openssl: Security fix Drown via 1.0.2g update

CVE-2016-0800
CVE-2016-0705
CVE-2016-0798
CVE-2016-0797
CVE-2016-0799
CVE-2016-0702
CVE-2016-0703
CVE-2016-0704

https://www.openssl.org/news/secadv/20160301.txt

Updated 2 debian patches to match changes in 1.0.2g

Signed-off-by: Armin Kuster <akuster@mvista.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>

3 files changed, 4668 insertions, 11 deletions

diff --git a/meta/recipes-connectivity/openssl/openssl/debian1.0.2/block_diginotar.patch b/meta/recipes-connectivity/openssl/openssl/debian1.0.2/block_diginotar.patch
index 0c1a0b651f..d81e22cd8d 100644
--- a/meta/recipes-connectivity/openssl/openssl/debian1.0.2/block_diginotar.patch
+++ b/meta/recipes-connectivity/openssl/openssl/debian1.0.2/block_diginotar.patch
@@ -9,14 +9,15 @@ Reviewed-by: Kurt Roeckx <kurt@roeckx.be>
 Reviewed-by: Dr Stephen N Henson <shenson@drh-consultancy.co.uk>
 
 This is not meant as final patch.  
- 
+
 Upstream-Status: Backport [debian]
 
+Signed-off-by: Armin Kuster <akuster@mvista.com>
 
-Index: openssl-1.0.2/crypto/x509/x509_vfy.c
+Index: openssl-1.0.2g/crypto/x509/x509_vfy.c
 ===================================================================
---- openssl-1.0.2.orig/crypto/x509/x509_vfy.c
-+++ openssl-1.0.2/crypto/x509/x509_vfy.c
+--- openssl-1.0.2g.orig/crypto/x509/x509_vfy.c
++++ openssl-1.0.2g/crypto/x509/x509_vfy.c
 @@ -119,6 +119,7 @@ static int check_trust(X509_STORE_CTX *c
  static int check_revocation(X509_STORE_CTX *ctx);
  static int check_cert(X509_STORE_CTX *ctx);
@@ -25,17 +26,17 @@ Index: openssl-1.0.2/crypto/x509/x509_vfy.c
  
  static int get_crl_score(X509_STORE_CTX *ctx, X509 **pissuer,
                           unsigned int *preasons, X509_CRL *crl, X509 *x);
-@@ -438,6 +439,9 @@ int X509_verify_cert(X509_STORE_CTX *ctx
+@@ -489,6 +490,9 @@ int X509_verify_cert(X509_STORE_CTX *ctx
      if (!ok)
-         goto end;
+         goto err;
  
 +	ok = check_ca_blacklist(ctx);
-+	if(!ok) goto end;
++	if(!ok) goto err;
 +
  #ifndef OPENSSL_NO_RFC3779
      /* RFC 3779 path validation, now that CRL check has been done */
      ok = v3_asid_validate_path(ctx);
-@@ -938,6 +942,29 @@ static int check_crl_time(X509_STORE_CTX
+@@ -996,6 +1000,29 @@ static int check_crl_time(X509_STORE_CTX
      return 1;
  }
  
diff --git a/meta/recipes-connectivity/openssl/openssl/debian1.0.2/version-script.patch b/meta/recipes-connectivity/openssl/openssl/debian1.0.2/version-script.patch
new file mode 100644
index 0000000000..29f11a288e
--- /dev/null
+++ b/meta/recipes-connectivity/openssl/openssl/debian1.0.2/version-script.patch
@@ -0,0 +1,4656 @@
+Index: openssl-1.0.2~beta1.obsolete.0.0498436515490575/Configure
+===================================================================
+--- openssl-1.0.2~beta1.obsolete.0.0498436515490575.orig/Configure	2014-02-24 21:02:30.000000000 +0100
++++ openssl-1.0.2~beta1.obsolete.0.0498436515490575/Configure	2014-02-24 21:02:30.000000000 +0100
+@@ -1651,6 +1651,8 @@
+ 		}
+ 	}
+ 
++$shared_ldflag .= " -Wl,--version-script=openssl.ld";
++
+ open(IN,'<Makefile.org') || die "unable to read Makefile.org:$!\n";
+ unlink("$Makefile.new") || die "unable to remove old $Makefile.new:$!\n" if -e "$Makefile.new";
+ open(OUT,">$Makefile.new") || die "unable to create $Makefile.new:$!\n";
+Index: openssl-1.0.2~beta1.obsolete.0.0498436515490575/openssl.ld
+===================================================================
+--- /dev/null	1970-01-01 00:00:00.000000000 +0000
++++ openssl-1.0.2~beta1.obsolete.0.0498436515490575/openssl.ld	2014-02-24 22:19:08.601827266 +0100
+@@ -0,0 +1,4608 @@
++OPENSSL_1.0.2d {
++	global:
++		BIO_f_ssl;
++		BIO_new_buffer_ssl_connect;
++		BIO_new_ssl;
++		BIO_new_ssl_connect;
++		BIO_proxy_ssl_copy_session_id;
++		BIO_ssl_copy_session_id;
++		BIO_ssl_shutdown;
++		d2i_SSL_SESSION;
++		DTLSv1_client_method;
++		DTLSv1_method;
++		DTLSv1_server_method;
++		ERR_load_SSL_strings;
++		i2d_SSL_SESSION;
++		kssl_build_principal_2;
++		kssl_cget_tkt;
++		kssl_check_authent;
++		kssl_ctx_free;
++		kssl_ctx_new;
++		kssl_ctx_setkey;
++		kssl_ctx_setprinc;
++		kssl_ctx_setstring;
++		kssl_ctx_show;
++		kssl_err_set;
++		kssl_krb5_free_data_contents;
++		kssl_sget_tkt;
++		kssl_skip_confound;
++		kssl_validate_times;
++		PEM_read_bio_SSL_SESSION;
++		PEM_read_SSL_SESSION;
++		PEM_write_bio_SSL_SESSION;
++		PEM_write_SSL_SESSION;
++		SSL_accept;
++		SSL_add_client_CA;
++		SSL_add_dir_cert_subjects_to_stack;
++		SSL_add_dir_cert_subjs_to_stk;
++		SSL_add_file_cert_subjects_to_stack;
++		SSL_add_file_cert_subjs_to_stk;
++		SSL_alert_desc_string;
++		SSL_alert_desc_string_long;
++		SSL_alert_type_string;
++		SSL_alert_type_string_long;
++		SSL_callback_ctrl;
++		SSL_check_private_key;
++		SSL_CIPHER_description;
++		SSL_CIPHER_get_bits;
++		SSL_CIPHER_get_name;
++		SSL_CIPHER_get_version;
++		SSL_clear;
++		SSL_COMP_add_compression_method;
++		SSL_COMP_get_compression_methods;
++		SSL_COMP_get_compress_methods;
++		SSL_COMP_get_name;
++		SSL_connect;
++		SSL_copy_session_id;
++		SSL_ctrl;
++		SSL_CTX_add_client_CA;
++		SSL_CTX_add_session;
++		SSL_CTX_callback_ctrl;
++		SSL_CTX_check_private_key;
++		SSL_CTX_ctrl;
++		SSL_CTX_flush_sessions;
++		SSL_CTX_free;
++		SSL_CTX_get_cert_store;
++		SSL_CTX_get_client_CA_list;
++		SSL_CTX_get_client_cert_cb;
++		SSL_CTX_get_ex_data;
++		SSL_CTX_get_ex_new_index;
++		SSL_CTX_get_info_callback;
++		SSL_CTX_get_quiet_shutdown;
++		SSL_CTX_get_timeout;
++		SSL_CTX_get_verify_callback;
++		SSL_CTX_get_verify_depth;
++		SSL_CTX_get_verify_mode;
++		SSL_CTX_load_verify_locations;
++		SSL_CTX_new;
++		SSL_CTX_remove_session;
++		SSL_CTX_sess_get_get_cb;
++		SSL_CTX_sess_get_new_cb;
++		SSL_CTX_sess_get_remove_cb;
++		SSL_CTX_sessions;
++		SSL_CTX_sess_set_get_cb;
++		SSL_CTX_sess_set_new_cb;
++		SSL_CTX_sess_set_remove_cb;
++		SSL_CTX_set1_param;
++		SSL_CTX_set_cert_store;
++		SSL_CTX_set_cert_verify_callback;
++		SSL_CTX_set_cert_verify_cb;
++		SSL_CTX_set_cipher_list;
++		SSL_CTX_set_client_CA_list;
++		SSL_CTX_set_client_cert_cb;
++		SSL_CTX_set_client_cert_engine;
++		SSL_CTX_set_cookie_generate_cb;
++		SSL_CTX_set_cookie_verify_cb;
++		SSL_CTX_set_default_passwd_cb;
++		SSL_CTX_set_default_passwd_cb_userdata;
++		SSL_CTX_set_default_verify_paths;
++		SSL_CTX_set_def_passwd_cb_ud;
++		SSL_CTX_set_def_verify_paths;
++		SSL_CTX_set_ex_data;
++		SSL_CTX_set_generate_session_id;
++		SSL_CTX_set_info_callback;
++		SSL_CTX_set_msg_callback;
++		SSL_CTX_set_psk_client_callback;
++		SSL_CTX_set_psk_server_callback;
++		SSL_CTX_set_purpose;
++		SSL_CTX_set_quiet_shutdown;
++		SSL_CTX_set_session_id_context;
++		SSL_CTX_set_ssl_version;
++		SSL_CTX_set_timeout;
++		SSL_CTX_set_tmp_dh_callback;
++		SSL_CTX_set_tmp_ecdh_callback;
++		SSL_CTX_set_tmp_rsa_callback;
++		SSL_CTX_set_trust;
++		SSL_CTX_set_verify;
++		SSL_CTX_set_verify_depth;
++		SSL_CTX_use_cert_chain_file;
++		SSL_CTX_use_certificate;
++		SSL_CTX_use_certificate_ASN1;
++		SSL_CTX_use_certificate_chain_file;
++		SSL_CTX_use_certificate_file;
++		SSL_CTX_use_PrivateKey;
++		SSL_CTX_use_PrivateKey_ASN1;
++		SSL_CTX_use_PrivateKey_file;
++		SSL_CTX_use_psk_identity_hint;
++		SSL_CTX_use_RSAPrivateKey;
++		SSL_CTX_use_RSAPrivateKey_ASN1;
++		SSL_CTX_use_RSAPrivateKey_file;
++		SSL_do_handshake;
++		SSL_dup;
++		SSL_dup_CA_list;
++		SSLeay_add_ssl_algorithms;
++		SSL_free;
++		SSL_get1_session;
++		SSL_get_certificate;
++		SSL_get_cipher_list;
++		SSL_get_ciphers;
++		SSL_get_client_CA_list;
++		SSL_get_current_cipher;
++		SSL_get_current_compression;
++		SSL_get_current_expansion;
++		SSL_get_default_timeout;
++		SSL_get_error;
++		SSL_get_ex_data;
++		SSL_get_ex_data_X509_STORE_CTX_idx;
++		SSL_get_ex_d_X509_STORE_CTX_idx;
++		SSL_get_ex_new_index;
++		SSL_get_fd;
++		SSL_get_finished;
++		SSL_get_info_callback;
++		SSL_get_peer_cert_chain;
++		SSL_get_peer_certificate;
++		SSL_get_peer_finished;
++		SSL_get_privatekey;
++		SSL_get_psk_identity;
++		SSL_get_psk_identity_hint;
++		SSL_get_quiet_shutdown;
++		SSL_get_rbio;
++		SSL_get_read_ahead;
++		SSL_get_rfd;
++		SSL_get_servername;
++		SSL_get_servername_type;
++		SSL_get_session;
++		SSL_get_shared_ciphers;
++		SSL_get_shutdown;
++		SSL_get_SSL_CTX;
++		SSL_get_ssl_method;
++		SSL_get_verify_callback;
++		SSL_get_verify_depth;
++		SSL_get_verify_mode;
++		SSL_get_verify_result;
++		SSL_get_version;
++		SSL_get_wbio;
++		SSL_get_wfd;
++		SSL_has_matching_session_id;
++		SSL_library_init;
++		SSL_load_client_CA_file;
++		SSL_load_error_strings;
++		SSL_new;
++		SSL_peek;
++		SSL_pending;
++		SSL_read;
++		SSL_renegotiate;
++		SSL_renegotiate_pending;
++		SSL_rstate_string;
++		SSL_rstate_string_long;
++		SSL_SESSION_cmp;
++		SSL_SESSION_free;
++		SSL_SESSION_get_ex_data;
++		SSL_SESSION_get_ex_new_index;
++		SSL_SESSION_get_id;
++		SSL_SESSION_get_time;
++		SSL_SESSION_get_timeout;
++		SSL_SESSION_hash;
++		SSL_SESSION_new;
++		SSL_SESSION_print;
++		SSL_SESSION_print_fp;
++		SSL_SESSION_set_ex_data;
++		SSL_SESSION_set_time;
++		SSL_SESSION_set_timeout;
++		SSL_set1_param;
++		SSL_set_accept_state;
++		SSL_set_bio;
++		SSL_set_cipher_list;
++		SSL_set_client_CA_list;
++		SSL_set_connect_state;
++		SSL_set_ex_data;
++		SSL_set_fd;
++		SSL_set_generate_session_id;
++		SSL_set_info_callback;
++		SSL_set_msg_callback;
++		SSL_set_psk_client_callback;
++		SSL_set_psk_server_callback;
++		SSL_set_purpose;
++		SSL_set_quiet_shutdown;
++		SSL_set_read_ahead;
++		SSL_set_rfd;
++		SSL_set_session;
++		SSL_set_session_id_context;
++		SSL_set_session_secret_cb;
++		SSL_set_session_ticket_ext;
++		SSL_set_session_ticket_ext_cb;
++		SSL_set_shutdown;
++		SSL_set_SSL_CTX;
++		SSL_set_ssl_method;
++		SSL_set_tmp_dh_callback;
++		SSL_set_tmp_ecdh_callback;
++		SSL_set_tmp_rsa_callback;
++		SSL_set_trust;
++		SSL_set_verify;
++		SSL_set_verify_depth;
++		SSL_set_verify_result;
++		SSL_set_wfd;
++		SSL_shutdown;
++		SSL_state;
++		SSL_state_string;
++		SSL_state_string_long;
++		SSL_use_certificate;
++		SSL_use_certificate_ASN1;
++		SSL_use_certificate_file;
++		SSL_use_PrivateKey;
++		SSL_use_PrivateKey_ASN1;
++		SSL_use_PrivateKey_file;
++		SSL_use_psk_identity_hint;
++		SSL_use_RSAPrivateKey;
++		SSL_use_RSAPrivateKey_ASN1;
++		SSL_use_RSAPrivateKey_file;
++		SSLv23_client_method;
++		SSLv23_method;
++		SSLv23_server_method;
++		SSLv2_client_method;
++		SSLv2_method;
++		SSLv2_server_method;
++		SSLv3_client_method;
++		SSLv3_method;
++		SSLv3_server_method;
++		SSL_version;
++		SSL_want;
++		SSL_write;
++		TLSv1_client_method;
++		TLSv1_method;
++		TLSv1_server_method;
++
++
++		SSLeay;
++		SSLeay_version;
++		ASN1_BIT_STRING_asn1_meth;
++		ASN1_HEADER_free;
++		ASN1_HEADER_new;
++		ASN1_IA5STRING_asn1_meth;
++		ASN1_INTEGER_get;
++		ASN1_INTEGER_set;
++		ASN1_INTEGER_to_BN;
++		ASN1_OBJECT_create;
++		ASN1_OBJECT_free;
++		ASN1_OBJECT_new;
++		ASN1_PRINTABLE_type;
++		ASN1_STRING_cmp;
++		ASN1_STRING_dup;
++		ASN1_STRING_free;
++		ASN1_STRING_new;
++		ASN1_STRING_print;
++		ASN1_STRING_set;
++		ASN1_STRING_type_new;
++		ASN1_TYPE_free;
++		ASN1_TYPE_new;
++		ASN1_UNIVERSALSTRING_to_string;
++		ASN1_UTCTIME_check;
++		ASN1_UTCTIME_print;
++		ASN1_UTCTIME_set;
++		ASN1_check_infinite_end;
++		ASN1_d2i_bio;
++		ASN1_d2i_fp;
++		ASN1_digest;
++		ASN1_dup;
++		ASN1_get_object;
++		ASN1_i2d_bio;
++		ASN1_i2d_fp;
++		ASN1_object_size;
++		ASN1_parse;
++		ASN1_put_object;
++		ASN1_sign;
++		ASN1_verify;
++		BF_cbc_encrypt;
++		BF_cfb64_encrypt;
++		BF_ecb_encrypt;
++		BF_encrypt;
++		BF_ofb64_encrypt;
++		BF_options;
++		BF_set_key;
++		BIO_CONNECT_free;
++		BIO_CONNECT_new;
++		BIO_accept;
++		BIO_ctrl;
++		BIO_int_ctrl;
++		BIO_debug_callback;
++		BIO_dump;
++		BIO_dup_chain;
++		BIO_f_base64;
++		BIO_f_buffer;
++		BIO_f_cipher;
++		BIO_f_md;
++		BIO_f_null;
++		BIO_f_proxy_server;
++		BIO_fd_non_fatal_error;
++		BIO_fd_should_retry;
++		BIO_find_type;
++		BIO_free;
++		BIO_free_all;
++		BIO_get_accept_socket;
++		BIO_get_filter_bio;
++		BIO_get_host_ip;
++		BIO_get_port;
++		BIO_get_retry_BIO;
++		BIO_get_retry_reason;
++		BIO_gethostbyname;
++		BIO_gets;
++		BIO_new;
++		BIO_new_accept;
++		BIO_new_connect;
++		BIO_new_fd;
++		BIO_new_file;
++		BIO_new_fp;
++		BIO_new_socket;
++		BIO_pop;
++		BIO_printf;
++		BIO_push;
++		BIO_puts;
++		BIO_read;
++		BIO_s_accept;
++		BIO_s_connect;
++		BIO_s_fd;
++		BIO_s_file;
++		BIO_s_mem;
++		BIO_s_null;
++		BIO_s_proxy_client;
++		BIO_s_socket;
++		BIO_set;
++		BIO_set_cipher;
++		BIO_set_tcp_ndelay;
++		BIO_sock_cleanup;
++		BIO_sock_error;
++		BIO_sock_init;
++		BIO_sock_non_fatal_error;
++		BIO_sock_should_retry;
++		BIO_socket_ioctl;
++		BIO_write;
++		BN_CTX_free;
++		BN_CTX_new;
++		BN_MONT_CTX_free;
++		BN_MONT_CTX_new;
++		BN_MONT_CTX_set;
++		BN_add;
++		BN_add_word;
++		BN_hex2bn;
++		BN_bin2bn;
++		BN_bn2hex;
++		BN_bn2bin;
++		BN_clear;
++		BN_clear_bit;
++		BN_clear_free;
++		BN_cmp;
++		BN_copy;
++		BN_div;
++		BN_div_word;
++		BN_dup;
++		BN_free;
++		BN_from_montgomery;
++		BN_gcd;
++		BN_generate_prime;
++		BN_get_word;
++		BN_is_bit_set;
++		BN_is_prime;
++		BN_lshift;
++		BN_lshift1;
++		BN_mask_bits;
++		BN_mod;
++		BN_mod_exp;
++		BN_mod_exp_mont;
++		BN_mod_exp_simple;
++		BN_mod_inverse;
++		BN_mod_mul;
++		BN_mod_mul_montgomery;
++		BN_mod_word;
++		BN_mul;
++		BN_new;
++		BN_num_bits;
++		BN_num_bits_word;
++		BN_options;
++		BN_print;
++		BN_print_fp;
++		BN_rand;
++		BN_reciprocal;
++		BN_rshift;
++		BN_rshift1;
++		BN_set_bit;
++		BN_set_word;
++		BN_sqr;
++		BN_sub;
++		BN_to_ASN1_INTEGER;
++		BN_ucmp;
++		BN_value_one;
++		BUF_MEM_free;
++		BUF_MEM_grow;
++		BUF_MEM_new;
++		BUF_strdup;
++		CONF_free;
++		CONF_get_number;
++		CONF_get_section;
++		CONF_get_string;
++		CONF_load;
++		CRYPTO_add_lock;
++		CRYPTO_dbg_free;
++		CRYPTO_dbg_malloc;
++		CRYPTO_dbg_realloc;
++		CRYPTO_dbg_remalloc;
++		CRYPTO_free;
++		CRYPTO_get_add_lock_callback;
++		CRYPTO_get_id_callback;
++		CRYPTO_get_lock_name;
++		CRYPTO_get_locking_callback;
++		CRYPTO_get_mem_functions;
++		CRYPTO_lock;
++		CRYPTO_malloc;
++		CRYPTO_mem_ctrl;
++		CRYPTO_mem_leaks;
++		CRYPTO_mem_leaks_cb;
++		CRYPTO_mem_leaks_fp;
++		CRYPTO_realloc;
++		CRYPTO_remalloc;
++		CRYPTO_set_add_lock_callback;
++		CRYPTO_set_id_callback;
++		CRYPTO_set_locking_callback;
++		CRYPTO_set_mem_functions;
++		CRYPTO_thread_id;
++		DH_check;
++		DH_compute_key;
++		DH_free;
++		DH_generate_key;
++		DH_generate_parameters;
++		DH_new;
++		DH_size;
++		DHparams_print;
++		DHparams_print_fp;
++		DSA_free;
++		DSA_generate_key;
++		DSA_generate_parameters;
++		DSA_is_prime;
++		DSA_new;
++		DSA_print;
++		DSA_print_fp;
++		DSA_sign;
++		DSA_sign_setup;
++		DSA_size;
++		DSA_verify;
++		DSAparams_print;
++		DSAparams_print_fp;
++		ERR_clear_error;
++		ERR_error_string;
++		ERR_free_strings;
++		ERR_func_error_string;
++		ERR_get_err_state_table;
++		ERR_get_error;
++		ERR_get_error_line;
++		ERR_get_state;
++		ERR_get_string_table;
++		ERR_lib_error_string;
++		ERR_load_ASN1_strings;
++		ERR_load_BIO_strings;
++		ERR_load_BN_strings;
++		ERR_load_BUF_strings;
++		ERR_load_CONF_strings;
++		ERR_load_DH_strings;
++		ERR_load_DSA_strings;
++		ERR_load_ERR_strings;
++		ERR_load_EVP_strings;
++		ERR_load_OBJ_strings;
++		ERR_load_PEM_strings;
++		ERR_load_PROXY_strings;
++		ERR_load_RSA_strings;
++		ERR_load_X509_strings;
++		ERR_load_crypto_strings;
++		ERR_load_strings;
++		ERR_peek_error;
++		ERR_peek_error_line;
++		ERR_print_errors;
++		ERR_print_errors_fp;
++		ERR_put_error;
++		ERR_reason_error_string;
++		ERR_remove_state;
++		EVP_BytesToKey;
++		EVP_CIPHER_CTX_cleanup;
++		EVP_CipherFinal;
++		EVP_CipherInit;
++		EVP_CipherUpdate;
++		EVP_DecodeBlock;
++		EVP_DecodeFinal;
++		EVP_DecodeInit;
++		EVP_DecodeUpdate;
++		EVP_DecryptFinal;
++		EVP_DecryptInit;
++		EVP_DecryptUpdate;
++		EVP_DigestFinal;
++		EVP_DigestInit;
++		EVP_DigestUpdate;
++		EVP_EncodeBlock;
++		EVP_EncodeFinal;
++		EVP_EncodeInit;
++		EVP_EncodeUpdate;
++		EVP_EncryptFinal;
++		EVP_EncryptInit;
++		EVP_EncryptUpdate;
++		EVP_OpenFinal;
++		EVP_OpenInit;
++		EVP_PKEY_assign;
++		EVP_PKEY_copy_parameters;
++		EVP_PKEY_free;
++		EVP_PKEY_missing_parameters;
++		EVP_PKEY_new;
++		EVP_PKEY_save_parameters;
++		EVP_PKEY_size;
++		EVP_PKEY_type;
++		EVP_SealFinal;
++		EVP_SealInit;
++		EVP_SignFinal;
++		EVP_VerifyFinal;
++		EVP_add_alias;
++		EVP_add_cipher;
++		EVP_add_digest;
++		EVP_bf_cbc;
++		EVP_bf_cfb64;
++		EVP_bf_ecb;
++		EVP_bf_ofb;
++		EVP_cleanup;
++		EVP_des_cbc;
++		EVP_des_cfb64;
++		EVP_des_ecb;
++		EVP_des_ede;
++		EVP_des_ede3;
++		EVP_des_ede3_cbc;
++		EVP_des_ede3_cfb64;
++		EVP_des_ede3_ofb;
++		EVP_des_ede_cbc;
++		EVP_des_ede_cfb64;
++		EVP_des_ede_ofb;
++		EVP_des_ofb;
++		EVP_desx_cbc;
++		EVP_dss;
++		EVP_dss1;
++		EVP_enc_null;
++		EVP_get_cipherbyname;
++		EVP_get_digestbyname;
++		EVP_get_pw_prompt;
++		EVP_idea_cbc;
++		EVP_idea_cfb64;
++		EVP_idea_ecb;
++		EVP_idea_ofb;
++		EVP_md2;
++		EVP_md5;
++		EVP_md_null;
++		EVP_rc2_cbc;
++		EVP_rc2_cfb64;
++		EVP_rc2_ecb;
++		EVP_rc2_ofb;
++		EVP_rc4;
++		EVP_read_pw_string;
++		EVP_set_pw_prompt;
++		EVP_sha;
++		EVP_sha1;
++		MD2;
++		MD2_Final;
++		MD2_Init;
++		MD2_Update;
++		MD2_options;
++		MD5;
++		MD5_Final;
++		MD5_Init;
++		MD5_Update;
++		MDC2;
++		MDC2_Final;
++		MDC2_Init;
++		MDC2_Update;
++		NETSCAPE_SPKAC_free;
++		NETSCAPE_SPKAC_new;
++		NETSCAPE_SPKI_free;
++		NETSCAPE_SPKI_new;
++		NETSCAPE_SPKI_sign;
++		NETSCAPE_SPKI_verify;
++		OBJ_add_object;
++		OBJ_bsearch;
++		OBJ_cleanup;
++		OBJ_cmp;
++		OBJ_create;
++		OBJ_dup;
++		OBJ_ln2nid;
++		OBJ_new_nid;
++		OBJ_nid2ln;
++		OBJ_nid2obj;
++		OBJ_nid2sn;
++		OBJ_obj2nid;
++		OBJ_sn2nid;
++		OBJ_txt2nid;
++		PEM_ASN1_read;
++		PEM_ASN1_read_bio;
++		PEM_ASN1_write;
++		PEM_ASN1_write_bio;
++		PEM_SealFinal;
++		PEM_SealInit;
++		PEM_SealUpdate;
++		PEM_SignFinal;
++		PEM_SignInit;
++		PEM_SignUpdate;
++		PEM_X509_INFO_read;
++		PEM_X509_INFO_read_bio;
++		PEM_X509_INFO_write_bio;
++		PEM_dek_info;
++		PEM_do_header;
++		PEM_get_EVP_CIPHER_INFO;
++		PEM_proc_type;
++		PEM_read;
++		PEM_read_DHparams;
++		PEM_read_DSAPrivateKey;
++		PEM_read_DSAparams;
++		PEM_read_PKCS7;
++		PEM_read_PrivateKey;
++		PEM_read_RSAPrivateKey;
++		PEM_read_X509;
++		PEM_read_X509_CRL;
++		PEM_read_X509_REQ;
++		PEM_read_bio;
++		PEM_read_bio_DHparams;
++		PEM_read_bio_DSAPrivateKey;
++		PEM_read_bio_DSAparams;
++		PEM_read_bio_PKCS7;
++		PEM_read_bio_PrivateKey;
++		PEM_read_bio_RSAPrivateKey;
++		PEM_read_bio_X509;
++		PEM_read_bio_X509_CRL;
++		PEM_read_bio_X509_REQ;
++		PEM_write;
++		PEM_write_DHparams;
++		PEM_write_DSAPrivateKey;
++		PEM_write_DSAparams;
++		PEM_write_PKCS7;
++		PEM_write_PrivateKey;
++		PEM_write_RSAPrivateKey;
++		PEM_write_X509;
++		PEM_write_X509_CRL;
++		PEM_write_X509_REQ;
++		PEM_write_bio;
++		PEM_write_bio_DHparams;
++		PEM_write_bio_DSAPrivateKey;
++		PEM_write_bio_DSAparams;
++		PEM_write_bio_PKCS7;
++		PEM_write_bio_PrivateKey;
++		PEM_write_bio_RSAPrivateKey;
++		PEM_write_bio_X509;
++		PEM_write_bio_X509_CRL;
++		PEM_write_bio_X509_REQ;
++		PKCS7_DIGEST_free;
++		PKCS7_DIGEST_new;
++		PKCS7_ENCRYPT_free;
++		PKCS7_ENCRYPT_new;
++		PKCS7_ENC_CONTENT_free;
++		PKCS7_ENC_CONTENT_new;
++		PKCS7_ENVELOPE_free;
++		PKCS7_ENVELOPE_new;
++		PKCS7_ISSUER_AND_SERIAL_digest;
++		PKCS7_ISSUER_AND_SERIAL_free;
++		PKCS7_ISSUER_AND_SERIAL_new;
++		PKCS7_RECIP_INFO_free;
++		PKCS7_RECIP_INFO_new;
++		PKCS7_SIGNED_free;
++		PKCS7_SIGNED_new;
++		PKCS7_SIGNER_INFO_free;
++		PKCS7_SIGNER_INFO_new;
++		PKCS7_SIGN_ENVELOPE_free;
++		PKCS7_SIGN_ENVELOPE_new;
++		PKCS7_dup;
++		PKCS7_free;
++		PKCS7_new;
++		PROXY_ENTRY_add_noproxy;
++		PROXY_ENTRY_clear_noproxy;
++		PROXY_ENTRY_free;
++		PROXY_ENTRY_get_noproxy;
++		PROXY_ENTRY_new;
++		PROXY_ENTRY_set_server;
++		PROXY_add_noproxy;
++		PROXY_add_server;
++		PROXY_check_by_host;
++		PROXY_check_url;
++		PROXY_clear_noproxy;
++		PROXY_free;
++		PROXY_get_noproxy;
++		PROXY_get_proxies;
++		PROXY_get_proxy_entry;
++		PROXY_load_conf;
++		PROXY_new;
++		PROXY_print;
++		RAND_bytes;
++		RAND_cleanup;
++		RAND_file_name;
++		RAND_load_file;
++		RAND_screen;
++		RAND_seed;
++		RAND_write_file;
++		RC2_cbc_encrypt;
++		RC2_cfb64_encrypt;
++		RC2_ecb_encrypt;
++		RC2_encrypt;
++		RC2_ofb64_encrypt;
++		RC2_set_key;
++		RC4;
++		RC4_options;
++		RC4_set_key;
++		RSAPrivateKey_asn1_meth;
++		RSAPrivateKey_dup;
++		RSAPublicKey_dup;
++		RSA_PKCS1_SSLeay;
++		RSA_free;
++		RSA_generate_key;
++		RSA_new;
++		RSA_new_method;
++		RSA_print;
++		RSA_print_fp;
++		RSA_private_decrypt;
++		RSA_private_encrypt;
++		RSA_public_decrypt;
++		RSA_public_encrypt;
++		RSA_set_default_method;
++		RSA_sign;
++		RSA_sign_ASN1_OCTET_STRING;
++		RSA_size;
++		RSA_verify;
++		RSA_verify_ASN1_OCTET_STRING;
++		SHA;
++		SHA1;
++		SHA1_Final;
++		SHA1_Init;
++		SHA1_Update;
++		SHA_Final;
++		SHA_Init;
++		SHA_Update;
++		OpenSSL_add_all_algorithms;
++		OpenSSL_add_all_ciphers;
++		OpenSSL_add_all_digests;
++		TXT_DB_create_index;
++		TXT_DB_free;
++		TXT_DB_get_by_index;
++		TXT_DB_insert;
++		TXT_DB_read;
++		TXT_DB_write;
++		X509_ALGOR_free;
++		X509_ALGOR_new;
++		X509_ATTRIBUTE_free;
++		X509_ATTRIBUTE_new;
++		X509_CINF_free;
++		X509_CINF_new;
++		X509_CRL_INFO_free;
++		X509_CRL_INFO_new;
++		X509_CRL_add_ext;
++		X509_CRL_cmp;
++		X509_CRL_delete_ext;
++		X509_CRL_dup;
++		X509_CRL_free;
++		X509_CRL_get_ext;
++		X509_CRL_get_ext_by_NID;
++		X509_CRL_get_ext_by_OBJ;
++		X509_CRL_get_ext_by_critical;
++		X509_CRL_get_ext_count;
++		X509_CRL_new;
++		X509_CRL_sign;
++		X509_CRL_verify;
++		X509_EXTENSION_create_by_NID;
++		X509_EXTENSION_create_by_OBJ;
++		X509_EXTENSION_dup;
++		X509_EXTENSION_free;
++		X509_EXTENSION_get_critical;
++		X509_EXTENSION_get_data;
++		X509_EXTENSION_get_object;
++		X509_EXTENSION_new;
++		X509_EXTENSION_set_critical;
++		X509_EXTENSION_set_data;
++		X509_EXTENSION_set_object;
++		X509_INFO_free;
++		X509_INFO_new;
++		X509_LOOKUP_by_alias;
++		X509_LOOKUP_by_fingerprint;
++		X509_LOOKUP_by_issuer_serial;
++		X509_LOOKUP_by_subject;
++		X509_LOOKUP_ctrl;
++		X509_LOOKUP_file;
++		X509_LOOKUP_free;
++		X509_LOOKUP_hash_dir;
++		X509_LOOKUP_init;
++		X509_LOOKUP_new;
++		X509_LOOKUP_shutdown;
++		X509_NAME_ENTRY_create_by_NID;
++		X509_NAME_ENTRY_create_by_OBJ;
++		X509_NAME_ENTRY_dup;
++		X509_NAME_ENTRY_free;
++		X509_NAME_ENTRY_get_data;
++		X509_NAME_ENTRY_get_object;
++		X509_NAME_ENTRY_new;
++		X509_NAME_ENTRY_set_data;
++		X509_NAME_ENTRY_set_object;
++		X509_NAME_add_entry;
++		X509_NAME_cmp;
++		X509_NAME_delete_entry;
++		X509_NAME_digest;
++		X509_NAME_dup;
++		X509_NAME_entry_count;
++		X509_NAME_free;
++		X509_NAME_get_entry;
++		X509_NAME_get_index_by_NID;
++		X509_NAME_get_index_by_OBJ;
++		X509_NAME_get_text_by_NID;
++		X509_NAME_get_text_by_OBJ;
++		X509_NAME_hash;
++		X509_NAME_new;
++		X509_NAME_oneline;
++		X509_NAME_print;
++		X509_NAME_set;
++		X509_OBJECT_free_contents;
++		X509_OBJECT_retrieve_by_subject;
++		X509_OBJECT_up_ref_count;
++		X509_PKEY_free;
++		X509_PKEY_new;
++		X509_PUBKEY_free;
++		X509_PUBKEY_get;
++		X509_PUBKEY_new;
++		X509_PUBKEY_set;
++		X509_REQ_INFO_free;
++		X509_REQ_INFO_new;
++		X509_REQ_dup;
++		X509_REQ_free;
++		X509_REQ_get_pubkey;
++		X509_REQ_new;
++		X509_REQ_print;
++		X509_REQ_print_fp;
++		X509_REQ_set_pubkey;
++		X509_REQ_set_subject_name;
++		X509_REQ_set_version;
++		X509_REQ_sign;
++		X509_REQ_to_X509;
++		X509_REQ_verify;
++		X509_REVOKED_add_ext;
++		X509_REVOKED_delete_ext;
++		X509_REVOKED_free;
++		X509_REVOKED_get_ext;
++		X509_REVOKED_get_ext_by_NID;
++		X509_REVOKED_get_ext_by_OBJ;
++		X509_REVOKED_get_ext_by_critical;
++		X509_REVOKED_get_ext_by_critic;
++		X509_REVOKED_get_ext_count;
++		X509_REVOKED_new;
++		X509_SIG_free;
++		X509_SIG_new;
++		X509_STORE_CTX_cleanup;
++		X509_STORE_CTX_init;
++		X509_STORE_add_cert;
++		X509_STORE_add_lookup;
++		X509_STORE_free;
++		X509_STORE_get_by_subject;
++		X509_STORE_load_locations;
++		X509_STORE_new;
++		X509_STORE_set_default_paths;
++		X509_VAL_free;
++		X509_VAL_new;
++		X509_add_ext;
++		X509_asn1_meth;
++		X509_certificate_type;
++		X509_check_private_key;
++		X509_cmp_current_time;
++		X509_delete_ext;
++		X509_digest;
++		X509_dup;
++		X509_free;
++		X509_get_default_cert_area;
++		X509_get_default_cert_dir;
++		X509_get_default_cert_dir_env;
++		X509_get_default_cert_file;
++		X509_get_default_cert_file_env;
++		X509_get_default_private_dir;
++		X509_get_ext;
++		X509_get_ext_by_NID;
++		X509_get_ext_by_OBJ;
++		X509_get_ext_by_critical;
++		X509_get_ext_count;
++		X509_get_issuer_name;
++		X509_get_pubkey;
++		X509_get_pubkey_parameters;
++		X509_get_serialNumber;
++		X509_get_subject_name;
++		X509_gmtime_adj;
++		X509_issuer_and_serial_cmp;
++		X509_issuer_and_serial_hash;
++		X509_issuer_name_cmp;
++		X509_issuer_name_hash;
++		X509_load_cert_file;
++		X509_new;
++		X509_print;
++		X509_print_fp;
++		X509_set_issuer_name;
++		X509_set_notAfter;
++		X509_set_notBefore;
++		X509_set_pubkey;
++		X509_set_serialNumber;
++		X509_set_subject_name;
++		X509_set_version;
++		X509_sign;
++		X509_subject_name_cmp;
++		X509_subject_name_hash;
++		X509_to_X509_REQ;
++		X509_verify;
++		X509_verify_cert;
++		X509_verify_cert_error_string;
++		X509v3_add_ext;
++		X509v3_add_extension;
++		X509v3_add_netscape_extensions;
++		X509v3_add_standard_extensions;
++		X509v3_cleanup_extensions;
++		X509v3_data_type_by_NID;
++		X509v3_data_type_by_OBJ;
++		X509v3_delete_ext;
++		X509v3_get_ext;
++		X509v3_get_ext_by_NID;
++		X509v3_get_ext_by_OBJ;
++		X509v3_get_ext_by_critical;
++		X509v3_get_ext_count;
++		X509v3_pack_string;
++		X509v3_pack_type_by_NID;
++		X509v3_pack_type_by_OBJ;
++		X509v3_unpack_string;
++		_des_crypt;
++		a2d_ASN1_OBJECT;
++		a2i_ASN1_INTEGER;
++		a2i_ASN1_STRING;
++		asn1_Finish;
++		asn1_GetSequence;
++		bn_div_words;
++		bn_expand2;
++		bn_mul_add_words;
++		bn_mul_words;
++		BN_uadd;
++		BN_usub;
++		bn_sqr_words;
++		_ossl_old_crypt;
++		d2i_ASN1_BIT_STRING;
++		d2i_ASN1_BOOLEAN;
++		d2i_ASN1_HEADER;
++		d2i_ASN1_IA5STRING;
++		d2i_ASN1_INTEGER;
++		d2i_ASN1_OBJECT;
++		d2i_ASN1_OCTET_STRING;
++		d2i_ASN1_PRINTABLE;
++		d2i_ASN1_PRINTABLESTRING;
++		d2i_ASN1_SET;
++		d2i_ASN1_T61STRING;
++		d2i_ASN1_TYPE;
++		d2i_ASN1_UTCTIME;
++		d2i_ASN1_bytes;
++		d2i_ASN1_type_bytes;
++		d2i_DHparams;
++		d2i_DSAPrivateKey;
++		d2i_DSAPrivateKey_bio;
++		d2i_DSAPrivateKey_fp;
++		d2i_DSAPublicKey;
++		d2i_DSAparams;
++		d2i_NETSCAPE_SPKAC;
++		d2i_NETSCAPE_SPKI;
++		d2i_Netscape_RSA;
++		d2i_PKCS7;
++		d2i_PKCS7_DIGEST;
++		d2i_PKCS7_ENCRYPT;
++		d2i_PKCS7_ENC_CONTENT;
++		d2i_PKCS7_ENVELOPE;
++		d2i_PKCS7_ISSUER_AND_SERIAL;
++		d2i_PKCS7_RECIP_INFO;
++		d2i_PKCS7_SIGNED;
++		d2i_PKCS7_SIGNER_INFO;
++		d2i_PKCS7_SIGN_ENVELOPE;
++		d2i_PKCS7_bio;
++		d2i_PKCS7_fp;
++		d2i_PrivateKey;
++		d2i_PublicKey;
++		d2i_RSAPrivateKey;
++		d2i_RSAPrivateKey_bio;
++		d2i_RSAPrivateKey_fp;
++		d2i_RSAPublicKey;
++		d2i_X509;
++		d2i_X509_ALGOR;
++		d2i_X509_ATTRIBUTE;
++		d2i_X509_CINF;
++		d2i_X509_CRL;
++		d2i_X509_CRL_INFO;
++		d2i_X509_CRL_bio;
++		d2i_X509_CRL_fp;
++		d2i_X509_EXTENSION;
++		d2i_X509_NAME;
++		d2i_X509_NAME_ENTRY;
++		d2i_X509_PKEY;
++		d2i_X509_PUBKEY;
++		d2i_X509_REQ;
++		d2i_X509_REQ_INFO;
++		d2i_X509_REQ_bio;
++		d2i_X509_REQ_fp;
++		d2i_X509_REVOKED;
++		d2i_X509_SIG;
++		d2i_X509_VAL;
++		d2i_X509_bio;
++		d2i_X509_fp;
++		DES_cbc_cksum;
++		DES_cbc_encrypt;
++		DES_cblock_print_file;
++		DES_cfb64_encrypt;
++		DES_cfb_encrypt;
++		DES_decrypt3;
++		DES_ecb3_encrypt;
++		DES_ecb_encrypt;
++		DES_ede3_cbc_encrypt;
++		DES_ede3_cfb64_encrypt;
++		DES_ede3_ofb64_encrypt;
++		DES_enc_read;
++		DES_enc_write;
++		DES_encrypt1;
++		DES_encrypt2;
++		DES_encrypt3;
++		DES_fcrypt;
++		DES_is_weak_key;
++		DES_key_sched;
++		DES_ncbc_encrypt;
++		DES_ofb64_encrypt;
++		DES_ofb_encrypt;
++		DES_options;
++		DES_pcbc_encrypt;
++		DES_quad_cksum;
++		DES_random_key;
++		_ossl_old_des_random_seed;
++		_ossl_old_des_read_2passwords;
++		_ossl_old_des_read_password;
++		_ossl_old_des_read_pw;
++		_ossl_old_des_read_pw_string;
++		DES_set_key;
++		DES_set_odd_parity;
++		DES_string_to_2keys;
++		DES_string_to_key;
++		DES_xcbc_encrypt;
++		DES_xwhite_in2out;
++		fcrypt_body;
++		i2a_ASN1_INTEGER;
++		i2a_ASN1_OBJECT;
++		i2a_ASN1_STRING;
++		i2d_ASN1_BIT_STRING;
++		i2d_ASN1_BOOLEAN;
++		i2d_ASN1_HEADER;
++		i2d_ASN1_IA5STRING;
++		i2d_ASN1_INTEGER;
++		i2d_ASN1_OBJECT;
++		i2d_ASN1_OCTET_STRING;
++		i2d_ASN1_PRINTABLE;
++		i2d_ASN1_SET;
++		i2d_ASN1_TYPE;
++		i2d_ASN1_UTCTIME;
++		i2d_ASN1_bytes;
++		i2d_DHparams;
++		i2d_DSAPrivateKey;
++		i2d_DSAPrivateKey_bio;
++		i2d_DSAPrivateKey_fp;
++		i2d_DSAPublicKey;
++		i2d_DSAparams;
++		i2d_NETSCAPE_SPKAC;
++		i2d_NETSCAPE_SPKI;
++		i2d_Netscape_RSA;
++		i2d_PKCS7;
++		i2d_PKCS7_DIGEST;
++		i2d_PKCS7_ENCRYPT;
++		i2d_PKCS7_ENC_CONTENT;
++		i2d_PKCS7_ENVELOPE;
++		i2d_PKCS7_ISSUER_AND_SERIAL;
++		i2d_PKCS7_RECIP_INFO;
++		i2d_PKCS7_SIGNED;
++		i2d_PKCS7_SIGNER_INFO;
++		i2d_PKCS7_SIGN_ENVELOPE;
++		i2d_PKCS7_bio;
++		i2d_PKCS7_fp;
++		i2d_PrivateKey;
++		i2d_PublicKey;
++		i2d_RSAPrivateKey;
++		i2d_RSAPrivateKey_bio;
++		i2d_RSAPrivateKey_fp;
++		i2d_RSAPublicKey;
++		i2d_X509;
++		i2d_X509_ALGOR;
++		i2d_X509_ATTRIBUTE;
++		i2d_X509_CINF;
++		i2d_X509_CRL;
++		i2d_X509_CRL_INFO;
++		i2d_X509_CRL_bio;
++		i2d_X509_CRL_fp;
++		i2d_X509_EXTENSION;
++		i2d_X509_NAME;
++		i2d_X509_NAME_ENTRY;
++		i2d_X509_PKEY;
++		i2d_X509_PUBKEY;
++		i2d_X509_REQ;
++		i2d_X509_REQ_INFO;
++		i2d_X509_REQ_bio;
++		i2d_X509_REQ_fp;
++		i2d_X509_REVOKED;
++		i2d_X509_SIG;
++		i2d_X509_VAL;
++		i2d_X509_bio;
++		i2d_X509_fp;
++		idea_cbc_encrypt;
++		idea_cfb64_encrypt;
++		idea_ecb_encrypt;
++		idea_encrypt;
++		idea_ofb64_encrypt;
++		idea_options;
++		idea_set_decrypt_key;
++		idea_set_encrypt_key;
++		lh_delete;
++		lh_doall;