Add OPENSSL_cleanse() to help cleanse memory and avoid certain compiler
authorRichard Levitte <levitte@openssl.org>
Wed, 27 Nov 2002 12:24:05 +0000 (12:24 +0000)
committerRichard Levitte <levitte@openssl.org>
Wed, 27 Nov 2002 12:24:05 +0000 (12:24 +0000)
and linker optimizations.
PR: 343

CHANGES
crypto/Makefile.ssl
crypto/crypto-lib.com
crypto/crypto.h
crypto/mem.c
crypto/mem_clr.c [new file with mode: 0644]
util/libeay.num

diff --git a/CHANGES b/CHANGES
index f5bda1b..2d7c5b5 100644 (file)
--- a/CHANGES
+++ b/CHANGES
@@ -2116,6 +2116,14 @@ des-cbc           3624.96k     5258.21k     5530.91k     5624.30k     5628.26k
 
  Changes between 0.9.6g and 0.9.6h  [xx XXX xxxx]
 
+  *) New function OPENSSL_cleanse(), which is used to cleanse a section of
+     memory from it's contents.  This is done with a counter that will
+     place alternating values in each byte.  This can be used to solve
+     two issues: 1) the removal of calls to memset() by highly optimizing
+     compilers, and 2) cleansing with other values than 0, since those can
+     be read through on certain media, for example a swap space on disk.
+     [Geoff Thorpe]
+
   *) Bugfix: client side session caching did not work with external caching,
      because the session->cipher setting was not restored when reloading
      from the external cache. This problem was masked, when
index 574fd72..061211d 100644 (file)
@@ -36,8 +36,8 @@ GENERAL=Makefile README crypto-lib.com install.com
 
 LIB= $(TOP)/libcrypto.a
 SHARED_LIB= libcrypto$(SHLIB_EXT)
-LIBSRC=        cryptlib.c mem.c mem_dbg.c cversion.c ex_data.c tmdiff.c cpt_err.c ebcdic.c uid.c o_time.c
-LIBOBJ= cryptlib.o mem.o mem_dbg.o cversion.o ex_data.o tmdiff.o cpt_err.o ebcdic.o uid.o o_time.o
+LIBSRC=        cryptlib.c mem.c mem_clr.c mem_dbg.c cversion.c ex_data.c tmdiff.c cpt_err.c ebcdic.c uid.c o_time.c
+LIBOBJ= cryptlib.o mem.o mem_clr.o mem_dbg.o cversion.o ex_data.o tmdiff.o cpt_err.o ebcdic.o uid.o o_time.o
 
 SRC= $(LIBSRC)
 
@@ -193,6 +193,10 @@ mem.o: ../include/openssl/err.h ../include/openssl/lhash.h
 mem.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h
 mem.o: ../include/openssl/safestack.h ../include/openssl/stack.h
 mem.o: ../include/openssl/symhacks.h cryptlib.h mem.c
+mem_clr.o: ../include/openssl/crypto.h ../include/openssl/e_os2.h
+mem_clr.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h
+mem_clr.o: ../include/openssl/safestack.h ../include/openssl/stack.h
+mem_clr.o: ../include/openssl/symhacks.h mem_clr.c
 mem_dbg.o: ../e_os.h ../include/openssl/bio.h ../include/openssl/buffer.h
 mem_dbg.o: ../include/openssl/crypto.h ../include/openssl/e_os2.h
 mem_dbg.o: ../include/openssl/err.h ../include/openssl/lhash.h
index 5d42b2b..ced978c 100644 (file)
@@ -158,7 +158,7 @@ $!
 $ APPS_DES = "DES/DES,CBC3_ENC"
 $ APPS_PKCS7 = "ENC/ENC;DEC/DEC;SIGN/SIGN;VERIFY/VERIFY,EXAMPLE"
 $
-$ LIB_ = "cryptlib,mem,mem_dbg,cversion,ex_data,tmdiff,cpt_err,ebcdic,uid,o_time"
+$ LIB_ = "cryptlib,mem,mem_clr,mem_dbg,cversion,ex_data,tmdiff,cpt_err,ebcdic,uid,o_time"
 $ LIB_MD2 = "md2_dgst,md2_one"
 $ LIB_MD4 = "md4_dgst,md4_one"
 $ LIB_MD5 = "md5_dgst,md5_one"
index d1d2400..4027b43 100644 (file)
@@ -454,6 +454,8 @@ void *CRYPTO_realloc_clean(void *addr,int old_num,int num,const char *file,
                           int line);
 void *CRYPTO_remalloc(void *addr,int num, const char *file, int line);
 
+void OPENSSL_cleanse(void *ptr, size_t len);
+
 void CRYPTO_set_mem_debug_options(long bits);
 long CRYPTO_get_mem_debug_options(void);
 
index 03d2569..46a0069 100644 (file)
@@ -250,6 +250,7 @@ void CRYPTO_get_mem_debug_functions(void (**m)(void *,int,const char *,int,int),
 void *CRYPTO_malloc_locked(int num, const char *file, int line)
        {
        void *ret = NULL;
+       extern unsigned char cleanse_ctr;
 
        allow_customize = 0;
        if (malloc_debug_func != NULL)
@@ -264,6 +265,12 @@ void *CRYPTO_malloc_locked(int num, const char *file, int line)
        if (malloc_debug_func != NULL)
                malloc_debug_func(ret, num, file, line, 1);
 
+        /* Create a dependency on the value of 'cleanse_ctr' so our memory
+         * sanitisation function can't be optimised out. NB: We only do
+         * this for >2Kb so the overhead doesn't bother us. */
+        if(ret && (num > 2048))
+               ((unsigned char *)ret)[0] = cleanse_ctr;
+
        return ret;
        }
 
@@ -282,6 +289,7 @@ void CRYPTO_free_locked(void *str)
 void *CRYPTO_malloc(int num, const char *file, int line)
        {
        void *ret = NULL;
+       extern unsigned char cleanse_ctr;
 
        allow_customize = 0;
        if (malloc_debug_func != NULL)
@@ -296,6 +304,12 @@ void *CRYPTO_malloc(int num, const char *file, int line)
        if (malloc_debug_func != NULL)
                malloc_debug_func(ret, num, file, line, 1);
 
+        /* Create a dependency on the value of 'cleanse_ctr' so our memory
+         * sanitisation function can't be optimised out. NB: We only do
+         * this for >2Kb so the overhead doesn't bother us. */
+        if(ret && (num > 2048))
+                ((unsigned char *)ret)[0] = cleanse_ctr;
+
        return ret;
        }
 
diff --git a/crypto/mem_clr.c b/crypto/mem_clr.c
new file mode 100644 (file)
index 0000000..0b72966
--- /dev/null
@@ -0,0 +1,75 @@
+/* crypto/mem_clr.c -*- mode:C; c-file-style: "eay" -*- */
+/* Written by Geoff Thorpe (geoff@geoffthorpe.net) for the OpenSSL
+ * project 2002.
+ */
+/* ====================================================================
+ * Copyright (c) 2001 The OpenSSL Project.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer. 
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ *    software must display the following acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ *    endorse or promote products derived from this software without
+ *    prior written permission. For written permission, please contact
+ *    openssl-core@openssl.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ *    nor may "OpenSSL" appear in their names without prior written
+ *    permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ *    acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay@cryptsoft.com).  This product includes software written by Tim
+ * Hudson (tjh@cryptsoft.com).
+ *
+ */
+
+#include <string.h>
+#include <openssl/crypto.h>
+
+unsigned char cleanse_ctr = 0;
+
+void OPENSSL_cleanse(void *ptr, size_t len)
+       {
+       unsigned char *p = ptr;
+       size_t loop = len;
+       while(loop--)
+               {
+               *(p++) = cleanse_ctr;
+               cleanse_ctr += (17 + (((unsigned char *)&p)[sizeof(unsigned char *)-1] & 0xF));
+               }
+       if(memchr(ptr, cleanse_ctr, len))
+               cleanse_ctr += 63;
+       }
index 6c4cf64..dc2cedc 100755 (executable)
@@ -2800,190 +2800,191 @@ BUF_strlcat                             3241  EXIST::FUNCTION:
 BIO_indent                              3242   EXIST::FUNCTION:
 BUF_strlcpy                             3243   EXIST::FUNCTION:
 OpenSSLDie                              3244   EXIST::FUNCTION:
-BN_get0_nist_prime_384                  3245   EXIST::FUNCTION:
-ENGINE_register_ECDSA                   3246   EXIST::FUNCTION:
-BN_nist_mod_192                         3247   EXIST::FUNCTION:
-EC_GROUP_get_trinomial_basis            3248   EXIST::FUNCTION:EC
-ECDH_get_default_method                 3249   EXIST::FUNCTION:ECDH
-PKCS12_add_safe                         3250   EXIST::FUNCTION:
-ENGINE_register_ECDH                    3251   EXIST::FUNCTION:
-i2d_ECPrivateKey                        3252   EXIST::FUNCTION:EC
-BN_get0_nist_prime_192                  3253   EXIST::FUNCTION:
-EC_POINT_set_affine_coordinates_GF2m    3254   EXIST:!VMS:FUNCTION:EC
-EC_POINT_set_affine_coords_GF2m         3254   EXIST:VMS:FUNCTION:EC
-BN_GF2m_mod_exp_arr                     3255   EXIST::FUNCTION:
-X509_keyid_get0                         3256   EXIST::FUNCTION:
-EC_GROUP_new_by_nid                     3257   EXIST::FUNCTION:EC
-BN_GF2m_mod_mul_arr                     3258   EXIST::FUNCTION:
-EC_KEY_copy                             3259   EXIST::FUNCTION:EC
-EC_GROUP_check_discriminant             3260   EXIST::FUNCTION:EC
-EC_POINT_point2bn                       3261   EXIST::FUNCTION:EC
-EC_GROUP_new_curve_GF2m                 3262   EXIST::FUNCTION:EC
-EVP_PKEY_get1_EC_KEY                    3263   EXIST::FUNCTION:EC
-ENGINE_get_default_ECDH                 3264   EXIST::FUNCTION:
-ASN1_OCTET_STRING_NDEF_it               3265   EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
-ASN1_OCTET_STRING_NDEF_it               3265   EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
-ENGINE_get_static_state                 3266   EXIST::FUNCTION:
-ECDSA_SIG_new                           3267   EXIST::FUNCTION:ECDSA
-BN_GF2m_mod_sqr                         3268   EXIST::FUNCTION:
-EC_POINT_bn2point                       3269   EXIST::FUNCTION:EC
-EC_GROUP_get_point_conversion_form      3270   EXIST:!VMS:FUNCTION:EC
-EC_GROUP_get_point_conv_form            3270   EXIST:VMS:FUNCTION:EC
-PEM_read_bio_ECPKParameters             3271   EXIST::FUNCTION:EC
-EC_GROUP_get_pentanomial_basis          3272   EXIST::FUNCTION:EC
-EC_GROUP_get_nid                        3273   EXIST::FUNCTION:EC
-ECDSA_sign_setup                        3274   EXIST::FUNCTION:ECDSA
-BN_GF2m_mod_solve_quad_arr              3275   EXIST::FUNCTION:
-EC_KEY_up_ref                           3276   EXIST::FUNCTION:EC
-BN_GF2m_mod_div                         3277   EXIST::FUNCTION:
-EC_KEY_free                             3278   EXIST::FUNCTION:EC
-PEM_write_bio_ECPrivateKey              3279   EXIST::FUNCTION:EC
-d2i_EC_PUBKEY                           3280   EXIST::FUNCTION:EC
-EC_KEY_print_fp                         3281   EXIST::FUNCTION:EC,FP_API
-BN_GF2m_mod_arr                         3282   EXIST::FUNCTION:
-ECDH_get_ex_data                        3283   EXIST::FUNCTION:ECDH
-ECDSA_do_sign                           3284   EXIST::FUNCTION:ECDSA
-ENGINE_unregister_ECDH                  3285   EXIST::FUNCTION:
-ECDH_OpenSSL                            3286   EXIST::FUNCTION:ECDH
-EC_POINT_dup                            3287   EXIST::FUNCTION:EC
-EC_get_builtin_curves                   3288   EXIST::FUNCTION:EC
-EVP_PKEY_set1_EC_KEY                    3289   EXIST::FUNCTION:EC
-BN_GF2m_mod_sqrt_arr                    3290   EXIST::FUNCTION:
-i2d_ECPrivateKey_bio                    3291   EXIST::FUNCTION:BIO,EC
-ECPKParameters_print_fp                 3292   EXIST::FUNCTION:EC,FP_API
-ECDSA_SIG_free                          3293   EXIST::FUNCTION:ECDSA
-PEM_write_bio_ECPKParameters            3294   EXIST::FUNCTION:EC
-EC_GROUP_set_nid                        3295   EXIST::FUNCTION:EC
-PKCS12_add_safes                        3296   EXIST::FUNCTION:
-BN_GF2m_poly2arr                        3297   EXIST::FUNCTION:
-BN_get0_nist_prime_224                  3298   EXIST::FUNCTION:
-i2d_ECParameters                        3299   EXIST::FUNCTION:EC
-i2d_ECPKParameters                      3300   EXIST::FUNCTION:EC
-BN_ncopy                                3301   EXIST::FUNCTION:
-d2i_ECPKParameters                      3302   EXIST::FUNCTION:EC
-ENGINE_set_ECDH                         3303   EXIST::FUNCTION:
-PEM_write_bio_EC_PUBKEY                 3304   EXIST::FUNCTION:EC
-ECParameters_print                      3305   EXIST::FUNCTION:BIO,EC
-ASN1_generate_nconf                     3306   EXIST::FUNCTION:
-BN_GF2m_mod_mul                         3307   EXIST::FUNCTION:
-EC_GROUP_set_seed                       3308   EXIST::FUNCTION:EC
-EC_GROUP_get_curve_GF2m                 3309   EXIST::FUNCTION:EC
-ECPublicKey_set_octet_string            3310   EXIST::FUNCTION:EC
-ECDSA_get_ex_data                       3311   EXIST::FUNCTION:ECDSA
-BN_GF2m_mod                             3312   EXIST::FUNCTION:
-EC_GROUP_get_seed_len                   3313   EXIST::FUNCTION:EC
-PEM_read_bio_EC_PUBKEY                  3314   EXIST::FUNCTION:EC
-i2d_EC_PUBKEY                           3315   EXIST::FUNCTION:EC
-ECDSA_get_default_method                3316   EXIST::FUNCTION:ECDSA
-ASN1_put_eoc                            3317   EXIST::FUNCTION:
-ECDSA_DATA_free                         3318   EXIST::FUNCTION:ECDSA
-EC_METHOD_get_field_type                3319   EXIST::FUNCTION:EC
-EC_GFp_nist_method                      3320   EXIST::FUNCTION:EC
-BN_GF2m_mod_sqr_arr                     3321   EXIST::FUNCTION:
-EC_GROUP_set_curve_GF2m                 3322   EXIST::FUNCTION:EC
-ENGINE_set_default_ECDSA                3323   EXIST::FUNCTION:
-BN_GF2m_mod_sqrt                        3324   EXIST::FUNCTION:
-ECDH_set_default_method                 3325   EXIST::FUNCTION:ECDH
-EC_KEY_generate_key                     3326   EXIST::FUNCTION:EC
-BN_GF2m_arr2poly                        3327   EXIST::FUNCTION:
-ECPublicKey_get_octet_string            3328   EXIST::FUNCTION:EC
-EC_GROUP_check                          3329   EXIST::FUNCTION:EC
-d2i_ECPrivateKey_bio                    3330   EXIST::FUNCTION:BIO,EC
-d2i_ECPrivateKey                        3331   EXIST::FUNCTION:EC
-ASN1_item_ndef_i2d                      3332   EXIST::FUNCTION:
-i2d_PKCS7_NDEF                          3333   EXIST::FUNCTION:
-EC_GROUP_get_degree                     3334   EXIST::FUNCTION:EC
-ASN1_generate_v3                        3335   EXIST::FUNCTION:
-BN_GF2m_add                             3336   EXIST::FUNCTION:
-BN_nist_mod_224                         3337   EXIST::FUNCTION:
-i2d_EC_PUBKEY_bio                       3338   EXIST::FUNCTION:BIO,EC
-EC_GROUP_get_asn1_flag                  3339   EXIST::FUNCTION:EC
-ECDH_get_ex_new_index                   3340   EXIST::FUNCTION:ECDH
-ECDH_size                               3341   EXIST::FUNCTION:ECDH
-BN_GF2m_mod_inv                         3342   EXIST::FUNCTION:
-BN_GF2m_mod_exp                         3343   EXIST::FUNCTION:
-EC_GROUP_get0_seed                      3344   EXIST::FUNCTION:EC
-ecdsa_check                             3345   EXIST::FUNCTION:ECDSA
-BN_GF2m_mod_div_arr                     3346   EXIST::FUNCTION:
-ENGINE_set_ECDSA                        3347   EXIST::FUNCTION:
-ECPKParameters_print                    3348   EXIST::FUNCTION:BIO,EC
-PEM_write_EC_PUBKEY                     3349   EXIST:!WIN16:FUNCTION:EC
-ECDH_set_method                         3350   EXIST::FUNCTION:ECDH
-ECDH_set_ex_data                        3351   EXIST::FUNCTION:ECDH
-BN_nist_mod_521                         3352   EXIST::FUNCTION:
-EC_GROUP_set_point_conversion_form      3353   EXIST:!VMS:FUNCTION:EC
-EC_GROUP_set_point_conv_form            3353   EXIST:VMS:FUNCTION:EC
-PEM_read_EC_PUBKEY                      3354   EXIST:!WIN16:FUNCTION:EC
-i2d_ECDSA_SIG                           3355   EXIST::FUNCTION:ECDSA
-ECDSA_OpenSSL                           3356   EXIST::FUNCTION:ECDSA
-ECDSA_set_default_method                3357   EXIST::FUNCTION:ECDSA
-EC_POINT_set_compressed_coordinates_GF2m 3358  EXIST:!VMS:FUNCTION:EC
-EC_POINT_set_compr_coords_GF2m          3358   EXIST:VMS:FUNCTION:EC
-ECDH_DATA_new_method                    3359   EXIST::FUNCTION:ECDH
-BN_get0_nist_prime_256                  3360   EXIST::FUNCTION:
-PEM_read_ECPrivateKey                   3361   EXIST:!WIN16:FUNCTION:EC
-ERR_load_ECDSA_strings                  3362   EXIST::FUNCTION:ECDSA
-EC_GROUP_get_basis_type                 3363   EXIST::FUNCTION:EC
-ECDH_DATA_new                           3364   EXIST::FUNCTION:ECDH
-BN_nist_mod_384                         3365   EXIST::FUNCTION:
-PEM_write_ECPKParameters                3366   EXIST:!WIN16:FUNCTION:EC
-ECDH_compute_key                        3367   EXIST::FUNCTION:ECDH
-ENGINE_register_all_ECDH                3368   EXIST::FUNCTION:
-BN_GF2m_mod_solve_quad                  3369   EXIST::FUNCTION:
-i2d_ECPrivateKey_fp                     3370   EXIST::FUNCTION:EC,FP_API
-ENGINE_register_all_ECDSA               3371   EXIST::FUNCTION:
-EC_POINT_get_affine_coordinates_GF2m    3372   EXIST:!VMS:FUNCTION:EC
-EC_POINT_get_affine_coords_GF2m         3372   EXIST:VMS:FUNCTION:EC
-EC_GROUP_dup                            3373   EXIST::FUNCTION:EC
-ENGINE_get_default_ECDSA                3374   EXIST::FUNCTION:
-EC_KEY_new                              3375   EXIST::FUNCTION:EC
-ECDSA_verify                            3376   EXIST::FUNCTION:ECDSA
-EC_POINT_point2hex                      3377   EXIST::FUNCTION:EC
-ECDSA_do_verify                         3378   EXIST::FUNCTION:ECDSA
-d2i_ECPrivateKey_fp                     3379   EXIST::FUNCTION:EC,FP_API
-PEM_write_ECPrivateKey                  3380   EXIST:!WIN16:FUNCTION:EC
-PEM_read_ECPKParameters                 3381   EXIST:!WIN16:FUNCTION:EC
-ECParameters_print_fp                   3382   EXIST::FUNCTION:EC,FP_API
-ECDH_DATA_free                          3383   EXIST::FUNCTION:ECDH
-i2d_EC_PUBKEY_fp                        3384   EXIST::FUNCTION:EC,FP_API
-BN_nist_mod_256                         3385   EXIST::FUNCTION:
-ECDSA_DATA_new                          3386   EXIST::FUNCTION:ECDSA
-ECDSA_size                              3387   EXIST::FUNCTION:ECDSA
-d2i_EC_PUBKEY_bio                       3388   EXIST::FUNCTION:BIO,EC
-BN_get0_nist_prime_521                  3389   EXIST::FUNCTION:
-PEM_read_bio_ECPrivateKey               3390   EXIST::FUNCTION:EC
-ENGINE_get_ECDH                         3391   EXIST::FUNCTION:
-d2i_ECDSA_SIG                           3392   EXIST::FUNCTION:ECDSA
-ECDSA_sign                              3393   EXIST::FUNCTION:ECDSA
-ENGINE_get_ECDSA                        3394   EXIST::FUNCTION:
-EVP_ecdsa                               3395   EXIST::FUNCTION:SHA
-PKCS12_add_cert                         3396   EXIST::FUNCTION:
-ERR_load_ECDH_strings                   3397   EXIST::FUNCTION:ECDH
-EC_KEY_dup                              3398   EXIST::FUNCTION:EC
-ECDSA_set_method                        3399   EXIST::FUNCTION:ECDSA
-d2i_ECParameters                        3400   EXIST::FUNCTION:EC
-EC_GF2m_simple_method                   3401   EXIST::FUNCTION:EC
-ECDSA_set_ex_data                       3402   EXIST::FUNCTION:ECDSA
-EC_KEY_print                            3403   EXIST::FUNCTION:BIO,EC
-ECDSA_get_ex_new_index                  3404   EXIST::FUNCTION:ECDSA
-EC_GROUP_set_asn1_flag                  3405   EXIST::FUNCTION:EC
-EC_KEY_check_key                        3406   EXIST::FUNCTION:EC
-d2i_EC_PUBKEY_fp                        3407   EXIST::FUNCTION:EC,FP_API
-ecdh_check                              3408   EXIST::FUNCTION:ECDH
-ECDSA_DATA_new_method                   3409   EXIST::FUNCTION:ECDSA
-ENGINE_set_default_ECDH                 3410   EXIST::FUNCTION:
-PKCS12_add_key                          3411   EXIST::FUNCTION:
-DSO_merge                               3412   EXIST::FUNCTION:
-EC_POINT_hex2point                      3413   EXIST::FUNCTION:EC
-BN_GF2m_mod_inv_arr                     3414   EXIST::FUNCTION:
-ENGINE_unregister_ECDSA                 3415   EXIST::FUNCTION:
-PEM_write_bio_X509_CERT_PAIR            3416   EXIST::FUNCTION:
-PEM_read_X509_CERT_PAIR                 3417   EXIST:!WIN16:FUNCTION:
-X509_CERT_PAIR_it                       3418   EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
-X509_CERT_PAIR_it                       3418   EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
-X509_CERT_PAIR_free                     3419   EXIST::FUNCTION:
-i2d_X509_CERT_PAIR                      3420   EXIST::FUNCTION:
-X509_CERT_PAIR_new                      3421   EXIST::FUNCTION:
-PEM_write_X509_CERT_PAIR                3422   EXIST:!WIN16:FUNCTION:
-d2i_X509_CERT_PAIR                      3423   EXIST::FUNCTION:
-PEM_read_bio_X509_CERT_PAIR             3424   EXIST::FUNCTION:
+OPENSSL_cleanse                         3245   EXIST::FUNCTION:
+BN_get0_nist_prime_384                  3246   EXIST::FUNCTION:
+ENGINE_register_ECDSA                   3247   EXIST::FUNCTION:
+BN_nist_mod_192                         3248   EXIST::FUNCTION:
+EC_GROUP_get_trinomial_basis            3249   EXIST::FUNCTION:EC
+ECDH_get_default_method                 3250   EXIST::FUNCTION:ECDH
+PKCS12_add_safe                         3251   EXIST::FUNCTION:
+ENGINE_register_ECDH                    3252   EXIST::FUNCTION:
+i2d_ECPrivateKey                        3253   EXIST::FUNCTION:EC
+BN_get0_nist_prime_192                  3254   EXIST::FUNCTION:
+EC_POINT_set_affine_coordinates_GF2m    3255   EXIST:!VMS:FUNCTION:EC
+EC_POINT_set_affine_coords_GF2m         3255   EXIST:VMS:FUNCTION:EC
+BN_GF2m_mod_exp_arr                     3256   EXIST::FUNCTION:
+X509_keyid_get0                         3257   EXIST::FUNCTION:
+EC_GROUP_new_by_nid                     3258   EXIST::FUNCTION:EC
+BN_GF2m_mod_mul_arr                     3259   EXIST::FUNCTION:
+EC_KEY_copy                             3260   EXIST::FUNCTION:EC
+EC_GROUP_check_discriminant             3261   EXIST::FUNCTION:EC
+EC_POINT_point2bn                       3262   EXIST::FUNCTION:EC
+EC_GROUP_new_curve_GF2m                 3263   EXIST::FUNCTION:EC
+EVP_PKEY_get1_EC_KEY                    3264   EXIST::FUNCTION:EC
+ENGINE_get_default_ECDH                 3265   EXIST::FUNCTION:
+ASN1_OCTET_STRING_NDEF_it               3266   EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
+ASN1_OCTET_STRING_NDEF_it               3266   EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
+ENGINE_get_static_state                 3267   EXIST::FUNCTION:
+ECDSA_SIG_new                           3268   EXIST::FUNCTION:ECDSA
+BN_GF2m_mod_sqr                         3269   EXIST::FUNCTION:
+EC_POINT_bn2point                       3270   EXIST::FUNCTION:EC
+EC_GROUP_get_point_conversion_form      3271   EXIST:!VMS:FUNCTION:EC
+EC_GROUP_get_point_conv_form            3271   EXIST:VMS:FUNCTION:EC
+PEM_read_bio_ECPKParameters             3272   EXIST::FUNCTION:EC
+EC_GROUP_get_pentanomial_basis          3273   EXIST::FUNCTION:EC
+EC_GROUP_get_nid                        3274   EXIST::FUNCTION:EC
+ECDSA_sign_setup                        3275   EXIST::FUNCTION:ECDSA
+BN_GF2m_mod_solve_quad_arr              3276   EXIST::FUNCTION:
+EC_KEY_up_ref                           3277   EXIST::FUNCTION:EC
+BN_GF2m_mod_div                         3278   EXIST::FUNCTION:
+EC_KEY_free                             3279   EXIST::FUNCTION:EC
+PEM_write_bio_ECPrivateKey              3280   EXIST::FUNCTION:EC
+d2i_EC_PUBKEY                           3281   EXIST::FUNCTION:EC
+EC_KEY_print_fp                         3282   EXIST::FUNCTION:EC,FP_API
+BN_GF2m_mod_arr                         3283   EXIST::FUNCTION:
+PEM_write_bio_X509_CERT_PAIR            3284   EXIST::FUNCTION:
+ECDH_get_ex_data                        3285   EXIST::FUNCTION:ECDH
+ECDSA_do_sign                           3286   EXIST::FUNCTION:ECDSA
+ENGINE_unregister_ECDH                  3287   EXIST::FUNCTION:
+ECDH_OpenSSL                            3288   EXIST::FUNCTION:ECDH
+EC_POINT_dup                            3289   EXIST::FUNCTION:EC
+EC_get_builtin_curves                   3290   EXIST::FUNCTION:EC
+EVP_PKEY_set1_EC_KEY                    3291   EXIST::FUNCTION:EC
+BN_GF2m_mod_sqrt_arr                    3292   EXIST::FUNCTION:
+i2d_ECPrivateKey_bio                    3293   EXIST::FUNCTION:BIO,EC
+ECPKParameters_print_fp                 3294   EXIST::FUNCTION:EC,FP_API
+ECDSA_SIG_free                          3295   EXIST::FUNCTION:ECDSA
+PEM_write_bio_ECPKParameters            3296   EXIST::FUNCTION:EC
+EC_GROUP_set_nid                        3297   EXIST::FUNCTION:EC
+PKCS12_add_safes                        3298   EXIST::FUNCTION:
+BN_GF2m_poly2arr                        3299   EXIST::FUNCTION:
+BN_get0_nist_prime_224                  3300   EXIST::FUNCTION:
+i2d_ECParameters                        3301   EXIST::FUNCTION:EC
+i2d_ECPKParameters                      3302   EXIST::FUNCTION:EC
+BN_ncopy                                3303   EXIST::FUNCTION:
+d2i_ECPKParameters                      3304   EXIST::FUNCTION:EC
+ENGINE_set_ECDH                         3305   EXIST::FUNCTION:
+PEM_write_bio_EC_PUBKEY                 3306   EXIST::FUNCTION:EC
+ECParameters_print                      3307   EXIST::FUNCTION:BIO,EC
+ASN1_generate_nconf                     3308   EXIST::FUNCTION:
+BN_GF2m_mod_mul                         3309   EXIST::FUNCTION:
+EC_GROUP_set_seed                       3310   EXIST::FUNCTION:EC
+EC_GROUP_get_curve_GF2m                 3311   EXIST::FUNCTION:EC
+PEM_read_X509_CERT_PAIR                 3312   EXIST:!WIN16:FUNCTION:
+ECPublicKey_set_octet_string            3313   EXIST::FUNCTION:EC
+ECDSA_get_ex_data                       3314   EXIST::FUNCTION:ECDSA
+BN_GF2m_mod                             3315   EXIST::FUNCTION:
+EC_GROUP_get_seed_len                   3316   EXIST::FUNCTION:EC
+PEM_read_bio_EC_PUBKEY                  3317   EXIST::FUNCTION:EC
+i2d_EC_PUBKEY                           3318   EXIST::FUNCTION:EC
+ECDSA_get_default_method                3319   EXIST::FUNCTION:ECDSA
+ASN1_put_eoc                            3320   EXIST::FUNCTION:
+ECDSA_DATA_free                         3321   EXIST::FUNCTION:ECDSA
+EC_METHOD_get_field_type                3322   EXIST::FUNCTION:EC
+EC_GFp_nist_method                      3323   EXIST::FUNCTION:EC
+X509_CERT_PAIR_it                       3324   EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
+X509_CERT_PAIR_it                       3324   EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
+BN_GF2m_mod_sqr_arr                     3325   EXIST::FUNCTION:
+EC_GROUP_set_curve_GF2m                 3326   EXIST::FUNCTION:EC
+ENGINE_set_default_ECDSA                3327   EXIST::FUNCTION:
+BN_GF2m_mod_sqrt                        3328   EXIST::FUNCTION:
+ECDH_set_default_method                 3329   EXIST::FUNCTION:ECDH
+EC_KEY_generate_key                     3330   EXIST::FUNCTION:EC
+BN_GF2m_arr2poly                        3331   EXIST::FUNCTION:
+ECPublicKey_get_octet_string            3332   EXIST::FUNCTION:EC
+EC_GROUP_check                          3333   EXIST::FUNCTION:EC
+d2i_ECPrivateKey_bio                    3334   EXIST::FUNCTION:BIO,EC
+d2i_ECPrivateKey                        3335   EXIST::FUNCTION:EC
+ASN1_item_ndef_i2d                      3336   EXIST::FUNCTION:
+i2d_PKCS7_NDEF                          3337   EXIST::FUNCTION:
+EC_GROUP_get_degree                     3338   EXIST::FUNCTION:EC
+ASN1_generate_v3                        3339   EXIST::FUNCTION:
+BN_GF2m_add                             3340   EXIST::FUNCTION:
+X509_CERT_PAIR_free                     3341   EXIST::FUNCTION:
+BN_nist_mod_224                         3342   EXIST::FUNCTION:
+i2d_EC_PUBKEY_bio                       3343   EXIST::FUNCTION:BIO,EC
+EC_GROUP_get_asn1_flag                  3344   EXIST::FUNCTION:EC
+ECDH_get_ex_new_index                   3345   EXIST::FUNCTION:ECDH
+ECDH_size                               3346   EXIST::FUNCTION:ECDH
+BN_GF2m_mod_inv                         3347   EXIST::FUNCTION:
+BN_GF2m_mod_exp                         3348   EXIST::FUNCTION:
+EC_GROUP_get0_seed                      3349   EXIST::FUNCTION:EC
+ecdsa_check                             3350   EXIST::FUNCTION:ECDSA
+BN_GF2m_mod_div_arr                     3351   EXIST::FUNCTION:
+ENGINE_set_ECDSA                        3352   EXIST::FUNCTION:
+ECPKParameters_print                    3353   EXIST::FUNCTION:BIO,EC
+PEM_write_EC_PUBKEY                     3354   EXIST:!WIN16:FUNCTION:EC
+ECDH_set_method                         3355   EXIST::FUNCTION:ECDH
+ECDH_set_ex_data                        3356   EXIST::FUNCTION:ECDH
+BN_nist_mod_521                         3357   EXIST::FUNCTION:
+EC_GROUP_set_point_conversion_form      3358   EXIST:!VMS:FUNCTION:EC
+EC_GROUP_set_point_conv_form            3358   EXIST:VMS:FUNCTION:EC
+PEM_read_EC_PUBKEY                      3359   EXIST:!WIN16:FUNCTION:EC
+i2d_ECDSA_SIG                           3360   EXIST::FUNCTION:ECDSA
+ECDSA_OpenSSL                           3361   EXIST::FUNCTION:ECDSA
+ECDSA_set_default_method                3362   EXIST::FUNCTION:ECDSA
+EC_POINT_set_compressed_coordinates_GF2m 3363  EXIST:!VMS:FUNCTION:EC
+EC_POINT_set_compr_coords_GF2m          3363   EXIST:VMS:FUNCTION:EC
+ECDH_DATA_new_method                    3364   EXIST::FUNCTION:ECDH
+BN_get0_nist_prime_256                  3365   EXIST::FUNCTION:
+PEM_read_ECPrivateKey                   3366   EXIST:!WIN16:FUNCTION:EC
+ERR_load_ECDSA_strings                  3367   EXIST::FUNCTION:ECDSA
+EC_GROUP_get_basis_type                 3368   EXIST::FUNCTION:EC
+ECDH_DATA_new                           3369   EXIST::FUNCTION:ECDH
+BN_nist_mod_384                         3370   EXIST::FUNCTION:
+i2d_X509_CERT_PAIR                      3371   EXIST::FUNCTION:
+PEM_write_ECPKParameters                3372   EXIST:!WIN16:FUNCTION:EC
+ECDH_compute_key                        3373   EXIST::FUNCTION:ECDH
+ENGINE_register_all_ECDH                3374   EXIST::FUNCTION:
+BN_GF2m_mod_solve_quad                  3375   EXIST::FUNCTION:
+i2d_ECPrivateKey_fp                     3376   EXIST::FUNCTION:EC,FP_API
+ENGINE_register_all_ECDSA               3377   EXIST::FUNCTION:
+EC_POINT_get_affine_coordinates_GF2m    3378   EXIST:!VMS:FUNCTION:EC
+EC_POINT_get_affine_coords_GF2m         3378   EXIST:VMS:FUNCTION:EC
+EC_GROUP_dup                            3379   EXIST::FUNCTION:EC
+ENGINE_get_default_ECDSA                3380   EXIST::FUNCTION:
+EC_KEY_new                              3381   EXIST::FUNCTION:EC
+ECDSA_verify                            3382   EXIST::FUNCTION:ECDSA
+EC_POINT_point2hex                      3383   EXIST::FUNCTION:EC
+ECDSA_do_verify                         3384   EXIST::FUNCTION:ECDSA
+d2i_ECPrivateKey_fp                     3385   EXIST::FUNCTION:EC,FP_API
+PEM_write_ECPrivateKey                  3386   EXIST:!WIN16:FUNCTION:EC
+PEM_read_ECPKParameters                 3387   EXIST:!WIN16:FUNCTION:EC
+X509_CERT_PAIR_new                      3388   EXIST::FUNCTION:
+ECParameters_print_fp                   3389   EXIST::FUNCTION:EC,FP_API
+ECDH_DATA_free                          3390   EXIST::FUNCTION:ECDH
+PEM_write_X509_CERT_PAIR                3391   EXIST:!WIN16:FUNCTION:
+d2i_X509_CERT_PAIR                      3392   EXIST::FUNCTION:
+i2d_EC_PUBKEY_fp                        3393   EXIST::FUNCTION:EC,FP_API
+BN_nist_mod_256                         3394   EXIST::FUNCTION:
+ECDSA_DATA_new                          3395   EXIST::FUNCTION:ECDSA
+ECDSA_size                              3396   EXIST::FUNCTION:ECDSA
+d2i_EC_PUBKEY_bio                       3397   EXIST::FUNCTION:BIO,EC
+BN_get0_nist_prime_521                  3398   EXIST::FUNCTION:
+PEM_read_bio_ECPrivateKey               3399   EXIST::FUNCTION:EC
+ENGINE_get_ECDH                         3400   EXIST::FUNCTION:
+d2i_ECDSA_SIG                           3401   EXIST::FUNCTION:ECDSA
+ECDSA_sign                              3402   EXIST::FUNCTION:ECDSA
+ENGINE_get_ECDSA                        3403   EXIST::FUNCTION:
+EVP_ecdsa                               3404   EXIST::FUNCTION:SHA
+PKCS12_add_cert                         3405   EXIST::FUNCTION:
+ERR_load_ECDH_strings                   3406   EXIST::FUNCTION:ECDH
+EC_KEY_dup                              3407   EXIST::FUNCTION:EC
+ECDSA_set_method                        3408   EXIST::FUNCTION:ECDSA
+d2i_ECParameters                        3409   EXIST::FUNCTION:EC
+EC_GF2m_simple_method                   3410   EXIST::FUNCTION:EC
+ECDSA_set_ex_data                       3411   EXIST::FUNCTION:ECDSA
+EC_KEY_print                            3412   EXIST::FUNCTION:BIO,EC
+ECDSA_get_ex_new_index                  3413   EXIST::FUNCTION:ECDSA
+EC_GROUP_set_asn1_flag                  3414   EXIST::FUNCTION:EC
+EC_KEY_check_key                        3415   EXIST::FUNCTION:EC
+d2i_EC_PUBKEY_fp                        3416   EXIST::FUNCTION:EC,FP_API
+ecdh_check                              3417   EXIST::FUNCTION:ECDH
+ECDSA_DATA_new_method                   3418   EXIST::FUNCTION:ECDSA
+PEM_read_bio_X509_CERT_PAIR             3419   EXIST::FUNCTION:
+ENGINE_set_default_ECDH                 3420   EXIST::FUNCTION:
+PKCS12_add_key                          3421   EXIST::FUNCTION:
+DSO_merge                               3422   EXIST::FUNCTION:
+EC_POINT_hex2point                      3423   EXIST::FUNCTION:EC
+BN_GF2m_mod_inv_arr                     3424   EXIST::FUNCTION:
+ENGINE_unregister_ECDSA                 3425   EXIST::FUNCTION: