OCSP_RESPID; -+ OCSP_check_nonce; -+ ENGINE_ctrl_cmd; -+ d2i_KRB5_ENCKEY; -+ OCSP_parse_url; -+ OCSP_SINGLERESP_get_ext; -+ OCSP_CRLID_free; -+ OCSP_BASICRESP_get1_ext_d2i; -+ RSAPrivateKey_it; -+ RSAPrivateKey_it; -+ ENGINE_register_all_DH; -+ i2d_EDIPARTYNAME; -+ EC_POINT_get_affine_coordinates_GFp; -+ EC_POINT_get_affine_coords_GFp; -+ OCSP_CRLID_new; -+ ENGINE_get_flags; -+ OCSP_ONEREQ_it; -+ OCSP_ONEREQ_it; -+ UI_process; -+ ASN1_INTEGER_it; -+ ASN1_INTEGER_it; -+ EVP_CipherInit_ex; -+ UI_get_string_type; -+ ENGINE_unregister_DH; -+ ENGINE_register_all_DSA; -+ OCSP_ONEREQ_get_ext_by_critical; -+ bn_dup_expand; -+ OCSP_cert_id_new; -+ BASIC_CONSTRAINTS_it; -+ BASIC_CONSTRAINTS_it; -+ BN_mod_add_quick; -+ EC_POINT_new; -+ EVP_MD_CTX_destroy; -+ OCSP_RESPBYTES_free; -+ EVP_aes_128_cbc; -+ OCSP_SINGLERESP_get1_ext_d2i; -+ EC_POINT_free; -+ DH_up_ref; -+ X509_NAME_ENTRY_it; -+ X509_NAME_ENTRY_it; -+ UI_get_ex_new_index; -+ BN_mod_sub_quick; -+ OCSP_ONEREQ_add_ext; -+ OCSP_request_sign; -+ EVP_DigestFinal_ex; -+ ENGINE_set_digests; -+ OCSP_id_issuer_cmp; -+ OBJ_NAME_do_all; -+ EC_POINTs_mul; -+ ENGINE_register_complete; -+ X509V3_EXT_nconf_nid; -+ ASN1_SEQUENCE_it; -+ ASN1_SEQUENCE_it; -+ UI_set_default_method; -+ RAND_query_egd_bytes; -+ UI_method_get_writer; -+ UI_OpenSSL; -+ PEM_def_callback; -+ ENGINE_cleanup; -+ DIST_POINT_it; -+ DIST_POINT_it; -+ OCSP_SINGLERESP_it; -+ OCSP_SINGLERESP_it; -+ d2i_KRB5_TKTBODY; -+ EC_POINT_cmp; -+ OCSP_REVOKEDINFO_new; -+ i2d_OCSP_CERTSTATUS; -+ OCSP_basic_add1_nonce; -+ ASN1_item_ex_d2i; -+ BN_mod_lshift1_quick; -+ UI_set_method; -+ OCSP_id_get0_info; -+ BN_mod_sqrt; -+ EC_GROUP_copy; -+ KRB5_ENCDATA_free; -+ _ossl_old_des_cfb_encrypt; -+ OCSP_SINGLERESP_get_ext_by_OBJ; -+ OCSP_cert_to_id; -+ OCSP_RESPID_new; -+ OCSP_RESPDATA_it; -+ OCSP_RESPDATA_it; -+ d2i_OCSP_RESPDATA; -+ ENGINE_register_all_complete; -+ OCSP_check_validity; -+ PKCS12_BAGS_it; -+ PKCS12_BAGS_it; -+ OCSP_url_svcloc_new; -+ ASN1_template_free; -+ OCSP_SINGLERESP_add_ext; -+ KRB5_AUTHENTBODY_it; -+ KRB5_AUTHENTBODY_it; -+ X509_supported_extension; -+ i2d_KRB5_AUTHDATA; -+ UI_method_get_opener; -+ ENGINE_set_ex_data; -+ OCSP_REQUEST_print; -+ CBIGNUM_it; -+ CBIGNUM_it; -+ KRB5_TICKET_new; -+ KRB5_APREQ_new; -+ EC_GROUP_get_curve_GFp; -+ KRB5_ENCKEY_new; -+ ASN1_template_d2i; -+ _ossl_old_des_quad_cksum; -+ OCSP_single_get0_status; -+ BN_swap; -+ POLICYINFO_it; -+ POLICYINFO_it; -+ ENGINE_set_destroy_function; -+ asn1_enc_free; -+ OCSP_RESPID_it; -+ OCSP_RESPID_it; -+ EC_GROUP_new; -+ EVP_aes_256_cbc; -+ i2d_KRB5_PRINCNAME; -+ _ossl_old_des_encrypt2; -+ _ossl_old_des_encrypt3; -+ PKCS8_PRIV_KEY_INFO_it; -+ PKCS8_PRIV_KEY_INFO_it; -+ OCSP_REQINFO_it; -+ OCSP_REQINFO_it; -+ PBEPARAM_it; -+ PBEPARAM_it; -+ KRB5_AUTHENTBODY_new; -+ X509_CRL_add0_revoked; -+ EDIPARTYNAME_it; -+ EDIPARTYNAME_it; -+ NETSCAPE_SPKI_it; -+ NETSCAPE_SPKI_it; -+ UI_get0_test_string; -+ ENGINE_get_cipher_engine; -+ ENGINE_register_all_ciphers; -+ EC_POINT_copy; -+ BN_kronecker; -+ _ossl_old_des_ede3_ofb64_encrypt; -+ _ossl_odes_ede3_ofb64_encrypt; -+ UI_method_get_reader; -+ OCSP_BASICRESP_get_ext_count; -+ ASN1_ENUMERATED_it; -+ ASN1_ENUMERATED_it; -+ UI_set_result; -+ i2d_KRB5_TICKET; -+ X509_print_ex_fp; -+ EVP_CIPHER_CTX_set_padding; -+ d2i_OCSP_RESPONSE; -+ ASN1_UTCTIME_it; -+ ASN1_UTCTIME_it; -+ _ossl_old_des_enc_write; -+ OCSP_RESPONSE_new; -+ AES_set_encrypt_key; -+ OCSP_resp_count; -+ KRB5_CHECKSUM_new; -+ ENGINE_load_cswift; -+ OCSP_onereq_get0_id; -+ ENGINE_set_default_ciphers; -+ NOTICEREF_it; -+ NOTICEREF_it; -+ X509V3_EXT_CRL_add_nconf; -+ OCSP_REVOKEDINFO_it; -+ OCSP_REVOKEDINFO_it; -+ AES_encrypt; -+ OCSP_REQUEST_new; -+ ASN1_ANY_it; -+ ASN1_ANY_it; -+ CRYPTO_ex_data_new_class; -+ _ossl_old_des_ncbc_encrypt; -+ i2d_KRB5_TKTBODY; -+ EC_POINT_clear_free; -+ AES_decrypt; -+ asn1_enc_init; -+ UI_get_result_maxsize; -+ OCSP_CERTID_new; -+ ENGINE_unregister_RAND; -+ UI_method_get_closer; -+ d2i_KRB5_ENCDATA; -+ OCSP_request_onereq_count; -+ OCSP_basic_verify; -+ KRB5_AUTHENTBODY_free; -+ ASN1_item_d2i; -+ ASN1_primitive_free; -+ i2d_EXTENDED_KEY_USAGE; -+ i2d_OCSP_SIGNATURE; -+ asn1_enc_save; -+ ENGINE_load_nuron; -+ _ossl_old_des_pcbc_encrypt; -+ PKCS12_MAC_DATA_it; -+ PKCS12_MAC_DATA_it; -+ OCSP_accept_responses_new; -+ asn1_do_lock; -+ PKCS7_ATTR_VERIFY_it; -+ PKCS7_ATTR_VERIFY_it; -+ KRB5_APREQBODY_it; -+ KRB5_APREQBODY_it; -+ i2d_OCSP_SINGLERESP; -+ ASN1_item_ex_new; -+ UI_add_verify_string; -+ _ossl_old_des_set_key; -+ KRB5_PRINCNAME_it; -+ KRB5_PRINCNAME_it; -+ EVP_DecryptInit_ex; -+ i2d_OCSP_CERTID; -+ ASN1_item_d2i_bio; -+ EC_POINT_dbl; -+ asn1_get_choice_selector; -+ i2d_KRB5_CHECKSUM; -+ ENGINE_set_table_flags; -+ AES_options; -+ ENGINE_load_chil; -+ OCSP_id_cmp; -+ OCSP_BASICRESP_new; -+ OCSP_REQUEST_get_ext_by_NID; -+ KRB5_APREQ_it; -+ KRB5_APREQ_it; -+ ENGINE_get_destroy_function; -+ CONF_set_nconf; -+ ASN1_PRINTABLE_free; -+ OCSP_BASICRESP_get_ext_by_NID; -+ DIST_POINT_NAME_it; -+ DIST_POINT_NAME_it; -+ X509V3_extensions_print; -+ _ossl_old_des_cfb64_encrypt; -+ X509_REVOKED_add1_ext_i2d; -+ _ossl_old_des_ofb_encrypt; -+ KRB5_TKTBODY_new; -+ ASN1_OCTET_STRING_it; -+ ASN1_OCTET_STRING_it; -+ ERR_load_UI_strings; -+ i2d_KRB5_ENCKEY; -+ ASN1_template_new; -+ OCSP_SIGNATURE_free; -+ ASN1_item_i2d_fp; -+ KRB5_PRINCNAME_free; -+ PKCS7_RECIP_INFO_it; -+ PKCS7_RECIP_INFO_it; -+ EXTENDED_KEY_USAGE_it; -+ EXTENDED_KEY_USAGE_it; -+ EC_GFp_simple_method; -+ EC_GROUP_precompute_mult; -+ OCSP_request_onereq_get0; -+ UI_method_set_writer; -+ KRB5_AUTHENT_new; -+ X509_CRL_INFO_it; -+ X509_CRL_INFO_it; -+ DSO_set_name_converter; -+ AES_set_decrypt_key; -+ PKCS7_DIGEST_it; -+ PKCS7_DIGEST_it; -+ PKCS12_x5092certbag; -+ EVP_DigestInit_ex; -+ i2a_ACCESS_DESCRIPTION; -+ OCSP_RESPONSE_it; -+ OCSP_RESPONSE_it; -+ PKCS7_ENC_CONTENT_it; -+ PKCS7_ENC_CONTENT_it; -+ OCSP_request_add0_id; -+ EC_POINT_make_affine; -+ DSO_get_filename; -+ OCSP_CERTSTATUS_it; -+ OCSP_CERTSTATUS_it; -+ OCSP_request_add1_cert; -+ UI_get0_output_string; -+ UI_dup_verify_string; -+ BN_mod_lshift; -+ KRB5_AUTHDATA_it; -+ KRB5_AUTHDATA_it; -+ asn1_set_choice_selector; -+ OCSP_basic_add1_status; -+ OCSP_RESPID_free; -+ asn1_get_field_ptr; -+ UI_add_input_string; -+ OCSP_CRLID_it; -+ OCSP_CRLID_it; -+ i2d_KRB5_AUTHENTBODY; -+ OCSP_REQUEST_get_ext_count; -+ ENGINE_load_atalla; -+ X509_NAME_it; -+ X509_NAME_it; -+ USERNOTICE_it; -+ USERNOTICE_it; -+ OCSP_REQINFO_new; -+ OCSP_BASICRESP_get_ext; -+ CRYPTO_get_ex_data_implementation; -+ CRYPTO_get_ex_data_impl; -+ ASN1_item_pack; -+ i2d_KRB5_ENCDATA; -+ X509_PURPOSE_set; -+ X509_REQ_INFO_it; -+ X509_REQ_INFO_it; -+ UI_method_set_opener; -+ ASN1_item_ex_free; -+ ASN1_BOOLEAN_it; -+ ASN1_BOOLEAN_it; -+ ENGINE_get_table_flags; -+ UI_create_method; -+ OCSP_ONEREQ_add1_ext_i2d; -+ _shadow_DES_check_key; -+ _shadow_DES_check_key; -+ d2i_OCSP_REQINFO; -+ UI_add_info_string; -+ UI_get_result_minsize; -+ ASN1_NULL_it; -+ ASN1_NULL_it; -+ BN_mod_lshift1; -+ d2i_OCSP_ONEREQ; -+ OCSP_ONEREQ_new; -+ KRB5_TICKET_it; -+ KRB5_TICKET_it; -+ EVP_aes_192_cbc; -+ KRB5_TICKET_free; -+ UI_new; -+ OCSP_response_create; -+ _ossl_old_des_xcbc_encrypt; -+ PKCS7_it; -+ PKCS7_it; -+ OCSP_REQUEST_get_ext_by_critical; -+ OCSP_REQUEST_get_ext_by_crit; -+ ENGINE_set_flags; -+ _ossl_old_des_ecb_encrypt; -+ OCSP_response_get1_basic; -+ EVP_Digest; -+ OCSP_ONEREQ_delete_ext; -+ ASN1_TBOOLEAN_it; -+ ASN1_TBOOLEAN_it; -+ ASN1_item_new; -+ ASN1_TIME_to_generalizedtime; -+ BIGNUM_it; -+ BIGNUM_it; -+ AES_cbc_encrypt; -+ ENGINE_get_load_privkey_function; -+ ENGINE_get_load_privkey_fn; -+ OCSP_RESPONSE_free; -+ UI_method_set_reader; -+ i2d_ASN1_T61STRING; -+ EC_POINT_set_to_infinity; -+ ERR_load_OCSP_strings; -+ EC_POINT_point2oct; -+ KRB5_APREQ_free; -+ ASN1_OBJECT_it; -+ ASN1_OBJECT_it; -+ OCSP_crlID_new; -+ OCSP_crlID2_new; -+ CONF_modules_load_file; -+ CONF_imodule_set_usr_data; -+ ENGINE_set_default_string; -+ CONF_module_get_usr_data; -+ ASN1_add_oid_module; -+ CONF_modules_finish; -+ OPENSSL_config; -+ CONF_modules_unload; -+ CONF_imodule_get_value; -+ CONF_module_set_usr_data; -+ CONF_parse_list; -+ CONF_module_add; -+ CONF_get1_default_config_file; -+ CONF_imodule_get_flags; -+ CONF_imodule_get_module; -+ CONF_modules_load; -+ CONF_imodule_get_name; -+ ERR_peek_top_error; -+ CONF_imodule_get_usr_data; -+ CONF_imodule_set_flags; -+ ENGINE_add_conf_module; -+ ERR_peek_last_error_line; -+ ERR_peek_last_error_line_data; -+ ERR_peek_last_error; -+ DES_read_2passwords; -+ DES_read_password; -+ UI_UTIL_read_pw; -+ UI_UTIL_read_pw_string; -+ ENGINE_load_aep; -+ ENGINE_load_sureware; -+ OPENSSL_add_all_algorithms_noconf; -+ OPENSSL_add_all_algo_noconf; -+ OPENSSL_add_all_algorithms_conf; -+ OPENSSL_add_all_algo_conf; -+ OPENSSL_load_builtin_modules; -+ AES_ofb128_encrypt; -+ AES_ctr128_encrypt; -+ AES_cfb128_encrypt; -+ ENGINE_load_4758cca; -+ _ossl_096_des_random_seed; -+ EVP_aes_256_ofb; -+ EVP_aes_192_ofb; -+ EVP_aes_128_cfb128; -+ EVP_aes_256_cfb128; -+ EVP_aes_128_ofb; -+ EVP_aes_192_cfb128; -+ CONF_modules_free; -+ NCONF_default; -+ OPENSSL_no_config; -+ NCONF_WIN32; -+ ASN1_UNIVERSALSTRING_new; -+ EVP_des_ede_ecb; -+ i2d_ASN1_UNIVERSALSTRING; -+ ASN1_UNIVERSALSTRING_free; -+ ASN1_UNIVERSALSTRING_it; -+ ASN1_UNIVERSALSTRING_it; -+ d2i_ASN1_UNIVERSALSTRING; -+ EVP_des_ede3_ecb; -+ X509_REQ_print_ex; -+ ENGINE_up_ref; -+ BUF_MEM_grow_clean; -+ CRYPTO_realloc_clean; -+ BUF_strlcat; -+ BIO_indent; -+ BUF_strlcpy; -+ OpenSSLDie; -+ OPENSSL_cleanse; -+ ENGINE_setup_bsd_cryptodev; -+ ERR_release_err_state_table; -+ EVP_aes_128_cfb8; -+ FIPS_corrupt_rsa; -+ FIPS_selftest_des; -+ EVP_aes_128_cfb1; -+ EVP_aes_192_cfb8; -+ FIPS_mode_set; -+ FIPS_selftest_dsa; -+ EVP_aes_256_cfb8; -+ FIPS_allow_md5; -+ DES_ede3_cfb_encrypt; -+ EVP_des_ede3_cfb8; -+ FIPS_rand_seeded; -+ AES_cfbr_encrypt_block; -+ AES_cfb8_encrypt; -+ FIPS_rand_seed; -+ FIPS_corrupt_des; -+ EVP_aes_192_cfb1; -+ FIPS_selftest_aes; -+ FIPS_set_prng_key; -+ EVP_des_cfb8; -+ FIPS_corrupt_dsa; -+ FIPS_test_mode; -+ FIPS_rand_method; -+ EVP_aes_256_cfb1; -+ ERR_load_FIPS_strings; -+ FIPS_corrupt_aes; -+ FIPS_selftest_sha1; -+ FIPS_selftest_rsa; -+ FIPS_corrupt_sha1; -+ EVP_des_cfb1; -+ FIPS_dsa_check; -+ AES_cfb1_encrypt; -+ EVP_des_ede3_cfb1; -+ FIPS_rand_check; -+ FIPS_md5_allowed; -+ FIPS_mode; -+ FIPS_selftest_failed; -+ sk_is_sorted; -+ X509_check_ca; -+ HMAC_CTX_set_flags; -+ d2i_PROXY_CERT_INFO_EXTENSION; -+ PROXY_POLICY_it; -+ PROXY_POLICY_it; -+ i2d_PROXY_POLICY; -+ i2d_PROXY_CERT_INFO_EXTENSION; -+ d2i_PROXY_POLICY; -+ PROXY_CERT_INFO_EXTENSION_new; -+ PROXY_CERT_INFO_EXTENSION_free; -+ PROXY_CERT_INFO_EXTENSION_it; -+ PROXY_CERT_INFO_EXTENSION_it; -+ PROXY_POLICY_free; -+ PROXY_POLICY_new; -+ BN_MONT_CTX_set_locked; -+ FIPS_selftest_rng; -+ EVP_sha384; -+ EVP_sha512; -+ EVP_sha224; -+ EVP_sha256; -+ FIPS_selftest_hmac; -+ FIPS_corrupt_rng; -+ BN_mod_exp_mont_consttime; -+ RSA_X931_hash_id; -+ RSA_padding_check_X931; -+ RSA_verify_PKCS1_PSS; -+ RSA_padding_add_X931; -+ RSA_padding_add_PKCS1_PSS; -+ PKCS1_MGF1; -+ BN_X931_generate_Xpq; -+ RSA_X931_generate_key; -+ BN_X931_derive_prime; -+ BN_X931_generate_prime; -+ RSA_X931_derive; -+ BIO_new_dgram; -+ BN_get0_nist_prime_384; -+ ERR_set_mark; -+ X509_STORE_CTX_set0_crls; -+ ENGINE_set_STORE; -+ ENGINE_register_ECDSA; -+ STORE_meth_set_list_start_fn; -+ STORE_method_set_list_start_function; -+ BN_BLINDING_invert_ex; -+ NAME_CONSTRAINTS_free; -+ STORE_ATTR_INFO_set_number; -+ BN_BLINDING_get_thread_id; -+ X509_STORE_CTX_set0_param; -+ POLICY_MAPPING_it; -+ POLICY_MAPPING_it; -+ STORE_parse_attrs_start; -+ POLICY_CONSTRAINTS_free; -+ EVP_PKEY_add1_attr_by_NID; -+ BN_nist_mod_192; -+ EC_GROUP_get_trinomial_basis; -+ STORE_set_method; -+ GENERAL_SUBTREE_free; -+ NAME_CONSTRAINTS_it; -+ NAME_CONSTRAINTS_it; -+ ECDH_get_default_method; -+ PKCS12_add_safe; -+ EC_KEY_new_by_curve_name; -+ STORE_meth_get_update_store_fn; -+ STORE_method_get_update_store_function; -+ ENGINE_register_ECDH; -+ SHA512_Update; -+ i2d_ECPrivateKey; -+ BN_get0_nist_prime_192; -+ STORE_modify_certificate; -+ EC_POINT_set_affine_coordinates_GF2m; -+ EC_POINT_set_affine_coords_GF2m; -+ BN_GF2m_mod_exp_arr; -+ STORE_ATTR_INFO_modify_number; -+ X509_keyid_get0; -+ ENGINE_load_gmp; -+ pitem_new; -+ BN_GF2m_mod_mul_arr; -+ STORE_list_public_key_endp; -+ o2i_ECPublicKey; -+ EC_KEY_copy; -+ BIO_dump_fp; -+ X509_policy_node_get0_parent; -+ EC_GROUP_check_discriminant; -+ i2o_ECPublicKey; -+ EC_KEY_precompute_mult; -+ a2i_IPADDRESS; -+ STORE_meth_set_initialise_fn; -+ STORE_method_set_initialise_function; -+ X509_STORE_CTX_set_depth; -+ X509_VERIFY_PARAM_inherit; -+ EC_POINT_point2bn; -+ STORE_ATTR_INFO_set_dn; -+ X509_policy_tree_get0_policies; -+ EC_GROUP_new_curve_GF2m; -+ STORE_destroy_method; -+ ENGINE_unregister_STORE; -+ EVP_PKEY_get1_EC_KEY; -+ STORE_ATTR_INFO_get0_number; -+ ENGINE_get_default_ECDH; -+ EC_KEY_get_conv_form; -+ ASN1_OCTET_STRING_NDEF_it; -+ ASN1_OCTET_STRING_NDEF_it; -+ STORE_delete_public_key; -+ STORE_get_public_key; -+ STORE_modify_arbitrary; -+ ENGINE_get_static_state; -+ pqueue_iterator; -+ ECDSA_SIG_new; -+ OPENSSL_DIR_end; -+ BN_GF2m_mod_sqr; -+ EC_POINT_bn2point; -+ X509_VERIFY_PARAM_set_depth; -+ EC_KEY_set_asn1_flag; -+ STORE_get_method; -+ EC_KEY_get_key_method_data; -+ ECDSA_sign_ex; -+ STORE_parse_attrs_end; -+ EC_GROUP_get_point_conversion_form; -+ EC_GROUP_get_point_conv_form; -+ STORE_method_set_store_function; -+ STORE_ATTR_INFO_in; -+ PEM_read_bio_ECPKParameters; -+ EC_GROUP_get_pentanomial_basis; -+ EVP_PKEY_add1_attr_by_txt; -+ BN_BLINDING_set_flags; -+ X509_VERIFY_PARAM_set1_policies; -+ X509_VERIFY_PARAM_set1_name; -+ X509_VERIFY_PARAM_set_purpose; -+ STORE_get_number; -+ ECDSA_sign_setup; -+ BN_GF2m_mod_solve_quad_arr; -+ EC_KEY_up_ref; -+ POLICY_MAPPING_free; -+ BN_GF2m_mod_div; -+ X509_VERIFY_PARAM_set_flags; -+ EC_KEY_free; -+ STORE_meth_set_list_next_fn; -+ STORE_method_set_list_next_function; -+ PEM_write_bio_ECPrivateKey; -+ d2i_EC_PUBKEY; -+ STORE_meth_get_generate_fn; -+ STORE_method_get_generate_function; -+ STORE_meth_set_list_end_fn; -+ STORE_method_set_list_end_function; -+ pqueue_print; -+ EC_GROUP_have_precompute_mult; -+ EC_KEY_print_fp; -+ BN_GF2m_mod_arr; -+ PEM_write_bio_X509_CERT_PAIR; -+ EVP_PKEY_cmp; -+ X509_policy_level_node_count; -+ STORE_new_engine; -+ STORE_list_public_key_start; -+ X509_VERIFY_PARAM_new; -+ ECDH_get_ex_data; -+ EVP_PKEY_get_attr; -+ ECDSA_do_sign; -+ ENGINE_unregister_ECDH; -+ ECDH_OpenSSL; -+ EC_KEY_set_conv_form; -+ EC_POINT_dup; -+ GENERAL_SUBTREE_new; -+ STORE_list_crl_endp; -+ EC_get_builtin_curves; -+ X509_policy_node_get0_qualifiers; -+ X509_pcy_node_get0_qualifiers; -+ STORE_list_crl_end; -+ EVP_PKEY_set1_EC_KEY; -+ BN_GF2m_mod_sqrt_arr; -+ i2d_ECPrivateKey_bio; -+ ECPKParameters_print_fp; -+ pqueue_find; -+ ECDSA_SIG_free; -+ PEM_write_bio_ECPKParameters; -+ STORE_method_set_ctrl_function; -+ STORE_list_public_key_end; -+ EC_KEY_set_private_key; -+ pqueue_peek; -+ STORE_get_arbitrary; -+ STORE_store_crl; -+ X509_policy_node_get0_policy; -+ PKCS12_add_safes; -+ BN_BLINDING_convert_ex; -+ X509_policy_tree_free; -+ OPENSSL_ia32cap_loc; -+ BN_GF2m_poly2arr; -+ STORE_ctrl; -+ STORE_ATTR_INFO_compare; -+ BN_get0_nist_prime_224; -+ i2d_ECParameters; -+ i2d_ECPKParameters; -+ BN_GENCB_call; -+ d2i_ECPKParameters; -+ STORE_meth_set_generate_fn; -+ STORE_method_set_generate_function; -+ ENGINE_set_ECDH; -+ NAME_CONSTRAINTS_new; -+ SHA256_Init; -+ EC_KEY_get0_public_key; -+ PEM_write_bio_EC_PUBKEY; -+ STORE_ATTR_INFO_set_cstr; -+ STORE_list_crl_next; -+ STORE_ATTR_INFO_in_range; -+ ECParameters_print; -+ STORE_meth_set_delete_fn; -+ STORE_method_set_delete_function; -+ STORE_list_certificate_next; -+ ASN1_generate_nconf; -+ BUF_memdup; -+ BN_GF2m_mod_mul; -+ STORE_meth_get_list_next_fn; -+ STORE_method_get_list_next_function; -+ STORE_ATTR_INFO_get0_dn; -+ STORE_list_private_key_next; -+ EC_GROUP_set_seed; -+ X509_VERIFY_PARAM_set_trust; -+ STORE_ATTR_INFO_free; -+ STORE_get_private_key; -+ EVP_PKEY_get_attr_count; -+ STORE_ATTR_INFO_new; -+ EC_GROUP_get_curve_GF2m; -+ STORE_meth_set_revoke_fn; -+ STORE_method_set_revoke_function; -+ STORE_store_number; -+ BN_is_prime_ex; -+ STORE_revoke_public_key; -+ X509_STORE_CTX_get0_param; -+ STORE_delete_arbitrary; -+ PEM_read_X509_CERT_PAIR; -+ X509_STORE_set_depth; -+ ECDSA_get_ex_data; -+ SHA224; -+ BIO_dump_indent_fp; -+ EC_KEY_set_group; -+ BUF_strndup; -+ STORE_list_certificate_start; -+ BN_GF2m_mod; -+ X509_REQ_check_private_key; -+ EC_GROUP_get_seed_len; -+ ERR_load_STORE_strings; -+ PEM_read_bio_EC_PUBKEY; -+ STORE_list_private_key_end; -+ i2d_EC_PUBKEY; -+ ECDSA_get_default_method; -+ ASN1_put_eoc; -+ X509_STORE_CTX_get_explicit_policy; -+ X509_STORE_CTX_get_expl_policy; -+ X509_VERIFY_PARAM_table_cleanup; -+ STORE_modify_private_key; -+ X509_VERIFY_PARAM_free; -+ EC_METHOD_get_field_type; -+ EC_GFp_nist_method; -+ STORE_meth_set_modify_fn; -+ STORE_method_set_modify_function; -+ STORE_parse_attrs_next; -+ ENGINE_load_padlock; -+ EC_GROUP_set_curve_name; -+ X509_CERT_PAIR_it; -+ X509_CERT_PAIR_it; -+ STORE_meth_get_revoke_fn; -+ STORE_method_get_revoke_function; -+ STORE_method_set_get_function; -+ STORE_modify_number; -+ STORE_method_get_store_function; -+ STORE_store_private_key; -+ BN_GF2m_mod_sqr_arr; -+ RSA_setup_blinding; -+ BIO_s_datagram; -+ STORE_Memory; -+ sk_find_ex; -+ EC_GROUP_set_curve_GF2m; -+ ENGINE_set_default_ECDSA; -+ POLICY_CONSTRAINTS_new; -+ BN_GF2m_mod_sqrt; -+ ECDH_set_default_method; -+ EC_KEY_generate_key; -+ SHA384_Update; -+ BN_GF2m_arr2poly; -+ STORE_method_get_get_function; -+ STORE_meth_set_cleanup_fn; -+ STORE_method_set_cleanup_function; -+ EC_GROUP_check; -+ d2i_ECPrivateKey_bio; -+ EC_KEY_insert_key_method_data; -+ STORE_meth_get_lock_store_fn; -+ STORE_method_get_lock_store_function; -+ X509_VERIFY_PARAM_get_depth; -+ SHA224_Final; -+ STORE_meth_set_update_store_fn; -+ STORE_method_set_update_store_function; -+ SHA224_Update; -+ d2i_ECPrivateKey; -+ ASN1_item_ndef_i2d; -+ STORE_delete_private_key; -+ ERR_pop_to_mark; -+ ENGINE_register_all_STORE; -+ X509_policy_level_get0_node; -+ i2d_PKCS7_NDEF; -+ EC_GROUP_get_degree; -+ ASN1_generate_v3; -+ STORE_ATTR_INFO_modify_cstr; -+ X509_policy_tree_level_count; -+ BN_GF2m_add; -+ EC_KEY_get0_group; -+ STORE_generate_crl; -+ STORE_store_public_key; -+ X509_CERT_PAIR_free; -+ STORE_revoke_private_key; -+ BN_nist_mod_224; -+ SHA512_Final; -+ STORE_ATTR_INFO_modify_dn; -+ STORE_meth_get_initialise_fn; -+ STORE_method_get_initialise_function; -+ STORE_delete_number; -+ i2d_EC_PUBKEY_bio; -+ BIO_dgram_non_fatal_error; -+ EC_GROUP_get_asn1_flag; -+ STORE_ATTR_INFO_in_ex; -+ STORE_list_crl_start; -+ ECDH_get_ex_new_index; -+ STORE_meth_get_modify_fn; -+ STORE_method_get_modify_function; -+ v2i_ASN1_BIT_STRING; -+ STORE_store_certificate; -+ OBJ_bsearch_ex; -+ X509_STORE_CTX_set_default; -+ STORE_ATTR_INFO_set_sha1str; -+ BN_GF2m_mod_inv; -+ BN_GF2m_mod_exp; -+ STORE_modify_public_key; -+ STORE_meth_get_list_start_fn; -+ STORE_method_get_list_start_function; -+ EC_GROUP_get0_seed; -+ STORE_store_arbitrary; -+ STORE_meth_set_unlock_store_fn; -+ STORE_method_set_unlock_store_function; -+ BN_GF2m_mod_div_arr; -+ ENGINE_set_ECDSA; -+ STORE_create_method; -+ ECPKParameters_print; -+ EC_KEY_get0_private_key; -+ PEM_write_EC_PUBKEY; -+ X509_VERIFY_PARAM_set1; -+ ECDH_set_method; -+ v2i_GENERAL_NAME_ex; -+ ECDH_set_ex_data; -+ STORE_generate_key; -+ BN_nist_mod_521; -+ X509_policy_tree_get0_level; -+ EC_GROUP_set_point_conversion_form; -+ EC_GROUP_set_point_conv_form; -+ PEM_read_EC_PUBKEY; -+ i2d_ECDSA_SIG; -+ ECDSA_OpenSSL; -+ STORE_delete_crl; -+ EC_KEY_get_enc_flags; -+ ASN1_const_check_infinite_end; -+ EVP_PKEY_delete_attr; -+ ECDSA_set_default_method; -+ EC_POINT_set_compressed_coordinates_GF2m; -+ EC_POINT_set_compr_coords_GF2m; -+ EC_GROUP_cmp; -+ STORE_revoke_certificate; -+ BN_get0_nist_prime_256; -+ STORE_meth_get_delete_fn; -+ STORE_method_get_delete_function; -+ SHA224_Init; -+ PEM_read_ECPrivateKey; -+ SHA512_Init; -+ STORE_parse_attrs_endp; -+ BN_set_negative; -+ ERR_load_ECDSA_strings; -+ EC_GROUP_get_basis_type; -+ STORE_list_public_key_next; -+ i2v_ASN1_BIT_STRING; -+ STORE_OBJECT_free; -+ BN_nist_mod_384; -+ i2d_X509_CERT_PAIR; -+ PEM_write_ECPKParameters; -+ ECDH_compute_key; -+ STORE_ATTR_INFO_get0_sha1str; -+ ENGINE_register_all_ECDH; -+ pqueue_pop; -+ STORE_ATTR_INFO_get0_cstr; -+ POLICY_CONSTRAINTS_it; -+ POLICY_CONSTRAINTS_it; -+ STORE_get_ex_new_index; -+ EVP_PKEY_get_attr_by_OBJ; -+ X509_VERIFY_PARAM_add0_policy; -+ BN_GF2m_mod_solve_quad; -+ SHA256; -+ i2d_ECPrivateKey_fp; -+ X509_policy_tree_get0_user_policies; -+ X509_pcy_tree_get0_usr_policies; -+ OPENSSL_DIR_read; -+ ENGINE_register_all_ECDSA; -+ X509_VERIFY_PARAM_lookup; -+ EC_POINT_get_affine_coordinates_GF2m; -+ EC_POINT_get_affine_coords_GF2m; -+ EC_GROUP_dup; -+ ENGINE_get_default_ECDSA; -+ EC_KEY_new; -+ SHA256_Transform; -+ EC_KEY_set_enc_flags; -+ ECDSA_verify; -+ EC_POINT_point2hex; -+ ENGINE_get_STORE; -+ SHA512; -+ STORE_get_certificate; -+ ECDSA_do_sign_ex; -+ ECDSA_do_verify; -+ d2i_ECPrivateKey_fp; -+ STORE_delete_certificate; -+ SHA512_Transform; -+ X509_STORE_set1_param; -+ STORE_method_get_ctrl_function; -+ STORE_free; -+ PEM_write_ECPrivateKey; -+ STORE_meth_get_unlock_store_fn; -+ STORE_method_get_unlock_store_function; -+ STORE_get_ex_data; -+ EC_KEY_set_public_key; -+ PEM_read_ECPKParameters; -+ X509_CERT_PAIR_new; -+ ENGINE_register_STORE; -+ RSA_generate_key_ex; -+ DSA_generate_parameters_ex; -+ ECParameters_print_fp; -+ X509V3_NAME_from_section; -+ EVP_PKEY_add1_attr; -+ STORE_modify_crl; -+ STORE_list_private_key_start; -+ POLICY_MAPPINGS_it; -+ POLICY_MAPPINGS_it; -+ GENERAL_SUBTREE_it; -+ GENERAL_SUBTREE_it; -+ EC_GROUP_get_curve_name; -+ PEM_write_X509_CERT_PAIR; -+ BIO_dump_indent_cb; -+ d2i_X509_CERT_PAIR; -+ STORE_list_private_key_endp; -+ asn1_const_Finish; -+ i2d_EC_PUBKEY_fp; -+ BN_nist_mod_256; -+ X509_VERIFY_PARAM_add0_table; -+ pqueue_free; -+ BN_BLINDING_create_param; -+ ECDSA_size; -+ d2i_EC_PUBKEY_bio; -+ BN_get0_nist_prime_521; -+ STORE_ATTR_INFO_modify_sha1str; -+ BN_generate_prime_ex; -+ EC_GROUP_new_by_curve_name; -+ SHA256_Final; -+ DH_generate_parameters_ex; -+ PEM_read_bio_ECPrivateKey; -+ STORE_meth_get_cleanup_fn; -+ STORE_method_get_cleanup_function; -+ ENGINE_get_ECDH; -+ d2i_ECDSA_SIG; -+ BN_is_prime_fasttest_ex; -+ ECDSA_sign; -+ X509_policy_check; -+ EVP_PKEY_get_attr_by_NID; -+ STORE_set_ex_data; -+ ENGINE_get_ECDSA; -+ EVP_ecdsa; -+ BN_BLINDING_get_flags; -+ PKCS12_add_cert; -+ STORE_OBJECT_new; -+ ERR_load_ECDH_strings; -+ EC_KEY_dup; -+ EVP_CIPHER_CTX_rand_key; -+ ECDSA_set_method; -+ a2i_IPADDRESS_NC; -+ d2i_ECParameters; -+ STORE_list_certificate_end; -+ STORE_get_crl; -+ X509_POLICY_NODE_print; -+ SHA384_Init; -+ EC_GF2m_simple_method; -+ ECDSA_set_ex_data; -+ SHA384_Final; -+ PKCS7_set_digest; -+ EC_KEY_print; -+ STORE_meth_set_lock_store_fn; -+ STORE_method_set_lock_store_function; -+ ECDSA_get_ex_new_index; -+ SHA384; -+ POLICY_MAPPING_new; -+ STORE_list_certificate_endp; -+ X509_STORE_CTX_get0_policy_tree; -+ EC_GROUP_set_asn1_flag; -+ EC_KEY_check_key; -+ d2i_EC_PUBKEY_fp; -+ PKCS7_set0_type_other; -+ PEM_read_bio_X509_CERT_PAIR; -+ pqueue_next; -+ STORE_meth_get_list_end_fn; -+ STORE_method_get_list_end_function; -+ EVP_PKEY_add1_attr_by_OBJ; -+ X509_VERIFY_PARAM_set_time; -+ pqueue_new; -+ ENGINE_set_default_ECDH; -+ STORE_new_method; -+ PKCS12_add_key; -+ DSO_merge; -+ EC_POINT_hex2point; -+ BIO_dump_cb; -+ SHA256_Update; -+ pqueue_insert; -+ pitem_free; -+ BN_GF2m_mod_inv_arr; -+ ENGINE_unregister_ECDSA; -+ BN_BLINDING_set_thread_id; -+ get_rfc3526_prime_8192; -+ X509_VERIFY_PARAM_clear_flags; -+ get_rfc2409_prime_1024; -+ DH_check_pub_key; -+ get_rfc3526_prime_2048; -+ get_rfc3526_prime_6144; -+ get_rfc3526_prime_1536; -+ get_rfc3526_prime_3072; -+ get_rfc3526_prime_4096; -+ get_rfc2409_prime_768; -+ X509_VERIFY_PARAM_get_flags; -+ EVP_CIPHER_CTX_new; -+ EVP_CIPHER_CTX_free; -+ Camellia_cbc_encrypt; -+ Camellia_cfb128_encrypt; -+ Camellia_cfb1_encrypt; -+ Camellia_cfb8_encrypt; -+ Camellia_ctr128_encrypt; -+ Camellia_cfbr_encrypt_block; -+ Camellia_decrypt; -+ Camellia_ecb_encrypt; -+ Camellia_encrypt; -+ Camellia_ofb128_encrypt; -+ Camellia_set_key; -+ EVP_camellia_128_cbc; -+ EVP_camellia_128_cfb128; -+ EVP_camellia_128_cfb1; -+ EVP_camellia_128_cfb8; -+ EVP_camellia_128_ecb; -+ EVP_camellia_128_ofb; -+ EVP_camellia_192_cbc; -+ EVP_camellia_192_cfb128; -+ EVP_camellia_192_cfb1; -+ EVP_camellia_192_cfb8; -+ EVP_camellia_192_ecb; -+ EVP_camellia_192_ofb; -+ EVP_camellia_256_cbc; -+ EVP_camellia_256_cfb128; -+ EVP_camellia_256_cfb1; -+ EVP_camellia_256_cfb8; -+ EVP_camellia_256_ecb; -+ EVP_camellia_256_ofb; -+ a2i_ipadd; -+ ASIdentifiers_free; -+ i2d_ASIdOrRange; -+ EVP_CIPHER_block_size; -+ v3_asid_is_canonical; -+ IPAddressChoice_free; -+ EVP_CIPHER_CTX_set_app_data; -+ BIO_set_callback_arg; -+ v3_addr_add_prefix; -+ IPAddressOrRange_it; -+ IPAddressOrRange_it; -+ BIO_set_flags; -+ ASIdentifiers_it; -+ ASIdentifiers_it; -+ v3_addr_get_range; -+ BIO_method_type; -+ v3_addr_inherits; -+ IPAddressChoice_it; -+ IPAddressChoice_it; -+ AES_ige_encrypt; -+ v3_addr_add_range; -+ EVP_CIPHER_CTX_nid; -+ d2i_ASRange; -+ v3_addr_add_inherit; -+ v3_asid_add_id_or_range; -+ v3_addr_validate_resource_set; -+ EVP_CIPHER_iv_length; -+ EVP_MD_type; -+ v3_asid_canonize; -+ IPAddressRange_free; -+ v3_asid_add_inherit; -+ EVP_CIPHER_CTX_key_length; -+ IPAddressRange_new; -+ ASIdOrRange_new; -+ EVP_MD_size; -+ EVP_MD_CTX_test_flags; -+ BIO_clear_flags; -+ i2d_ASRange; -+ IPAddressRange_it; -+ IPAddressRange_it; -+ IPAddressChoice_new; -+ ASIdentifierChoice_new; -+ ASRange_free; -+ EVP_MD_pkey_type; -+ EVP_MD_CTX_clear_flags; -+ IPAddressFamily_free; -+ i2d_IPAddressFamily; -+ IPAddressOrRange_new; -+ EVP_CIPHER_flags; -+ v3_asid_validate_resource_set; -+ d2i_IPAddressRange; -+ AES_bi_ige_encrypt; -+ BIO_get_callback; -+ IPAddressOrRange_free; -+ v3_addr_subset; -+ d2i_IPAddressFamily; -+ v3_asid_subset; -+ BIO_test_flags; -+ i2d_ASIdentifierChoice; -+ ASRange_it; -+ ASRange_it; -+ d2i_ASIdentifiers; -+ ASRange_new; -+ d2i_IPAddressChoice; -+ v3_addr_get_afi; -+ EVP_CIPHER_key_length; -+ EVP_Cipher; -+ i2d_IPAddressOrRange; -+ ASIdOrRange_it; -+ ASIdOrRange_it; -+ EVP_CIPHER_nid; -+ i2d_IPAddressChoice; -+ EVP_CIPHER_CTX_block_size; -+ ASIdentifiers_new; -+ v3_addr_validate_path; -+ IPAddressFamily_new; -+ EVP_MD_CTX_set_flags; -+ v3_addr_is_canonical; -+ i2d_IPAddressRange; -+ IPAddressFamily_it; -+ IPAddressFamily_it; -+ v3_asid_inherits; -+ EVP_CIPHER_CTX_cipher; -+ EVP_CIPHER_CTX_get_app_data; -+ EVP_MD_block_size; -+ EVP_CIPHER_CTX_flags; -+ v3_asid_validate_path; -+ d2i_IPAddressOrRange; -+ v3_addr_canonize; -+ ASIdentifierChoice_it; -+ ASIdentifierChoice_it; -+ EVP_MD_CTX_md; -+ d2i_ASIdentifierChoice; -+ BIO_method_name; -+ EVP_CIPHER_CTX_iv_length; -+ ASIdOrRange_free; -+ ASIdentifierChoice_free; -+ BIO_get_callback_arg; -+ BIO_set_callback; -+ d2i_ASIdOrRange; -+ i2d_ASIdentifiers; -+ SEED_decrypt; -+ SEED_encrypt; -+ SEED_cbc_encrypt; -+ EVP_seed_ofb; -+ SEED_cfb128_encrypt; -+ SEED_ofb128_encrypt; -+ EVP_seed_cbc; -+ SEED_ecb_encrypt; -+ EVP_seed_ecb; -+ SEED_set_key; -+ EVP_seed_cfb128; -+ X509_EXTENSIONS_it; -+ X509_EXTENSIONS_it; -+ X509_get1_ocsp; -+ OCSP_REQ_CTX_free; -+ i2d_X509_EXTENSIONS; -+ OCSP_sendreq_nbio; -+ OCSP_sendreq_new; -+ d2i_X509_EXTENSIONS; -+ X509_ALGORS_it; -+ X509_ALGORS_it; -+ X509_ALGOR_get0; -+ X509_ALGOR_set0; -+ AES_unwrap_key; -+ AES_wrap_key; -+ X509at_get0_data_by_OBJ; -+ ASN1_TYPE_set1; -+ ASN1_STRING_set0; -+ i2d_X509_ALGORS; -+ BIO_f_zlib; -+ COMP_zlib_cleanup; -+ d2i_X509_ALGORS; -+ CMS_ReceiptRequest_free; -+ PEM_write_CMS; -+ CMS_add0_CertificateChoices; -+ CMS_unsigned_add1_attr_by_OBJ; -+ ERR_load_CMS_strings; -+ CMS_sign_receipt; -+ i2d_CMS_ContentInfo; -+ CMS_signed_delete_attr; -+ d2i_CMS_bio; -+ CMS_unsigned_get_attr_by_NID; -+ CMS_verify; -+ SMIME_read_CMS; -+ CMS_decrypt_set1_key; -+ CMS_SignerInfo_get0_algs; -+ CMS_add1_cert; -+ CMS_set_detached; -+ CMS_encrypt; -+ CMS_EnvelopedData_create; -+ CMS_uncompress; -+ CMS_add0_crl; -+ CMS_SignerInfo_verify_content; -+ CMS_unsigned_get0_data_by_OBJ; -+ PEM_write_bio_CMS; -+ CMS_unsigned_get_attr; -+ CMS_RecipientInfo_ktri_cert_cmp; -+ CMS_RecipientInfo_ktri_get0_algs; -+ CMS_RecipInfo_ktri_get0_algs; -+ CMS_ContentInfo_free; -+ CMS_final; -+ CMS_add_simple_smimecap; -+ CMS_SignerInfo_verify; -+ CMS_data; -+ CMS_ContentInfo_it; -+ CMS_ContentInfo_it; -+ d2i_CMS_ReceiptRequest; -+ CMS_compress; -+ CMS_digest_create; -+ CMS_SignerInfo_cert_cmp; -+ CMS_SignerInfo_sign; -+ CMS_data_create; -+ i2d_CMS_bio; -+ CMS_EncryptedData_set1_key; -+ CMS_decrypt; -+ int_smime_write_ASN1; -+ CMS_unsigned_delete_attr; -+ CMS_unsigned_get_attr_count; -+ CMS_add_smimecap; -+ PEM_read_CMS; -+ CMS_signed_get_attr_by_OBJ; -+ d2i_CMS_ContentInfo; -+ CMS_add_standard_smimecap; -+ CMS_ContentInfo_new; -+ CMS_RecipientInfo_type; -+ CMS_get0_type; -+ CMS_is_detached; -+ CMS_sign; -+ CMS_signed_add1_attr; -+ CMS_unsigned_get_attr_by_OBJ; -+ SMIME_write_CMS; -+ CMS_EncryptedData_decrypt; -+ CMS_get0_RecipientInfos; -+ CMS_add0_RevocationInfoChoice; -+ CMS_decrypt_set1_pkey; -+ CMS_SignerInfo_set1_signer_cert; -+ CMS_get0_signers; -+ CMS_ReceiptRequest_get0_values; -+ CMS_signed_get0_data_by_OBJ; -+ CMS_get0_SignerInfos; -+ CMS_add0_cert; -+ CMS_EncryptedData_encrypt; -+ CMS_digest_verify; -+ CMS_set1_signers_certs; -+ CMS_signed_get_attr; -+ CMS_RecipientInfo_set0_key; -+ CMS_SignedData_init; -+ CMS_RecipientInfo_kekri_get0_id; -+ CMS_verify_receipt; -+ CMS_ReceiptRequest_it; -+ CMS_ReceiptRequest_it; -+ PEM_read_bio_CMS; -+ CMS_get1_crls; -+ CMS_add0_recipient_key; -+ SMIME_read_ASN1; -+ CMS_ReceiptRequest_new; -+ CMS_get0_content; -+ CMS_get1_ReceiptRequest; -+ CMS_signed_add1_attr_by_OBJ; -+ CMS_RecipientInfo_kekri_id_cmp; -+ CMS_add1_ReceiptRequest; -+ CMS_SignerInfo_get0_signer_id; -+ CMS_unsigned_add1_attr_by_NID; -+ CMS_unsigned_add1_attr; -+ CMS_signed_get_attr_by_NID; -+ CMS_get1_certs; -+ CMS_signed_add1_attr_by_NID; -+ CMS_unsigned_add1_attr_by_txt; -+ CMS_dataFinal; -+ CMS_RecipientInfo_ktri_get0_signer_id; -+ CMS_RecipInfo_ktri_get0_sigr_id; -+ i2d_CMS_ReceiptRequest; -+ CMS_add1_recipient_cert; -+ CMS_dataInit; -+ CMS_signed_add1_attr_by_txt; -+ CMS_RecipientInfo_decrypt; -+ CMS_signed_get_attr_count; -+ CMS_get0_eContentType; -+ CMS_set1_eContentType; -+ CMS_ReceiptRequest_create0; -+ CMS_add1_signer; -+ CMS_RecipientInfo_set0_pkey; -+ ENGINE_set_load_ssl_client_cert_function; -+ ENGINE_set_ld_ssl_clnt_cert_fn; -+ ENGINE_get_ssl_client_cert_function; -+ ENGINE_get_ssl_client_cert_fn; -+ ENGINE_load_ssl_client_cert; -+ ENGINE_load_capi; -+ OPENSSL_isservice; -+ FIPS_dsa_sig_decode; -+ EVP_CIPHER_CTX_clear_flags; -+ FIPS_rand_status; -+ FIPS_rand_set_key; -+ CRYPTO_set_mem_info_functions; -+ RSA_X931_generate_key_ex; -+ int_ERR_set_state_func; -+ int_EVP_MD_set_engine_callbacks; -+ int_CRYPTO_set_do_dynlock_callback; -+ FIPS_rng_stick; -+ EVP_CIPHER_CTX_set_flags; -+ BN_X931_generate_prime_ex; -+ FIPS_selftest_check; -+ FIPS_rand_set_dt; -+ CRYPTO_dbg_pop_info; -+ FIPS_dsa_free; -+ RSA_X931_derive_ex; -+ FIPS_rsa_new; -+ FIPS_rand_bytes; -+ fips_cipher_test; -+ EVP_CIPHER_CTX_test_flags; -+ CRYPTO_malloc_debug_init; -+ CRYPTO_dbg_push_info; -+ FIPS_corrupt_rsa_keygen; -+ FIPS_dh_new; -+ FIPS_corrupt_dsa_keygen; -+ FIPS_dh_free; -+ fips_pkey_signature_test; -+ EVP_add_alg_module; -+ int_RAND_init_engine_callbacks; -+ int_EVP_CIPHER_set_engine_callbacks; -+ int_EVP_MD_init_engine_callbacks; -+ FIPS_rand_test_mode; -+ FIPS_rand_reset; -+ FIPS_dsa_new; -+ int_RAND_set_callbacks; -+ BN_X931_derive_prime_ex; -+ int_ERR_lib_init; -+ int_EVP_CIPHER_init_engine_callbacks; -+ FIPS_rsa_free; -+ FIPS_dsa_sig_encode; -+ CRYPTO_dbg_remove_all_info; -+ OPENSSL_init; -+ CRYPTO_strdup; -+ JPAKE_STEP3A_process; -+ JPAKE_STEP1_release; -+ JPAKE_get_shared_key; -+ JPAKE_STEP3B_init; -+ JPAKE_STEP1_generate; -+ JPAKE_STEP1_init; -+ JPAKE_STEP3B_process; -+ JPAKE_STEP2_generate; -+ JPAKE_CTX_new; -+ JPAKE_CTX_free; -+ JPAKE_STEP3B_release; -+ JPAKE_STEP3A_release; -+ JPAKE_STEP2_process; -+ JPAKE_STEP3B_generate; -+ JPAKE_STEP1_process; -+ JPAKE_STEP3A_generate; -+ JPAKE_STEP2_release; -+ JPAKE_STEP3A_init; -+ ERR_load_JPAKE_strings; -+ JPAKE_STEP2_init; -+ pqueue_size; -+ i2d_TS_ACCURACY; -+ i2d_TS_MSG_IMPRINT_fp; -+ i2d_TS_MSG_IMPRINT; -+ EVP_PKEY_print_public; -+ EVP_PKEY_CTX_new; -+ i2d_TS_TST_INFO; -+ EVP_PKEY_asn1_find; -+ DSO_METHOD_beos; -+ TS_CONF_load_cert; -+ TS_REQ_get_ext; -+ EVP_PKEY_sign_init; -+ ASN1_item_print; -+ TS_TST_INFO_set_nonce; -+ TS_RESP_dup; -+ ENGINE_register_pkey_meths; -+ EVP_PKEY_asn1_add0; -+ PKCS7_add0_attrib_signing_time; -+ i2d_TS_TST_INFO_fp; -+ BIO_asn1_get_prefix; -+ TS_TST_INFO_set_time; -+ EVP_PKEY_meth_set_decrypt; -+ EVP_PKEY_set_type_str; -+ EVP_PKEY_CTX_get_keygen_info; -+ TS_REQ_set_policy_id; -+ d2i_TS_RESP_fp; -+ ENGINE_get_pkey_asn1_meth_engine; -+ ENGINE_get_pkey_asn1_meth_eng; -+ WHIRLPOOL_Init; -+ TS_RESP_set_status_info; -+ EVP_PKEY_keygen; -+ EVP_DigestSignInit; -+ TS_ACCURACY_set_millis; -+ TS_REQ_dup; -+ GENERAL_NAME_dup; -+ ASN1_SEQUENCE_ANY_it; -+ ASN1_SEQUENCE_ANY_it; -+ WHIRLPOOL; -+ X509_STORE_get1_crls; -+ ENGINE_get_pkey_asn1_meth; -+ EVP_PKEY_asn1_new; -+ BIO_new_NDEF; -+ ENGINE_get_pkey_meth; -+ TS_MSG_IMPRINT_set_algo; -+ i2d_TS_TST_INFO_bio; -+ TS_TST_INFO_set_ordering; -+ TS_TST_INFO_get_ext_by_OBJ; -+ CRYPTO_THREADID_set_pointer; -+ TS_CONF_get_tsa_section; -+ SMIME_write_ASN1; -+ TS_RESP_CTX_set_signer_key; -+ EVP_PKEY_encrypt_old; -+ EVP_PKEY_encrypt_init; -+ CRYPTO_THREADID_cpy; -+ ASN1_PCTX_get_cert_flags; -+ i2d_ESS_SIGNING_CERT; -+ TS_CONF_load_key; -+ i2d_ASN1_SEQUENCE_ANY; -+ d2i_TS_MSG_IMPRINT_bio; -+ EVP_PKEY_asn1_set_public; -+ b2i_PublicKey_bio; -+ BIO_asn1_set_prefix; -+ EVP_PKEY_new_mac_key; -+ BIO_new_CMS; -+ CRYPTO_THREADID_cmp; -+ TS_REQ_ext_free; -+ EVP_PKEY_asn1_set_free; -+ EVP_PKEY_get0_asn1; -+ d2i_NETSCAPE_X509; -+ EVP_PKEY_verify_recover_init; -+ EVP_PKEY_CTX_set_data; -+ EVP_PKEY_keygen_init; -+ TS_RESP_CTX_set_status_info; -+ TS_MSG_IMPRINT_get_algo; -+ TS_REQ_print_bio; -+ EVP_PKEY_CTX_ctrl_str; -+ EVP_PKEY_get_default_digest_nid; -+ PEM_write_bio_PKCS7_stream; -+ TS_MSG_IMPRINT_print_bio; -+ BN_asc2bn; -+ TS_REQ_get_policy_id; -+ ENGINE_set_default_pkey_asn1_meths; -+ ENGINE_set_def_pkey_asn1_meths; -+ d2i_TS_ACCURACY; -+ DSO_global_lookup; -+ TS_CONF_set_tsa_name; -+ i2d_ASN1_SET_ANY; -+ ENGINE_load_gost; -+ WHIRLPOOL_BitUpdate; -+ ASN1_PCTX_get_flags; -+ TS_TST_INFO_get_ext_by_NID; -+ TS_RESP_new; -+ ESS_CERT_ID_dup; -+ TS_STATUS_INFO_dup; -+ TS_REQ_delete_ext; -+ EVP_DigestVerifyFinal; -+ EVP_PKEY_print_params; -+ i2d_CMS_bio_stream; -+ TS_REQ_get_msg_imprint; -+ OBJ_find_sigid_by_algs; -+ TS_TST_INFO_get_serial; -+ TS_REQ_get_nonce; -+ X509_PUBKEY_set0_param; -+ EVP_PKEY_CTX_set0_keygen_info; -+ DIST_POINT_set_dpname; -+ i2d_ISSUING_DIST_POINT; -+ ASN1_SET_ANY_it; -+ ASN1_SET_ANY_it; -+ EVP_PKEY_CTX_get_data; -+ TS_STATUS_INFO_print_bio; -+ EVP_PKEY_derive_init; -+ d2i_TS_TST_INFO; -+ EVP_PKEY_asn1_add_alias; -+ d2i_TS_RESP_bio; -+ OTHERNAME_cmp; -+ GENERAL_NAME_set0_value; -+ PKCS7_RECIP_INFO_get0_alg; -+ TS_RESP_CTX_new; -+ TS_RESP_set_tst_info; -+ PKCS7_final; -+ EVP_PKEY_base_id; -+ TS_RESP_CTX_set_signer_cert; -+ TS_REQ_set_msg_imprint; -+ EVP_PKEY_CTX_ctrl; -+ TS_CONF_set_digests; -+ d2i_TS_MSG_IMPRINT; -+ EVP_PKEY_meth_set_ctrl; -+ TS_REQ_get_ext_by_NID; -+ PKCS5_pbe_set0_algor; -+ BN_BLINDING_thread_id; -+ TS_ACCURACY_new; -+ X509_CRL_METHOD_free; -+ ASN1_PCTX_get_nm_flags; -+ EVP_PKEY_meth_set_sign; -+ CRYPTO_THREADID_current; -+ EVP_PKEY_decrypt_init; -+ NETSCAPE_X509_free; -+ i2b_PVK_bio; -+ EVP_PKEY_print_private; -+ GENERAL_NAME_get0_value; -+ b2i_PVK_bio; -+ ASN1_UTCTIME_adj; -+ TS_TST_INFO_new; -+ EVP_MD_do_all_sorted; -+ TS_CONF_set_default_engine; -+ TS_ACCURACY_set_seconds; -+ TS_TST_INFO_get_time; -+ PKCS8_pkey_get0; -+ EVP_PKEY_asn1_get0; -+ OBJ_add_sigid; -+ PKCS7_SIGNER_INFO_sign; -+ EVP_PKEY_paramgen_init; -+ EVP_PKEY_sign; -+ OBJ_sigid_free; -+ EVP_PKEY_meth_set_init; -+ d2i_ESS_ISSUER_SERIAL; -+ ISSUING_DIST_POINT_new; -+ ASN1_TIME_adj; -+ TS_OBJ_print_bio; -+ EVP_PKEY_meth_set_verify_recover; -+ EVP_PKEY_meth_set_vrfy_recover; -+ TS_RESP_get_status_info; -+ CMS_stream; -+ EVP_PKEY_CTX_set_cb; -+ PKCS7_to_TS_TST_INFO; -+ ASN1_PCTX_get_oid_flags; -+ TS_TST_INFO_add_ext; -+ EVP_PKEY_meth_set_derive; -+ i2d_TS_RESP_fp; -+ i2d_TS_MSG_IMPRINT_bio; -+ TS_RESP_CTX_set_accuracy; -+ TS_REQ_set_nonce; -+ ESS_CERT_ID_new; -+ ENGINE_pkey_asn1_find_str; -+ TS_REQ_get_ext_count; -+ BUF_reverse; -+ TS_TST_INFO_print_bio; -+ d2i_ISSUING_DIST_POINT; -+ ENGINE_get_pkey_meths; -+ i2b_PrivateKey_bio; -+ i2d_TS_RESP; -+ b2i_PublicKey; -+ TS_VERIFY_CTX_cleanup; -+ TS_STATUS_INFO_free; -+ TS_RESP_verify_token; -+ OBJ_bsearch_ex_; -+ ASN1_bn_print; -+ EVP_PKEY_asn1_get_count; -+ ENGINE_register_pkey_asn1_meths; -+ ASN1_PCTX_set_nm_flags; -+ EVP_DigestVerifyInit; -+ ENGINE_set_default_pkey_meths; -+ TS_TST_INFO_get_policy_id; -+ TS_REQ_get_cert_req; -+ X509_CRL_set_meth_data; -+ PKCS8_pkey_set0; -+ ASN1_STRING_copy; -+ d2i_TS_TST_INFO_fp; -+ X509_CRL_match; -+ EVP_PKEY_asn1_set_private; -+ TS_TST_INFO_get_ext_d2i; -+ TS_RESP_CTX_add_policy; -+ d2i_TS_RESP; -+ TS_CONF_load_certs; -+ TS_TST_INFO_get_msg_imprint; -+ ERR_load_TS_strings; -+ TS_TST_INFO_get_version; -+ EVP_PKEY_CTX_dup; -+ EVP_PKEY_meth_set_verify; -+ i2b_PublicKey_bio; -+ TS_CONF_set_certs; -+ EVP_PKEY_asn1_get0_info; -+ TS_VERIFY_CTX_free; -+ TS_REQ_get_ext_by_critical; -+ TS_RESP_CTX_set_serial_cb; -+ X509_CRL_get_meth_data; -+ TS_RESP_CTX_set_time_cb; -+ TS_MSG_IMPRINT_get_msg; -+ TS_TST_INFO_ext_free; -+ TS_REQ_get_version; -+ TS_REQ_add_ext; -+ EVP_PKEY_CTX_set_app_data; -+ OBJ_bsearch_; -+ EVP_PKEY_meth_set_verifyctx; -+ i2d_PKCS7_bio_stream; -+ CRYPTO_THREADID_set_numeric; -+ PKCS7_sign_add_signer; -+ d2i_TS_TST_INFO_bio; -+ TS_TST_INFO_get_ordering; -+ TS_RESP_print_bio; -+ TS_TST_INFO_get_exts; -+ HMAC_CTX_copy; -+ PKCS5_pbe2_set_iv; -+ ENGINE_get_pkey_asn1_meths; -+ b2i_PrivateKey; -+ EVP_PKEY_CTX_get_app_data; -+ TS_REQ_set_cert_req; -+ CRYPTO_THREADID_set_callback; -+ TS_CONF_set_serial; -+ TS_TST_INFO_free; -+ d2i_TS_REQ_fp; -+ TS_RESP_verify_response; -+ i2d_ESS_ISSUER_SERIAL; -+ TS_ACCURACY_get_seconds; -+ EVP_CIPHER_do_all; -+ b2i_PrivateKey_bio; -+ OCSP_CERTID_dup; -+ X509_PUBKEY_get0_param; -+ TS_MSG_IMPRINT_dup; -+ PKCS7_print_ctx; -+ i2d_TS_REQ_bio; -+ EVP_whirlpool; -+ EVP_PKEY_asn1_set_param; -+ EVP_PKEY_meth_set_encrypt; -+ ASN1_PCTX_set_flags; -+ i2d_ESS_CERT_ID; -+ TS_VERIFY_CTX_new; -+ TS_RESP_CTX_set_extension_cb; -+ ENGINE_register_all_pkey_meths; -+ TS_RESP_CTX_set_status_info_cond; -+ TS_RESP_CTX_set_stat_info_cond; -+ EVP_PKEY_verify; -+ WHIRLPOOL_Final; -+ X509_CRL_METHOD_new; -+ EVP_DigestSignFinal; -+ TS_RESP_CTX_set_def_policy; -+ NETSCAPE_X509_it; -+ NETSCAPE_X509_it; -+ TS_RESP_create_response; -+ PKCS7_SIGNER_INFO_get0_algs; -+ TS_TST_INFO_get_nonce; -+ EVP_PKEY_decrypt_old; -+ TS_TST_INFO_set_policy_id; -+ TS_CONF_set_ess_cert_id_chain; -+ EVP_PKEY_CTX_get0_pkey; -+ d2i_TS_REQ; -+ EVP_PKEY_asn1_find_str; -+ BIO_f_asn1; -+ ESS_SIGNING_CERT_new; -+ EVP_PBE_find; -+ X509_CRL_get0_by_cert; -+ EVP_PKEY_derive; -+ i2d_TS_REQ; -+ TS_TST_INFO_delete_ext; -+ ESS_ISSUER_SERIAL_free; -+ ASN1_PCTX_set_str_flags; -+ ENGINE_get_pkey_asn1_meth_str; -+ TS_CONF_set_signer_key; -+ TS_ACCURACY_get_millis; -+ TS_RESP_get_token; -+ TS_ACCURACY_dup; -+ ENGINE_register_all_pkey_asn1_meths; -+ ENGINE_reg_all_pkey_asn1_meths; -+ X509_CRL_set_default_method; -+ CRYPTO_THREADID_hash; -+ CMS_ContentInfo_print_ctx; -+ TS_RESP_free; -+ ISSUING_DIST_POINT_free; -+ ESS_ISSUER_SERIAL_new; -+ CMS_add1_crl; -+ PKCS7_add1_attrib_digest; -+ TS_RESP_CTX_add_md; -+ TS_TST_INFO_dup; -+ ENGINE_set_pkey_asn1_meths; -+ PEM_write_bio_Parameters; -+ TS_TST_INFO_get_accuracy; -+ X509_CRL_get0_by_serial; -+ TS_TST_INFO_set_version; -+ TS_RESP_CTX_get_tst_info; -+ TS_RESP_verify_signature; -+ CRYPTO_THREADID_get_callback; -+ TS_TST_INFO_get_tsa; -+ TS_STATUS_INFO_new; -+ EVP_PKEY_CTX_get_cb; -+ TS_REQ_get_ext_d2i; -+ GENERAL_NAME_set0_othername; -+ TS_TST_INFO_get_ext_count; -+ TS_RESP_CTX_get_request; -+ i2d_NETSCAPE_X509; -+ ENGINE_get_pkey_meth_engine; -+ EVP_PKEY_meth_set_signctx; -+ EVP_PKEY_asn1_copy; -+ ASN1_TYPE_cmp; -+ EVP_CIPHER_do_all_sorted; -+ EVP_PKEY_CTX_free; -+ ISSUING_DIST_POINT_it; -+ ISSUING_DIST_POINT_it; -+ d2i_TS_MSG_IMPRINT_fp; -+ X509_STORE_get1_certs; -+ EVP_PKEY_CTX_get_operation; -+ d2i_ESS_SIGNING_CERT; -+ TS_CONF_set_ordering; -+ EVP_PBE_alg_add_type; -+ TS_REQ_set_version; -+ EVP_PKEY_get0; -+ BIO_asn1_set_suffix; -+ i2d_TS_STATUS_INFO; -+ EVP_MD_do_all; -+ TS_TST_INFO_set_accuracy; -+ PKCS7_add_attrib_content_type; -+ ERR_remove_thread_state; -+ EVP_PKEY_meth_add0; -+ TS_TST_INFO_set_tsa; -+ EVP_PKEY_meth_new; -+ WHIRLPOOL_Update; -+ TS_CONF_set_accuracy; -+ ASN1_PCTX_set_oid_flags; -+ ESS_SIGNING_CERT_dup; -+ d2i_TS_REQ_bio; -+ X509_time_adj_ex; -+ TS_RESP_CTX_add_flags; -+ d2i_TS_STATUS_INFO; -+ TS_MSG_IMPRINT_set_msg; -+ BIO_asn1_get_suffix; -+ TS_REQ_free; -+ EVP_PKEY_meth_free; -+ TS_REQ_get_exts; -+ TS_RESP_CTX_set_clock_precision_digits; -+ TS_RESP_CTX_set_clk_prec_digits; -+ TS_RESP_CTX_add_failure_info; -+ i2d_TS_RESP_bio; -+ EVP_PKEY_CTX_get0_peerkey; -+ PEM_write_bio_CMS_stream; -+ TS_REQ_new; -+ TS_MSG_IMPRINT_new; -+ EVP_PKEY_meth_find; -+ EVP_PKEY_id; -+ TS_TST_INFO_set_serial; -+ a2i_GENERAL_NAME; -+ TS_CONF_set_crypto_device; -+ EVP_PKEY_verify_init; -+ TS_CONF_set_policies; -+ ASN1_PCTX_new; -+ ESS_CERT_ID_free; -+ ENGINE_unregister_pkey_meths; -+ TS_MSG_IMPRINT_free; -+ TS_VERIFY_CTX_init; -+ PKCS7_stream; -+ TS_RESP_CTX_set_certs; -+ TS_CONF_set_def_policy; -+ ASN1_GENERALIZEDTIME_adj; -+ NETSCAPE_X509_new; -+ TS_ACCURACY_free; -+ TS_RESP_get_tst_info; -+ EVP_PKEY_derive_set_peer; -+ PEM_read_bio_Parameters; -+ TS_CONF_set_clock_precision_digits; -+ TS_CONF_set_clk_prec_digits; -+ ESS_ISSUER_SERIAL_dup; -+ TS_ACCURACY_get_micros; -+ ASN1_PCTX_get_str_flags; -+ NAME_CONSTRAINTS_check; -+ ASN1_BIT_STRING_check; -+ X509_check_akid; -+ ENGINE_unregister_pkey_asn1_meths; -+ ENGINE_unreg_pkey_asn1_meths; -+ ASN1_PCTX_free; -+ PEM_write_bio_ASN1_stream; -+ i2d_ASN1_bio_stream; -+ TS_X509_ALGOR_print_bio; -+ EVP_PKEY_meth_set_cleanup; -+ EVP_PKEY_asn1_free; -+ ESS_SIGNING_CERT_free; -+ TS_TST_INFO_set_msg_imprint; -+ GENERAL_NAME_cmp; -+ d2i_ASN1_SET_ANY; -+ ENGINE_set_pkey_meths; -+ i2d_TS_REQ_fp; -+ d2i_ASN1_SEQUENCE_ANY; -+ GENERAL_NAME_get0_otherName; -+ d2i_ESS_CERT_ID; -+ OBJ_find_sigid_algs; -+ EVP_PKEY_meth_set_keygen; -+ PKCS5_PBKDF2_HMAC; -+ EVP_PKEY_paramgen; -+ EVP_PKEY_meth_set_paramgen; -+ BIO_new_PKCS7; -+ EVP_PKEY_verify_recover; -+ TS_ext_print_bio; -+ TS_ASN1_INTEGER_print_bio; -+ check_defer; -+ DSO_pathbyaddr; -+ EVP_PKEY_set_type; -+ TS_ACCURACY_set_micros; -+ TS_REQ_to_TS_VERIFY_CTX; -+ EVP_PKEY_meth_set_copy; -+ ASN1_PCTX_set_cert_flags; -+ TS_TST_INFO_get_ext; -+ EVP_PKEY_asn1_set_ctrl; -+ TS_TST_INFO_get_ext_by_critical; -+ EVP_PKEY_CTX_new_id; -+ TS_REQ_get_ext_by_OBJ; -+ TS_CONF_set_signer_cert; -+ X509_NAME_hash_old; -+ ASN1_TIME_set_string; -+ EVP_MD_flags; -+ TS_RESP_CTX_free; -+ DSAparams_dup; -+ DHparams_dup; -+ OCSP_REQ_CTX_add1_header; -+ OCSP_REQ_CTX_set1_req; -+ X509_STORE_set_verify_cb; -+ X509_STORE_CTX_get0_current_crl; -+ X509_STORE_CTX_get0_parent_ctx; -+ X509_STORE_CTX_get0_current_issuer; -+ X509_STORE_CTX_get0_cur_issuer; -+ X509_issuer_name_hash_old; -+ X509_subject_name_hash_old; -+ EVP_CIPHER_CTX_copy; -+ UI_method_get_prompt_constructor; -+ UI_method_get_prompt_constructr; -+ UI_method_set_prompt_constructor; -+ UI_method_set_prompt_constructr; -+ EVP_read_pw_string_min; -+ CRYPTO_cts128_encrypt; -+ CRYPTO_cts128_decrypt_block; -+ CRYPTO_cfb128_1_encrypt; -+ CRYPTO_cbc128_encrypt; -+ CRYPTO_ctr128_encrypt; -+ CRYPTO_ofb128_encrypt; -+ CRYPTO_cts128_decrypt; -+ CRYPTO_cts128_encrypt_block; -+ CRYPTO_cbc128_decrypt; -+ CRYPTO_cfb128_encrypt; -+ CRYPTO_cfb128_8_encrypt; -+ -+ local: -+ *; -+}; -+ -+ -+OPENSSL_1.0.1 { -+ global: -+ SSL_renegotiate_abbreviated; -+ TLSv1_1_method; -+ TLSv1_1_client_method; -+ TLSv1_1_server_method; -+ SSL_CTX_set_srp_client_pwd_callback; -+ SSL_CTX_set_srp_client_pwd_cb; -+ SSL_get_srp_g; -+ SSL_CTX_set_srp_username_callback; -+ SSL_CTX_set_srp_un_cb; -+ SSL_get_srp_userinfo; -+ SSL_set_srp_server_param; -+ SSL_set_srp_server_param_pw; -+ SSL_get_srp_N; -+ SSL_get_srp_username; -+ SSL_CTX_set_srp_password; -+ SSL_CTX_set_srp_strength; -+ SSL_CTX_set_srp_verify_param_callback; -+ SSL_CTX_set_srp_vfy_param_cb; -+ SSL_CTX_set_srp_cb_arg; -+ SSL_CTX_set_srp_username; -+ SSL_CTX_SRP_CTX_init; -+ SSL_SRP_CTX_init; -+ SRP_Calc_A_param; -+ SRP_generate_server_master_secret; -+ SRP_gen_server_master_secret; -+ SSL_CTX_SRP_CTX_free; -+ SRP_generate_client_master_secret; -+ SRP_gen_client_master_secret; -+ SSL_srp_server_param_with_username; -+ SSL_srp_server_param_with_un; -+ SSL_SRP_CTX_free; -+ SSL_set_debug; -+ SSL_SESSION_get0_peer; -+ TLSv1_2_client_method; -+ SSL_SESSION_set1_id_context; -+ TLSv1_2_server_method; -+ SSL_cache_hit; -+ SSL_get0_kssl_ctx; -+ SSL_set0_kssl_ctx; -+ SSL_set_state; -+ SSL_CIPHER_get_id; -+ TLSv1_2_method; -+ kssl_ctx_get0_client_princ; -+ SSL_export_keying_material; -+ SSL_set_tlsext_use_srtp; -+ SSL_CTX_set_next_protos_advertised_cb; -+ SSL_CTX_set_next_protos_adv_cb; -+ SSL_get0_next_proto_negotiated; -+ SSL_get_selected_srtp_profile; -+ SSL_CTX_set_tlsext_use_srtp; -+ SSL_select_next_proto; -+ SSL_get_srtp_profiles; -+ SSL_CTX_set_next_proto_select_cb; -+ SSL_CTX_set_next_proto_sel_cb; -+ SSL_SESSION_get_compress_id; -+ -+ SRP_VBASE_get_by_user; -+ SRP_Calc_server_key; -+ SRP_create_verifier; -+ SRP_create_verifier_BN; -+ SRP_Calc_u; -+ SRP_VBASE_free; -+ SRP_Calc_client_key; -+ SRP_get_default_gN; -+ SRP_Calc_x; -+ SRP_Calc_B; -+ SRP_VBASE_new; -+ SRP_check_known_gN_param; -+ SRP_Calc_A; -+ SRP_Verify_A_mod_N; -+ SRP_VBASE_init; -+ SRP_Verify_B_mod_N; -+ EC_KEY_set_public_key_affine_coordinates; -+ EC_KEY_set_pub_key_aff_coords; -+ EVP_aes_192_ctr; -+ EVP_PKEY_meth_get0_info; -+ EVP_PKEY_meth_copy; -+ ERR_add_error_vdata; -+ EVP_aes_128_ctr; -+ EVP_aes_256_ctr; -+ EC_GFp_nistp224_method; -+ EC_KEY_get_flags; -+ RSA_padding_add_PKCS1_PSS_mgf1; -+ EVP_aes_128_xts; -+ EVP_aes_256_xts; -+ EVP_aes_128_gcm; -+ EC_KEY_clear_flags; -+ EC_KEY_set_flags; -+ EVP_aes_256_ccm; -+ RSA_verify_PKCS1_PSS_mgf1; -+ EVP_aes_128_ccm; -+ EVP_aes_192_gcm; -+ X509_ALGOR_set_md; -+ RAND_init_fips; -+ EVP_aes_256_gcm; -+ EVP_aes_192_ccm; -+ CMAC_CTX_copy; -+ CMAC_CTX_free; -+ CMAC_CTX_get0_cipher_ctx; -+ CMAC_CTX_cleanup; -+ CMAC_Init; -+ CMAC_Update; -+ CMAC_resume; -+ CMAC_CTX_new; -+ CMAC_Final; -+ CRYPTO_ctr128_encrypt_ctr32; -+ CRYPTO_gcm128_release; -+ CRYPTO_ccm128_decrypt_ccm64; -+ CRYPTO_ccm128_encrypt; -+ CRYPTO_gcm128_encrypt; -+ CRYPTO_xts128_encrypt; -+ EVP_rc4_hmac_md5; -+ CRYPTO_nistcts128_decrypt_block; -+ CRYPTO_gcm128_setiv; -+ CRYPTO_nistcts128_encrypt; -+ EVP_aes_128_cbc_hmac_sha1; -+ CRYPTO_gcm128_tag; -+ CRYPTO_ccm128_encrypt_ccm64; -+ ENGINE_load_rdrand; -+ CRYPTO_ccm128_setiv; -+ CRYPTO_nistcts128_encrypt_block; -+ CRYPTO_gcm128_aad; -+ CRYPTO_ccm128_init; -+ CRYPTO_nistcts128_decrypt; -+ CRYPTO_gcm128_new; -+ CRYPTO_ccm128_tag; -+ CRYPTO_ccm128_decrypt; -+ CRYPTO_ccm128_aad; -+ CRYPTO_gcm128_init; -+ CRYPTO_gcm128_decrypt; -+ ENGINE_load_rsax; -+ CRYPTO_gcm128_decrypt_ctr32; -+ CRYPTO_gcm128_encrypt_ctr32; -+ CRYPTO_gcm128_finish; -+ EVP_aes_256_cbc_hmac_sha1; -+ PKCS5_pbkdf2_set; -+ CMS_add0_recipient_password; -+ CMS_decrypt_set1_password; -+ CMS_RecipientInfo_set0_password; -+ RAND_set_fips_drbg_type; -+ X509_REQ_sign_ctx; -+ RSA_PSS_PARAMS_new; -+ X509_CRL_sign_ctx; -+ X509_signature_dump; -+ d2i_RSA_PSS_PARAMS; -+ RSA_PSS_PARAMS_it; -+ RSA_PSS_PARAMS_it; -+ RSA_PSS_PARAMS_free; -+ X509_sign_ctx; -+ i2d_RSA_PSS_PARAMS; -+ ASN1_item_sign_ctx; -+ EC_GFp_nistp521_method; -+ EC_GFp_nistp256_method; -+ OPENSSL_stderr; -+ OPENSSL_cpuid_setup; -+ OPENSSL_showfatal; -+ BIO_new_dgram_sctp; -+ BIO_dgram_sctp_msg_waiting; -+ BIO_dgram_sctp_wait_for_dry; -+ BIO_s_datagram_sctp; -+ BIO_dgram_is_sctp; -+ BIO_dgram_sctp_notification_cb; -+} OPENSSL_1.0.0; -+ -Index: openssl-1.0.1/engines/openssl.ld -=================================================================== ---- /dev/null 1970-01-01 00:00:00.000000000 +0000 -+++ openssl-1.0.1/engines/openssl.ld 2012-03-17 11:25:15.000000000 +0000 -@@ -0,0 +1,10 @@ -+OPENSSL_1.0.0 { -+ global: -+ bind_engine; -+ v_check; -+ OPENSSL_init; -+ OPENSSL_finish; -+ local: -+ *; -+}; -+ -Index: openssl-1.0.1/engines/ccgost/openssl.ld -=================================================================== ---- /dev/null 1970-01-01 00:00:00.000000000 +0000 -+++ openssl-1.0.1/engines/ccgost/openssl.ld 2012-03-17 11:25:15.000000000 +0000 -@@ -0,0 +1,10 @@ -+OPENSSL_1.0.0 { -+ global: -+ bind_engine; -+ v_check; -+ OPENSSL_init; -+ OPENSSL_finish; -+ local: -+ *; -+}; -+ - -- cgit v1.2.3