diff --git a/cpp/ql/lib/experimental/cryptography/Concepts.qll b/cpp/ql/lib/experimental/cryptography/Concepts.qll index 83a13f525c2..de29125614a 100644 --- a/cpp/ql/lib/experimental/cryptography/Concepts.qll +++ b/cpp/ql/lib/experimental/cryptography/Concepts.qll @@ -1,5 +1,3 @@ import experimental.cryptography.CryptoArtifact import experimental.cryptography.CryptoAlgorithmNames - import experimental.cryptography.modules.OpenSSL as OpenSSL - diff --git a/cpp/ql/lib/experimental/cryptography/CryptoAlgorithmNames.qll b/cpp/ql/lib/experimental/cryptography/CryptoAlgorithmNames.qll index 490895bd879..5f29320ff14 100644 --- a/cpp/ql/lib/experimental/cryptography/CryptoAlgorithmNames.qll +++ b/cpp/ql/lib/experimental/cryptography/CryptoAlgorithmNames.qll @@ -11,35 +11,47 @@ string unknownAlgorithm() { result = "UNKNOWN" } string getHashType() { result = "HASH" } + string getSymmetricEncryptionType() { result = "SYMMETRIC_ENCRYPTION" } + string getAsymmetricEncryptionType() { result = "ASYMMETRIC_ENCRYPTION" } + string getKeyDerivationType() { result = "KEY_DERIVATION" } + string getCipherBlockModeType() { result = "BLOCK_MODE" } + string getSymmetricPaddingType() { result = "SYMMETRIC_PADDING" } + string getAsymmetricPaddingType() { result = "ASYMMETRIC_PADDING" } + string getEllipticCurveType() { result = "ELLIPTIC_CURVE" } + string getSignatureType() { result = "SIGNATURE" } + string getKeyExchangeType() { result = "KEY_EXCHANGE" } -string getAsymmetricType(){ - result in [getAsymmetricEncryptionType(), getSignatureType(), getKeyExchangeType(), getEllipticCurveType()] +string getAsymmetricType() { + result in [ + getAsymmetricEncryptionType(), getSignatureType(), getKeyExchangeType(), + getEllipticCurveType() + ] } -predicate isKnownType(string algType){ +predicate isKnownType(string algType) { algType in [ - getHashType(), getSymmetricEncryptionType(), getAsymmetricEncryptionType(), getKeyDerivationType(), - getCipherBlockModeType(), getSymmetricPaddingType(), getAsymmetricPaddingType(), getEllipticCurveType(), - getSignatureType(), getKeyExchangeType() - ] + getHashType(), getSymmetricEncryptionType(), getAsymmetricEncryptionType(), + getKeyDerivationType(), getCipherBlockModeType(), getSymmetricPaddingType(), + getAsymmetricPaddingType(), getEllipticCurveType(), getSignatureType(), getKeyExchangeType() + ] } - predicate isKnownAlgorithm(string name) { isKnownAlgorithm(name, _) } predicate isKnownAlgorithm(string name, string algType) { isHashingAlgorithm(name) and algType = "HASH" or - isEncryptionAlgorithm(name, algType) and algType in ["SYMMETRIC_ENCRYPTION", "ASYMMETRIC_ENCRYPTION"] + isEncryptionAlgorithm(name, algType) and + algType in ["SYMMETRIC_ENCRYPTION", "ASYMMETRIC_ENCRYPTION"] or isKeyDerivationAlgorithm(name) and algType = "KEY_DERIVATION" or @@ -60,11 +72,11 @@ predicate isKnownAlgorithm(string name, string algType) { predicate isHashingAlgorithm(string name) { name = [ - "BLAKE2", "BLAKE2B", "BLAKE2S", - "SHA2", "SHA224", "SHA256", "SHA384", "SHA512", "SHA512224", "SHA512256", - "SHA3", "SHA3224", "SHA3256", "SHA3384", "SHA3512", "SHAKE128", "SHAKE256", "SM3", - "WHIRLPOOL", "POLY1305", "HAVEL128", "MD2", "MD4", "MD5", "PANAMA", "RIPEMD", "RIPEMD128", - "RIPEMD256", "RIPEMD160", "RIPEMD320", "SHA0", "SHA1", "SHA", "MGF1","MGF1SHA1", "MDC2", "SIPHASH" + "BLAKE2", "BLAKE2B", "BLAKE2S", "SHA2", "SHA224", "SHA256", "SHA384", "SHA512", "SHA512224", + "SHA512256", "SHA3", "SHA3224", "SHA3256", "SHA3384", "SHA3512", "SHAKE128", "SHAKE256", + "SM3", "WHIRLPOOL", "POLY1305", "HAVEL128", "MD2", "MD4", "MD5", "PANAMA", "RIPEMD", + "RIPEMD128", "RIPEMD256", "RIPEMD160", "RIPEMD320", "SHA0", "SHA1", "SHA", "MGF1", "MGF1SHA1", + "MDC2", "SIPHASH" ] } @@ -86,10 +98,10 @@ predicate isSymmetricEncryptionAlgorithm(string name) { "AES", "AES128", "AES192", "AES256", "ARIA", "BLOWFISH", "BF", "ECIES", "CAST", "CAST5", "CAMELLIA", "CAMELLIA128", "CAMELLIA192", "CAMELLIA256", "CHACHA", "CHACHA20", "CHACHA20POLY1305", "GOST", "GOSTR34102001", "GOSTR341094", "GOSTR341194", "GOST2814789", - "GOSTR341194", "GOST2814789", "GOST28147", "GOSTR341094", "GOST89", "GOST94", "GOST34102012", - "GOST34112012", "IDEA", "RABBIT", - "SEED", "SM4", "DES", "DESX", "3DES", "TDES", "2DES", "DES3", "TRIPLEDES", "TDEA", "TRIPLEDEA", - "ARC2", "RC2", "ARC4", "RC4", "ARCFOUR", "ARC5", "RC5", "MAGMA", "KUZNYECHIK" + "GOSTR341194", "GOST2814789", "GOST28147", "GOSTR341094", "GOST89", "GOST94", "GOST34102012", + "GOST34112012", "IDEA", "RABBIT", "SEED", "SM4", "DES", "DESX", "3DES", "TDES", "2DES", + "DES3", "TRIPLEDES", "TDEA", "TRIPLEDEA", "ARC2", "RC2", "ARC4", "RC4", "ARCFOUR", "ARC5", + "RC5", "MAGMA", "KUZNYECHIK" ] } @@ -201,20 +213,25 @@ predicate isEllipticCurveAlgorithm(string curveName, int keySize) { curveName = "NUMSP512T1" and keySize = 512 or curveName = "SM2" and keySize in [256, 512] - } /** * Holds if `name` corresponds to a known signature algorithm. */ -predicate isSignatureAlgorithm(string name) { - name = ["DSA", "ECDSA", "EDDSA", "ES256", "ES256K", "ES384", "ES512", "ED25519", "ED448", "ECDSA256", "ECDSA384", "ECDSA512"] +predicate isSignatureAlgorithm(string name) { + name = + [ + "DSA", "ECDSA", "EDDSA", "ES256", "ES256K", "ES384", "ES512", "ED25519", "ED448", "ECDSA256", + "ECDSA384", "ECDSA512" + ] } /** * Holds if `name` is a key exchange algorithm. */ -predicate isKeyExchangeAlgorithm(string name) { name = ["ECDH", "DH", "DIFFIEHELLMAN", "X25519", "X448"] } +predicate isKeyExchangeAlgorithm(string name) { + name = ["ECDH", "DH", "DIFFIEHELLMAN", "X25519", "X448"] +} /** * Holds if `name` corresponds to a known asymmetric encryption. diff --git a/cpp/ql/lib/experimental/cryptography/CryptoArtifact.qll b/cpp/ql/lib/experimental/cryptography/CryptoArtifact.qll index 79564c68e04..26b24d56f16 100644 --- a/cpp/ql/lib/experimental/cryptography/CryptoArtifact.qll +++ b/cpp/ql/lib/experimental/cryptography/CryptoArtifact.qll @@ -2,20 +2,19 @@ import cpp private import experimental.cryptography.CryptoAlgorithmNames import semmle.code.cpp.ir.dataflow.TaintTracking - - /* -* A cryptographic artifact is a DataFlow::Node associated with some -* operation, algorithm, or any other aspect of cryptography. -*/ -abstract class CryptographicArtifact extends Expr {} + * A cryptographic artifact is a DataFlow::Node associated with some + * operation, algorithm, or any other aspect of cryptography. + */ + +abstract class CryptographicArtifact extends Expr { } // /** // * Associates a symmetric encryption algorithm with a block mode. // * The DataFlow::Node representing this association should be the -// * point where the algorithm and block mode are combined. -// * This may be at the call to encryption or in the construction -// * of an object prior to encryption. +// * point where the algorithm and block mode are combined. +// * This may be at the call to encryption or in the construction +// * of an object prior to encryption. // */ // abstract class SymmetricCipher extends CryptographicArtifact{ // abstract SymmetricEncryptionAlgorithm getEncryptionAlgorithm(); @@ -24,112 +23,91 @@ abstract class CryptographicArtifact extends Expr {} // exists(this.getBlockMode()) // } // } - // /** // * A cryptographic operation is a method call that invokes a cryptographic // * algorithm (encrypt/decrypt) or a function in support of a cryptographic algorithm // * (key generation). -// * +// * // * Since operations are related to or in support of algorithms, operations must // * provide a reference to their associated algorithm. Often operataions themselves // * encapsulate algorithms, so operations can also extend CryptographicAlgorithm -// * and refer to themselves as the target algorithm. +// * and refer to themselves as the target algorithm. // */ // abstract class CryptographicOperation extends CryptographicArtifact, Call{ - // // bindingset[paramName, ind] // // final DataFlow::Node getParameterSource(int ind, string paramName){ // // result = Utils::getUltimateSrcFromApiNode(this.(API::CallNode).getParameter(ind, paramName)) // // } - // final string getAlgorithmName(){ // if exists(this.getAlgorithm().getName()) // then result = this.getAlgorithm().getName() // else result = unknownAlgorithm() // } - // final predicate hasAlgorithm(){ // exists(this.getAlgorithm()) // } - // final predicate isUnknownAlgorithm(){ // this.getAlgorithmName() = unknownAlgorithm() // or // not this.hasAlgorithm() // } - // // TODO: this might have to be parameterized by a configuration source for // // situations where an operation is passed an algorithm // abstract CryptographicAlgorithm getAlgorithm(); - // } - // /** A key generation operation for asymmetric keys */ // abstract class KeyGen extends CryptographicOperation{ - - // int getAKeySizeInBits(){ // result = getKeySizeInBits(_) // } - // final predicate hasKeySize(Expr configSrc){ // exists(this.getKeySizeInBits(configSrc)) // } - // final predicate hasKeySize(){ // exists(this.getAKeySizeInBits()) // } - // abstract Expr getKeyConfigSrc(); // abstract int getKeySizeInBits(Expr configSrc); - // } - - -abstract class CryptographicOperation extends CryptographicArtifact, Call{} +abstract class CryptographicOperation extends CryptographicArtifact, Call { } abstract class KeyGeneration extends CryptographicOperation { - // TODO: what if the algorithm is UNKNOWN? - abstract Expr getKeyConfigurationSource(CryptographicAlgorithm alg); + abstract CryptographicAlgorithm getAlgorithm(); - int getKeySizeInBits(CryptographicAlgorithm alg){ + int getKeySizeInBits(CryptographicAlgorithm alg) { result = getKeyConfigurationSource(alg).(Literal).getValue().toInt() } - predicate hasConstantKeySize(CryptographicAlgorithm alg){ - exists(this.getKeySizeInBits(alg)) - } + predicate hasConstantKeySize(CryptographicAlgorithm alg) { exists(this.getKeySizeInBits(alg)) } - predicate hasKeyConfigurationSource(CryptographicAlgorithm alg){ + predicate hasKeyConfigurationSource(CryptographicAlgorithm alg) { exists(this.getKeyConfigurationSource(alg)) } - Expr getAKeyConfigurationSource(){ - result = getKeyConfigurationSource(_) - } + Expr getAKeyConfigurationSource() { result = getKeyConfigurationSource(_) } } -abstract class AsymmetricKeyGeneration extends KeyGeneration{} -abstract class SymmetricKeyGeneration extends KeyGeneration{} +abstract class AsymmetricKeyGeneration extends KeyGeneration { } +abstract class SymmetricKeyGeneration extends KeyGeneration { } /** - * A cryptographic algorithm is a `CryptographicArtifact` + * A cryptographic algorithm is a `CryptographicArtifact` * representing a cryptographic algorithm (see `CryptoAlgorithmNames.qll`). * Cryptographic algorithms can be functions referencing common crypto algorithms (e.g., hashlib.md5) * or strings that are used in cryptographic operation configurations (e.g., hashlib.new("md5")). * Cryptogrpahic algorithms may also be operations that wrap or abstract one or * more algorithms (e.g., cyrptography.fernet.Fernet and AES, CBC and PKCS7). - * + * * In principle, this class should model the location where an algorithm enters the program, not - * necessarily where it is used. + * necessarily where it is used. */ -abstract class CryptographicAlgorithm extends CryptographicArtifact -{ +abstract class CryptographicAlgorithm extends CryptographicArtifact { abstract string getName(); + abstract string getAlgType(); // string getAlgType(){ @@ -145,97 +123,74 @@ abstract class CryptographicAlgorithm extends CryptographicArtifact // else if this instanceof SigningAlgorithm then result = getSignatureType() // else result = unknownAlgorithm() // } - - // TODO: handle case where name isn't known, not just unknown? - + // TODO: handle case where name isn't known, not just unknown? /** * Normalizes a raw name into a normalized name as found in `CryptoAlgorithmNames.qll`. * Subclassess should override for more api-specific normalization. - * By deafult, converts a raw name to upper-case with no hyphen, underscore, hash, or space. + * By deafult, converts a raw name to upper-case with no hyphen, underscore, hash, or space. */ bindingset[s] - string normalizeName(string s) - { - exists(string normStr | - normStr = s.toUpperCase().regexpReplaceAll("[-_ ]|/", "") - | - (result = normStr and isKnownAlgorithm(result)) + string normalizeName(string s) { + exists(string normStr | normStr = s.toUpperCase().regexpReplaceAll("[-_ ]|/", "") | + result = normStr and isKnownAlgorithm(result) or - (result = unknownAlgorithm() and not isKnownAlgorithm(normStr)) + result = unknownAlgorithm() and not isKnownAlgorithm(normStr) ) } abstract Expr configurationSink(); - predicate hasConfigurationSink(){ - exists(this.configurationSink()) - } + predicate hasConfigurationSink() { exists(this.configurationSink()) } } -abstract class HashAlgorithm extends CryptographicAlgorithm{ - final string getHashName(){ +abstract class HashAlgorithm extends CryptographicAlgorithm { + final string getHashName() { if exists(string n | n = this.getName() and isHashingAlgorithm(n)) - then (isHashingAlgorithm(result) and result = this.getName()) + then isHashingAlgorithm(result) and result = this.getName() else result = unknownAlgorithm() } - override string getAlgType(){ - result = getHashType() - } + override string getAlgType() { result = getHashType() } } - -abstract class KeyDerivationAlgorithm extends CryptographicAlgorithm{ - final string getKDFName(){ +abstract class KeyDerivationAlgorithm extends CryptographicAlgorithm { + final string getKDFName() { if exists(string n | n = this.getName() and isKeyDerivationAlgorithm(n)) - then (isKeyDerivationAlgorithm(result) and result = this.getName()) + then isKeyDerivationAlgorithm(result) and result = this.getName() else result = unknownAlgorithm() } - override string getAlgType(){ - result = getKeyDerivationType() - } + override string getAlgType() { result = getKeyDerivationType() } } // abstract class KeyDerivationOperation extends CryptographicOperation{ // DataFlow::Node getIterationSizeSrc(){ // none() // } - // DataFlow::Node getSaltConfigSrc(){ // none() // } - // DataFlow::Node getHashConfigSrc(){ // none() // } - // // TODO: get encryption algorithm for CBC-based KDF? - // DataFlow::Node getDerivedKeySizeSrc(){ // none() // } - // DataFlow::Node getModeSrc(){ // none() // } - // // TODO: add more to cover all the parameters of most KDF operations? Perhaps subclass for each type? - // abstract predicate requiresIteration(); // abstract predicate requiresSalt(); // abstract predicate requiresHash(); // //abstract predicate requiresKeySize(); // Going to assume all requires a size // abstract predicate requiresMode(); - // } - - -abstract class EncryptionAlgorithm extends CryptographicAlgorithm -{ +abstract class EncryptionAlgorithm extends CryptographicAlgorithm { final predicate isAsymmetric() { this instanceof AsymmetricEncryptionAlgorithm } - final predicate isSymmetric() { not this.isAsymmetric() } + final predicate isSymmetric() { not this.isAsymmetric() } // NOTE: DO_NOT add getEncryptionName here, we rely on the fact the parent // class does not have this common predicate. } @@ -244,141 +199,118 @@ abstract class EncryptionAlgorithm extends CryptographicAlgorithm * A parent class to represent any algorithm for which * asymmetric cryptography is involved. * Intended to be distinct from AsymmetricEncryptionAlgorithm - * which is intended only for asymmetric algorithms that specifically encrypt. + * which is intended only for asymmetric algorithms that specifically encrypt. */ -abstract class AsymmetricAlgorithm extends CryptographicAlgorithm{} +abstract class AsymmetricAlgorithm extends CryptographicAlgorithm { } /** * Algorithms directly or indirectly related to asymmetric encryption, * e.g., RSA, DSA, but also RSA padding algorithms */ -abstract class AsymmetricEncryptionAlgorithm extends AsymmetricAlgorithm, EncryptionAlgorithm{ - final string getEncryptionName(){ +abstract class AsymmetricEncryptionAlgorithm extends AsymmetricAlgorithm, EncryptionAlgorithm { + final string getEncryptionName() { if exists(string n | n = this.getName() and isAsymmetricEncryptionAlgorithm(n)) - then (isAsymmetricEncryptionAlgorithm(result) and result = this.getName()) + then isAsymmetricEncryptionAlgorithm(result) and result = this.getName() else result = unknownAlgorithm() } - override string getAlgType(){ - result = getAsymmetricEncryptionType() - } + override string getAlgType() { result = getAsymmetricEncryptionType() } } /** * Algorithms directly or indirectly related to symmetric encryption, * e.g., AES, DES, but also block modes and padding */ -abstract class SymmetricEncryptionAlgorithm extends EncryptionAlgorithm -{ - final string getEncryptionName(){ +abstract class SymmetricEncryptionAlgorithm extends EncryptionAlgorithm { + final string getEncryptionName() { if exists(string n | n = this.getName() and isSymmetricEncryptionAlgorithm(n)) - then (isSymmetricEncryptionAlgorithm(result) and result = this.getName()) + then isSymmetricEncryptionAlgorithm(result) and result = this.getName() else result = unknownAlgorithm() } - // TODO: add a stream cipher predicate? - override string getAlgType(){ - result = getSymmetricEncryptionType() - } + // TODO: add a stream cipher predicate? + override string getAlgType() { result = getSymmetricEncryptionType() } } // Used only to categorize all padding into a single object, -// DO_NOT add predicates here. Only for categorization purposes. -abstract class PaddingAlgorithm extends CryptographicAlgorithm{} +// DO_NOT add predicates here. Only for categorization purposes. +abstract class PaddingAlgorithm extends CryptographicAlgorithm { } abstract class SymmetricPadding extends PaddingAlgorithm { - final string getPaddingName(){ + final string getPaddingName() { if exists(string n | n = this.getName() and isSymmetricPaddingAlgorithm(n)) - then (isSymmetricPaddingAlgorithm(result) and result = this.getName()) + then isSymmetricPaddingAlgorithm(result) and result = this.getName() else result = unknownAlgorithm() } - override string getAlgType(){ - result = getSymmetricPaddingType() - } + override string getAlgType() { result = getSymmetricPaddingType() } } abstract class AsymmetricPadding extends PaddingAlgorithm { - final string getPaddingName(){ + final string getPaddingName() { if exists(string n | n = this.getName() and isAsymmetricPaddingAlgorithm(n)) - then (isAsymmetricPaddingAlgorithm(result) and result = this.getName()) + then isAsymmetricPaddingAlgorithm(result) and result = this.getName() else result = unknownAlgorithm() } - override string getAlgType(){ - result = getAsymmetricPaddingType() - } + override string getAlgType() { result = getAsymmetricPaddingType() } } -abstract class EllipticCurveAlgorithm extends AsymmetricAlgorithm{ - final string getCurveName(){ +abstract class EllipticCurveAlgorithm extends AsymmetricAlgorithm { + final string getCurveName() { if exists(string n | n = this.getName() and isEllipticCurveAlgorithm(n)) - then (isEllipticCurveAlgorithm(result) and result = this.getName()) + then isEllipticCurveAlgorithm(result) and result = this.getName() else result = unknownAlgorithm() } - final int getCurveBitSize(){ - isEllipticCurveAlgorithm(this.getCurveName(), result) - } - - override string getAlgType(){ - result = getEllipticCurveType() - } + final int getCurveBitSize() { isEllipticCurveAlgorithm(this.getCurveName(), result) } + override string getAlgType() { result = getEllipticCurveType() } } - -abstract class BlockModeAlgorithm extends CryptographicAlgorithm{ - final string getBlockModeName(){ +abstract class BlockModeAlgorithm extends CryptographicAlgorithm { + final string getBlockModeName() { if exists(string n | n = this.getName() and isCipherBlockModeAlgorithm(n)) - then (isCipherBlockModeAlgorithm(result) and result = this.getName()) + then isCipherBlockModeAlgorithm(result) and result = this.getName() else result = unknownAlgorithm() } /** - * Gets the source of the IV configuration. + * Gets the source of the IV configuration. */ abstract Expr getIVorNonce(); final predicate hasIVorNonce() { exists(this.getIVorNonce()) } - override string getAlgType(){ - result = getCipherBlockModeType() - } + override string getAlgType() { result = getCipherBlockModeType() } } // abstract class KeyWrapOperation extends CryptographicOperation{ // } - -abstract class AuthenticatedEncryptionAlgorithm extends SymmetricEncryptionAlgorithm{ - final string getAuthticatedEncryptionName(){ +abstract class AuthenticatedEncryptionAlgorithm extends SymmetricEncryptionAlgorithm { + final string getAuthticatedEncryptionName() { if exists(string n | n = this.getName() and isSymmetricEncryptionAlgorithm(n)) - then (isSymmetricEncryptionAlgorithm(result) and result = this.getName()) + then isSymmetricEncryptionAlgorithm(result) and result = this.getName() else result = unknownAlgorithm() } } -abstract class KeyExchangeAlgorithm extends AsymmetricAlgorithm{ - final string getKeyExchangeName(){ +abstract class KeyExchangeAlgorithm extends AsymmetricAlgorithm { + final string getKeyExchangeName() { if exists(string n | n = this.getName() and isKeyExchangeAlgorithm(n)) - then (isKeyExchangeAlgorithm(result) and result = this.getName()) + then isKeyExchangeAlgorithm(result) and result = this.getName() else result = unknownAlgorithm() } - override string getAlgType(){ - result = getKeyExchangeType() - } + override string getAlgType() { result = getKeyExchangeType() } } -abstract class SigningAlgorithm extends AsymmetricAlgorithm{ - final string getSigningName(){ +abstract class SigningAlgorithm extends AsymmetricAlgorithm { + final string getSigningName() { if exists(string n | n = this.getName() and isSignatureAlgorithm(n)) - then (isSignatureAlgorithm(result) and result = this.getName()) + then isSignatureAlgorithm(result) and result = this.getName() else result = unknownAlgorithm() } - override string getAlgType(){ - result = getSignatureType() - } + override string getAlgType() { result = getSignatureType() } } - diff --git a/cpp/ql/lib/experimental/cryptography/modules/OpenSSL.qll b/cpp/ql/lib/experimental/cryptography/modules/OpenSSL.qll index 038bf1955a1..c98967ed635 100644 --- a/cpp/ql/lib/experimental/cryptography/modules/OpenSSL.qll +++ b/cpp/ql/lib/experimental/cryptography/modules/OpenSSL.qll @@ -9,54 +9,48 @@ import experimental.cryptography.CryptoArtifact // import semmle.code.cpp.ir.dataflow.TaintTracking import semmle.code.cpp.ir.dataflow.DataFlow - /** - Problematic case in OpenSSL speed.c - static const char *names[ALGOR_NUM] = { - "md2", "mdc2", "md4", "md5", "sha1", "rmd160", - "sha256", "sha512", "whirlpool", "hmac(md5)", - "des-cbc", "des-ede3", "rc4", "idea-cbc", "seed-cbc", - "rc2-cbc", "rc5-cbc", "blowfish", "cast-cbc", - "aes-128-cbc", "aes-192-cbc", "aes-256-cbc", - "camellia-128-cbc", "camellia-192-cbc", "camellia-256-cbc", - "evp", "ghash", "rand", "cmac" - }; - - Every entry is considered a block mode, hash, and symmetric encryption algorithm - getEncryptionName for example, will return unknown - + * Problematic case in OpenSSL speed.c + * static const char *names[ALGOR_NUM] = { + * "md2", "mdc2", "md4", "md5", "sha1", "rmd160", + * "sha256", "sha512", "whirlpool", "hmac(md5)", + * "des-cbc", "des-ede3", "rc4", "idea-cbc", "seed-cbc", + * "rc2-cbc", "rc5-cbc", "blowfish", "cast-cbc", + * "aes-128-cbc", "aes-192-cbc", "aes-256-cbc", + * "camellia-128-cbc", "camellia-192-cbc", "camellia-256-cbc", + * "evp", "ghash", "rand", "cmac" + * }; + * + * Every entry is considered a block mode, hash, and symmetric encryption algorithm + * getEncryptionName for example, will return unknown */ - -predicate nodeToExpr(DataFlow::Node node, Expr e){ - e = node.asExpr() or e = node.asIndirectArgument() +predicate nodeToExpr(DataFlow::Node node, Expr e) { + e = node.asExpr() or e = node.asIndirectArgument() } -Expr getExprFromNode(DataFlow::Node node){ - nodeToExpr(node, result) -} +Expr getExprFromNode(DataFlow::Node node) { nodeToExpr(node, result) } -DataFlow::Node getNodeFromExpr(Expr e){ - nodeToExpr(result, e) -} +DataFlow::Node getNodeFromExpr(Expr e) { nodeToExpr(result, e) } -predicate isEVP_PKEY_CTX(Type t){ - t.getUnderlyingType().stripType().getName() = "evp_pkey_ctx_st" -} +predicate isEVP_PKEY_CTX(Type t) { t.getUnderlyingType().stripType().getName() = "evp_pkey_ctx_st" } /** * An expression representing an EVP_PKEY_CTX* at the location of a - * known AlgorithmSinkArgument. + * known AlgorithmSinkArgument. * The EVP_PKEY_CTX* represents the location where the CTX is tied to the algorithm, - * and can be used as a source for tracing EVP_PKEY_CTX to other operations. + * and can be used as a source for tracing EVP_PKEY_CTX to other operations. */ -class Known_EVP_PKEY_CTX_Ptr_Source extends Expr{ - Known_EVP_PKEY_CTX_Ptr_Source(){ - isEVP_PKEY_CTX(this.getUnderlyingType()) and - this.getUnderlyingType() instanceof PointerType and - exists(AlgorithmSinkArgument arg, Call sinkCall | - arg.getSinkCall() = sinkCall and - sinkCall.getAnArgument() = this or this = sinkCall) - } +class Known_EVP_PKEY_CTX_Ptr_Source extends Expr { + Known_EVP_PKEY_CTX_Ptr_Source() { + isEVP_PKEY_CTX(this.getUnderlyingType()) and + this.getUnderlyingType() instanceof PointerType and + exists(AlgorithmSinkArgument arg, Call sinkCall | + arg.getSinkCall() = sinkCall and + sinkCall.getAnArgument() = this + or + this = sinkCall + ) + } } // module CTXFlow implements DataFlow::ConfigSig{ @@ -65,678 +59,660 @@ class Known_EVP_PKEY_CTX_Ptr_Source extends Expr{ // // and is the primary source of interest for CTX tracing // source.asExpr() instanceof AlgorithmSinkArgument // } - // predicate isSink(DataFlow::Node sink){ // sink.asExpr() instanceof CTXSink // } - -// predicate isAdditionalFlowStep(DataFlow::Node node1, DataFlow::Node node2) { +// predicate isAdditionalFlowStep(DataFlow::Node node1, DataFlow::Node node2) { // // cls.getName() = "asn1_object_st" flow out on any EVP_PKEY_CTX which is "evp_pkey_ctx_st" -// exists(Call c | -// isEVP_PKEY_CTX(c.getUnderlyingType()) and +// exists(Call c | +// isEVP_PKEY_CTX(c.getUnderlyingType()) and // node1.asExpr() = c.getAnArgument() and c = node2.asExpr()) - // } - // } // module CTXFlowConfig = DataFlow::Global; - - // TODO: currently only handles tracing from literals to sinks -module LiteralAlgorithmTracerConfig implements DataFlow::ConfigSig -{ - predicate isSource(DataFlow::Node source) { - source.asExpr() instanceof Literal - and - // Optimization to reduce literal tracing on integers to only those that are known/relevant NIDs. - (exists(source.asExpr().getValue().toInt()) implies source.asExpr().getValue().toInt() < getNIDMax()) - and - // False positives observed inside OBJ_nid2* and OBJ_sn2* functions where NULL is a possible assignment. - // While this is a concern, it only occurs if the object being referenced is NULL to begin with - // Perhaps a different query should be used to find these caes if they represent a threat. - // Filter out any open ssl function source in a function namae Obj_* - // False positives in OpenSSL also observed for CRYPTO_strndup (filtering any CRYPTO_* function) - // due to setting a null byte in the string - (isPossibleOpenSSLFunction(source.getEnclosingCallable()) implies - not source.getEnclosingCallable().getName().matches("OBJ_%") and not source.getEnclosingCallable().getName().matches("CRYPTO_%")) - } +module LiteralAlgorithmTracerConfig implements DataFlow::ConfigSig { + predicate isSource(DataFlow::Node source) { + source.asExpr() instanceof Literal and + // Optimization to reduce literal tracing on integers to only those that are known/relevant NIDs. + ( + exists(source.asExpr().getValue().toInt()) + implies + source.asExpr().getValue().toInt() < getNIDMax() + ) and + // False positives observed inside OBJ_nid2* and OBJ_sn2* functions where NULL is a possible assignment. + // While this is a concern, it only occurs if the object being referenced is NULL to begin with + // Perhaps a different query should be used to find these caes if they represent a threat. + // Filter out any open ssl function source in a function namae Obj_* + // False positives in OpenSSL also observed for CRYPTO_strndup (filtering any CRYPTO_* function) + // due to setting a null byte in the string + ( + isPossibleOpenSSLFunction(source.getEnclosingCallable()) + implies + ( + not source.getEnclosingCallable().getName().matches("OBJ_%") and + not source.getEnclosingCallable().getName().matches("CRYPTO_%") + ) + ) + } - predicate isSink(DataFlow::Node sink){ - // A sink is a call to a function that takes an algorithm as an argument - // must include checks for asIndirectArgument since the input may be a pointer to an object - // and the member of the object holds the algorithm on the trace. - getExprFromNode(sink) instanceof AlgorithmSinkArgument - } + predicate isSink(DataFlow::Node sink) { + // A sink is a call to a function that takes an algorithm as an argument + // must include checks for asIndirectArgument since the input may be a pointer to an object + // and the member of the object holds the algorithm on the trace. + getExprFromNode(sink) instanceof AlgorithmSinkArgument + } - predicate isAdditionalFlowStep(DataFlow::Node node1, DataFlow::Node node2) { - knownPassThroughStep(node1, node2) - } + predicate isAdditionalFlowStep(DataFlow::Node node1, DataFlow::Node node2) { + knownPassThroughStep(node1, node2) + } - predicate isBarrier(DataFlow::Node node) { - // If the node is the 'next' argument of a isCallPassThrough, it is only allowed if it is an out parameter - // i.e., a defining argument. This barrier says that if the node is an expression not an out parameter, it is filtered. - // Out arguments will not be filtered. - exists(Call c | knownPassthoughCall(c, _, node.asExpr()) and c.getAnArgument() = node.asExpr()) - or - // False positive reducer, don't flow out through argv - node.asVariable().hasName("argv") - or - node.asIndirectVariable().hasName("argv") - } + predicate isBarrier(DataFlow::Node node) { + // If the node is the 'next' argument of a isCallPassThrough, it is only allowed if it is an out parameter + // i.e., a defining argument. This barrier says that if the node is an expression not an out parameter, it is filtered. + // Out arguments will not be filtered. + exists(Call c | knownPassthoughCall(c, _, node.asExpr()) and c.getAnArgument() = node.asExpr()) + or + // False positive reducer, don't flow out through argv + node.asVariable().hasName("argv") + or + node.asIndirectVariable().hasName("argv") + } - predicate allowImplicitRead(DataFlow::Node node, DataFlow::ContentSet c) { - // Assume a read on crypto identifying field for any object of type asn1_object_st (i.e., ASN1_OBJECT) - exists(Class cls | cls.getName() = "asn1_object_st" | - node.getType().getUnspecifiedType().stripType() = cls - and - c.(DataFlow::FieldContent).getField() = cls.getAMember() - and - c.(DataFlow::FieldContent).getField().getName() in ["nid", "sn", "ln"] - ) - } + predicate allowImplicitRead(DataFlow::Node node, DataFlow::ContentSet c) { + // Assume a read on crypto identifying field for any object of type asn1_object_st (i.e., ASN1_OBJECT) + exists(Class cls | cls.getName() = "asn1_object_st" | + node.getType().getUnspecifiedType().stripType() = cls and + c.(DataFlow::FieldContent).getField() = cls.getAMember() and + c.(DataFlow::FieldContent).getField().getName() in ["nid", "sn", "ln"] + ) + } } module LiteralAlgorithmTracer = DataFlow::Global; - + /** * `source` is an expression that is a source of an algorithm of type `algType`. - * `algType` may be `UNKONWN`. + * `algType` may be `UNKONWN`. * See CryptoAlgorithmNames for other possible values of `algType`. */ bindingset[sinkAlgType] -predicate hasLiteralPathToAlgSink(DataFlow::Node source, DataFlow::Node sink, string sinkAlgType){ - LiteralAlgorithmTracer::flow(source, sink) and getExprFromNode(sink).(AlgorithmSinkArgument).algType() = sinkAlgType +predicate hasLiteralPathToAlgSink(DataFlow::Node source, DataFlow::Node sink, string sinkAlgType) { + LiteralAlgorithmTracer::flow(source, sink) and + getExprFromNode(sink).(AlgorithmSinkArgument).algType() = sinkAlgType } -private predicate knownTracedAlgorithm(Literal e, string srcSinkType){ - knownTracedAlgorithm(e, srcSinkType, srcSinkType) +private predicate knownTracedAlgorithm(Literal e, string srcSinkType) { + knownTracedAlgorithm(e, srcSinkType, srcSinkType) } -private predicate knownTracedAlgorithm(Literal e, string srcType, string sinkType){ - resolveAlgorithmFromLiteral(e, _, srcType) - and hasLiteralPathToAlgSink(DataFlow::exprNode(e), _, sinkType) - and isKnownType(sinkType) - and isKnownType(srcType) +private predicate knownTracedAlgorithm(Literal e, string srcType, string sinkType) { + resolveAlgorithmFromLiteral(e, _, srcType) and + hasLiteralPathToAlgSink(DataFlow::exprNode(e), _, sinkType) and + isKnownType(sinkType) and + isKnownType(srcType) } -private predicate unknownTracedLiteralAlgorithm(Literal e, string srcSinkType){ - // Asymmetric special case: - // Since asymmetric algorithm sinks are used for various categories of asymmetric algorithms - // an asymmetric algorithm is only unknown if there is no trace from any asymmetric type to the given srcSinkType sink - if getAsymmetricType() = srcSinkType - then forall(string t | t =getAsymmetricType() | unknownTracedLiteralAlgorithm(e, t, srcSinkType)) - else unknownTracedLiteralAlgorithm(e, srcSinkType, srcSinkType) +private predicate unknownTracedLiteralAlgorithm(Literal e, string srcSinkType) { + // Asymmetric special case: + // Since asymmetric algorithm sinks are used for various categories of asymmetric algorithms + // an asymmetric algorithm is only unknown if there is no trace from any asymmetric type to the given srcSinkType sink + if getAsymmetricType() = srcSinkType + then forall(string t | t = getAsymmetricType() | unknownTracedLiteralAlgorithm(e, t, srcSinkType)) + else unknownTracedLiteralAlgorithm(e, srcSinkType, srcSinkType) } -private predicate unknownTracedLiteralAlgorithm(Literal e, string srcType, string sinkType){ - - // the literal resolves to an algorithm, but not to the sinktype - // or generally doesn't resolve to any algorithm type - // this case covers 'nonsense' cases e.g., use RSA for symmetric encryption - not resolveAlgorithmFromLiteral(e, _, srcType) - and isValidAlgorithmLiteral(e) - and hasLiteralPathToAlgSink(DataFlow::exprNode(e), _, sinkType) - and isKnownType(sinkType) - and isKnownType(srcType) +private predicate unknownTracedLiteralAlgorithm(Literal e, string srcType, string sinkType) { + // the literal resolves to an algorithm, but not to the sinktype + // or generally doesn't resolve to any algorithm type + // this case covers 'nonsense' cases e.g., use RSA for symmetric encryption + not resolveAlgorithmFromLiteral(e, _, srcType) and + isValidAlgorithmLiteral(e) and + hasLiteralPathToAlgSink(DataFlow::exprNode(e), _, sinkType) and + isKnownType(sinkType) and + isKnownType(srcType) } -private predicate unknownTracedNonLiteralAlgorithm(AlgorithmSinkArgument e, string srcSinkType){ - // Asymmetric special case: - // Since asymmetric algorithm sinks are used for various categories of asymmetric algorithms - // an asymmetric algorithm is only unknown if there is no trace from any asymmetric type to the given srcSinkType sink - if getAsymmetricType() = srcSinkType then - forall(string t | t =getAsymmetricType() | unknownTracedNonLiteralAlgorithm(e, t, srcSinkType)) - else - unknownTracedNonLiteralAlgorithm(e, srcSinkType, srcSinkType) +private predicate unknownTracedNonLiteralAlgorithm(AlgorithmSinkArgument e, string srcSinkType) { + // Asymmetric special case: + // Since asymmetric algorithm sinks are used for various categories of asymmetric algorithms + // an asymmetric algorithm is only unknown if there is no trace from any asymmetric type to the given srcSinkType sink + if getAsymmetricType() = srcSinkType + then + forall(string t | t = getAsymmetricType() | unknownTracedNonLiteralAlgorithm(e, t, srcSinkType)) + else unknownTracedNonLiteralAlgorithm(e, srcSinkType, srcSinkType) } -private predicate unknownTracedNonLiteralAlgorithm(AlgorithmSinkArgument e, string srcType, string sinkType){ - not hasLiteralPathToAlgSink(_, getNodeFromExpr(e), srcType) - and LiteralAlgorithmTracerConfig::isSink(getNodeFromExpr(e)) - and e.algType() = sinkType - and isKnownType(srcType) - and isKnownType(sinkType) +private predicate unknownTracedNonLiteralAlgorithm( + AlgorithmSinkArgument e, string srcType, string sinkType +) { + not hasLiteralPathToAlgSink(_, getNodeFromExpr(e), srcType) and + LiteralAlgorithmTracerConfig::isSink(getNodeFromExpr(e)) and + e.algType() = sinkType and + isKnownType(srcType) and + isKnownType(sinkType) } - -private predicate functionAlgorithm(Call c, string algType){ - isOpenSSLCryptoFunctionCall(c , _ , algType) +private predicate functionAlgorithm(Call c, string algType) { + isOpenSSLCryptoFunctionCall(c, _, algType) } abstract class OpenSSLTracedAlgorithm extends CryptographicAlgorithm { - override string getName(){ - resolveAlgorithmFromLiteral(this, result, this.getAlgType()) + override string getName() { resolveAlgorithmFromLiteral(this, result, this.getAlgType()) } + + override Expr configurationSink() { + exists(DataFlow::Node sink | + hasLiteralPathToAlgSink(DataFlow::exprNode(this), sink, this.getAlgType()) + | + result = getExprFromNode(sink) + ) + } +} + +abstract class OpenSSLFunctionAlgorithm extends CryptographicAlgorithm { + override string getName() { isOpenSSLCryptoFunctionCall(this, result, this.getAlgType()) } + + override Expr configurationSink() { result = this } +} + +abstract class OpenSSLUnknownTracedLiteralAlgorithm extends CryptographicAlgorithm { + override string getName() { result = unknownAlgorithm() } + + override Expr configurationSink() { + exists(DataFlow::Node sink | + hasLiteralPathToAlgSink(DataFlow::exprNode(this), sink, this.getAlgType()) + | + result = getExprFromNode(sink) + ) + } +} + +abstract class OpenSSLUnknownTracedNonLiteralAlgorithm extends CryptographicAlgorithm { + override string getName() { result = unknownAlgorithm() } + + override Expr configurationSink() { result = this } +} + +module SymmetricEncryption { + abstract class OpenSSLSymmetricEncryptionAlgorithm extends SymmetricEncryptionAlgorithm { } + + class OpenSSLSymmetricEncryptionTracedAlgorithm extends OpenSSLTracedAlgorithm, + OpenSSLSymmetricEncryptionAlgorithm + { + OpenSSLSymmetricEncryptionTracedAlgorithm() { + knownTracedAlgorithm(this, getSymmetricEncryptionType()) + } + } + + class OpenSSLSymmetricEncryptionFunctionAlgorithm extends OpenSSLFunctionAlgorithm, + OpenSSLSymmetricEncryptionAlgorithm + { + OpenSSLSymmetricEncryptionFunctionAlgorithm() { + functionAlgorithm(this, getSymmetricEncryptionType()) + } + } + + class OpenSSLSymmetricEncryptionTracedUnknownLiteralAlgorithm extends OpenSSLUnknownTracedLiteralAlgorithm, + OpenSSLSymmetricEncryptionAlgorithm + { + OpenSSLSymmetricEncryptionTracedUnknownLiteralAlgorithm() { + unknownTracedLiteralAlgorithm(this, getSymmetricEncryptionType()) + } + } + + class OpenSSLSymmetricEncryptionUnknownNonLiteralTracedAlgorithm extends OpenSSLUnknownTracedNonLiteralAlgorithm, + OpenSSLSymmetricEncryptionAlgorithm + { + OpenSSLSymmetricEncryptionUnknownNonLiteralTracedAlgorithm() { + unknownTracedNonLiteralAlgorithm(this, getSymmetricEncryptionType()) + } + } +} + +module BlockModes { + /** + * In OpenSSL, block modes are associated directly with symmetric encryption algorithms. + * As such, OpenSSLBLockModes are modeled as extensions of any openssl symmetric encryption algorithm + */ + class OpenSSLBlockModeAlgorithm extends BlockModeAlgorithm, Expr instanceof SymmetricEncryption::OpenSSLSymmetricEncryptionAlgorithm + { + OpenSSLBlockModeAlgorithm() { + //two cases, either the block mode is a literal or it is a function call + resolveAlgorithmFromLiteral(this, _, "BLOCK_MODE") + or + isOpenSSLCryptoFunctionCall(this, _, "BLOCK_MODE") } - override Expr configurationSink(){ - exists(DataFlow::Node sink | - hasLiteralPathToAlgSink(DataFlow::exprNode(this), sink, this.getAlgType()) | - result = getExprFromNode(sink) + override string getName() { + resolveAlgorithmFromLiteral(this, result, "BLOCK_MODE") + or + isOpenSSLCryptoFunctionCall(this, result, "BLOCK_MODE") + } + + override Expr configurationSink() { + result = this.(SymmetricEncryption::OpenSSLSymmetricEncryptionAlgorithm).configurationSink() + } + + override Expr getIVorNonce() { + // TODO + none() + } + } + + class UnknownOpenSSLBlockModeAlgorithm extends BlockModeAlgorithm, Expr instanceof SymmetricEncryption::OpenSSLSymmetricEncryptionAlgorithm + { + UnknownOpenSSLBlockModeAlgorithm() { + //two cases, either the block mode is a literal or it is a function call + not resolveAlgorithmFromLiteral(this, _, "BLOCK_MODE") and + not isOpenSSLCryptoFunctionCall(this, _, "BLOCK_MODE") + } + + override string getName() { result = unknownAlgorithm() } + + override Expr configurationSink() { + result = this.(SymmetricEncryption::OpenSSLSymmetricEncryptionAlgorithm).configurationSink() + } + + override Expr getIVorNonce() { none() } + } +} + +module Hashes { + abstract class OpenSSLHashAlgorithm extends HashAlgorithm { } + + class OpenSSLHashTracedAlgorithm extends OpenSSLTracedAlgorithm, OpenSSLHashAlgorithm { + OpenSSLHashTracedAlgorithm() { knownTracedAlgorithm(this, getHashType()) } + } + + class OpenSSLHashFunctionAlgorithm extends OpenSSLFunctionAlgorithm, OpenSSLHashAlgorithm { + OpenSSLHashFunctionAlgorithm() { functionAlgorithm(this, getHashType()) } + } + + class OpenSSLHashTracedUnknownLiteralAlgorithm extends OpenSSLUnknownTracedLiteralAlgorithm, + OpenSSLHashAlgorithm + { + OpenSSLHashTracedUnknownLiteralAlgorithm() { + unknownTracedLiteralAlgorithm(this, getHashType()) + } + } + + class OpenSSLHashUnknownNonLiteralTracedAlgorithm extends OpenSSLUnknownTracedNonLiteralAlgorithm, + OpenSSLHashAlgorithm + { + OpenSSLHashUnknownNonLiteralTracedAlgorithm() { + unknownTracedNonLiteralAlgorithm(this, getHashType()) + } + } + + class OpenSSLNullHash extends HashAlgorithm { + OpenSSLNullHash() { + exists(Call c | + this = c and + isPossibleOpenSSLFunction(c.getTarget()) and + c.getTarget().getName() in ["EVP_md_null"] + ) + } + + override string getName() { result = unknownAlgorithm() } + + override Expr configurationSink() { result = this } + } +} + +module EllipticCurves { + // TODO: need to address EVP_PKEY_Q_keygen where the type is "EC" but the curve is UNKNOWN? + class OpenSSLEllipticCurveTracedAlgorithm extends OpenSSLTracedAlgorithm, EllipticCurveAlgorithm { + OpenSSLEllipticCurveTracedAlgorithm() { knownTracedAlgorithm(this, getEllipticCurveType()) } + } + + class OpenSSLEllipticCurveFunctionAlgorithm extends OpenSSLFunctionAlgorithm, + EllipticCurveAlgorithm + { + OpenSSLEllipticCurveFunctionAlgorithm() { functionAlgorithm(this, getEllipticCurveType()) } + } + + class OpenSSLEllipticCurveTracedUnknownLiteralAlgorithm extends OpenSSLUnknownTracedLiteralAlgorithm, + EllipticCurveAlgorithm + { + OpenSSLEllipticCurveTracedUnknownLiteralAlgorithm() { + unknownTracedLiteralAlgorithm(this, getEllipticCurveType()) + } + } + + class OpenSSLEllipticCurvehUnknownNonLiteralTracedAlgorithm extends OpenSSLUnknownTracedNonLiteralAlgorithm, + EllipticCurveAlgorithm + { + OpenSSLEllipticCurvehUnknownNonLiteralTracedAlgorithm() { + unknownTracedNonLiteralAlgorithm(this, getEllipticCurveType()) + } + } + + // https://www.openssl.org/docs/manmaster/man3/EC_KEY_new_ex.html + class OpenSSLNullEllipticCurve extends EllipticCurveAlgorithm { + OpenSSLNullEllipticCurve() { + exists(Call c | + this = c and + isPossibleOpenSSLFunction(c.getTarget()) and + c.getTarget().getName() in ["EC_KEY_new", "EC_KEY_new_ex"] + ) + } + + override string getName() { result = unknownAlgorithm() } + + override Expr configurationSink() { result = this } + } +} + +module AsymmetricEncryption { + class OpenSSLAsymmetricEncryptionTracedAlgorithm extends OpenSSLTracedAlgorithm, + AsymmetricEncryptionAlgorithm + { + OpenSSLAsymmetricEncryptionTracedAlgorithm() { + knownTracedAlgorithm(this, getAsymmetricEncryptionType()) + } + } + + class OpenSSLAsymmetricEncryptionFunctionAlgorithm extends OpenSSLFunctionAlgorithm, + AsymmetricEncryptionAlgorithm + { + OpenSSLAsymmetricEncryptionFunctionAlgorithm() { + functionAlgorithm(this, getAsymmetricEncryptionType()) + } + } + + class OpenSSLAsymmetricEncryptionTracedUnknownLiteralAlgorithm extends OpenSSLUnknownTracedLiteralAlgorithm, + AsymmetricEncryptionAlgorithm + { + OpenSSLAsymmetricEncryptionTracedUnknownLiteralAlgorithm() { + unknownTracedLiteralAlgorithm(this, getAsymmetricEncryptionType()) + } + } + + class OpenSSLAsymmetricEncryptionUnknownNonLiteralTracedAlgorithm extends OpenSSLUnknownTracedNonLiteralAlgorithm, + AsymmetricEncryptionAlgorithm + { + OpenSSLAsymmetricEncryptionUnknownNonLiteralTracedAlgorithm() { + unknownTracedNonLiteralAlgorithm(this, getAsymmetricEncryptionType()) + } + } +} + +module SigningAlgorithms { + class OpenSSLSignatureTracedAlgorithm extends OpenSSLTracedAlgorithm, SigningAlgorithm { + OpenSSLSignatureTracedAlgorithm() { knownTracedAlgorithm(this, getSignatureType()) } + } + + class OpenSSLSignatureFunctionAlgorithm extends OpenSSLFunctionAlgorithm, SigningAlgorithm { + OpenSSLSignatureFunctionAlgorithm() { functionAlgorithm(this, getSignatureType()) } + } + + class OpenSSLSignatureTracedUnknownLiteralAlgorithm extends OpenSSLUnknownTracedLiteralAlgorithm, + SigningAlgorithm + { + OpenSSLSignatureTracedUnknownLiteralAlgorithm() { + unknownTracedLiteralAlgorithm(this, getSignatureType()) + } + } + + class OpenSSLSignatureUnknownNonLiteralTracedAlgorithm extends OpenSSLUnknownTracedNonLiteralAlgorithm, + SigningAlgorithm + { + OpenSSLSignatureUnknownNonLiteralTracedAlgorithm() { + unknownTracedNonLiteralAlgorithm(this, getSignatureType()) + } + } +} + +module KeyExchange { + class OpenSSLKeyExchangeTracedAlgorithm extends OpenSSLTracedAlgorithm, KeyExchangeAlgorithm { + OpenSSLKeyExchangeTracedAlgorithm() { knownTracedAlgorithm(this, getKeyExchangeType()) } + } + + class OpenSSLKeyExchangeFunctionAlgorithm extends OpenSSLFunctionAlgorithm, KeyExchangeAlgorithm { + OpenSSLKeyExchangeFunctionAlgorithm() { functionAlgorithm(this, getKeyExchangeType()) } + } + + class OpenSSLKeyExchangeTracedUnknownLiteralAlgorithm extends OpenSSLUnknownTracedLiteralAlgorithm, + KeyExchangeAlgorithm + { + OpenSSLKeyExchangeTracedUnknownLiteralAlgorithm() { + unknownTracedLiteralAlgorithm(this, getKeyExchangeType()) + } + } + + class OpenSSLKeyExchangeUnknownNonLiteralTracedAlgorithm extends OpenSSLUnknownTracedNonLiteralAlgorithm, + KeyExchangeAlgorithm + { + OpenSSLKeyExchangeUnknownNonLiteralTracedAlgorithm() { + unknownTracedNonLiteralAlgorithm(this, getKeyExchangeType()) + } + } +} + +module KeyGeneration { + /** + * Functions that explicitly set key generation parameters. + * `sizeInd` is the parameter specifying the size of the key. + * `outInd` is the parameter or return value that the key is written to. + * `outInd` is -1 if the key is written to the return value. + */ + predicate isAsymmetricKeyGenExplicitAlgorithm(Function func, int sizeInd, int outInd) { + isPossibleOpenSSLFunction(func) and + exists(string name | func.hasGlobalName(name) | + name in [ + "EVP_PKEY_CTX_set_dsa_paramgen_bits", "DSA_generate_parameters_ex", + "EVP_PKEY_CTX_set_rsa_keygen_bits", "RSA_generate_key_ex", "RSA_generate_key_fips", + "EVP_PKEY_CTX_set_dh_paramgen_prime_len", "DH_generate_parameters_ex" + ] and + sizeInd = 1 and + outInd = 0 + or + name in ["DSA_generate_parameters", "RSA_generate_key", "DH_generate_parameters"] and + sizeInd = 0 and + outInd = -1 + ) and + exists(Type t | + ( + if sizeInd = -1 + then t = func.getType().getUnderlyingType() + else t = func.getParameter(sizeInd).getUnderlyingType() + ) and + t instanceof IntegralType and + not t instanceof CharType + ) + } + + module AsymExplicitAlgKeyLengthFlowConfig implements DataFlow::ConfigSig { + predicate isSource(DataFlow::Node node) { + // Optimizations to avoid tracing all integers + node.asExpr().(Literal).getValue().toInt() > 0 and // exclude sentinel values + node.asExpr().(Literal).getValue().toInt() < 8500 + } + + predicate isSink(DataFlow::Node node) { + exists(FunctionCall c, int sizeInd | + isAsymmetricKeyGenExplicitAlgorithm(c.getTarget(), sizeInd, _) and + c.getArgument(sizeInd) = node.asExpr() + ) + } + } + + module AsymExplicitAlgKeyLengthFlow = DataFlow::Global; + + class OpenSSLAsymmetricKeyGenTiedToAlgorithm extends AsymmetricKeyGeneration { + OpenSSLAsymmetricKeyGenTiedToAlgorithm() { + exists(Call c | + this = c and + isPossibleOpenSSLFunction(c.getTarget()) and + isAsymmetricKeyGenExplicitAlgorithm(c.getTarget(), _, _) + ) + } + + override CryptographicAlgorithm getAlgorithm() { result = this } + + override Expr getKeyConfigurationSource(CryptographicAlgorithm alg) { + alg = this and + exists(int sizeInd | + isAsymmetricKeyGenExplicitAlgorithm(this.getTarget(), sizeInd, _) and + AsymExplicitAlgKeyLengthFlow::flow(DataFlow::exprNode(result), + DataFlow::exprNode(this.getArgument(sizeInd))) + ) + } + } + + module Length_to_RSA_EVP_PKEY_Q_keygen_Config implements DataFlow::ConfigSig { + predicate isSource(DataFlow::Node node) { + // Optimizations to avoid tracing all integers + node.asExpr().(Literal).getValue().toInt() > 0 and // exclude sentinel values + node.asExpr().(Literal).getValue().toInt() < 5000 + } + + predicate isSink(DataFlow::Node node) { + exists(FunctionCall c | + c.getTarget().getName() = "EVP_PKEY_Q_keygen" and + isPossibleOpenSSLFunction(c.getTarget()) and + c.getArgument(3) = node.asExpr() + ) + } + } + + module Length_to_RSA_EVP_PKEY_Q_keygen_Flow = + DataFlow::Global; + + class OpenSSL_RSA_EVP_PKEY_Q_keygen extends AsymmetricKeyGeneration { + OpenSSL_RSA_EVP_PKEY_Q_keygen() { + exists(Call c | + this = c and + isPossibleOpenSSLFunction(c.getTarget()) and + this.getTarget().getName() = "EVP_PKEY_Q_keygen" and + this.getArgument(3).getUnderlyingType() instanceof IntegralType + ) + } + + override CryptographicAlgorithm getAlgorithm() { + result.configurationSink().(AlgorithmSinkArgument).getSinkCall() = this + } + + override Expr getKeyConfigurationSource(CryptographicAlgorithm alg) { + alg = this.getAlgorithm() and + Length_to_RSA_EVP_PKEY_Q_keygen_Flow::flow(DataFlow::exprNode(result), + DataFlow::exprNode(this.getArgument(3))) + } + } + + predicate isKeyGenOperationWithNoSize(Function func) { + isPossibleOpenSSLFunction(func) and + exists(string name | func.hasGlobalName(name) | + name in ["EVP_PKEY_keygen", "DSA_generate_key", "DH_generate_key", "EVP_PKEY_generate"] + ) + } + + module KeyGenKeySizeInitToKeyGenConfig implements DataFlow::ConfigSig { + predicate isSource(DataFlow::Node node) { + exists(Call c, Function func, int outInd | + isAsymmetricKeyGenExplicitAlgorithm(func, _, outInd) and + c.getTarget() = func + | + if outInd = -1 then node.asExpr() = c else node.asExpr() = c.getArgument(outInd) + ) + } + + predicate isSink(DataFlow::Node node) { + exists(Call c | + isKeyGenOperationWithNoSize(c.getTarget()) and c.getAnArgument() = node.asExpr() + ) + } + } + + module KeyGenKeySizeInitToKeyGenFlow = DataFlow::Global; + + predicate isEVP_PKEY_CTX_Source(DataFlow::Node node, CryptographicAlgorithm alg) { + exists(Call c | + alg.configurationSink().(AlgorithmSinkArgument).getSinkCall() = c and + ( + node.asExpr() = c + or + node.asExpr() = c.getAnArgument() + or + node.asDefiningArgument() = c.getAnArgument() + ) + ) and + ( + node.asExpr() instanceof Known_EVP_PKEY_CTX_Ptr_Source + or + node.asDefiningArgument() instanceof Known_EVP_PKEY_CTX_Ptr_Source + ) + } + + predicate isKeyGen_EVP_PKEY_CTX_Sink(DataFlow::Node node, Call c) { + isKeyGenOperationWithNoSize(c.getTarget()) and nodeToExpr(node, c.getAnArgument()) + } + + /** + * Trace from EVP_PKEY_CTX* at algorithm sink to keygen, + * users can then extrapolatae the matching algorithm from the alg sink to the keygen + */ + module EVP_PKEY_CTX_Ptr_Source_to_KeyGenOperationWithNoSize implements DataFlow::ConfigSig { + predicate isSource(DataFlow::Node source) { isEVP_PKEY_CTX_Source(source, _) } + + predicate isSink(DataFlow::Node sink) { isKeyGen_EVP_PKEY_CTX_Sink(sink, _) } + } + + module EVP_PKEY_CTX_Ptr_Source_to_KeyGenOperationWithNoSize_Flow = + DataFlow::Global; + + /** + * UNKNOWN key sizes to general purpose key generation functions (i.e., that take in no key size and assume + * is it set on context prior to the call). No path from a key configuration to these operations + * means the key size is UNKNOWN, or more precisely the key size is DEFAULT but + * the defaults can change with each version of OpenSSL, we simply assume the size is generally UNKNOWN. + * ASSUMPTION/TODO: we currently model all known locations where a key size is set explicitly. + * When a key is set implicitly, this usually means a key generation operation + * is called where the operation takes in no key size, and no flow to this operation + * initializes the context with a key size. + * Currently, without a definitive source (set of sources) to start tracing from, we cannot determine + * determine if a single path exists that initializes the context with a key size and another that doesn't. + * Rather than attempt to model all possible sources, we assume that if no path + * from a key config location reaches a generic key generation operation, then the key size is not set. + * NOTE: while this is true, it is possible a key size is set in one path, but not in another + * meaning this approach (and other similar approaches used in this model for UNKNOWN) + * can produce false negatives. + */ + class OpenSSLDefaultKeyGeneration extends AsymmetricKeyGeneration { + OpenSSLDefaultKeyGeneration() { + // this is a call to a function matching isKeyGenOperationWithNoSize + // and there is no flow from a key configuration source to this call + exists(Call c | + this = c and + isKeyGenOperationWithNoSize(this.getTarget()) and + not exists(DataFlow::Node src, DataFlow::Node sink | + KeyGenKeySizeInitToKeyGenFlow::flow(src, sink) and + nodeToExpr(sink, this.getAnArgument()) + ) + ) + } + + override CryptographicAlgorithm getAlgorithm() { + if this.getTarget().getName() in ["DSA_generate_key", "DH_generate_key"] + then result = this + else + // NOTE/ASSUMPTION: EVP_PKEY_keygen, EVP_PKEY_generate assume only other possibilities, + // each take in a CTX as the first arg, need to trace from an alg sink from this CTX param + // get every alg sink, get the corresponding call, trace out on any CTX type variable + // to the key gen + // NOTE: looking for any cryptographic algorithm tracing to the keygen to handle + // any odd cases we aren't awaare of where keygen can be used for other algorithm types + exists(DataFlow::Node src, DataFlow::Node sink | + EVP_PKEY_CTX_Ptr_Source_to_KeyGenOperationWithNoSize_Flow::flow(src, sink) and + isEVP_PKEY_CTX_Source(src, result) and + isKeyGen_EVP_PKEY_CTX_Sink(sink, this) + // TODO: what if there is no CTX source? then the keygen becomes an UNKNOWN sink ) } -} - -abstract class OpenSSLFunctionAlgorithm extends CryptographicAlgorithm{ - override string getName(){ - isOpenSSLCryptoFunctionCall(this , result , this.getAlgType()) - } - - override Expr configurationSink(){ - result = this - } -} - -abstract class OpenSSLUnknownTracedLiteralAlgorithm extends CryptographicAlgorithm{ - - override string getName(){ - result = unknownAlgorithm() - } - - override Expr configurationSink(){ - exists(DataFlow::Node sink | - hasLiteralPathToAlgSink(DataFlow::exprNode(this), sink, this.getAlgType()) | - result = getExprFromNode(sink) - ) - } -} - - -abstract class OpenSSLUnknownTracedNonLiteralAlgorithm extends CryptographicAlgorithm{ - override string getName(){ - result = unknownAlgorithm() - } - - override Expr configurationSink(){ - result = this - } -} - -module SymmetricEncryption{ - abstract class OpenSSLSymmetricEncryptionAlgorithm extends SymmetricEncryptionAlgorithm - {} - - class OpenSSLSymmetricEncryptionTracedAlgorithm extends OpenSSLTracedAlgorithm, OpenSSLSymmetricEncryptionAlgorithm{ - OpenSSLSymmetricEncryptionTracedAlgorithm(){ - knownTracedAlgorithm(this, getSymmetricEncryptionType()) - } - } - - class OpenSSLSymmetricEncryptionFunctionAlgorithm extends OpenSSLFunctionAlgorithm, OpenSSLSymmetricEncryptionAlgorithm{ - OpenSSLSymmetricEncryptionFunctionAlgorithm(){ - functionAlgorithm(this , getSymmetricEncryptionType()) - } - - } - - class OpenSSLSymmetricEncryptionTracedUnknownLiteralAlgorithm extends OpenSSLUnknownTracedLiteralAlgorithm, OpenSSLSymmetricEncryptionAlgorithm{ - OpenSSLSymmetricEncryptionTracedUnknownLiteralAlgorithm(){ - unknownTracedLiteralAlgorithm(this, getSymmetricEncryptionType()) - } - - } - - class OpenSSLSymmetricEncryptionUnknownNonLiteralTracedAlgorithm extends OpenSSLUnknownTracedNonLiteralAlgorithm, OpenSSLSymmetricEncryptionAlgorithm{ - OpenSSLSymmetricEncryptionUnknownNonLiteralTracedAlgorithm(){ - unknownTracedNonLiteralAlgorithm(this, getSymmetricEncryptionType()) - } - } -} - -module BlockModes{ /** - * In OpenSSL, block modes are associated directly with symmetric encryption algorithms. - * As such, OpenSSLBLockModes are modeled as extensions of any openssl symmetric encryption algorithm + * For this class, there is no known configuration source for any algorithm */ - class OpenSSLBlockModeAlgorithm extends BlockModeAlgorithm, Expr instanceof SymmetricEncryption::OpenSSLSymmetricEncryptionAlgorithm{ - OpenSSLBlockModeAlgorithm(){ - //two cases, either the block mode is a literal or it is a function call - resolveAlgorithmFromLiteral(this, _, "BLOCK_MODE") - or - isOpenSSLCryptoFunctionCall(this, _, "BLOCK_MODE") - } - - override string getName(){ - resolveAlgorithmFromLiteral(this, result, "BLOCK_MODE") - or - isOpenSSLCryptoFunctionCall(this, result, "BLOCK_MODE") - - } - - override Expr configurationSink(){ - result = this.(SymmetricEncryption::OpenSSLSymmetricEncryptionAlgorithm).configurationSink() - } - - override Expr getIVorNonce(){ - // TODO - none() - } - } - - class UnknownOpenSSLBlockModeAlgorithm extends BlockModeAlgorithm, Expr instanceof SymmetricEncryption::OpenSSLSymmetricEncryptionAlgorithm{ - UnknownOpenSSLBlockModeAlgorithm(){ - //two cases, either the block mode is a literal or it is a function call - not resolveAlgorithmFromLiteral(this, _, "BLOCK_MODE") - and - not isOpenSSLCryptoFunctionCall(this, _, "BLOCK_MODE") - } - - override string getName(){ - result = unknownAlgorithm() - } - - override Expr configurationSink(){ - result = this.(SymmetricEncryption::OpenSSLSymmetricEncryptionAlgorithm).configurationSink() - } - - override Expr getIVorNonce(){ - none() - } - } -} - -module Hashes{ - abstract class OpenSSLHashAlgorithm extends HashAlgorithm - {} - - class OpenSSLHashTracedAlgorithm extends OpenSSLTracedAlgorithm, OpenSSLHashAlgorithm{ - OpenSSLHashTracedAlgorithm(){ - knownTracedAlgorithm(this, getHashType()) - } - } - - class OpenSSLHashFunctionAlgorithm extends OpenSSLFunctionAlgorithm, OpenSSLHashAlgorithm{ - OpenSSLHashFunctionAlgorithm(){ - functionAlgorithm(this, getHashType()) - } - - } - - class OpenSSLHashTracedUnknownLiteralAlgorithm extends OpenSSLUnknownTracedLiteralAlgorithm, OpenSSLHashAlgorithm{ - OpenSSLHashTracedUnknownLiteralAlgorithm(){ - unknownTracedLiteralAlgorithm(this, getHashType()) - } - } - - class OpenSSLHashUnknownNonLiteralTracedAlgorithm extends OpenSSLUnknownTracedNonLiteralAlgorithm, OpenSSLHashAlgorithm{ - OpenSSLHashUnknownNonLiteralTracedAlgorithm(){ - unknownTracedNonLiteralAlgorithm(this, getHashType()) - } - } - - - class OpenSSLNullHash extends HashAlgorithm{ - OpenSSLNullHash(){ - exists(Call c | this = c and isPossibleOpenSSLFunction(c.getTarget()) and - c.getTarget().getName() in ["EVP_md_null"]) - } - - override string getName(){ - result = unknownAlgorithm() - } - - override Expr configurationSink(){ - result = this - } - } -} - -module EllipticCurves{ - // TODO: need to address EVP_PKEY_Q_keygen where the type is "EC" but the curve is UNKNOWN? - class OpenSSLEllipticCurveTracedAlgorithm extends OpenSSLTracedAlgorithm, EllipticCurveAlgorithm{ - OpenSSLEllipticCurveTracedAlgorithm(){ - knownTracedAlgorithm(this, getEllipticCurveType()) - } - } - - class OpenSSLEllipticCurveFunctionAlgorithm extends OpenSSLFunctionAlgorithm, EllipticCurveAlgorithm{ - OpenSSLEllipticCurveFunctionAlgorithm(){ - functionAlgorithm(this, getEllipticCurveType()) - } - - } - - class OpenSSLEllipticCurveTracedUnknownLiteralAlgorithm extends OpenSSLUnknownTracedLiteralAlgorithm, EllipticCurveAlgorithm{ - OpenSSLEllipticCurveTracedUnknownLiteralAlgorithm(){ - unknownTracedLiteralAlgorithm(this, getEllipticCurveType()) - } - } - - class OpenSSLEllipticCurvehUnknownNonLiteralTracedAlgorithm extends OpenSSLUnknownTracedNonLiteralAlgorithm, EllipticCurveAlgorithm{ - OpenSSLEllipticCurvehUnknownNonLiteralTracedAlgorithm(){ - unknownTracedNonLiteralAlgorithm(this, getEllipticCurveType()) - } - } - - // https://www.openssl.org/docs/manmaster/man3/EC_KEY_new_ex.html - class OpenSSLNullEllipticCurve extends EllipticCurveAlgorithm{ - OpenSSLNullEllipticCurve(){ - exists(Call c | this = c and isPossibleOpenSSLFunction(c.getTarget()) and c.getTarget().getName() in ["EC_KEY_new", "EC_KEY_new_ex"]) - } - - override string getName(){ - result = unknownAlgorithm() - } - - override Expr configurationSink(){ - result = this - } - } -} - -module AsymmetricEncryption{ - class OpenSSLAsymmetricEncryptionTracedAlgorithm extends OpenSSLTracedAlgorithm, AsymmetricEncryptionAlgorithm{ - OpenSSLAsymmetricEncryptionTracedAlgorithm(){ - knownTracedAlgorithm(this, getAsymmetricEncryptionType()) - } - } - - class OpenSSLAsymmetricEncryptionFunctionAlgorithm extends OpenSSLFunctionAlgorithm, AsymmetricEncryptionAlgorithm{ - OpenSSLAsymmetricEncryptionFunctionAlgorithm(){ - functionAlgorithm(this, getAsymmetricEncryptionType()) - } - } - - class OpenSSLAsymmetricEncryptionTracedUnknownLiteralAlgorithm extends OpenSSLUnknownTracedLiteralAlgorithm, AsymmetricEncryptionAlgorithm{ - OpenSSLAsymmetricEncryptionTracedUnknownLiteralAlgorithm(){ - unknownTracedLiteralAlgorithm(this, getAsymmetricEncryptionType()) - } - } - - class OpenSSLAsymmetricEncryptionUnknownNonLiteralTracedAlgorithm extends OpenSSLUnknownTracedNonLiteralAlgorithm, AsymmetricEncryptionAlgorithm{ - OpenSSLAsymmetricEncryptionUnknownNonLiteralTracedAlgorithm(){ - unknownTracedNonLiteralAlgorithm(this, getAsymmetricEncryptionType()) - } - } -} - - -module SigningAlgorithms{ - class OpenSSLSignatureTracedAlgorithm extends OpenSSLTracedAlgorithm, SigningAlgorithm{ - OpenSSLSignatureTracedAlgorithm(){ - knownTracedAlgorithm(this, getSignatureType()) - } - } - - class OpenSSLSignatureFunctionAlgorithm extends OpenSSLFunctionAlgorithm, SigningAlgorithm{ - OpenSSLSignatureFunctionAlgorithm(){ - functionAlgorithm(this, getSignatureType()) - } - } - - class OpenSSLSignatureTracedUnknownLiteralAlgorithm extends OpenSSLUnknownTracedLiteralAlgorithm, SigningAlgorithm{ - OpenSSLSignatureTracedUnknownLiteralAlgorithm(){ - unknownTracedLiteralAlgorithm(this, getSignatureType()) - } - } - - class OpenSSLSignatureUnknownNonLiteralTracedAlgorithm extends OpenSSLUnknownTracedNonLiteralAlgorithm, SigningAlgorithm{ - OpenSSLSignatureUnknownNonLiteralTracedAlgorithm(){ - unknownTracedNonLiteralAlgorithm(this, getSignatureType()) - } - } -} - - -module KeyExchange{ - class OpenSSLKeyExchangeTracedAlgorithm extends OpenSSLTracedAlgorithm, KeyExchangeAlgorithm{ - OpenSSLKeyExchangeTracedAlgorithm(){ - knownTracedAlgorithm(this, getKeyExchangeType()) - } - } - - class OpenSSLKeyExchangeFunctionAlgorithm extends OpenSSLFunctionAlgorithm, KeyExchangeAlgorithm{ - OpenSSLKeyExchangeFunctionAlgorithm(){ - functionAlgorithm(this, getKeyExchangeType()) - } - } - - class OpenSSLKeyExchangeTracedUnknownLiteralAlgorithm extends OpenSSLUnknownTracedLiteralAlgorithm, KeyExchangeAlgorithm{ - OpenSSLKeyExchangeTracedUnknownLiteralAlgorithm(){ - unknownTracedLiteralAlgorithm(this, getKeyExchangeType()) - } - } - - class OpenSSLKeyExchangeUnknownNonLiteralTracedAlgorithm extends OpenSSLUnknownTracedNonLiteralAlgorithm, KeyExchangeAlgorithm{ - OpenSSLKeyExchangeUnknownNonLiteralTracedAlgorithm(){ - unknownTracedNonLiteralAlgorithm(this, getKeyExchangeType()) - } - } -} - -module KeyGeneration{ - - /** - * Functions that explicitly set key generation parameters. - * `sizeInd` is the parameter specifying the size of the key. - * `outInd` is the parameter or return value that the key is written to. - * `outInd` is -1 if the key is written to the return value. - */ - predicate isAsymmetricKeyGenExplicitAlgorithm(Function func, int sizeInd, int outInd){ - isPossibleOpenSSLFunction(func) and - exists(string name | func.hasGlobalName(name) | - ( - name in [ - "EVP_PKEY_CTX_set_dsa_paramgen_bits", "DSA_generate_parameters_ex", - "EVP_PKEY_CTX_set_rsa_keygen_bits", "RSA_generate_key_ex", "RSA_generate_key_fips", - "EVP_PKEY_CTX_set_dh_paramgen_prime_len", "DH_generate_parameters_ex" - ] and - sizeInd = 1 and outInd = 0 - ) - or - ( - name in ["DSA_generate_parameters", "RSA_generate_key", "DH_generate_parameters"] and - sizeInd = 0 and outInd = -1 - ) - ) - and - exists(Type t | - (if sizeInd = -1 - then t = func.getType().getUnderlyingType() - else t = func.getParameter(sizeInd).getUnderlyingType()) - and - t instanceof IntegralType and - not t instanceof CharType - ) - } - - - module AsymExplicitAlgKeyLengthFlowConfig implements DataFlow::ConfigSig { - predicate isSource(DataFlow::Node node) { - // Optimizations to avoid tracing all integers - node.asExpr().(Literal).getValue().toInt() > 0 and // exclude sentinel values - node.asExpr().(Literal).getValue().toInt() < 8500 - } - - predicate isSink(DataFlow::Node node) { - exists(FunctionCall c, int sizeInd | - isAsymmetricKeyGenExplicitAlgorithm(c.getTarget(), sizeInd, _) and - c.getArgument(sizeInd) = node.asExpr()) - } - } - - module AsymExplicitAlgKeyLengthFlow = DataFlow::Global; - - class OpenSSLAsymmetricKeyGenTiedToAlgorithm extends AsymmetricKeyGeneration{ - OpenSSLAsymmetricKeyGenTiedToAlgorithm(){ - exists(Call c | - this = c and isPossibleOpenSSLFunction(c.getTarget()) and - isAsymmetricKeyGenExplicitAlgorithm(c.getTarget(), _, _)) - } - - override CryptographicAlgorithm getAlgorithm(){ - result = this - } - - override Expr getKeyConfigurationSource(CryptographicAlgorithm alg){ - alg = this and - exists(int sizeInd | isAsymmetricKeyGenExplicitAlgorithm(this.getTarget(), sizeInd, _) and - AsymExplicitAlgKeyLengthFlow::flow(DataFlow::exprNode(result), DataFlow::exprNode(this.getArgument(sizeInd)))) - } - } - - - module Length_to_RSA_EVP_PKEY_Q_keygen_Config implements DataFlow::ConfigSig { - predicate isSource(DataFlow::Node node) { - // Optimizations to avoid tracing all integers - node.asExpr().(Literal).getValue().toInt() > 0 and // exclude sentinel values - node.asExpr().(Literal).getValue().toInt() < 5000 - } - - predicate isSink(DataFlow::Node node) { - exists(FunctionCall c| - c.getTarget().getName() = "EVP_PKEY_Q_keygen" and - isPossibleOpenSSLFunction(c.getTarget()) and - c.getArgument(3) = node.asExpr()) - } - } - - module Length_to_RSA_EVP_PKEY_Q_keygen_Flow = DataFlow::Global; - - - class OpenSSL_RSA_EVP_PKEY_Q_keygen extends AsymmetricKeyGeneration{ - OpenSSL_RSA_EVP_PKEY_Q_keygen(){ - exists(Call c | - this = c and - isPossibleOpenSSLFunction(c.getTarget()) and - this.getTarget().getName() = "EVP_PKEY_Q_keygen" and - this.getArgument(3).getUnderlyingType() instanceof IntegralType) - } - - override CryptographicAlgorithm getAlgorithm(){ - result.configurationSink().(AlgorithmSinkArgument).getSinkCall() = this - } - - override Expr getKeyConfigurationSource(CryptographicAlgorithm alg){ - alg = this.getAlgorithm() and - Length_to_RSA_EVP_PKEY_Q_keygen_Flow::flow(DataFlow::exprNode(result), DataFlow::exprNode(this.getArgument(3))) - - } - } - - predicate isKeyGenOperationWithNoSize(Function func){ - isPossibleOpenSSLFunction(func) and - exists(string name | func.hasGlobalName(name) | - name in ["EVP_PKEY_keygen", "DSA_generate_key", "DH_generate_key", "EVP_PKEY_generate"]) - } - - module KeyGenKeySizeInitToKeyGenConfig implements DataFlow::ConfigSig { - predicate isSource(DataFlow::Node node) { - exists(Call c, Function func, int outInd | - isAsymmetricKeyGenExplicitAlgorithm(func, _, outInd) and - c.getTarget() = func - | - if outInd = -1 - then node.asExpr() = c - else node.asExpr() = c.getArgument(outInd) - ) - } - - predicate isSink(DataFlow::Node node) { - exists(Call c | isKeyGenOperationWithNoSize(c.getTarget()) and c.getAnArgument() = node.asExpr()) - } - } - - module KeyGenKeySizeInitToKeyGenFlow = DataFlow::Global; - - predicate isEVP_PKEY_CTX_Source(DataFlow::Node node, CryptographicAlgorithm alg){ - exists(Call c | - alg.configurationSink().(AlgorithmSinkArgument).getSinkCall() = c and - ( - node.asExpr() = c - or - node.asExpr() = c.getAnArgument() - or - node.asDefiningArgument() = c.getAnArgument() - ) - ) - and - ( - node.asExpr() instanceof Known_EVP_PKEY_CTX_Ptr_Source - or - node.asDefiningArgument() instanceof Known_EVP_PKEY_CTX_Ptr_Source - ) - } - - predicate isKeyGen_EVP_PKEY_CTX_Sink(DataFlow::Node node, Call c){ - isKeyGenOperationWithNoSize(c.getTarget()) and nodeToExpr(node, c.getAnArgument()) - } - - /** - * Trace from EVP_PKEY_CTX* at algorithm sink to keygen, - * users can then extrapolatae the matching algorithm from the alg sink to the keygen - */ - module EVP_PKEY_CTX_Ptr_Source_to_KeyGenOperationWithNoSize implements DataFlow::ConfigSig{ - predicate isSource(DataFlow::Node source) { - isEVP_PKEY_CTX_Source(source, _) - } - - predicate isSink(DataFlow::Node sink){ - isKeyGen_EVP_PKEY_CTX_Sink(sink, _) - } - } - - module EVP_PKEY_CTX_Ptr_Source_to_KeyGenOperationWithNoSize_Flow = DataFlow::Global; - - /** - * UNKNOWN key sizes to general purpose key generation functions (i.e., that take in no key size and assume - * is it set on context prior to the call). No path from a key configuration to these operations - * means the key size is UNKNOWN, or more precisely the key size is DEFAULT but - * the defaults can change with each version of OpenSSL, we simply assume the size is generally UNKNOWN. - * ASSUMPTION/TODO: we currently model all known locations where a key size is set explicitly. - * When a key is set implicitly, this usually means a key generation operation - * is called where the operation takes in no key size, and no flow to this operation - * initializes the context with a key size. - * Currently, without a definitive source (set of sources) to start tracing from, we cannot determine - * determine if a single path exists that initializes the context with a key size and another that doesn't. - * Rather than attempt to model all possible sources, we assume that if no path - * from a key config location reaches a generic key generation operation, then the key size is not set. - * NOTE: while this is true, it is possible a key size is set in one path, but not in another - * meaning this approach (and other similar approaches used in this model for UNKNOWN) - * can produce false negatives. - */ - class OpenSSLDefaultKeyGeneration extends AsymmetricKeyGeneration{ - OpenSSLDefaultKeyGeneration(){ - // this is a call to a function matching isKeyGenOperationWithNoSize - // and there is no flow from a key configuration source to this call - exists(Call c | - this = c and - isKeyGenOperationWithNoSize(this.getTarget()) and - not exists(DataFlow::Node src, DataFlow::Node sink | - KeyGenKeySizeInitToKeyGenFlow::flow(src, sink) and - nodeToExpr(sink, this.getAnArgument())) - ) - } - - override CryptographicAlgorithm getAlgorithm(){ - if this.getTarget().getName() in ["DSA_generate_key", "DH_generate_key"] then - result = this - else - ( - // NOTE/ASSUMPTION: EVP_PKEY_keygen, EVP_PKEY_generate assume only other possibilities, - // each take in a CTX as the first arg, need to trace from an alg sink from this CTX param - - - // get every alg sink, get the corresponding call, trace out on any CTX type variable - // to the key gen - // NOTE: looking for any cryptographic algorithm tracing to the keygen to handle - // any odd cases we aren't awaare of where keygen can be used for other algorithm types - exists(DataFlow::Node src, DataFlow::Node sink | - EVP_PKEY_CTX_Ptr_Source_to_KeyGenOperationWithNoSize_Flow::flow(src,sink) - and - isEVP_PKEY_CTX_Source(src, result) - and - isKeyGen_EVP_PKEY_CTX_Sink(sink, this) - // TODO: what if there is no CTX source? then the keygen becomes an UNKNOWN sink - ) - ) - } - - /** - * For this class, there is no known configuration source for any algorithm - */ - override Expr getKeyConfigurationSource(CryptographicAlgorithm alg){ - none() - } - } + override Expr getKeyConfigurationSource(CryptographicAlgorithm alg) { none() } + } } diff --git a/cpp/ql/lib/experimental/cryptography/utils/OpenSSL/AlgorithmSink.qll b/cpp/ql/lib/experimental/cryptography/utils/OpenSSL/AlgorithmSink.qll index 4821347ff19..050dad29598 100644 --- a/cpp/ql/lib/experimental/cryptography/utils/OpenSSL/AlgorithmSink.qll +++ b/cpp/ql/lib/experimental/cryptography/utils/OpenSSL/AlgorithmSink.qll @@ -1,7 +1,7 @@ /** - * Predicates/classes for identifying algorithm sinks. + * Predicates/classes for identifying algorithm sinks. * An Algorithm Sink is a function that takes an algorithm as an argument. - * In particular, any function that takes in an algorithm that until the call + * In particular, any function that takes in an algorithm that until the call * the algorithm is not definitely known to be an algorithm (e.g., an integer used as an identifier to fetch an algorithm) */ @@ -10,274 +10,287 @@ import cpp import experimental.cryptography.utils.OpenSSL.LibraryFunction import experimental.cryptography.CryptoAlgorithmNames -predicate isAlgorithmSink(AlgorithmSinkArgument arg, string algType){ - arg.algType() = algType -} - +predicate isAlgorithmSink(AlgorithmSinkArgument arg, string algType) { arg.algType() = algType } abstract class AlgorithmSinkArgument extends Expr { - AlgorithmSinkArgument() { - exists(Call c| c.getAnArgument() = this and openSSLLibraryFunc(c.getTarget())) - } + AlgorithmSinkArgument() { + exists(Call c | c.getAnArgument() = this and openSSLLibraryFunc(c.getTarget())) + } - /** - * Gets the function call in which the argument exists - */ - Call getSinkCall(){ - result.getAnArgument() = this - } + /** + * Gets the function call in which the argument exists + */ + Call getSinkCall() { result.getAnArgument() = this } - abstract string algType(); + abstract string algType(); } // https://www.openssl.org/docs/manmaster/man3/EVP_CIPHER_fetch.html -predicate cipherAlgorithmSink(string funcName, int argInd){ - (funcName in ["EVP_get_cipherbyname", "EVP_get_cipherbynid", "EVP_get_cipherbyobj"] and argInd = 0) - or - (funcName = "EVP_CIPHER_fetch" and argInd = 1) +predicate cipherAlgorithmSink(string funcName, int argInd) { + funcName in ["EVP_get_cipherbyname", "EVP_get_cipherbynid", "EVP_get_cipherbyobj"] and argInd = 0 + or + funcName = "EVP_CIPHER_fetch" and argInd = 1 } class CipherAlgorithmSink extends AlgorithmSinkArgument { - CipherAlgorithmSink() { - exists(Call c, string funcName, int argInd | funcName = c.getTarget().getName() and this = c.getArgument(argInd) | - cipherAlgorithmSink(funcName, argInd) - ) - } + CipherAlgorithmSink() { + exists(Call c, string funcName, int argInd | + funcName = c.getTarget().getName() and this = c.getArgument(argInd) + | + cipherAlgorithmSink(funcName, argInd) + ) + } - override string algType() { result = getSymmetricEncryptionType() } + override string algType() { result = getSymmetricEncryptionType() } } - // https://www.openssl.org/docs/manmaster/man3/EVP_MAC_fetch -predicate macAlgorithmSink(string funcName, int argInd){ - (funcName = "EVP_MAC_fetch" and argInd = 1) +predicate macAlgorithmSink(string funcName, int argInd) { + (funcName = "EVP_MAC_fetch" and argInd = 1) } class MACAlgorithmSink extends AlgorithmSinkArgument { - MACAlgorithmSink() { - exists(Call c, string funcName, int argInd | funcName = c.getTarget().getName() and this = c.getArgument(argInd) | - macAlgorithmSink(funcName, argInd) - ) - } + MACAlgorithmSink() { + exists(Call c, string funcName, int argInd | + funcName = c.getTarget().getName() and this = c.getArgument(argInd) + | + macAlgorithmSink(funcName, argInd) + ) + } - override string algType() { result = "TBD" } + override string algType() { result = "TBD" } } - // https://www.openssl.org/docs/manmaster/man3/EVP_MD_fetch -predicate messageDigestAlgorithmSink(string funcName, int argInd){ - (funcName in ["EVP_get_digestbyname", "EVP_get_digestbynid", "EVP_get_digestbyobj"] and argInd = 0) - or - funcName = "EVP_MD_fetch" and argInd = 1 +predicate messageDigestAlgorithmSink(string funcName, int argInd) { + funcName in ["EVP_get_digestbyname", "EVP_get_digestbynid", "EVP_get_digestbyobj"] and argInd = 0 + or + funcName = "EVP_MD_fetch" and argInd = 1 } class MessageDigestAlgorithmSink extends AlgorithmSinkArgument { - MessageDigestAlgorithmSink() { - exists(Call c, string funcName, int argInd | funcName = c.getTarget().getName() and this = c.getArgument(argInd) | - messageDigestAlgorithmSink(funcName, argInd) - ) - } + MessageDigestAlgorithmSink() { + exists(Call c, string funcName, int argInd | + funcName = c.getTarget().getName() and this = c.getArgument(argInd) + | + messageDigestAlgorithmSink(funcName, argInd) + ) + } - override string algType() { result = getHashType() } + override string algType() { result = getHashType() } } // https://www.openssl.org/docs/manmaster/man3/EVP_KEYEXCH_fetch // https://www.openssl.org/docs/manmaster/man3/EVP_KEM_fetch -predicate keyExchangeAlgorithmSink(string funcName, int argInd){ - funcName = "EVP_KEYEXCH_fetch" and argInd = 1 - or - funcName = "EVP_KEM_fetch" and argInd = 1 +predicate keyExchangeAlgorithmSink(string funcName, int argInd) { + funcName = "EVP_KEYEXCH_fetch" and argInd = 1 + or + funcName = "EVP_KEM_fetch" and argInd = 1 } class KeyExchangeAlgorithmSink extends AlgorithmSinkArgument { - KeyExchangeAlgorithmSink() { - exists(Call c, string funcName, int argInd | funcName = c.getTarget().getName() and this = c.getArgument(argInd) | - keyExchangeAlgorithmSink(funcName, argInd) - ) - } + KeyExchangeAlgorithmSink() { + exists(Call c, string funcName, int argInd | + funcName = c.getTarget().getName() and this = c.getArgument(argInd) + | + keyExchangeAlgorithmSink(funcName, argInd) + ) + } - override string algType() { result = getKeyExchangeType() } + override string algType() { result = getKeyExchangeType() } } - // https://www.openssl.org/docs/manmaster/man3/EVP_KEYMGMT_fetch -predicate keyManagementAlgorithmSink(string funcName, int argInd){ - funcName = "EVP_KEYMGMT_fetch" and argInd = 1 +predicate keyManagementAlgorithmSink(string funcName, int argInd) { + funcName = "EVP_KEYMGMT_fetch" and argInd = 1 } class KeyManagementAlgorithmSink extends AlgorithmSinkArgument { - KeyManagementAlgorithmSink() { - exists(Call c, string funcName, int argInd | funcName = c.getTarget().getName() and this = c.getArgument(argInd) | - keyManagementAlgorithmSink(funcName, argInd) - ) - } + KeyManagementAlgorithmSink() { + exists(Call c, string funcName, int argInd | + funcName = c.getTarget().getName() and this = c.getArgument(argInd) + | + keyManagementAlgorithmSink(funcName, argInd) + ) + } - override string algType() { result = "TBD" } + override string algType() { result = "TBD" } } // https://www.openssl.org/docs/manmaster/man3/EVP_KDF -predicate keyDerivationAlgorithmSink(string funcName, int argInd){ - funcName = "EVP_KDF_fetch" and argInd = 1 +predicate keyDerivationAlgorithmSink(string funcName, int argInd) { + funcName = "EVP_KDF_fetch" and argInd = 1 } class KeyDerivationAlgorithmSink extends AlgorithmSinkArgument { - KeyDerivationAlgorithmSink() { - exists(Call c, string funcName, int argInd | funcName = c.getTarget().getName() and this = c.getArgument(argInd) | - keyDerivationAlgorithmSink(funcName, argInd) - ) - } + KeyDerivationAlgorithmSink() { + exists(Call c, string funcName, int argInd | + funcName = c.getTarget().getName() and this = c.getArgument(argInd) + | + keyDerivationAlgorithmSink(funcName, argInd) + ) + } - override string algType() { result = getKeyDerivationType() } + override string algType() { result = getKeyDerivationType() } } // https://www.openssl.org/docs/manmaster/man3/EVP_ASYM_CIPHER_fetch // https://www.openssl.org/docs/manmaster/man3/EVP_PKEY_CTX_new_id // https://www.openssl.org/docs/manmaster/man3/EVP_PKEY_new_CMAC_key.html -predicate asymmetricCipherAlgorithmSink(string funcName, int argInd){ - (funcName = "EVP_ASYM_CIPHER_fetch" and argInd = 1) - or - (funcName = "EVP_PKEY_new_CMAC_key" and argInd = 3) - // NOTE: other cases are handled by AsymmetricAlgorithmSink +predicate asymmetricCipherAlgorithmSink(string funcName, int argInd) { + funcName = "EVP_ASYM_CIPHER_fetch" and argInd = 1 + or + funcName = "EVP_PKEY_new_CMAC_key" and argInd = 3 + // NOTE: other cases are handled by AsymmetricAlgorithmSink } class AsymmetricCipherAlgorithmSink extends AlgorithmSinkArgument { - AsymmetricCipherAlgorithmSink() { - exists(Call c, string funcName, int argInd | funcName = c.getTarget().getName() and this = c.getArgument(argInd) | - asymmetricCipherAlgorithmSink(funcName, argInd) - ) - } + AsymmetricCipherAlgorithmSink() { + exists(Call c, string funcName, int argInd | + funcName = c.getTarget().getName() and this = c.getArgument(argInd) + | + asymmetricCipherAlgorithmSink(funcName, argInd) + ) + } - override string algType() { result = "ASYMMETRIC_ENCRYPTION"} + override string algType() { result = "ASYMMETRIC_ENCRYPTION" } } class AsymmetricCipherAlgorithmSink_EVP_PKEY_Q_keygen extends AlgorithmSinkArgument { - AsymmetricCipherAlgorithmSink_EVP_PKEY_Q_keygen() { - exists(Call c, string funcName | - funcName = c.getTarget().getName() and - this = c.getArgument(3) | - funcName = "EVP_PKEY_Q_keygen" and - c.getArgument(3).getType().getUnderlyingType() instanceof IntegralType - ) - } + AsymmetricCipherAlgorithmSink_EVP_PKEY_Q_keygen() { + exists(Call c, string funcName | + funcName = c.getTarget().getName() and + this = c.getArgument(3) + | + funcName = "EVP_PKEY_Q_keygen" and + c.getArgument(3).getType().getUnderlyingType() instanceof IntegralType + ) + } - override string algType() { result = "ASYMMETRIC_ENCRYPTION"} + override string algType() { result = "ASYMMETRIC_ENCRYPTION" } } - - - // https://www.openssl.org/docs/manmaster/man3/EVP_RAND_fetch -predicate randomAlgorithmSink(string funcName, int argInd){ - funcName = "EVP_RAND_fetch" and argInd = 1 + +// https://www.openssl.org/docs/manmaster/man3/EVP_RAND_fetch +predicate randomAlgorithmSink(string funcName, int argInd) { + funcName = "EVP_RAND_fetch" and argInd = 1 } class RandomAlgorithmSink extends AlgorithmSinkArgument { - RandomAlgorithmSink() { - exists(Call c, string funcName, int argInd | funcName = c.getTarget().getName() and this = c.getArgument(argInd) | - randomAlgorithmSink(funcName, argInd) - ) - } + RandomAlgorithmSink() { + exists(Call c, string funcName, int argInd | + funcName = c.getTarget().getName() and this = c.getArgument(argInd) + | + randomAlgorithmSink(funcName, argInd) + ) + } - override string algType() { result = "TBD" } + override string algType() { result = "TBD" } } - - // https://www.openssl.org/docs/manmaster/man3/EVP_SIGNATURE_fetch -predicate signatureAlgorithmSink(string funcName, int argInd){ - funcName = "EVP_SIGNATURE_fetch" and argInd = 1 + +// https://www.openssl.org/docs/manmaster/man3/EVP_SIGNATURE_fetch +predicate signatureAlgorithmSink(string funcName, int argInd) { + funcName = "EVP_SIGNATURE_fetch" and argInd = 1 } class SignatureAlgorithmSink extends AlgorithmSinkArgument { - SignatureAlgorithmSink() { - exists(Call c, string funcName, int argInd | funcName = c.getTarget().getName() and this = c.getArgument(argInd) | - signatureAlgorithmSink(funcName, argInd) - ) - } + SignatureAlgorithmSink() { + exists(Call c, string funcName, int argInd | + funcName = c.getTarget().getName() and this = c.getArgument(argInd) + | + signatureAlgorithmSink(funcName, argInd) + ) + } - override string algType() { result = getSignatureType() } + override string algType() { result = getSignatureType() } } // https://www.openssl.org/docs/manmaster/man3/EC_KEY_new_by_curve_name.html // https://www.openssl.org/docs/manmaster/man3/EVP_PKEY_CTX_set_ec_paramgen_curve_nid.html -predicate ellipticCurveAlgorithmSink(string funcName, int argInd){ - funcName in ["EC_KEY_new_by_curve_name", "EVP_EC_gen"] and argInd = 0 - or - funcName = "EC_KEY_new_by_curve_name_ex" and argInd = 2 - or - funcName in ["EVP_PKEY_CTX_set_ec_paramgen_curve_nid"] and argInd = 1 - +predicate ellipticCurveAlgorithmSink(string funcName, int argInd) { + funcName in ["EC_KEY_new_by_curve_name", "EVP_EC_gen"] and argInd = 0 + or + funcName = "EC_KEY_new_by_curve_name_ex" and argInd = 2 + or + funcName in ["EVP_PKEY_CTX_set_ec_paramgen_curve_nid"] and argInd = 1 } class EllipticCurveAlgorithmSink extends AlgorithmSinkArgument { - EllipticCurveAlgorithmSink() { - exists(Call c, string funcName, int argInd | funcName = c.getTarget().getName() and this = c.getArgument(argInd) | - ellipticCurveAlgorithmSink(funcName, argInd) - ) - } + EllipticCurveAlgorithmSink() { + exists(Call c, string funcName, int argInd | + funcName = c.getTarget().getName() and this = c.getArgument(argInd) + | + ellipticCurveAlgorithmSink(funcName, argInd) + ) + } - override string algType() { result = getEllipticCurveType() } + override string algType() { result = getEllipticCurveType() } } /** - * Special cased to address the fact that arg index 3 (zero offset based) is the curve name. + * Special cased to address the fact that arg index 3 (zero offset based) is the curve name. * ASSUMPTION: if the arg ind 3 is a char* assume it is an elliptic curve */ class EllipticCurveAlgorithmSink_EVP_PKEY_Q_keygen extends AlgorithmSinkArgument { - EllipticCurveAlgorithmSink_EVP_PKEY_Q_keygen() { - exists(Call c, string funcName | - funcName = c.getTarget().getName() and - this = c.getArgument(3) | - funcName = "EVP_PKEY_Q_keygen" and - c.getArgument(3).getType().getUnderlyingType() instanceof PointerType and - c.getArgument(3).getType().getUnderlyingType().stripType() instanceof CharType - ) - } + EllipticCurveAlgorithmSink_EVP_PKEY_Q_keygen() { + exists(Call c, string funcName | + funcName = c.getTarget().getName() and + this = c.getArgument(3) + | + funcName = "EVP_PKEY_Q_keygen" and + c.getArgument(3).getType().getUnderlyingType() instanceof PointerType and + c.getArgument(3).getType().getUnderlyingType().stripType() instanceof CharType + ) + } - override string algType() { result = getEllipticCurveType() } + override string algType() { result = getEllipticCurveType() } } - // https://www.openssl.org/docs/manmaster/man3/EVP_PKEY_CTX_new_id.html // https://www.openssl.org/docs/man1.1.1/man3/EVP_PKEY_new_raw_private_key.html // https://www.openssl.org/docs/manmaster/man3/EVP_PKEY_new.html // https://www.openssl.org/docs/manmaster/man3/EVP_PKEY_CTX_ctrl.html // https://www.openssl.org/docs/manmaster/man3/EVP_PKEY_Q_keygen.html // https://www.openssl.org/docs/manmaster/man3/EVP_PKEY_CTX_ctrl.html -predicate asymmetricAlgorithmSink(string funcName, int argInd){ - - funcName = "EVP_PKEY_CTX_new_id" and argInd = 0 - or - funcName = "EVP_PKEY_CTX_new_from_name" and argInd = 1 - or - funcName in ["EVP_PKEY_new_raw_private_key", "EVP_PKEY_new_raw_public_key", "EVP_PKEY_new_mac_key"] and argInd = 0 - or - funcName in ["EVP_PKEY_new_raw_private_key_ex", "EVP_PKEY_new_raw_public_key_ex"] and argInd = 1 - - // special casing this as arg index 3 must be specified depending on if RSA or ECC, and otherwise not specified for other algs - // funcName = "EVP_PKEY_Q_keygen" and argInd = 2 - or - funcName in ["EVP_PKEY_CTX_ctrl", "EVP_PKEY_CTX_set_group_name"] and argInd = 1 - // TODO consider void cases EVP_PKEY_new +predicate asymmetricAlgorithmSink(string funcName, int argInd) { + funcName = "EVP_PKEY_CTX_new_id" and argInd = 0 + or + funcName = "EVP_PKEY_CTX_new_from_name" and argInd = 1 + or + funcName in [ + "EVP_PKEY_new_raw_private_key", "EVP_PKEY_new_raw_public_key", "EVP_PKEY_new_mac_key" + ] and + argInd = 0 + or + funcName in ["EVP_PKEY_new_raw_private_key_ex", "EVP_PKEY_new_raw_public_key_ex"] and argInd = 1 + or + // special casing this as arg index 3 must be specified depending on if RSA or ECC, and otherwise not specified for other algs + // funcName = "EVP_PKEY_Q_keygen" and argInd = 2 + funcName in ["EVP_PKEY_CTX_ctrl", "EVP_PKEY_CTX_set_group_name"] and argInd = 1 + // TODO consider void cases EVP_PKEY_new } class AsymmetricAlgorithmSink extends AlgorithmSinkArgument { - AsymmetricAlgorithmSink() { - exists(Call c, string funcName, int argInd | funcName = c.getTarget().getName() and this = c.getArgument(argInd) | - asymmetricAlgorithmSink(funcName, argInd) - ) - } + AsymmetricAlgorithmSink() { + exists(Call c, string funcName, int argInd | + funcName = c.getTarget().getName() and this = c.getArgument(argInd) + | + asymmetricAlgorithmSink(funcName, argInd) + ) + } - override string algType() { result = getAsymmetricType() } + override string algType() { result = getAsymmetricType() } } +class AsymmetricAlgorithmSink_EVP_PKEY_Q_keygen extends AlgorithmSinkArgument { + AsymmetricAlgorithmSink_EVP_PKEY_Q_keygen() { + exists(Call c, string funcName | + funcName = c.getTarget().getName() and + this = c.getArgument(2) + | + funcName = "EVP_PKEY_Q_keygen" and + not exists(c.getArgument(3)) + ) + } -class AsymmetricAlgorithmSink_EVP_PKEY_Q_keygen extends AlgorithmSinkArgument { - AsymmetricAlgorithmSink_EVP_PKEY_Q_keygen() { - exists(Call c, string funcName | - funcName = c.getTarget().getName() and - this = c.getArgument(2) | - funcName = "EVP_PKEY_Q_keygen" and - not exists(c.getArgument(3)) - ) - } - - override string algType() { result = getAsymmetricType() } + override string algType() { result = getAsymmetricType() } } - \ No newline at end of file diff --git a/cpp/ql/lib/experimental/cryptography/utils/OpenSSL/CryptoAlgorithm.qll b/cpp/ql/lib/experimental/cryptography/utils/OpenSSL/CryptoAlgorithm.qll index becc29d5be7..a744efa4bee 100644 --- a/cpp/ql/lib/experimental/cryptography/utils/OpenSSL/CryptoAlgorithm.qll +++ b/cpp/ql/lib/experimental/cryptography/utils/OpenSSL/CryptoAlgorithm.qll @@ -1,163 +1,177 @@ import cpp import experimental.cryptography.CryptoAlgorithmNames -predicate isValidAlgorithmLiteral(Literal e){ - exists(getPossibleNidFromLiteral(e)) or e instanceof StringLiteral +predicate isValidAlgorithmLiteral(Literal e) { + exists(getPossibleNidFromLiteral(e)) or e instanceof StringLiteral } -int getNIDMax(){ - result = 2000 - // result = max(int nid | knownOpenSSLAlgorithm(_, nid, _, _)) +int getNIDMax() { + result = 2000 + // result = max(int nid | knownOpenSSLAlgorithm(_, nid, _, _)) } /** * Resolves literal `e` to a known algorithm name, nid, normalized name, and algType - * if `e` resolves to a known algorithm. - * If this predicate does not hold, then `e` can be interpreted as being of `UNKNOWN` type. + * if `e` resolves to a known algorithm. + * If this predicate does not hold, then `e` can be interpreted as being of `UNKNOWN` type. */ -predicate resolveAlgorithmFromLiteral(Literal e, string normalized, string algType){ - exists(int nid | nid = getPossibleNidFromLiteral(e) and knownOpenSSLAlgorithm(_, nid, normalized, algType)) - or - exists(string name | name = resolveAlgorithmAlias(e) and knownOpenSSLAlgorithm(name, _, normalized, algType)) - or - // if the algorithm name directly matches a known normalized algorithm name, assume it is an algorithm - exists(string name | name = e.getValue().toUpperCase() and isKnownAlgorithm(name, algType) and normalized = name) +predicate resolveAlgorithmFromLiteral(Literal e, string normalized, string algType) { + exists(int nid | + nid = getPossibleNidFromLiteral(e) and knownOpenSSLAlgorithm(_, nid, normalized, algType) + ) + or + exists(string name | + name = resolveAlgorithmAlias(e) and knownOpenSSLAlgorithm(name, _, normalized, algType) + ) + or + // if the algorithm name directly matches a known normalized algorithm name, assume it is an algorithm + exists(string name | + name = e.getValue().toUpperCase() and isKnownAlgorithm(name, algType) and normalized = name + ) } -string resolveAlgorithmAlias(StringLiteral name){ - exists(string lower | lower = name.getValue().toLowerCase() | - // The result is an alias algorithm name if known - result = getAlgorithmAlias(lower) - or - // or the name is itself a known algorithm - (knownOpenSSLAlgorithm(lower, _, _, _) and result = lower) - ) -} - -private int getPossibleNidFromLiteral(Literal e){ - result = e.getValue().toInt() and - not e instanceof CharLiteral and - not e instanceof StringLiteral and - // ASSUMPTION, no negative numbers are allowed - // RATIONALE: this is a performance improvement to avoid having to trace every number - not exists(UnaryMinusExpr u | u.getOperand() = e) and - // OPENSSL has a special macro for getting every line, ignore it - not exists(MacroInvocation mi | mi.getExpr() = e and mi.getMacroName() = "OPENSSL_LINE") and - // Filter out cases where an int is assigned into a pointer, e.g., char* x = NULL; - not exists(Assignment a | a.getRValue() = e and a.getLValue().getType().getUnspecifiedType() instanceof PointerType) and - not exists(Initializer i | i.getExpr() = e and i.getDeclaration().getADeclarationEntry().getUnspecifiedType() instanceof PointerType) and - // Filter out cases where an int is returned into a pointer, e.g., return NULL; - not exists(ReturnStmt r | r.getExpr() = e and r.getEnclosingFunction().getType().getUnspecifiedType() instanceof PointerType) -} - - -string getAlgorithmAlias(string alias){ - customAliases(result, alias) +string resolveAlgorithmAlias(StringLiteral name) { + exists(string lower | lower = name.getValue().toLowerCase() | + // The result is an alias algorithm name if known + result = getAlgorithmAlias(lower) or - defaultAliases(result, alias) + // or the name is itself a known algorithm + knownOpenSSLAlgorithm(lower, _, _, _) and result = lower + ) +} + +private int getPossibleNidFromLiteral(Literal e) { + result = e.getValue().toInt() and + not e instanceof CharLiteral and + not e instanceof StringLiteral and + // ASSUMPTION, no negative numbers are allowed + // RATIONALE: this is a performance improvement to avoid having to trace every number + not exists(UnaryMinusExpr u | u.getOperand() = e) and + // OPENSSL has a special macro for getting every line, ignore it + not exists(MacroInvocation mi | mi.getExpr() = e and mi.getMacroName() = "OPENSSL_LINE") and + // Filter out cases where an int is assigned into a pointer, e.g., char* x = NULL; + not exists(Assignment a | + a.getRValue() = e and a.getLValue().getType().getUnspecifiedType() instanceof PointerType + ) and + not exists(Initializer i | + i.getExpr() = e and + i.getDeclaration().getADeclarationEntry().getUnspecifiedType() instanceof PointerType + ) and + // Filter out cases where an int is returned into a pointer, e.g., return NULL; + not exists(ReturnStmt r | + r.getExpr() = e and + r.getEnclosingFunction().getType().getUnspecifiedType() instanceof PointerType + ) +} + +string getAlgorithmAlias(string alias) { + customAliases(result, alias) + or + defaultAliases(result, alias) } /** * Finds aliases of known alagorithms defined by users (through obj_name_add and various macros pointing to this function) - * - * The `target` and `alias` are converted to lowercase to be of a standard form. + * + * The `target` and `alias` are converted to lowercase to be of a standard form. */ -predicate customAliases(string target, string alias){ - exists(Call c | c.getTarget().getName().toLowerCase() = "obj_name_add" | - target = c.getArgument(2).getValue().toLowerCase() and alias = c.getArgument(0).getValue().toLowerCase()) - } - - /** - * A hard-coded mapping of known algorithm aliases in OpenSSL. - * This was derived by applying the same kind of logic foun din `customAliases` to the - * OpenSSL code base directly. - * - * The `target` and `alias` are converted to lowercase to be of a standard form. - */ -predicate defaultAliases(string target, string alias){ - alias = "aes128" and target = "aes-128-cbc" - or - alias = "aes192" and target = "aes-192-cbc" - or - alias = "aes256" and target = "aes-256-cbc" - or - alias = "aes128-wrap" and target = "id-aes128-wrap" - or - alias = "aes192-wrap" and target = "id-aes192-wrap" - or - alias = "aes256-wrap" and target = "id-aes256-wrap" - or - alias = "aes128-wrap-pad" and target = "id-aes128-wrap-pad" - or - alias = "aes192-wrap-pad" and target = "id-aes192-wrap-pad" - or - alias = "aes256-wrap-pad" and target = "id-aes256-wrap-pad" - or - alias = "aes-128-wrap" and target = "id-aes128-wrap" - or - alias = "aes-192-wrap" and target = "id-aes192-wrap" - or - alias = "aes-256-wrap" and target = "id-aes256-wrap" - or - alias = "aria128" and target = "aria-128-cbc" - or - alias = "aria192" and target = "aria-192-cbc" - or - alias = "aria256" and target = "aria-256-cbc" - or - alias = "aes128" and target = "aes-128-cbc" - or - alias = "bf" and target = "bf-cbc" - or - alias = "blowfish" and target = "bf-cbc" - or - alias = "camellia128" and target = "camellia-128-cbc" - or - alias = "camellia192" and target = "camellia-192-cbc" - or - alias = "camellia256" and target = "camellia-256-cbc" - or - alias = "cast" and target = "cast5-cbc" - or - alias = "cast-cbc" and target = "cast5-cbc" - or - alias = "des" and target = "des-cbc" - or - alias = "des-ede-ecb" and target = "des-ede" - or - alias = "des-ede3-ecb" and target = "des-ede3" - or - alias = "des3" and target = "des-ede3-cbc" - or - alias = "des3-wrap" and target = "id-smime-alg-cms3deswrap" - or - alias = "desx" and target = "desx-cbc" - or - alias = "idea" and target = "idea-cbc" - or - alias = "rc2" and target = "rc2-cbc" - or - alias = "rc2-128" and target = "rc2-cbc" - or - alias = "rc2-40" and target = "rc2-40-cbc" - or - alias = "rc2-64" and target = "rc2-64-cbc" - or - alias = "ripemd" and target = "ripemd160" - or - alias = "rmd160" and target = "ripemd160" - or - alias = "rsa-sha1-2" and target = "rsa-sha1" - or - alias = "seed" and target = "seed-cbc" - or - alias = "sm4" and target = "sm4-cbc" - or - alias = "ssl3-md5" and target = "md5" - or - alias = "ssl3-sha1" and target = "sha1" +predicate customAliases(string target, string alias) { + exists(Call c | c.getTarget().getName().toLowerCase() = "obj_name_add" | + target = c.getArgument(2).getValue().toLowerCase() and + alias = c.getArgument(0).getValue().toLowerCase() + ) } +/** + * A hard-coded mapping of known algorithm aliases in OpenSSL. + * This was derived by applying the same kind of logic foun din `customAliases` to the + * OpenSSL code base directly. + * + * The `target` and `alias` are converted to lowercase to be of a standard form. + */ +predicate defaultAliases(string target, string alias) { + alias = "aes128" and target = "aes-128-cbc" + or + alias = "aes192" and target = "aes-192-cbc" + or + alias = "aes256" and target = "aes-256-cbc" + or + alias = "aes128-wrap" and target = "id-aes128-wrap" + or + alias = "aes192-wrap" and target = "id-aes192-wrap" + or + alias = "aes256-wrap" and target = "id-aes256-wrap" + or + alias = "aes128-wrap-pad" and target = "id-aes128-wrap-pad" + or + alias = "aes192-wrap-pad" and target = "id-aes192-wrap-pad" + or + alias = "aes256-wrap-pad" and target = "id-aes256-wrap-pad" + or + alias = "aes-128-wrap" and target = "id-aes128-wrap" + or + alias = "aes-192-wrap" and target = "id-aes192-wrap" + or + alias = "aes-256-wrap" and target = "id-aes256-wrap" + or + alias = "aria128" and target = "aria-128-cbc" + or + alias = "aria192" and target = "aria-192-cbc" + or + alias = "aria256" and target = "aria-256-cbc" + or + alias = "aes128" and target = "aes-128-cbc" + or + alias = "bf" and target = "bf-cbc" + or + alias = "blowfish" and target = "bf-cbc" + or + alias = "camellia128" and target = "camellia-128-cbc" + or + alias = "camellia192" and target = "camellia-192-cbc" + or + alias = "camellia256" and target = "camellia-256-cbc" + or + alias = "cast" and target = "cast5-cbc" + or + alias = "cast-cbc" and target = "cast5-cbc" + or + alias = "des" and target = "des-cbc" + or + alias = "des-ede-ecb" and target = "des-ede" + or + alias = "des-ede3-ecb" and target = "des-ede3" + or + alias = "des3" and target = "des-ede3-cbc" + or + alias = "des3-wrap" and target = "id-smime-alg-cms3deswrap" + or + alias = "desx" and target = "desx-cbc" + or + alias = "idea" and target = "idea-cbc" + or + alias = "rc2" and target = "rc2-cbc" + or + alias = "rc2-128" and target = "rc2-cbc" + or + alias = "rc2-40" and target = "rc2-40-cbc" + or + alias = "rc2-64" and target = "rc2-64-cbc" + or + alias = "ripemd" and target = "ripemd160" + or + alias = "rmd160" and target = "ripemd160" + or + alias = "rsa-sha1-2" and target = "rsa-sha1" + or + alias = "seed" and target = "seed-cbc" + or + alias = "sm4" and target = "sm4-cbc" + or + alias = "ssl3-md5" and target = "md5" + or + alias = "ssl3-sha1" and target = "sha1" +} /** * Enumeration of all known crypto algorithms for openSSL @@ -165,1822 +179,2586 @@ predicate defaultAliases(string target, string alias){ * `nid` is the numeric id of the algorithm, * `normalized` is the normalized name of the algorithm (e.g., "AES128" for "aes-128-cbc") * `algType` is the type of algorithm (e.g., "SYMMETRIC_ENCRYPTION") -*/ -predicate knownOpenSSLAlgorithm(string name, int nid, string normalized, string algType) -{ - name = "rsa" and nid = 19 and normalized = "RSA" and algType = "ASYMMETRIC_ENCRYPTION" - or - name = "prime192v1" and nid = 409 and normalized = "PRIME192V1" and algType = "ELLIPTIC_CURVE" - or - name = "prime256v1" and nid = 415 and normalized = "PRIME256V1" and algType = "ELLIPTIC_CURVE" - or - name = "pbkdf2" and nid = 69 and normalized = "PBKDF2" and algType = "KEY_DERIVATION" - or - name = "dsa" and nid = 116 and normalized = "DSA" and algType = "SIGNATURE" - or - name = "gost2001" and nid = 811 and normalized = "GOST" and algType = "SYMMETRIC_ENCRYPTION" - or - name = "gost2012_256" and nid = 979 and normalized = "GOST" and algType = "SYMMETRIC_ENCRYPTION" - or - name = "gost2012_512" and nid = 980 and normalized = "GOST" and algType = "SYMMETRIC_ENCRYPTION" - or - name = "ed25519" and nid = 1087 and normalized = "ED25519" and algType = "ELLIPTIC_CURVE" - or - name = "ed448" and nid = 1088 and normalized = "ED448" and algType = "ELLIPTIC_CURVE" - or - name = "md2" and nid = 3 and normalized = "MD2" and algType = "HASH" - or - name = "sha" and nid = 41 and normalized = "SHA" and algType = "HASH" - or - name = "sha1" and nid = 64 and normalized = "SHA1" and algType = "HASH" - or - name = "scrypt" and nid = 973 and normalized = "SCRYPT" and algType = "KEY_DERIVATION" - or - name = "pkcs7" and nid = 20 and normalized = "PKCS7" and algType = "SYMMETRIC_PADDING" - or - name = "md4" and nid = 257 and normalized = "MD4" and algType = "HASH" - or - name = "md5" and nid = 4 and normalized = "MD5" and algType = "HASH" - or - name = "sha224" and nid = 675 and normalized = "SHA224" and algType = "HASH" - or - name = "sha256" and nid = 672 and normalized = "SHA256" and algType = "HASH" - or - name = "sha384" and nid = 673 and normalized = "SHA384" and algType = "HASH" - or - name = "sha512" and nid = 674 and normalized = "SHA512" and algType = "HASH" - or - name = "sha512-224" and nid = 1094 and normalized = "SHA512224" and algType = "HASH" - or - name = "sha512-256" and nid = 1095 and normalized = "SHA512256" and algType = "HASH" - or - name = "sha3-224" and nid = 1096 and normalized = "SHA3224" and algType = "HASH" - or - name = "sha3-256" and nid = 1097 and normalized = "SHA3256" and algType = "HASH" - or - name = "sha3-384" and nid = 1098 and normalized = "SHA3384" and algType = "HASH" - or - name = "sha3-512" and nid = 1099 and normalized = "SHA3512" and algType = "HASH" - or - name = "shake128" and nid = 1100 and normalized = "SHAKE128" and algType = "HASH" - or - name = "shake256" and nid = 1101 and normalized = "SHAKE256" and algType = "HASH" - or - name = "mdc2" and nid = 95 and normalized = "MDC2" and algType = "HASH" - or - name = "blake2b512" and nid = 1056 and normalized = "BLAKE2B" and algType = "HASH" - or - name = "blake2s256" and nid = 1057 and normalized = "BLAKE2S" and algType = "HASH" - or - name = "sm3" and nid = 1143 and normalized = "SM3" and algType = "HASH" - or - name = "aes-128-cbc" and nid = 419 and normalized = "AES128" and algType = "SYMMETRIC_ENCRYPTION" - or - name = "aes-128-cbc" and nid = 419 and normalized = "CBC" and algType = "BLOCK_MODE" - or - name = "aes-128-ecb" and nid = 418 and normalized = "AES128" and algType = "SYMMETRIC_ENCRYPTION" - or - name = "aes-128-ecb" and nid = 418 and normalized = "ECB" and algType = "BLOCK_MODE" - or - name = "aes-192-cbc" and nid = 423 and normalized = "AES192" and algType = "SYMMETRIC_ENCRYPTION" - or - name = "aes-192-cbc" and nid = 423 and normalized = "CBC" and algType = "BLOCK_MODE" - or - name = "aes-192-ecb" and nid = 422 and normalized = "AES192" and algType = "SYMMETRIC_ENCRYPTION" - or - name = "aes-192-ecb" and nid = 422 and normalized = "ECB" and algType = "BLOCK_MODE" - or - name = "aes-256-cbc" and nid = 427 and normalized = "AES256" and algType = "SYMMETRIC_ENCRYPTION" - or - name = "aes-256-cbc" and nid = 427 and normalized = "CBC" and algType = "BLOCK_MODE" - or - name = "aes-256-ecb" and nid = 426 and normalized = "AES256" and algType = "SYMMETRIC_ENCRYPTION" - or - name = "aes-256-ecb" and nid = 426 and normalized = "ECB" and algType = "BLOCK_MODE" - or - name = "aria-128-cbc" and nid = 1066 and normalized = "CBC" and algType = "BLOCK_MODE" - or - name = "aria-128-cbc" and nid = 1066 and normalized = "ARIA" and algType = "SYMMETRIC_ENCRYPTION" - or - name = "aria-128-cfb" and nid = 1067 and normalized = "CFB" and algType = "BLOCK_MODE" - or - name = "aria-128-cfb" and nid = 1067 and normalized = "ARIA" and algType = "SYMMETRIC_ENCRYPTION" - or - name = "aria-128-ctr" and nid = 1069 and normalized = "CTR" and algType = "BLOCK_MODE" - or - name = "aria-128-ctr" and nid = 1069 and normalized = "ARIA" and algType = "SYMMETRIC_ENCRYPTION" - or - name = "aria-128-ecb" and nid = 1065 and normalized = "ECB" and algType = "BLOCK_MODE" - or - name = "aria-128-ecb" and nid = 1065 and normalized = "ARIA" and algType = "SYMMETRIC_ENCRYPTION" - or - name = "aria-128-ofb" and nid = 1068 and normalized = "OFB" and algType = "BLOCK_MODE" - or - name = "aria-128-ofb" and nid = 1068 and normalized = "ARIA" and algType = "SYMMETRIC_ENCRYPTION" - or - name = "aria-128-cfb1" and nid = 1080 and normalized = "CFB" and algType = "BLOCK_MODE" - or - name = "aria-128-cfb1" and nid = 1080 and normalized = "ARIA" and algType = "SYMMETRIC_ENCRYPTION" - or - name = "aria-128-cfb8" and nid = 1083 and normalized = "ARIA" and algType = "SYMMETRIC_ENCRYPTION" - or - name = "aria-128-cfb8" and nid = 1083 and normalized = "CFB8" and algType = "BLOCK_MODE" - or - name = "aria-192-cbc" and nid = 1071 and normalized = "CBC" and algType = "BLOCK_MODE" - or - name = "aria-192-cbc" and nid = 1071 and normalized = "ARIA" and algType = "SYMMETRIC_ENCRYPTION" - or - name = "aria-192-cfb" and nid = 1072 and normalized = "CFB" and algType = "BLOCK_MODE" - or - name = "aria-192-cfb" and nid = 1072 and normalized = "ARIA" and algType = "SYMMETRIC_ENCRYPTION" - or - name = "aria-192-ctr" and nid = 1074 and normalized = "CTR" and algType = "BLOCK_MODE" - or - name = "aria-192-ctr" and nid = 1074 and normalized = "ARIA" and algType = "SYMMETRIC_ENCRYPTION" - or - name = "aria-192-ecb" and nid = 1070 and normalized = "ECB" and algType = "BLOCK_MODE" - or - name = "aria-192-ecb" and nid = 1070 and normalized = "ARIA" and algType = "SYMMETRIC_ENCRYPTION" - or - name = "aria-192-ofb" and nid = 1073 and normalized = "OFB" and algType = "BLOCK_MODE" - or - name = "aria-192-ofb" and nid = 1073 and normalized = "ARIA" and algType = "SYMMETRIC_ENCRYPTION" - or - name = "aria-192-cfb1" and nid = 1081 and normalized = "CFB" and algType = "BLOCK_MODE" - or - name = "aria-192-cfb1" and nid = 1081 and normalized = "ARIA" and algType = "SYMMETRIC_ENCRYPTION" - or - name = "aria-192-cfb8" and nid = 1084 and normalized = "ARIA" and algType = "SYMMETRIC_ENCRYPTION" - or - name = "aria-192-cfb8" and nid = 1084 and normalized = "CFB8" and algType = "BLOCK_MODE" - or - name = "aria-256-cbc" and nid = 1076 and normalized = "CBC" and algType = "BLOCK_MODE" - or - name = "aria-256-cbc" and nid = 1076 and normalized = "ARIA" and algType = "SYMMETRIC_ENCRYPTION" - or - name = "aria-256-cfb" and nid = 1077 and normalized = "CFB" and algType = "BLOCK_MODE" - or - name = "aria-256-cfb" and nid = 1077 and normalized = "ARIA" and algType = "SYMMETRIC_ENCRYPTION" - or - name = "aria-256-ctr" and nid = 1079 and normalized = "CTR" and algType = "BLOCK_MODE" - or - name = "aria-256-ctr" and nid = 1079 and normalized = "ARIA" and algType = "SYMMETRIC_ENCRYPTION" - or - name = "aria-256-ecb" and nid = 1075 and normalized = "ECB" and algType = "BLOCK_MODE" - or - name = "aria-256-ecb" and nid = 1075 and normalized = "ARIA" and algType = "SYMMETRIC_ENCRYPTION" - or - name = "aria-256-ofb" and nid = 1078 and normalized = "OFB" and algType = "BLOCK_MODE" - or - name = "aria-256-ofb" and nid = 1078 and normalized = "ARIA" and algType = "SYMMETRIC_ENCRYPTION" - or - name = "aria-256-cfb1" and nid = 1082 and normalized = "CFB" and algType = "BLOCK_MODE" - or - name = "aria-256-cfb1" and nid = 1082 and normalized = "ARIA" and algType = "SYMMETRIC_ENCRYPTION" - or - name = "aria-256-cfb8" and nid = 1085 and normalized = "ARIA" and algType = "SYMMETRIC_ENCRYPTION" - or - name = "aria-256-cfb8" and nid = 1085 and normalized = "CFB8" and algType = "BLOCK_MODE" - or - name = "camellia-128-cbc" and nid = 751 and normalized = "CAMELLIA128" and algType = "SYMMETRIC_ENCRYPTION" - or - name = "camellia-128-cbc" and nid = 751 and normalized = "CBC" and algType = "BLOCK_MODE" - or - name = "camellia-128-ecb" and nid = 754 and normalized = "CAMELLIA128" and algType = "SYMMETRIC_ENCRYPTION" - or - name = "camellia-128-ecb" and nid = 754 and normalized = "ECB" and algType = "BLOCK_MODE" - or - name = "camellia-192-cbc" and nid = 752 and normalized = "CAMELLIA192" and algType = "SYMMETRIC_ENCRYPTION" - or - name = "camellia-192-cbc" and nid = 752 and normalized = "CBC" and algType = "BLOCK_MODE" - or - name = "camellia-192-ecb" and nid = 755 and normalized = "CAMELLIA192" and algType = "SYMMETRIC_ENCRYPTION" - or - name = "camellia-192-ecb" and nid = 755 and normalized = "ECB" and algType = "BLOCK_MODE" - or - name = "camellia-256-cbc" and nid = 753 and normalized = "CAMELLIA256" and algType = "SYMMETRIC_ENCRYPTION" - or - name = "camellia-256-cbc" and nid = 753 and normalized = "CBC" and algType = "BLOCK_MODE" - or - name = "camellia-256-ecb" and nid = 756 and normalized = "CAMELLIA256" and algType = "SYMMETRIC_ENCRYPTION" - or - name = "camellia-256-ecb" and nid = 756 and normalized = "ECB" and algType = "BLOCK_MODE" - or - name = "rc4" and nid = 5 and normalized = "RC4" and algType = "SYMMETRIC_ENCRYPTION" - or - name = "rc4-40" and nid = 97 and normalized = "RC4" and algType = "SYMMETRIC_ENCRYPTION" - or - name = "des-ecb" and nid = 29 and normalized = "DES" and algType = "SYMMETRIC_ENCRYPTION" - or - name = "des-ecb" and nid = 29 and normalized = "ECB" and algType = "BLOCK_MODE" - or - name = "des-ede" and nid = 32 and normalized = "DES" and algType = "SYMMETRIC_ENCRYPTION" - or - name = "des-ede3" and nid = 33 and normalized = "DES" and algType = "SYMMETRIC_ENCRYPTION" - or - name = "des-ede3" and nid = 33 and normalized = "ECB" and algType = "BLOCK_MODE" - or - name = "des-cbc" and nid = 31 and normalized = "DES" and algType = "SYMMETRIC_ENCRYPTION" - or - name = "des-cbc" and nid = 31 and normalized = "CBC" and algType = "BLOCK_MODE" - or - name = "des-ede-cbc" and nid = 43 and normalized = "DES" and algType = "SYMMETRIC_ENCRYPTION" - or - name = "des-ede-cbc" and nid = 43 and normalized = "ECB" and algType = "BLOCK_MODE" - or - name = "des-ede-cbc" and nid = 43 and normalized = "CBC" and algType = "BLOCK_MODE" - or - name = "des-ede3-cbc" and nid = 44 and normalized = "DES" and algType = "SYMMETRIC_ENCRYPTION" - or - name = "des-ede3-cbc" and nid = 44 and normalized = "CBC" and algType = "BLOCK_MODE" - or - name = "des-cfb" and nid = 30 and normalized = "DES" and algType = "SYMMETRIC_ENCRYPTION" - or - name = "des-cfb" and nid = 30 and normalized = "CFB" and algType = "BLOCK_MODE" - or - name = "des-ede-cfb" and nid = 60 and normalized = "DES" and algType = "SYMMETRIC_ENCRYPTION" - or - name = "des-ede-cfb" and nid = 60 and normalized = "CFB" and algType = "BLOCK_MODE" - or - name = "des-ede3-cfb" and nid = 61 and normalized = "DES" and algType = "SYMMETRIC_ENCRYPTION" - or - name = "des-ede3-cfb" and nid = 61 and normalized = "CFB" and algType = "BLOCK_MODE" - or - name = "des-ofb" and nid = 45 and normalized = "DES" and algType = "SYMMETRIC_ENCRYPTION" - or - name = "des-ofb" and nid = 45 and normalized = "OFB" and algType = "BLOCK_MODE" - or - name = "des-ede-ofb" and nid = 62 and normalized = "DES" and algType = "SYMMETRIC_ENCRYPTION" - or - name = "des-ede-ofb" and nid = 62 and normalized = "OFB" and algType = "BLOCK_MODE" - or - name = "des-ede3-ofb" and nid = 63 and normalized = "DES" and algType = "SYMMETRIC_ENCRYPTION" - or - name = "des-ede3-ofb" and nid = 63 and normalized = "OFB" and algType = "BLOCK_MODE" - or - name = "idea-cbc" and nid = 34 and normalized = "IDEA" and algType = "SYMMETRIC_ENCRYPTION" - or - name = "idea-cbc" and nid = 34 and normalized = "CBC" and algType = "BLOCK_MODE" - or - name = "idea-ecb" and nid = 36 and normalized = "IDEA" and algType = "SYMMETRIC_ENCRYPTION" - or - name = "idea-ecb" and nid = 36 and normalized = "ECB" and algType = "BLOCK_MODE" - or - name = "idea-cfb" and nid = 35 and normalized = "IDEA" and algType = "SYMMETRIC_ENCRYPTION" - or - name = "idea-cfb" and nid = 35 and normalized = "CFB" and algType = "BLOCK_MODE" - or - name = "idea-ofb" and nid = 46 and normalized = "IDEA" and algType = "SYMMETRIC_ENCRYPTION" - or - name = "idea-ofb" and nid = 46 and normalized = "OFB" and algType = "BLOCK_MODE" - or - name = "seed-cbc" and nid = 777 and normalized = "SEED" and algType = "SYMMETRIC_ENCRYPTION" - or - name = "seed-cbc" and nid = 777 and normalized = "CBC" and algType = "BLOCK_MODE" - or - name = "seed-ecb" and nid = 776 and normalized = "SEED" and algType = "SYMMETRIC_ENCRYPTION" - or - name = "seed-ecb" and nid = 776 and normalized = "ECB" and algType = "BLOCK_MODE" - or - name = "seed-cfb" and nid = 779 and normalized = "SEED" and algType = "SYMMETRIC_ENCRYPTION" - or - name = "seed-cfb" and nid = 779 and normalized = "CFB" and algType = "BLOCK_MODE" - or - name = "seed-ofb" and nid = 778 and normalized = "SEED" and algType = "SYMMETRIC_ENCRYPTION" - or - name = "seed-ofb" and nid = 778 and normalized = "OFB" and algType = "BLOCK_MODE" - or - name = "rc2-cbc" and nid = 37 and normalized = "RC2" and algType = "SYMMETRIC_ENCRYPTION" - or - name = "rc2-cbc" and nid = 37 and normalized = "CBC" and algType = "BLOCK_MODE" - or - name = "rc2-ecb" and nid = 38 and normalized = "RC2" and algType = "SYMMETRIC_ENCRYPTION" - or - name = "rc2-ecb" and nid = 38 and normalized = "ECB" and algType = "BLOCK_MODE" - or - name = "rc2-cfb" and nid = 39 and normalized = "RC2" and algType = "SYMMETRIC_ENCRYPTION" - or - name = "rc2-cfb" and nid = 39 and normalized = "CFB" and algType = "BLOCK_MODE" - or - name = "rc2-ofb" and nid = 40 and normalized = "RC2" and algType = "SYMMETRIC_ENCRYPTION" - or - name = "rc2-ofb" and nid = 40 and normalized = "OFB" and algType = "BLOCK_MODE" - or - name = "rc2-64-cbc" and nid = 166 and normalized = "RC2" and algType = "SYMMETRIC_ENCRYPTION" - or - name = "rc2-64-cbc" and nid = 166 and normalized = "CBC" and algType = "BLOCK_MODE" - or - name = "rc2-40-cbc" and nid = 98 and normalized = "RC2" and algType = "SYMMETRIC_ENCRYPTION" - or - name = "rc2-40-cbc" and nid = 98 and normalized = "CBC" and algType = "BLOCK_MODE" - or - name = "bf-cbc" and nid = 91 and normalized = "BF" and algType = "SYMMETRIC_ENCRYPTION" - or - name = "bf-cbc" and nid = 91 and normalized = "CBC" and algType = "BLOCK_MODE" - or - name = "bf-ecb" and nid = 92 and normalized = "BF" and algType = "SYMMETRIC_ENCRYPTION" - or - name = "bf-ecb" and nid = 92 and normalized = "ECB" and algType = "BLOCK_MODE" - or - name = "bf-cfb" and nid = 93 and normalized = "BF" and algType = "SYMMETRIC_ENCRYPTION" - or - name = "bf-cfb" and nid = 93 and normalized = "CFB" and algType = "BLOCK_MODE" - or - name = "bf-ofb" and nid = 94 and normalized = "BF" and algType = "SYMMETRIC_ENCRYPTION" - or - name = "bf-ofb" and nid = 94 and normalized = "OFB" and algType = "BLOCK_MODE" - or - name = "cast5-cbc" and nid = 108 and normalized = "CBC" and algType = "BLOCK_MODE" - or - name = "cast5-cbc" and nid = 108 and normalized = "CAST5" and algType = "SYMMETRIC_ENCRYPTION" - or - name = "cast5-ecb" and nid = 109 and normalized = "ECB" and algType = "BLOCK_MODE" - or - name = "cast5-ecb" and nid = 109 and normalized = "CAST5" and algType = "SYMMETRIC_ENCRYPTION" - or - name = "cast5-cfb" and nid = 110 and normalized = "CFB" and algType = "BLOCK_MODE" - or - name = "cast5-cfb" and nid = 110 and normalized = "CAST5" and algType = "SYMMETRIC_ENCRYPTION" - or - name = "cast5-ofb" and nid = 111 and normalized = "OFB" and algType = "BLOCK_MODE" - or - name = "cast5-ofb" and nid = 111 and normalized = "CAST5" and algType = "SYMMETRIC_ENCRYPTION" - or - name = "sm4-cbc" and nid = 1134 and normalized = "SM4" and algType = "SYMMETRIC_ENCRYPTION" - or - name = "sm4-cbc" and nid = 1134 and normalized = "CBC" and algType = "BLOCK_MODE" - or - name = "sm4-ecb" and nid = 1133 and normalized = "SM4" and algType = "SYMMETRIC_ENCRYPTION" - or - name = "sm4-ecb" and nid = 1133 and normalized = "ECB" and algType = "BLOCK_MODE" - or - name = "sm4-cfb" and nid = 1137 and normalized = "SM4" and algType = "SYMMETRIC_ENCRYPTION" - or - name = "sm4-cfb" and nid = 1137 and normalized = "CFB" and algType = "BLOCK_MODE" - or - name = "sm4-ofb" and nid = 1135 and normalized = "SM4" and algType = "SYMMETRIC_ENCRYPTION" - or - name = "sm4-ofb" and nid = 1135 and normalized = "OFB" and algType = "BLOCK_MODE" - or - name = "sm4-ctr" and nid = 1139 and normalized = "SM4" and algType = "SYMMETRIC_ENCRYPTION" - or - name = "sm4-ctr" and nid = 1139 and normalized = "CTR" and algType = "BLOCK_MODE" - or - name = "aes-128-gcm" and nid = 895 and normalized = "AES128" and algType = "SYMMETRIC_ENCRYPTION" - or - name = "aes-128-gcm" and nid = 895 and normalized = "GCM" and algType = "BLOCK_MODE" - or - name = "secp160r1" and nid = 709 and normalized = "SECP160R1" and algType = "ELLIPTIC_CURVE" - or - name = "ripemd160" and nid = 117 and normalized = "RIPEMD160" and algType = "HASH" - or - name = "whirlpool" and nid = 804 and normalized = "WHIRLPOOL" and algType = "HASH" - or - name = "rc5-cbc" and nid = 120 and normalized = "CBC" and algType = "BLOCK_MODE" - or - name = "rc5-cbc" and nid = 120 and normalized = "RC5" and algType = "SYMMETRIC_ENCRYPTION" - or - name = "pss" and nid = 435 and normalized = "PSS" and algType = "ASYMMETRIC_PADDING" - or - name = "id-aes128-wrap" and nid = 788 and normalized = "AES128" and algType = "SYMMETRIC_ENCRYPTION" - or - name = "id-aes192-wrap" and nid = 789 and normalized = "AES192" and algType = "SYMMETRIC_ENCRYPTION" - or - name = "id-aes256-wrap" and nid = 790 and normalized = "AES256" and algType = "SYMMETRIC_ENCRYPTION" - or - name = "id-aes128-wrap-pad" and nid = 897 and normalized = "AES128" and algType = "SYMMETRIC_ENCRYPTION" - or - name = "id-aes192-wrap-pad" and nid = 900 and normalized = "AES192" and algType = "SYMMETRIC_ENCRYPTION" - or - name = "id-aes256-wrap-pad" and nid = 903 and normalized = "AES256" and algType = "SYMMETRIC_ENCRYPTION" - or - name = "chacha20" and nid = 1019 and normalized = "CHACHA20" and algType = "SYMMETRIC_ENCRYPTION" - or - name = "secp112r1" and nid = 704 and normalized = "SECP112R1" and algType = "ELLIPTIC_CURVE" - or - name = "secp112r2" and nid = 705 and normalized = "SECP112R2" and algType = "ELLIPTIC_CURVE" - or - name = "secp128r1" and nid = 706 and normalized = "SECP128R1" and algType = "ELLIPTIC_CURVE" - or - name = "secp128r2" and nid = 707 and normalized = "SECP128R2" and algType = "ELLIPTIC_CURVE" - or - name = "secp160k1" and nid = 708 and normalized = "SECP160K1" and algType = "ELLIPTIC_CURVE" - or - name = "secp160r2" and nid = 710 and normalized = "SECP160R2" and algType = "ELLIPTIC_CURVE" - or - name = "secp192k1" and nid = 711 and normalized = "SECP192K1" and algType = "ELLIPTIC_CURVE" - or - name = "secp224k1" and nid = 712 and normalized = "SECP224K1" and algType = "ELLIPTIC_CURVE" - or - name = "secp224r1" and nid = 713 and normalized = "SECP224R1" and algType = "ELLIPTIC_CURVE" - or - name = "secp256k1" and nid = 714 and normalized = "SECP256K1" and algType = "ELLIPTIC_CURVE" - or - name = "secp384r1" and nid = 715 and normalized = "SECP384R1" and algType = "ELLIPTIC_CURVE" - or - name = "secp521r1" and nid = 716 and normalized = "SECP521R1" and algType = "ELLIPTIC_CURVE" - or - name = "prime192v2" and nid = 410 and normalized = "PRIME192V2" and algType = "ELLIPTIC_CURVE" - or - name = "prime192v3" and nid = 411 and normalized = "PRIME192V3" and algType = "ELLIPTIC_CURVE" - or - name = "prime239v1" and nid = 412 and normalized = "PRIME239V1" and algType = "ELLIPTIC_CURVE" - or - name = "prime239v2" and nid = 413 and normalized = "PRIME239V2" and algType = "ELLIPTIC_CURVE" - or - name = "prime239v3" and nid = 414 and normalized = "PRIME239V3" and algType = "ELLIPTIC_CURVE" - or - name = "sect113r1" and nid = 717 and normalized = "SECT113R1" and algType = "ELLIPTIC_CURVE" - or - name = "sect113r2" and nid = 718 and normalized = "SECT113R2" and algType = "ELLIPTIC_CURVE" - or - name = "sect131r1" and nid = 719 and normalized = "SECT131R1" and algType = "ELLIPTIC_CURVE" - or - name = "sect131r2" and nid = 720 and normalized = "SECT131R2" and algType = "ELLIPTIC_CURVE" - or - name = "sect163k1" and nid = 721 and normalized = "SECT163K1" and algType = "ELLIPTIC_CURVE" - or - name = "sect163r1" and nid = 722 and normalized = "SECT163R1" and algType = "ELLIPTIC_CURVE" - or - name = "sect163r2" and nid = 723 and normalized = "SECT163R2" and algType = "ELLIPTIC_CURVE" - or - name = "sect193r1" and nid = 724 and normalized = "SECT193R1" and algType = "ELLIPTIC_CURVE" - or - name = "sect193r2" and nid = 725 and normalized = "SECT193R2" and algType = "ELLIPTIC_CURVE" - or - name = "sect233k1" and nid = 726 and normalized = "SECT233K1" and algType = "ELLIPTIC_CURVE" - or - name = "sect233r1" and nid = 727 and normalized = "SECT233R1" and algType = "ELLIPTIC_CURVE" - or - name = "sect239k1" and nid = 728 and normalized = "SECT239K1" and algType = "ELLIPTIC_CURVE" - or - name = "sect283k1" and nid = 729 and normalized = "SECT283K1" and algType = "ELLIPTIC_CURVE" - or - name = "sect283r1" and nid = 730 and normalized = "SECT283R1" and algType = "ELLIPTIC_CURVE" - or - name = "sect409k1" and nid = 731 and normalized = "SECT409K1" and algType = "ELLIPTIC_CURVE" - or - name = "sect409r1" and nid = 732 and normalized = "SECT409R1" and algType = "ELLIPTIC_CURVE" - or - name = "sect571k1" and nid = 733 and normalized = "SECT571K1" and algType = "ELLIPTIC_CURVE" - or - name = "sect571r1" and nid = 734 and normalized = "SECT571R1" and algType = "ELLIPTIC_CURVE" - or - name = "c2pnb163v1" and nid = 684 and normalized = "C2PNB163V1" and algType = "ELLIPTIC_CURVE" - or - name = "c2pnb163v2" and nid = 685 and normalized = "C2PNB163V2" and algType = "ELLIPTIC_CURVE" - or - name = "c2pnb163v3" and nid = 686 and normalized = "C2PNB163V3" and algType = "ELLIPTIC_CURVE" - or - name = "c2pnb176v1" and nid = 687 and normalized = "C2PNB176V1" and algType = "ELLIPTIC_CURVE" - or - name = "c2tnb191v1" and nid = 688 and normalized = "C2TNB191V1" and algType = "ELLIPTIC_CURVE" - or - name = "c2tnb191v2" and nid = 689 and normalized = "C2TNB191V2" and algType = "ELLIPTIC_CURVE" - or - name = "c2tnb191v3" and nid = 690 and normalized = "C2TNB191V3" and algType = "ELLIPTIC_CURVE" - or - name = "c2pnb208w1" and nid = 693 and normalized = "C2PNB208W1" and algType = "ELLIPTIC_CURVE" - or - name = "c2tnb239v1" and nid = 694 and normalized = "C2TNB239V1" and algType = "ELLIPTIC_CURVE" - or - name = "c2tnb239v2" and nid = 695 and normalized = "C2TNB239V2" and algType = "ELLIPTIC_CURVE" - or - name = "c2tnb239v3" and nid = 696 and normalized = "C2TNB239V3" and algType = "ELLIPTIC_CURVE" - or - name = "c2pnb272w1" and nid = 699 and normalized = "C2PNB272W1" and algType = "ELLIPTIC_CURVE" - or - name = "c2pnb304w1" and nid = 700 and normalized = "C2PNB304W1" and algType = "ELLIPTIC_CURVE" - or - name = "c2tnb359v1" and nid = 701 and normalized = "C2TNB359V1" and algType = "ELLIPTIC_CURVE" - or - name = "c2pnb368w1" and nid = 702 and normalized = "C2PNB368W1" and algType = "ELLIPTIC_CURVE" - or - name = "c2tnb431r1" and nid = 703 and normalized = "C2TNB431R1" and algType = "ELLIPTIC_CURVE" - or - name = "pkcs5" and nid = 187 and normalized = "PKCS5" and algType = "KEY_DERIVATION" - or - name = "aes-256-gcm" and nid = 901 and normalized = "AES256" and algType = "SYMMETRIC_ENCRYPTION" - or - name = "aes-256-gcm" and nid = 901 and normalized = "GCM" and algType = "BLOCK_MODE" - or - name = "chacha20-poly1305" and nid = 1018 and normalized = "POLY1305" and algType = "HASH" - or - name = "chacha20-poly1305" and nid = 1018 and normalized = "CHACHA20POLY1305" and algType = "SYMMETRIC_ENCRYPTION" - or - name = "rsadsi" and nid = 1 and normalized = "RSA" and algType = "ASYMMETRIC_ENCRYPTION" - or - name = "pkcs7-data" and nid = 21 and normalized = "PKCS7" and algType = "SYMMETRIC_PADDING" - or - name = "desx-cbc" and nid = 80 and normalized = "DESX" and algType = "SYMMETRIC_ENCRYPTION" - or - name = "desx-cbc" and nid = 80 and normalized = "CBC" and algType = "BLOCK_MODE" - or - name = "md5-sha1" and nid = 114 and normalized = "SHA1" and algType = "HASH" - or - name = "rc5-ecb" and nid = 121 and normalized = "ECB" and algType = "BLOCK_MODE" - or - name = "rc5-ecb" and nid = 121 and normalized = "RC5" and algType = "SYMMETRIC_ENCRYPTION" - or - name = "rc5-cfb" and nid = 122 and normalized = "CFB" and algType = "BLOCK_MODE" - or - name = "rc5-cfb" and nid = 122 and normalized = "RC5" and algType = "SYMMETRIC_ENCRYPTION" - or - name = "rc5-ofb" and nid = 123 and normalized = "OFB" and algType = "BLOCK_MODE" - or - name = "rc5-ofb" and nid = 123 and normalized = "RC5" and algType = "SYMMETRIC_ENCRYPTION" - or - name = "id-alg-des40" and nid = 323 and normalized = "DES" and algType = "SYMMETRIC_ENCRYPTION" - or - name = "id-alg-dh-sig-hmac-sha1" and nid = 325 and normalized = "SHA1" and algType = "HASH" - or - name = "aes-128-ofb" and nid = 420 and normalized = "AES128" and algType = "SYMMETRIC_ENCRYPTION" - or - name = "aes-128-ofb" and nid = 420 and normalized = "OFB" and algType = "BLOCK_MODE" - or - name = "aes-128-cfb" and nid = 421 and normalized = "AES128" and algType = "SYMMETRIC_ENCRYPTION" - or - name = "aes-128-cfb" and nid = 421 and normalized = "CFB" and algType = "BLOCK_MODE" - or - name = "aes-192-ofb" and nid = 424 and normalized = "AES192" and algType = "SYMMETRIC_ENCRYPTION" - or - name = "aes-192-ofb" and nid = 424 and normalized = "OFB" and algType = "BLOCK_MODE" - or - name = "aes-192-cfb" and nid = 425 and normalized = "AES192" and algType = "SYMMETRIC_ENCRYPTION" - or - name = "aes-192-cfb" and nid = 425 and normalized = "CFB" and algType = "BLOCK_MODE" - or - name = "aes-256-ofb" and nid = 428 and normalized = "AES256" and algType = "SYMMETRIC_ENCRYPTION" - or - name = "aes-256-ofb" and nid = 428 and normalized = "OFB" and algType = "BLOCK_MODE" - or - name = "aes-256-cfb" and nid = 429 and normalized = "AES256" and algType = "SYMMETRIC_ENCRYPTION" - or - name = "aes-256-cfb" and nid = 429 and normalized = "CFB" and algType = "BLOCK_MODE" - or - name = "des-cdmf" and nid = 643 and normalized = "DES" and algType = "SYMMETRIC_ENCRYPTION" - or - name = "aes-128-cfb1" and nid = 650 and normalized = "AES128" and algType = "SYMMETRIC_ENCRYPTION" - or - name = "aes-128-cfb1" and nid = 650 and normalized = "CFB" and algType = "BLOCK_MODE" - or - name = "aes-192-cfb1" and nid = 651 and normalized = "AES192" and algType = "SYMMETRIC_ENCRYPTION" - or - name = "aes-192-cfb1" and nid = 651 and normalized = "CFB" and algType = "BLOCK_MODE" - or - name = "aes-256-cfb1" and nid = 652 and normalized = "AES256" and algType = "SYMMETRIC_ENCRYPTION" - or - name = "aes-256-cfb1" and nid = 652 and normalized = "CFB" and algType = "BLOCK_MODE" - or - name = "aes-128-cfb8" and nid = 653 and normalized = "AES128" and algType = "SYMMETRIC_ENCRYPTION" - or - name = "aes-128-cfb8" and nid = 653 and normalized = "CFB8" and algType = "BLOCK_MODE" - or - name = "aes-192-cfb8" and nid = 654 and normalized = "AES192" and algType = "SYMMETRIC_ENCRYPTION" - or - name = "aes-192-cfb8" and nid = 654 and normalized = "CFB8" and algType = "BLOCK_MODE" - or - name = "aes-256-cfb8" and nid = 655 and normalized = "AES256" and algType = "SYMMETRIC_ENCRYPTION" - or - name = "aes-256-cfb8" and nid = 655 and normalized = "CFB8" and algType = "BLOCK_MODE" - or - name = "des-cfb1" and nid = 656 and normalized = "DES" and algType = "SYMMETRIC_ENCRYPTION" - or - name = "des-cfb1" and nid = 656 and normalized = "CFB" and algType = "BLOCK_MODE" - or - name = "des-cfb8" and nid = 657 and normalized = "DES" and algType = "SYMMETRIC_ENCRYPTION" - or - name = "des-cfb8" and nid = 657 and normalized = "CFB8" and algType = "BLOCK_MODE" - or - name = "des-ede3-cfb1" and nid = 658 and normalized = "DES" and algType = "SYMMETRIC_ENCRYPTION" - or - name = "des-ede3-cfb1" and nid = 658 and normalized = "CFB" and algType = "BLOCK_MODE" - or - name = "des-ede3-cfb8" and nid = 659 and normalized = "DES" and algType = "SYMMETRIC_ENCRYPTION" - or - name = "des-ede3-cfb8" and nid = 659 and normalized = "CFB8" and algType = "BLOCK_MODE" - or - name = "c2onb191v4" and nid = 691 and normalized = "C2ONB191V4" and algType = "ELLIPTIC_CURVE" - or - name = "c2onb191v5" and nid = 692 and normalized = "C2ONB191V5" and algType = "ELLIPTIC_CURVE" - or - name = "c2onb239v4" and nid = 697 and normalized = "C2ONB239V4" and algType = "ELLIPTIC_CURVE" - or - name = "c2onb239v5" and nid = 698 and normalized = "C2ONB239V5" and algType = "ELLIPTIC_CURVE" - or - name = "camellia-128-cfb" and nid = 757 and normalized = "CAMELLIA128" and algType = "SYMMETRIC_ENCRYPTION" - or - name = "camellia-128-cfb" and nid = 757 and normalized = "CFB" and algType = "BLOCK_MODE" - or - name = "camellia-192-cfb" and nid = 758 and normalized = "CAMELLIA192" and algType = "SYMMETRIC_ENCRYPTION" - or - name = "camellia-192-cfb" and nid = 758 and normalized = "CFB" and algType = "BLOCK_MODE" - or - name = "camellia-256-cfb" and nid = 759 and normalized = "CAMELLIA256" and algType = "SYMMETRIC_ENCRYPTION" - or - name = "camellia-256-cfb" and nid = 759 and normalized = "CFB" and algType = "BLOCK_MODE" - or - name = "camellia-128-cfb1" and nid = 760 and normalized = "CAMELLIA128" and algType = "SYMMETRIC_ENCRYPTION" - or - name = "camellia-128-cfb1" and nid = 760 and normalized = "CFB" and algType = "BLOCK_MODE" - or - name = "camellia-192-cfb1" and nid = 761 and normalized = "CAMELLIA192" and algType = "SYMMETRIC_ENCRYPTION" - or - name = "camellia-192-cfb1" and nid = 761 and normalized = "CFB" and algType = "BLOCK_MODE" - or - name = "camellia-256-cfb1" and nid = 762 and normalized = "CAMELLIA256" and algType = "SYMMETRIC_ENCRYPTION" - or - name = "camellia-256-cfb1" and nid = 762 and normalized = "CFB" and algType = "BLOCK_MODE" - or - name = "camellia-128-cfb8" and nid = 763 and normalized = "CAMELLIA128" and algType = "SYMMETRIC_ENCRYPTION" - or - name = "camellia-128-cfb8" and nid = 763 and normalized = "CFB8" and algType = "BLOCK_MODE" - or - name = "camellia-192-cfb8" and nid = 764 and normalized = "CAMELLIA192" and algType = "SYMMETRIC_ENCRYPTION" - or - name = "camellia-192-cfb8" and nid = 764 and normalized = "CFB8" and algType = "BLOCK_MODE" - or - name = "camellia-256-cfb8" and nid = 765 and normalized = "CAMELLIA256" and algType = "SYMMETRIC_ENCRYPTION" - or - name = "camellia-256-cfb8" and nid = 765 and normalized = "CFB8" and algType = "BLOCK_MODE" - or - name = "camellia-128-ofb" and nid = 766 and normalized = "CAMELLIA128" and algType = "SYMMETRIC_ENCRYPTION" - or - name = "camellia-128-ofb" and nid = 766 and normalized = "OFB" and algType = "BLOCK_MODE" - or - name = "camellia-192-ofb" and nid = 767 and normalized = "CAMELLIA192" and algType = "SYMMETRIC_ENCRYPTION" - or - name = "camellia-192-ofb" and nid = 767 and normalized = "OFB" and algType = "BLOCK_MODE" - or - name = "camellia-256-ofb" and nid = 768 and normalized = "CAMELLIA256" and algType = "SYMMETRIC_ENCRYPTION" - or - name = "camellia-256-ofb" and nid = 768 and normalized = "OFB" and algType = "BLOCK_MODE" - or - name = "hmac-md5" and nid = 780 and normalized = "MD5" and algType = "HASH" - or - name = "hmac-sha1" and nid = 781 and normalized = "SHA1" and algType = "HASH" - or - name = "md_gost94" and nid = 809 and normalized = "GOST94" and algType = "SYMMETRIC_ENCRYPTION" - or - name = "gost94" and nid = 812 and normalized = "GOST94" and algType = "SYMMETRIC_ENCRYPTION" - or - name = "gost89" and nid = 813 and normalized = "GOST89" and algType = "SYMMETRIC_ENCRYPTION" - or - name = "gost89-cnt" and nid = 814 and normalized = "GOST89" and algType = "SYMMETRIC_ENCRYPTION" - or - name = "gost-mac" and nid = 815 and normalized = "GOST" and algType = "SYMMETRIC_ENCRYPTION" - or - name = "prf-gostr3411-94" and nid = 816 and normalized = "GOSTR341194" and algType = "SYMMETRIC_ENCRYPTION" - or - name = "gost94cc" and nid = 850 and normalized = "GOST94" and algType = "SYMMETRIC_ENCRYPTION" - or - name = "gost2001cc" and nid = 851 and normalized = "GOST" and algType = "SYMMETRIC_ENCRYPTION" - or - name = "aes-128-ccm" and nid = 896 and normalized = "AES128" and algType = "SYMMETRIC_ENCRYPTION" - or - name = "aes-128-ccm" and nid = 896 and normalized = "CCM" and algType = "BLOCK_MODE" - or - name = "aes-192-gcm" and nid = 898 and normalized = "AES192" and algType = "SYMMETRIC_ENCRYPTION" - or - name = "aes-192-gcm" and nid = 898 and normalized = "GCM" and algType = "BLOCK_MODE" - or - name = "aes-192-ccm" and nid = 899 and normalized = "AES192" and algType = "SYMMETRIC_ENCRYPTION" - or - name = "aes-192-ccm" and nid = 899 and normalized = "CCM" and algType = "BLOCK_MODE" - or - name = "aes-256-ccm" and nid = 902 and normalized = "AES256" and algType = "SYMMETRIC_ENCRYPTION" - or - name = "aes-256-ccm" and nid = 902 and normalized = "CCM" and algType = "BLOCK_MODE" - or - name = "aes-128-ctr" and nid = 904 and normalized = "AES128" and algType = "SYMMETRIC_ENCRYPTION" - or - name = "aes-128-ctr" and nid = 904 and normalized = "CTR" and algType = "BLOCK_MODE" - or - name = "aes-192-ctr" and nid = 905 and normalized = "AES192" and algType = "SYMMETRIC_ENCRYPTION" - or - name = "aes-192-ctr" and nid = 905 and normalized = "CTR" and algType = "BLOCK_MODE" - or - name = "aes-256-ctr" and nid = 906 and normalized = "AES256" and algType = "SYMMETRIC_ENCRYPTION" - or - name = "aes-256-ctr" and nid = 906 and normalized = "CTR" and algType = "BLOCK_MODE" - or - name = "id-camellia128-wrap" and nid = 907 and normalized = "CAMELLIA128" and algType = "SYMMETRIC_ENCRYPTION" - or - name = "id-camellia192-wrap" and nid = 908 and normalized = "CAMELLIA192" and algType = "SYMMETRIC_ENCRYPTION" - or - name = "id-camellia256-wrap" and nid = 909 and normalized = "CAMELLIA256" and algType = "SYMMETRIC_ENCRYPTION" - or - name = "mgf1" and nid = 911 and normalized = "MGF1" and algType = "HASH" - or - name = "aes-128-xts" and nid = 913 and normalized = "AES128" and algType = "SYMMETRIC_ENCRYPTION" - or - name = "aes-128-xts" and nid = 913 and normalized = "XTS" and algType = "BLOCK_MODE" - or - name = "aes-256-xts" and nid = 914 and normalized = "AES256" and algType = "SYMMETRIC_ENCRYPTION" - or - name = "aes-256-xts" and nid = 914 and normalized = "XTS" and algType = "BLOCK_MODE" - or - name = "rc4-hmac-md5" and nid = 915 and normalized = "MD5" and algType = "HASH" - or - name = "rc4-hmac-md5" and nid = 915 and normalized = "RC4" and algType = "SYMMETRIC_ENCRYPTION" - or - name = "aes-128-cbc-hmac-sha1" and nid = 916 and normalized = "SHA1" and algType = "HASH" - or - name = "aes-128-cbc-hmac-sha1" and nid = 916 and normalized = "AES128" and algType = "SYMMETRIC_ENCRYPTION" - or - name = "aes-128-cbc-hmac-sha1" and nid = 916 and normalized = "CBC" and algType = "BLOCK_MODE" - or - name = "aes-192-cbc-hmac-sha1" and nid = 917 and normalized = "SHA1" and algType = "HASH" - or - name = "aes-192-cbc-hmac-sha1" and nid = 917 and normalized = "AES192" and algType = "SYMMETRIC_ENCRYPTION" - or - name = "aes-192-cbc-hmac-sha1" and nid = 917 and normalized = "CBC" and algType = "BLOCK_MODE" - or - name = "aes-256-cbc-hmac-sha1" and nid = 918 and normalized = "AES256" and algType = "SYMMETRIC_ENCRYPTION" - or - name = "aes-256-cbc-hmac-sha1" and nid = 918 and normalized = "CBC" and algType = "BLOCK_MODE" - or - name = "aes-128-cbc-hmac-sha256" and nid = 948 and normalized = "SHA256" and algType = "HASH" - or - name = "aes-128-cbc-hmac-sha256" and nid = 948 and normalized = "AES128" and algType = "SYMMETRIC_ENCRYPTION" - or - name = "aes-128-cbc-hmac-sha256" and nid = 948 and normalized = "CBC" and algType = "BLOCK_MODE" - or - name = "aes-192-cbc-hmac-sha256" and nid = 949 and normalized = "SHA256" and algType = "HASH" - or - name = "aes-192-cbc-hmac-sha256" and nid = 949 and normalized = "AES192" and algType = "SYMMETRIC_ENCRYPTION" - or - name = "aes-192-cbc-hmac-sha256" and nid = 949 and normalized = "CBC" and algType = "BLOCK_MODE" - or - name = "aes-256-cbc-hmac-sha256" and nid = 950 and normalized = "SHA256" and algType = "HASH" - or - name = "aes-256-cbc-hmac-sha256" and nid = 950 and normalized = "AES256" and algType = "SYMMETRIC_ENCRYPTION" - or - name = "aes-256-cbc-hmac-sha256" and nid = 950 and normalized = "CBC" and algType = "BLOCK_MODE" - or - name = "aes-128-ocb" and nid = 958 and normalized = "AES128" and algType = "SYMMETRIC_ENCRYPTION" - or - name = "aes-192-ocb" and nid = 959 and normalized = "AES192" and algType = "SYMMETRIC_ENCRYPTION" - or - name = "aes-256-ocb" and nid = 960 and normalized = "AES256" and algType = "SYMMETRIC_ENCRYPTION" - or - name = "camellia-128-gcm" and nid = 961 and normalized = "CAMELLIA128" and algType = "SYMMETRIC_ENCRYPTION" - or - name = "camellia-128-gcm" and nid = 961 and normalized = "GCM" and algType = "BLOCK_MODE" - or - name = "camellia-128-ccm" and nid = 962 and normalized = "CAMELLIA128" and algType = "SYMMETRIC_ENCRYPTION" - or - name = "camellia-128-ccm" and nid = 962 and normalized = "CCM" and algType = "BLOCK_MODE" - or - name = "camellia-128-ctr" and nid = 963 and normalized = "CAMELLIA128" and algType = "SYMMETRIC_ENCRYPTION" - or - name = "camellia-128-ctr" and nid = 963 and normalized = "CTR" and algType = "BLOCK_MODE" - or - name = "camellia-128-cmac" and nid = 964 and normalized = "CAMELLIA128" and algType = "SYMMETRIC_ENCRYPTION" - or - name = "camellia-192-gcm" and nid = 965 and normalized = "CAMELLIA192" and algType = "SYMMETRIC_ENCRYPTION" - or - name = "camellia-192-gcm" and nid = 965 and normalized = "GCM" and algType = "BLOCK_MODE" - or - name = "camellia-192-ccm" and nid = 966 and normalized = "CAMELLIA192" and algType = "SYMMETRIC_ENCRYPTION" - or - name = "camellia-192-ccm" and nid = 966 and normalized = "CCM" and algType = "BLOCK_MODE" - or - name = "camellia-192-ctr" and nid = 967 and normalized = "CAMELLIA192" and algType = "SYMMETRIC_ENCRYPTION" - or - name = "camellia-192-ctr" and nid = 967 and normalized = "CTR" and algType = "BLOCK_MODE" - or - name = "camellia-192-cmac" and nid = 968 and normalized = "CAMELLIA192" and algType = "SYMMETRIC_ENCRYPTION" - or - name = "camellia-256-gcm" and nid = 969 and normalized = "CAMELLIA256" and algType = "SYMMETRIC_ENCRYPTION" - or - name = "camellia-256-gcm" and nid = 969 and normalized = "GCM" and algType = "BLOCK_MODE" - or - name = "camellia-256-ccm" and nid = 970 and normalized = "CAMELLIA256" and algType = "SYMMETRIC_ENCRYPTION" - or - name = "camellia-256-ccm" and nid = 970 and normalized = "CCM" and algType = "BLOCK_MODE" - or - name = "camellia-256-ctr" and nid = 971 and normalized = "CAMELLIA256" and algType = "SYMMETRIC_ENCRYPTION" - or - name = "camellia-256-ctr" and nid = 971 and normalized = "CTR" and algType = "BLOCK_MODE" - or - name = "camellia-256-cmac" and nid = 972 and normalized = "CAMELLIA256" and algType = "SYMMETRIC_ENCRYPTION" - or - name = "id-scrypt" and nid = 973 and normalized = "SCRYPT" and algType = "KEY_DERIVATION" - or - name = "gost89-cnt-12" and nid = 975 and normalized = "GOST89" and algType = "SYMMETRIC_ENCRYPTION" - or - name = "gost-mac-12" and nid = 976 and normalized = "GOST" and algType = "SYMMETRIC_ENCRYPTION" - or - name = "md_gost12_256" and nid = 982 and normalized = "GOST" and algType = "SYMMETRIC_ENCRYPTION" - or - name = "md_gost12_512" and nid = 983 and normalized = "GOST" and algType = "SYMMETRIC_ENCRYPTION" - or - name = "id-tc26-signwithdigest-gost3410-2012-256" and nid = 985 and normalized = "GOST34102012" and algType = "SYMMETRIC_ENCRYPTION" - or - name = "id-tc26-signwithdigest-gost3410-2012-512" and nid = 986 and normalized = "GOST34102012" and algType = "SYMMETRIC_ENCRYPTION" - or - name = "id-tc26-hmac-gost-3411-2012-256" and nid = 988 and normalized = "GOST34112012" and algType = "SYMMETRIC_ENCRYPTION" - or - name = "id-tc26-hmac-gost-3411-2012-512" and nid = 989 and normalized = "GOST34112012" and algType = "SYMMETRIC_ENCRYPTION" - or - name = "id-tc26-agreement-gost-3410-2012-256" and nid = 992 and normalized = "GOST34102012" and algType = "SYMMETRIC_ENCRYPTION" - or - name = "id-tc26-agreement-gost-3410-2012-512" and nid = 993 and normalized = "GOST34102012" and algType = "SYMMETRIC_ENCRYPTION" - or - name = "id-tc26-gost-3410-2012-512-constants" and nid = 996 and normalized = "GOST34102012" and algType = "SYMMETRIC_ENCRYPTION" - or - name = "id-tc26-gost-28147-constants" and nid = 1002 and normalized = "GOST28147" and algType = "SYMMETRIC_ENCRYPTION" - or - name = "gost89-cbc" and nid = 1009 and normalized = "CBC" and algType = "BLOCK_MODE" - or - name = "gost89-cbc" and nid = 1009 and normalized = "GOST89" and algType = "SYMMETRIC_ENCRYPTION" - or - name = "gost89-ecb" and nid = 1010 and normalized = "ECB" and algType = "BLOCK_MODE" - or - name = "gost89-ecb" and nid = 1010 and normalized = "GOST89" and algType = "SYMMETRIC_ENCRYPTION" - or - name = "gost89-ctr" and nid = 1011 and normalized = "CTR" and algType = "BLOCK_MODE" - or - name = "gost89-ctr" and nid = 1011 and normalized = "GOST89" and algType = "SYMMETRIC_ENCRYPTION" - or - name = "kuznyechik-ecb" and nid = 1012 and normalized = "ECB" and algType = "BLOCK_MODE" - or - name = "kuznyechik-ecb" and nid = 1012 and normalized = "KUZNYECHIK" and algType = "SYMMETRIC_ENCRYPTION" - or - name = "kuznyechik-ctr" and nid = 1013 and normalized = "CTR" and algType = "BLOCK_MODE" - or - name = "kuznyechik-ctr" and nid = 1013 and normalized = "KUZNYECHIK" and algType = "SYMMETRIC_ENCRYPTION" - or - name = "kuznyechik-ofb" and nid = 1014 and normalized = "OFB" and algType = "BLOCK_MODE" - or - name = "kuznyechik-ofb" and nid = 1014 and normalized = "KUZNYECHIK" and algType = "SYMMETRIC_ENCRYPTION" - or - name = "kuznyechik-cbc" and nid = 1015 and normalized = "CBC" and algType = "BLOCK_MODE" - or - name = "kuznyechik-cbc" and nid = 1015 and normalized = "KUZNYECHIK" and algType = "SYMMETRIC_ENCRYPTION" - or - name = "kuznyechik-cfb" and nid = 1016 and normalized = "CFB" and algType = "BLOCK_MODE" - or - name = "kuznyechik-cfb" and nid = 1016 and normalized = "KUZNYECHIK" and algType = "SYMMETRIC_ENCRYPTION" - or - name = "kuznyechik-mac" and nid = 1017 and normalized = "KUZNYECHIK" and algType = "SYMMETRIC_ENCRYPTION" - or - name = "hkdf" and nid = 1036 and normalized = "HKDF" and algType = "KEY_DERIVATION" - or - name = "kx-rsa" and nid = 1037 and normalized = "RSA" and algType = "ASYMMETRIC_ENCRYPTION" - or - name = "kx-ecdhe" and nid = 1038 and normalized = "ECDH" and algType = "KEY_EXCHANGE" - or - name = "kx-ecdhe-psk" and nid = 1040 and normalized = "ECDH" and algType = "KEY_EXCHANGE" - or - name = "kx-rsa-psk" and nid = 1042 and normalized = "RSA" and algType = "ASYMMETRIC_ENCRYPTION" - or - name = "kx-gost" and nid = 1045 and normalized = "GOST" and algType = "SYMMETRIC_ENCRYPTION" - or - name = "auth-rsa" and nid = 1046 and normalized = "RSA" and algType = "ASYMMETRIC_ENCRYPTION" - or - name = "auth-ecdsa" and nid = 1047 and normalized = "ECDSA" and algType = "SIGNATURE" - or - name = "auth-gost01" and nid = 1050 and normalized = "GOST" and algType = "SYMMETRIC_ENCRYPTION" - or - name = "auth-gost12" and nid = 1051 and normalized = "GOST" and algType = "SYMMETRIC_ENCRYPTION" - or - name = "poly1305" and nid = 1061 and normalized = "POLY1305" and algType = "HASH" - or - name = "hmac-sha3-224" and nid = 1102 and normalized = "SHA3224" and algType = "HASH" - or - name = "hmac-sha3-256" and nid = 1103 and normalized = "SHA3256" and algType = "HASH" - or - name = "hmac-sha3-384" and nid = 1104 and normalized = "SHA3384" and algType = "HASH" - or - name = "hmac-sha3-512" and nid = 1105 and normalized = "SHA3512" and algType = "HASH" - or - name = "id-dsa-with-sha384" and nid = 1106 and normalized = "DSA" and algType = "SIGNATURE" - or - name = "id-dsa-with-sha384" and nid = 1106 and normalized = "SHA384" and algType = "HASH" - or - name = "id-dsa-with-sha512" and nid = 1107 and normalized = "DSA" and algType = "SIGNATURE" - or - name = "id-dsa-with-sha512" and nid = 1107 and normalized = "SHA512" and algType = "HASH" - or - name = "id-dsa-with-sha3-224" and nid = 1108 and normalized = "DSA" and algType = "SIGNATURE" - or - name = "id-dsa-with-sha3-224" and nid = 1108 and normalized = "SHA3224" and algType = "HASH" - or - name = "id-dsa-with-sha3-256" and nid = 1109 and normalized = "DSA" and algType = "SIGNATURE" - or - name = "id-dsa-with-sha3-256" and nid = 1109 and normalized = "SHA3256" and algType = "HASH" - or - name = "id-dsa-with-sha3-384" and nid = 1110 and normalized = "DSA" and algType = "SIGNATURE" - or - name = "id-dsa-with-sha3-384" and nid = 1110 and normalized = "SHA3384" and algType = "HASH" - or - name = "id-dsa-with-sha3-512" and nid = 1111 and normalized = "DSA" and algType = "SIGNATURE" - or - name = "id-dsa-with-sha3-512" and nid = 1111 and normalized = "SHA3512" and algType = "HASH" - or - name = "id-ecdsa-with-sha3-224" and nid = 1112 and normalized = "ECDSA" and algType = "SIGNATURE" - or - name = "id-ecdsa-with-sha3-224" and nid = 1112 and normalized = "SHA3224" and algType = "HASH" - or - name = "id-ecdsa-with-sha3-256" and nid = 1113 and normalized = "ECDSA" and algType = "SIGNATURE" - or - name = "id-ecdsa-with-sha3-256" and nid = 1113 and normalized = "SHA3256" and algType = "HASH" - or - name = "id-ecdsa-with-sha3-384" and nid = 1114 and normalized = "ECDSA" and algType = "SIGNATURE" - or - name = "id-ecdsa-with-sha3-384" and nid = 1114 and normalized = "SHA3384" and algType = "HASH" - or - name = "id-ecdsa-with-sha3-512" and nid = 1115 and normalized = "ECDSA" and algType = "SIGNATURE" - or - name = "id-ecdsa-with-sha3-512" and nid = 1115 and normalized = "SHA3512" and algType = "HASH" - or - name = "id-rsassa-pkcs1-v1_5-with-sha3-224" and nid = 1116 and normalized = "RSA" and algType = "ASYMMETRIC_ENCRYPTION" - or - name = "id-rsassa-pkcs1-v1_5-with-sha3-224" and nid = 1116 and normalized = "PKCS1V15" and algType = "ASYMMETRIC_PADDING" - or - name = "id-rsassa-pkcs1-v1_5-with-sha3-224" and nid = 1116 and normalized = "SHA3224" and algType = "HASH" - or - name = "id-rsassa-pkcs1-v1_5-with-sha3-256" and nid = 1117 and normalized = "RSA" and algType = "ASYMMETRIC_ENCRYPTION" - or - name = "id-rsassa-pkcs1-v1_5-with-sha3-256" and nid = 1117 and normalized = "PKCS1V15" and algType = "ASYMMETRIC_PADDING" - or - name = "id-rsassa-pkcs1-v1_5-with-sha3-256" and nid = 1117 and normalized = "SHA3256" and algType = "HASH" - or - name = "id-rsassa-pkcs1-v1_5-with-sha3-384" and nid = 1118 and normalized = "RSA" and algType = "ASYMMETRIC_ENCRYPTION" - or - name = "id-rsassa-pkcs1-v1_5-with-sha3-384" and nid = 1118 and normalized = "PKCS1V15" and algType = "ASYMMETRIC_PADDING" - or - name = "id-rsassa-pkcs1-v1_5-with-sha3-384" and nid = 1118 and normalized = "SHA3384" and algType = "HASH" - or - name = "id-rsassa-pkcs1-v1_5-with-sha3-512" and nid = 1119 and normalized = "RSA" and algType = "ASYMMETRIC_ENCRYPTION" - or - name = "id-rsassa-pkcs1-v1_5-with-sha3-512" and nid = 1119 and normalized = "PKCS1V15" and algType = "ASYMMETRIC_PADDING" - or - name = "id-rsassa-pkcs1-v1_5-with-sha3-512" and nid = 1119 and normalized = "SHA3512" and algType = "HASH" - or - name = "aria-128-ccm" and nid = 1120 and normalized = "CCM" and algType = "BLOCK_MODE" - or - name = "aria-128-ccm" and nid = 1120 and normalized = "ARIA" and algType = "SYMMETRIC_ENCRYPTION" - or - name = "aria-192-ccm" and nid = 1121 and normalized = "CCM" and algType = "BLOCK_MODE" - or - name = "aria-192-ccm" and nid = 1121 and normalized = "ARIA" and algType = "SYMMETRIC_ENCRYPTION" - or - name = "aria-256-ccm" and nid = 1122 and normalized = "CCM" and algType = "BLOCK_MODE" - or - name = "aria-256-ccm" and nid = 1122 and normalized = "ARIA" and algType = "SYMMETRIC_ENCRYPTION" - or - name = "aria-128-gcm" and nid = 1123 and normalized = "GCM" and algType = "BLOCK_MODE" - or - name = "aria-128-gcm" and nid = 1123 and normalized = "ARIA" and algType = "SYMMETRIC_ENCRYPTION" - or - name = "aria-192-gcm" and nid = 1124 and normalized = "GCM" and algType = "BLOCK_MODE" - or - name = "aria-192-gcm" and nid = 1124 and normalized = "ARIA" and algType = "SYMMETRIC_ENCRYPTION" - or - name = "aria-256-gcm" and nid = 1125 and normalized = "GCM" and algType = "BLOCK_MODE" - or - name = "aria-256-gcm" and nid = 1125 and normalized = "ARIA" and algType = "SYMMETRIC_ENCRYPTION" - or - name = "sm4-cfb1" and nid = 1136 and normalized = "SM4" and algType = "SYMMETRIC_ENCRYPTION" - or - name = "sm4-cfb1" and nid = 1136 and normalized = "CFB" and algType = "BLOCK_MODE" - or - name = "sm4-cfb8" and nid = 1138 and normalized = "SM4" and algType = "SYMMETRIC_ENCRYPTION" - or - name = "sm4-cfb8" and nid = 1138 and normalized = "CFB8" and algType = "BLOCK_MODE" - or - name = "id-tc26-gost-3410-2012-256-constants" and nid = 1147 and normalized = "GOST34102012" and algType = "SYMMETRIC_ENCRYPTION" - or - name = "dstu28147-ofb" and nid = 1153 and normalized = "OFB" and algType = "BLOCK_MODE" - or - name = "dstu28147-cfb" and nid = 1154 and normalized = "CFB" and algType = "BLOCK_MODE" - or - name = "id-tc26-cipher-gostr3412-2015-magma" and nid = 1173 and normalized = "MAGMA" and algType = "SYMMETRIC_ENCRYPTION" - or - name = "magma-ctr-acpkm" and nid = 1174 and normalized = "CTR" and algType = "BLOCK_MODE" - or - name = "magma-ctr-acpkm" and nid = 1174 and normalized = "MAGMA" and algType = "SYMMETRIC_ENCRYPTION" - or - name = "magma-ctr-acpkm-omac" and nid = 1175 and normalized = "CTR" and algType = "BLOCK_MODE" - or - name = "magma-ctr-acpkm-omac" and nid = 1175 and normalized = "MAGMA" and algType = "SYMMETRIC_ENCRYPTION" - or - name = "id-tc26-cipher-gostr3412-2015-kuznyechik" and nid = 1176 and normalized = "KUZNYECHIK" and algType = "SYMMETRIC_ENCRYPTION" - or - name = "kuznyechik-ctr-acpkm" and nid = 1177 and normalized = "CTR" and algType = "BLOCK_MODE" - or - name = "kuznyechik-ctr-acpkm" and nid = 1177 and normalized = "KUZNYECHIK" and algType = "SYMMETRIC_ENCRYPTION" - or - name = "kuznyechik-ctr-acpkm-omac" and nid = 1178 and normalized = "CTR" and algType = "BLOCK_MODE" - or - name = "kuznyechik-ctr-acpkm-omac" and nid = 1178 and normalized = "KUZNYECHIK" and algType = "SYMMETRIC_ENCRYPTION" - or - name = "id-tc26-wrap-gostr3412-2015-magma" and nid = 1180 and normalized = "MAGMA" and algType = "SYMMETRIC_ENCRYPTION" - or - name = "magma-kexp15" and nid = 1181 and normalized = "MAGMA" and algType = "SYMMETRIC_ENCRYPTION" - or - name = "id-tc26-wrap-gostr3412-2015-kuznyechik" and nid = 1182 and normalized = "KUZNYECHIK" and algType = "SYMMETRIC_ENCRYPTION" - or - name = "kuznyechik-kexp15" and nid = 1183 and normalized = "KUZNYECHIK" and algType = "SYMMETRIC_ENCRYPTION" - or - name = "magma-ecb" and nid = 1187 and normalized = "ECB" and algType = "BLOCK_MODE" - or - name = "magma-ecb" and nid = 1187 and normalized = "MAGMA" and algType = "SYMMETRIC_ENCRYPTION" - or - name = "magma-ctr" and nid = 1188 and normalized = "CTR" and algType = "BLOCK_MODE" - or - name = "magma-ctr" and nid = 1188 and normalized = "MAGMA" and algType = "SYMMETRIC_ENCRYPTION" - or - name = "magma-ofb" and nid = 1189 and normalized = "OFB" and algType = "BLOCK_MODE" - or - name = "magma-ofb" and nid = 1189 and normalized = "MAGMA" and algType = "SYMMETRIC_ENCRYPTION" - or - name = "magma-cbc" and nid = 1190 and normalized = "CBC" and algType = "BLOCK_MODE" - or - name = "magma-cbc" and nid = 1190 and normalized = "MAGMA" and algType = "SYMMETRIC_ENCRYPTION" - or - name = "magma-cfb" and nid = 1191 and normalized = "CFB" and algType = "BLOCK_MODE" - or - name = "magma-cfb" and nid = 1191 and normalized = "MAGMA" and algType = "SYMMETRIC_ENCRYPTION" - or - name = "magma-mac" and nid = 1192 and normalized = "MAGMA" and algType = "SYMMETRIC_ENCRYPTION" - or - name = "aes-128-siv" and nid = 1198 and normalized = "AES128" and algType = "SYMMETRIC_ENCRYPTION" - or - name = "aes-128-siv" and nid = 1198 and normalized = "SIV" and algType = "BLOCK_MODE" - or - name = "aes-192-siv" and nid = 1199 and normalized = "AES192" and algType = "SYMMETRIC_ENCRYPTION" - or - name = "aes-192-siv" and nid = 1199 and normalized = "SIV" and algType = "BLOCK_MODE" - or - name = "aes-256-siv" and nid = 1200 and normalized = "AES256" and algType = "SYMMETRIC_ENCRYPTION" - or - name = "aes-256-siv" and nid = 1200 and normalized = "SIV" and algType = "BLOCK_MODE" - or - name = "blake2bmac" and nid = 1201 and normalized = "BLAKE2B" and algType = "HASH" - or - name = "blake2smac" and nid = 1202 and normalized = "BLAKE2S" and algType = "HASH" - or - name = "sshkdf" and nid = 1203 and normalized = "HKDF" and algType = "KEY_DERIVATION" - or - name = "x963kdf" and nid = 1206 and normalized = "X963KDF" and algType = "KEY_DERIVATION" - or - name = "kx-gost18" and nid = 1218 and normalized = "GOST" and algType = "SYMMETRIC_ENCRYPTION" - or - name = "sm4-gcm" and nid = 1248 and normalized = "SM4" and algType = "SYMMETRIC_ENCRYPTION" - or - name = "sm4-gcm" and nid = 1248 and normalized = "GCM" and algType = "BLOCK_MODE" - or - name = "sm4-ccm" and nid = 1249 and normalized = "SM4" and algType = "SYMMETRIC_ENCRYPTION" - or - name = "sm4-ccm" and nid = 1249 and normalized = "CCM" and algType = "BLOCK_MODE" - or - name = "sm4-xts" and nid = 1290 and normalized = "SM4" and algType = "SYMMETRIC_ENCRYPTION" - or - name = "sm4-xts" and nid = 1290 and normalized = "XTS" and algType = "BLOCK_MODE" - or - name = "x448" and nid = 1035 and normalized = "X448" and algType = "ELLIPTIC_CURVE" - or - name = "x25519" and nid = 1034 and normalized = "X25519" and algType = "ELLIPTIC_CURVE" - or - name = "authecdsa" and nid = 1047 and normalized = "ECDSA" and algType = "SIGNATURE" - or - name = "authgost01" and nid = 1050 and normalized = "GOST" and algType = "SYMMETRIC_ENCRYPTION" - or - name = "authgost12" and nid = 1051 and normalized = "GOST" and algType = "SYMMETRIC_ENCRYPTION" - or - name = "authrsa" and nid = 1046 and normalized = "RSA" and algType = "ASYMMETRIC_ENCRYPTION" - or - name = "brainpoolp160r1" and nid = 921 and normalized = "BRAINPOOLP160R1" and algType = "ELLIPTIC_CURVE" - or - name = "brainpoolp160t1" and nid = 922 and normalized = "BRAINPOOLP160T1" and algType = "ELLIPTIC_CURVE" - or - name = "brainpoolp192r1" and nid = 923 and normalized = "BRAINPOOLP192R1" and algType = "ELLIPTIC_CURVE" - or - name = "brainpoolp192t1" and nid = 924 and normalized = "BRAINPOOLP192T1" and algType = "ELLIPTIC_CURVE" - or - name = "brainpoolp224r1" and nid = 925 and normalized = "BRAINPOOLP224R1" and algType = "ELLIPTIC_CURVE" - or - name = "brainpoolp224t1" and nid = 926 and normalized = "BRAINPOOLP224T1" and algType = "ELLIPTIC_CURVE" - or - name = "brainpoolp256r1" and nid = 927 and normalized = "BRAINPOOLP256R1" and algType = "ELLIPTIC_CURVE" - or - name = "brainpoolp256r1tls13" and nid = 1285 and normalized = "BRAINPOOLP256R1" and algType = "ELLIPTIC_CURVE" - or - name = "brainpoolp256t1" and nid = 928 and normalized = "BRAINPOOLP256T1" and algType = "ELLIPTIC_CURVE" - or - name = "brainpoolp320r1" and nid = 929 and normalized = "BRAINPOOLP320R1" and algType = "ELLIPTIC_CURVE" - or - name = "brainpoolp320t1" and nid = 930 and normalized = "BRAINPOOLP320T1" and algType = "ELLIPTIC_CURVE" - or - name = "brainpoolp384r1" and nid = 931 and normalized = "BRAINPOOLP384R1" and algType = "ELLIPTIC_CURVE" - or - name = "brainpoolp384r1tls13" and nid = 1286 and normalized = "BRAINPOOLP384R1" and algType = "ELLIPTIC_CURVE" - or - name = "brainpoolp384t1" and nid = 932 and normalized = "BRAINPOOLP384T1" and algType = "ELLIPTIC_CURVE" - or - name = "brainpoolp512r1" and nid = 933 and normalized = "BRAINPOOLP512R1" and algType = "ELLIPTIC_CURVE" - or - name = "brainpoolp512r1tls13" and nid = 1287 and normalized = "BRAINPOOLP512R1" and algType = "ELLIPTIC_CURVE" - or - name = "brainpoolp512t1" and nid = 934 and normalized = "BRAINPOOLP512T1" and algType = "ELLIPTIC_CURVE" - or - name = "dhsinglepass-cofactordh-sha1kdf-scheme" and nid = 941 and normalized = "SHA1" and algType = "HASH" - or - name = "dhsinglepass-cofactordh-sha224kdf-scheme" and nid = 942 and normalized = "SHA224" and algType = "HASH" - or - name = "dhsinglepass-cofactordh-sha256kdf-scheme" and nid = 943 and normalized = "SHA256" and algType = "HASH" - or - name = "dhsinglepass-cofactordh-sha384kdf-scheme" and nid = 944 and normalized = "SHA384" and algType = "HASH" - or - name = "dhsinglepass-cofactordh-sha512kdf-scheme" and nid = 945 and normalized = "SHA512" and algType = "HASH" - or - name = "dhsinglepass-stddh-sha1kdf-scheme" and nid = 936 and normalized = "SHA1" and algType = "HASH" - or - name = "dhsinglepass-stddh-sha224kdf-scheme" and nid = 937 and normalized = "SHA224" and algType = "HASH" - or - name = "dhsinglepass-stddh-sha256kdf-scheme" and nid = 938 and normalized = "SHA256" and algType = "HASH" - or - name = "dhsinglepass-stddh-sha384kdf-scheme" and nid = 939 and normalized = "SHA384" and algType = "HASH" - or - name = "dhsinglepass-stddh-sha512kdf-scheme" and nid = 940 and normalized = "SHA512" and algType = "HASH" - or - name = "dsa-old" and nid = 67 and normalized = "DSA" and algType = "SIGNATURE" - or - name = "dsa-sha" and nid = 66 and normalized = "DSA" and algType = "SIGNATURE" - or - name = "dsa-sha" and nid = 66 and normalized = "SHA" and algType = "HASH" - or - name = "dsa-sha1" and nid = 113 and normalized = "DSA" and algType = "SIGNATURE" - or - name = "dsa-sha1" and nid = 113 and normalized = "SHA1" and algType = "HASH" - or - name = "dsa-sha1-old" and nid = 70 and normalized = "DSA" and algType = "SIGNATURE" - or - name = "dsa-sha1-old" and nid = 70 and normalized = "SHA1" and algType = "HASH" - or - name = "dsa_with_sha224" and nid = 802 and normalized = "DSA" and algType = "SIGNATURE" - or - name = "dsa_with_sha224" and nid = 802 and normalized = "SHA224" and algType = "HASH" - or - name = "dsa_with_sha256" and nid = 803 and normalized = "SHA256" and algType = "HASH" - or - name = "dsa_with_sha256" and nid = 803 and normalized = "DSA" and algType = "SIGNATURE" - or - name = "dsa_with_sha3-224" and nid = 1108 and normalized = "DSA" and algType = "SIGNATURE" - or - name = "dsa_with_sha3-224" and nid = 1108 and normalized = "SHA3224" and algType = "HASH" - or - name = "dsa_with_sha3-256" and nid = 1109 and normalized = "DSA" and algType = "SIGNATURE" - or - name = "dsa_with_sha3-256" and nid = 1109 and normalized = "SHA3256" and algType = "HASH" - or - name = "dsa_with_sha3-384" and nid = 1110 and normalized = "DSA" and algType = "SIGNATURE" - or - name = "dsa_with_sha3-384" and nid = 1110 and normalized = "SHA3384" and algType = "HASH" - or - name = "dsa_with_sha3-512" and nid = 1111 and normalized = "DSA" and algType = "SIGNATURE" - or - name = "dsa_with_sha3-512" and nid = 1111 and normalized = "SHA3512" and algType = "HASH" - or - name = "dsa_with_sha384" and nid = 1106 and normalized = "DSA" and algType = "SIGNATURE" - or - name = "dsa_with_sha384" and nid = 1106 and normalized = "SHA384" and algType = "HASH" - or - name = "dsa_with_sha512" and nid = 1107 and normalized = "DSA" and algType = "SIGNATURE" - or - name = "dsa_with_sha512" and nid = 1107 and normalized = "SHA512" and algType = "HASH" - or - name = "dsaencryption" and nid = 116 and normalized = "DSA" and algType = "SIGNATURE" - or - name = "dsaencryption-old" and nid = 67 and normalized = "DSA" and algType = "SIGNATURE" - or - name = "dsaquality" and nid = 495 and normalized = "DSA" and algType = "SIGNATURE" - or - name = "dsawithsha" and nid = 66 and normalized = "DSA" and algType = "SIGNATURE" - or - name = "dsawithsha" and nid = 66 and normalized = "SHA" and algType = "HASH" - or - name = "dsawithsha1" and nid = 113 and normalized = "DSA" and algType = "SIGNATURE" - or - name = "dsawithsha1" and nid = 113 and normalized = "SHA1" and algType = "HASH" - or - name = "dsawithsha1-old" and nid = 70 and normalized = "DSA" and algType = "SIGNATURE" - or - name = "dsawithsha1-old" and nid = 70 and normalized = "SHA1" and algType = "HASH" - or - name = "dstu gost 28147-2009 cfb mode" and nid = 1154 and normalized = "CFB" and algType = "BLOCK_MODE" - or - name = "dstu gost 28147-2009 cfb mode" and nid = 1154 and normalized = "GOST28147" and algType = "SYMMETRIC_ENCRYPTION" - or - name = "dstu gost 28147-2009 ofb mode" and nid = 1153 and normalized = "OFB" and algType = "BLOCK_MODE" - or - name = "dstu gost 28147-2009 ofb mode" and nid = 1153 and normalized = "GOST28147" and algType = "SYMMETRIC_ENCRYPTION" - or - name = "ecdsa-with-recommended" and nid = 791 and normalized = "ECDSA" and algType = "SIGNATURE" - or - name = "ecdsa-with-sha1" and nid = 416 and normalized = "SHA1" and algType = "HASH" - or - name = "ecdsa-with-sha1" and nid = 416 and normalized = "ECDSA" and algType = "SIGNATURE" - or - name = "ecdsa-with-sha224" and nid = 793 and normalized = "SHA224" and algType = "HASH" - or - name = "ecdsa-with-sha224" and nid = 793 and normalized = "ECDSA" and algType = "SIGNATURE" - or - name = "ecdsa-with-sha256" and nid = 794 and normalized = "SHA256" and algType = "HASH" - or - name = "ecdsa-with-sha256" and nid = 794 and normalized = "ECDSA" and algType = "SIGNATURE" - or - name = "ecdsa-with-sha384" and nid = 795 and normalized = "SHA384" and algType = "HASH" - or - name = "ecdsa-with-sha384" and nid = 795 and normalized = "ECDSA" and algType = "SIGNATURE" - or - name = "ecdsa-with-sha512" and nid = 796 and normalized = "SHA512" and algType = "HASH" - or - name = "ecdsa-with-sha512" and nid = 796 and normalized = "ECDSA" and algType = "SIGNATURE" - or - name = "ecdsa-with-specified" and nid = 792 and normalized = "ECDSA" and algType = "SIGNATURE" - or - name = "ecdsa_with_sha3-224" and nid = 1112 and normalized = "ECDSA" and algType = "SIGNATURE" - or - name = "ecdsa_with_sha3-224" and nid = 1112 and normalized = "SHA3224" and algType = "HASH" - or - name = "ecdsa_with_sha3-256" and nid = 1113 and normalized = "ECDSA" and algType = "SIGNATURE" - or - name = "ecdsa_with_sha3-256" and nid = 1113 and normalized = "SHA3256" and algType = "HASH" - or - name = "ecdsa_with_sha3-384" and nid = 1114 and normalized = "ECDSA" and algType = "SIGNATURE" - or - name = "ecdsa_with_sha3-384" and nid = 1114 and normalized = "SHA3384" and algType = "HASH" - or - name = "ecdsa_with_sha3-512" and nid = 1115 and normalized = "ECDSA" and algType = "SIGNATURE" - or - name = "ecdsa_with_sha3-512" and nid = 1115 and normalized = "SHA3512" and algType = "HASH" - or - name = "gost 28147-89" and nid = 813 and normalized = "GOST2814789" and algType = "SYMMETRIC_ENCRYPTION" - or - name = "gost 28147-89 cryptocom paramset" and nid = 849 and normalized = "GOST2814789" and algType = "SYMMETRIC_ENCRYPTION" - or - name = "gost 28147-89 mac" and nid = 815 and normalized = "GOST2814789" and algType = "SYMMETRIC_ENCRYPTION" - or - name = "gost 28147-89 tc26 parameter set" and nid = 1003 and normalized = "GOST2814789" and algType = "SYMMETRIC_ENCRYPTION" - or - name = "gost 34.10-2001 cryptocom" and nid = 851 and normalized = "GOST" and algType = "SYMMETRIC_ENCRYPTION" - or - name = "gost 34.10-94 cryptocom" and nid = 850 and normalized = "GOST" and algType = "SYMMETRIC_ENCRYPTION" - or - name = "gost r 34.10-2001" and nid = 811 and normalized = "GOST" and algType = "SYMMETRIC_ENCRYPTION" - or - name = "gost r 34.10-2001 dh" and nid = 817 and normalized = "GOST" and algType = "SYMMETRIC_ENCRYPTION" - or - name = "gost r 34.10-2012 (256 bit) paramset a" and nid = 1148 and normalized = "GOST" and algType = "SYMMETRIC_ENCRYPTION" - or - name = "gost r 34.10-2012 (256 bit) paramset b" and nid = 1184 and normalized = "GOST" and algType = "SYMMETRIC_ENCRYPTION" - or - name = "gost r 34.10-2012 (256 bit) paramset c" and nid = 1185 and normalized = "GOST" and algType = "SYMMETRIC_ENCRYPTION" - or - name = "gost r 34.10-2012 (256 bit) paramset d" and nid = 1186 and normalized = "GOST" and algType = "SYMMETRIC_ENCRYPTION" - or - name = "gost r 34.10-2012 (512 bit) paramset a" and nid = 998 and normalized = "GOST" and algType = "SYMMETRIC_ENCRYPTION" - or - name = "gost r 34.10-2012 (512 bit) paramset b" and nid = 999 and normalized = "GOST" and algType = "SYMMETRIC_ENCRYPTION" - or - name = "gost r 34.10-2012 (512 bit) paramset c" and nid = 1149 and normalized = "GOST" and algType = "SYMMETRIC_ENCRYPTION" - or - name = "gost r 34.10-2012 (512 bit) testing parameter set" and nid = 997 and normalized = "GOST" and algType = "SYMMETRIC_ENCRYPTION" - or - name = "gost r 34.10-2012 with 256 bit modulus" and nid = 979 and normalized = "GOST" and algType = "SYMMETRIC_ENCRYPTION" - or - name = "gost r 34.10-2012 with 512 bit modulus" and nid = 980 and normalized = "GOST" and algType = "SYMMETRIC_ENCRYPTION" - or - name = "gost r 34.10-2012 with gost r 34.11-2012 (256 bit)" and nid = 985 and normalized = "GOST" and algType = "SYMMETRIC_ENCRYPTION" - or - name = "gost r 34.10-2012 with gost r 34.11-2012 (512 bit)" and nid = 986 and normalized = "GOST" and algType = "SYMMETRIC_ENCRYPTION" - or - name = "gost r 34.10-94" and nid = 812 and normalized = "GOST" and algType = "SYMMETRIC_ENCRYPTION" - or - name = "gost r 34.10-94 dh" and nid = 818 and normalized = "GOST" and algType = "SYMMETRIC_ENCRYPTION" - or - name = "gost r 34.11-2012 with 256 bit hash" and nid = 982 and normalized = "GOST" and algType = "SYMMETRIC_ENCRYPTION" - or - name = "gost r 34.11-2012 with 512 bit hash" and nid = 983 and normalized = "GOST" and algType = "SYMMETRIC_ENCRYPTION" - or - name = "gost r 34.11-94" and nid = 809 and normalized = "GOST" and algType = "SYMMETRIC_ENCRYPTION" - or - name = "gost r 34.11-94 prf" and nid = 816 and normalized = "GOST" and algType = "SYMMETRIC_ENCRYPTION" - or - name = "gost r 34.11-94 with gost r 34.10-2001" and nid = 807 and normalized = "GOST" and algType = "SYMMETRIC_ENCRYPTION" - or - name = "gost r 34.11-94 with gost r 34.10-2001 cryptocom" and nid = 853 and normalized = "GOST" and algType = "SYMMETRIC_ENCRYPTION" - or - name = "gost r 34.11-94 with gost r 34.10-94" and nid = 808 and normalized = "GOST" and algType = "SYMMETRIC_ENCRYPTION" - or - name = "gost r 34.11-94 with gost r 34.10-94 cryptocom" and nid = 852 and normalized = "GOST" and algType = "SYMMETRIC_ENCRYPTION" - or - name = "gost r 3410-2001 parameter set cryptocom" and nid = 854 and normalized = "GOSTR34102001" and algType = "SYMMETRIC_ENCRYPTION" - or - name = "hmac gost 34.11-2012 256 bit" and nid = 988 and normalized = "GOST" and algType = "SYMMETRIC_ENCRYPTION" - or - name = "hmac gost 34.11-2012 512 bit" and nid = 989 and normalized = "GOST" and algType = "SYMMETRIC_ENCRYPTION" - or - name = "hmac gost 34.11-94" and nid = 810 and normalized = "GOST" and algType = "SYMMETRIC_ENCRYPTION" - or - name = "hmacwithmd5" and nid = 797 and normalized = "MD5" and algType = "HASH" - or - name = "hmacwithsha1" and nid = 163 and normalized = "SHA1" and algType = "HASH" - or - name = "hmacwithsha224" and nid = 798 and normalized = "SHA224" and algType = "HASH" - or - name = "hmacwithsha256" and nid = 799 and normalized = "SHA256" and algType = "HASH" - or - name = "hmacwithsha384" and nid = 800 and normalized = "SHA384" and algType = "HASH" - or - name = "hmacwithsha512" and nid = 801 and normalized = "SHA512" and algType = "HASH" - or - name = "hmacwithsha512-224" and nid = 1193 and normalized = "SHA512224" and algType = "HASH" - or - name = "hmacwithsha512-256" and nid = 1194 and normalized = "SHA512256" and algType = "HASH" - or - name = "hmacwithsm3" and nid = 1281 and normalized = "SM3" and algType = "HASH" - or - name = "id-aes128-ccm" and nid = 896 and normalized = "AES128" and algType = "SYMMETRIC_ENCRYPTION" - or - name = "id-aes128-ccm" and nid = 896 and normalized = "CCM" and algType = "BLOCK_MODE" - or - name = "id-aes128-gcm" and nid = 895 and normalized = "AES128" and algType = "SYMMETRIC_ENCRYPTION" - or - name = "id-aes128-gcm" and nid = 895 and normalized = "GCM" and algType = "BLOCK_MODE" - or - name = "id-aes192-ccm" and nid = 899 and normalized = "AES192" and algType = "SYMMETRIC_ENCRYPTION" - or - name = "id-aes192-ccm" and nid = 899 and normalized = "CCM" and algType = "BLOCK_MODE" - or - name = "id-aes192-gcm" and nid = 898 and normalized = "AES192" and algType = "SYMMETRIC_ENCRYPTION" - or - name = "id-aes192-gcm" and nid = 898 and normalized = "GCM" and algType = "BLOCK_MODE" - or - name = "id-aes256-ccm" and nid = 902 and normalized = "AES256" and algType = "SYMMETRIC_ENCRYPTION" - or - name = "id-aes256-ccm" and nid = 902 and normalized = "CCM" and algType = "BLOCK_MODE" - or - name = "id-aes256-gcm" and nid = 901 and normalized = "AES256" and algType = "SYMMETRIC_ENCRYPTION" - or - name = "id-aes256-gcm" and nid = 901 and normalized = "GCM" and algType = "BLOCK_MODE" - or - name = "id-gost28147-89-cc" and nid = 849 and normalized = "GOST2814789" and algType = "SYMMETRIC_ENCRYPTION" - or - name = "id-gost28147-89-cryptopro-a-paramset" and nid = 824 and normalized = "GOST2814789" and algType = "SYMMETRIC_ENCRYPTION" - or - name = "id-gost28147-89-cryptopro-b-paramset" and nid = 825 and normalized = "GOST2814789" and algType = "SYMMETRIC_ENCRYPTION" - or - name = "id-gost28147-89-cryptopro-c-paramset" and nid = 826 and normalized = "GOST2814789" and algType = "SYMMETRIC_ENCRYPTION" - or - name = "id-gost28147-89-cryptopro-d-paramset" and nid = 827 and normalized = "GOST2814789" and algType = "SYMMETRIC_ENCRYPTION" - or - name = "id-gost28147-89-cryptopro-keymeshing" and nid = 819 and normalized = "GOST2814789" and algType = "SYMMETRIC_ENCRYPTION" - or - name = "id-gost28147-89-cryptopro-oscar-1-0-paramset" and nid = 829 and normalized = "GOST2814789" and algType = "SYMMETRIC_ENCRYPTION" - or - name = "id-gost28147-89-cryptopro-oscar-1-1-paramset" and nid = 828 and normalized = "GOST2814789" and algType = "SYMMETRIC_ENCRYPTION" - or - name = "id-gost28147-89-cryptopro-ric-1-paramset" and nid = 830 and normalized = "GOST2814789" and algType = "SYMMETRIC_ENCRYPTION" - or - name = "id-gost28147-89-none-keymeshing" and nid = 820 and normalized = "GOST2814789" and algType = "SYMMETRIC_ENCRYPTION" - or - name = "id-gost28147-89-testparamset" and nid = 823 and normalized = "GOST2814789" and algType = "SYMMETRIC_ENCRYPTION" - or - name = "id-gostr3410-2001-cryptopro-a-paramset" and nid = 840 and normalized = "GOSTR34102001" and algType = "SYMMETRIC_ENCRYPTION" - or - name = "id-gostr3410-2001-cryptopro-b-paramset" and nid = 841 and normalized = "GOSTR34102001" and algType = "SYMMETRIC_ENCRYPTION" - or - name = "id-gostr3410-2001-cryptopro-c-paramset" and nid = 842 and normalized = "GOSTR34102001" and algType = "SYMMETRIC_ENCRYPTION" - or - name = "id-gostr3410-2001-cryptopro-xcha-paramset" and nid = 843 and normalized = "GOSTR34102001" and algType = "SYMMETRIC_ENCRYPTION" - or - name = "id-gostr3410-2001-cryptopro-xchb-paramset" and nid = 844 and normalized = "GOSTR34102001" and algType = "SYMMETRIC_ENCRYPTION" - or - name = "id-gostr3410-2001-paramset-cc" and nid = 854 and normalized = "GOSTR34102001" and algType = "SYMMETRIC_ENCRYPTION" - or - name = "id-gostr3410-2001-testparamset" and nid = 839 and normalized = "GOSTR34102001" and algType = "SYMMETRIC_ENCRYPTION" - or - name = "id-gostr3410-2001dh" and nid = 817 and normalized = "GOSTR34102001" and algType = "SYMMETRIC_ENCRYPTION" - or - name = "id-gostr3410-94-a" and nid = 845 and normalized = "GOSTR341094" and algType = "SYMMETRIC_ENCRYPTION" - or - name = "id-gostr3410-94-abis" and nid = 846 and normalized = "GOSTR341094" and algType = "SYMMETRIC_ENCRYPTION" - or - name = "id-gostr3410-94-b" and nid = 847 and normalized = "GOSTR341094" and algType = "SYMMETRIC_ENCRYPTION" - or - name = "id-gostr3410-94-bbis" and nid = 848 and normalized = "GOSTR341094" and algType = "SYMMETRIC_ENCRYPTION" - or - name = "id-gostr3410-94-cryptopro-a-paramset" and nid = 832 and normalized = "GOSTR341094" and algType = "SYMMETRIC_ENCRYPTION" - or - name = "id-gostr3410-94-cryptopro-b-paramset" and nid = 833 and normalized = "GOSTR341094" and algType = "SYMMETRIC_ENCRYPTION" - or - name = "id-gostr3410-94-cryptopro-c-paramset" and nid = 834 and normalized = "GOSTR341094" and algType = "SYMMETRIC_ENCRYPTION" - or - name = "id-gostr3410-94-cryptopro-d-paramset" and nid = 835 and normalized = "GOSTR341094" and algType = "SYMMETRIC_ENCRYPTION" - or - name = "id-gostr3410-94-cryptopro-xcha-paramset" and nid = 836 and normalized = "GOSTR341094" and algType = "SYMMETRIC_ENCRYPTION" - or - name = "id-gostr3410-94-cryptopro-xchb-paramset" and nid = 837 and normalized = "GOSTR341094" and algType = "SYMMETRIC_ENCRYPTION" - or - name = "id-gostr3410-94-cryptopro-xchc-paramset" and nid = 838 and normalized = "GOSTR341094" and algType = "SYMMETRIC_ENCRYPTION" - or - name = "id-gostr3410-94-testparamset" and nid = 831 and normalized = "GOSTR341094" and algType = "SYMMETRIC_ENCRYPTION" - or - name = "id-gostr3410-94dh" and nid = 818 and normalized = "GOSTR341094" and algType = "SYMMETRIC_ENCRYPTION" - or - name = "id-gostr3411-94-cryptoproparamset" and nid = 822 and normalized = "GOSTR341194" and algType = "SYMMETRIC_ENCRYPTION" - or - name = "id-gostr3411-94-testparamset" and nid = 821 and normalized = "GOSTR341194" and algType = "SYMMETRIC_ENCRYPTION" - or - name = "id-gostr3411-94-with-gostr3410-2001" and nid = 807 and normalized = "GOSTR34102001" and algType = "SYMMETRIC_ENCRYPTION" - or - name = "id-gostr3411-94-with-gostr3410-2001-cc" and nid = 853 and normalized = "GOSTR34102001" and algType = "SYMMETRIC_ENCRYPTION" - or - name = "id-gostr3411-94-with-gostr3410-94" and nid = 808 and normalized = "GOSTR341094" and algType = "SYMMETRIC_ENCRYPTION" - or - name = "id-gostr3411-94-with-gostr3410-94" and nid = 808 and normalized = "GOSTR341194" and algType = "SYMMETRIC_ENCRYPTION" - or - name = "id-gostr3411-94-with-gostr3410-94-cc" and nid = 852 and normalized = "GOSTR341094" and algType = "SYMMETRIC_ENCRYPTION" - or - name = "id-gostr3411-94-with-gostr3410-94-cc" and nid = 852 and normalized = "GOSTR341194" and algType = "SYMMETRIC_ENCRYPTION" - or - name = "id-hmacgostr3411-94" and nid = 810 and normalized = "GOSTR341194" and algType = "SYMMETRIC_ENCRYPTION" - or - name = "id-hmacwithsha3-224" and nid = 1102 and normalized = "SHA3224" and algType = "HASH" - or - name = "id-hmacwithsha3-256" and nid = 1103 and normalized = "SHA3256" and algType = "HASH" - or - name = "id-hmacwithsha3-384" and nid = 1104 and normalized = "SHA3384" and algType = "HASH" - or - name = "id-hmacwithsha3-512" and nid = 1105 and normalized = "SHA3512" and algType = "HASH" - or - name = "id-regctrl" and nid = 313 and normalized = "CTR" and algType = "BLOCK_MODE" - or - name = "id-smime-alg-3deswrap" and nid = 243 and normalized = "3DES" and algType = "SYMMETRIC_ENCRYPTION" - or - name = "id-smime-alg-cms3deswrap" and nid = 246 and normalized = "GCM" and algType = "BLOCK_MODE" - or - name = "id-smime-alg-cms3deswrap" and nid = 246 and normalized = "3DES" and algType = "SYMMETRIC_ENCRYPTION" - or - name = "id-smime-alg-cmsrc2wrap" and nid = 247 and normalized = "RC2" and algType = "SYMMETRIC_ENCRYPTION" - or - name = "id-smime-alg-cmsrc2wrap" and nid = 247 and normalized = "GCM" and algType = "BLOCK_MODE" - or - name = "id-smime-alg-esdhwith3des" and nid = 241 and normalized = "3DES" and algType = "SYMMETRIC_ENCRYPTION" - or - name = "id-smime-alg-esdhwithrc2" and nid = 242 and normalized = "RC2" and algType = "SYMMETRIC_ENCRYPTION" - or - name = "id-smime-alg-rc2wrap" and nid = 244 and normalized = "RC2" and algType = "SYMMETRIC_ENCRYPTION" - or - name = "id-tc26-gost-28147-param-z" and nid = 1003 and normalized = "GOST28147" and algType = "SYMMETRIC_ENCRYPTION" - or - name = "id-tc26-gost-3410-2012-256-paramseta" and nid = 1148 and normalized = "GOST34102012" and algType = "SYMMETRIC_ENCRYPTION" - or - name = "id-tc26-gost-3410-2012-256-paramsetb" and nid = 1184 and normalized = "GOST34102012" and algType = "SYMMETRIC_ENCRYPTION" - or - name = "id-tc26-gost-3410-2012-256-paramsetc" and nid = 1185 and normalized = "GOST34102012" and algType = "SYMMETRIC_ENCRYPTION" - or - name = "id-tc26-gost-3410-2012-256-paramsetd" and nid = 1186 and normalized = "GOST34102012" and algType = "SYMMETRIC_ENCRYPTION" - or - name = "id-tc26-gost-3410-2012-512-paramseta" and nid = 998 and normalized = "GOST34102012" and algType = "SYMMETRIC_ENCRYPTION" - or - name = "id-tc26-gost-3410-2012-512-paramsetb" and nid = 999 and normalized = "GOST34102012" and algType = "SYMMETRIC_ENCRYPTION" - or - name = "id-tc26-gost-3410-2012-512-paramsetc" and nid = 1149 and normalized = "GOST34102012" and algType = "SYMMETRIC_ENCRYPTION" - or - name = "id-tc26-gost-3410-2012-512-paramsettest" and nid = 997 and normalized = "GOST34102012" and algType = "SYMMETRIC_ENCRYPTION" - or - name = "kxecdhe" and nid = 1038 and normalized = "ECDH" and algType = "KEY_EXCHANGE" - or - name = "kxecdhe-psk" and nid = 1040 and normalized = "ECDH" and algType = "KEY_EXCHANGE" - or - name = "kxgost" and nid = 1045 and normalized = "GOST" and algType = "SYMMETRIC_ENCRYPTION" - or - name = "kxgost18" and nid = 1218 and normalized = "GOST" and algType = "SYMMETRIC_ENCRYPTION" - or - name = "kxrsa" and nid = 1037 and normalized = "RSA" and algType = "ASYMMETRIC_ENCRYPTION" - or - name = "kxrsa_psk" and nid = 1042 and normalized = "RSA" and algType = "ASYMMETRIC_ENCRYPTION" - or - name = "md2withrsaencryption" and nid = 7 and normalized = "RSA" and algType = "ASYMMETRIC_ENCRYPTION" - or - name = "md2withrsaencryption" and nid = 7 and normalized = "MD2" and algType = "HASH" - or - name = "md4withrsaencryption" and nid = 396 and normalized = "RSA" and algType = "ASYMMETRIC_ENCRYPTION" - or - name = "md4withrsaencryption" and nid = 396 and normalized = "MD4" and algType = "HASH" - or - name = "md5withrsa" and nid = 104 and normalized = "RSA" and algType = "ASYMMETRIC_ENCRYPTION" - or - name = "md5withrsa" and nid = 104 and normalized = "MD5" and algType = "HASH" - or - name = "md5withrsaencryption" and nid = 8 and normalized = "RSA" and algType = "ASYMMETRIC_ENCRYPTION" - or - name = "md5withrsaencryption" and nid = 8 and normalized = "MD5" and algType = "HASH" - or - name = "mdc2withrsa" and nid = 96 and normalized = "RSA" and algType = "ASYMMETRIC_ENCRYPTION" - or - name = "mdc2withrsa" and nid = 96 and normalized = "MDC2" and algType = "HASH" - or - name = "pbe-md2-des" and nid = 9 and normalized = "MD2" and algType = "HASH" - or - name = "pbe-md2-des" and nid = 9 and normalized = "2DES" and algType = "SYMMETRIC_ENCRYPTION" - or - name = "pbe-md2-rc2-64" and nid = 168 and normalized = "RC2" and algType = "SYMMETRIC_ENCRYPTION" - or - name = "pbe-md2-rc2-64" and nid = 168 and normalized = "MD2" and algType = "HASH" - or - name = "pbe-md5-des" and nid = 10 and normalized = "MD5" and algType = "HASH" - or - name = "pbe-md5-des" and nid = 10 and normalized = "DES" and algType = "SYMMETRIC_ENCRYPTION" - or - name = "pbe-md5-rc2-64" and nid = 169 and normalized = "MD5" and algType = "HASH" - or - name = "pbe-md5-rc2-64" and nid = 169 and normalized = "RC2" and algType = "SYMMETRIC_ENCRYPTION" - or - name = "pbe-sha1-2des" and nid = 147 and normalized = "SHA1" and algType = "HASH" - or - name = "pbe-sha1-2des" and nid = 147 and normalized = "2DES" and algType = "SYMMETRIC_ENCRYPTION" - or - name = "pbe-sha1-3des" and nid = 146 and normalized = "SHA1" and algType = "HASH" - or - name = "pbe-sha1-3des" and nid = 146 and normalized = "3DES" and algType = "SYMMETRIC_ENCRYPTION" - or - name = "pbe-sha1-des" and nid = 170 and normalized = "SHA1" and algType = "HASH" - or - name = "pbe-sha1-des" and nid = 170 and normalized = "DES" and algType = "SYMMETRIC_ENCRYPTION" - or - name = "pbe-sha1-rc2-128" and nid = 148 and normalized = "SHA1" and algType = "HASH" - or - name = "pbe-sha1-rc2-128" and nid = 148 and normalized = "RC2" and algType = "SYMMETRIC_ENCRYPTION" - or - name = "pbe-sha1-rc2-40" and nid = 149 and normalized = "SHA1" and algType = "HASH" - or - name = "pbe-sha1-rc2-40" and nid = 149 and normalized = "RC2" and algType = "SYMMETRIC_ENCRYPTION" - or - name = "pbe-sha1-rc2-64" and nid = 68 and normalized = "SHA1" and algType = "HASH" - or - name = "pbe-sha1-rc2-64" and nid = 68 and normalized = "RC2" and algType = "SYMMETRIC_ENCRYPTION" - or - name = "pbe-sha1-rc4-128" and nid = 144 and normalized = "SHA1" and algType = "HASH" - or - name = "pbe-sha1-rc4-128" and nid = 144 and normalized = "RC4" and algType = "SYMMETRIC_ENCRYPTION" - or - name = "pbe-sha1-rc4-40" and nid = 145 and normalized = "SHA1" and algType = "HASH" - or - name = "pbe-sha1-rc4-40" and nid = 145 and normalized = "RC4" and algType = "SYMMETRIC_ENCRYPTION" - or - name = "pbewithmd2anddes-cbc" and nid = 9 and normalized = "DES" and algType = "SYMMETRIC_ENCRYPTION" - or - name = "pbewithmd2anddes-cbc" and nid = 9 and normalized = "CBC" and algType = "BLOCK_MODE" - or - name = "pbewithmd2anddes-cbc" and nid = 9 and normalized = "MD2" and algType = "HASH" - or - name = "pbewithmd2andrc2-cbc" and nid = 168 and normalized = "RC2" and algType = "SYMMETRIC_ENCRYPTION" - or - name = "pbewithmd2andrc2-cbc" and nid = 168 and normalized = "CBC" and algType = "BLOCK_MODE" - or - name = "pbewithmd2andrc2-cbc" and nid = 168 and normalized = "MD2" and algType = "HASH" - or - name = "pbewithmd5andcast5cbc" and nid = 112 and normalized = "MD5" and algType = "HASH" - or - name = "pbewithmd5andcast5cbc" and nid = 112 and normalized = "CBC" and algType = "BLOCK_MODE" - or - name = "pbewithmd5andcast5cbc" and nid = 112 and normalized = "CAST5" and algType = "SYMMETRIC_ENCRYPTION" - or - name = "pbewithmd5anddes-cbc" and nid = 10 and normalized = "MD5" and algType = "HASH" - or - name = "pbewithmd5anddes-cbc" and nid = 10 and normalized = "DES" and algType = "SYMMETRIC_ENCRYPTION" - or - name = "pbewithmd5anddes-cbc" and nid = 10 and normalized = "CBC" and algType = "BLOCK_MODE" - or - name = "pbewithmd5andrc2-cbc" and nid = 169 and normalized = "MD5" and algType = "HASH" - or - name = "pbewithmd5andrc2-cbc" and nid = 169 and normalized = "RC2" and algType = "SYMMETRIC_ENCRYPTION" - or - name = "pbewithmd5andrc2-cbc" and nid = 169 and normalized = "CBC" and algType = "BLOCK_MODE" - or - name = "pbewithsha1and128bitrc2-cbc" and nid = 148 and normalized = "SHA1" and algType = "HASH" - or - name = "pbewithsha1and128bitrc2-cbc" and nid = 148 and normalized = "RC2" and algType = "SYMMETRIC_ENCRYPTION" - or - name = "pbewithsha1and128bitrc2-cbc" and nid = 148 and normalized = "CBC" and algType = "BLOCK_MODE" - or - name = "pbewithsha1and128bitrc4" and nid = 144 and normalized = "SHA1" and algType = "HASH" - or - name = "pbewithsha1and128bitrc4" and nid = 144 and normalized = "RC4" and algType = "SYMMETRIC_ENCRYPTION" - or - name = "pbewithsha1and2-keytripledes-cbc" and nid = 147 and normalized = "SHA1" and algType = "HASH" - or - name = "pbewithsha1and2-keytripledes-cbc" and nid = 147 and normalized = "CBC" and algType = "BLOCK_MODE" - or - name = "pbewithsha1and2-keytripledes-cbc" and nid = 147 and normalized = "TRIPLEDES" and algType = "SYMMETRIC_ENCRYPTION" - or - name = "pbewithsha1and3-keytripledes-cbc" and nid = 146 and normalized = "SHA1" and algType = "HASH" - or - name = "pbewithsha1and3-keytripledes-cbc" and nid = 146 and normalized = "CBC" and algType = "BLOCK_MODE" - or - name = "pbewithsha1and3-keytripledes-cbc" and nid = 146 and normalized = "TRIPLEDES" and algType = "SYMMETRIC_ENCRYPTION" - or - name = "pbewithsha1and40bitrc2-cbc" and nid = 149 and normalized = "SHA1" and algType = "HASH" - or - name = "pbewithsha1and40bitrc2-cbc" and nid = 149 and normalized = "RC2" and algType = "SYMMETRIC_ENCRYPTION" - or - name = "pbewithsha1and40bitrc2-cbc" and nid = 149 and normalized = "CBC" and algType = "BLOCK_MODE" - or - name = "pbewithsha1and40bitrc4" and nid = 145 and normalized = "SHA1" and algType = "HASH" - or - name = "pbewithsha1and40bitrc4" and nid = 145 and normalized = "RC4" and algType = "SYMMETRIC_ENCRYPTION" - or - name = "pbewithsha1anddes-cbc" and nid = 170 and normalized = "SHA1" and algType = "HASH" - or - name = "pbewithsha1anddes-cbc" and nid = 170 and normalized = "DES" and algType = "SYMMETRIC_ENCRYPTION" - or - name = "pbewithsha1anddes-cbc" and nid = 170 and normalized = "CBC" and algType = "BLOCK_MODE" - or - name = "pbewithsha1andrc2-cbc" and nid = 68 and normalized = "SHA1" and algType = "HASH" - or - name = "pbewithsha1andrc2-cbc" and nid = 68 and normalized = "RC2" and algType = "SYMMETRIC_ENCRYPTION" - or - name = "pbewithsha1andrc2-cbc" and nid = 68 and normalized = "CBC" and algType = "BLOCK_MODE" - or - name = "pilotdsa" and nid = 456 and normalized = "DSA" and algType = "SIGNATURE" - or - name = "pkcs7-digestdata" and nid = 25 and normalized = "PKCS7" and algType = "SYMMETRIC_PADDING" - or - name = "pkcs7-encrypteddata" and nid = 26 and normalized = "PKCS7" and algType = "SYMMETRIC_PADDING" - or - name = "pkcs7-envelopeddata" and nid = 23 and normalized = "PKCS7" and algType = "SYMMETRIC_PADDING" - or - name = "pkcs7-signedandenvelopeddata" and nid = 24 and normalized = "PKCS7" and algType = "SYMMETRIC_PADDING" - or - name = "pkcs7-signeddata" and nid = 22 and normalized = "PKCS7" and algType = "SYMMETRIC_PADDING" - or - name = "ripemd160withrsa" and nid = 119 and normalized = "RSA" and algType = "ASYMMETRIC_ENCRYPTION" - or - name = "ripemd160withrsa" and nid = 119 and normalized = "RIPEMD160" and algType = "HASH" - or - name = "rsa-md2" and nid = 7 and normalized = "RSA" and algType = "ASYMMETRIC_ENCRYPTION" - or - name = "rsa-md2" and nid = 7 and normalized = "MD2" and algType = "HASH" - or - name = "rsa-md4" and nid = 396 and normalized = "RSA" and algType = "ASYMMETRIC_ENCRYPTION" - or - name = "rsa-md4" and nid = 396 and normalized = "MD4" and algType = "HASH" - or - name = "rsa-md5" and nid = 8 and normalized = "RSA" and algType = "ASYMMETRIC_ENCRYPTION" - or - name = "rsa-md5" and nid = 8 and normalized = "MD5" and algType = "HASH" - or - name = "rsa-mdc2" and nid = 96 and normalized = "RSA" and algType = "ASYMMETRIC_ENCRYPTION" - or - name = "rsa-mdc2" and nid = 96 and normalized = "MDC2" and algType = "HASH" - or - name = "rsa-np-md5" and nid = 104 and normalized = "RSA" and algType = "ASYMMETRIC_ENCRYPTION" - or - name = "rsa-np-md5" and nid = 104 and normalized = "MD5" and algType = "HASH" - or - name = "rsa-ripemd160" and nid = 119 and normalized = "RSA" and algType = "ASYMMETRIC_ENCRYPTION" - or - name = "rsa-ripemd160" and nid = 119 and normalized = "RIPEMD160" and algType = "HASH" - or - name = "rsa-sha" and nid = 42 and normalized = "RSA" and algType = "ASYMMETRIC_ENCRYPTION" - or - name = "rsa-sha" and nid = 42 and normalized = "SHA" and algType = "HASH" - or - name = "rsa-sha1" and nid = 65 and normalized = "RSA" and algType = "ASYMMETRIC_ENCRYPTION" - or - name = "rsa-sha1" and nid = 65 and normalized = "SHA1" and algType = "HASH" - or - name = "rsa-sha1-2" and nid = 115 and normalized = "RSA" and algType = "ASYMMETRIC_ENCRYPTION" - or - name = "rsa-sha1-2" and nid = 115 and normalized = "SHA1" and algType = "HASH" - or - name = "rsa-sha224" and nid = 671 and normalized = "RSA" and algType = "ASYMMETRIC_ENCRYPTION" - or - name = "rsa-sha224" and nid = 671 and normalized = "SHA224" and algType = "HASH" - or - name = "rsa-sha256" and nid = 668 and normalized = "RSA" and algType = "ASYMMETRIC_ENCRYPTION" - or - name = "rsa-sha256" and nid = 668 and normalized = "SHA256" and algType = "HASH" - or - name = "rsa-sha3-224" and nid = 1116 and normalized = "RSA" and algType = "ASYMMETRIC_ENCRYPTION" - or - name = "rsa-sha3-224" and nid = 1116 and normalized = "SHA3224" and algType = "HASH" - or - name = "rsa-sha3-256" and nid = 1117 and normalized = "RSA" and algType = "ASYMMETRIC_ENCRYPTION" - or - name = "rsa-sha3-256" and nid = 1117 and normalized = "SHA3256" and algType = "HASH" - or - name = "rsa-sha3-384" and nid = 1118 and normalized = "RSA" and algType = "ASYMMETRIC_ENCRYPTION" - or - name = "rsa-sha3-384" and nid = 1118 and normalized = "SHA3384" and algType = "HASH" - or - name = "rsa-sha3-512" and nid = 1119 and normalized = "RSA" and algType = "ASYMMETRIC_ENCRYPTION" - or - name = "rsa-sha3-512" and nid = 1119 and normalized = "SHA3512" and algType = "HASH" - or - name = "rsa-sha384" and nid = 669 and normalized = "RSA" and algType = "ASYMMETRIC_ENCRYPTION" - or - name = "rsa-sha384" and nid = 669 and normalized = "SHA384" and algType = "HASH" - or - name = "rsa-sha512" and nid = 670 and normalized = "RSA" and algType = "ASYMMETRIC_ENCRYPTION" - or - name = "rsa-sha512" and nid = 670 and normalized = "SHA512" and algType = "HASH" - or - name = "rsa-sha512/224" and nid = 1145 and normalized = "RSA" and algType = "ASYMMETRIC_ENCRYPTION" - or - name = "rsa-sha512/224" and nid = 1145 and normalized = "SHA512224" and algType = "HASH" - or - name = "rsa-sha512/256" and nid = 1146 and normalized = "RSA" and algType = "ASYMMETRIC_ENCRYPTION" - or - name = "rsa-sha512/256" and nid = 1146 and normalized = "SHA512256" and algType = "HASH" - or - name = "rsa-sm3" and nid = 1144 and normalized = "RSA" and algType = "ASYMMETRIC_ENCRYPTION" - or - name = "rsa-sm3" and nid = 1144 and normalized = "SM3" and algType = "HASH" - or - name = "rsaencryption" and nid = 6 and normalized = "RSA" and algType = "ASYMMETRIC_ENCRYPTION" - or - name = "rsaes-oaep" and nid = 919 and normalized = "RSA" and algType = "ASYMMETRIC_ENCRYPTION" - or - name = "rsaes-oaep" and nid = 919 and normalized = "AES" and algType = "SYMMETRIC_ENCRYPTION" - or - name = "rsaes-oaep" and nid = 919 and normalized = "OAEP" and algType = "ASYMMETRIC_PADDING" - or - name = "rsaesoaep" and nid = 919 and normalized = "RSA" and algType = "ASYMMETRIC_ENCRYPTION" - or - name = "rsaesoaep" and nid = 919 and normalized = "AES" and algType = "SYMMETRIC_ENCRYPTION" - or - name = "rsaesoaep" and nid = 919 and normalized = "OAEP" and algType = "ASYMMETRIC_PADDING" - or - name = "rsaoaepencryptionset" and nid = 644 and normalized = "RSA" and algType = "ASYMMETRIC_ENCRYPTION" - or - name = "rsaoaepencryptionset" and nid = 644 and normalized = "OAEP" and algType = "ASYMMETRIC_PADDING" - or - name = "rsasignature" and nid = 377 and normalized = "RSA" and algType = "ASYMMETRIC_ENCRYPTION" - or - name = "rsassa-pss" and nid = 912 and normalized = "RSA" and algType = "ASYMMETRIC_ENCRYPTION" - or - name = "rsassa-pss" and nid = 912 and normalized = "PSS" and algType = "ASYMMETRIC_PADDING" - or - name = "rsassapss" and nid = 912 and normalized = "RSA" and algType = "ASYMMETRIC_ENCRYPTION" - or - name = "rsassapss" and nid = 912 and normalized = "PSS" and algType = "ASYMMETRIC_PADDING" - or - name = "sha1withrsa" and nid = 115 and normalized = "RSA" and algType = "ASYMMETRIC_ENCRYPTION" - or - name = "sha1withrsa" and nid = 115 and normalized = "SHA1" and algType = "HASH" - or - name = "sha1withrsaencryption" and nid = 65 and normalized = "RSA" and algType = "ASYMMETRIC_ENCRYPTION" - or - name = "sha1withrsaencryption" and nid = 65 and normalized = "SHA1" and algType = "HASH" - or - name = "sha224withrsaencryption" and nid = 671 and normalized = "RSA" and algType = "ASYMMETRIC_ENCRYPTION" - or - name = "sha224withrsaencryption" and nid = 671 and normalized = "SHA224" and algType = "HASH" - or - name = "sha256withrsaencryption" and nid = 668 and normalized = "RSA" and algType = "ASYMMETRIC_ENCRYPTION" - or - name = "sha256withrsaencryption" and nid = 668 and normalized = "SHA256" and algType = "HASH" - or - name = "sha384withrsaencryption" and nid = 669 and normalized = "RSA" and algType = "ASYMMETRIC_ENCRYPTION" - or - name = "sha384withrsaencryption" and nid = 669 and normalized = "SHA384" and algType = "HASH" - or - name = "sha512-224withrsaencryption" and nid = 1145 and normalized = "RSA" and algType = "ASYMMETRIC_ENCRYPTION" - or - name = "sha512-224withrsaencryption" and nid = 1145 and normalized = "SHA512224" and algType = "HASH" - or - name = "sha512-256withrsaencryption" and nid = 1146 and normalized = "RSA" and algType = "ASYMMETRIC_ENCRYPTION" - or - name = "sha512-256withrsaencryption" and nid = 1146 and normalized = "SHA512256" and algType = "HASH" - or - name = "sha512withrsaencryption" and nid = 670 and normalized = "RSA" and algType = "ASYMMETRIC_ENCRYPTION" - or - name = "sha512withrsaencryption" and nid = 670 and normalized = "SHA512" and algType = "HASH" - or - name = "shawithrsaencryption" and nid = 42 and normalized = "RSA" and algType = "ASYMMETRIC_ENCRYPTION" - or - name = "shawithrsaencryption" and nid = 42 and normalized = "SHA" and algType = "HASH" - or - name = "sm2" and nid = 1172 and normalized = "SM2" and algType = "ELLIPTIC_CURVE" - or - name = "sm2-sm3" and nid = 1204 and normalized = "SM3" and algType = "HASH" - or - name = "sm2-sm3" and nid = 1204 and normalized = "SM2" and algType = "ELLIPTIC_CURVE" - or - name = "sm2-with-sm3" and nid = 1204 and normalized = "SM3" and algType = "HASH" - or - name = "sm2-with-sm3" and nid = 1204 and normalized = "SM2" and algType = "ELLIPTIC_CURVE" - or - name = "sm3withrsaencryption" and nid = 1144 and normalized = "RSA" and algType = "ASYMMETRIC_ENCRYPTION" - or - name = "sm3withrsaencryption" and nid = 1144 and normalized = "SM3" and algType = "HASH" + */ +predicate knownOpenSSLAlgorithm(string name, int nid, string normalized, string algType) { + name = "rsa" and nid = 19 and normalized = "RSA" and algType = "ASYMMETRIC_ENCRYPTION" + or + name = "prime192v1" and nid = 409 and normalized = "PRIME192V1" and algType = "ELLIPTIC_CURVE" + or + name = "prime256v1" and nid = 415 and normalized = "PRIME256V1" and algType = "ELLIPTIC_CURVE" + or + name = "pbkdf2" and nid = 69 and normalized = "PBKDF2" and algType = "KEY_DERIVATION" + or + name = "dsa" and nid = 116 and normalized = "DSA" and algType = "SIGNATURE" + or + name = "gost2001" and nid = 811 and normalized = "GOST" and algType = "SYMMETRIC_ENCRYPTION" + or + name = "gost2012_256" and nid = 979 and normalized = "GOST" and algType = "SYMMETRIC_ENCRYPTION" + or + name = "gost2012_512" and nid = 980 and normalized = "GOST" and algType = "SYMMETRIC_ENCRYPTION" + or + name = "ed25519" and nid = 1087 and normalized = "ED25519" and algType = "ELLIPTIC_CURVE" + or + name = "ed448" and nid = 1088 and normalized = "ED448" and algType = "ELLIPTIC_CURVE" + or + name = "md2" and nid = 3 and normalized = "MD2" and algType = "HASH" + or + name = "sha" and nid = 41 and normalized = "SHA" and algType = "HASH" + or + name = "sha1" and nid = 64 and normalized = "SHA1" and algType = "HASH" + or + name = "scrypt" and nid = 973 and normalized = "SCRYPT" and algType = "KEY_DERIVATION" + or + name = "pkcs7" and nid = 20 and normalized = "PKCS7" and algType = "SYMMETRIC_PADDING" + or + name = "md4" and nid = 257 and normalized = "MD4" and algType = "HASH" + or + name = "md5" and nid = 4 and normalized = "MD5" and algType = "HASH" + or + name = "sha224" and nid = 675 and normalized = "SHA224" and algType = "HASH" + or + name = "sha256" and nid = 672 and normalized = "SHA256" and algType = "HASH" + or + name = "sha384" and nid = 673 and normalized = "SHA384" and algType = "HASH" + or + name = "sha512" and nid = 674 and normalized = "SHA512" and algType = "HASH" + or + name = "sha512-224" and nid = 1094 and normalized = "SHA512224" and algType = "HASH" + or + name = "sha512-256" and nid = 1095 and normalized = "SHA512256" and algType = "HASH" + or + name = "sha3-224" and nid = 1096 and normalized = "SHA3224" and algType = "HASH" + or + name = "sha3-256" and nid = 1097 and normalized = "SHA3256" and algType = "HASH" + or + name = "sha3-384" and nid = 1098 and normalized = "SHA3384" and algType = "HASH" + or + name = "sha3-512" and nid = 1099 and normalized = "SHA3512" and algType = "HASH" + or + name = "shake128" and nid = 1100 and normalized = "SHAKE128" and algType = "HASH" + or + name = "shake256" and nid = 1101 and normalized = "SHAKE256" and algType = "HASH" + or + name = "mdc2" and nid = 95 and normalized = "MDC2" and algType = "HASH" + or + name = "blake2b512" and nid = 1056 and normalized = "BLAKE2B" and algType = "HASH" + or + name = "blake2s256" and nid = 1057 and normalized = "BLAKE2S" and algType = "HASH" + or + name = "sm3" and nid = 1143 and normalized = "SM3" and algType = "HASH" + or + name = "aes-128-cbc" and nid = 419 and normalized = "AES128" and algType = "SYMMETRIC_ENCRYPTION" + or + name = "aes-128-cbc" and nid = 419 and normalized = "CBC" and algType = "BLOCK_MODE" + or + name = "aes-128-ecb" and nid = 418 and normalized = "AES128" and algType = "SYMMETRIC_ENCRYPTION" + or + name = "aes-128-ecb" and nid = 418 and normalized = "ECB" and algType = "BLOCK_MODE" + or + name = "aes-192-cbc" and nid = 423 and normalized = "AES192" and algType = "SYMMETRIC_ENCRYPTION" + or + name = "aes-192-cbc" and nid = 423 and normalized = "CBC" and algType = "BLOCK_MODE" + or + name = "aes-192-ecb" and nid = 422 and normalized = "AES192" and algType = "SYMMETRIC_ENCRYPTION" + or + name = "aes-192-ecb" and nid = 422 and normalized = "ECB" and algType = "BLOCK_MODE" + or + name = "aes-256-cbc" and nid = 427 and normalized = "AES256" and algType = "SYMMETRIC_ENCRYPTION" + or + name = "aes-256-cbc" and nid = 427 and normalized = "CBC" and algType = "BLOCK_MODE" + or + name = "aes-256-ecb" and nid = 426 and normalized = "AES256" and algType = "SYMMETRIC_ENCRYPTION" + or + name = "aes-256-ecb" and nid = 426 and normalized = "ECB" and algType = "BLOCK_MODE" + or + name = "aria-128-cbc" and nid = 1066 and normalized = "CBC" and algType = "BLOCK_MODE" + or + name = "aria-128-cbc" and nid = 1066 and normalized = "ARIA" and algType = "SYMMETRIC_ENCRYPTION" + or + name = "aria-128-cfb" and nid = 1067 and normalized = "CFB" and algType = "BLOCK_MODE" + or + name = "aria-128-cfb" and nid = 1067 and normalized = "ARIA" and algType = "SYMMETRIC_ENCRYPTION" + or + name = "aria-128-ctr" and nid = 1069 and normalized = "CTR" and algType = "BLOCK_MODE" + or + name = "aria-128-ctr" and nid = 1069 and normalized = "ARIA" and algType = "SYMMETRIC_ENCRYPTION" + or + name = "aria-128-ecb" and nid = 1065 and normalized = "ECB" and algType = "BLOCK_MODE" + or + name = "aria-128-ecb" and nid = 1065 and normalized = "ARIA" and algType = "SYMMETRIC_ENCRYPTION" + or + name = "aria-128-ofb" and nid = 1068 and normalized = "OFB" and algType = "BLOCK_MODE" + or + name = "aria-128-ofb" and nid = 1068 and normalized = "ARIA" and algType = "SYMMETRIC_ENCRYPTION" + or + name = "aria-128-cfb1" and nid = 1080 and normalized = "CFB" and algType = "BLOCK_MODE" + or + name = "aria-128-cfb1" and nid = 1080 and normalized = "ARIA" and algType = "SYMMETRIC_ENCRYPTION" + or + name = "aria-128-cfb8" and nid = 1083 and normalized = "ARIA" and algType = "SYMMETRIC_ENCRYPTION" + or + name = "aria-128-cfb8" and nid = 1083 and normalized = "CFB8" and algType = "BLOCK_MODE" + or + name = "aria-192-cbc" and nid = 1071 and normalized = "CBC" and algType = "BLOCK_MODE" + or + name = "aria-192-cbc" and nid = 1071 and normalized = "ARIA" and algType = "SYMMETRIC_ENCRYPTION" + or + name = "aria-192-cfb" and nid = 1072 and normalized = "CFB" and algType = "BLOCK_MODE" + or + name = "aria-192-cfb" and nid = 1072 and normalized = "ARIA" and algType = "SYMMETRIC_ENCRYPTION" + or + name = "aria-192-ctr" and nid = 1074 and normalized = "CTR" and algType = "BLOCK_MODE" + or + name = "aria-192-ctr" and nid = 1074 and normalized = "ARIA" and algType = "SYMMETRIC_ENCRYPTION" + or + name = "aria-192-ecb" and nid = 1070 and normalized = "ECB" and algType = "BLOCK_MODE" + or + name = "aria-192-ecb" and nid = 1070 and normalized = "ARIA" and algType = "SYMMETRIC_ENCRYPTION" + or + name = "aria-192-ofb" and nid = 1073 and normalized = "OFB" and algType = "BLOCK_MODE" + or + name = "aria-192-ofb" and nid = 1073 and normalized = "ARIA" and algType = "SYMMETRIC_ENCRYPTION" + or + name = "aria-192-cfb1" and nid = 1081 and normalized = "CFB" and algType = "BLOCK_MODE" + or + name = "aria-192-cfb1" and nid = 1081 and normalized = "ARIA" and algType = "SYMMETRIC_ENCRYPTION" + or + name = "aria-192-cfb8" and nid = 1084 and normalized = "ARIA" and algType = "SYMMETRIC_ENCRYPTION" + or + name = "aria-192-cfb8" and nid = 1084 and normalized = "CFB8" and algType = "BLOCK_MODE" + or + name = "aria-256-cbc" and nid = 1076 and normalized = "CBC" and algType = "BLOCK_MODE" + or + name = "aria-256-cbc" and nid = 1076 and normalized = "ARIA" and algType = "SYMMETRIC_ENCRYPTION" + or + name = "aria-256-cfb" and nid = 1077 and normalized = "CFB" and algType = "BLOCK_MODE" + or + name = "aria-256-cfb" and nid = 1077 and normalized = "ARIA" and algType = "SYMMETRIC_ENCRYPTION" + or + name = "aria-256-ctr" and nid = 1079 and normalized = "CTR" and algType = "BLOCK_MODE" + or + name = "aria-256-ctr" and nid = 1079 and normalized = "ARIA" and algType = "SYMMETRIC_ENCRYPTION" + or + name = "aria-256-ecb" and nid = 1075 and normalized = "ECB" and algType = "BLOCK_MODE" + or + name = "aria-256-ecb" and nid = 1075 and normalized = "ARIA" and algType = "SYMMETRIC_ENCRYPTION" + or + name = "aria-256-ofb" and nid = 1078 and normalized = "OFB" and algType = "BLOCK_MODE" + or + name = "aria-256-ofb" and nid = 1078 and normalized = "ARIA" and algType = "SYMMETRIC_ENCRYPTION" + or + name = "aria-256-cfb1" and nid = 1082 and normalized = "CFB" and algType = "BLOCK_MODE" + or + name = "aria-256-cfb1" and nid = 1082 and normalized = "ARIA" and algType = "SYMMETRIC_ENCRYPTION" + or + name = "aria-256-cfb8" and nid = 1085 and normalized = "ARIA" and algType = "SYMMETRIC_ENCRYPTION" + or + name = "aria-256-cfb8" and nid = 1085 and normalized = "CFB8" and algType = "BLOCK_MODE" + or + name = "camellia-128-cbc" and + nid = 751 and + normalized = "CAMELLIA128" and + algType = "SYMMETRIC_ENCRYPTION" + or + name = "camellia-128-cbc" and nid = 751 and normalized = "CBC" and algType = "BLOCK_MODE" + or + name = "camellia-128-ecb" and + nid = 754 and + normalized = "CAMELLIA128" and + algType = "SYMMETRIC_ENCRYPTION" + or + name = "camellia-128-ecb" and nid = 754 and normalized = "ECB" and algType = "BLOCK_MODE" + or + name = "camellia-192-cbc" and + nid = 752 and + normalized = "CAMELLIA192" and + algType = "SYMMETRIC_ENCRYPTION" + or + name = "camellia-192-cbc" and nid = 752 and normalized = "CBC" and algType = "BLOCK_MODE" + or + name = "camellia-192-ecb" and + nid = 755 and + normalized = "CAMELLIA192" and + algType = "SYMMETRIC_ENCRYPTION" + or + name = "camellia-192-ecb" and nid = 755 and normalized = "ECB" and algType = "BLOCK_MODE" + or + name = "camellia-256-cbc" and + nid = 753 and + normalized = "CAMELLIA256" and + algType = "SYMMETRIC_ENCRYPTION" + or + name = "camellia-256-cbc" and nid = 753 and normalized = "CBC" and algType = "BLOCK_MODE" + or + name = "camellia-256-ecb" and + nid = 756 and + normalized = "CAMELLIA256" and + algType = "SYMMETRIC_ENCRYPTION" + or + name = "camellia-256-ecb" and nid = 756 and normalized = "ECB" and algType = "BLOCK_MODE" + or + name = "rc4" and nid = 5 and normalized = "RC4" and algType = "SYMMETRIC_ENCRYPTION" + or + name = "rc4-40" and nid = 97 and normalized = "RC4" and algType = "SYMMETRIC_ENCRYPTION" + or + name = "des-ecb" and nid = 29 and normalized = "DES" and algType = "SYMMETRIC_ENCRYPTION" + or + name = "des-ecb" and nid = 29 and normalized = "ECB" and algType = "BLOCK_MODE" + or + name = "des-ede" and nid = 32 and normalized = "DES" and algType = "SYMMETRIC_ENCRYPTION" + or + name = "des-ede3" and nid = 33 and normalized = "DES" and algType = "SYMMETRIC_ENCRYPTION" + or + name = "des-ede3" and nid = 33 and normalized = "ECB" and algType = "BLOCK_MODE" + or + name = "des-cbc" and nid = 31 and normalized = "DES" and algType = "SYMMETRIC_ENCRYPTION" + or + name = "des-cbc" and nid = 31 and normalized = "CBC" and algType = "BLOCK_MODE" + or + name = "des-ede-cbc" and nid = 43 and normalized = "DES" and algType = "SYMMETRIC_ENCRYPTION" + or + name = "des-ede-cbc" and nid = 43 and normalized = "ECB" and algType = "BLOCK_MODE" + or + name = "des-ede-cbc" and nid = 43 and normalized = "CBC" and algType = "BLOCK_MODE" + or + name = "des-ede3-cbc" and nid = 44 and normalized = "DES" and algType = "SYMMETRIC_ENCRYPTION" + or + name = "des-ede3-cbc" and nid = 44 and normalized = "CBC" and algType = "BLOCK_MODE" + or + name = "des-cfb" and nid = 30 and normalized = "DES" and algType = "SYMMETRIC_ENCRYPTION" + or + name = "des-cfb" and nid = 30 and normalized = "CFB" and algType = "BLOCK_MODE" + or + name = "des-ede-cfb" and nid = 60 and normalized = "DES" and algType = "SYMMETRIC_ENCRYPTION" + or + name = "des-ede-cfb" and nid = 60 and normalized = "CFB" and algType = "BLOCK_MODE" + or + name = "des-ede3-cfb" and nid = 61 and normalized = "DES" and algType = "SYMMETRIC_ENCRYPTION" + or + name = "des-ede3-cfb" and nid = 61 and normalized = "CFB" and algType = "BLOCK_MODE" + or + name = "des-ofb" and nid = 45 and normalized = "DES" and algType = "SYMMETRIC_ENCRYPTION" + or + name = "des-ofb" and nid = 45 and normalized = "OFB" and algType = "BLOCK_MODE" + or + name = "des-ede-ofb" and nid = 62 and normalized = "DES" and algType = "SYMMETRIC_ENCRYPTION" + or + name = "des-ede-ofb" and nid = 62 and normalized = "OFB" and algType = "BLOCK_MODE" + or + name = "des-ede3-ofb" and nid = 63 and normalized = "DES" and algType = "SYMMETRIC_ENCRYPTION" + or + name = "des-ede3-ofb" and nid = 63 and normalized = "OFB" and algType = "BLOCK_MODE" + or + name = "idea-cbc" and nid = 34 and normalized = "IDEA" and algType = "SYMMETRIC_ENCRYPTION" + or + name = "idea-cbc" and nid = 34 and normalized = "CBC" and algType = "BLOCK_MODE" + or + name = "idea-ecb" and nid = 36 and normalized = "IDEA" and algType = "SYMMETRIC_ENCRYPTION" + or + name = "idea-ecb" and nid = 36 and normalized = "ECB" and algType = "BLOCK_MODE" + or + name = "idea-cfb" and nid = 35 and normalized = "IDEA" and algType = "SYMMETRIC_ENCRYPTION" + or + name = "idea-cfb" and nid = 35 and normalized = "CFB" and algType = "BLOCK_MODE" + or + name = "idea-ofb" and nid = 46 and normalized = "IDEA" and algType = "SYMMETRIC_ENCRYPTION" + or + name = "idea-ofb" and nid = 46 and normalized = "OFB" and algType = "BLOCK_MODE" + or + name = "seed-cbc" and nid = 777 and normalized = "SEED" and algType = "SYMMETRIC_ENCRYPTION" + or + name = "seed-cbc" and nid = 777 and normalized = "CBC" and algType = "BLOCK_MODE" + or + name = "seed-ecb" and nid = 776 and normalized = "SEED" and algType = "SYMMETRIC_ENCRYPTION" + or + name = "seed-ecb" and nid = 776 and normalized = "ECB" and algType = "BLOCK_MODE" + or + name = "seed-cfb" and nid = 779 and normalized = "SEED" and algType = "SYMMETRIC_ENCRYPTION" + or + name = "seed-cfb" and nid = 779 and normalized = "CFB" and algType = "BLOCK_MODE" + or + name = "seed-ofb" and nid = 778 and normalized = "SEED" and algType = "SYMMETRIC_ENCRYPTION" + or + name = "seed-ofb" and nid = 778 and normalized = "OFB" and algType = "BLOCK_MODE" + or + name = "rc2-cbc" and nid = 37 and normalized = "RC2" and algType = "SYMMETRIC_ENCRYPTION" + or + name = "rc2-cbc" and nid = 37 and normalized = "CBC" and algType = "BLOCK_MODE" + or + name = "rc2-ecb" and nid = 38 and normalized = "RC2" and algType = "SYMMETRIC_ENCRYPTION" + or + name = "rc2-ecb" and nid = 38 and normalized = "ECB" and algType = "BLOCK_MODE" + or + name = "rc2-cfb" and nid = 39 and normalized = "RC2" and algType = "SYMMETRIC_ENCRYPTION" + or + name = "rc2-cfb" and nid = 39 and normalized = "CFB" and algType = "BLOCK_MODE" + or + name = "rc2-ofb" and nid = 40 and normalized = "RC2" and algType = "SYMMETRIC_ENCRYPTION" + or + name = "rc2-ofb" and nid = 40 and normalized = "OFB" and algType = "BLOCK_MODE" + or + name = "rc2-64-cbc" and nid = 166 and normalized = "RC2" and algType = "SYMMETRIC_ENCRYPTION" + or + name = "rc2-64-cbc" and nid = 166 and normalized = "CBC" and algType = "BLOCK_MODE" + or + name = "rc2-40-cbc" and nid = 98 and normalized = "RC2" and algType = "SYMMETRIC_ENCRYPTION" + or + name = "rc2-40-cbc" and nid = 98 and normalized = "CBC" and algType = "BLOCK_MODE" + or + name = "bf-cbc" and nid = 91 and normalized = "BF" and algType = "SYMMETRIC_ENCRYPTION" + or + name = "bf-cbc" and nid = 91 and normalized = "CBC" and algType = "BLOCK_MODE" + or + name = "bf-ecb" and nid = 92 and normalized = "BF" and algType = "SYMMETRIC_ENCRYPTION" + or + name = "bf-ecb" and nid = 92 and normalized = "ECB" and algType = "BLOCK_MODE" + or + name = "bf-cfb" and nid = 93 and normalized = "BF" and algType = "SYMMETRIC_ENCRYPTION" + or + name = "bf-cfb" and nid = 93 and normalized = "CFB" and algType = "BLOCK_MODE" + or + name = "bf-ofb" and nid = 94 and normalized = "BF" and algType = "SYMMETRIC_ENCRYPTION" + or + name = "bf-ofb" and nid = 94 and normalized = "OFB" and algType = "BLOCK_MODE" + or + name = "cast5-cbc" and nid = 108 and normalized = "CBC" and algType = "BLOCK_MODE" + or + name = "cast5-cbc" and nid = 108 and normalized = "CAST5" and algType = "SYMMETRIC_ENCRYPTION" + or + name = "cast5-ecb" and nid = 109 and normalized = "ECB" and algType = "BLOCK_MODE" + or + name = "cast5-ecb" and nid = 109 and normalized = "CAST5" and algType = "SYMMETRIC_ENCRYPTION" + or + name = "cast5-cfb" and nid = 110 and normalized = "CFB" and algType = "BLOCK_MODE" + or + name = "cast5-cfb" and nid = 110 and normalized = "CAST5" and algType = "SYMMETRIC_ENCRYPTION" + or + name = "cast5-ofb" and nid = 111 and normalized = "OFB" and algType = "BLOCK_MODE" + or + name = "cast5-ofb" and nid = 111 and normalized = "CAST5" and algType = "SYMMETRIC_ENCRYPTION" + or + name = "sm4-cbc" and nid = 1134 and normalized = "SM4" and algType = "SYMMETRIC_ENCRYPTION" + or + name = "sm4-cbc" and nid = 1134 and normalized = "CBC" and algType = "BLOCK_MODE" + or + name = "sm4-ecb" and nid = 1133 and normalized = "SM4" and algType = "SYMMETRIC_ENCRYPTION" + or + name = "sm4-ecb" and nid = 1133 and normalized = "ECB" and algType = "BLOCK_MODE" + or + name = "sm4-cfb" and nid = 1137 and normalized = "SM4" and algType = "SYMMETRIC_ENCRYPTION" + or + name = "sm4-cfb" and nid = 1137 and normalized = "CFB" and algType = "BLOCK_MODE" + or + name = "sm4-ofb" and nid = 1135 and normalized = "SM4" and algType = "SYMMETRIC_ENCRYPTION" + or + name = "sm4-ofb" and nid = 1135 and normalized = "OFB" and algType = "BLOCK_MODE" + or + name = "sm4-ctr" and nid = 1139 and normalized = "SM4" and algType = "SYMMETRIC_ENCRYPTION" + or + name = "sm4-ctr" and nid = 1139 and normalized = "CTR" and algType = "BLOCK_MODE" + or + name = "aes-128-gcm" and nid = 895 and normalized = "AES128" and algType = "SYMMETRIC_ENCRYPTION" + or + name = "aes-128-gcm" and nid = 895 and normalized = "GCM" and algType = "BLOCK_MODE" + or + name = "secp160r1" and nid = 709 and normalized = "SECP160R1" and algType = "ELLIPTIC_CURVE" + or + name = "ripemd160" and nid = 117 and normalized = "RIPEMD160" and algType = "HASH" + or + name = "whirlpool" and nid = 804 and normalized = "WHIRLPOOL" and algType = "HASH" + or + name = "rc5-cbc" and nid = 120 and normalized = "CBC" and algType = "BLOCK_MODE" + or + name = "rc5-cbc" and nid = 120 and normalized = "RC5" and algType = "SYMMETRIC_ENCRYPTION" + or + name = "pss" and nid = 435 and normalized = "PSS" and algType = "ASYMMETRIC_PADDING" + or + name = "id-aes128-wrap" and + nid = 788 and + normalized = "AES128" and + algType = "SYMMETRIC_ENCRYPTION" + or + name = "id-aes192-wrap" and + nid = 789 and + normalized = "AES192" and + algType = "SYMMETRIC_ENCRYPTION" + or + name = "id-aes256-wrap" and + nid = 790 and + normalized = "AES256" and + algType = "SYMMETRIC_ENCRYPTION" + or + name = "id-aes128-wrap-pad" and + nid = 897 and + normalized = "AES128" and + algType = "SYMMETRIC_ENCRYPTION" + or + name = "id-aes192-wrap-pad" and + nid = 900 and + normalized = "AES192" and + algType = "SYMMETRIC_ENCRYPTION" + or + name = "id-aes256-wrap-pad" and + nid = 903 and + normalized = "AES256" and + algType = "SYMMETRIC_ENCRYPTION" + or + name = "chacha20" and nid = 1019 and normalized = "CHACHA20" and algType = "SYMMETRIC_ENCRYPTION" + or + name = "secp112r1" and nid = 704 and normalized = "SECP112R1" and algType = "ELLIPTIC_CURVE" + or + name = "secp112r2" and nid = 705 and normalized = "SECP112R2" and algType = "ELLIPTIC_CURVE" + or + name = "secp128r1" and nid = 706 and normalized = "SECP128R1" and algType = "ELLIPTIC_CURVE" + or + name = "secp128r2" and nid = 707 and normalized = "SECP128R2" and algType = "ELLIPTIC_CURVE" + or + name = "secp160k1" and nid = 708 and normalized = "SECP160K1" and algType = "ELLIPTIC_CURVE" + or + name = "secp160r2" and nid = 710 and normalized = "SECP160R2" and algType = "ELLIPTIC_CURVE" + or + name = "secp192k1" and nid = 711 and normalized = "SECP192K1" and algType = "ELLIPTIC_CURVE" + or + name = "secp224k1" and nid = 712 and normalized = "SECP224K1" and algType = "ELLIPTIC_CURVE" + or + name = "secp224r1" and nid = 713 and normalized = "SECP224R1" and algType = "ELLIPTIC_CURVE" + or + name = "secp256k1" and nid = 714 and normalized = "SECP256K1" and algType = "ELLIPTIC_CURVE" + or + name = "secp384r1" and nid = 715 and normalized = "SECP384R1" and algType = "ELLIPTIC_CURVE" + or + name = "secp521r1" and nid = 716 and normalized = "SECP521R1" and algType = "ELLIPTIC_CURVE" + or + name = "prime192v2" and nid = 410 and normalized = "PRIME192V2" and algType = "ELLIPTIC_CURVE" + or + name = "prime192v3" and nid = 411 and normalized = "PRIME192V3" and algType = "ELLIPTIC_CURVE" + or + name = "prime239v1" and nid = 412 and normalized = "PRIME239V1" and algType = "ELLIPTIC_CURVE" + or + name = "prime239v2" and nid = 413 and normalized = "PRIME239V2" and algType = "ELLIPTIC_CURVE" + or + name = "prime239v3" and nid = 414 and normalized = "PRIME239V3" and algType = "ELLIPTIC_CURVE" + or + name = "sect113r1" and nid = 717 and normalized = "SECT113R1" and algType = "ELLIPTIC_CURVE" + or + name = "sect113r2" and nid = 718 and normalized = "SECT113R2" and algType = "ELLIPTIC_CURVE" + or + name = "sect131r1" and nid = 719 and normalized = "SECT131R1" and algType = "ELLIPTIC_CURVE" + or + name = "sect131r2" and nid = 720 and normalized = "SECT131R2" and algType = "ELLIPTIC_CURVE" + or + name = "sect163k1" and nid = 721 and normalized = "SECT163K1" and algType = "ELLIPTIC_CURVE" + or + name = "sect163r1" and nid = 722 and normalized = "SECT163R1" and algType = "ELLIPTIC_CURVE" + or + name = "sect163r2" and nid = 723 and normalized = "SECT163R2" and algType = "ELLIPTIC_CURVE" + or + name = "sect193r1" and nid = 724 and normalized = "SECT193R1" and algType = "ELLIPTIC_CURVE" + or + name = "sect193r2" and nid = 725 and normalized = "SECT193R2" and algType = "ELLIPTIC_CURVE" + or + name = "sect233k1" and nid = 726 and normalized = "SECT233K1" and algType = "ELLIPTIC_CURVE" + or + name = "sect233r1" and nid = 727 and normalized = "SECT233R1" and algType = "ELLIPTIC_CURVE" + or + name = "sect239k1" and nid = 728 and normalized = "SECT239K1" and algType = "ELLIPTIC_CURVE" + or + name = "sect283k1" and nid = 729 and normalized = "SECT283K1" and algType = "ELLIPTIC_CURVE" + or + name = "sect283r1" and nid = 730 and normalized = "SECT283R1" and algType = "ELLIPTIC_CURVE" + or + name = "sect409k1" and nid = 731 and normalized = "SECT409K1" and algType = "ELLIPTIC_CURVE" + or + name = "sect409r1" and nid = 732 and normalized = "SECT409R1" and algType = "ELLIPTIC_CURVE" + or + name = "sect571k1" and nid = 733 and normalized = "SECT571K1" and algType = "ELLIPTIC_CURVE" + or + name = "sect571r1" and nid = 734 and normalized = "SECT571R1" and algType = "ELLIPTIC_CURVE" + or + name = "c2pnb163v1" and nid = 684 and normalized = "C2PNB163V1" and algType = "ELLIPTIC_CURVE" + or + name = "c2pnb163v2" and nid = 685 and normalized = "C2PNB163V2" and algType = "ELLIPTIC_CURVE" + or + name = "c2pnb163v3" and nid = 686 and normalized = "C2PNB163V3" and algType = "ELLIPTIC_CURVE" + or + name = "c2pnb176v1" and nid = 687 and normalized = "C2PNB176V1" and algType = "ELLIPTIC_CURVE" + or + name = "c2tnb191v1" and nid = 688 and normalized = "C2TNB191V1" and algType = "ELLIPTIC_CURVE" + or + name = "c2tnb191v2" and nid = 689 and normalized = "C2TNB191V2" and algType = "ELLIPTIC_CURVE" + or + name = "c2tnb191v3" and nid = 690 and normalized = "C2TNB191V3" and algType = "ELLIPTIC_CURVE" + or + name = "c2pnb208w1" and nid = 693 and normalized = "C2PNB208W1" and algType = "ELLIPTIC_CURVE" + or + name = "c2tnb239v1" and nid = 694 and normalized = "C2TNB239V1" and algType = "ELLIPTIC_CURVE" + or + name = "c2tnb239v2" and nid = 695 and normalized = "C2TNB239V2" and algType = "ELLIPTIC_CURVE" + or + name = "c2tnb239v3" and nid = 696 and normalized = "C2TNB239V3" and algType = "ELLIPTIC_CURVE" + or + name = "c2pnb272w1" and nid = 699 and normalized = "C2PNB272W1" and algType = "ELLIPTIC_CURVE" + or + name = "c2pnb304w1" and nid = 700 and normalized = "C2PNB304W1" and algType = "ELLIPTIC_CURVE" + or + name = "c2tnb359v1" and nid = 701 and normalized = "C2TNB359V1" and algType = "ELLIPTIC_CURVE" + or + name = "c2pnb368w1" and nid = 702 and normalized = "C2PNB368W1" and algType = "ELLIPTIC_CURVE" + or + name = "c2tnb431r1" and nid = 703 and normalized = "C2TNB431R1" and algType = "ELLIPTIC_CURVE" + or + name = "pkcs5" and nid = 187 and normalized = "PKCS5" and algType = "KEY_DERIVATION" + or + name = "aes-256-gcm" and nid = 901 and normalized = "AES256" and algType = "SYMMETRIC_ENCRYPTION" + or + name = "aes-256-gcm" and nid = 901 and normalized = "GCM" and algType = "BLOCK_MODE" + or + name = "chacha20-poly1305" and nid = 1018 and normalized = "POLY1305" and algType = "HASH" + or + name = "chacha20-poly1305" and + nid = 1018 and + normalized = "CHACHA20POLY1305" and + algType = "SYMMETRIC_ENCRYPTION" + or + name = "rsadsi" and nid = 1 and normalized = "RSA" and algType = "ASYMMETRIC_ENCRYPTION" + or + name = "pkcs7-data" and nid = 21 and normalized = "PKCS7" and algType = "SYMMETRIC_PADDING" + or + name = "desx-cbc" and nid = 80 and normalized = "DESX" and algType = "SYMMETRIC_ENCRYPTION" + or + name = "desx-cbc" and nid = 80 and normalized = "CBC" and algType = "BLOCK_MODE" + or + name = "md5-sha1" and nid = 114 and normalized = "SHA1" and algType = "HASH" + or + name = "rc5-ecb" and nid = 121 and normalized = "ECB" and algType = "BLOCK_MODE" + or + name = "rc5-ecb" and nid = 121 and normalized = "RC5" and algType = "SYMMETRIC_ENCRYPTION" + or + name = "rc5-cfb" and nid = 122 and normalized = "CFB" and algType = "BLOCK_MODE" + or + name = "rc5-cfb" and nid = 122 and normalized = "RC5" and algType = "SYMMETRIC_ENCRYPTION" + or + name = "rc5-ofb" and nid = 123 and normalized = "OFB" and algType = "BLOCK_MODE" + or + name = "rc5-ofb" and nid = 123 and normalized = "RC5" and algType = "SYMMETRIC_ENCRYPTION" + or + name = "id-alg-des40" and nid = 323 and normalized = "DES" and algType = "SYMMETRIC_ENCRYPTION" + or + name = "id-alg-dh-sig-hmac-sha1" and nid = 325 and normalized = "SHA1" and algType = "HASH" + or + name = "aes-128-ofb" and nid = 420 and normalized = "AES128" and algType = "SYMMETRIC_ENCRYPTION" + or + name = "aes-128-ofb" and nid = 420 and normalized = "OFB" and algType = "BLOCK_MODE" + or + name = "aes-128-cfb" and nid = 421 and normalized = "AES128" and algType = "SYMMETRIC_ENCRYPTION" + or + name = "aes-128-cfb" and nid = 421 and normalized = "CFB" and algType = "BLOCK_MODE" + or + name = "aes-192-ofb" and nid = 424 and normalized = "AES192" and algType = "SYMMETRIC_ENCRYPTION" + or + name = "aes-192-ofb" and nid = 424 and normalized = "OFB" and algType = "BLOCK_MODE" + or + name = "aes-192-cfb" and nid = 425 and normalized = "AES192" and algType = "SYMMETRIC_ENCRYPTION" + or + name = "aes-192-cfb" and nid = 425 and normalized = "CFB" and algType = "BLOCK_MODE" + or + name = "aes-256-ofb" and nid = 428 and normalized = "AES256" and algType = "SYMMETRIC_ENCRYPTION" + or + name = "aes-256-ofb" and nid = 428 and normalized = "OFB" and algType = "BLOCK_MODE" + or + name = "aes-256-cfb" and nid = 429 and normalized = "AES256" and algType = "SYMMETRIC_ENCRYPTION" + or + name = "aes-256-cfb" and nid = 429 and normalized = "CFB" and algType = "BLOCK_MODE" + or + name = "des-cdmf" and nid = 643 and normalized = "DES" and algType = "SYMMETRIC_ENCRYPTION" + or + name = "aes-128-cfb1" and nid = 650 and normalized = "AES128" and algType = "SYMMETRIC_ENCRYPTION" + or + name = "aes-128-cfb1" and nid = 650 and normalized = "CFB" and algType = "BLOCK_MODE" + or + name = "aes-192-cfb1" and nid = 651 and normalized = "AES192" and algType = "SYMMETRIC_ENCRYPTION" + or + name = "aes-192-cfb1" and nid = 651 and normalized = "CFB" and algType = "BLOCK_MODE" + or + name = "aes-256-cfb1" and nid = 652 and normalized = "AES256" and algType = "SYMMETRIC_ENCRYPTION" + or + name = "aes-256-cfb1" and nid = 652 and normalized = "CFB" and algType = "BLOCK_MODE" + or + name = "aes-128-cfb8" and nid = 653 and normalized = "AES128" and algType = "SYMMETRIC_ENCRYPTION" + or + name = "aes-128-cfb8" and nid = 653 and normalized = "CFB8" and algType = "BLOCK_MODE" + or + name = "aes-192-cfb8" and nid = 654 and normalized = "AES192" and algType = "SYMMETRIC_ENCRYPTION" + or + name = "aes-192-cfb8" and nid = 654 and normalized = "CFB8" and algType = "BLOCK_MODE" + or + name = "aes-256-cfb8" and nid = 655 and normalized = "AES256" and algType = "SYMMETRIC_ENCRYPTION" + or + name = "aes-256-cfb8" and nid = 655 and normalized = "CFB8" and algType = "BLOCK_MODE" + or + name = "des-cfb1" and nid = 656 and normalized = "DES" and algType = "SYMMETRIC_ENCRYPTION" + or + name = "des-cfb1" and nid = 656 and normalized = "CFB" and algType = "BLOCK_MODE" + or + name = "des-cfb8" and nid = 657 and normalized = "DES" and algType = "SYMMETRIC_ENCRYPTION" + or + name = "des-cfb8" and nid = 657 and normalized = "CFB8" and algType = "BLOCK_MODE" + or + name = "des-ede3-cfb1" and nid = 658 and normalized = "DES" and algType = "SYMMETRIC_ENCRYPTION" + or + name = "des-ede3-cfb1" and nid = 658 and normalized = "CFB" and algType = "BLOCK_MODE" + or + name = "des-ede3-cfb8" and nid = 659 and normalized = "DES" and algType = "SYMMETRIC_ENCRYPTION" + or + name = "des-ede3-cfb8" and nid = 659 and normalized = "CFB8" and algType = "BLOCK_MODE" + or + name = "c2onb191v4" and nid = 691 and normalized = "C2ONB191V4" and algType = "ELLIPTIC_CURVE" + or + name = "c2onb191v5" and nid = 692 and normalized = "C2ONB191V5" and algType = "ELLIPTIC_CURVE" + or + name = "c2onb239v4" and nid = 697 and normalized = "C2ONB239V4" and algType = "ELLIPTIC_CURVE" + or + name = "c2onb239v5" and nid = 698 and normalized = "C2ONB239V5" and algType = "ELLIPTIC_CURVE" + or + name = "camellia-128-cfb" and + nid = 757 and + normalized = "CAMELLIA128" and + algType = "SYMMETRIC_ENCRYPTION" + or + name = "camellia-128-cfb" and nid = 757 and normalized = "CFB" and algType = "BLOCK_MODE" + or + name = "camellia-192-cfb" and + nid = 758 and + normalized = "CAMELLIA192" and + algType = "SYMMETRIC_ENCRYPTION" + or + name = "camellia-192-cfb" and nid = 758 and normalized = "CFB" and algType = "BLOCK_MODE" + or + name = "camellia-256-cfb" and + nid = 759 and + normalized = "CAMELLIA256" and + algType = "SYMMETRIC_ENCRYPTION" + or + name = "camellia-256-cfb" and nid = 759 and normalized = "CFB" and algType = "BLOCK_MODE" + or + name = "camellia-128-cfb1" and + nid = 760 and + normalized = "CAMELLIA128" and + algType = "SYMMETRIC_ENCRYPTION" + or + name = "camellia-128-cfb1" and nid = 760 and normalized = "CFB" and algType = "BLOCK_MODE" + or + name = "camellia-192-cfb1" and + nid = 761 and + normalized = "CAMELLIA192" and + algType = "SYMMETRIC_ENCRYPTION" + or + name = "camellia-192-cfb1" and nid = 761 and normalized = "CFB" and algType = "BLOCK_MODE" + or + name = "camellia-256-cfb1" and + nid = 762 and + normalized = "CAMELLIA256" and + algType = "SYMMETRIC_ENCRYPTION" + or + name = "camellia-256-cfb1" and nid = 762 and normalized = "CFB" and algType = "BLOCK_MODE" + or + name = "camellia-128-cfb8" and + nid = 763 and + normalized = "CAMELLIA128" and + algType = "SYMMETRIC_ENCRYPTION" + or + name = "camellia-128-cfb8" and nid = 763 and normalized = "CFB8" and algType = "BLOCK_MODE" + or + name = "camellia-192-cfb8" and + nid = 764 and + normalized = "CAMELLIA192" and + algType = "SYMMETRIC_ENCRYPTION" + or + name = "camellia-192-cfb8" and nid = 764 and normalized = "CFB8" and algType = "BLOCK_MODE" + or + name = "camellia-256-cfb8" and + nid = 765 and + normalized = "CAMELLIA256" and + algType = "SYMMETRIC_ENCRYPTION" + or + name = "camellia-256-cfb8" and nid = 765 and normalized = "CFB8" and algType = "BLOCK_MODE" + or + name = "camellia-128-ofb" and + nid = 766 and + normalized = "CAMELLIA128" and + algType = "SYMMETRIC_ENCRYPTION" + or + name = "camellia-128-ofb" and nid = 766 and normalized = "OFB" and algType = "BLOCK_MODE" + or + name = "camellia-192-ofb" and + nid = 767 and + normalized = "CAMELLIA192" and + algType = "SYMMETRIC_ENCRYPTION" + or + name = "camellia-192-ofb" and nid = 767 and normalized = "OFB" and algType = "BLOCK_MODE" + or + name = "camellia-256-ofb" and + nid = 768 and + normalized = "CAMELLIA256" and + algType = "SYMMETRIC_ENCRYPTION" + or + name = "camellia-256-ofb" and nid = 768 and normalized = "OFB" and algType = "BLOCK_MODE" + or + name = "hmac-md5" and nid = 780 and normalized = "MD5" and algType = "HASH" + or + name = "hmac-sha1" and nid = 781 and normalized = "SHA1" and algType = "HASH" + or + name = "md_gost94" and nid = 809 and normalized = "GOST94" and algType = "SYMMETRIC_ENCRYPTION" + or + name = "gost94" and nid = 812 and normalized = "GOST94" and algType = "SYMMETRIC_ENCRYPTION" + or + name = "gost89" and nid = 813 and normalized = "GOST89" and algType = "SYMMETRIC_ENCRYPTION" + or + name = "gost89-cnt" and nid = 814 and normalized = "GOST89" and algType = "SYMMETRIC_ENCRYPTION" + or + name = "gost-mac" and nid = 815 and normalized = "GOST" and algType = "SYMMETRIC_ENCRYPTION" + or + name = "prf-gostr3411-94" and + nid = 816 and + normalized = "GOSTR341194" and + algType = "SYMMETRIC_ENCRYPTION" + or + name = "gost94cc" and nid = 850 and normalized = "GOST94" and algType = "SYMMETRIC_ENCRYPTION" + or + name = "gost2001cc" and nid = 851 and normalized = "GOST" and algType = "SYMMETRIC_ENCRYPTION" + or + name = "aes-128-ccm" and nid = 896 and normalized = "AES128" and algType = "SYMMETRIC_ENCRYPTION" + or + name = "aes-128-ccm" and nid = 896 and normalized = "CCM" and algType = "BLOCK_MODE" + or + name = "aes-192-gcm" and nid = 898 and normalized = "AES192" and algType = "SYMMETRIC_ENCRYPTION" + or + name = "aes-192-gcm" and nid = 898 and normalized = "GCM" and algType = "BLOCK_MODE" + or + name = "aes-192-ccm" and nid = 899 and normalized = "AES192" and algType = "SYMMETRIC_ENCRYPTION" + or + name = "aes-192-ccm" and nid = 899 and normalized = "CCM" and algType = "BLOCK_MODE" + or + name = "aes-256-ccm" and nid = 902 and normalized = "AES256" and algType = "SYMMETRIC_ENCRYPTION" + or + name = "aes-256-ccm" and nid = 902 and normalized = "CCM" and algType = "BLOCK_MODE" + or + name = "aes-128-ctr" and nid = 904 and normalized = "AES128" and algType = "SYMMETRIC_ENCRYPTION" + or + name = "aes-128-ctr" and nid = 904 and normalized = "CTR" and algType = "BLOCK_MODE" + or + name = "aes-192-ctr" and nid = 905 and normalized = "AES192" and algType = "SYMMETRIC_ENCRYPTION" + or + name = "aes-192-ctr" and nid = 905 and normalized = "CTR" and algType = "BLOCK_MODE" + or + name = "aes-256-ctr" and nid = 906 and normalized = "AES256" and algType = "SYMMETRIC_ENCRYPTION" + or + name = "aes-256-ctr" and nid = 906 and normalized = "CTR" and algType = "BLOCK_MODE" + or + name = "id-camellia128-wrap" and + nid = 907 and + normalized = "CAMELLIA128" and + algType = "SYMMETRIC_ENCRYPTION" + or + name = "id-camellia192-wrap" and + nid = 908 and + normalized = "CAMELLIA192" and + algType = "SYMMETRIC_ENCRYPTION" + or + name = "id-camellia256-wrap" and + nid = 909 and + normalized = "CAMELLIA256" and + algType = "SYMMETRIC_ENCRYPTION" + or + name = "mgf1" and nid = 911 and normalized = "MGF1" and algType = "HASH" + or + name = "aes-128-xts" and nid = 913 and normalized = "AES128" and algType = "SYMMETRIC_ENCRYPTION" + or + name = "aes-128-xts" and nid = 913 and normalized = "XTS" and algType = "BLOCK_MODE" + or + name = "aes-256-xts" and nid = 914 and normalized = "AES256" and algType = "SYMMETRIC_ENCRYPTION" + or + name = "aes-256-xts" and nid = 914 and normalized = "XTS" and algType = "BLOCK_MODE" + or + name = "rc4-hmac-md5" and nid = 915 and normalized = "MD5" and algType = "HASH" + or + name = "rc4-hmac-md5" and nid = 915 and normalized = "RC4" and algType = "SYMMETRIC_ENCRYPTION" + or + name = "aes-128-cbc-hmac-sha1" and nid = 916 and normalized = "SHA1" and algType = "HASH" + or + name = "aes-128-cbc-hmac-sha1" and + nid = 916 and + normalized = "AES128" and + algType = "SYMMETRIC_ENCRYPTION" + or + name = "aes-128-cbc-hmac-sha1" and nid = 916 and normalized = "CBC" and algType = "BLOCK_MODE" + or + name = "aes-192-cbc-hmac-sha1" and nid = 917 and normalized = "SHA1" and algType = "HASH" + or + name = "aes-192-cbc-hmac-sha1" and + nid = 917 and + normalized = "AES192" and + algType = "SYMMETRIC_ENCRYPTION" + or + name = "aes-192-cbc-hmac-sha1" and nid = 917 and normalized = "CBC" and algType = "BLOCK_MODE" + or + name = "aes-256-cbc-hmac-sha1" and + nid = 918 and + normalized = "AES256" and + algType = "SYMMETRIC_ENCRYPTION" + or + name = "aes-256-cbc-hmac-sha1" and nid = 918 and normalized = "CBC" and algType = "BLOCK_MODE" + or + name = "aes-128-cbc-hmac-sha256" and nid = 948 and normalized = "SHA256" and algType = "HASH" + or + name = "aes-128-cbc-hmac-sha256" and + nid = 948 and + normalized = "AES128" and + algType = "SYMMETRIC_ENCRYPTION" + or + name = "aes-128-cbc-hmac-sha256" and nid = 948 and normalized = "CBC" and algType = "BLOCK_MODE" + or + name = "aes-192-cbc-hmac-sha256" and nid = 949 and normalized = "SHA256" and algType = "HASH" + or + name = "aes-192-cbc-hmac-sha256" and + nid = 949 and + normalized = "AES192" and + algType = "SYMMETRIC_ENCRYPTION" + or + name = "aes-192-cbc-hmac-sha256" and nid = 949 and normalized = "CBC" and algType = "BLOCK_MODE" + or + name = "aes-256-cbc-hmac-sha256" and nid = 950 and normalized = "SHA256" and algType = "HASH" + or + name = "aes-256-cbc-hmac-sha256" and + nid = 950 and + normalized = "AES256" and + algType = "SYMMETRIC_ENCRYPTION" + or + name = "aes-256-cbc-hmac-sha256" and nid = 950 and normalized = "CBC" and algType = "BLOCK_MODE" + or + name = "aes-128-ocb" and nid = 958 and normalized = "AES128" and algType = "SYMMETRIC_ENCRYPTION" + or + name = "aes-192-ocb" and nid = 959 and normalized = "AES192" and algType = "SYMMETRIC_ENCRYPTION" + or + name = "aes-256-ocb" and nid = 960 and normalized = "AES256" and algType = "SYMMETRIC_ENCRYPTION" + or + name = "camellia-128-gcm" and + nid = 961 and + normalized = "CAMELLIA128" and + algType = "SYMMETRIC_ENCRYPTION" + or + name = "camellia-128-gcm" and nid = 961 and normalized = "GCM" and algType = "BLOCK_MODE" + or + name = "camellia-128-ccm" and + nid = 962 and + normalized = "CAMELLIA128" and + algType = "SYMMETRIC_ENCRYPTION" + or + name = "camellia-128-ccm" and nid = 962 and normalized = "CCM" and algType = "BLOCK_MODE" + or + name = "camellia-128-ctr" and + nid = 963 and + normalized = "CAMELLIA128" and + algType = "SYMMETRIC_ENCRYPTION" + or + name = "camellia-128-ctr" and nid = 963 and normalized = "CTR" and algType = "BLOCK_MODE" + or + name = "camellia-128-cmac" and + nid = 964 and + normalized = "CAMELLIA128" and + algType = "SYMMETRIC_ENCRYPTION" + or + name = "camellia-192-gcm" and + nid = 965 and + normalized = "CAMELLIA192" and + algType = "SYMMETRIC_ENCRYPTION" + or + name = "camellia-192-gcm" and nid = 965 and normalized = "GCM" and algType = "BLOCK_MODE" + or + name = "camellia-192-ccm" and + nid = 966 and + normalized = "CAMELLIA192" and + algType = "SYMMETRIC_ENCRYPTION" + or + name = "camellia-192-ccm" and nid = 966 and normalized = "CCM" and algType = "BLOCK_MODE" + or + name = "camellia-192-ctr" and + nid = 967 and + normalized = "CAMELLIA192" and + algType = "SYMMETRIC_ENCRYPTION" + or + name = "camellia-192-ctr" and nid = 967 and normalized = "CTR" and algType = "BLOCK_MODE" + or + name = "camellia-192-cmac" and + nid = 968 and + normalized = "CAMELLIA192" and + algType = "SYMMETRIC_ENCRYPTION" + or + name = "camellia-256-gcm" and + nid = 969 and + normalized = "CAMELLIA256" and + algType = "SYMMETRIC_ENCRYPTION" + or + name = "camellia-256-gcm" and nid = 969 and normalized = "GCM" and algType = "BLOCK_MODE" + or + name = "camellia-256-ccm" and + nid = 970 and + normalized = "CAMELLIA256" and + algType = "SYMMETRIC_ENCRYPTION" + or + name = "camellia-256-ccm" and nid = 970 and normalized = "CCM" and algType = "BLOCK_MODE" + or + name = "camellia-256-ctr" and + nid = 971 and + normalized = "CAMELLIA256" and + algType = "SYMMETRIC_ENCRYPTION" + or + name = "camellia-256-ctr" and nid = 971 and normalized = "CTR" and algType = "BLOCK_MODE" + or + name = "camellia-256-cmac" and + nid = 972 and + normalized = "CAMELLIA256" and + algType = "SYMMETRIC_ENCRYPTION" + or + name = "id-scrypt" and nid = 973 and normalized = "SCRYPT" and algType = "KEY_DERIVATION" + or + name = "gost89-cnt-12" and + nid = 975 and + normalized = "GOST89" and + algType = "SYMMETRIC_ENCRYPTION" + or + name = "gost-mac-12" and nid = 976 and normalized = "GOST" and algType = "SYMMETRIC_ENCRYPTION" + or + name = "md_gost12_256" and nid = 982 and normalized = "GOST" and algType = "SYMMETRIC_ENCRYPTION" + or + name = "md_gost12_512" and nid = 983 and normalized = "GOST" and algType = "SYMMETRIC_ENCRYPTION" + or + name = "id-tc26-signwithdigest-gost3410-2012-256" and + nid = 985 and + normalized = "GOST34102012" and + algType = "SYMMETRIC_ENCRYPTION" + or + name = "id-tc26-signwithdigest-gost3410-2012-512" and + nid = 986 and + normalized = "GOST34102012" and + algType = "SYMMETRIC_ENCRYPTION" + or + name = "id-tc26-hmac-gost-3411-2012-256" and + nid = 988 and + normalized = "GOST34112012" and + algType = "SYMMETRIC_ENCRYPTION" + or + name = "id-tc26-hmac-gost-3411-2012-512" and + nid = 989 and + normalized = "GOST34112012" and + algType = "SYMMETRIC_ENCRYPTION" + or + name = "id-tc26-agreement-gost-3410-2012-256" and + nid = 992 and + normalized = "GOST34102012" and + algType = "SYMMETRIC_ENCRYPTION" + or + name = "id-tc26-agreement-gost-3410-2012-512" and + nid = 993 and + normalized = "GOST34102012" and + algType = "SYMMETRIC_ENCRYPTION" + or + name = "id-tc26-gost-3410-2012-512-constants" and + nid = 996 and + normalized = "GOST34102012" and + algType = "SYMMETRIC_ENCRYPTION" + or + name = "id-tc26-gost-28147-constants" and + nid = 1002 and + normalized = "GOST28147" and + algType = "SYMMETRIC_ENCRYPTION" + or + name = "gost89-cbc" and nid = 1009 and normalized = "CBC" and algType = "BLOCK_MODE" + or + name = "gost89-cbc" and nid = 1009 and normalized = "GOST89" and algType = "SYMMETRIC_ENCRYPTION" + or + name = "gost89-ecb" and nid = 1010 and normalized = "ECB" and algType = "BLOCK_MODE" + or + name = "gost89-ecb" and nid = 1010 and normalized = "GOST89" and algType = "SYMMETRIC_ENCRYPTION" + or + name = "gost89-ctr" and nid = 1011 and normalized = "CTR" and algType = "BLOCK_MODE" + or + name = "gost89-ctr" and nid = 1011 and normalized = "GOST89" and algType = "SYMMETRIC_ENCRYPTION" + or + name = "kuznyechik-ecb" and nid = 1012 and normalized = "ECB" and algType = "BLOCK_MODE" + or + name = "kuznyechik-ecb" and + nid = 1012 and + normalized = "KUZNYECHIK" and + algType = "SYMMETRIC_ENCRYPTION" + or + name = "kuznyechik-ctr" and nid = 1013 and normalized = "CTR" and algType = "BLOCK_MODE" + or + name = "kuznyechik-ctr" and + nid = 1013 and + normalized = "KUZNYECHIK" and + algType = "SYMMETRIC_ENCRYPTION" + or + name = "kuznyechik-ofb" and nid = 1014 and normalized = "OFB" and algType = "BLOCK_MODE" + or + name = "kuznyechik-ofb" and + nid = 1014 and + normalized = "KUZNYECHIK" and + algType = "SYMMETRIC_ENCRYPTION" + or + name = "kuznyechik-cbc" and nid = 1015 and normalized = "CBC" and algType = "BLOCK_MODE" + or + name = "kuznyechik-cbc" and + nid = 1015 and + normalized = "KUZNYECHIK" and + algType = "SYMMETRIC_ENCRYPTION" + or + name = "kuznyechik-cfb" and nid = 1016 and normalized = "CFB" and algType = "BLOCK_MODE" + or + name = "kuznyechik-cfb" and + nid = 1016 and + normalized = "KUZNYECHIK" and + algType = "SYMMETRIC_ENCRYPTION" + or + name = "kuznyechik-mac" and + nid = 1017 and + normalized = "KUZNYECHIK" and + algType = "SYMMETRIC_ENCRYPTION" + or + name = "hkdf" and nid = 1036 and normalized = "HKDF" and algType = "KEY_DERIVATION" + or + name = "kx-rsa" and nid = 1037 and normalized = "RSA" and algType = "ASYMMETRIC_ENCRYPTION" + or + name = "kx-ecdhe" and nid = 1038 and normalized = "ECDH" and algType = "KEY_EXCHANGE" + or + name = "kx-ecdhe-psk" and nid = 1040 and normalized = "ECDH" and algType = "KEY_EXCHANGE" + or + name = "kx-rsa-psk" and nid = 1042 and normalized = "RSA" and algType = "ASYMMETRIC_ENCRYPTION" + or + name = "kx-gost" and nid = 1045 and normalized = "GOST" and algType = "SYMMETRIC_ENCRYPTION" + or + name = "auth-rsa" and nid = 1046 and normalized = "RSA" and algType = "ASYMMETRIC_ENCRYPTION" + or + name = "auth-ecdsa" and nid = 1047 and normalized = "ECDSA" and algType = "SIGNATURE" + or + name = "auth-gost01" and nid = 1050 and normalized = "GOST" and algType = "SYMMETRIC_ENCRYPTION" + or + name = "auth-gost12" and nid = 1051 and normalized = "GOST" and algType = "SYMMETRIC_ENCRYPTION" + or + name = "poly1305" and nid = 1061 and normalized = "POLY1305" and algType = "HASH" + or + name = "hmac-sha3-224" and nid = 1102 and normalized = "SHA3224" and algType = "HASH" + or + name = "hmac-sha3-256" and nid = 1103 and normalized = "SHA3256" and algType = "HASH" + or + name = "hmac-sha3-384" and nid = 1104 and normalized = "SHA3384" and algType = "HASH" + or + name = "hmac-sha3-512" and nid = 1105 and normalized = "SHA3512" and algType = "HASH" + or + name = "id-dsa-with-sha384" and nid = 1106 and normalized = "DSA" and algType = "SIGNATURE" + or + name = "id-dsa-with-sha384" and nid = 1106 and normalized = "SHA384" and algType = "HASH" + or + name = "id-dsa-with-sha512" and nid = 1107 and normalized = "DSA" and algType = "SIGNATURE" + or + name = "id-dsa-with-sha512" and nid = 1107 and normalized = "SHA512" and algType = "HASH" + or + name = "id-dsa-with-sha3-224" and nid = 1108 and normalized = "DSA" and algType = "SIGNATURE" + or + name = "id-dsa-with-sha3-224" and nid = 1108 and normalized = "SHA3224" and algType = "HASH" + or + name = "id-dsa-with-sha3-256" and nid = 1109 and normalized = "DSA" and algType = "SIGNATURE" + or + name = "id-dsa-with-sha3-256" and nid = 1109 and normalized = "SHA3256" and algType = "HASH" + or + name = "id-dsa-with-sha3-384" and nid = 1110 and normalized = "DSA" and algType = "SIGNATURE" + or + name = "id-dsa-with-sha3-384" and nid = 1110 and normalized = "SHA3384" and algType = "HASH" + or + name = "id-dsa-with-sha3-512" and nid = 1111 and normalized = "DSA" and algType = "SIGNATURE" + or + name = "id-dsa-with-sha3-512" and nid = 1111 and normalized = "SHA3512" and algType = "HASH" + or + name = "id-ecdsa-with-sha3-224" and nid = 1112 and normalized = "ECDSA" and algType = "SIGNATURE" + or + name = "id-ecdsa-with-sha3-224" and nid = 1112 and normalized = "SHA3224" and algType = "HASH" + or + name = "id-ecdsa-with-sha3-256" and nid = 1113 and normalized = "ECDSA" and algType = "SIGNATURE" + or + name = "id-ecdsa-with-sha3-256" and nid = 1113 and normalized = "SHA3256" and algType = "HASH" + or + name = "id-ecdsa-with-sha3-384" and nid = 1114 and normalized = "ECDSA" and algType = "SIGNATURE" + or + name = "id-ecdsa-with-sha3-384" and nid = 1114 and normalized = "SHA3384" and algType = "HASH" + or + name = "id-ecdsa-with-sha3-512" and nid = 1115 and normalized = "ECDSA" and algType = "SIGNATURE" + or + name = "id-ecdsa-with-sha3-512" and nid = 1115 and normalized = "SHA3512" and algType = "HASH" + or + name = "id-rsassa-pkcs1-v1_5-with-sha3-224" and + nid = 1116 and + normalized = "RSA" and + algType = "ASYMMETRIC_ENCRYPTION" + or + name = "id-rsassa-pkcs1-v1_5-with-sha3-224" and + nid = 1116 and + normalized = "PKCS1V15" and + algType = "ASYMMETRIC_PADDING" + or + name = "id-rsassa-pkcs1-v1_5-with-sha3-224" and + nid = 1116 and + normalized = "SHA3224" and + algType = "HASH" + or + name = "id-rsassa-pkcs1-v1_5-with-sha3-256" and + nid = 1117 and + normalized = "RSA" and + algType = "ASYMMETRIC_ENCRYPTION" + or + name = "id-rsassa-pkcs1-v1_5-with-sha3-256" and + nid = 1117 and + normalized = "PKCS1V15" and + algType = "ASYMMETRIC_PADDING" + or + name = "id-rsassa-pkcs1-v1_5-with-sha3-256" and + nid = 1117 and + normalized = "SHA3256" and + algType = "HASH" + or + name = "id-rsassa-pkcs1-v1_5-with-sha3-384" and + nid = 1118 and + normalized = "RSA" and + algType = "ASYMMETRIC_ENCRYPTION" + or + name = "id-rsassa-pkcs1-v1_5-with-sha3-384" and + nid = 1118 and + normalized = "PKCS1V15" and + algType = "ASYMMETRIC_PADDING" + or + name = "id-rsassa-pkcs1-v1_5-with-sha3-384" and + nid = 1118 and + normalized = "SHA3384" and + algType = "HASH" + or + name = "id-rsassa-pkcs1-v1_5-with-sha3-512" and + nid = 1119 and + normalized = "RSA" and + algType = "ASYMMETRIC_ENCRYPTION" + or + name = "id-rsassa-pkcs1-v1_5-with-sha3-512" and + nid = 1119 and + normalized = "PKCS1V15" and + algType = "ASYMMETRIC_PADDING" + or + name = "id-rsassa-pkcs1-v1_5-with-sha3-512" and + nid = 1119 and + normalized = "SHA3512" and + algType = "HASH" + or + name = "aria-128-ccm" and nid = 1120 and normalized = "CCM" and algType = "BLOCK_MODE" + or + name = "aria-128-ccm" and nid = 1120 and normalized = "ARIA" and algType = "SYMMETRIC_ENCRYPTION" + or + name = "aria-192-ccm" and nid = 1121 and normalized = "CCM" and algType = "BLOCK_MODE" + or + name = "aria-192-ccm" and nid = 1121 and normalized = "ARIA" and algType = "SYMMETRIC_ENCRYPTION" + or + name = "aria-256-ccm" and nid = 1122 and normalized = "CCM" and algType = "BLOCK_MODE" + or + name = "aria-256-ccm" and nid = 1122 and normalized = "ARIA" and algType = "SYMMETRIC_ENCRYPTION" + or + name = "aria-128-gcm" and nid = 1123 and normalized = "GCM" and algType = "BLOCK_MODE" + or + name = "aria-128-gcm" and nid = 1123 and normalized = "ARIA" and algType = "SYMMETRIC_ENCRYPTION" + or + name = "aria-192-gcm" and nid = 1124 and normalized = "GCM" and algType = "BLOCK_MODE" + or + name = "aria-192-gcm" and nid = 1124 and normalized = "ARIA" and algType = "SYMMETRIC_ENCRYPTION" + or + name = "aria-256-gcm" and nid = 1125 and normalized = "GCM" and algType = "BLOCK_MODE" + or + name = "aria-256-gcm" and nid = 1125 and normalized = "ARIA" and algType = "SYMMETRIC_ENCRYPTION" + or + name = "sm4-cfb1" and nid = 1136 and normalized = "SM4" and algType = "SYMMETRIC_ENCRYPTION" + or + name = "sm4-cfb1" and nid = 1136 and normalized = "CFB" and algType = "BLOCK_MODE" + or + name = "sm4-cfb8" and nid = 1138 and normalized = "SM4" and algType = "SYMMETRIC_ENCRYPTION" + or + name = "sm4-cfb8" and nid = 1138 and normalized = "CFB8" and algType = "BLOCK_MODE" + or + name = "id-tc26-gost-3410-2012-256-constants" and + nid = 1147 and + normalized = "GOST34102012" and + algType = "SYMMETRIC_ENCRYPTION" + or + name = "dstu28147-ofb" and nid = 1153 and normalized = "OFB" and algType = "BLOCK_MODE" + or + name = "dstu28147-cfb" and nid = 1154 and normalized = "CFB" and algType = "BLOCK_MODE" + or + name = "id-tc26-cipher-gostr3412-2015-magma" and + nid = 1173 and + normalized = "MAGMA" and + algType = "SYMMETRIC_ENCRYPTION" + or + name = "magma-ctr-acpkm" and nid = 1174 and normalized = "CTR" and algType = "BLOCK_MODE" + or + name = "magma-ctr-acpkm" and + nid = 1174 and + normalized = "MAGMA" and + algType = "SYMMETRIC_ENCRYPTION" + or + name = "magma-ctr-acpkm-omac" and nid = 1175 and normalized = "CTR" and algType = "BLOCK_MODE" + or + name = "magma-ctr-acpkm-omac" and + nid = 1175 and + normalized = "MAGMA" and + algType = "SYMMETRIC_ENCRYPTION" + or + name = "id-tc26-cipher-gostr3412-2015-kuznyechik" and + nid = 1176 and + normalized = "KUZNYECHIK" and + algType = "SYMMETRIC_ENCRYPTION" + or + name = "kuznyechik-ctr-acpkm" and nid = 1177 and normalized = "CTR" and algType = "BLOCK_MODE" + or + name = "kuznyechik-ctr-acpkm" and + nid = 1177 and + normalized = "KUZNYECHIK" and + algType = "SYMMETRIC_ENCRYPTION" + or + name = "kuznyechik-ctr-acpkm-omac" and + nid = 1178 and + normalized = "CTR" and + algType = "BLOCK_MODE" + or + name = "kuznyechik-ctr-acpkm-omac" and + nid = 1178 and + normalized = "KUZNYECHIK" and + algType = "SYMMETRIC_ENCRYPTION" + or + name = "id-tc26-wrap-gostr3412-2015-magma" and + nid = 1180 and + normalized = "MAGMA" and + algType = "SYMMETRIC_ENCRYPTION" + or + name = "magma-kexp15" and nid = 1181 and normalized = "MAGMA" and algType = "SYMMETRIC_ENCRYPTION" + or + name = "id-tc26-wrap-gostr3412-2015-kuznyechik" and + nid = 1182 and + normalized = "KUZNYECHIK" and + algType = "SYMMETRIC_ENCRYPTION" + or + name = "kuznyechik-kexp15" and + nid = 1183 and + normalized = "KUZNYECHIK" and + algType = "SYMMETRIC_ENCRYPTION" + or + name = "magma-ecb" and nid = 1187 and normalized = "ECB" and algType = "BLOCK_MODE" + or + name = "magma-ecb" and nid = 1187 and normalized = "MAGMA" and algType = "SYMMETRIC_ENCRYPTION" + or + name = "magma-ctr" and nid = 1188 and normalized = "CTR" and algType = "BLOCK_MODE" + or + name = "magma-ctr" and nid = 1188 and normalized = "MAGMA" and algType = "SYMMETRIC_ENCRYPTION" + or + name = "magma-ofb" and nid = 1189 and normalized = "OFB" and algType = "BLOCK_MODE" + or + name = "magma-ofb" and nid = 1189 and normalized = "MAGMA" and algType = "SYMMETRIC_ENCRYPTION" + or + name = "magma-cbc" and nid = 1190 and normalized = "CBC" and algType = "BLOCK_MODE" + or + name = "magma-cbc" and nid = 1190 and normalized = "MAGMA" and algType = "SYMMETRIC_ENCRYPTION" + or + name = "magma-cfb" and nid = 1191 and normalized = "CFB" and algType = "BLOCK_MODE" + or + name = "magma-cfb" and nid = 1191 and normalized = "MAGMA" and algType = "SYMMETRIC_ENCRYPTION" + or + name = "magma-mac" and nid = 1192 and normalized = "MAGMA" and algType = "SYMMETRIC_ENCRYPTION" + or + name = "aes-128-siv" and nid = 1198 and normalized = "AES128" and algType = "SYMMETRIC_ENCRYPTION" + or + name = "aes-128-siv" and nid = 1198 and normalized = "SIV" and algType = "BLOCK_MODE" + or + name = "aes-192-siv" and nid = 1199 and normalized = "AES192" and algType = "SYMMETRIC_ENCRYPTION" + or + name = "aes-192-siv" and nid = 1199 and normalized = "SIV" and algType = "BLOCK_MODE" + or + name = "aes-256-siv" and nid = 1200 and normalized = "AES256" and algType = "SYMMETRIC_ENCRYPTION" + or + name = "aes-256-siv" and nid = 1200 and normalized = "SIV" and algType = "BLOCK_MODE" + or + name = "blake2bmac" and nid = 1201 and normalized = "BLAKE2B" and algType = "HASH" + or + name = "blake2smac" and nid = 1202 and normalized = "BLAKE2S" and algType = "HASH" + or + name = "sshkdf" and nid = 1203 and normalized = "HKDF" and algType = "KEY_DERIVATION" + or + name = "x963kdf" and nid = 1206 and normalized = "X963KDF" and algType = "KEY_DERIVATION" + or + name = "kx-gost18" and nid = 1218 and normalized = "GOST" and algType = "SYMMETRIC_ENCRYPTION" + or + name = "sm4-gcm" and nid = 1248 and normalized = "SM4" and algType = "SYMMETRIC_ENCRYPTION" + or + name = "sm4-gcm" and nid = 1248 and normalized = "GCM" and algType = "BLOCK_MODE" + or + name = "sm4-ccm" and nid = 1249 and normalized = "SM4" and algType = "SYMMETRIC_ENCRYPTION" + or + name = "sm4-ccm" and nid = 1249 and normalized = "CCM" and algType = "BLOCK_MODE" + or + name = "sm4-xts" and nid = 1290 and normalized = "SM4" and algType = "SYMMETRIC_ENCRYPTION" + or + name = "sm4-xts" and nid = 1290 and normalized = "XTS" and algType = "BLOCK_MODE" + or + name = "x448" and nid = 1035 and normalized = "X448" and algType = "ELLIPTIC_CURVE" + or + name = "x25519" and nid = 1034 and normalized = "X25519" and algType = "ELLIPTIC_CURVE" + or + name = "authecdsa" and nid = 1047 and normalized = "ECDSA" and algType = "SIGNATURE" + or + name = "authgost01" and nid = 1050 and normalized = "GOST" and algType = "SYMMETRIC_ENCRYPTION" + or + name = "authgost12" and nid = 1051 and normalized = "GOST" and algType = "SYMMETRIC_ENCRYPTION" + or + name = "authrsa" and nid = 1046 and normalized = "RSA" and algType = "ASYMMETRIC_ENCRYPTION" + or + name = "brainpoolp160r1" and + nid = 921 and + normalized = "BRAINPOOLP160R1" and + algType = "ELLIPTIC_CURVE" + or + name = "brainpoolp160t1" and + nid = 922 and + normalized = "BRAINPOOLP160T1" and + algType = "ELLIPTIC_CURVE" + or + name = "brainpoolp192r1" and + nid = 923 and + normalized = "BRAINPOOLP192R1" and + algType = "ELLIPTIC_CURVE" + or + name = "brainpoolp192t1" and + nid = 924 and + normalized = "BRAINPOOLP192T1" and + algType = "ELLIPTIC_CURVE" + or + name = "brainpoolp224r1" and + nid = 925 and + normalized = "BRAINPOOLP224R1" and + algType = "ELLIPTIC_CURVE" + or + name = "brainpoolp224t1" and + nid = 926 and + normalized = "BRAINPOOLP224T1" and + algType = "ELLIPTIC_CURVE" + or + name = "brainpoolp256r1" and + nid = 927 and + normalized = "BRAINPOOLP256R1" and + algType = "ELLIPTIC_CURVE" + or + name = "brainpoolp256r1tls13" and + nid = 1285 and + normalized = "BRAINPOOLP256R1" and + algType = "ELLIPTIC_CURVE" + or + name = "brainpoolp256t1" and + nid = 928 and + normalized = "BRAINPOOLP256T1" and + algType = "ELLIPTIC_CURVE" + or + name = "brainpoolp320r1" and + nid = 929 and + normalized = "BRAINPOOLP320R1" and + algType = "ELLIPTIC_CURVE" + or + name = "brainpoolp320t1" and + nid = 930 and + normalized = "BRAINPOOLP320T1" and + algType = "ELLIPTIC_CURVE" + or + name = "brainpoolp384r1" and + nid = 931 and + normalized = "BRAINPOOLP384R1" and + algType = "ELLIPTIC_CURVE" + or + name = "brainpoolp384r1tls13" and + nid = 1286 and + normalized = "BRAINPOOLP384R1" and + algType = "ELLIPTIC_CURVE" + or + name = "brainpoolp384t1" and + nid = 932 and + normalized = "BRAINPOOLP384T1" and + algType = "ELLIPTIC_CURVE" + or + name = "brainpoolp512r1" and + nid = 933 and + normalized = "BRAINPOOLP512R1" and + algType = "ELLIPTIC_CURVE" + or + name = "brainpoolp512r1tls13" and + nid = 1287 and + normalized = "BRAINPOOLP512R1" and + algType = "ELLIPTIC_CURVE" + or + name = "brainpoolp512t1" and + nid = 934 and + normalized = "BRAINPOOLP512T1" and + algType = "ELLIPTIC_CURVE" + or + name = "dhsinglepass-cofactordh-sha1kdf-scheme" and + nid = 941 and + normalized = "SHA1" and + algType = "HASH" + or + name = "dhsinglepass-cofactordh-sha224kdf-scheme" and + nid = 942 and + normalized = "SHA224" and + algType = "HASH" + or + name = "dhsinglepass-cofactordh-sha256kdf-scheme" and + nid = 943 and + normalized = "SHA256" and + algType = "HASH" + or + name = "dhsinglepass-cofactordh-sha384kdf-scheme" and + nid = 944 and + normalized = "SHA384" and + algType = "HASH" + or + name = "dhsinglepass-cofactordh-sha512kdf-scheme" and + nid = 945 and + normalized = "SHA512" and + algType = "HASH" + or + name = "dhsinglepass-stddh-sha1kdf-scheme" and + nid = 936 and + normalized = "SHA1" and + algType = "HASH" + or + name = "dhsinglepass-stddh-sha224kdf-scheme" and + nid = 937 and + normalized = "SHA224" and + algType = "HASH" + or + name = "dhsinglepass-stddh-sha256kdf-scheme" and + nid = 938 and + normalized = "SHA256" and + algType = "HASH" + or + name = "dhsinglepass-stddh-sha384kdf-scheme" and + nid = 939 and + normalized = "SHA384" and + algType = "HASH" + or + name = "dhsinglepass-stddh-sha512kdf-scheme" and + nid = 940 and + normalized = "SHA512" and + algType = "HASH" + or + name = "dsa-old" and nid = 67 and normalized = "DSA" and algType = "SIGNATURE" + or + name = "dsa-sha" and nid = 66 and normalized = "DSA" and algType = "SIGNATURE" + or + name = "dsa-sha" and nid = 66 and normalized = "SHA" and algType = "HASH" + or + name = "dsa-sha1" and nid = 113 and normalized = "DSA" and algType = "SIGNATURE" + or + name = "dsa-sha1" and nid = 113 and normalized = "SHA1" and algType = "HASH" + or + name = "dsa-sha1-old" and nid = 70 and normalized = "DSA" and algType = "SIGNATURE" + or + name = "dsa-sha1-old" and nid = 70 and normalized = "SHA1" and algType = "HASH" + or + name = "dsa_with_sha224" and nid = 802 and normalized = "DSA" and algType = "SIGNATURE" + or + name = "dsa_with_sha224" and nid = 802 and normalized = "SHA224" and algType = "HASH" + or + name = "dsa_with_sha256" and nid = 803 and normalized = "SHA256" and algType = "HASH" + or + name = "dsa_with_sha256" and nid = 803 and normalized = "DSA" and algType = "SIGNATURE" + or + name = "dsa_with_sha3-224" and nid = 1108 and normalized = "DSA" and algType = "SIGNATURE" + or + name = "dsa_with_sha3-224" and nid = 1108 and normalized = "SHA3224" and algType = "HASH" + or + name = "dsa_with_sha3-256" and nid = 1109 and normalized = "DSA" and algType = "SIGNATURE" + or + name = "dsa_with_sha3-256" and nid = 1109 and normalized = "SHA3256" and algType = "HASH" + or + name = "dsa_with_sha3-384" and nid = 1110 and normalized = "DSA" and algType = "SIGNATURE" + or + name = "dsa_with_sha3-384" and nid = 1110 and normalized = "SHA3384" and algType = "HASH" + or + name = "dsa_with_sha3-512" and nid = 1111 and normalized = "DSA" and algType = "SIGNATURE" + or + name = "dsa_with_sha3-512" and nid = 1111 and normalized = "SHA3512" and algType = "HASH" + or + name = "dsa_with_sha384" and nid = 1106 and normalized = "DSA" and algType = "SIGNATURE" + or + name = "dsa_with_sha384" and nid = 1106 and normalized = "SHA384" and algType = "HASH" + or + name = "dsa_with_sha512" and nid = 1107 and normalized = "DSA" and algType = "SIGNATURE" + or + name = "dsa_with_sha512" and nid = 1107 and normalized = "SHA512" and algType = "HASH" + or + name = "dsaencryption" and nid = 116 and normalized = "DSA" and algType = "SIGNATURE" + or + name = "dsaencryption-old" and nid = 67 and normalized = "DSA" and algType = "SIGNATURE" + or + name = "dsaquality" and nid = 495 and normalized = "DSA" and algType = "SIGNATURE" + or + name = "dsawithsha" and nid = 66 and normalized = "DSA" and algType = "SIGNATURE" + or + name = "dsawithsha" and nid = 66 and normalized = "SHA" and algType = "HASH" + or + name = "dsawithsha1" and nid = 113 and normalized = "DSA" and algType = "SIGNATURE" + or + name = "dsawithsha1" and nid = 113 and normalized = "SHA1" and algType = "HASH" + or + name = "dsawithsha1-old" and nid = 70 and normalized = "DSA" and algType = "SIGNATURE" + or + name = "dsawithsha1-old" and nid = 70 and normalized = "SHA1" and algType = "HASH" + or + name = "dstu gost 28147-2009 cfb mode" and + nid = 1154 and + normalized = "CFB" and + algType = "BLOCK_MODE" + or + name = "dstu gost 28147-2009 cfb mode" and + nid = 1154 and + normalized = "GOST28147" and + algType = "SYMMETRIC_ENCRYPTION" + or + name = "dstu gost 28147-2009 ofb mode" and + nid = 1153 and + normalized = "OFB" and + algType = "BLOCK_MODE" + or + name = "dstu gost 28147-2009 ofb mode" and + nid = 1153 and + normalized = "GOST28147" and + algType = "SYMMETRIC_ENCRYPTION" + or + name = "ecdsa-with-recommended" and nid = 791 and normalized = "ECDSA" and algType = "SIGNATURE" + or + name = "ecdsa-with-sha1" and nid = 416 and normalized = "SHA1" and algType = "HASH" + or + name = "ecdsa-with-sha1" and nid = 416 and normalized = "ECDSA" and algType = "SIGNATURE" + or + name = "ecdsa-with-sha224" and nid = 793 and normalized = "SHA224" and algType = "HASH" + or + name = "ecdsa-with-sha224" and nid = 793 and normalized = "ECDSA" and algType = "SIGNATURE" + or + name = "ecdsa-with-sha256" and nid = 794 and normalized = "SHA256" and algType = "HASH" + or + name = "ecdsa-with-sha256" and nid = 794 and normalized = "ECDSA" and algType = "SIGNATURE" + or + name = "ecdsa-with-sha384" and nid = 795 and normalized = "SHA384" and algType = "HASH" + or + name = "ecdsa-with-sha384" and nid = 795 and normalized = "ECDSA" and algType = "SIGNATURE" + or + name = "ecdsa-with-sha512" and nid = 796 and normalized = "SHA512" and algType = "HASH" + or + name = "ecdsa-with-sha512" and nid = 796 and normalized = "ECDSA" and algType = "SIGNATURE" + or + name = "ecdsa-with-specified" and nid = 792 and normalized = "ECDSA" and algType = "SIGNATURE" + or + name = "ecdsa_with_sha3-224" and nid = 1112 and normalized = "ECDSA" and algType = "SIGNATURE" + or + name = "ecdsa_with_sha3-224" and nid = 1112 and normalized = "SHA3224" and algType = "HASH" + or + name = "ecdsa_with_sha3-256" and nid = 1113 and normalized = "ECDSA" and algType = "SIGNATURE" + or + name = "ecdsa_with_sha3-256" and nid = 1113 and normalized = "SHA3256" and algType = "HASH" + or + name = "ecdsa_with_sha3-384" and nid = 1114 and normalized = "ECDSA" and algType = "SIGNATURE" + or + name = "ecdsa_with_sha3-384" and nid = 1114 and normalized = "SHA3384" and algType = "HASH" + or + name = "ecdsa_with_sha3-512" and nid = 1115 and normalized = "ECDSA" and algType = "SIGNATURE" + or + name = "ecdsa_with_sha3-512" and nid = 1115 and normalized = "SHA3512" and algType = "HASH" + or + name = "gost 28147-89" and + nid = 813 and + normalized = "GOST2814789" and + algType = "SYMMETRIC_ENCRYPTION" + or + name = "gost 28147-89 cryptocom paramset" and + nid = 849 and + normalized = "GOST2814789" and + algType = "SYMMETRIC_ENCRYPTION" + or + name = "gost 28147-89 mac" and + nid = 815 and + normalized = "GOST2814789" and + algType = "SYMMETRIC_ENCRYPTION" + or + name = "gost 28147-89 tc26 parameter set" and + nid = 1003 and + normalized = "GOST2814789" and + algType = "SYMMETRIC_ENCRYPTION" + or + name = "gost 34.10-2001 cryptocom" and + nid = 851 and + normalized = "GOST" and + algType = "SYMMETRIC_ENCRYPTION" + or + name = "gost 34.10-94 cryptocom" and + nid = 850 and + normalized = "GOST" and + algType = "SYMMETRIC_ENCRYPTION" + or + name = "gost r 34.10-2001" and + nid = 811 and + normalized = "GOST" and + algType = "SYMMETRIC_ENCRYPTION" + or + name = "gost r 34.10-2001 dh" and + nid = 817 and + normalized = "GOST" and + algType = "SYMMETRIC_ENCRYPTION" + or + name = "gost r 34.10-2012 (256 bit) paramset a" and + nid = 1148 and + normalized = "GOST" and + algType = "SYMMETRIC_ENCRYPTION" + or + name = "gost r 34.10-2012 (256 bit) paramset b" and + nid = 1184 and + normalized = "GOST" and + algType = "SYMMETRIC_ENCRYPTION" + or + name = "gost r 34.10-2012 (256 bit) paramset c" and + nid = 1185 and + normalized = "GOST" and + algType = "SYMMETRIC_ENCRYPTION" + or + name = "gost r 34.10-2012 (256 bit) paramset d" and + nid = 1186 and + normalized = "GOST" and + algType = "SYMMETRIC_ENCRYPTION" + or + name = "gost r 34.10-2012 (512 bit) paramset a" and + nid = 998 and + normalized = "GOST" and + algType = "SYMMETRIC_ENCRYPTION" + or + name = "gost r 34.10-2012 (512 bit) paramset b" and + nid = 999 and + normalized = "GOST" and + algType = "SYMMETRIC_ENCRYPTION" + or + name = "gost r 34.10-2012 (512 bit) paramset c" and + nid = 1149 and + normalized = "GOST" and + algType = "SYMMETRIC_ENCRYPTION" + or + name = "gost r 34.10-2012 (512 bit) testing parameter set" and + nid = 997 and + normalized = "GOST" and + algType = "SYMMETRIC_ENCRYPTION" + or + name = "gost r 34.10-2012 with 256 bit modulus" and + nid = 979 and + normalized = "GOST" and + algType = "SYMMETRIC_ENCRYPTION" + or + name = "gost r 34.10-2012 with 512 bit modulus" and + nid = 980 and + normalized = "GOST" and + algType = "SYMMETRIC_ENCRYPTION" + or + name = "gost r 34.10-2012 with gost r 34.11-2012 (256 bit)" and + nid = 985 and + normalized = "GOST" and + algType = "SYMMETRIC_ENCRYPTION" + or + name = "gost r 34.10-2012 with gost r 34.11-2012 (512 bit)" and + nid = 986 and + normalized = "GOST" and + algType = "SYMMETRIC_ENCRYPTION" + or + name = "gost r 34.10-94" and + nid = 812 and + normalized = "GOST" and + algType = "SYMMETRIC_ENCRYPTION" + or + name = "gost r 34.10-94 dh" and + nid = 818 and + normalized = "GOST" and + algType = "SYMMETRIC_ENCRYPTION" + or + name = "gost r 34.11-2012 with 256 bit hash" and + nid = 982 and + normalized = "GOST" and + algType = "SYMMETRIC_ENCRYPTION" + or + name = "gost r 34.11-2012 with 512 bit hash" and + nid = 983 and + normalized = "GOST" and + algType = "SYMMETRIC_ENCRYPTION" + or + name = "gost r 34.11-94" and + nid = 809 and + normalized = "GOST" and + algType = "SYMMETRIC_ENCRYPTION" + or + name = "gost r 34.11-94 prf" and + nid = 816 and + normalized = "GOST" and + algType = "SYMMETRIC_ENCRYPTION" + or + name = "gost r 34.11-94 with gost r 34.10-2001" and + nid = 807 and + normalized = "GOST" and + algType = "SYMMETRIC_ENCRYPTION" + or + name = "gost r 34.11-94 with gost r 34.10-2001 cryptocom" and + nid = 853 and + normalized = "GOST" and + algType = "SYMMETRIC_ENCRYPTION" + or + name = "gost r 34.11-94 with gost r 34.10-94" and + nid = 808 and + normalized = "GOST" and + algType = "SYMMETRIC_ENCRYPTION" + or + name = "gost r 34.11-94 with gost r 34.10-94 cryptocom" and + nid = 852 and + normalized = "GOST" and + algType = "SYMMETRIC_ENCRYPTION" + or + name = "gost r 3410-2001 parameter set cryptocom" and + nid = 854 and + normalized = "GOSTR34102001" and + algType = "SYMMETRIC_ENCRYPTION" + or + name = "hmac gost 34.11-2012 256 bit" and + nid = 988 and + normalized = "GOST" and + algType = "SYMMETRIC_ENCRYPTION" + or + name = "hmac gost 34.11-2012 512 bit" and + nid = 989 and + normalized = "GOST" and + algType = "SYMMETRIC_ENCRYPTION" + or + name = "hmac gost 34.11-94" and + nid = 810 and + normalized = "GOST" and + algType = "SYMMETRIC_ENCRYPTION" + or + name = "hmacwithmd5" and nid = 797 and normalized = "MD5" and algType = "HASH" + or + name = "hmacwithsha1" and nid = 163 and normalized = "SHA1" and algType = "HASH" + or + name = "hmacwithsha224" and nid = 798 and normalized = "SHA224" and algType = "HASH" + or + name = "hmacwithsha256" and nid = 799 and normalized = "SHA256" and algType = "HASH" + or + name = "hmacwithsha384" and nid = 800 and normalized = "SHA384" and algType = "HASH" + or + name = "hmacwithsha512" and nid = 801 and normalized = "SHA512" and algType = "HASH" + or + name = "hmacwithsha512-224" and nid = 1193 and normalized = "SHA512224" and algType = "HASH" + or + name = "hmacwithsha512-256" and nid = 1194 and normalized = "SHA512256" and algType = "HASH" + or + name = "hmacwithsm3" and nid = 1281 and normalized = "SM3" and algType = "HASH" + or + name = "id-aes128-ccm" and + nid = 896 and + normalized = "AES128" and + algType = "SYMMETRIC_ENCRYPTION" + or + name = "id-aes128-ccm" and nid = 896 and normalized = "CCM" and algType = "BLOCK_MODE" + or + name = "id-aes128-gcm" and + nid = 895 and + normalized = "AES128" and + algType = "SYMMETRIC_ENCRYPTION" + or + name = "id-aes128-gcm" and nid = 895 and normalized = "GCM" and algType = "BLOCK_MODE" + or + name = "id-aes192-ccm" and + nid = 899 and + normalized = "AES192" and + algType = "SYMMETRIC_ENCRYPTION" + or + name = "id-aes192-ccm" and nid = 899 and normalized = "CCM" and algType = "BLOCK_MODE" + or + name = "id-aes192-gcm" and + nid = 898 and + normalized = "AES192" and + algType = "SYMMETRIC_ENCRYPTION" + or + name = "id-aes192-gcm" and nid = 898 and normalized = "GCM" and algType = "BLOCK_MODE" + or + name = "id-aes256-ccm" and + nid = 902 and + normalized = "AES256" and + algType = "SYMMETRIC_ENCRYPTION" + or + name = "id-aes256-ccm" and nid = 902 and normalized = "CCM" and algType = "BLOCK_MODE" + or + name = "id-aes256-gcm" and + nid = 901 and + normalized = "AES256" and + algType = "SYMMETRIC_ENCRYPTION" + or + name = "id-aes256-gcm" and nid = 901 and normalized = "GCM" and algType = "BLOCK_MODE" + or + name = "id-gost28147-89-cc" and + nid = 849 and + normalized = "GOST2814789" and + algType = "SYMMETRIC_ENCRYPTION" + or + name = "id-gost28147-89-cryptopro-a-paramset" and + nid = 824 and + normalized = "GOST2814789" and + algType = "SYMMETRIC_ENCRYPTION" + or + name = "id-gost28147-89-cryptopro-b-paramset" and + nid = 825 and + normalized = "GOST2814789" and + algType = "SYMMETRIC_ENCRYPTION" + or + name = "id-gost28147-89-cryptopro-c-paramset" and + nid = 826 and + normalized = "GOST2814789" and + algType = "SYMMETRIC_ENCRYPTION" + or + name = "id-gost28147-89-cryptopro-d-paramset" and + nid = 827 and + normalized = "GOST2814789" and + algType = "SYMMETRIC_ENCRYPTION" + or + name = "id-gost28147-89-cryptopro-keymeshing" and + nid = 819 and + normalized = "GOST2814789" and + algType = "SYMMETRIC_ENCRYPTION" + or + name = "id-gost28147-89-cryptopro-oscar-1-0-paramset" and + nid = 829 and + normalized = "GOST2814789" and + algType = "SYMMETRIC_ENCRYPTION" + or + name = "id-gost28147-89-cryptopro-oscar-1-1-paramset" and + nid = 828 and + normalized = "GOST2814789" and + algType = "SYMMETRIC_ENCRYPTION" + or + name = "id-gost28147-89-cryptopro-ric-1-paramset" and + nid = 830 and + normalized = "GOST2814789" and + algType = "SYMMETRIC_ENCRYPTION" + or + name = "id-gost28147-89-none-keymeshing" and + nid = 820 and + normalized = "GOST2814789" and + algType = "SYMMETRIC_ENCRYPTION" + or + name = "id-gost28147-89-testparamset" and + nid = 823 and + normalized = "GOST2814789" and + algType = "SYMMETRIC_ENCRYPTION" + or + name = "id-gostr3410-2001-cryptopro-a-paramset" and + nid = 840 and + normalized = "GOSTR34102001" and + algType = "SYMMETRIC_ENCRYPTION" + or + name = "id-gostr3410-2001-cryptopro-b-paramset" and + nid = 841 and + normalized = "GOSTR34102001" and + algType = "SYMMETRIC_ENCRYPTION" + or + name = "id-gostr3410-2001-cryptopro-c-paramset" and + nid = 842 and + normalized = "GOSTR34102001" and + algType = "SYMMETRIC_ENCRYPTION" + or + name = "id-gostr3410-2001-cryptopro-xcha-paramset" and + nid = 843 and + normalized = "GOSTR34102001" and + algType = "SYMMETRIC_ENCRYPTION" + or + name = "id-gostr3410-2001-cryptopro-xchb-paramset" and + nid = 844 and + normalized = "GOSTR34102001" and + algType = "SYMMETRIC_ENCRYPTION" + or + name = "id-gostr3410-2001-paramset-cc" and + nid = 854 and + normalized = "GOSTR34102001" and + algType = "SYMMETRIC_ENCRYPTION" + or + name = "id-gostr3410-2001-testparamset" and + nid = 839 and + normalized = "GOSTR34102001" and + algType = "SYMMETRIC_ENCRYPTION" + or + name = "id-gostr3410-2001dh" and + nid = 817 and + normalized = "GOSTR34102001" and + algType = "SYMMETRIC_ENCRYPTION" + or + name = "id-gostr3410-94-a" and + nid = 845 and + normalized = "GOSTR341094" and + algType = "SYMMETRIC_ENCRYPTION" + or + name = "id-gostr3410-94-abis" and + nid = 846 and + normalized = "GOSTR341094" and + algType = "SYMMETRIC_ENCRYPTION" + or + name = "id-gostr3410-94-b" and + nid = 847 and + normalized = "GOSTR341094" and + algType = "SYMMETRIC_ENCRYPTION" + or + name = "id-gostr3410-94-bbis" and + nid = 848 and + normalized = "GOSTR341094" and + algType = "SYMMETRIC_ENCRYPTION" + or + name = "id-gostr3410-94-cryptopro-a-paramset" and + nid = 832 and + normalized = "GOSTR341094" and + algType = "SYMMETRIC_ENCRYPTION" + or + name = "id-gostr3410-94-cryptopro-b-paramset" and + nid = 833 and + normalized = "GOSTR341094" and + algType = "SYMMETRIC_ENCRYPTION" + or + name = "id-gostr3410-94-cryptopro-c-paramset" and + nid = 834 and + normalized = "GOSTR341094" and + algType = "SYMMETRIC_ENCRYPTION" + or + name = "id-gostr3410-94-cryptopro-d-paramset" and + nid = 835 and + normalized = "GOSTR341094" and + algType = "SYMMETRIC_ENCRYPTION" + or + name = "id-gostr3410-94-cryptopro-xcha-paramset" and + nid = 836 and + normalized = "GOSTR341094" and + algType = "SYMMETRIC_ENCRYPTION" + or + name = "id-gostr3410-94-cryptopro-xchb-paramset" and + nid = 837 and + normalized = "GOSTR341094" and + algType = "SYMMETRIC_ENCRYPTION" + or + name = "id-gostr3410-94-cryptopro-xchc-paramset" and + nid = 838 and + normalized = "GOSTR341094" and + algType = "SYMMETRIC_ENCRYPTION" + or + name = "id-gostr3410-94-testparamset" and + nid = 831 and + normalized = "GOSTR341094" and + algType = "SYMMETRIC_ENCRYPTION" + or + name = "id-gostr3410-94dh" and + nid = 818 and + normalized = "GOSTR341094" and + algType = "SYMMETRIC_ENCRYPTION" + or + name = "id-gostr3411-94-cryptoproparamset" and + nid = 822 and + normalized = "GOSTR341194" and + algType = "SYMMETRIC_ENCRYPTION" + or + name = "id-gostr3411-94-testparamset" and + nid = 821 and + normalized = "GOSTR341194" and + algType = "SYMMETRIC_ENCRYPTION" + or + name = "id-gostr3411-94-with-gostr3410-2001" and + nid = 807 and + normalized = "GOSTR34102001" and + algType = "SYMMETRIC_ENCRYPTION" + or + name = "id-gostr3411-94-with-gostr3410-2001-cc" and + nid = 853 and + normalized = "GOSTR34102001" and + algType = "SYMMETRIC_ENCRYPTION" + or + name = "id-gostr3411-94-with-gostr3410-94" and + nid = 808 and + normalized = "GOSTR341094" and + algType = "SYMMETRIC_ENCRYPTION" + or + name = "id-gostr3411-94-with-gostr3410-94" and + nid = 808 and + normalized = "GOSTR341194" and + algType = "SYMMETRIC_ENCRYPTION" + or + name = "id-gostr3411-94-with-gostr3410-94-cc" and + nid = 852 and + normalized = "GOSTR341094" and + algType = "SYMMETRIC_ENCRYPTION" + or + name = "id-gostr3411-94-with-gostr3410-94-cc" and + nid = 852 and + normalized = "GOSTR341194" and + algType = "SYMMETRIC_ENCRYPTION" + or + name = "id-hmacgostr3411-94" and + nid = 810 and + normalized = "GOSTR341194" and + algType = "SYMMETRIC_ENCRYPTION" + or + name = "id-hmacwithsha3-224" and nid = 1102 and normalized = "SHA3224" and algType = "HASH" + or + name = "id-hmacwithsha3-256" and nid = 1103 and normalized = "SHA3256" and algType = "HASH" + or + name = "id-hmacwithsha3-384" and nid = 1104 and normalized = "SHA3384" and algType = "HASH" + or + name = "id-hmacwithsha3-512" and nid = 1105 and normalized = "SHA3512" and algType = "HASH" + or + name = "id-regctrl" and nid = 313 and normalized = "CTR" and algType = "BLOCK_MODE" + or + name = "id-smime-alg-3deswrap" and + nid = 243 and + normalized = "3DES" and + algType = "SYMMETRIC_ENCRYPTION" + or + name = "id-smime-alg-cms3deswrap" and nid = 246 and normalized = "GCM" and algType = "BLOCK_MODE" + or + name = "id-smime-alg-cms3deswrap" and + nid = 246 and + normalized = "3DES" and + algType = "SYMMETRIC_ENCRYPTION" + or + name = "id-smime-alg-cmsrc2wrap" and + nid = 247 and + normalized = "RC2" and + algType = "SYMMETRIC_ENCRYPTION" + or + name = "id-smime-alg-cmsrc2wrap" and nid = 247 and normalized = "GCM" and algType = "BLOCK_MODE" + or + name = "id-smime-alg-esdhwith3des" and + nid = 241 and + normalized = "3DES" and + algType = "SYMMETRIC_ENCRYPTION" + or + name = "id-smime-alg-esdhwithrc2" and + nid = 242 and + normalized = "RC2" and + algType = "SYMMETRIC_ENCRYPTION" + or + name = "id-smime-alg-rc2wrap" and + nid = 244 and + normalized = "RC2" and + algType = "SYMMETRIC_ENCRYPTION" + or + name = "id-tc26-gost-28147-param-z" and + nid = 1003 and + normalized = "GOST28147" and + algType = "SYMMETRIC_ENCRYPTION" + or + name = "id-tc26-gost-3410-2012-256-paramseta" and + nid = 1148 and + normalized = "GOST34102012" and + algType = "SYMMETRIC_ENCRYPTION" + or + name = "id-tc26-gost-3410-2012-256-paramsetb" and + nid = 1184 and + normalized = "GOST34102012" and + algType = "SYMMETRIC_ENCRYPTION" + or + name = "id-tc26-gost-3410-2012-256-paramsetc" and + nid = 1185 and + normalized = "GOST34102012" and + algType = "SYMMETRIC_ENCRYPTION" + or + name = "id-tc26-gost-3410-2012-256-paramsetd" and + nid = 1186 and + normalized = "GOST34102012" and + algType = "SYMMETRIC_ENCRYPTION" + or + name = "id-tc26-gost-3410-2012-512-paramseta" and + nid = 998 and + normalized = "GOST34102012" and + algType = "SYMMETRIC_ENCRYPTION" + or + name = "id-tc26-gost-3410-2012-512-paramsetb" and + nid = 999 and + normalized = "GOST34102012" and + algType = "SYMMETRIC_ENCRYPTION" + or + name = "id-tc26-gost-3410-2012-512-paramsetc" and + nid = 1149 and + normalized = "GOST34102012" and + algType = "SYMMETRIC_ENCRYPTION" + or + name = "id-tc26-gost-3410-2012-512-paramsettest" and + nid = 997 and + normalized = "GOST34102012" and + algType = "SYMMETRIC_ENCRYPTION" + or + name = "kxecdhe" and nid = 1038 and normalized = "ECDH" and algType = "KEY_EXCHANGE" + or + name = "kxecdhe-psk" and nid = 1040 and normalized = "ECDH" and algType = "KEY_EXCHANGE" + or + name = "kxgost" and nid = 1045 and normalized = "GOST" and algType = "SYMMETRIC_ENCRYPTION" + or + name = "kxgost18" and nid = 1218 and normalized = "GOST" and algType = "SYMMETRIC_ENCRYPTION" + or + name = "kxrsa" and nid = 1037 and normalized = "RSA" and algType = "ASYMMETRIC_ENCRYPTION" + or + name = "kxrsa_psk" and nid = 1042 and normalized = "RSA" and algType = "ASYMMETRIC_ENCRYPTION" + or + name = "md2withrsaencryption" and + nid = 7 and + normalized = "RSA" and + algType = "ASYMMETRIC_ENCRYPTION" + or + name = "md2withrsaencryption" and nid = 7 and normalized = "MD2" and algType = "HASH" + or + name = "md4withrsaencryption" and + nid = 396 and + normalized = "RSA" and + algType = "ASYMMETRIC_ENCRYPTION" + or + name = "md4withrsaencryption" and nid = 396 and normalized = "MD4" and algType = "HASH" + or + name = "md5withrsa" and nid = 104 and normalized = "RSA" and algType = "ASYMMETRIC_ENCRYPTION" + or + name = "md5withrsa" and nid = 104 and normalized = "MD5" and algType = "HASH" + or + name = "md5withrsaencryption" and + nid = 8 and + normalized = "RSA" and + algType = "ASYMMETRIC_ENCRYPTION" + or + name = "md5withrsaencryption" and nid = 8 and normalized = "MD5" and algType = "HASH" + or + name = "mdc2withrsa" and nid = 96 and normalized = "RSA" and algType = "ASYMMETRIC_ENCRYPTION" + or + name = "mdc2withrsa" and nid = 96 and normalized = "MDC2" and algType = "HASH" + or + name = "pbe-md2-des" and nid = 9 and normalized = "MD2" and algType = "HASH" + or + name = "pbe-md2-des" and nid = 9 and normalized = "2DES" and algType = "SYMMETRIC_ENCRYPTION" + or + name = "pbe-md2-rc2-64" and nid = 168 and normalized = "RC2" and algType = "SYMMETRIC_ENCRYPTION" + or + name = "pbe-md2-rc2-64" and nid = 168 and normalized = "MD2" and algType = "HASH" + or + name = "pbe-md5-des" and nid = 10 and normalized = "MD5" and algType = "HASH" + or + name = "pbe-md5-des" and nid = 10 and normalized = "DES" and algType = "SYMMETRIC_ENCRYPTION" + or + name = "pbe-md5-rc2-64" and nid = 169 and normalized = "MD5" and algType = "HASH" + or + name = "pbe-md5-rc2-64" and nid = 169 and normalized = "RC2" and algType = "SYMMETRIC_ENCRYPTION" + or + name = "pbe-sha1-2des" and nid = 147 and normalized = "SHA1" and algType = "HASH" + or + name = "pbe-sha1-2des" and nid = 147 and normalized = "2DES" and algType = "SYMMETRIC_ENCRYPTION" + or + name = "pbe-sha1-3des" and nid = 146 and normalized = "SHA1" and algType = "HASH" + or + name = "pbe-sha1-3des" and nid = 146 and normalized = "3DES" and algType = "SYMMETRIC_ENCRYPTION" + or + name = "pbe-sha1-des" and nid = 170 and normalized = "SHA1" and algType = "HASH" + or + name = "pbe-sha1-des" and nid = 170 and normalized = "DES" and algType = "SYMMETRIC_ENCRYPTION" + or + name = "pbe-sha1-rc2-128" and nid = 148 and normalized = "SHA1" and algType = "HASH" + or + name = "pbe-sha1-rc2-128" and + nid = 148 and + normalized = "RC2" and + algType = "SYMMETRIC_ENCRYPTION" + or + name = "pbe-sha1-rc2-40" and nid = 149 and normalized = "SHA1" and algType = "HASH" + or + name = "pbe-sha1-rc2-40" and nid = 149 and normalized = "RC2" and algType = "SYMMETRIC_ENCRYPTION" + or + name = "pbe-sha1-rc2-64" and nid = 68 and normalized = "SHA1" and algType = "HASH" + or + name = "pbe-sha1-rc2-64" and nid = 68 and normalized = "RC2" and algType = "SYMMETRIC_ENCRYPTION" + or + name = "pbe-sha1-rc4-128" and nid = 144 and normalized = "SHA1" and algType = "HASH" + or + name = "pbe-sha1-rc4-128" and + nid = 144 and + normalized = "RC4" and + algType = "SYMMETRIC_ENCRYPTION" + or + name = "pbe-sha1-rc4-40" and nid = 145 and normalized = "SHA1" and algType = "HASH" + or + name = "pbe-sha1-rc4-40" and nid = 145 and normalized = "RC4" and algType = "SYMMETRIC_ENCRYPTION" + or + name = "pbewithmd2anddes-cbc" and + nid = 9 and + normalized = "DES" and + algType = "SYMMETRIC_ENCRYPTION" + or + name = "pbewithmd2anddes-cbc" and nid = 9 and normalized = "CBC" and algType = "BLOCK_MODE" + or + name = "pbewithmd2anddes-cbc" and nid = 9 and normalized = "MD2" and algType = "HASH" + or + name = "pbewithmd2andrc2-cbc" and + nid = 168 and + normalized = "RC2" and + algType = "SYMMETRIC_ENCRYPTION" + or + name = "pbewithmd2andrc2-cbc" and nid = 168 and normalized = "CBC" and algType = "BLOCK_MODE" + or + name = "pbewithmd2andrc2-cbc" and nid = 168 and normalized = "MD2" and algType = "HASH" + or + name = "pbewithmd5andcast5cbc" and nid = 112 and normalized = "MD5" and algType = "HASH" + or + name = "pbewithmd5andcast5cbc" and nid = 112 and normalized = "CBC" and algType = "BLOCK_MODE" + or + name = "pbewithmd5andcast5cbc" and + nid = 112 and + normalized = "CAST5" and + algType = "SYMMETRIC_ENCRYPTION" + or + name = "pbewithmd5anddes-cbc" and nid = 10 and normalized = "MD5" and algType = "HASH" + or + name = "pbewithmd5anddes-cbc" and + nid = 10 and + normalized = "DES" and + algType = "SYMMETRIC_ENCRYPTION" + or + name = "pbewithmd5anddes-cbc" and nid = 10 and normalized = "CBC" and algType = "BLOCK_MODE" + or + name = "pbewithmd5andrc2-cbc" and nid = 169 and normalized = "MD5" and algType = "HASH" + or + name = "pbewithmd5andrc2-cbc" and + nid = 169 and + normalized = "RC2" and + algType = "SYMMETRIC_ENCRYPTION" + or + name = "pbewithmd5andrc2-cbc" and nid = 169 and normalized = "CBC" and algType = "BLOCK_MODE" + or + name = "pbewithsha1and128bitrc2-cbc" and nid = 148 and normalized = "SHA1" and algType = "HASH" + or + name = "pbewithsha1and128bitrc2-cbc" and + nid = 148 and + normalized = "RC2" and + algType = "SYMMETRIC_ENCRYPTION" + or + name = "pbewithsha1and128bitrc2-cbc" and + nid = 148 and + normalized = "CBC" and + algType = "BLOCK_MODE" + or + name = "pbewithsha1and128bitrc4" and nid = 144 and normalized = "SHA1" and algType = "HASH" + or + name = "pbewithsha1and128bitrc4" and + nid = 144 and + normalized = "RC4" and + algType = "SYMMETRIC_ENCRYPTION" + or + name = "pbewithsha1and2-keytripledes-cbc" and + nid = 147 and + normalized = "SHA1" and + algType = "HASH" + or + name = "pbewithsha1and2-keytripledes-cbc" and + nid = 147 and + normalized = "CBC" and + algType = "BLOCK_MODE" + or + name = "pbewithsha1and2-keytripledes-cbc" and + nid = 147 and + normalized = "TRIPLEDES" and + algType = "SYMMETRIC_ENCRYPTION" + or + name = "pbewithsha1and3-keytripledes-cbc" and + nid = 146 and + normalized = "SHA1" and + algType = "HASH" + or + name = "pbewithsha1and3-keytripledes-cbc" and + nid = 146 and + normalized = "CBC" and + algType = "BLOCK_MODE" + or + name = "pbewithsha1and3-keytripledes-cbc" and + nid = 146 and + normalized = "TRIPLEDES" and + algType = "SYMMETRIC_ENCRYPTION" + or + name = "pbewithsha1and40bitrc2-cbc" and nid = 149 and normalized = "SHA1" and algType = "HASH" + or + name = "pbewithsha1and40bitrc2-cbc" and + nid = 149 and + normalized = "RC2" and + algType = "SYMMETRIC_ENCRYPTION" + or + name = "pbewithsha1and40bitrc2-cbc" and + nid = 149 and + normalized = "CBC" and + algType = "BLOCK_MODE" + or + name = "pbewithsha1and40bitrc4" and nid = 145 and normalized = "SHA1" and algType = "HASH" + or + name = "pbewithsha1and40bitrc4" and + nid = 145 and + normalized = "RC4" and + algType = "SYMMETRIC_ENCRYPTION" + or + name = "pbewithsha1anddes-cbc" and nid = 170 and normalized = "SHA1" and algType = "HASH" + or + name = "pbewithsha1anddes-cbc" and + nid = 170 and + normalized = "DES" and + algType = "SYMMETRIC_ENCRYPTION" + or + name = "pbewithsha1anddes-cbc" and nid = 170 and normalized = "CBC" and algType = "BLOCK_MODE" + or + name = "pbewithsha1andrc2-cbc" and nid = 68 and normalized = "SHA1" and algType = "HASH" + or + name = "pbewithsha1andrc2-cbc" and + nid = 68 and + normalized = "RC2" and + algType = "SYMMETRIC_ENCRYPTION" + or + name = "pbewithsha1andrc2-cbc" and nid = 68 and normalized = "CBC" and algType = "BLOCK_MODE" + or + name = "pilotdsa" and nid = 456 and normalized = "DSA" and algType = "SIGNATURE" + or + name = "pkcs7-digestdata" and nid = 25 and normalized = "PKCS7" and algType = "SYMMETRIC_PADDING" + or + name = "pkcs7-encrypteddata" and + nid = 26 and + normalized = "PKCS7" and + algType = "SYMMETRIC_PADDING" + or + name = "pkcs7-envelopeddata" and + nid = 23 and + normalized = "PKCS7" and + algType = "SYMMETRIC_PADDING" + or + name = "pkcs7-signedandenvelopeddata" and + nid = 24 and + normalized = "PKCS7" and + algType = "SYMMETRIC_PADDING" + or + name = "pkcs7-signeddata" and nid = 22 and normalized = "PKCS7" and algType = "SYMMETRIC_PADDING" + or + name = "ripemd160withrsa" and + nid = 119 and + normalized = "RSA" and + algType = "ASYMMETRIC_ENCRYPTION" + or + name = "ripemd160withrsa" and nid = 119 and normalized = "RIPEMD160" and algType = "HASH" + or + name = "rsa-md2" and nid = 7 and normalized = "RSA" and algType = "ASYMMETRIC_ENCRYPTION" + or + name = "rsa-md2" and nid = 7 and normalized = "MD2" and algType = "HASH" + or + name = "rsa-md4" and nid = 396 and normalized = "RSA" and algType = "ASYMMETRIC_ENCRYPTION" + or + name = "rsa-md4" and nid = 396 and normalized = "MD4" and algType = "HASH" + or + name = "rsa-md5" and nid = 8 and normalized = "RSA" and algType = "ASYMMETRIC_ENCRYPTION" + or + name = "rsa-md5" and nid = 8 and normalized = "MD5" and algType = "HASH" + or + name = "rsa-mdc2" and nid = 96 and normalized = "RSA" and algType = "ASYMMETRIC_ENCRYPTION" + or + name = "rsa-mdc2" and nid = 96 and normalized = "MDC2" and algType = "HASH" + or + name = "rsa-np-md5" and nid = 104 and normalized = "RSA" and algType = "ASYMMETRIC_ENCRYPTION" + or + name = "rsa-np-md5" and nid = 104 and normalized = "MD5" and algType = "HASH" + or + name = "rsa-ripemd160" and nid = 119 and normalized = "RSA" and algType = "ASYMMETRIC_ENCRYPTION" + or + name = "rsa-ripemd160" and nid = 119 and normalized = "RIPEMD160" and algType = "HASH" + or + name = "rsa-sha" and nid = 42 and normalized = "RSA" and algType = "ASYMMETRIC_ENCRYPTION" + or + name = "rsa-sha" and nid = 42 and normalized = "SHA" and algType = "HASH" + or + name = "rsa-sha1" and nid = 65 and normalized = "RSA" and algType = "ASYMMETRIC_ENCRYPTION" + or + name = "rsa-sha1" and nid = 65 and normalized = "SHA1" and algType = "HASH" + or + name = "rsa-sha1-2" and nid = 115 and normalized = "RSA" and algType = "ASYMMETRIC_ENCRYPTION" + or + name = "rsa-sha1-2" and nid = 115 and normalized = "SHA1" and algType = "HASH" + or + name = "rsa-sha224" and nid = 671 and normalized = "RSA" and algType = "ASYMMETRIC_ENCRYPTION" + or + name = "rsa-sha224" and nid = 671 and normalized = "SHA224" and algType = "HASH" + or + name = "rsa-sha256" and nid = 668 and normalized = "RSA" and algType = "ASYMMETRIC_ENCRYPTION" + or + name = "rsa-sha256" and nid = 668 and normalized = "SHA256" and algType = "HASH" + or + name = "rsa-sha3-224" and nid = 1116 and normalized = "RSA" and algType = "ASYMMETRIC_ENCRYPTION" + or + name = "rsa-sha3-224" and nid = 1116 and normalized = "SHA3224" and algType = "HASH" + or + name = "rsa-sha3-256" and nid = 1117 and normalized = "RSA" and algType = "ASYMMETRIC_ENCRYPTION" + or + name = "rsa-sha3-256" and nid = 1117 and normalized = "SHA3256" and algType = "HASH" + or + name = "rsa-sha3-384" and nid = 1118 and normalized = "RSA" and algType = "ASYMMETRIC_ENCRYPTION" + or + name = "rsa-sha3-384" and nid = 1118 and normalized = "SHA3384" and algType = "HASH" + or + name = "rsa-sha3-512" and nid = 1119 and normalized = "RSA" and algType = "ASYMMETRIC_ENCRYPTION" + or + name = "rsa-sha3-512" and nid = 1119 and normalized = "SHA3512" and algType = "HASH" + or + name = "rsa-sha384" and nid = 669 and normalized = "RSA" and algType = "ASYMMETRIC_ENCRYPTION" + or + name = "rsa-sha384" and nid = 669 and normalized = "SHA384" and algType = "HASH" + or + name = "rsa-sha512" and nid = 670 and normalized = "RSA" and algType = "ASYMMETRIC_ENCRYPTION" + or + name = "rsa-sha512" and nid = 670 and normalized = "SHA512" and algType = "HASH" + or + name = "rsa-sha512/224" and + nid = 1145 and + normalized = "RSA" and + algType = "ASYMMETRIC_ENCRYPTION" + or + name = "rsa-sha512/224" and nid = 1145 and normalized = "SHA512224" and algType = "HASH" + or + name = "rsa-sha512/256" and + nid = 1146 and + normalized = "RSA" and + algType = "ASYMMETRIC_ENCRYPTION" + or + name = "rsa-sha512/256" and nid = 1146 and normalized = "SHA512256" and algType = "HASH" + or + name = "rsa-sm3" and nid = 1144 and normalized = "RSA" and algType = "ASYMMETRIC_ENCRYPTION" + or + name = "rsa-sm3" and nid = 1144 and normalized = "SM3" and algType = "HASH" + or + name = "rsaencryption" and nid = 6 and normalized = "RSA" and algType = "ASYMMETRIC_ENCRYPTION" + or + name = "rsaes-oaep" and nid = 919 and normalized = "RSA" and algType = "ASYMMETRIC_ENCRYPTION" + or + name = "rsaes-oaep" and nid = 919 and normalized = "AES" and algType = "SYMMETRIC_ENCRYPTION" + or + name = "rsaes-oaep" and nid = 919 and normalized = "OAEP" and algType = "ASYMMETRIC_PADDING" + or + name = "rsaesoaep" and nid = 919 and normalized = "RSA" and algType = "ASYMMETRIC_ENCRYPTION" + or + name = "rsaesoaep" and nid = 919 and normalized = "AES" and algType = "SYMMETRIC_ENCRYPTION" + or + name = "rsaesoaep" and nid = 919 and normalized = "OAEP" and algType = "ASYMMETRIC_PADDING" + or + name = "rsaoaepencryptionset" and + nid = 644 and + normalized = "RSA" and + algType = "ASYMMETRIC_ENCRYPTION" + or + name = "rsaoaepencryptionset" and + nid = 644 and + normalized = "OAEP" and + algType = "ASYMMETRIC_PADDING" + or + name = "rsasignature" and nid = 377 and normalized = "RSA" and algType = "ASYMMETRIC_ENCRYPTION" + or + name = "rsassa-pss" and nid = 912 and normalized = "RSA" and algType = "ASYMMETRIC_ENCRYPTION" + or + name = "rsassa-pss" and nid = 912 and normalized = "PSS" and algType = "ASYMMETRIC_PADDING" + or + name = "rsassapss" and nid = 912 and normalized = "RSA" and algType = "ASYMMETRIC_ENCRYPTION" + or + name = "rsassapss" and nid = 912 and normalized = "PSS" and algType = "ASYMMETRIC_PADDING" + or + name = "sha1withrsa" and nid = 115 and normalized = "RSA" and algType = "ASYMMETRIC_ENCRYPTION" + or + name = "sha1withrsa" and nid = 115 and normalized = "SHA1" and algType = "HASH" + or + name = "sha1withrsaencryption" and + nid = 65 and + normalized = "RSA" and + algType = "ASYMMETRIC_ENCRYPTION" + or + name = "sha1withrsaencryption" and nid = 65 and normalized = "SHA1" and algType = "HASH" + or + name = "sha224withrsaencryption" and + nid = 671 and + normalized = "RSA" and + algType = "ASYMMETRIC_ENCRYPTION" + or + name = "sha224withrsaencryption" and nid = 671 and normalized = "SHA224" and algType = "HASH" + or + name = "sha256withrsaencryption" and + nid = 668 and + normalized = "RSA" and + algType = "ASYMMETRIC_ENCRYPTION" + or + name = "sha256withrsaencryption" and nid = 668 and normalized = "SHA256" and algType = "HASH" + or + name = "sha384withrsaencryption" and + nid = 669 and + normalized = "RSA" and + algType = "ASYMMETRIC_ENCRYPTION" + or + name = "sha384withrsaencryption" and nid = 669 and normalized = "SHA384" and algType = "HASH" + or + name = "sha512-224withrsaencryption" and + nid = 1145 and + normalized = "RSA" and + algType = "ASYMMETRIC_ENCRYPTION" + or + name = "sha512-224withrsaencryption" and + nid = 1145 and + normalized = "SHA512224" and + algType = "HASH" + or + name = "sha512-256withrsaencryption" and + nid = 1146 and + normalized = "RSA" and + algType = "ASYMMETRIC_ENCRYPTION" + or + name = "sha512-256withrsaencryption" and + nid = 1146 and + normalized = "SHA512256" and + algType = "HASH" + or + name = "sha512withrsaencryption" and + nid = 670 and + normalized = "RSA" and + algType = "ASYMMETRIC_ENCRYPTION" + or + name = "sha512withrsaencryption" and nid = 670 and normalized = "SHA512" and algType = "HASH" + or + name = "shawithrsaencryption" and + nid = 42 and + normalized = "RSA" and + algType = "ASYMMETRIC_ENCRYPTION" + or + name = "shawithrsaencryption" and nid = 42 and normalized = "SHA" and algType = "HASH" + or + name = "sm2" and nid = 1172 and normalized = "SM2" and algType = "ELLIPTIC_CURVE" + or + name = "sm2-sm3" and nid = 1204 and normalized = "SM3" and algType = "HASH" + or + name = "sm2-sm3" and nid = 1204 and normalized = "SM2" and algType = "ELLIPTIC_CURVE" + or + name = "sm2-with-sm3" and nid = 1204 and normalized = "SM3" and algType = "HASH" + or + name = "sm2-with-sm3" and nid = 1204 and normalized = "SM2" and algType = "ELLIPTIC_CURVE" + or + name = "sm3withrsaencryption" and + nid = 1144 and + normalized = "RSA" and + algType = "ASYMMETRIC_ENCRYPTION" + or + name = "sm3withrsaencryption" and nid = 1144 and normalized = "SM3" and algType = "HASH" } diff --git a/cpp/ql/lib/experimental/cryptography/utils/OpenSSL/CryptoFunction.qll b/cpp/ql/lib/experimental/cryptography/utils/OpenSSL/CryptoFunction.qll index b46e8cd909d..2c46a7c0674 100644 --- a/cpp/ql/lib/experimental/cryptography/utils/OpenSSL/CryptoFunction.qll +++ b/cpp/ql/lib/experimental/cryptography/utils/OpenSSL/CryptoFunction.qll @@ -2,37 +2,33 @@ import cpp import experimental.cryptography.utils.OpenSSL.LibraryFunction import experimental.cryptography.CryptoAlgorithmNames -predicate inferredOpenSSLCryptoFunctionCall(Call c , string normalized, string algType){ - inferredOpenSSLCryptoFunction(c.getTarget(), normalized, algType) +predicate inferredOpenSSLCryptoFunctionCall(Call c, string normalized, string algType) { + inferredOpenSSLCryptoFunction(c.getTarget(), normalized, algType) } -predicate inferredOpenSSLCryptoFunction(Function f, string normalized, string algType){ - isPossibleOpenSSLFunction(f) and - normalizeFunctionName(f, algType) = normalized +predicate inferredOpenSSLCryptoFunction(Function f, string normalized, string algType) { + isPossibleOpenSSLFunction(f) and + normalizeFunctionName(f, algType) = normalized } - -predicate isOpenSSLCryptoFunction(Function f, string normalized, string algType){ - // NOTE: relying on inference as there are thousands of functions for crypto - // enumerating them all and maintaining the list seems problematic. - // For now, we will rely on dynamically inferring algorithms for function names. - // This has been seen to be reasonably efficient and accurate. - inferredOpenSSLCryptoFunction(f, normalized, algType) +predicate isOpenSSLCryptoFunction(Function f, string normalized, string algType) { + // NOTE: relying on inference as there are thousands of functions for crypto + // enumerating them all and maintaining the list seems problematic. + // For now, we will rely on dynamically inferring algorithms for function names. + // This has been seen to be reasonably efficient and accurate. + inferredOpenSSLCryptoFunction(f, normalized, algType) } -predicate isOpenSSLCryptoFunctionCall(Call c, string normalized, string algType){ - isOpenSSLCryptoFunction(c.getTarget(), normalized, algType) +predicate isOpenSSLCryptoFunctionCall(Call c, string normalized, string algType) { + isOpenSSLCryptoFunction(c.getTarget(), normalized, algType) } - private string basicNormalizeFunctionName(Function f, string algType) { - isPossibleOpenSSLFunction(f) and - isKnownAlgorithm(result, algType) and - exists(string normStr | - normStr = f.getName().toUpperCase().regexpReplaceAll("[-_ ]|/", "") - | - normStr.matches("%" + result + "%") - ) + isPossibleOpenSSLFunction(f) and + isKnownAlgorithm(result, algType) and + exists(string normStr | normStr = f.getName().toUpperCase().regexpReplaceAll("[-_ ]|/", "") | + normStr.matches("%" + result + "%") + ) } /** @@ -42,71 +38,84 @@ private string basicNormalizeFunctionName(Function f, string algType) { * string (max in terms of string length) e.g., matching AES128 to AES128 and not simply AES. * * An unknown algorithm is only identified if there exists no known algorithm found for any algorithm type. - * - * `f` is the function name to normalize. + * + * `f` is the function name to normalize. * `algType` is a string representing the classification of the algorithm (see `CryptoAlgorithmNames`) */ private string privateNormalizeFunctionName(Function f, string algType) { - isPossibleOpenSSLFunction(f) and - ( - result = basicNormalizeFunctionName(f, algType) - ) and - not exists(string res2 | + isPossibleOpenSSLFunction(f) and + result = basicNormalizeFunctionName(f, algType) and + not exists(string res2 | result != res2 and res2 = basicNormalizeFunctionName(f, algType) and res2.length() > result.length() - ) + ) } - /** * Normalizes a function name to a known algorithm name, similar to `normalizeName`. * A function is not, however, allowed to be UNKNOWN. The function either * normalizes to a known algorithm name, or the predicate does not hold (no result). - * + * * The predicate attempts to restrict normalization to what looks like an openssl * library by looking for functions only in an openssl path (see `isPossibleOpenSSLFunction`). - * This may give false postive functions if a directory erronously appears to be openssl; + * This may give false postive functions if a directory erronously appears to be openssl; * however, we take the stance that if a function * exists strongly mapping to a known function name in a directory such as these, * regardless of whether its actually a part of openSSL or not, we will analyze it as though it were. */ private string normalizeFunctionName(Function f, string algType) { - algType != "UNKNOWN" and - isPossibleOpenSSLFunction(f) and - result = privateNormalizeFunctionName(f, algType) and - // Addressing false positives - // For algorithm names less than or equal to 4, we must see the algorithm name - // in the original function as upper case (it can't be split between tokens) - // One exception found is DES_xcbc_encrypt, this is DESX - ((result.length() <= 4 and result != "DESX") implies (f.getName().toUpperCase().matches("%" + result + "%"))) - and - ((result.length() <= 4 and result = "DESX") implies (f.getName().toUpperCase().matches("%DESX%") or f.getName().toUpperCase().matches("%DES_X%"))) - and - // (result.length() <= 3 implies (not f.getName().toUpperCase().regexpMatch(".*" + result + "[a-zA-Z0-9].*|.*[a-zA-Z0-9]" + result + ".*"))) - // and - // DES specific false positives - (result.matches("DES") implies (not f.getName().toUpperCase().regexpMatch(".*DES[a-zA-Z0-9].*|.*[a-zA-Z0-9]DES.*"))) - and - // ((result.matches("%DES%")) implies not exists(string s | s in ["DESCRIBE", "DESTROY", "DESCRIPTION", "DESCRIPTOR", "NODES"] | - // f.getName().toUpperCase().matches("%" + s + "%"))) and - // SEED specific false positives - ((result.matches("SEED")) implies not exists(string s | s in ["SEED_SRC_GENERATE", "RAND","NEW_SEED", "GEN_SEED", "SEED_GEN", "SET_SEED", "GET_SEED", "GET0_SEED", "RESEED", "SEEDING"] | - f.getName().toUpperCase().matches("%" + s + "%"))) and - // ARIA specific false positives - ((result.matches("ARIA")) implies not f.getName().toUpperCase().matches("%VARIANT%")) and - // CTR false positives - ((result.matches("CTR") implies not f.getName().toUpperCase().matches("%CTRL%"))) and - // ES false positives (e.g., ES256 from AES256) - ((result.matches("ES%")) implies not f.getName().toUpperCase().matches("%AES%")) and - // RSA false positives - (((result.matches("RSA")) implies not f.getName().toUpperCase().matches("%UNIVERSAL%"))) - and - //rsaz functions deemed to be too low level, and can be ignored - not f.getLocation().getFile().getBaseName().matches("rsaz_exp.c") and - // General False positives - // Functions that 'get' do not set an algorithm, and therefore are considered ignorable - not f.getName().toLowerCase().matches("%get%") + algType != "UNKNOWN" and + isPossibleOpenSSLFunction(f) and + result = privateNormalizeFunctionName(f, algType) and + // Addressing false positives + // For algorithm names less than or equal to 4, we must see the algorithm name + // in the original function as upper case (it can't be split between tokens) + // One exception found is DES_xcbc_encrypt, this is DESX + ( + (result.length() <= 4 and result != "DESX") + implies + f.getName().toUpperCase().matches("%" + result + "%") + ) and + ( + (result.length() <= 4 and result = "DESX") + implies + (f.getName().toUpperCase().matches("%DESX%") or f.getName().toUpperCase().matches("%DES_X%")) + ) and + // (result.length() <= 3 implies (not f.getName().toUpperCase().regexpMatch(".*" + result + "[a-zA-Z0-9].*|.*[a-zA-Z0-9]" + result + ".*"))) + // and + // DES specific false positives + ( + result.matches("DES") + implies + not f.getName().toUpperCase().regexpMatch(".*DES[a-zA-Z0-9].*|.*[a-zA-Z0-9]DES.*") + ) and + // ((result.matches("%DES%")) implies not exists(string s | s in ["DESCRIBE", "DESTROY", "DESCRIPTION", "DESCRIPTOR", "NODES"] | + // f.getName().toUpperCase().matches("%" + s + "%"))) and + // SEED specific false positives + ( + result.matches("SEED") + implies + not exists(string s | + s in [ + "SEED_SRC_GENERATE", "RAND", "NEW_SEED", "GEN_SEED", "SEED_GEN", "SET_SEED", "GET_SEED", + "GET0_SEED", "RESEED", "SEEDING" + ] + | + f.getName().toUpperCase().matches("%" + s + "%") + ) + ) and + // ARIA specific false positives + (result.matches("ARIA") implies not f.getName().toUpperCase().matches("%VARIANT%")) and + // CTR false positives + (result.matches("CTR") implies not f.getName().toUpperCase().matches("%CTRL%")) and + // ES false positives (e.g., ES256 from AES256) + (result.matches("ES%") implies not f.getName().toUpperCase().matches("%AES%")) and + // RSA false positives + (result.matches("RSA") implies not f.getName().toUpperCase().matches("%UNIVERSAL%")) and + //rsaz functions deemed to be too low level, and can be ignored + not f.getLocation().getFile().getBaseName().matches("rsaz_exp.c") and + // General False positives + // Functions that 'get' do not set an algorithm, and therefore are considered ignorable + not f.getName().toLowerCase().matches("%get%") } - - \ No newline at end of file diff --git a/cpp/ql/lib/experimental/cryptography/utils/OpenSSL/DataBuilders.qll b/cpp/ql/lib/experimental/cryptography/utils/OpenSSL/DataBuilders.qll index 12463dda5d4..ba83de34597 100644 --- a/cpp/ql/lib/experimental/cryptography/utils/OpenSSL/DataBuilders.qll +++ b/cpp/ql/lib/experimental/cryptography/utils/OpenSSL/DataBuilders.qll @@ -1,21 +1,18 @@ /** * This file contains predicates create to build up initial data sets for OpenSSL * predicates. E.g., These predicates were used to assist in associating all - * openSSL functions with their known crypto algorithms. + * openSSL functions with their known crypto algorithms. */ import cpp import experimental.cryptography.CryptoAlgorithmNames import experimental.cryptography.utils.OpenSSL.CryptoFunction - private string basicNormalizeFunctionName(Function f, string algType) { - isKnownAlgorithm(result, algType) and - exists(string normStr | - normStr = f.getName().toUpperCase().regexpReplaceAll("[-_ ]|/", "") - | - normStr.matches("%" + result + "%") - ) + isKnownAlgorithm(result, algType) and + exists(string normStr | normStr = f.getName().toUpperCase().regexpReplaceAll("[-_ ]|/", "") | + normStr.matches("%" + result + "%") + ) } /** @@ -25,14 +22,12 @@ private string basicNormalizeFunctionName(Function f, string algType) { * string (max in terms of string length) e.g., matching AES128 to AES128 and not simply AES. * * An unknown algorithm is only identified if there exists no known algorithm found for any algorithm type. - * - * `f` is the function name to normalize. + * + * `f` is the function name to normalize. * `algType` is a string representing the classification of the algorithm (see `CryptoAlgorithmNames`) */ private string privateNormalizeFunctionName(Function f, string algType) { - ( - result = basicNormalizeFunctionName(f, algType) - ) and + result = basicNormalizeFunctionName(f, algType) and not exists(string res2 | result != res2 and res2 = basicNormalizeFunctionName(f, algType) and @@ -40,56 +35,74 @@ private string privateNormalizeFunctionName(Function f, string algType) { ) and // Addressing bad normalization case-by-case // CASE: ES256 being identified when the algorithm is AES256 - (result.matches("ES256") implies not exists(string res2 | res2 = basicNormalizeFunctionName(f, _) and res2.matches("AES%"))) + ( + result.matches("ES256") + implies + not exists(string res2 | res2 = basicNormalizeFunctionName(f, _) and res2.matches("AES%")) + ) } - /** * Normalizes a function name to a known algorithm name, similar to `normalizeName`. * A function is not, however, allowed to be UNKNOWN. The function either * normalizes to a known algorithm name, or the predicate does not hold (no result). - * + * * The predicate attempts to restrict normalization to what looks like an openssl * library by looking for functions only in an openssl path (see `isPossibleOpenSSLFunction`). - * This may give false postive functions if a directory erronously appears to be openssl; + * This may give false postive functions if a directory erronously appears to be openssl; * however, we take the stance that if a function * exists strongly mapping to a known function name in a directory such as these, * regardless of whether its actually a part of openSSL or not, we will analyze it as though it were. */ string normalizeFunctionName(Function f, string algType) { - algType != "UNKNOWN" and - result = privateNormalizeFunctionName(f, algType) and - openSSLLibraryFunc(f) and - // Addressing false positives - // For algorithm names less than or equal to 4, we must see the algorithm name - // in the original function as upper case (it can't be split between tokens) - // One exception found is DES_xcbc_encrypt, this is DESX - ((result.length() <= 4 and result != "DESX") implies (f.getName().toUpperCase().matches("%" + result + "%"))) - and - ((result.length() <= 4 and result = "DESX") implies (f.getName().toUpperCase().matches("%DESX%") or f.getName().toUpperCase().matches("%DES_X%"))) - and - // (result.length() <= 3 implies (not f.getName().toUpperCase().regexpMatch(".*" + result + "[a-zA-Z0-9].*|.*[a-zA-Z0-9]" + result + ".*"))) - // and - // DES specific false positives - (result.matches("DES") implies (not f.getName().toUpperCase().regexpMatch(".*DES[a-zA-Z0-9].*|.*[a-zA-Z0-9]DES.*"))) - and - // ((result.matches("%DES%")) implies not exists(string s | s in ["DESCRIBE", "DESTROY", "DESCRIPTION", "DESCRIPTOR", "NODES"] | - // f.getName().toUpperCase().matches("%" + s + "%"))) and - // SEED specific false positives - ((result.matches("%SEED%")) implies not not exists(string s | s in ["NEW_SEED", "GEN_SEED", "SET_SEED", "GET_SEED", "GET0_SEED", "RESEED", "SEEDING"] | - f.getName().toUpperCase().matches("%" + s + "%"))) and - // ARIA specific false positives - ((result.matches("%ARIA%")) implies not f.getName().toUpperCase().matches("%VARIANT%")) + algType != "UNKNOWN" and + result = privateNormalizeFunctionName(f, algType) and + openSSLLibraryFunc(f) and + // Addressing false positives + // For algorithm names less than or equal to 4, we must see the algorithm name + // in the original function as upper case (it can't be split between tokens) + // One exception found is DES_xcbc_encrypt, this is DESX + ( + (result.length() <= 4 and result != "DESX") + implies + f.getName().toUpperCase().matches("%" + result + "%") + ) and + ( + (result.length() <= 4 and result = "DESX") + implies + (f.getName().toUpperCase().matches("%DESX%") or f.getName().toUpperCase().matches("%DES_X%")) + ) and + // (result.length() <= 3 implies (not f.getName().toUpperCase().regexpMatch(".*" + result + "[a-zA-Z0-9].*|.*[a-zA-Z0-9]" + result + ".*"))) + // and + // DES specific false positives + ( + result.matches("DES") + implies + not f.getName().toUpperCase().regexpMatch(".*DES[a-zA-Z0-9].*|.*[a-zA-Z0-9]DES.*") + ) and + // ((result.matches("%DES%")) implies not exists(string s | s in ["DESCRIBE", "DESTROY", "DESCRIPTION", "DESCRIPTOR", "NODES"] | + // f.getName().toUpperCase().matches("%" + s + "%"))) and + // SEED specific false positives + ( + result.matches("%SEED%") + implies + not not exists(string s | + s in ["NEW_SEED", "GEN_SEED", "SET_SEED", "GET_SEED", "GET0_SEED", "RESEED", "SEEDING"] + | + f.getName().toUpperCase().matches("%" + s + "%") + ) + ) and + // ARIA specific false positives + (result.matches("%ARIA%") implies not f.getName().toUpperCase().matches("%VARIANT%")) } - /** * Predicate to support name normalization. * Converts the raw name upper-case with no hyphen, slash, underscore, hash, or space. * Looks for substrings that are known algorithms, and normalizes the name. * If the algorithm cannot be determined or is in the ignorable list (`isIgnorableOpenSSLAlgorithm`) - * this predicate will not resolve a name. - * + * this predicate will not resolve a name. + * * Rationale for private: For normalization, we want to get the longest string for a normalized name match * for a given algorithm type. I found this easier to express if the public normalizeName * checks that the name is the longest, and that UNKNOWN is reserved if there exists no @@ -100,14 +113,11 @@ string privateNormalizeName(string name, string algType) { //not isIgnorableOpenSSLAlgorithm(name, _, _) and // targetOpenSSLAlgorithm(name, _) and isKnownAlgorithm(result, algType) and - exists(string normStr | - normStr = name.toUpperCase().regexpReplaceAll("[-_ ]|/", "") - | + exists(string normStr | normStr = name.toUpperCase().regexpReplaceAll("[-_ ]|/", "") | normStr.matches("%" + result + "%") ) } - /** * Converts a raw OpenSSL algorithm to a normalized algorithm name. * @@ -115,8 +125,8 @@ string privateNormalizeName(string name, string algType) { * string (max in terms of string length) e.g., matching AES128 to AES128 and not simply AES. * * An unknown algorithm is only identified if there exists no known algorithm found for any algorithm type. - * - * `name` is the name to normalize. + * + * `name` is the name to normalize. * `algType` is a string representing the classification of the algorithm (see `CryptoAlgorithmNames`) */ bindingset[name] @@ -135,5 +145,9 @@ string normalizeName(string name, string algType) { ) and // Addressing bad normalization case-by-case // CASE: ES256 being identified when the algorithm is AES256 - (result.matches("ES256") implies not exists(string res2 | res2 = privateNormalizeName(name, _) and res2.matches("AES%"))) + ( + result.matches("ES256") + implies + not exists(string res2 | res2 = privateNormalizeName(name, _) and res2.matches("AES%")) + ) } diff --git a/cpp/ql/lib/experimental/cryptography/utils/OpenSSL/LibraryFunction.qll b/cpp/ql/lib/experimental/cryptography/utils/OpenSSL/LibraryFunction.qll index 54d540e2308..a70b91e5e9e 100644 --- a/cpp/ql/lib/experimental/cryptography/utils/OpenSSL/LibraryFunction.qll +++ b/cpp/ql/lib/experimental/cryptography/utils/OpenSSL/LibraryFunction.qll @@ -2,11294 +2,11291 @@ import cpp /** * A function is a possibleOpenSSLFunction - * if the function's declaration exists in a subdirectory of any directory matching 'openssl' as a substring. + * if the function's declaration exists in a subdirectory of any directory matching 'openssl' as a substring. */ -predicate isPossibleOpenSSLFunction(Function f){ - f.getADeclarationLocation().toString() - .toLowerCase() - .matches("%openssl%") +predicate isPossibleOpenSSLFunction(Function f) { + f.getADeclarationLocation().toString().toLowerCase().matches("%openssl%") } -predicate openSSLLibraryFunc(Function f){ - openSSLAPIFuncName(f.getName()) - and - isPossibleOpenSSLFunction(f) +predicate openSSLLibraryFunc(Function f) { + openSSLAPIFuncName(f.getName()) and + isPossibleOpenSSLFunction(f) } /** * OpenSSL functions as defined in the OpenSSL docs * https://www.openssl.org/docs/manmaster/man3/ */ -predicate openSSLAPIFuncName(string name){ - name = "ACCESS_DESCRIPTION_free" - or - name = "ACCESS_DESCRIPTION_new" - or - name = "ADMISSIONS" - or - name = "ADMISSIONS_free" - or - name = "ADMISSIONS_get0_admissionAuthority" - or - name = "ADMISSIONS_get0_namingAuthority" - or - name = "ADMISSIONS_get0_professionInfos" - or - name = "ADMISSIONS_new" - or - name = "ADMISSIONS_set0_admissionAuthority" - or - name = "ADMISSIONS_set0_namingAuthority" - or - name = "ADMISSIONS_set0_professionInfos" - or - name = "ADMISSION_SYNTAX" - or - name = "ADMISSION_SYNTAX_free" - or - name = "ADMISSION_SYNTAX_get0_admissionAuthority" - or - name = "ADMISSION_SYNTAX_get0_contentsOfAdmissions" - or - name = "ADMISSION_SYNTAX_new" - or - name = "ADMISSION_SYNTAX_set0_admissionAuthority" - or - name = "ADMISSION_SYNTAX_set0_contentsOfAdmissions" - or - name = "ASIdOrRange_free" - or - name = "ASIdOrRange_new" - or - name = "ASIdentifierChoice_free" - or - name = "ASIdentifierChoice_new" - or - name = "ASIdentifiers_free" - or - name = "ASIdentifiers_new" - or - name = "ASN1_AUX" - or - name = "ASN1_ENUMERATED_get" - or - name = "ASN1_ENUMERATED_get_int64" - or - name = "ASN1_ENUMERATED_set" - or - name = "ASN1_ENUMERATED_set_int64" - or - name = "ASN1_ENUMERATED_to_BN" - or - name = "ASN1_EXTERN_FUNCS" - or - name = "ASN1_GENERALIZEDTIME_adj" - or - name = "ASN1_GENERALIZEDTIME_check" - or - name = "ASN1_GENERALIZEDTIME_dup" - or - name = "ASN1_GENERALIZEDTIME_print" - or - name = "ASN1_GENERALIZEDTIME_set" - or - name = "ASN1_GENERALIZEDTIME_set_string" - or - name = "ASN1_INTEGER_free" - or - name = "ASN1_INTEGER_get" - or - name = "ASN1_INTEGER_get_int64" - or - name = "ASN1_INTEGER_get_uint64" - or - name = "ASN1_INTEGER_new" - or - name = "ASN1_INTEGER_set" - or - name = "ASN1_INTEGER_set_int64" - or - name = "ASN1_INTEGER_set_uint64" - or - name = "ASN1_INTEGER_to_BN" - or - name = "ASN1_ITEM" - or - name = "ASN1_ITEM_get" - or - name = "ASN1_ITEM_lookup" - or - name = "ASN1_OBJECT_free" - or - name = "ASN1_OBJECT_new" - or - name = "ASN1_PRINT_ARG" - or - name = "ASN1_STREAM_ARG" - or - name = "ASN1_STRING_TABLE" - or - name = "ASN1_STRING_TABLE_add" - or - name = "ASN1_STRING_TABLE_cleanup" - or - name = "ASN1_STRING_TABLE_get" - or - name = "ASN1_STRING_cmp" - or - name = "ASN1_STRING_data" - or - name = "ASN1_STRING_dup" - or - name = "ASN1_STRING_free" - or - name = "ASN1_STRING_get0_data" - or - name = "ASN1_STRING_length" - or - name = "ASN1_STRING_length_set" - or - name = "ASN1_STRING_new" - or - name = "ASN1_STRING_print" - or - name = "ASN1_STRING_print_ex" - or - name = "ASN1_STRING_print_ex_fp" - or - name = "ASN1_STRING_set" - or - name = "ASN1_STRING_to_UTF8" - or - name = "ASN1_STRING_type" - or - name = "ASN1_STRING_type_new" - or - name = "ASN1_TIME_adj" - or - name = "ASN1_TIME_check" - or - name = "ASN1_TIME_cmp_time_t" - or - name = "ASN1_TIME_compare" - or - name = "ASN1_TIME_diff" - or - name = "ASN1_TIME_dup" - or - name = "ASN1_TIME_normalize" - or - name = "ASN1_TIME_print" - or - name = "ASN1_TIME_print_ex" - or - name = "ASN1_TIME_set" - or - name = "ASN1_TIME_set_string" - or - name = "ASN1_TIME_set_string_X509" - or - name = "ASN1_TIME_to_generalizedtime" - or - name = "ASN1_TIME_to_tm" - or - name = "ASN1_TYPE_cmp" - or - name = "ASN1_TYPE_get" - or - name = "ASN1_TYPE_pack_sequence" - or - name = "ASN1_TYPE_set" - or - name = "ASN1_TYPE_set1" - or - name = "ASN1_TYPE_unpack_sequence" - or - name = "ASN1_UTCTIME_adj" - or - name = "ASN1_UTCTIME_check" - or - name = "ASN1_UTCTIME_cmp_time_t" - or - name = "ASN1_UTCTIME_dup" - or - name = "ASN1_UTCTIME_print" - or - name = "ASN1_UTCTIME_set" - or - name = "ASN1_UTCTIME_set_string" - or - name = "ASN1_add_oid_module" - or - name = "ASN1_aux_cb" - or - name = "ASN1_aux_const_cb" - or - name = "ASN1_ex_d2i" - or - name = "ASN1_ex_d2i_ex" - or - name = "ASN1_ex_free_func" - or - name = "ASN1_ex_i2d" - or - name = "ASN1_ex_new_ex_func" - or - name = "ASN1_ex_new_func" - or - name = "ASN1_ex_print_func" - or - name = "ASN1_generate_nconf" - or - name = "ASN1_generate_v3" - or - name = "ASN1_item_d2i" - or - name = "ASN1_item_d2i_bio" - or - name = "ASN1_item_d2i_bio_ex" - or - name = "ASN1_item_d2i_ex" - or - name = "ASN1_item_d2i_fp" - or - name = "ASN1_item_d2i_fp_ex" - or - name = "ASN1_item_i2d_mem_bio" - or - name = "ASN1_item_new" - or - name = "ASN1_item_new_ex" - or - name = "ASN1_item_pack" - or - name = "ASN1_item_sign" - or - name = "ASN1_item_sign_ctx" - or - name = "ASN1_item_sign_ex" - or - name = "ASN1_item_unpack" - or - name = "ASN1_item_unpack_ex" - or - name = "ASN1_item_verify" - or - name = "ASN1_item_verify_ctx" - or - name = "ASN1_item_verify_ex" - or - name = "ASN1_tag2str" - or - name = "ASRange_free" - or - name = "ASRange_new" - or - name = "ASYNC_STATUS_EAGAIN" - or - name = "ASYNC_STATUS_ERR" - or - name = "ASYNC_STATUS_OK" - or - name = "ASYNC_STATUS_UNSUPPORTED" - or - name = "ASYNC_WAIT_CTX_clear_fd" - or - name = "ASYNC_WAIT_CTX_free" - or - name = "ASYNC_WAIT_CTX_get_all_fds" - or - name = "ASYNC_WAIT_CTX_get_callback" - or - name = "ASYNC_WAIT_CTX_get_changed_fds" - or - name = "ASYNC_WAIT_CTX_get_fd" - or - name = "ASYNC_WAIT_CTX_get_status" - or - name = "ASYNC_WAIT_CTX_new" - or - name = "ASYNC_WAIT_CTX_set_callback" - or - name = "ASYNC_WAIT_CTX_set_status" - or - name = "ASYNC_WAIT_CTX_set_wait_fd" - or - name = "ASYNC_block_pause" - or - name = "ASYNC_callback_fn" - or - name = "ASYNC_cleanup_thread" - or - name = "ASYNC_get_current_job" - or - name = "ASYNC_get_mem_functions" - or - name = "ASYNC_get_wait_ctx" - or - name = "ASYNC_init_thread" - or - name = "ASYNC_is_capable" - or - name = "ASYNC_pause_job" - or - name = "ASYNC_set_mem_functions" - or - name = "ASYNC_stack_alloc_fn" - or - name = "ASYNC_stack_free_fn" - or - name = "ASYNC_start_job" - or - name = "ASYNC_unblock_pause" - or - name = "AUTHORITY_INFO_ACCESS_free" - or - name = "AUTHORITY_INFO_ACCESS_new" - or - name = "AUTHORITY_KEYID_free" - or - name = "AUTHORITY_KEYID_new" - or - name = "BASIC_CONSTRAINTS_free" - or - name = "BASIC_CONSTRAINTS_new" - or - name = "BF_cbc_encrypt" - or - name = "BF_cfb64_encrypt" - or - name = "BF_decrypt" - or - name = "BF_ecb_encrypt" - or - name = "BF_encrypt" - or - name = "BF_ofb64_encrypt" - or - name = "BF_options" - or - name = "BF_set_key" - or - name = "BIO_ADDR" - or - name = "BIO_ADDRINFO" - or - name = "BIO_ADDRINFO_address" - or - name = "BIO_ADDRINFO_family" - or - name = "BIO_ADDRINFO_free" - or - name = "BIO_ADDRINFO_next" - or - name = "BIO_ADDRINFO_protocol" - or - name = "BIO_ADDRINFO_socktype" - or - name = "BIO_ADDR_clear" - or - name = "BIO_ADDR_dup" - or - name = "BIO_ADDR_family" - or - name = "BIO_ADDR_free" - or - name = "BIO_ADDR_hostname_string" - or - name = "BIO_ADDR_new" - or - name = "BIO_ADDR_path_string" - or - name = "BIO_ADDR_rawaddress" - or - name = "BIO_ADDR_rawmake" - or - name = "BIO_ADDR_rawport" - or - name = "BIO_ADDR_service_string" - or - name = "BIO_accept_ex" - or - name = "BIO_append_filename" - or - name = "BIO_bind" - or - name = "BIO_callback_ctrl" - or - name = "BIO_callback_fn" - or - name = "BIO_callback_fn_ex" - or - name = "BIO_closesocket" - or - name = "BIO_connect" - or - name = "BIO_ctrl" - or - name = "BIO_ctrl_dgram_connect" - or - name = "BIO_ctrl_get_read_request" - or - name = "BIO_ctrl_get_write_guarantee" - or - name = "BIO_ctrl_pending" - or - name = "BIO_ctrl_reset_read_request" - or - name = "BIO_ctrl_set_connected" - or - name = "BIO_ctrl_wpending" - or - name = "BIO_debug_callback" - or - name = "BIO_debug_callback_ex" - or - name = "BIO_destroy_bio_pair" - or - name = "BIO_dgram_get_caps" - or - name = "BIO_dgram_get_effective_caps" - or - name = "BIO_dgram_get_local_addr_cap" - or - name = "BIO_dgram_get_local_addr_enable" - or - name = "BIO_dgram_get_mtu" - or - name = "BIO_dgram_get_mtu_overhead" - or - name = "BIO_dgram_get_no_trunc" - or - name = "BIO_dgram_get_peer" - or - name = "BIO_dgram_recv_timedout" - or - name = "BIO_dgram_send_timedout" - or - name = "BIO_dgram_set_caps" - or - name = "BIO_dgram_set_local_addr_enable" - or - name = "BIO_dgram_set_mtu" - or - name = "BIO_dgram_set_no_trunc" - or - name = "BIO_dgram_set_peer" - or - name = "BIO_do_accept" - or - name = "BIO_do_connect" - or - name = "BIO_do_connect_retry" - or - name = "BIO_do_handshake" - or - name = "BIO_eof" - or - name = "BIO_err_is_non_fatal" - or - name = "BIO_f_base64" - or - name = "BIO_f_brotli" - or - name = "BIO_f_buffer" - or - name = "BIO_f_cipher" - or - name = "BIO_f_md" - or - name = "BIO_f_null" - or - name = "BIO_f_prefix" - or - name = "BIO_f_readbuffer" - or - name = "BIO_f_ssl" - or - name = "BIO_f_zlib" - or - name = "BIO_f_zstd" - or - name = "BIO_find_type" - or - name = "BIO_flush" - or - name = "BIO_free" - or - name = "BIO_free_all" - or - name = "BIO_get_accept_ip_family" - or - name = "BIO_get_accept_name" - or - name = "BIO_get_accept_port" - or - name = "BIO_get_app_data" - or - name = "BIO_get_bind_mode" - or - name = "BIO_get_buffer_num_lines" - or - name = "BIO_get_callback" - or - name = "BIO_get_callback_arg" - or - name = "BIO_get_callback_ex" - or - name = "BIO_get_cipher_ctx" - or - name = "BIO_get_cipher_status" - or - name = "BIO_get_close" - or - name = "BIO_get_conn_address" - or - name = "BIO_get_conn_hostname" - or - name = "BIO_get_conn_int_port" - or - name = "BIO_get_conn_ip" - or - name = "BIO_get_conn_ip_family" - or - name = "BIO_get_conn_mode" - or - name = "BIO_get_conn_port" - or - name = "BIO_get_data" - or - name = "BIO_get_ex_data" - or - name = "BIO_get_ex_new_index" - or - name = "BIO_get_fd" - or - name = "BIO_get_fp" - or - name = "BIO_get_indent" - or - name = "BIO_get_info_callback" - or - name = "BIO_get_init" - or - name = "BIO_get_ktls_recv" - or - name = "BIO_get_ktls_send" - or - name = "BIO_get_line" - or - name = "BIO_get_md" - or - name = "BIO_get_md_ctx" - or - name = "BIO_get_mem_data" - or - name = "BIO_get_mem_ptr" - or - name = "BIO_get_new_index" - or - name = "BIO_get_num_renegotiates" - or - name = "BIO_get_peer_name" - or - name = "BIO_get_peer_port" - or - name = "BIO_get_read_request" - or - name = "BIO_get_retry_BIO" - or - name = "BIO_get_retry_reason" - or - name = "BIO_get_rpoll_descriptor" - or - name = "BIO_get_shutdown" - or - name = "BIO_get_ssl" - or - name = "BIO_get_wpoll_descriptor" - or - name = "BIO_get_write_buf_size" - or - name = "BIO_get_write_guarantee" - or - name = "BIO_gets" - or - name = "BIO_hostserv_priorities" - or - name = "BIO_info_cb" - or - name = "BIO_int_ctrl" - or - name = "BIO_listen" - or - name = "BIO_lookup" - or - name = "BIO_lookup_ex" - or - name = "BIO_lookup_type" - or - name = "BIO_make_bio_pair" - or - name = "BIO_meth_free" - or - name = "BIO_meth_get_callback_ctrl" - or - name = "BIO_meth_get_create" - or - name = "BIO_meth_get_ctrl" - or - name = "BIO_meth_get_destroy" - or - name = "BIO_meth_get_gets" - or - name = "BIO_meth_get_puts" - or - name = "BIO_meth_get_read" - or - name = "BIO_meth_get_read_ex" - or - name = "BIO_meth_get_recvmmsg" - or - name = "BIO_meth_get_sendmmsg" - or - name = "BIO_meth_get_write" - or - name = "BIO_meth_get_write_ex" - or - name = "BIO_meth_new" - or - name = "BIO_meth_set_callback_ctrl" - or - name = "BIO_meth_set_create" - or - name = "BIO_meth_set_ctrl" - or - name = "BIO_meth_set_destroy" - or - name = "BIO_meth_set_gets" - or - name = "BIO_meth_set_puts" - or - name = "BIO_meth_set_read" - or - name = "BIO_meth_set_read_ex" - or - name = "BIO_meth_set_recvmmsg" - or - name = "BIO_meth_set_sendmmsg" - or - name = "BIO_meth_set_write" - or - name = "BIO_meth_set_write_ex" - or - name = "BIO_method_type" - or - name = "BIO_new" - or - name = "BIO_new_CMS" - or - name = "BIO_new_accept" - or - name = "BIO_new_bio_dgram_pair" - or - name = "BIO_new_bio_pair" - or - name = "BIO_new_buffer_ssl_connect" - or - name = "BIO_new_connect" - or - name = "BIO_new_dgram" - or - name = "BIO_new_ex" - or - name = "BIO_new_fd" - or - name = "BIO_new_file" - or - name = "BIO_new_fp" - or - name = "BIO_new_from_core_bio" - or - name = "BIO_new_mem_buf" - or - name = "BIO_new_socket" - or - name = "BIO_new_ssl" - or - name = "BIO_new_ssl_connect" - or - name = "BIO_next" - or - name = "BIO_parse_hostserv" - or - name = "BIO_pending" - or - name = "BIO_pop" - or - name = "BIO_printf" - or - name = "BIO_ptr_ctrl" - or - name = "BIO_push" - or - name = "BIO_puts" - or - name = "BIO_read" - or - name = "BIO_read_ex" - or - name = "BIO_read_filename" - or - name = "BIO_recvmmsg" - or - name = "BIO_reset" - or - name = "BIO_retry_type" - or - name = "BIO_rw_filename" - or - name = "BIO_s_accept" - or - name = "BIO_s_bio" - or - name = "BIO_s_connect" - or - name = "BIO_s_core" - or - name = "BIO_s_datagram" - or - name = "BIO_s_dgram_mem" - or - name = "BIO_s_dgram_pair" - or - name = "BIO_s_fd" - or - name = "BIO_s_file" - or - name = "BIO_s_mem" - or - name = "BIO_s_null" - or - name = "BIO_s_secmem" - or - name = "BIO_s_socket" - or - name = "BIO_seek" - or - name = "BIO_sendmmsg" - or - name = "BIO_set" - or - name = "BIO_set_accept_bios" - or - name = "BIO_set_accept_ip_family" - or - name = "BIO_set_accept_name" - or - name = "BIO_set_accept_port" - or - name = "BIO_set_app_data" - or - name = "BIO_set_bind_mode" - or - name = "BIO_set_buffer_read_data" - or - name = "BIO_set_buffer_size" - or - name = "BIO_set_callback" - or - name = "BIO_set_callback_arg" - or - name = "BIO_set_callback_ex" - or - name = "BIO_set_cipher" - or - name = "BIO_set_close" - or - name = "BIO_set_conn_address" - or - name = "BIO_set_conn_hostname" - or - name = "BIO_set_conn_int_port" - or - name = "BIO_set_conn_ip" - or - name = "BIO_set_conn_ip_family" - or - name = "BIO_set_conn_mode" - or - name = "BIO_set_conn_port" - or - name = "BIO_set_data" - or - name = "BIO_set_ex_data" - or - name = "BIO_set_fd" - or - name = "BIO_set_fp" - or - name = "BIO_set_indent" - or - name = "BIO_set_info_callback" - or - name = "BIO_set_init" - or - name = "BIO_set_md" - or - name = "BIO_set_mem_buf" - or - name = "BIO_set_mem_eof_return" - or - name = "BIO_set_nbio" - or - name = "BIO_set_nbio_accept" - or - name = "BIO_set_next" - or - name = "BIO_set_prefix" - or - name = "BIO_set_read_buffer_size" - or - name = "BIO_set_retry_reason" - or - name = "BIO_set_shutdown" - or - name = "BIO_set_ssl" - or - name = "BIO_set_ssl_mode" - or - name = "BIO_set_ssl_renegotiate_bytes" - or - name = "BIO_set_ssl_renegotiate_timeout" - or - name = "BIO_set_tfo" - or - name = "BIO_set_tfo_accept" - or - name = "BIO_set_write_buf_size" - or - name = "BIO_set_write_buffer_size" - or - name = "BIO_should_io_special" - or - name = "BIO_should_read" - or - name = "BIO_should_retry" - or - name = "BIO_should_write" - or - name = "BIO_shutdown_wr" - or - name = "BIO_snprintf" - or - name = "BIO_socket" - or - name = "BIO_socket_wait" - or - name = "BIO_ssl_copy_session_id" - or - name = "BIO_ssl_shutdown" - or - name = "BIO_tell" - or - name = "BIO_up_ref" - or - name = "BIO_vfree" - or - name = "BIO_vprintf" - or - name = "BIO_vsnprintf" - or - name = "BIO_wait" - or - name = "BIO_wpending" - or - name = "BIO_write" - or - name = "BIO_write_ex" - or - name = "BIO_write_filename" - or - name = "BN_BLINDING_convert" - or - name = "BN_BLINDING_convert_ex" - or - name = "BN_BLINDING_create_param" - or - name = "BN_BLINDING_free" - or - name = "BN_BLINDING_get_flags" - or - name = "BN_BLINDING_get_thread_id" - or - name = "BN_BLINDING_invert" - or - name = "BN_BLINDING_invert_ex" - or - name = "BN_BLINDING_is_current_thread" - or - name = "BN_BLINDING_lock" - or - name = "BN_BLINDING_new" - or - name = "BN_BLINDING_set_current_thread" - or - name = "BN_BLINDING_set_flags" - or - name = "BN_BLINDING_set_thread_id" - or - name = "BN_BLINDING_thread_id" - or - name = "BN_BLINDING_unlock" - or - name = "BN_BLINDING_update" - or - name = "BN_CTX_end" - or - name = "BN_CTX_free" - or - name = "BN_CTX_get" - or - name = "BN_CTX_init" - or - name = "BN_CTX_new" - or - name = "BN_CTX_new_ex" - or - name = "BN_CTX_secure_new" - or - name = "BN_CTX_secure_new_ex" - or - name = "BN_CTX_start" - or - name = "BN_GENCB_call" - or - name = "BN_GENCB_free" - or - name = "BN_GENCB_get_arg" - or - name = "BN_GENCB_new" - or - name = "BN_GENCB_set" - or - name = "BN_GENCB_set_old" - or - name = "BN_MONT_CTX_copy" - or - name = "BN_MONT_CTX_free" - or - name = "BN_MONT_CTX_init" - or - name = "BN_MONT_CTX_new" - or - name = "BN_MONT_CTX_set" - or - name = "BN_RECP_CTX_free" - or - name = "BN_RECP_CTX_init" - or - name = "BN_RECP_CTX_new" - or - name = "BN_RECP_CTX_set" - or - name = "BN_abs_is_word" - or - name = "BN_add" - or - name = "BN_add_word" - or - name = "BN_are_coprime" - or - name = "BN_bin2bn" - or - name = "BN_bn2bin" - or - name = "BN_bn2binpad" - or - name = "BN_bn2dec" - or - name = "BN_bn2hex" - or - name = "BN_bn2lebinpad" - or - name = "BN_bn2mpi" - or - name = "BN_bn2nativepad" - or - name = "BN_check_prime" - or - name = "BN_clear" - or - name = "BN_clear_bit" - or - name = "BN_clear_free" - or - name = "BN_cmp" - or - name = "BN_copy" - or - name = "BN_dec2bn" - or - name = "BN_div" - or - name = "BN_div_recp" - or - name = "BN_div_word" - or - name = "BN_dup" - or - name = "BN_exp" - or - name = "BN_free" - or - name = "BN_from_montgomery" - or - name = "BN_gcd" - or - name = "BN_generate_prime" - or - name = "BN_generate_prime_ex" - or - name = "BN_generate_prime_ex2" - or - name = "BN_get0_nist_prime_192" - or - name = "BN_get0_nist_prime_224" - or - name = "BN_get0_nist_prime_256" - or - name = "BN_get0_nist_prime_384" - or - name = "BN_get0_nist_prime_521" - or - name = "BN_get_rfc2409_prime_1024" - or - name = "BN_get_rfc2409_prime_768" - or - name = "BN_get_rfc3526_prime_1536" - or - name = "BN_get_rfc3526_prime_2048" - or - name = "BN_get_rfc3526_prime_3072" - or - name = "BN_get_rfc3526_prime_4096" - or - name = "BN_get_rfc3526_prime_6144" - or - name = "BN_get_rfc3526_prime_8192" - or - name = "BN_get_word" - or - name = "BN_hex2bn" - or - name = "BN_init" - or - name = "BN_is_bit_set" - or - name = "BN_is_odd" - or - name = "BN_is_one" - or - name = "BN_is_prime" - or - name = "BN_is_prime_ex" - or - name = "BN_is_prime_fasttest" - or - name = "BN_is_prime_fasttest_ex" - or - name = "BN_is_word" - or - name = "BN_is_zero" - or - name = "BN_lebin2bn" - or - name = "BN_lshift" - or - name = "BN_lshift1" - or - name = "BN_mask_bits" - or - name = "BN_mod" - or - name = "BN_mod_add" - or - name = "BN_mod_exp" - or - name = "BN_mod_exp_mont" - or - name = "BN_mod_exp_mont_consttime" - or - name = "BN_mod_exp_mont_consttime_x2" - or - name = "BN_mod_inverse" - or - name = "BN_mod_mul" - or - name = "BN_mod_mul_montgomery" - or - name = "BN_mod_mul_reciprocal" - or - name = "BN_mod_sqr" - or - name = "BN_mod_sqrt" - or - name = "BN_mod_sub" - or - name = "BN_mod_word" - or - name = "BN_mpi2bn" - or - name = "BN_mul" - or - name = "BN_mul_word" - or - name = "BN_native2bn" - or - name = "BN_new" - or - name = "BN_nnmod" - or - name = "BN_num_bits" - or - name = "BN_num_bits_word" - or - name = "BN_num_bytes" - or - name = "BN_one" - or - name = "BN_print" - or - name = "BN_print_fp" - or - name = "BN_priv_rand" - or - name = "BN_priv_rand_ex" - or - name = "BN_priv_rand_range" - or - name = "BN_priv_rand_range_ex" - or - name = "BN_pseudo_rand" - or - name = "BN_pseudo_rand_range" - or - name = "BN_rand" - or - name = "BN_rand_ex" - or - name = "BN_rand_range" - or - name = "BN_rand_range_ex" - or - name = "BN_rshift" - or - name = "BN_rshift1" - or - name = "BN_secure_new" - or - name = "BN_security_bits" - or - name = "BN_set_bit" - or - name = "BN_set_word" - or - name = "BN_signed_bin2bn" - or - name = "BN_signed_bn2bin" - or - name = "BN_signed_bn2lebin" - or - name = "BN_signed_bn2native" - or - name = "BN_signed_lebin2bn" - or - name = "BN_signed_native2bn" - or - name = "BN_sqr" - or - name = "BN_sub" - or - name = "BN_sub_word" - or - name = "BN_swap" - or - name = "BN_to_ASN1_ENUMERATED" - or - name = "BN_to_ASN1_INTEGER" - or - name = "BN_to_montgomery" - or - name = "BN_ucmp" - or - name = "BN_value_one" - or - name = "BN_with_flags" - or - name = "BN_zero" - or - name = "BUF_MEM_free" - or - name = "BUF_MEM_grow" - or - name = "BUF_MEM_grow_clean" - or - name = "BUF_MEM_new" - or - name = "BUF_MEM_new_ex" - or - name = "BUF_memdup" - or - name = "BUF_reverse" - or - name = "BUF_strdup" - or - name = "BUF_strlcat" - or - name = "BUF_strlcpy" - or - name = "BUF_strndup" - or - name = "CERTIFICATEPOLICIES_free" - or - name = "CERTIFICATEPOLICIES_new" - or - name = "CMS_AuthEnvelopedData_create" - or - name = "CMS_AuthEnvelopedData_create_ex" - or - name = "CMS_ContentInfo_free" - or - name = "CMS_ContentInfo_new" - or - name = "CMS_ContentInfo_new_ex" - or - name = "CMS_ContentInfo_print_ctx" - or - name = "CMS_EncryptedData_decrypt" - or - name = "CMS_EncryptedData_encrypt" - or - name = "CMS_EncryptedData_encrypt_ex" - or - name = "CMS_EnvelopedData_create" - or - name = "CMS_EnvelopedData_create_ex" - or - name = "CMS_EnvelopedData_decrypt" - or - name = "CMS_EnvelopedData_it" - or - name = "CMS_ReceiptRequest_create0" - or - name = "CMS_ReceiptRequest_create0_ex" - or - name = "CMS_ReceiptRequest_free" - or - name = "CMS_ReceiptRequest_get0_values" - or - name = "CMS_ReceiptRequest_new" - or - name = "CMS_RecipientInfo_decrypt" - or - name = "CMS_RecipientInfo_encrypt" - or - name = "CMS_RecipientInfo_kari_set0_pkey" - or - name = "CMS_RecipientInfo_kari_set0_pkey_and_peer" - or - name = "CMS_RecipientInfo_kekri_get0_id" - or - name = "CMS_RecipientInfo_kekri_id_cmp" - or - name = "CMS_RecipientInfo_ktri_cert_cmp" - or - name = "CMS_RecipientInfo_ktri_get0_signer_id" - or - name = "CMS_RecipientInfo_set0_key" - or - name = "CMS_RecipientInfo_set0_pkey" - or - name = "CMS_RecipientInfo_type" - or - name = "CMS_SignedData_free" - or - name = "CMS_SignedData_new" - or - name = "CMS_SignedData_verify" - or - name = "CMS_SignerInfo_cert_cmp" - or - name = "CMS_SignerInfo_get0_signature" - or - name = "CMS_SignerInfo_get0_signer_id" - or - name = "CMS_SignerInfo_set1_signer_cert" - or - name = "CMS_SignerInfo_sign" - or - name = "CMS_add0_cert" - or - name = "CMS_add0_crl" - or - name = "CMS_add0_recipient_key" - or - name = "CMS_add1_ReceiptRequest" - or - name = "CMS_add1_cert" - or - name = "CMS_add1_crl" - or - name = "CMS_add1_recipient" - or - name = "CMS_add1_recipient_cert" - or - name = "CMS_add1_signer" - or - name = "CMS_compress" - or - name = "CMS_data_create" - or - name = "CMS_data_create_ex" - or - name = "CMS_decrypt" - or - name = "CMS_decrypt_set1_password" - or - name = "CMS_decrypt_set1_pkey" - or - name = "CMS_decrypt_set1_pkey_and_peer" - or - name = "CMS_digest_create" - or - name = "CMS_digest_create_ex" - or - name = "CMS_encrypt" - or - name = "CMS_encrypt_ex" - or - name = "CMS_final" - or - name = "CMS_final_digest" - or - name = "CMS_get0_RecipientInfos" - or - name = "CMS_get0_SignerInfos" - or - name = "CMS_get0_content" - or - name = "CMS_get0_eContentType" - or - name = "CMS_get0_signers" - or - name = "CMS_get0_type" - or - name = "CMS_get1_ReceiptRequest" - or - name = "CMS_get1_certs" - or - name = "CMS_get1_crls" - or - name = "CMS_set1_eContentType" - or - name = "CMS_set1_signer_cert" - or - name = "CMS_sign" - or - name = "CMS_sign_ex" - or - name = "CMS_sign_receipt" - or - name = "CMS_uncompress" - or - name = "CMS_verify" - or - name = "CMS_verify_receipt" - or - name = "COMP_CTX_free" - or - name = "COMP_CTX_get_method" - or - name = "COMP_CTX_get_type" - or - name = "COMP_CTX_new" - or - name = "COMP_brotli" - or - name = "COMP_brotli_oneshot" - or - name = "COMP_compress_block" - or - name = "COMP_expand_block" - or - name = "COMP_get_name" - or - name = "COMP_get_type" - or - name = "COMP_zlib" - or - name = "COMP_zlib_oneshot" - or - name = "COMP_zstd" - or - name = "COMP_zstd_oneshot" - or - name = "CONF_get1_default_config_file" - or - name = "CONF_modules_finish" - or - name = "CONF_modules_free" - or - name = "CONF_modules_load" - or - name = "CONF_modules_load_file" - or - name = "CONF_modules_load_file_ex" - or - name = "CONF_modules_unload" - or - name = "CRL_DIST_POINTS_free" - or - name = "CRL_DIST_POINTS_new" - or - name = "CRYPTO_EX_dup" - or - name = "CRYPTO_EX_free" - or - name = "CRYPTO_EX_new" - or - name = "CRYPTO_THREADID_cmp" - or - name = "CRYPTO_THREADID_cpy" - or - name = "CRYPTO_THREADID_current" - or - name = "CRYPTO_THREADID_get_callback" - or - name = "CRYPTO_THREADID_hash" - or - name = "CRYPTO_THREADID_set_callback" - or - name = "CRYPTO_THREAD_lock_free" - or - name = "CRYPTO_THREAD_lock_new" - or - name = "CRYPTO_THREAD_read_lock" - or - name = "CRYPTO_THREAD_run_once" - or - name = "CRYPTO_THREAD_unlock" - or - name = "CRYPTO_THREAD_write_lock" - or - name = "CRYPTO_alloc_ex_data" - or - name = "CRYPTO_atomic_add" - or - name = "CRYPTO_atomic_load" - or - name = "CRYPTO_atomic_or" - or - name = "CRYPTO_clear_free" - or - name = "CRYPTO_clear_realloc" - or - name = "CRYPTO_destroy_dynlockid" - or - name = "CRYPTO_free" - or - name = "CRYPTO_free_ex_data" - or - name = "CRYPTO_free_ex_index" - or - name = "CRYPTO_free_fn" - or - name = "CRYPTO_get_alloc_counts" - or - name = "CRYPTO_get_ex_data" - or - name = "CRYPTO_get_ex_new_index" - or - name = "CRYPTO_get_mem_functions" - or - name = "CRYPTO_get_new_dynlockid" - or - name = "CRYPTO_lock" - or - name = "CRYPTO_malloc" - or - name = "CRYPTO_malloc_fn" - or - name = "CRYPTO_mem_ctrl" - or - name = "CRYPTO_mem_debug_pop" - or - name = "CRYPTO_mem_debug_push" - or - name = "CRYPTO_mem_leaks" - or - name = "CRYPTO_mem_leaks_cb" - or - name = "CRYPTO_mem_leaks_fp" - or - name = "CRYPTO_memcmp" - or - name = "CRYPTO_new_ex_data" - or - name = "CRYPTO_num_locks" - or - name = "CRYPTO_realloc" - or - name = "CRYPTO_realloc_fn" - or - name = "CRYPTO_secure_allocated" - or - name = "CRYPTO_secure_clear_free" - or - name = "CRYPTO_secure_free" - or - name = "CRYPTO_secure_malloc" - or - name = "CRYPTO_secure_malloc_done" - or - name = "CRYPTO_secure_malloc_init" - or - name = "CRYPTO_secure_malloc_initialized" - or - name = "CRYPTO_secure_used" - or - name = "CRYPTO_secure_zalloc" - or - name = "CRYPTO_set_dynlock_create_callback" - or - name = "CRYPTO_set_dynlock_destroy_callback" - or - name = "CRYPTO_set_dynlock_lock_callback" - or - name = "CRYPTO_set_ex_data" - or - name = "CRYPTO_set_locking_callback" - or - name = "CRYPTO_set_mem_debug" - or - name = "CRYPTO_set_mem_functions" - or - name = "CRYPTO_strdup" - or - name = "CRYPTO_strndup" - or - name = "CRYPTO_zalloc" - or - name = "CTLOG_STORE_free" - or - name = "CTLOG_STORE_get0_log_by_id" - or - name = "CTLOG_STORE_load_default_file" - or - name = "CTLOG_STORE_load_file" - or - name = "CTLOG_STORE_new" - or - name = "CTLOG_STORE_new_ex" - or - name = "CTLOG_free" - or - name = "CTLOG_get0_log_id" - or - name = "CTLOG_get0_name" - or - name = "CTLOG_get0_public_key" - or - name = "CTLOG_new" - or - name = "CTLOG_new_ex" - or - name = "CTLOG_new_from_base64" - or - name = "CTLOG_new_from_base64_ex" - or - name = "CT_POLICY_EVAL_CTX_free" - or - name = "CT_POLICY_EVAL_CTX_get0_cert" - or - name = "CT_POLICY_EVAL_CTX_get0_issuer" - or - name = "CT_POLICY_EVAL_CTX_get0_log_store" - or - name = "CT_POLICY_EVAL_CTX_get_time" - or - name = "CT_POLICY_EVAL_CTX_new" - or - name = "CT_POLICY_EVAL_CTX_new_ex" - or - name = "CT_POLICY_EVAL_CTX_set1_cert" - or - name = "CT_POLICY_EVAL_CTX_set1_issuer" - or - name = "CT_POLICY_EVAL_CTX_set_shared_CTLOG_STORE" - or - name = "CT_POLICY_EVAL_CTX_set_time" - or - name = "DECLARE_ASN1_FUNCTIONS" - or - name = "DECLARE_LHASH_OF" - or - name = "DECLARE_PEM_rw" - or - name = "DEFINE_LHASH_OF" - or - name = "DEFINE_LHASH_OF_EX" - or - name = "DEFINE_SPECIAL_STACK_OF" - or - name = "DEFINE_SPECIAL_STACK_OF_CONST" - or - name = "DEFINE_STACK_OF" - or - name = "DEFINE_STACK_OF_CONST" - or - name = "DES_cbc_cksum" - or - name = "DES_cfb64_encrypt" - or - name = "DES_cfb_encrypt" - or - name = "DES_crypt" - or - name = "DES_ecb2_encrypt" - or - name = "DES_ecb3_encrypt" - or - name = "DES_ecb_encrypt" - or - name = "DES_ede2_cbc_encrypt" - or - name = "DES_ede2_cfb64_encrypt" - or - name = "DES_ede2_ofb64_encrypt" - or - name = "DES_ede3_cbc_encrypt" - or - name = "DES_ede3_cbcm_encrypt" - or - name = "DES_ede3_cfb64_encrypt" - or - name = "DES_ede3_ofb64_encrypt" - or - name = "DES_enc_read" - or - name = "DES_enc_write" - or - name = "DES_fcrypt" - or - name = "DES_is_weak_key" - or - name = "DES_key_sched" - or - name = "DES_ncbc_encrypt" - or - name = "DES_ofb64_encrypt" - or - name = "DES_ofb_encrypt" - or - name = "DES_pcbc_encrypt" - or - name = "DES_quad_cksum" - or - name = "DES_random_key" - or - name = "DES_set_key" - or - name = "DES_set_key_checked" - or - name = "DES_set_key_unchecked" - or - name = "DES_set_odd_parity" - or - name = "DES_string_to_2keys" - or - name = "DES_string_to_key" - or - name = "DES_xcbc_encrypt" - or - name = "DH_OpenSSL" - or - name = "DH_bits" - or - name = "DH_check" - or - name = "DH_check_ex" - or - name = "DH_check_params" - or - name = "DH_check_params_ex" - or - name = "DH_check_pub_key_ex" - or - name = "DH_clear_flags" - or - name = "DH_compute_key" - or - name = "DH_compute_key_padded" - or - name = "DH_free" - or - name = "DH_generate_key" - or - name = "DH_generate_parameters" - or - name = "DH_generate_parameters_ex" - or - name = "DH_get0_engine" - or - name = "DH_get0_g" - or - name = "DH_get0_key" - or - name = "DH_get0_p" - or - name = "DH_get0_pqg" - or - name = "DH_get0_priv_key" - or - name = "DH_get0_pub_key" - or - name = "DH_get0_q" - or - name = "DH_get_1024_160" - or - name = "DH_get_2048_224" - or - name = "DH_get_2048_256" - or - name = "DH_get_default_method" - or - name = "DH_get_ex_data" - or - name = "DH_get_ex_new_index" - or - name = "DH_get_length" - or - name = "DH_get_nid" - or - name = "DH_meth_dup" - or - name = "DH_meth_free" - or - name = "DH_meth_get0_app_data" - or - name = "DH_meth_get0_name" - or - name = "DH_meth_get_bn_mod_exp" - or - name = "DH_meth_get_compute_key" - or - name = "DH_meth_get_finish" - or - name = "DH_meth_get_flags" - or - name = "DH_meth_get_generate_key" - or - name = "DH_meth_get_generate_params" - or - name = "DH_meth_get_init" - or - name = "DH_meth_new" - or - name = "DH_meth_set0_app_data" - or - name = "DH_meth_set1_name" - or - name = "DH_meth_set_bn_mod_exp" - or - name = "DH_meth_set_compute_key" - or - name = "DH_meth_set_finish" - or - name = "DH_meth_set_flags" - or - name = "DH_meth_set_generate_key" - or - name = "DH_meth_set_generate_params" - or - name = "DH_meth_set_init" - or - name = "DH_new" - or - name = "DH_new_by_nid" - or - name = "DH_new_method" - or - name = "DH_security_bits" - or - name = "DH_set0_key" - or - name = "DH_set0_pqg" - or - name = "DH_set_default_method" - or - name = "DH_set_ex_data" - or - name = "DH_set_flags" - or - name = "DH_set_length" - or - name = "DH_set_method" - or - name = "DH_size" - or - name = "DH_test_flags" - or - name = "DHparams_print" - or - name = "DHparams_print_fp" - or - name = "DIRECTORYSTRING_free" - or - name = "DIRECTORYSTRING_new" - or - name = "DISPLAYTEXT_free" - or - name = "DISPLAYTEXT_new" - or - name = "DIST_POINT_NAME_free" - or - name = "DIST_POINT_NAME_new" - or - name = "DIST_POINT_free" - or - name = "DIST_POINT_new" - or - name = "DSA_OpenSSL" - or - name = "DSA_SIG_free" - or - name = "DSA_SIG_get0" - or - name = "DSA_SIG_new" - or - name = "DSA_SIG_set0" - or - name = "DSA_bits" - or - name = "DSA_clear_flags" - or - name = "DSA_do_sign" - or - name = "DSA_do_verify" - or - name = "DSA_dup_DH" - or - name = "DSA_free" - or - name = "DSA_generate_key" - or - name = "DSA_generate_parameters" - or - name = "DSA_generate_parameters_ex" - or - name = "DSA_get0_engine" - or - name = "DSA_get0_g" - or - name = "DSA_get0_key" - or - name = "DSA_get0_p" - or - name = "DSA_get0_pqg" - or - name = "DSA_get0_priv_key" - or - name = "DSA_get0_pub_key" - or - name = "DSA_get0_q" - or - name = "DSA_get_default_method" - or - name = "DSA_get_ex_data" - or - name = "DSA_get_ex_new_index" - or - name = "DSA_meth_dup" - or - name = "DSA_meth_free" - or - name = "DSA_meth_get0_app_data" - or - name = "DSA_meth_get0_name" - or - name = "DSA_meth_get_bn_mod_exp" - or - name = "DSA_meth_get_finish" - or - name = "DSA_meth_get_flags" - or - name = "DSA_meth_get_init" - or - name = "DSA_meth_get_keygen" - or - name = "DSA_meth_get_mod_exp" - or - name = "DSA_meth_get_paramgen" - or - name = "DSA_meth_get_sign" - or - name = "DSA_meth_get_sign_setup" - or - name = "DSA_meth_get_verify" - or - name = "DSA_meth_new" - or - name = "DSA_meth_set0_app_data" - or - name = "DSA_meth_set1_name" - or - name = "DSA_meth_set_bn_mod_exp" - or - name = "DSA_meth_set_finish" - or - name = "DSA_meth_set_flags" - or - name = "DSA_meth_set_init" - or - name = "DSA_meth_set_keygen" - or - name = "DSA_meth_set_mod_exp" - or - name = "DSA_meth_set_paramgen" - or - name = "DSA_meth_set_sign" - or - name = "DSA_meth_set_sign_setup" - or - name = "DSA_meth_set_verify" - or - name = "DSA_new" - or - name = "DSA_new_method" - or - name = "DSA_print" - or - name = "DSA_print_fp" - or - name = "DSA_security_bits" - or - name = "DSA_set0_key" - or - name = "DSA_set0_pqg" - or - name = "DSA_set_default_method" - or - name = "DSA_set_ex_data" - or - name = "DSA_set_flags" - or - name = "DSA_set_method" - or - name = "DSA_sign" - or - name = "DSA_sign_setup" - or - name = "DSA_size" - or - name = "DSA_test_flags" - or - name = "DSA_verify" - or - name = "DSAparams_dup" - or - name = "DSAparams_print" - or - name = "DSAparams_print_fp" - or - name = "DTLS_client_method" - or - name = "DTLS_get_data_mtu" - or - name = "DTLS_method" - or - name = "DTLS_server_method" - or - name = "DTLS_set_timer_cb" - or - name = "DTLS_timer_cb" - or - name = "DTLSv1_2_client_method" - or - name = "DTLSv1_2_method" - or - name = "DTLSv1_2_server_method" - or - name = "DTLSv1_client_method" - or - name = "DTLSv1_get_timeout" - or - name = "DTLSv1_handle_timeout" - or - name = "DTLSv1_listen" - or - name = "DTLSv1_method" - or - name = "DTLSv1_server_method" - or - name = "ECDH_get_ex_data" - or - name = "ECDH_get_ex_new_index" - or - name = "ECDH_set_ex_data" - or - name = "ECDSA_SIG_free" - or - name = "ECDSA_SIG_get0" - or - name = "ECDSA_SIG_get0_r" - or - name = "ECDSA_SIG_get0_s" - or - name = "ECDSA_SIG_new" - or - name = "ECDSA_SIG_set0" - or - name = "ECDSA_do_sign" - or - name = "ECDSA_do_sign_ex" - or - name = "ECDSA_do_verify" - or - name = "ECDSA_sign" - or - name = "ECDSA_sign_ex" - or - name = "ECDSA_sign_setup" - or - name = "ECDSA_size" - or - name = "ECDSA_verify" - or - name = "ECPARAMETERS_free" - or - name = "ECPARAMETERS_new" - or - name = "ECPKPARAMETERS_free" - or - name = "ECPKPARAMETERS_new" - or - name = "ECPKParameters_print" - or - name = "ECPKParameters_print_fp" - or - name = "EC_GF2m_simple_method" - or - name = "EC_GFp_mont_method" - or - name = "EC_GFp_nist_method" - or - name = "EC_GFp_nistp224_method" - or - name = "EC_GFp_nistp256_method" - or - name = "EC_GFp_nistp521_method" - or - name = "EC_GFp_simple_method" - or - name = "EC_GROUP_check" - or - name = "EC_GROUP_check_discriminant" - or - name = "EC_GROUP_check_named_curve" - or - name = "EC_GROUP_clear_free" - or - name = "EC_GROUP_cmp" - or - name = "EC_GROUP_copy" - or - name = "EC_GROUP_dup" - or - name = "EC_GROUP_free" - or - name = "EC_GROUP_get0_cofactor" - or - name = "EC_GROUP_get0_field" - or - name = "EC_GROUP_get0_generator" - or - name = "EC_GROUP_get0_order" - or - name = "EC_GROUP_get0_seed" - or - name = "EC_GROUP_get_asn1_flag" - or - name = "EC_GROUP_get_basis_type" - or - name = "EC_GROUP_get_cofactor" - or - name = "EC_GROUP_get_curve" - or - name = "EC_GROUP_get_curve_GF2m" - or - name = "EC_GROUP_get_curve_GFp" - or - name = "EC_GROUP_get_curve_name" - or - name = "EC_GROUP_get_degree" - or - name = "EC_GROUP_get_ecparameters" - or - name = "EC_GROUP_get_ecpkparameters" - or - name = "EC_GROUP_get_field_type" - or - name = "EC_GROUP_get_order" - or - name = "EC_GROUP_get_pentanomial_basis" - or - name = "EC_GROUP_get_point_conversion_form" - or - name = "EC_GROUP_get_seed_len" - or - name = "EC_GROUP_get_trinomial_basis" - or - name = "EC_GROUP_have_precompute_mult" - or - name = "EC_GROUP_method_of" - or - name = "EC_GROUP_new" - or - name = "EC_GROUP_new_by_curve_name" - or - name = "EC_GROUP_new_by_curve_name_ex" - or - name = "EC_GROUP_new_curve_GF2m" - or - name = "EC_GROUP_new_curve_GFp" - or - name = "EC_GROUP_new_from_ecparameters" - or - name = "EC_GROUP_new_from_ecpkparameters" - or - name = "EC_GROUP_new_from_params" - or - name = "EC_GROUP_order_bits" - or - name = "EC_GROUP_precompute_mult" - or - name = "EC_GROUP_set_asn1_flag" - or - name = "EC_GROUP_set_curve" - or - name = "EC_GROUP_set_curve_GF2m" - or - name = "EC_GROUP_set_curve_GFp" - or - name = "EC_GROUP_set_curve_name" - or - name = "EC_GROUP_set_generator" - or - name = "EC_GROUP_set_point_conversion_form" - or - name = "EC_GROUP_set_seed" - or - name = "EC_GROUP_to_params" - or - name = "EC_KEY_check_key" - or - name = "EC_KEY_clear_flags" - or - name = "EC_KEY_copy" - or - name = "EC_KEY_decoded_from_explicit_params" - or - name = "EC_KEY_dup" - or - name = "EC_KEY_free" - or - name = "EC_KEY_generate_key" - or - name = "EC_KEY_get0_engine" - or - name = "EC_KEY_get0_group" - or - name = "EC_KEY_get0_private_key" - or - name = "EC_KEY_get0_public_key" - or - name = "EC_KEY_get_conv_form" - or - name = "EC_KEY_get_enc_flags" - or - name = "EC_KEY_get_ex_data" - or - name = "EC_KEY_get_ex_new_index" - or - name = "EC_KEY_get_flags" - or - name = "EC_KEY_get_key_method_data" - or - name = "EC_KEY_get_method" - or - name = "EC_KEY_insert_key_method_data" - or - name = "EC_KEY_key2buf" - or - name = "EC_KEY_new" - or - name = "EC_KEY_new_by_curve_name" - or - name = "EC_KEY_new_by_curve_name_ex" - or - name = "EC_KEY_new_ex" - or - name = "EC_KEY_oct2key" - or - name = "EC_KEY_oct2priv" - or - name = "EC_KEY_precompute_mult" - or - name = "EC_KEY_priv2buf" - or - name = "EC_KEY_priv2oct" - or - name = "EC_KEY_set_asn1_flag" - or - name = "EC_KEY_set_conv_form" - or - name = "EC_KEY_set_enc_flags" - or - name = "EC_KEY_set_ex_data" - or - name = "EC_KEY_set_flags" - or - name = "EC_KEY_set_group" - or - name = "EC_KEY_set_method" - or - name = "EC_KEY_set_private_key" - or - name = "EC_KEY_set_public_key" - or - name = "EC_KEY_set_public_key_affine_coordinates" - or - name = "EC_KEY_up_ref" - or - name = "EC_METHOD_get_field_type" - or - name = "EC_POINT_add" - or - name = "EC_POINT_bn2point" - or - name = "EC_POINT_clear_free" - or - name = "EC_POINT_cmp" - or - name = "EC_POINT_copy" - or - name = "EC_POINT_dbl" - or - name = "EC_POINT_dup" - or - name = "EC_POINT_free" - or - name = "EC_POINT_get_Jprojective_coordinates_GFp" - or - name = "EC_POINT_get_affine_coordinates" - or - name = "EC_POINT_get_affine_coordinates_GF2m" - or - name = "EC_POINT_get_affine_coordinates_GFp" - or - name = "EC_POINT_hex2point" - or - name = "EC_POINT_invert" - or - name = "EC_POINT_is_at_infinity" - or - name = "EC_POINT_is_on_curve" - or - name = "EC_POINT_make_affine" - or - name = "EC_POINT_method_of" - or - name = "EC_POINT_mul" - or - name = "EC_POINT_new" - or - name = "EC_POINT_oct2point" - or - name = "EC_POINT_point2bn" - or - name = "EC_POINT_point2buf" - or - name = "EC_POINT_point2hex" - or - name = "EC_POINT_point2oct" - or - name = "EC_POINT_set_Jprojective_coordinates" - or - name = "EC_POINT_set_Jprojective_coordinates_GFp" - or - name = "EC_POINT_set_affine_coordinates" - or - name = "EC_POINT_set_affine_coordinates_GF2m" - or - name = "EC_POINT_set_affine_coordinates_GFp" - or - name = "EC_POINT_set_compressed_coordinates" - or - name = "EC_POINT_set_compressed_coordinates_GF2m" - or - name = "EC_POINT_set_compressed_coordinates_GFp" - or - name = "EC_POINT_set_to_infinity" - or - name = "EC_POINTs_make_affine" - or - name = "EC_POINTs_mul" - or - name = "EC_get_builtin_curves" - or - name = "EDIPARTYNAME_free" - or - name = "EDIPARTYNAME_new" - or - name = "ENGINE_add" - or - name = "ENGINE_add_conf_module" - or - name = "ENGINE_by_id" - or - name = "ENGINE_cleanup" - or - name = "ENGINE_cmd_is_executable" - or - name = "ENGINE_ctrl" - or - name = "ENGINE_ctrl_cmd" - or - name = "ENGINE_ctrl_cmd_string" - or - name = "ENGINE_finish" - or - name = "ENGINE_free" - or - name = "ENGINE_get_DH" - or - name = "ENGINE_get_DSA" - or - name = "ENGINE_get_RAND" - or - name = "ENGINE_get_RSA" - or - name = "ENGINE_get_cipher" - or - name = "ENGINE_get_cipher_engine" - or - name = "ENGINE_get_ciphers" - or - name = "ENGINE_get_cmd_defns" - or - name = "ENGINE_get_ctrl_function" - or - name = "ENGINE_get_default_DH" - or - name = "ENGINE_get_default_DSA" - or - name = "ENGINE_get_default_RAND" - or - name = "ENGINE_get_default_RSA" - or - name = "ENGINE_get_destroy_function" - or - name = "ENGINE_get_digest" - or - name = "ENGINE_get_digest_engine" - or - name = "ENGINE_get_digests" - or - name = "ENGINE_get_ex_data" - or - name = "ENGINE_get_ex_new_index" - or - name = "ENGINE_get_finish_function" - or - name = "ENGINE_get_first" - or - name = "ENGINE_get_flags" - or - name = "ENGINE_get_id" - or - name = "ENGINE_get_init_function" - or - name = "ENGINE_get_last" - or - name = "ENGINE_get_load_privkey_function" - or - name = "ENGINE_get_load_pubkey_function" - or - name = "ENGINE_get_name" - or - name = "ENGINE_get_next" - or - name = "ENGINE_get_prev" - or - name = "ENGINE_get_table_flags" - or - name = "ENGINE_init" - or - name = "ENGINE_load_builtin_engines" - or - name = "ENGINE_load_private_key" - or - name = "ENGINE_load_public_key" - or - name = "ENGINE_new" - or - name = "ENGINE_register_DH" - or - name = "ENGINE_register_DSA" - or - name = "ENGINE_register_RAND" - or - name = "ENGINE_register_RSA" - or - name = "ENGINE_register_all_DH" - or - name = "ENGINE_register_all_DSA" - or - name = "ENGINE_register_all_RAND" - or - name = "ENGINE_register_all_RSA" - or - name = "ENGINE_register_all_ciphers" - or - name = "ENGINE_register_all_complete" - or - name = "ENGINE_register_all_digests" - or - name = "ENGINE_register_ciphers" - or - name = "ENGINE_register_complete" - or - name = "ENGINE_register_digests" - or - name = "ENGINE_remove" - or - name = "ENGINE_set_DH" - or - name = "ENGINE_set_DSA" - or - name = "ENGINE_set_RAND" - or - name = "ENGINE_set_RSA" - or - name = "ENGINE_set_ciphers" - or - name = "ENGINE_set_cmd_defns" - or - name = "ENGINE_set_ctrl_function" - or - name = "ENGINE_set_default" - or - name = "ENGINE_set_default_DH" - or - name = "ENGINE_set_default_DSA" - or - name = "ENGINE_set_default_RAND" - or - name = "ENGINE_set_default_RSA" - or - name = "ENGINE_set_default_ciphers" - or - name = "ENGINE_set_default_digests" - or - name = "ENGINE_set_default_string" - or - name = "ENGINE_set_destroy_function" - or - name = "ENGINE_set_digests" - or - name = "ENGINE_set_ex_data" - or - name = "ENGINE_set_finish_function" - or - name = "ENGINE_set_flags" - or - name = "ENGINE_set_id" - or - name = "ENGINE_set_init_function" - or - name = "ENGINE_set_load_privkey_function" - or - name = "ENGINE_set_load_pubkey_function" - or - name = "ENGINE_set_name" - or - name = "ENGINE_set_table_flags" - or - name = "ENGINE_unregister_DH" - or - name = "ENGINE_unregister_DSA" - or - name = "ENGINE_unregister_RAND" - or - name = "ENGINE_unregister_RSA" - or - name = "ENGINE_unregister_ciphers" - or - name = "ENGINE_unregister_digests" - or - name = "ENGINE_up_ref" - or - name = "ERR_FATAL_ERROR" - or - name = "ERR_GET_FUNC" - or - name = "ERR_GET_LIB" - or - name = "ERR_GET_REASON" - or - name = "ERR_PACK" - or - name = "ERR_add_error_data" - or - name = "ERR_add_error_mem_bio" - or - name = "ERR_add_error_txt" - or - name = "ERR_add_error_vdata" - or - name = "ERR_clear_error" - or - name = "ERR_clear_last_mark" - or - name = "ERR_error_string" - or - name = "ERR_error_string_n" - or - name = "ERR_free_strings" - or - name = "ERR_func_error_string" - or - name = "ERR_get_error" - or - name = "ERR_get_error_all" - or - name = "ERR_get_error_line" - or - name = "ERR_get_error_line_data" - or - name = "ERR_get_next_error_library" - or - name = "ERR_lib_error_string" - or - name = "ERR_load_UI_strings" - or - name = "ERR_load_crypto_strings" - or - name = "ERR_load_strings" - or - name = "ERR_new" - or - name = "ERR_peek_error" - or - name = "ERR_peek_error_all" - or - name = "ERR_peek_error_data" - or - name = "ERR_peek_error_func" - or - name = "ERR_peek_error_line" - or - name = "ERR_peek_error_line_data" - or - name = "ERR_peek_last_error" - or - name = "ERR_peek_last_error_all" - or - name = "ERR_peek_last_error_data" - or - name = "ERR_peek_last_error_func" - or - name = "ERR_peek_last_error_line" - or - name = "ERR_peek_last_error_line_data" - or - name = "ERR_pop_to_mark" - or - name = "ERR_print_errors" - or - name = "ERR_print_errors_cb" - or - name = "ERR_print_errors_fp" - or - name = "ERR_put_error" - or - name = "ERR_raise" - or - name = "ERR_raise_data" - or - name = "ERR_reason_error_string" - or - name = "ERR_remove_state" - or - name = "ERR_remove_thread_state" - or - name = "ERR_set_debug" - or - name = "ERR_set_error" - or - name = "ERR_set_mark" - or - name = "ERR_vset_error" - or - name = "ESS_CERT_ID_V2_dup" - or - name = "ESS_CERT_ID_V2_free" - or - name = "ESS_CERT_ID_V2_new" - or - name = "ESS_CERT_ID_dup" - or - name = "ESS_CERT_ID_free" - or - name = "ESS_CERT_ID_new" - or - name = "ESS_ISSUER_SERIAL_dup" - or - name = "ESS_ISSUER_SERIAL_free" - or - name = "ESS_ISSUER_SERIAL_new" - or - name = "ESS_SIGNING_CERT_V2_dup" - or - name = "ESS_SIGNING_CERT_V2_free" - or - name = "ESS_SIGNING_CERT_V2_it" - or - name = "ESS_SIGNING_CERT_V2_new" - or - name = "ESS_SIGNING_CERT_dup" - or - name = "ESS_SIGNING_CERT_free" - or - name = "ESS_SIGNING_CERT_it" - or - name = "ESS_SIGNING_CERT_new" - or - name = "EVP_ASYM_CIPHER_do_all_provided" - or - name = "EVP_ASYM_CIPHER_fetch" - or - name = "EVP_ASYM_CIPHER_free" - or - name = "EVP_ASYM_CIPHER_get0_description" - or - name = "EVP_ASYM_CIPHER_get0_name" - or - name = "EVP_ASYM_CIPHER_get0_provider" - or - name = "EVP_ASYM_CIPHER_gettable_ctx_params" - or - name = "EVP_ASYM_CIPHER_is_a" - or - name = "EVP_ASYM_CIPHER_names_do_all" - or - name = "EVP_ASYM_CIPHER_settable_ctx_params" - or - name = "EVP_ASYM_CIPHER_up_ref" - or - name = "EVP_BytesToKey" - or - name = "EVP_CIPHER_CTX_block_size" - or - name = "EVP_CIPHER_CTX_cipher" - or - name = "EVP_CIPHER_CTX_cleanup" - or - name = "EVP_CIPHER_CTX_clear_flags" - or - name = "EVP_CIPHER_CTX_copy" - or - name = "EVP_CIPHER_CTX_ctrl" - or - name = "EVP_CIPHER_CTX_dup" - or - name = "EVP_CIPHER_CTX_encrypting" - or - name = "EVP_CIPHER_CTX_flags" - or - name = "EVP_CIPHER_CTX_free" - or - name = "EVP_CIPHER_CTX_get0_cipher" - or - name = "EVP_CIPHER_CTX_get0_name" - or - name = "EVP_CIPHER_CTX_get1_cipher" - or - name = "EVP_CIPHER_CTX_get_app_data" - or - name = "EVP_CIPHER_CTX_get_block_size" - or - name = "EVP_CIPHER_CTX_get_cipher_data" - or - name = "EVP_CIPHER_CTX_get_iv_length" - or - name = "EVP_CIPHER_CTX_get_key_length" - or - name = "EVP_CIPHER_CTX_get_mode" - or - name = "EVP_CIPHER_CTX_get_nid" - or - name = "EVP_CIPHER_CTX_get_num" - or - name = "EVP_CIPHER_CTX_get_original_iv" - or - name = "EVP_CIPHER_CTX_get_params" - or - name = "EVP_CIPHER_CTX_get_tag_length" - or - name = "EVP_CIPHER_CTX_get_type" - or - name = "EVP_CIPHER_CTX_get_updated_iv" - or - name = "EVP_CIPHER_CTX_gettable_params" - or - name = "EVP_CIPHER_CTX_init" - or - name = "EVP_CIPHER_CTX_is_encrypting" - or - name = "EVP_CIPHER_CTX_iv" - or - name = "EVP_CIPHER_CTX_iv_length" - or - name = "EVP_CIPHER_CTX_iv_noconst" - or - name = "EVP_CIPHER_CTX_key_length" - or - name = "EVP_CIPHER_CTX_mode" - or - name = "EVP_CIPHER_CTX_new" - or - name = "EVP_CIPHER_CTX_nid" - or - name = "EVP_CIPHER_CTX_num" - or - name = "EVP_CIPHER_CTX_original_iv" - or - name = "EVP_CIPHER_CTX_reset" - or - name = "EVP_CIPHER_CTX_set_app_data" - or - name = "EVP_CIPHER_CTX_set_cipher_data" - or - name = "EVP_CIPHER_CTX_set_flags" - or - name = "EVP_CIPHER_CTX_set_key_length" - or - name = "EVP_CIPHER_CTX_set_num" - or - name = "EVP_CIPHER_CTX_set_padding" - or - name = "EVP_CIPHER_CTX_set_params" - or - name = "EVP_CIPHER_CTX_settable_params" - or - name = "EVP_CIPHER_CTX_tag_length" - or - name = "EVP_CIPHER_CTX_test_flags" - or - name = "EVP_CIPHER_CTX_type" - or - name = "EVP_CIPHER_asn1_to_param" - or - name = "EVP_CIPHER_block_size" - or - name = "EVP_CIPHER_do_all_provided" - or - name = "EVP_CIPHER_fetch" - or - name = "EVP_CIPHER_flags" - or - name = "EVP_CIPHER_free" - or - name = "EVP_CIPHER_get0_description" - or - name = "EVP_CIPHER_get0_name" - or - name = "EVP_CIPHER_get0_provider" - or - name = "EVP_CIPHER_get_block_size" - or - name = "EVP_CIPHER_get_flags" - or - name = "EVP_CIPHER_get_iv_length" - or - name = "EVP_CIPHER_get_key_length" - or - name = "EVP_CIPHER_get_mode" - or - name = "EVP_CIPHER_get_nid" - or - name = "EVP_CIPHER_get_params" - or - name = "EVP_CIPHER_get_type" - or - name = "EVP_CIPHER_gettable_ctx_params" - or - name = "EVP_CIPHER_gettable_params" - or - name = "EVP_CIPHER_is_a" - or - name = "EVP_CIPHER_iv_length" - or - name = "EVP_CIPHER_key_length" - or - name = "EVP_CIPHER_meth_dup" - or - name = "EVP_CIPHER_meth_free" - or - name = "EVP_CIPHER_meth_get_cleanup" - or - name = "EVP_CIPHER_meth_get_ctrl" - or - name = "EVP_CIPHER_meth_get_do_cipher" - or - name = "EVP_CIPHER_meth_get_get_asn1_params" - or - name = "EVP_CIPHER_meth_get_init" - or - name = "EVP_CIPHER_meth_get_set_asn1_params" - or - name = "EVP_CIPHER_meth_new" - or - name = "EVP_CIPHER_meth_set_cleanup" - or - name = "EVP_CIPHER_meth_set_ctrl" - or - name = "EVP_CIPHER_meth_set_do_cipher" - or - name = "EVP_CIPHER_meth_set_flags" - or - name = "EVP_CIPHER_meth_set_get_asn1_params" - or - name = "EVP_CIPHER_meth_set_impl_ctx_size" - or - name = "EVP_CIPHER_meth_set_init" - or - name = "EVP_CIPHER_meth_set_iv_length" - or - name = "EVP_CIPHER_meth_set_set_asn1_params" - or - name = "EVP_CIPHER_mode" - or - name = "EVP_CIPHER_name" - or - name = "EVP_CIPHER_names_do_all" - or - name = "EVP_CIPHER_nid" - or - name = "EVP_CIPHER_param_to_asn1" - or - name = "EVP_CIPHER_settable_ctx_params" - or - name = "EVP_CIPHER_type" - or - name = "EVP_CIPHER_up_ref" - or - name = "EVP_Cipher" - or - name = "EVP_CipherFinal" - or - name = "EVP_CipherFinal_ex" - or - name = "EVP_CipherInit" - or - name = "EVP_CipherInit_ex" - or - name = "EVP_CipherInit_ex2" - or - name = "EVP_CipherUpdate" - or - name = "EVP_DecodeBlock" - or - name = "EVP_DecodeFinal" - or - name = "EVP_DecodeInit" - or - name = "EVP_DecodeUpdate" - or - name = "EVP_DecryptFinal" - or - name = "EVP_DecryptFinal_ex" - or - name = "EVP_DecryptInit" - or - name = "EVP_DecryptInit_ex" - or - name = "EVP_DecryptInit_ex2" - or - name = "EVP_DecryptUpdate" - or - name = "EVP_Digest" - or - name = "EVP_DigestFinal" - or - name = "EVP_DigestFinalXOF" - or - name = "EVP_DigestFinal_ex" - or - name = "EVP_DigestInit" - or - name = "EVP_DigestInit_ex" - or - name = "EVP_DigestInit_ex2" - or - name = "EVP_DigestSign" - or - name = "EVP_DigestSignFinal" - or - name = "EVP_DigestSignInit" - or - name = "EVP_DigestSignInit_ex" - or - name = "EVP_DigestSignUpdate" - or - name = "EVP_DigestUpdate" - or - name = "EVP_DigestVerify" - or - name = "EVP_DigestVerifyFinal" - or - name = "EVP_DigestVerifyInit" - or - name = "EVP_DigestVerifyInit_ex" - or - name = "EVP_DigestVerifyUpdate" - or - name = "EVP_EC_gen" - or - name = "EVP_ENCODE_CTX_copy" - or - name = "EVP_ENCODE_CTX_free" - or - name = "EVP_ENCODE_CTX_new" - or - name = "EVP_ENCODE_CTX_num" - or - name = "EVP_EncodeBlock" - or - name = "EVP_EncodeFinal" - or - name = "EVP_EncodeInit" - or - name = "EVP_EncodeUpdate" - or - name = "EVP_EncryptFinal" - or - name = "EVP_EncryptFinal_ex" - or - name = "EVP_EncryptInit" - or - name = "EVP_EncryptInit_ex" - or - name = "EVP_EncryptInit_ex2" - or - name = "EVP_EncryptUpdate" - or - name = "EVP_KDF" - or - name = "EVP_KDF_CTX" - or - name = "EVP_KDF_CTX_dup" - or - name = "EVP_KDF_CTX_free" - or - name = "EVP_KDF_CTX_get_kdf_size" - or - name = "EVP_KDF_CTX_get_params" - or - name = "EVP_KDF_CTX_gettable_params" - or - name = "EVP_KDF_CTX_kdf" - or - name = "EVP_KDF_CTX_new" - or - name = "EVP_KDF_CTX_reset" - or - name = "EVP_KDF_CTX_set_params" - or - name = "EVP_KDF_CTX_settable_params" - or - name = "EVP_KDF_derive" - or - name = "EVP_KDF_do_all_provided" - or - name = "EVP_KDF_fetch" - or - name = "EVP_KDF_free" - or - name = "EVP_KDF_get0_description" - or - name = "EVP_KDF_get0_name" - or - name = "EVP_KDF_get0_provider" - or - name = "EVP_KDF_get_params" - or - name = "EVP_KDF_gettable_ctx_params" - or - name = "EVP_KDF_gettable_params" - or - name = "EVP_KDF_is_a" - or - name = "EVP_KDF_names_do_all" - or - name = "EVP_KDF_settable_ctx_params" - or - name = "EVP_KDF_up_ref" - or - name = "EVP_KEM_do_all_provided" - or - name = "EVP_KEM_fetch" - or - name = "EVP_KEM_free" - or - name = "EVP_KEM_get0_description" - or - name = "EVP_KEM_get0_name" - or - name = "EVP_KEM_get0_provider" - or - name = "EVP_KEM_gettable_ctx_params" - or - name = "EVP_KEM_is_a" - or - name = "EVP_KEM_names_do_all" - or - name = "EVP_KEM_settable_ctx_params" - or - name = "EVP_KEM_up_ref" - or - name = "EVP_KEYEXCH_do_all_provided" - or - name = "EVP_KEYEXCH_fetch" - or - name = "EVP_KEYEXCH_free" - or - name = "EVP_KEYEXCH_get0_description" - or - name = "EVP_KEYEXCH_get0_name" - or - name = "EVP_KEYEXCH_get0_provider" - or - name = "EVP_KEYEXCH_gettable_ctx_params" - or - name = "EVP_KEYEXCH_is_a" - or - name = "EVP_KEYEXCH_names_do_all" - or - name = "EVP_KEYEXCH_settable_ctx_params" - or - name = "EVP_KEYEXCH_up_ref" - or - name = "EVP_KEYMGMT" - or - name = "EVP_KEYMGMT_do_all_provided" - or - name = "EVP_KEYMGMT_fetch" - or - name = "EVP_KEYMGMT_free" - or - name = "EVP_KEYMGMT_gen_settable_params" - or - name = "EVP_KEYMGMT_get0_description" - or - name = "EVP_KEYMGMT_get0_name" - or - name = "EVP_KEYMGMT_get0_provider" - or - name = "EVP_KEYMGMT_gettable_params" - or - name = "EVP_KEYMGMT_is_a" - or - name = "EVP_KEYMGMT_names_do_all" - or - name = "EVP_KEYMGMT_settable_params" - or - name = "EVP_KEYMGMT_up_ref" - or - name = "EVP_MAC" - or - name = "EVP_MAC_CTX" - or - name = "EVP_MAC_CTX_dup" - or - name = "EVP_MAC_CTX_free" - or - name = "EVP_MAC_CTX_get0_mac" - or - name = "EVP_MAC_CTX_get_block_size" - or - name = "EVP_MAC_CTX_get_mac_size" - or - name = "EVP_MAC_CTX_get_params" - or - name = "EVP_MAC_CTX_gettable_params" - or - name = "EVP_MAC_CTX_new" - or - name = "EVP_MAC_CTX_set_params" - or - name = "EVP_MAC_CTX_settable_params" - or - name = "EVP_MAC_do_all_provided" - or - name = "EVP_MAC_fetch" - or - name = "EVP_MAC_final" - or - name = "EVP_MAC_finalXOF" - or - name = "EVP_MAC_free" - or - name = "EVP_MAC_get0_description" - or - name = "EVP_MAC_get0_name" - or - name = "EVP_MAC_get0_provider" - or - name = "EVP_MAC_get_params" - or - name = "EVP_MAC_gettable_ctx_params" - or - name = "EVP_MAC_gettable_params" - or - name = "EVP_MAC_init" - or - name = "EVP_MAC_is_a" - or - name = "EVP_MAC_names_do_all" - or - name = "EVP_MAC_settable_ctx_params" - or - name = "EVP_MAC_up_ref" - or - name = "EVP_MAC_update" - or - name = "EVP_MAX_MD_SIZE" - or - name = "EVP_MD_CTX_block_size" - or - name = "EVP_MD_CTX_cleanup" - or - name = "EVP_MD_CTX_clear_flags" - or - name = "EVP_MD_CTX_copy" - or - name = "EVP_MD_CTX_copy_ex" - or - name = "EVP_MD_CTX_create" - or - name = "EVP_MD_CTX_ctrl" - or - name = "EVP_MD_CTX_destroy" - or - name = "EVP_MD_CTX_dup" - or - name = "EVP_MD_CTX_free" - or - name = "EVP_MD_CTX_get0_md" - or - name = "EVP_MD_CTX_get0_md_data" - or - name = "EVP_MD_CTX_get0_name" - or - name = "EVP_MD_CTX_get1_md" - or - name = "EVP_MD_CTX_get_block_size" - or - name = "EVP_MD_CTX_get_params" - or - name = "EVP_MD_CTX_get_pkey_ctx" - or - name = "EVP_MD_CTX_get_size" - or - name = "EVP_MD_CTX_get_type" - or - name = "EVP_MD_CTX_gettable_params" - or - name = "EVP_MD_CTX_init" - or - name = "EVP_MD_CTX_md" - or - name = "EVP_MD_CTX_md_data" - or - name = "EVP_MD_CTX_new" - or - name = "EVP_MD_CTX_pkey_ctx" - or - name = "EVP_MD_CTX_reset" - or - name = "EVP_MD_CTX_set_flags" - or - name = "EVP_MD_CTX_set_params" - or - name = "EVP_MD_CTX_set_pkey_ctx" - or - name = "EVP_MD_CTX_set_update_fn" - or - name = "EVP_MD_CTX_settable_params" - or - name = "EVP_MD_CTX_size" - or - name = "EVP_MD_CTX_test_flags" - or - name = "EVP_MD_CTX_type" - or - name = "EVP_MD_CTX_update_fn" - or - name = "EVP_MD_block_size" - or - name = "EVP_MD_do_all_provided" - or - name = "EVP_MD_fetch" - or - name = "EVP_MD_flags" - or - name = "EVP_MD_free" - or - name = "EVP_MD_get0_description" - or - name = "EVP_MD_get0_name" - or - name = "EVP_MD_get0_provider" - or - name = "EVP_MD_get_block_size" - or - name = "EVP_MD_get_flags" - or - name = "EVP_MD_get_params" - or - name = "EVP_MD_get_pkey_type" - or - name = "EVP_MD_get_size" - or - name = "EVP_MD_get_type" - or - name = "EVP_MD_gettable_ctx_params" - or - name = "EVP_MD_gettable_params" - or - name = "EVP_MD_is_a" - or - name = "EVP_MD_meth_dup" - or - name = "EVP_MD_meth_free" - or - name = "EVP_MD_meth_get_app_datasize" - or - name = "EVP_MD_meth_get_cleanup" - or - name = "EVP_MD_meth_get_copy" - or - name = "EVP_MD_meth_get_ctrl" - or - name = "EVP_MD_meth_get_final" - or - name = "EVP_MD_meth_get_flags" - or - name = "EVP_MD_meth_get_init" - or - name = "EVP_MD_meth_get_input_blocksize" - or - name = "EVP_MD_meth_get_result_size" - or - name = "EVP_MD_meth_get_update" - or - name = "EVP_MD_meth_new" - or - name = "EVP_MD_meth_set_app_datasize" - or - name = "EVP_MD_meth_set_cleanup" - or - name = "EVP_MD_meth_set_copy" - or - name = "EVP_MD_meth_set_ctrl" - or - name = "EVP_MD_meth_set_final" - or - name = "EVP_MD_meth_set_flags" - or - name = "EVP_MD_meth_set_init" - or - name = "EVP_MD_meth_set_input_blocksize" - or - name = "EVP_MD_meth_set_result_size" - or - name = "EVP_MD_meth_set_update" - or - name = "EVP_MD_name" - or - name = "EVP_MD_names_do_all" - or - name = "EVP_MD_nid" - or - name = "EVP_MD_pkey_type" - or - name = "EVP_MD_settable_ctx_params" - or - name = "EVP_MD_size" - or - name = "EVP_MD_type" - or - name = "EVP_MD_up_ref" - or - name = "EVP_OpenFinal" - or - name = "EVP_OpenInit" - or - name = "EVP_OpenUpdate" - or - name = "EVP_PBE_CipherInit" - or - name = "EVP_PBE_CipherInit_ex" - or - name = "EVP_PBE_alg_add" - or - name = "EVP_PBE_alg_add_type" - or - name = "EVP_PBE_find" - or - name = "EVP_PBE_find_ex" - or - name = "EVP_PBE_scrypt" - or - name = "EVP_PBE_scrypt_ex" - or - name = "EVP_PKCS82PKEY" - or - name = "EVP_PKCS82PKEY_ex" - or - name = "EVP_PKEVP_PKEY_CTX_set_app_data" - or - name = "EVP_PKEY" - or - name = "EVP_PKEY2PKCS8" - or - name = "EVP_PKEY_ASN1_METHOD" - or - name = "EVP_PKEY_CTX_add1_hkdf_info" - or - name = "EVP_PKEY_CTX_add1_tls1_prf_seed" - or - name = "EVP_PKEY_CTX_ctrl" - or - name = "EVP_PKEY_CTX_ctrl_str" - or - name = "EVP_PKEY_CTX_ctrl_uint64" - or - name = "EVP_PKEY_CTX_dup" - or - name = "EVP_PKEY_CTX_free" - or - name = "EVP_PKEY_CTX_get0_dh_kdf_oid" - or - name = "EVP_PKEY_CTX_get0_dh_kdf_ukm" - or - name = "EVP_PKEY_CTX_get0_ecdh_kdf_ukm" - or - name = "EVP_PKEY_CTX_get0_libctx" - or - name = "EVP_PKEY_CTX_get0_peerkey" - or - name = "EVP_PKEY_CTX_get0_pkey" - or - name = "EVP_PKEY_CTX_get0_propq" - or - name = "EVP_PKEY_CTX_get0_provider" - or - name = "EVP_PKEY_CTX_get0_rsa_oaep_label" - or - name = "EVP_PKEY_CTX_get1_id" - or - name = "EVP_PKEY_CTX_get1_id_len" - or - name = "EVP_PKEY_CTX_get_app_data" - or - name = "EVP_PKEY_CTX_get_cb" - or - name = "EVP_PKEY_CTX_get_dh_kdf_md" - or - name = "EVP_PKEY_CTX_get_dh_kdf_outlen" - or - name = "EVP_PKEY_CTX_get_dh_kdf_type" - or - name = "EVP_PKEY_CTX_get_ecdh_cofactor_mode" - or - name = "EVP_PKEY_CTX_get_ecdh_kdf_md" - or - name = "EVP_PKEY_CTX_get_ecdh_kdf_outlen" - or - name = "EVP_PKEY_CTX_get_ecdh_kdf_type" - or - name = "EVP_PKEY_CTX_get_group_name" - or - name = "EVP_PKEY_CTX_get_keygen_info" - or - name = "EVP_PKEY_CTX_get_params" - or - name = "EVP_PKEY_CTX_get_rsa_mgf1_md" - or - name = "EVP_PKEY_CTX_get_rsa_mgf1_md_name" - or - name = "EVP_PKEY_CTX_get_rsa_oaep_md" - or - name = "EVP_PKEY_CTX_get_rsa_oaep_md_name" - or - name = "EVP_PKEY_CTX_get_rsa_padding" - or - name = "EVP_PKEY_CTX_get_rsa_pss_saltlen" - or - name = "EVP_PKEY_CTX_get_signature_md" - or - name = "EVP_PKEY_CTX_gettable_params" - or - name = "EVP_PKEY_CTX_hkdf_mode" - or - name = "EVP_PKEY_CTX_is_a" - or - name = "EVP_PKEY_CTX_md" - or - name = "EVP_PKEY_CTX_new" - or - name = "EVP_PKEY_CTX_new_from_name" - or - name = "EVP_PKEY_CTX_new_from_pkey" - or - name = "EVP_PKEY_CTX_new_id" - or - name = "EVP_PKEY_CTX_set0_dh_kdf_oid" - or - name = "EVP_PKEY_CTX_set0_dh_kdf_ukm" - or - name = "EVP_PKEY_CTX_set0_ecdh_kdf_ukm" - or - name = "EVP_PKEY_CTX_set0_rsa_oaep_label" - or - name = "EVP_PKEY_CTX_set1_hkdf_key" - or - name = "EVP_PKEY_CTX_set1_hkdf_salt" - or - name = "EVP_PKEY_CTX_set1_id" - or - name = "EVP_PKEY_CTX_set1_pbe_pass" - or - name = "EVP_PKEY_CTX_set1_rsa_keygen_pubexp" - or - name = "EVP_PKEY_CTX_set1_scrypt_salt" - or - name = "EVP_PKEY_CTX_set1_tls1_prf_secret" - or - name = "EVP_PKEY_CTX_set_app_data" - or - name = "EVP_PKEY_CTX_set_cb" - or - name = "EVP_PKEY_CTX_set_dh_kdf_md" - or - name = "EVP_PKEY_CTX_set_dh_kdf_outlen" - or - name = "EVP_PKEY_CTX_set_dh_kdf_type" - or - name = "EVP_PKEY_CTX_set_dh_nid" - or - name = "EVP_PKEY_CTX_set_dh_pad" - or - name = "EVP_PKEY_CTX_set_dh_paramgen_generator" - or - name = "EVP_PKEY_CTX_set_dh_paramgen_gindex" - or - name = "EVP_PKEY_CTX_set_dh_paramgen_prime_len" - or - name = "EVP_PKEY_CTX_set_dh_paramgen_seed" - or - name = "EVP_PKEY_CTX_set_dh_paramgen_subprime_len" - or - name = "EVP_PKEY_CTX_set_dh_paramgen_type" - or - name = "EVP_PKEY_CTX_set_dh_rfc5114" - or - name = "EVP_PKEY_CTX_set_dhx_rfc5114" - or - name = "EVP_PKEY_CTX_set_dsa_paramgen_bits" - or - name = "EVP_PKEY_CTX_set_dsa_paramgen_gindex" - or - name = "EVP_PKEY_CTX_set_dsa_paramgen_md" - or - name = "EVP_PKEY_CTX_set_dsa_paramgen_md_props" - or - name = "EVP_PKEY_CTX_set_dsa_paramgen_q_bits" - or - name = "EVP_PKEY_CTX_set_dsa_paramgen_seed" - or - name = "EVP_PKEY_CTX_set_dsa_paramgen_type" - or - name = "EVP_PKEY_CTX_set_ec_param_enc" - or - name = "EVP_PKEY_CTX_set_ec_paramgen_curve_nid" - or - name = "EVP_PKEY_CTX_set_ecdh_cofactor_mode" - or - name = "EVP_PKEY_CTX_set_ecdh_kdf_md" - or - name = "EVP_PKEY_CTX_set_ecdh_kdf_outlen" - or - name = "EVP_PKEY_CTX_set_ecdh_kdf_type" - or - name = "EVP_PKEY_CTX_set_group_name" - or - name = "EVP_PKEY_CTX_set_hkdf_md" - or - name = "EVP_PKEY_CTX_set_hkdf_mode" - or - name = "EVP_PKEY_CTX_set_kem_op" - or - name = "EVP_PKEY_CTX_set_mac_key" - or - name = "EVP_PKEY_CTX_set_params" - or - name = "EVP_PKEY_CTX_set_rsa_keygen_bits" - or - name = "EVP_PKEY_CTX_set_rsa_keygen_primes" - or - name = "EVP_PKEY_CTX_set_rsa_keygen_pubexp" - or - name = "EVP_PKEY_CTX_set_rsa_mgf1_md" - or - name = "EVP_PKEY_CTX_set_rsa_mgf1_md_name" - or - name = "EVP_PKEY_CTX_set_rsa_oaep_md" - or - name = "EVP_PKEY_CTX_set_rsa_oaep_md_name" - or - name = "EVP_PKEY_CTX_set_rsa_padding" - or - name = "EVP_PKEY_CTX_set_rsa_pss_keygen_md" - or - name = "EVP_PKEY_CTX_set_rsa_pss_keygen_md_name" - or - name = "EVP_PKEY_CTX_set_rsa_pss_keygen_mgf1_md" - or - name = "EVP_PKEY_CTX_set_rsa_pss_keygen_mgf1_md_name" - or - name = "EVP_PKEY_CTX_set_rsa_pss_keygen_saltlen" - or - name = "EVP_PKEY_CTX_set_rsa_pss_saltlen" - or - name = "EVP_PKEY_CTX_set_rsa_rsa_keygen_bits" - or - name = "EVP_PKEY_CTX_set_scrypt_N" - or - name = "EVP_PKEY_CTX_set_scrypt_maxmem_bytes" - or - name = "EVP_PKEY_CTX_set_scrypt_p" - or - name = "EVP_PKEY_CTX_set_scrypt_r" - or - name = "EVP_PKEY_CTX_set_signature_md" - or - name = "EVP_PKEY_CTX_set_tls1_prf_md" - or - name = "EVP_PKEY_CTX_settable_params" - or - name = "EVP_PKEY_METHOD" - or - name = "EVP_PKEY_Q_keygen" - or - name = "EVP_PKEY_asn1_add0" - or - name = "EVP_PKEY_asn1_add_alias" - or - name = "EVP_PKEY_asn1_copy" - or - name = "EVP_PKEY_asn1_find" - or - name = "EVP_PKEY_asn1_find_str" - or - name = "EVP_PKEY_asn1_free" - or - name = "EVP_PKEY_asn1_get0" - or - name = "EVP_PKEY_asn1_get0_info" - or - name = "EVP_PKEY_asn1_get_count" - or - name = "EVP_PKEY_asn1_new" - or - name = "EVP_PKEY_asn1_set_check" - or - name = "EVP_PKEY_asn1_set_ctrl" - or - name = "EVP_PKEY_asn1_set_free" - or - name = "EVP_PKEY_asn1_set_get_priv_key" - or - name = "EVP_PKEY_asn1_set_get_pub_key" - or - name = "EVP_PKEY_asn1_set_item" - or - name = "EVP_PKEY_asn1_set_param" - or - name = "EVP_PKEY_asn1_set_param_check" - or - name = "EVP_PKEY_asn1_set_private" - or - name = "EVP_PKEY_asn1_set_public" - or - name = "EVP_PKEY_asn1_set_public_check" - or - name = "EVP_PKEY_asn1_set_security_bits" - or - name = "EVP_PKEY_asn1_set_set_priv_key" - or - name = "EVP_PKEY_asn1_set_set_pub_key" - or - name = "EVP_PKEY_asn1_set_siginf" - or - name = "EVP_PKEY_assign_DH" - or - name = "EVP_PKEY_assign_DSA" - or - name = "EVP_PKEY_assign_EC_KEY" - or - name = "EVP_PKEY_assign_POLY1305" - or - name = "EVP_PKEY_assign_RSA" - or - name = "EVP_PKEY_assign_SIPHASH" - or - name = "EVP_PKEY_auth_decapsulate_init" - or - name = "EVP_PKEY_auth_encapsulate_init" - or - name = "EVP_PKEY_base_id" - or - name = "EVP_PKEY_bits" - or - name = "EVP_PKEY_can_sign" - or - name = "EVP_PKEY_check" - or - name = "EVP_PKEY_cmp" - or - name = "EVP_PKEY_cmp_parameters" - or - name = "EVP_PKEY_copy_parameters" - or - name = "EVP_PKEY_decapsulate" - or - name = "EVP_PKEY_decapsulate_init" - or - name = "EVP_PKEY_decrypt" - or - name = "EVP_PKEY_decrypt_init" - or - name = "EVP_PKEY_decrypt_init_ex" - or - name = "EVP_PKEY_derive" - or - name = "EVP_PKEY_derive_init" - or - name = "EVP_PKEY_derive_init_ex" - or - name = "EVP_PKEY_derive_set_peer" - or - name = "EVP_PKEY_derive_set_peer_ex" - or - name = "EVP_PKEY_digestsign_supports_digest" - or - name = "EVP_PKEY_dup" - or - name = "EVP_PKEY_encapsulate" - or - name = "EVP_PKEY_encapsulate_init" - or - name = "EVP_PKEY_encrypt" - or - name = "EVP_PKEY_encrypt_init" - or - name = "EVP_PKEY_encrypt_init_ex" - or - name = "EVP_PKEY_eq" - or - name = "EVP_PKEY_export" - or - name = "EVP_PKEY_free" - or - name = "EVP_PKEY_fromdata" - or - name = "EVP_PKEY_fromdata_init" - or - name = "EVP_PKEY_fromdata_settable" - or - name = "EVP_PKEY_gen_cb" - or - name = "EVP_PKEY_generate" - or - name = "EVP_PKEY_get0" - or - name = "EVP_PKEY_get0_DH" - or - name = "EVP_PKEY_get0_DSA" - or - name = "EVP_PKEY_get0_EC_KEY" - or - name = "EVP_PKEY_get0_RSA" - or - name = "EVP_PKEY_get0_asn1" - or - name = "EVP_PKEY_get0_description" - or - name = "EVP_PKEY_get0_engine" - or - name = "EVP_PKEY_get0_hmac" - or - name = "EVP_PKEY_get0_poly1305" - or - name = "EVP_PKEY_get0_provider" - or - name = "EVP_PKEY_get0_siphash" - or - name = "EVP_PKEY_get0_type_name" - or - name = "EVP_PKEY_get1_DH" - or - name = "EVP_PKEY_get1_DSA" - or - name = "EVP_PKEY_get1_EC_KEY" - or - name = "EVP_PKEY_get1_RSA" - or - name = "EVP_PKEY_get1_encoded_public_key" - or - name = "EVP_PKEY_get1_tls_encodedpoint" - or - name = "EVP_PKEY_get_base_id" - or - name = "EVP_PKEY_get_bits" - or - name = "EVP_PKEY_get_bn_param" - or - name = "EVP_PKEY_get_default_digest" - or - name = "EVP_PKEY_get_default_digest_name" - or - name = "EVP_PKEY_get_default_digest_nid" - or - name = "EVP_PKEY_get_ec_point_conv_form" - or - name = "EVP_PKEY_get_ex_data" - or - name = "EVP_PKEY_get_ex_new_index" - or - name = "EVP_PKEY_get_field_type" - or - name = "EVP_PKEY_get_group_name" - or - name = "EVP_PKEY_get_id" - or - name = "EVP_PKEY_get_int_param" - or - name = "EVP_PKEY_get_octet_string_param" - or - name = "EVP_PKEY_get_params" - or - name = "EVP_PKEY_get_raw_private_key" - or - name = "EVP_PKEY_get_raw_public_key" - or - name = "EVP_PKEY_get_security_bits" - or - name = "EVP_PKEY_get_size" - or - name = "EVP_PKEY_get_size_t_param" - or - name = "EVP_PKEY_get_utf8_string_param" - or - name = "EVP_PKEY_gettable_params" - or - name = "EVP_PKEY_id" - or - name = "EVP_PKEY_is_a" - or - name = "EVP_PKEY_keygen" - or - name = "EVP_PKEY_keygen_init" - or - name = "EVP_PKEY_meth_add0" - or - name = "EVP_PKEY_meth_copy" - or - name = "EVP_PKEY_meth_find" - or - name = "EVP_PKEY_meth_free" - or - name = "EVP_PKEY_meth_get0" - or - name = "EVP_PKEY_meth_get0_info" - or - name = "EVP_PKEY_meth_get_check" - or - name = "EVP_PKEY_meth_get_cleanup" - or - name = "EVP_PKEY_meth_get_copy" - or - name = "EVP_PKEY_meth_get_count" - or - name = "EVP_PKEY_meth_get_ctrl" - or - name = "EVP_PKEY_meth_get_decrypt" - or - name = "EVP_PKEY_meth_get_derive" - or - name = "EVP_PKEY_meth_get_digest_custom" - or - name = "EVP_PKEY_meth_get_digestsign" - or - name = "EVP_PKEY_meth_get_digestverify" - or - name = "EVP_PKEY_meth_get_encrypt" - or - name = "EVP_PKEY_meth_get_init" - or - name = "EVP_PKEY_meth_get_keygen" - or - name = "EVP_PKEY_meth_get_param_check" - or - name = "EVP_PKEY_meth_get_paramgen" - or - name = "EVP_PKEY_meth_get_public_check" - or - name = "EVP_PKEY_meth_get_sign" - or - name = "EVP_PKEY_meth_get_signctx" - or - name = "EVP_PKEY_meth_get_verify" - or - name = "EVP_PKEY_meth_get_verify_recover" - or - name = "EVP_PKEY_meth_get_verifyctx" - or - name = "EVP_PKEY_meth_new" - or - name = "EVP_PKEY_meth_remove" - or - name = "EVP_PKEY_meth_set_check" - or - name = "EVP_PKEY_meth_set_cleanup" - or - name = "EVP_PKEY_meth_set_copy" - or - name = "EVP_PKEY_meth_set_ctrl" - or - name = "EVP_PKEY_meth_set_decrypt" - or - name = "EVP_PKEY_meth_set_derive" - or - name = "EVP_PKEY_meth_set_digest_custom" - or - name = "EVP_PKEY_meth_set_digestsign" - or - name = "EVP_PKEY_meth_set_digestverify" - or - name = "EVP_PKEY_meth_set_encrypt" - or - name = "EVP_PKEY_meth_set_init" - or - name = "EVP_PKEY_meth_set_keygen" - or - name = "EVP_PKEY_meth_set_param_check" - or - name = "EVP_PKEY_meth_set_paramgen" - or - name = "EVP_PKEY_meth_set_public_check" - or - name = "EVP_PKEY_meth_set_sign" - or - name = "EVP_PKEY_meth_set_signctx" - or - name = "EVP_PKEY_meth_set_verify" - or - name = "EVP_PKEY_meth_set_verify_recover" - or - name = "EVP_PKEY_meth_set_verifyctx" - or - name = "EVP_PKEY_missing_parameters" - or - name = "EVP_PKEY_new" - or - name = "EVP_PKEY_new_CMAC_key" - or - name = "EVP_PKEY_new_mac_key" - or - name = "EVP_PKEY_new_raw_private_key" - or - name = "EVP_PKEY_new_raw_private_key_ex" - or - name = "EVP_PKEY_new_raw_public_key" - or - name = "EVP_PKEY_new_raw_public_key_ex" - or - name = "EVP_PKEY_pairwise_check" - or - name = "EVP_PKEY_param_check" - or - name = "EVP_PKEY_param_check_quick" - or - name = "EVP_PKEY_parameters_eq" - or - name = "EVP_PKEY_paramgen" - or - name = "EVP_PKEY_paramgen_init" - or - name = "EVP_PKEY_print_params" - or - name = "EVP_PKEY_print_params_fp" - or - name = "EVP_PKEY_print_private" - or - name = "EVP_PKEY_print_private_fp" - or - name = "EVP_PKEY_print_public" - or - name = "EVP_PKEY_print_public_fp" - or - name = "EVP_PKEY_private_check" - or - name = "EVP_PKEY_public_check" - or - name = "EVP_PKEY_public_check_quick" - or - name = "EVP_PKEY_security_bits" - or - name = "EVP_PKEY_set1_DH" - or - name = "EVP_PKEY_set1_DSA" - or - name = "EVP_PKEY_set1_EC_KEY" - or - name = "EVP_PKEY_set1_RSA" - or - name = "EVP_PKEY_set1_encoded_public_key" - or - name = "EVP_PKEY_set1_engine" - or - name = "EVP_PKEY_set1_tls_encodedpoint" - or - name = "EVP_PKEY_set_alias_type" - or - name = "EVP_PKEY_set_bn_param" - or - name = "EVP_PKEY_set_ex_data" - or - name = "EVP_PKEY_set_int_param" - or - name = "EVP_PKEY_set_octet_string_param" - or - name = "EVP_PKEY_set_params" - or - name = "EVP_PKEY_set_size_t_param" - or - name = "EVP_PKEY_set_type" - or - name = "EVP_PKEY_set_type_by_keymgmt" - or - name = "EVP_PKEY_set_type_str" - or - name = "EVP_PKEY_set_utf8_string_param" - or - name = "EVP_PKEY_settable_params" - or - name = "EVP_PKEY_sign" - or - name = "EVP_PKEY_sign_init" - or - name = "EVP_PKEY_sign_init_ex" - or - name = "EVP_PKEY_size" - or - name = "EVP_PKEY_todata" - or - name = "EVP_PKEY_type" - or - name = "EVP_PKEY_type_names_do_all" - or - name = "EVP_PKEY_up_ref" - or - name = "EVP_PKEY_verify" - or - name = "EVP_PKEY_verify_init" - or - name = "EVP_PKEY_verify_init_ex" - or - name = "EVP_PKEY_verify_recover" - or - name = "EVP_PKEY_verify_recover_init" - or - name = "EVP_PKEY_verify_recover_init_ex" - or - name = "EVP_Q_digest" - or - name = "EVP_Q_mac" - or - name = "EVP_RAND" - or - name = "EVP_RAND_CTX" - or - name = "EVP_RAND_CTX_free" - or - name = "EVP_RAND_CTX_get0_rand" - or - name = "EVP_RAND_CTX_get_params" - or - name = "EVP_RAND_CTX_gettable_params" - or - name = "EVP_RAND_CTX_new" - or - name = "EVP_RAND_CTX_set_params" - or - name = "EVP_RAND_CTX_settable_params" - or - name = "EVP_RAND_CTX_up_ref" - or - name = "EVP_RAND_STATE_ERROR" - or - name = "EVP_RAND_STATE_READY" - or - name = "EVP_RAND_STATE_UNINITIALISED" - or - name = "EVP_RAND_do_all_provided" - or - name = "EVP_RAND_enable_locking" - or - name = "EVP_RAND_fetch" - or - name = "EVP_RAND_free" - or - name = "EVP_RAND_generate" - or - name = "EVP_RAND_get0_description" - or - name = "EVP_RAND_get0_name" - or - name = "EVP_RAND_get0_provider" - or - name = "EVP_RAND_get_params" - or - name = "EVP_RAND_get_state" - or - name = "EVP_RAND_get_strength" - or - name = "EVP_RAND_gettable_ctx_params" - or - name = "EVP_RAND_gettable_params" - or - name = "EVP_RAND_instantiate" - or - name = "EVP_RAND_is_a" - or - name = "EVP_RAND_names_do_all" - or - name = "EVP_RAND_nonce" - or - name = "EVP_RAND_reseed" - or - name = "EVP_RAND_settable_ctx_params" - or - name = "EVP_RAND_uninstantiate" - or - name = "EVP_RAND_up_ref" - or - name = "EVP_RAND_verify_zeroization" - or - name = "EVP_RSA_gen" - or - name = "EVP_SIGNATURE" - or - name = "EVP_SIGNATURE_do_all_provided" - or - name = "EVP_SIGNATURE_fetch" - or - name = "EVP_SIGNATURE_free" - or - name = "EVP_SIGNATURE_get0_description" - or - name = "EVP_SIGNATURE_get0_name" - or - name = "EVP_SIGNATURE_get0_provider" - or - name = "EVP_SIGNATURE_gettable_ctx_params" - or - name = "EVP_SIGNATURE_is_a" - or - name = "EVP_SIGNATURE_names_do_all" - or - name = "EVP_SIGNATURE_settable_ctx_params" - or - name = "EVP_SIGNATURE_up_ref" - or - name = "EVP_SealFinal" - or - name = "EVP_SealInit" - or - name = "EVP_SealUpdate" - or - name = "EVP_SignFinal" - or - name = "EVP_SignFinal_ex" - or - name = "EVP_SignInit" - or - name = "EVP_SignInit_ex" - or - name = "EVP_SignUpdate" - or - name = "EVP_VerifyFinal" - or - name = "EVP_VerifyFinal_ex" - or - name = "EVP_VerifyInit" - or - name = "EVP_VerifyInit_ex" - or - name = "EVP_VerifyUpdate" - or - name = "EVP_aes" - or - name = "EVP_aes_128_cbc" - or - name = "EVP_aes_128_cbc_hmac_sha1" - or - name = "EVP_aes_128_cbc_hmac_sha256" - or - name = "EVP_aes_128_ccm" - or - name = "EVP_aes_128_cfb" - or - name = "EVP_aes_128_cfb1" - or - name = "EVP_aes_128_cfb128" - or - name = "EVP_aes_128_cfb8" - or - name = "EVP_aes_128_ctr" - or - name = "EVP_aes_128_ecb" - or - name = "EVP_aes_128_gcm" - or - name = "EVP_aes_128_ocb" - or - name = "EVP_aes_128_ofb" - or - name = "EVP_aes_128_wrap" - or - name = "EVP_aes_128_wrap_pad" - or - name = "EVP_aes_128_xts" - or - name = "EVP_aes_192_cbc" - or - name = "EVP_aes_192_ccm" - or - name = "EVP_aes_192_cfb" - or - name = "EVP_aes_192_cfb1" - or - name = "EVP_aes_192_cfb128" - or - name = "EVP_aes_192_cfb8" - or - name = "EVP_aes_192_ctr" - or - name = "EVP_aes_192_ecb" - or - name = "EVP_aes_192_gcm" - or - name = "EVP_aes_192_ocb" - or - name = "EVP_aes_192_ofb" - or - name = "EVP_aes_192_wrap" - or - name = "EVP_aes_192_wrap_pad" - or - name = "EVP_aes_256_cbc" - or - name = "EVP_aes_256_cbc_hmac_sha1" - or - name = "EVP_aes_256_cbc_hmac_sha256" - or - name = "EVP_aes_256_ccm" - or - name = "EVP_aes_256_cfb" - or - name = "EVP_aes_256_cfb1" - or - name = "EVP_aes_256_cfb128" - or - name = "EVP_aes_256_cfb8" - or - name = "EVP_aes_256_ctr" - or - name = "EVP_aes_256_ecb" - or - name = "EVP_aes_256_gcm" - or - name = "EVP_aes_256_ocb" - or - name = "EVP_aes_256_ofb" - or - name = "EVP_aes_256_wrap" - or - name = "EVP_aes_256_wrap_pad" - or - name = "EVP_aes_256_xts" - or - name = "EVP_aria" - or - name = "EVP_aria_128_cbc" - or - name = "EVP_aria_128_ccm" - or - name = "EVP_aria_128_cfb" - or - name = "EVP_aria_128_cfb1" - or - name = "EVP_aria_128_cfb128" - or - name = "EVP_aria_128_cfb8" - or - name = "EVP_aria_128_ctr" - or - name = "EVP_aria_128_ecb" - or - name = "EVP_aria_128_gcm" - or - name = "EVP_aria_128_ofb" - or - name = "EVP_aria_192_cbc" - or - name = "EVP_aria_192_ccm" - or - name = "EVP_aria_192_cfb" - or - name = "EVP_aria_192_cfb1" - or - name = "EVP_aria_192_cfb128" - or - name = "EVP_aria_192_cfb8" - or - name = "EVP_aria_192_ctr" - or - name = "EVP_aria_192_ecb" - or - name = "EVP_aria_192_gcm" - or - name = "EVP_aria_192_ofb" - or - name = "EVP_aria_256_cbc" - or - name = "EVP_aria_256_ccm" - or - name = "EVP_aria_256_cfb" - or - name = "EVP_aria_256_cfb1" - or - name = "EVP_aria_256_cfb128" - or - name = "EVP_aria_256_cfb8" - or - name = "EVP_aria_256_ctr" - or - name = "EVP_aria_256_ecb" - or - name = "EVP_aria_256_gcm" - or - name = "EVP_aria_256_ofb" - or - name = "EVP_bf_cbc" - or - name = "EVP_bf_cfb" - or - name = "EVP_bf_cfb64" - or - name = "EVP_bf_ecb" - or - name = "EVP_bf_ofb" - or - name = "EVP_blake2b512" - or - name = "EVP_blake2s256" - or - name = "EVP_camellia" - or - name = "EVP_camellia_128_cbc" - or - name = "EVP_camellia_128_cfb" - or - name = "EVP_camellia_128_cfb1" - or - name = "EVP_camellia_128_cfb128" - or - name = "EVP_camellia_128_cfb8" - or - name = "EVP_camellia_128_ctr" - or - name = "EVP_camellia_128_ecb" - or - name = "EVP_camellia_128_ofb" - or - name = "EVP_camellia_192_cbc" - or - name = "EVP_camellia_192_cfb" - or - name = "EVP_camellia_192_cfb1" - or - name = "EVP_camellia_192_cfb128" - or - name = "EVP_camellia_192_cfb8" - or - name = "EVP_camellia_192_ctr" - or - name = "EVP_camellia_192_ecb" - or - name = "EVP_camellia_192_ofb" - or - name = "EVP_camellia_256_cbc" - or - name = "EVP_camellia_256_cfb" - or - name = "EVP_camellia_256_cfb1" - or - name = "EVP_camellia_256_cfb128" - or - name = "EVP_camellia_256_cfb8" - or - name = "EVP_camellia_256_ctr" - or - name = "EVP_camellia_256_ecb" - or - name = "EVP_camellia_256_ofb" - or - name = "EVP_cast5_cbc" - or - name = "EVP_cast5_cfb" - or - name = "EVP_cast5_cfb64" - or - name = "EVP_cast5_ecb" - or - name = "EVP_cast5_ofb" - or - name = "EVP_chacha20" - or - name = "EVP_chacha20_poly1305" - or - name = "EVP_cleanup" - or - name = "EVP_default_properties_enable_fips" - or - name = "EVP_default_properties_is_fips_enabled" - or - name = "EVP_des" - or - name = "EVP_des_cbc" - or - name = "EVP_des_cfb" - or - name = "EVP_des_cfb1" - or - name = "EVP_des_cfb64" - or - name = "EVP_des_cfb8" - or - name = "EVP_des_ecb" - or - name = "EVP_des_ede" - or - name = "EVP_des_ede3" - or - name = "EVP_des_ede3_cbc" - or - name = "EVP_des_ede3_cfb" - or - name = "EVP_des_ede3_cfb1" - or - name = "EVP_des_ede3_cfb64" - or - name = "EVP_des_ede3_cfb8" - or - name = "EVP_des_ede3_ecb" - or - name = "EVP_des_ede3_ofb" - or - name = "EVP_des_ede3_wrap" - or - name = "EVP_des_ede_cbc" - or - name = "EVP_des_ede_cfb" - or - name = "EVP_des_ede_cfb64" - or - name = "EVP_des_ede_ecb" - or - name = "EVP_des_ede_ofb" - or - name = "EVP_des_ofb" - or - name = "EVP_desx_cbc" - or - name = "EVP_dss" - or - name = "EVP_dss1" - or - name = "EVP_enc_null" - or - name = "EVP_get_cipherbyname" - or - name = "EVP_get_cipherbynid" - or - name = "EVP_get_cipherbyobj" - or - name = "EVP_get_digestbyname" - or - name = "EVP_get_digestbynid" - or - name = "EVP_get_digestbyobj" - or - name = "EVP_idea_cbc" - or - name = "EVP_idea_cfb" - or - name = "EVP_idea_cfb64" - or - name = "EVP_idea_ecb" - or - name = "EVP_idea_ofb" - or - name = "EVP_md2" - or - name = "EVP_md4" - or - name = "EVP_md5" - or - name = "EVP_md5_sha1" - or - name = "EVP_md_null" - or - name = "EVP_mdc2" - or - name = "EVP_rc2_40_cbc" - or - name = "EVP_rc2_64_cbc" - or - name = "EVP_rc2_cbc" - or - name = "EVP_rc2_cfb" - or - name = "EVP_rc2_cfb64" - or - name = "EVP_rc2_ecb" - or - name = "EVP_rc2_ofb" - or - name = "EVP_rc4" - or - name = "EVP_rc4_40" - or - name = "EVP_rc4_hmac_md5" - or - name = "EVP_rc5_32_12_16_cbc" - or - name = "EVP_rc5_32_12_16_cfb" - or - name = "EVP_rc5_32_12_16_cfb64" - or - name = "EVP_rc5_32_12_16_ecb" - or - name = "EVP_rc5_32_12_16_ofb" - or - name = "EVP_ripemd160" - or - name = "EVP_seed_cbc" - or - name = "EVP_seed_cfb" - or - name = "EVP_seed_cfb128" - or - name = "EVP_seed_ecb" - or - name = "EVP_seed_ofb" - or - name = "EVP_set_default_properties" - or - name = "EVP_sha" - or - name = "EVP_sha1" - or - name = "EVP_sha224" - or - name = "EVP_sha256" - or - name = "EVP_sha384" - or - name = "EVP_sha3_224" - or - name = "EVP_sha3_256" - or - name = "EVP_sha3_384" - or - name = "EVP_sha3_512" - or - name = "EVP_sha512" - or - name = "EVP_sha512_224" - or - name = "EVP_sha512_256" - or - name = "EVP_shake128" - or - name = "EVP_shake256" - or - name = "EVP_sm3" - or - name = "EVP_sm4_cbc" - or - name = "EVP_sm4_cfb" - or - name = "EVP_sm4_cfb128" - or - name = "EVP_sm4_ctr" - or - name = "EVP_sm4_ecb" - or - name = "EVP_sm4_ofb" - or - name = "EVP_whirlpool" - or - name = "EXTENDED_KEY_USAGE_free" - or - name = "EXTENDED_KEY_USAGE_new" - or - name = "EXT_UTF8STRING" - or - name = "GENERAL_NAMES_free" - or - name = "GENERAL_NAMES_new" - or - name = "GENERAL_NAME_dup" - or - name = "GENERAL_NAME_free" - or - name = "GENERAL_NAME_new" - or - name = "GENERAL_SUBTREE_free" - or - name = "GENERAL_SUBTREE_new" - or - name = "GEN_SESSION_CB" - or - name = "HMAC" - or - name = "HMAC_CTX_cleanup" - or - name = "HMAC_CTX_copy" - or - name = "HMAC_CTX_free" - or - name = "HMAC_CTX_get_md" - or - name = "HMAC_CTX_init" - or - name = "HMAC_CTX_new" - or - name = "HMAC_CTX_reset" - or - name = "HMAC_CTX_set_flags" - or - name = "HMAC_Final" - or - name = "HMAC_Init" - or - name = "HMAC_Init_ex" - or - name = "HMAC_Update" - or - name = "HMAC_cleanup" - or - name = "HMAC_size" - or - name = "IMPLEMENT_ASN1_FUNCTIONS" - or - name = "IMPLEMENT_EXTERN_ASN1" - or - name = "IMPLEMENT_LHASH_COMP_FN" - or - name = "IMPLEMENT_LHASH_HASH_FN" - or - name = "IPAddressChoice_free" - or - name = "IPAddressChoice_new" - or - name = "IPAddressFamily_free" - or - name = "IPAddressFamily_new" - or - name = "IPAddressOrRange_free" - or - name = "IPAddressOrRange_new" - or - name = "IPAddressRange_free" - or - name = "IPAddressRange_new" - or - name = "ISSUER_SIGN_TOOL_free" - or - name = "ISSUER_SIGN_TOOL_it" - or - name = "ISSUER_SIGN_TOOL_new" - or - name = "ISSUING_DIST_POINT_free" - or - name = "ISSUING_DIST_POINT_it" - or - name = "ISSUING_DIST_POINT_new" - or - name = "LHASH" - or - name = "LHASH_DOALL_ARG_FN_TYPE" - or - name = "LHASH_OF" - or - name = "MD2" - or - name = "MD2_Final" - or - name = "MD2_Init" - or - name = "MD2_Update" - or - name = "MD4" - or - name = "MD4_Final" - or - name = "MD4_Init" - or - name = "MD4_Update" - or - name = "MD5" - or - name = "MD5_Final" - or - name = "MD5_Init" - or - name = "MD5_Update" - or - name = "MDC2" - or - name = "MDC2_Final" - or - name = "MDC2_Init" - or - name = "MDC2_Update" - or - name = "NAME_CONSTRAINTS_free" - or - name = "NAME_CONSTRAINTS_new" - or - name = "NAMING_AUTHORITY" - or - name = "NAMING_AUTHORITY_free" - or - name = "NAMING_AUTHORITY_get0_authorityId" - or - name = "NAMING_AUTHORITY_get0_authorityText" - or - name = "NAMING_AUTHORITY_get0_authorityURL" - or - name = "NAMING_AUTHORITY_new" - or - name = "NAMING_AUTHORITY_set0_authorityId" - or - name = "NAMING_AUTHORITY_set0_authorityText" - or - name = "NAMING_AUTHORITY_set0_authorityURL" - or - name = "NCONF_default" - or - name = "NCONF_free" - or - name = "NCONF_get0_libctx" - or - name = "NCONF_get_section" - or - name = "NCONF_get_section_names" - or - name = "NCONF_load" - or - name = "NCONF_new" - or - name = "NCONF_new_ex" - or - name = "NETSCAPE_CERT_SEQUENCE_free" - or - name = "NETSCAPE_CERT_SEQUENCE_new" - or - name = "NETSCAPE_SPKAC_free" - or - name = "NETSCAPE_SPKAC_new" - or - name = "NETSCAPE_SPKI_free" - or - name = "NETSCAPE_SPKI_new" - or - name = "NOTICEREF_free" - or - name = "NOTICEREF_new" - or - name = "OBJ_add_sigid" - or - name = "OBJ_cleanup" - or - name = "OBJ_cmp" - or - name = "OBJ_create" - or - name = "OBJ_dup" - or - name = "OBJ_get0_data" - or - name = "OBJ_length" - or - name = "OBJ_ln2nid" - or - name = "OBJ_nid2ln" - or - name = "OBJ_nid2obj" - or - name = "OBJ_nid2sn" - or - name = "OBJ_obj2nid" - or - name = "OBJ_obj2txt" - or - name = "OBJ_sn2nid" - or - name = "OBJ_txt2nid" - or - name = "OBJ_txt2obj" - or - name = "OCSP_BASICRESP_free" - or - name = "OCSP_BASICRESP_new" - or - name = "OCSP_CERTID_dup" - or - name = "OCSP_CERTID_free" - or - name = "OCSP_CERTID_new" - or - name = "OCSP_CERTSTATUS_free" - or - name = "OCSP_CERTSTATUS_new" - or - name = "OCSP_CRLID_free" - or - name = "OCSP_CRLID_new" - or - name = "OCSP_ONEREQ_free" - or - name = "OCSP_ONEREQ_new" - or - name = "OCSP_REQINFO_free" - or - name = "OCSP_REQINFO_new" - or - name = "OCSP_REQUEST_free" - or - name = "OCSP_REQUEST_new" - or - name = "OCSP_REQ_CTX" - or - name = "OCSP_REQ_CTX_add1_header" - or - name = "OCSP_REQ_CTX_free" - or - name = "OCSP_REQ_CTX_i2d" - or - name = "OCSP_REQ_CTX_set1_req" - or - name = "OCSP_RESPBYTES_free" - or - name = "OCSP_RESPBYTES_new" - or - name = "OCSP_RESPDATA_free" - or - name = "OCSP_RESPDATA_new" - or - name = "OCSP_RESPID_free" - or - name = "OCSP_RESPID_match" - or - name = "OCSP_RESPID_match_ex" - or - name = "OCSP_RESPID_new" - or - name = "OCSP_RESPID_set_by_key" - or - name = "OCSP_RESPID_set_by_key_ex" - or - name = "OCSP_RESPID_set_by_name" - or - name = "OCSP_RESPONSE_free" - or - name = "OCSP_RESPONSE_new" - or - name = "OCSP_REVOKEDINFO_free" - or - name = "OCSP_REVOKEDINFO_new" - or - name = "OCSP_SERVICELOC_free" - or - name = "OCSP_SERVICELOC_new" - or - name = "OCSP_SIGNATURE_free" - or - name = "OCSP_SIGNATURE_new" - or - name = "OCSP_SINGLERESP_free" - or - name = "OCSP_SINGLERESP_new" - or - name = "OCSP_basic_add1_nonce" - or - name = "OCSP_basic_sign" - or - name = "OCSP_basic_sign_ctx" - or - name = "OCSP_basic_verify" - or - name = "OCSP_cert_id_new" - or - name = "OCSP_cert_to_id" - or - name = "OCSP_check_nonce" - or - name = "OCSP_check_validity" - or - name = "OCSP_copy_nonce" - or - name = "OCSP_id_cmp" - or - name = "OCSP_id_get0_info" - or - name = "OCSP_id_issuer_cmp" - or - name = "OCSP_parse_url" - or - name = "OCSP_request_add0_id" - or - name = "OCSP_request_add1_cert" - or - name = "OCSP_request_add1_nonce" - or - name = "OCSP_request_onereq_count" - or - name = "OCSP_request_onereq_get0" - or - name = "OCSP_request_sign" - or - name = "OCSP_resp_count" - or - name = "OCSP_resp_find" - or - name = "OCSP_resp_find_status" - or - name = "OCSP_resp_get0" - or - name = "OCSP_resp_get0_certs" - or - name = "OCSP_resp_get0_id" - or - name = "OCSP_resp_get0_produced_at" - or - name = "OCSP_resp_get0_respdata" - or - name = "OCSP_resp_get0_signature" - or - name = "OCSP_resp_get0_signer" - or - name = "OCSP_resp_get0_tbs_sigalg" - or - name = "OCSP_resp_get1_id" - or - name = "OCSP_response_create" - or - name = "OCSP_response_get1_basic" - or - name = "OCSP_response_status" - or - name = "OCSP_sendreq_bio" - or - name = "OCSP_sendreq_nbio" - or - name = "OCSP_sendreq_new" - or - name = "OCSP_set_max_response_length" - or - name = "OCSP_single_get0_status" - or - name = "OPENSSL_Applink" - or - name = "OPENSSL_FILE" - or - name = "OPENSSL_FUNC" - or - name = "OPENSSL_INIT_free" - or - name = "OPENSSL_INIT_new" - or - name = "OPENSSL_INIT_set_config_appname" - or - name = "OPENSSL_INIT_set_config_file_flags" - or - name = "OPENSSL_INIT_set_config_filename" - or - name = "OPENSSL_LH_COMPFUNC" - or - name = "OPENSSL_LH_DOALL_FUNC" - or - name = "OPENSSL_LH_HASHFUNC" - or - name = "OPENSSL_LH_delete" - or - name = "OPENSSL_LH_doall" - or - name = "OPENSSL_LH_doall_arg" - or - name = "OPENSSL_LH_error" - or - name = "OPENSSL_LH_flush" - or - name = "OPENSSL_LH_free" - or - name = "OPENSSL_LH_insert" - or - name = "OPENSSL_LH_new" - or - name = "OPENSSL_LH_node_stats" - or - name = "OPENSSL_LH_node_stats_bio" - or - name = "OPENSSL_LH_node_usage_stats" - or - name = "OPENSSL_LH_node_usage_stats_bio" - or - name = "OPENSSL_LH_retrieve" - or - name = "OPENSSL_LH_stats" - or - name = "OPENSSL_LH_stats_bio" - or - name = "OPENSSL_LINE" - or - name = "OPENSSL_MALLOC_FAILURES" - or - name = "OPENSSL_MALLOC_FD" - or - name = "OPENSSL_MSTR" - or - name = "OPENSSL_MSTR_HELPER" - or - name = "OPENSSL_VERSION_BUILD_METADATA" - or - name = "OPENSSL_VERSION_MAJOR" - or - name = "OPENSSL_VERSION_MINOR" - or - name = "OPENSSL_VERSION_NUMBER" - or - name = "OPENSSL_VERSION_PATCH" - or - name = "OPENSSL_VERSION_PREREQ" - or - name = "OPENSSL_VERSION_PRE_RELEASE" - or - name = "OPENSSL_VERSION_TEXT" - or - name = "OPENSSL_atexit" - or - name = "OPENSSL_buf2hexstr" - or - name = "OPENSSL_buf2hexstr_ex" - or - name = "OPENSSL_cipher_name" - or - name = "OPENSSL_cleanse" - or - name = "OPENSSL_cleanup" - or - name = "OPENSSL_clear_free" - or - name = "OPENSSL_clear_realloc" - or - name = "OPENSSL_config" - or - name = "OPENSSL_fork_child" - or - name = "OPENSSL_fork_parent" - or - name = "OPENSSL_fork_prepare" - or - name = "OPENSSL_free" - or - name = "OPENSSL_gmtime" - or - name = "OPENSSL_gmtime_adj" - or - name = "OPENSSL_gmtime_diff" - or - name = "OPENSSL_hexchar2int" - or - name = "OPENSSL_hexstr2buf" - or - name = "OPENSSL_hexstr2buf_ex" - or - name = "OPENSSL_ia32cap" - or - name = "OPENSSL_ia32cap_loc" - or - name = "OPENSSL_info" - or - name = "OPENSSL_init_crypto" - or - name = "OPENSSL_init_ssl" - or - name = "OPENSSL_instrument_bus" - or - name = "OPENSSL_instrument_bus2" - or - name = "OPENSSL_load_builtin_modules" - or - name = "OPENSSL_malloc" - or - name = "OPENSSL_malloc_init" - or - name = "OPENSSL_mem_debug_pop" - or - name = "OPENSSL_mem_debug_push" - or - name = "OPENSSL_memdup" - or - name = "OPENSSL_no_config" - or - name = "OPENSSL_realloc" - or - name = "OPENSSL_s390xcap" - or - name = "OPENSSL_secure_actual_size" - or - name = "OPENSSL_secure_clear_free" - or - name = "OPENSSL_secure_free" - or - name = "OPENSSL_secure_malloc" - or - name = "OPENSSL_secure_zalloc" - or - name = "OPENSSL_sk_deep_copy" - or - name = "OPENSSL_sk_delete" - or - name = "OPENSSL_sk_delete_ptr" - or - name = "OPENSSL_sk_dup" - or - name = "OPENSSL_sk_find" - or - name = "OPENSSL_sk_find_all" - or - name = "OPENSSL_sk_find_ex" - or - name = "OPENSSL_sk_free" - or - name = "OPENSSL_sk_insert" - or - name = "OPENSSL_sk_is_sorted" - or - name = "OPENSSL_sk_new" - or - name = "OPENSSL_sk_new_null" - or - name = "OPENSSL_sk_new_reserve" - or - name = "OPENSSL_sk_num" - or - name = "OPENSSL_sk_pop" - or - name = "OPENSSL_sk_pop_free" - or - name = "OPENSSL_sk_push" - or - name = "OPENSSL_sk_reserve" - or - name = "OPENSSL_sk_set" - or - name = "OPENSSL_sk_set_cmp_func" - or - name = "OPENSSL_sk_shift" - or - name = "OPENSSL_sk_sort" - or - name = "OPENSSL_sk_unshift" - or - name = "OPENSSL_sk_value" - or - name = "OPENSSL_sk_zero" - or - name = "OPENSSL_strcasecmp" - or - name = "OPENSSL_strdup" - or - name = "OPENSSL_strlcat" - or - name = "OPENSSL_strlcpy" - or - name = "OPENSSL_strncasecmp" - or - name = "OPENSSL_strndup" - or - name = "OPENSSL_thread_stop" - or - name = "OPENSSL_thread_stop_ex" - or - name = "OPENSSL_version_build_metadata" - or - name = "OPENSSL_version_major" - or - name = "OPENSSL_version_minor" - or - name = "OPENSSL_version_patch" - or - name = "OPENSSL_version_pre_release" - or - name = "OPENSSL_zalloc" - or - name = "OSSL_ALGORITHM" - or - name = "OSSL_CALLBACK" - or - name = "OSSL_CMP_CR" - or - name = "OSSL_CMP_CTX_build_cert_chain" - or - name = "OSSL_CMP_CTX_free" - or - name = "OSSL_CMP_CTX_get0_libctx" - or - name = "OSSL_CMP_CTX_get0_newCert" - or - name = "OSSL_CMP_CTX_get0_newPkey" - or - name = "OSSL_CMP_CTX_get0_propq" - or - name = "OSSL_CMP_CTX_get0_statusString" - or - name = "OSSL_CMP_CTX_get0_trusted" - or - name = "OSSL_CMP_CTX_get0_trustedStore" - or - name = "OSSL_CMP_CTX_get0_untrusted" - or - name = "OSSL_CMP_CTX_get0_validatedSrvCert" - or - name = "OSSL_CMP_CTX_get1_caPubs" - or - name = "OSSL_CMP_CTX_get1_extraCertsIn" - or - name = "OSSL_CMP_CTX_get1_newChain" - or - name = "OSSL_CMP_CTX_get_certConf_cb_arg" - or - name = "OSSL_CMP_CTX_get_failInfoCode" - or - name = "OSSL_CMP_CTX_get_http_cb_arg" - or - name = "OSSL_CMP_CTX_get_option" - or - name = "OSSL_CMP_CTX_get_status" - or - name = "OSSL_CMP_CTX_get_transfer_cb_arg" - or - name = "OSSL_CMP_CTX_new" - or - name = "OSSL_CMP_CTX_print_errors" - or - name = "OSSL_CMP_CTX_push0_geninfo_ITAV" - or - name = "OSSL_CMP_CTX_push0_genm_ITAV" - or - name = "OSSL_CMP_CTX_push0_policy" - or - name = "OSSL_CMP_CTX_push1_subjectAltName" - or - name = "OSSL_CMP_CTX_reinit" - or - name = "OSSL_CMP_CTX_reqExtensions_have_SAN" - or - name = "OSSL_CMP_CTX_reset_geninfo_ITAVs" - or - name = "OSSL_CMP_CTX_server_perform" - or - name = "OSSL_CMP_CTX_set0_newPkey" - or - name = "OSSL_CMP_CTX_set0_reqExtensions" - or - name = "OSSL_CMP_CTX_set0_trusted" - or - name = "OSSL_CMP_CTX_set0_trustedStore" - or - name = "OSSL_CMP_CTX_set1_cert" - or - name = "OSSL_CMP_CTX_set1_expected_sender" - or - name = "OSSL_CMP_CTX_set1_extraCertsOut" - or - name = "OSSL_CMP_CTX_set1_issuer" - or - name = "OSSL_CMP_CTX_set1_no_proxy" - or - name = "OSSL_CMP_CTX_set1_oldCert" - or - name = "OSSL_CMP_CTX_set1_p10CSR" - or - name = "OSSL_CMP_CTX_set1_pkey" - or - name = "OSSL_CMP_CTX_set1_proxy" - or - name = "OSSL_CMP_CTX_set1_recipient" - or - name = "OSSL_CMP_CTX_set1_referenceValue" - or - name = "OSSL_CMP_CTX_set1_secretValue" - or - name = "OSSL_CMP_CTX_set1_senderNonce" - or - name = "OSSL_CMP_CTX_set1_server" - or - name = "OSSL_CMP_CTX_set1_serverPath" - or - name = "OSSL_CMP_CTX_set1_srvCert" - or - name = "OSSL_CMP_CTX_set1_subjectName" - or - name = "OSSL_CMP_CTX_set1_transactionID" - or - name = "OSSL_CMP_CTX_set1_untrusted" - or - name = "OSSL_CMP_CTX_set_certConf_cb" - or - name = "OSSL_CMP_CTX_set_certConf_cb_arg" - or - name = "OSSL_CMP_CTX_set_http_cb" - or - name = "OSSL_CMP_CTX_set_http_cb_arg" - or - name = "OSSL_CMP_CTX_set_log_cb" - or - name = "OSSL_CMP_CTX_set_log_verbosity" - or - name = "OSSL_CMP_CTX_set_option" - or - name = "OSSL_CMP_CTX_set_serverPort" - or - name = "OSSL_CMP_CTX_set_transfer_cb" - or - name = "OSSL_CMP_CTX_set_transfer_cb_arg" - or - name = "OSSL_CMP_CTX_setup_CRM" - or - name = "OSSL_CMP_CTX_snprint_PKIStatus" - or - name = "OSSL_CMP_HDR_get0_recipNonce" - or - name = "OSSL_CMP_HDR_get0_transactionID" - or - name = "OSSL_CMP_IR" - or - name = "OSSL_CMP_ITAV_create" - or - name = "OSSL_CMP_ITAV_dup" - or - name = "OSSL_CMP_ITAV_free" - or - name = "OSSL_CMP_ITAV_get0_type" - or - name = "OSSL_CMP_ITAV_get0_value" - or - name = "OSSL_CMP_ITAV_push0_stack_item" - or - name = "OSSL_CMP_ITAV_set0" - or - name = "OSSL_CMP_KUR" - or - name = "OSSL_CMP_LOG_ALERT" - or - name = "OSSL_CMP_LOG_CRIT" - or - name = "OSSL_CMP_LOG_DEBUG" - or - name = "OSSL_CMP_LOG_EMERG" - or - name = "OSSL_CMP_LOG_ERR" - or - name = "OSSL_CMP_LOG_INFO" - or - name = "OSSL_CMP_LOG_NOTICE" - or - name = "OSSL_CMP_LOG_TRACE" - or - name = "OSSL_CMP_LOG_WARNING" - or - name = "OSSL_CMP_MSG_dup" - or - name = "OSSL_CMP_MSG_free" - or - name = "OSSL_CMP_MSG_get0_header" - or - name = "OSSL_CMP_MSG_get_bodytype" - or - name = "OSSL_CMP_MSG_http_perform" - or - name = "OSSL_CMP_MSG_it" - or - name = "OSSL_CMP_MSG_read" - or - name = "OSSL_CMP_MSG_update_recipNonce" - or - name = "OSSL_CMP_MSG_update_transactionID" - or - name = "OSSL_CMP_MSG_write" - or - name = "OSSL_CMP_P10CR" - or - name = "OSSL_CMP_PKIHEADER_free" - or - name = "OSSL_CMP_PKIHEADER_it" - or - name = "OSSL_CMP_PKIHEADER_new" - or - name = "OSSL_CMP_PKISI_dup" - or - name = "OSSL_CMP_PKISI_free" - or - name = "OSSL_CMP_PKISI_it" - or - name = "OSSL_CMP_PKISI_new" - or - name = "OSSL_CMP_PKISTATUS_it" - or - name = "OSSL_CMP_SRV_CTX_free" - or - name = "OSSL_CMP_SRV_CTX_get0_cmp_ctx" - or - name = "OSSL_CMP_SRV_CTX_get0_custom_ctx" - or - name = "OSSL_CMP_SRV_CTX_init" - or - name = "OSSL_CMP_SRV_CTX_new" - or - name = "OSSL_CMP_SRV_CTX_set_accept_raverified" - or - name = "OSSL_CMP_SRV_CTX_set_accept_unprotected" - or - name = "OSSL_CMP_SRV_CTX_set_grant_implicit_confirm" - or - name = "OSSL_CMP_SRV_CTX_set_send_unprotected_errors" - or - name = "OSSL_CMP_SRV_certConf_cb_t" - or - name = "OSSL_CMP_SRV_cert_request_cb_t" - or - name = "OSSL_CMP_SRV_error_cb_t" - or - name = "OSSL_CMP_SRV_genm_cb_t" - or - name = "OSSL_CMP_SRV_pollReq_cb_t" - or - name = "OSSL_CMP_SRV_process_request" - or - name = "OSSL_CMP_SRV_rr_cb_t" - or - name = "OSSL_CMP_STATUSINFO_new" - or - name = "OSSL_CMP_certConf_cb" - or - name = "OSSL_CMP_certConf_cb_t" - or - name = "OSSL_CMP_exec_CR_ses" - or - name = "OSSL_CMP_exec_GENM_ses" - or - name = "OSSL_CMP_exec_IR_ses" - or - name = "OSSL_CMP_exec_KUR_ses" - or - name = "OSSL_CMP_exec_P10CR_ses" - or - name = "OSSL_CMP_exec_RR_ses" - or - name = "OSSL_CMP_exec_certreq" - or - name = "OSSL_CMP_log_cb_t" - or - name = "OSSL_CMP_log_close" - or - name = "OSSL_CMP_log_open" - or - name = "OSSL_CMP_print_errors_cb" - or - name = "OSSL_CMP_print_to_bio" - or - name = "OSSL_CMP_severity" - or - name = "OSSL_CMP_snprint_PKIStatusInfo" - or - name = "OSSL_CMP_transfer_cb_t" - or - name = "OSSL_CMP_try_certreq" - or - name = "OSSL_CMP_validate_cert_path" - or - name = "OSSL_CMP_validate_msg" - or - name = "OSSL_CORE_MAKE_FUNC" - or - name = "OSSL_CRMF_CERTID_dup" - or - name = "OSSL_CRMF_CERTID_free" - or - name = "OSSL_CRMF_CERTID_gen" - or - name = "OSSL_CRMF_CERTID_get0_issuer" - or - name = "OSSL_CRMF_CERTID_get0_serialNumber" - or - name = "OSSL_CRMF_CERTID_it" - or - name = "OSSL_CRMF_CERTID_new" - or - name = "OSSL_CRMF_CERTTEMPLATE_fill" - or - name = "OSSL_CRMF_CERTTEMPLATE_free" - or - name = "OSSL_CRMF_CERTTEMPLATE_get0_extensions" - or - name = "OSSL_CRMF_CERTTEMPLATE_get0_issuer" - or - name = "OSSL_CRMF_CERTTEMPLATE_get0_publicKey" - or - name = "OSSL_CRMF_CERTTEMPLATE_get0_serialNumber" - or - name = "OSSL_CRMF_CERTTEMPLATE_get0_subject" - or - name = "OSSL_CRMF_CERTTEMPLATE_it" - or - name = "OSSL_CRMF_CERTTEMPLATE_new" - or - name = "OSSL_CRMF_ENCRYPTEDVALUE_free" - or - name = "OSSL_CRMF_ENCRYPTEDVALUE_get1_encCert" - or - name = "OSSL_CRMF_ENCRYPTEDVALUE_it" - or - name = "OSSL_CRMF_ENCRYPTEDVALUE_new" - or - name = "OSSL_CRMF_MSGS_free" - or - name = "OSSL_CRMF_MSGS_it" - or - name = "OSSL_CRMF_MSGS_new" - or - name = "OSSL_CRMF_MSGS_verify_popo" - or - name = "OSSL_CRMF_MSG_PKIPublicationInfo_push0_SinglePubInfo" - or - name = "OSSL_CRMF_MSG_create_popo" - or - name = "OSSL_CRMF_MSG_dup" - or - name = "OSSL_CRMF_MSG_free" - or - name = "OSSL_CRMF_MSG_get0_regCtrl_authenticator" - or - name = "OSSL_CRMF_MSG_get0_regCtrl_oldCertID" - or - name = "OSSL_CRMF_MSG_get0_regCtrl_pkiPublicationInfo" - or - name = "OSSL_CRMF_MSG_get0_regCtrl_protocolEncrKey" - or - name = "OSSL_CRMF_MSG_get0_regCtrl_regToken" - or - name = "OSSL_CRMF_MSG_get0_regInfo_certReq" - or - name = "OSSL_CRMF_MSG_get0_regInfo_utf8Pairs" - or - name = "OSSL_CRMF_MSG_get0_tmpl" - or - name = "OSSL_CRMF_MSG_get_certReqId" - or - name = "OSSL_CRMF_MSG_it" - or - name = "OSSL_CRMF_MSG_new" - or - name = "OSSL_CRMF_MSG_push0_extension" - or - name = "OSSL_CRMF_MSG_set0_SinglePubInfo" - or - name = "OSSL_CRMF_MSG_set0_extensions" - or - name = "OSSL_CRMF_MSG_set0_validity" - or - name = "OSSL_CRMF_MSG_set1_regCtrl_authenticator" - or - name = "OSSL_CRMF_MSG_set1_regCtrl_oldCertID" - or - name = "OSSL_CRMF_MSG_set1_regCtrl_pkiPublicationInfo" - or - name = "OSSL_CRMF_MSG_set1_regCtrl_protocolEncrKey" - or - name = "OSSL_CRMF_MSG_set1_regCtrl_regToken" - or - name = "OSSL_CRMF_MSG_set1_regInfo_certReq" - or - name = "OSSL_CRMF_MSG_set1_regInfo_utf8Pairs" - or - name = "OSSL_CRMF_MSG_set_PKIPublicationInfo_action" - or - name = "OSSL_CRMF_MSG_set_certReqId" - or - name = "OSSL_CRMF_PBMPARAMETER_free" - or - name = "OSSL_CRMF_PBMPARAMETER_it" - or - name = "OSSL_CRMF_PBMPARAMETER_new" - or - name = "OSSL_CRMF_PKIPUBLICATIONINFO_free" - or - name = "OSSL_CRMF_PKIPUBLICATIONINFO_it" - or - name = "OSSL_CRMF_PKIPUBLICATIONINFO_new" - or - name = "OSSL_CRMF_SINGLEPUBINFO_free" - or - name = "OSSL_CRMF_SINGLEPUBINFO_it" - or - name = "OSSL_CRMF_SINGLEPUBINFO_new" - or - name = "OSSL_CRMF_pbm_new" - or - name = "OSSL_CRMF_pbmp_new" - or - name = "OSSL_DECODER" - or - name = "OSSL_DECODER_CLEANUP" - or - name = "OSSL_DECODER_CONSTRUCT" - or - name = "OSSL_DECODER_CTX" - or - name = "OSSL_DECODER_CTX_add_decoder" - or - name = "OSSL_DECODER_CTX_add_extra" - or - name = "OSSL_DECODER_CTX_free" - or - name = "OSSL_DECODER_CTX_get_cleanup" - or - name = "OSSL_DECODER_CTX_get_construct" - or - name = "OSSL_DECODER_CTX_get_construct_data" - or - name = "OSSL_DECODER_CTX_get_num_decoders" - or - name = "OSSL_DECODER_CTX_new" - or - name = "OSSL_DECODER_CTX_new_for_pkey" - or - name = "OSSL_DECODER_CTX_set_cleanup" - or - name = "OSSL_DECODER_CTX_set_construct" - or - name = "OSSL_DECODER_CTX_set_construct_data" - or - name = "OSSL_DECODER_CTX_set_input_structure" - or - name = "OSSL_DECODER_CTX_set_input_type" - or - name = "OSSL_DECODER_CTX_set_params" - or - name = "OSSL_DECODER_CTX_set_passphrase" - or - name = "OSSL_DECODER_CTX_set_passphrase_cb" - or - name = "OSSL_DECODER_CTX_set_passphrase_ui" - or - name = "OSSL_DECODER_CTX_set_pem_password_cb" - or - name = "OSSL_DECODER_CTX_set_selection" - or - name = "OSSL_DECODER_INSTANCE" - or - name = "OSSL_DECODER_INSTANCE_get_decoder" - or - name = "OSSL_DECODER_INSTANCE_get_decoder_ctx" - or - name = "OSSL_DECODER_INSTANCE_get_input_structure" - or - name = "OSSL_DECODER_INSTANCE_get_input_type" - or - name = "OSSL_DECODER_do_all_provided" - or - name = "OSSL_DECODER_export" - or - name = "OSSL_DECODER_fetch" - or - name = "OSSL_DECODER_free" - or - name = "OSSL_DECODER_from_bio" - or - name = "OSSL_DECODER_from_data" - or - name = "OSSL_DECODER_from_fp" - or - name = "OSSL_DECODER_get0_description" - or - name = "OSSL_DECODER_get0_name" - or - name = "OSSL_DECODER_get0_properties" - or - name = "OSSL_DECODER_get0_provider" - or - name = "OSSL_DECODER_get_params" - or - name = "OSSL_DECODER_gettable_params" - or - name = "OSSL_DECODER_is_a" - or - name = "OSSL_DECODER_names_do_all" - or - name = "OSSL_DECODER_settable_ctx_params" - or - name = "OSSL_DECODER_up_ref" - or - name = "OSSL_DISPATCH" - or - name = "OSSL_DISPATCH_END" - or - name = "OSSL_EC_curve_nid2name" - or - name = "OSSL_ENCODER" - or - name = "OSSL_ENCODER_CLEANUP" - or - name = "OSSL_ENCODER_CONSTRUCT" - or - name = "OSSL_ENCODER_CTX" - or - name = "OSSL_ENCODER_CTX_add_encoder" - or - name = "OSSL_ENCODER_CTX_add_extra" - or - name = "OSSL_ENCODER_CTX_free" - or - name = "OSSL_ENCODER_CTX_get_num_encoders" - or - name = "OSSL_ENCODER_CTX_new" - or - name = "OSSL_ENCODER_CTX_new_for_pkey" - or - name = "OSSL_ENCODER_CTX_set_cipher" - or - name = "OSSL_ENCODER_CTX_set_cleanup" - or - name = "OSSL_ENCODER_CTX_set_construct" - or - name = "OSSL_ENCODER_CTX_set_construct_data" - or - name = "OSSL_ENCODER_CTX_set_output_structure" - or - name = "OSSL_ENCODER_CTX_set_output_type" - or - name = "OSSL_ENCODER_CTX_set_params" - or - name = "OSSL_ENCODER_CTX_set_passphrase" - or - name = "OSSL_ENCODER_CTX_set_passphrase_cb" - or - name = "OSSL_ENCODER_CTX_set_passphrase_ui" - or - name = "OSSL_ENCODER_CTX_set_pem_password_cb" - or - name = "OSSL_ENCODER_CTX_set_selection" - or - name = "OSSL_ENCODER_INSTANCE" - or - name = "OSSL_ENCODER_INSTANCE_get_encoder" - or - name = "OSSL_ENCODER_INSTANCE_get_encoder_ctx" - or - name = "OSSL_ENCODER_INSTANCE_get_output_structure" - or - name = "OSSL_ENCODER_INSTANCE_get_output_type" - or - name = "OSSL_ENCODER_do_all_provided" - or - name = "OSSL_ENCODER_fetch" - or - name = "OSSL_ENCODER_free" - or - name = "OSSL_ENCODER_get0_description" - or - name = "OSSL_ENCODER_get0_name" - or - name = "OSSL_ENCODER_get0_properties" - or - name = "OSSL_ENCODER_get0_provider" - or - name = "OSSL_ENCODER_get_params" - or - name = "OSSL_ENCODER_gettable_params" - or - name = "OSSL_ENCODER_is_a" - or - name = "OSSL_ENCODER_names_do_all" - or - name = "OSSL_ENCODER_settable_ctx_params" - or - name = "OSSL_ENCODER_to_bio" - or - name = "OSSL_ENCODER_to_data" - or - name = "OSSL_ENCODER_to_fp" - or - name = "OSSL_ENCODER_up_ref" - or - name = "OSSL_ESS_check_signing_certs" - or - name = "OSSL_ESS_signing_cert_new_init" - or - name = "OSSL_ESS_signing_cert_v2_new_init" - or - name = "OSSL_HPKE_CTX_free" - or - name = "OSSL_HPKE_CTX_get_seq" - or - name = "OSSL_HPKE_CTX_new" - or - name = "OSSL_HPKE_CTX_set1_authpriv" - or - name = "OSSL_HPKE_CTX_set1_authpub" - or - name = "OSSL_HPKE_CTX_set1_ikme" - or - name = "OSSL_HPKE_CTX_set1_psk" - or - name = "OSSL_HPKE_CTX_set_seq" - or - name = "OSSL_HPKE_decap" - or - name = "OSSL_HPKE_encap" - or - name = "OSSL_HPKE_export" - or - name = "OSSL_HPKE_get_ciphertext_size" - or - name = "OSSL_HPKE_get_grease_value" - or - name = "OSSL_HPKE_get_public_encap_size" - or - name = "OSSL_HPKE_get_recommended_ikmelen" - or - name = "OSSL_HPKE_keygen" - or - name = "OSSL_HPKE_open" - or - name = "OSSL_HPKE_seal" - or - name = "OSSL_HPKE_str2suite" - or - name = "OSSL_HPKE_suite_check" - or - name = "OSSL_HTTP_REQ_CTX" - or - name = "OSSL_HTTP_REQ_CTX_add1_header" - or - name = "OSSL_HTTP_REQ_CTX_exchange" - or - name = "OSSL_HTTP_REQ_CTX_free" - or - name = "OSSL_HTTP_REQ_CTX_get0_mem_bio" - or - name = "OSSL_HTTP_REQ_CTX_get_resp_len" - or - name = "OSSL_HTTP_REQ_CTX_nbio" - or - name = "OSSL_HTTP_REQ_CTX_nbio_d2i" - or - name = "OSSL_HTTP_REQ_CTX_new" - or - name = "OSSL_HTTP_REQ_CTX_set1_req" - or - name = "OSSL_HTTP_REQ_CTX_set_expected" - or - name = "OSSL_HTTP_REQ_CTX_set_max_response_length" - or - name = "OSSL_HTTP_REQ_CTX_set_request_line" - or - name = "OSSL_HTTP_adapt_proxy" - or - name = "OSSL_HTTP_bio_cb_t" - or - name = "OSSL_HTTP_close" - or - name = "OSSL_HTTP_exchange" - or - name = "OSSL_HTTP_get" - or - name = "OSSL_HTTP_is_alive" - or - name = "OSSL_HTTP_open" - or - name = "OSSL_HTTP_parse_url" - or - name = "OSSL_HTTP_proxy_connect" - or - name = "OSSL_HTTP_set1_request" - or - name = "OSSL_HTTP_transfer" - or - name = "OSSL_ITEM" - or - name = "OSSL_LIB_CTX" - or - name = "OSSL_LIB_CTX_free" - or - name = "OSSL_LIB_CTX_get0_global_default" - or - name = "OSSL_LIB_CTX_load_config" - or - name = "OSSL_LIB_CTX_new" - or - name = "OSSL_LIB_CTX_new_child" - or - name = "OSSL_LIB_CTX_new_from_dispatch" - or - name = "OSSL_LIB_CTX_set0_default" - or - name = "OSSL_PARAM" - or - name = "OSSL_PARAM_BLD" - or - name = "OSSL_PARAM_BLD_free" - or - name = "OSSL_PARAM_BLD_new" - or - name = "OSSL_PARAM_BLD_push_BN" - or - name = "OSSL_PARAM_BLD_push_BN_pad" - or - name = "OSSL_PARAM_BLD_push_double" - or - name = "OSSL_PARAM_BLD_push_int" - or - name = "OSSL_PARAM_BLD_push_int32" - or - name = "OSSL_PARAM_BLD_push_int64" - or - name = "OSSL_PARAM_BLD_push_long" - or - name = "OSSL_PARAM_BLD_push_octet_ptr" - or - name = "OSSL_PARAM_BLD_push_octet_string" - or - name = "OSSL_PARAM_BLD_push_size_t" - or - name = "OSSL_PARAM_BLD_push_time_t" - or - name = "OSSL_PARAM_BLD_push_uint" - or - name = "OSSL_PARAM_BLD_push_uint32" - or - name = "OSSL_PARAM_BLD_push_uint64" - or - name = "OSSL_PARAM_BLD_push_ulong" - or - name = "OSSL_PARAM_BLD_push_utf8_ptr" - or - name = "OSSL_PARAM_BLD_push_utf8_string" - or - name = "OSSL_PARAM_BLD_to_param" - or - name = "OSSL_PARAM_BN" - or - name = "OSSL_PARAM_DEFN" - or - name = "OSSL_PARAM_END" - or - name = "OSSL_PARAM_UNMODIFIED" - or - name = "OSSL_PARAM_allocate_from_text" - or - name = "OSSL_PARAM_construct_BN" - or - name = "OSSL_PARAM_construct_double" - or - name = "OSSL_PARAM_construct_end" - or - name = "OSSL_PARAM_construct_int" - or - name = "OSSL_PARAM_construct_int32" - or - name = "OSSL_PARAM_construct_int64" - or - name = "OSSL_PARAM_construct_long" - or - name = "OSSL_PARAM_construct_octet_ptr" - or - name = "OSSL_PARAM_construct_octet_string" - or - name = "OSSL_PARAM_construct_size_t" - or - name = "OSSL_PARAM_construct_time_t" - or - name = "OSSL_PARAM_construct_uint" - or - name = "OSSL_PARAM_construct_uint32" - or - name = "OSSL_PARAM_construct_uint64" - or - name = "OSSL_PARAM_construct_ulong" - or - name = "OSSL_PARAM_construct_utf8_ptr" - or - name = "OSSL_PARAM_construct_utf8_string" - or - name = "OSSL_PARAM_double" - or - name = "OSSL_PARAM_dup" - or - name = "OSSL_PARAM_free" - or - name = "OSSL_PARAM_get_BN" - or - name = "OSSL_PARAM_get_double" - or - name = "OSSL_PARAM_get_int" - or - name = "OSSL_PARAM_get_int32" - or - name = "OSSL_PARAM_get_int64" - or - name = "OSSL_PARAM_get_long" - or - name = "OSSL_PARAM_get_octet_ptr" - or - name = "OSSL_PARAM_get_octet_string" - or - name = "OSSL_PARAM_get_octet_string_ptr" - or - name = "OSSL_PARAM_get_size_t" - or - name = "OSSL_PARAM_get_time_t" - or - name = "OSSL_PARAM_get_uint" - or - name = "OSSL_PARAM_get_uint32" - or - name = "OSSL_PARAM_get_uint64" - or - name = "OSSL_PARAM_get_ulong" - or - name = "OSSL_PARAM_get_utf8_ptr" - or - name = "OSSL_PARAM_get_utf8_string" - or - name = "OSSL_PARAM_get_utf8_string_ptr" - or - name = "OSSL_PARAM_int" - or - name = "OSSL_PARAM_int32" - or - name = "OSSL_PARAM_int64" - or - name = "OSSL_PARAM_locate" - or - name = "OSSL_PARAM_locate_const" - or - name = "OSSL_PARAM_long" - or - name = "OSSL_PARAM_merge" - or - name = "OSSL_PARAM_modified" - or - name = "OSSL_PARAM_octet_ptr" - or - name = "OSSL_PARAM_octet_string" - or - name = "OSSL_PARAM_set_BN" - or - name = "OSSL_PARAM_set_all_unmodified" - or - name = "OSSL_PARAM_set_double" - or - name = "OSSL_PARAM_set_int" - or - name = "OSSL_PARAM_set_int32" - or - name = "OSSL_PARAM_set_int64" - or - name = "OSSL_PARAM_set_long" - or - name = "OSSL_PARAM_set_octet_ptr" - or - name = "OSSL_PARAM_set_octet_string" - or - name = "OSSL_PARAM_set_size_t" - or - name = "OSSL_PARAM_set_time_t" - or - name = "OSSL_PARAM_set_uint" - or - name = "OSSL_PARAM_set_uint32" - or - name = "OSSL_PARAM_set_uint64" - or - name = "OSSL_PARAM_set_ulong" - or - name = "OSSL_PARAM_set_utf8_ptr" - or - name = "OSSL_PARAM_set_utf8_string" - or - name = "OSSL_PARAM_size_t" - or - name = "OSSL_PARAM_time_t" - or - name = "OSSL_PARAM_uint" - or - name = "OSSL_PARAM_uint32" - or - name = "OSSL_PARAM_uint64" - or - name = "OSSL_PARAM_ulong" - or - name = "OSSL_PARAM_utf8_ptr" - or - name = "OSSL_PARAM_utf8_string" - or - name = "OSSL_PASSPHRASE_CALLBACK" - or - name = "OSSL_PROVIDER" - or - name = "OSSL_PROVIDER_add_builtin" - or - name = "OSSL_PROVIDER_available" - or - name = "OSSL_PROVIDER_do_all" - or - name = "OSSL_PROVIDER_get0_default_search_path" - or - name = "OSSL_PROVIDER_get0_dispatch" - or - name = "OSSL_PROVIDER_get0_name" - or - name = "OSSL_PROVIDER_get0_provider_ctx" - or - name = "OSSL_PROVIDER_get_capabilities" - or - name = "OSSL_PROVIDER_get_params" - or - name = "OSSL_PROVIDER_gettable_params" - or - name = "OSSL_PROVIDER_load" - or - name = "OSSL_PROVIDER_query_operation" - or - name = "OSSL_PROVIDER_self_test" - or - name = "OSSL_PROVIDER_set_default_search_path" - or - name = "OSSL_PROVIDER_try_load" - or - name = "OSSL_PROVIDER_unload" - or - name = "OSSL_PROVIDER_unquery_operation" - or - name = "OSSL_QUIC_client_method" - or - name = "OSSL_QUIC_client_thread_method" - or - name = "OSSL_QUIC_server_method" - or - name = "OSSL_SELF_TEST_free" - or - name = "OSSL_SELF_TEST_get_callback" - or - name = "OSSL_SELF_TEST_new" - or - name = "OSSL_SELF_TEST_onbegin" - or - name = "OSSL_SELF_TEST_oncorrupt_byte" - or - name = "OSSL_SELF_TEST_onend" - or - name = "OSSL_SELF_TEST_set_callback" - or - name = "OSSL_STACK_OF_X509_free" - or - name = "OSSL_STORE_CTX" - or - name = "OSSL_STORE_INFO" - or - name = "OSSL_STORE_INFO_free" - or - name = "OSSL_STORE_INFO_get0_CERT" - or - name = "OSSL_STORE_INFO_get0_CRL" - or - name = "OSSL_STORE_INFO_get0_NAME" - or - name = "OSSL_STORE_INFO_get0_NAME_description" - or - name = "OSSL_STORE_INFO_get0_PARAMS" - or - name = "OSSL_STORE_INFO_get0_PKEY" - or - name = "OSSL_STORE_INFO_get0_PUBKEY" - or - name = "OSSL_STORE_INFO_get0_data" - or - name = "OSSL_STORE_INFO_get1_CERT" - or - name = "OSSL_STORE_INFO_get1_CRL" - or - name = "OSSL_STORE_INFO_get1_NAME" - or - name = "OSSL_STORE_INFO_get1_NAME_description" - or - name = "OSSL_STORE_INFO_get1_PARAMS" - or - name = "OSSL_STORE_INFO_get1_PKEY" - or - name = "OSSL_STORE_INFO_get1_PUBKEY" - or - name = "OSSL_STORE_INFO_get_type" - or - name = "OSSL_STORE_INFO_new" - or - name = "OSSL_STORE_INFO_new_CERT" - or - name = "OSSL_STORE_INFO_new_CRL" - or - name = "OSSL_STORE_INFO_new_NAME" - or - name = "OSSL_STORE_INFO_new_PARAMS" - or - name = "OSSL_STORE_INFO_new_PKEY" - or - name = "OSSL_STORE_INFO_new_PUBKEY" - or - name = "OSSL_STORE_INFO_set0_NAME_description" - or - name = "OSSL_STORE_INFO_type_string" - or - name = "OSSL_STORE_LOADER" - or - name = "OSSL_STORE_LOADER_CTX" - or - name = "OSSL_STORE_LOADER_do_all_provided" - or - name = "OSSL_STORE_LOADER_fetch" - or - name = "OSSL_STORE_LOADER_free" - or - name = "OSSL_STORE_LOADER_get0_description" - or - name = "OSSL_STORE_LOADER_get0_engine" - or - name = "OSSL_STORE_LOADER_get0_properties" - or - name = "OSSL_STORE_LOADER_get0_provider" - or - name = "OSSL_STORE_LOADER_get0_scheme" - or - name = "OSSL_STORE_LOADER_is_a" - or - name = "OSSL_STORE_LOADER_names_do_all" - or - name = "OSSL_STORE_LOADER_new" - or - name = "OSSL_STORE_LOADER_set_attach" - or - name = "OSSL_STORE_LOADER_set_close" - or - name = "OSSL_STORE_LOADER_set_ctrl" - or - name = "OSSL_STORE_LOADER_set_eof" - or - name = "OSSL_STORE_LOADER_set_error" - or - name = "OSSL_STORE_LOADER_set_expect" - or - name = "OSSL_STORE_LOADER_set_find" - or - name = "OSSL_STORE_LOADER_set_load" - or - name = "OSSL_STORE_LOADER_set_open" - or - name = "OSSL_STORE_LOADER_set_open_ex" - or - name = "OSSL_STORE_LOADER_up_ref" - or - name = "OSSL_STORE_SEARCH" - or - name = "OSSL_STORE_SEARCH_by_alias" - or - name = "OSSL_STORE_SEARCH_by_issuer_serial" - or - name = "OSSL_STORE_SEARCH_by_key_fingerprint" - or - name = "OSSL_STORE_SEARCH_by_name" - or - name = "OSSL_STORE_SEARCH_free" - or - name = "OSSL_STORE_SEARCH_get0_bytes" - or - name = "OSSL_STORE_SEARCH_get0_digest" - or - name = "OSSL_STORE_SEARCH_get0_name" - or - name = "OSSL_STORE_SEARCH_get0_serial" - or - name = "OSSL_STORE_SEARCH_get0_string" - or - name = "OSSL_STORE_SEARCH_get_type" - or - name = "OSSL_STORE_attach" - or - name = "OSSL_STORE_attach_fn" - or - name = "OSSL_STORE_close" - or - name = "OSSL_STORE_close_fn" - or - name = "OSSL_STORE_ctrl" - or - name = "OSSL_STORE_ctrl_fn" - or - name = "OSSL_STORE_eof" - or - name = "OSSL_STORE_eof_fn" - or - name = "OSSL_STORE_error" - or - name = "OSSL_STORE_error_fn" - or - name = "OSSL_STORE_expect" - or - name = "OSSL_STORE_expect_fn" - or - name = "OSSL_STORE_find" - or - name = "OSSL_STORE_find_fn" - or - name = "OSSL_STORE_load" - or - name = "OSSL_STORE_load_fn" - or - name = "OSSL_STORE_open" - or - name = "OSSL_STORE_open_ex" - or - name = "OSSL_STORE_open_ex_fn" - or - name = "OSSL_STORE_open_fn" - or - name = "OSSL_STORE_post_process_info_fn" - or - name = "OSSL_STORE_register_loader" - or - name = "OSSL_STORE_supports_search" - or - name = "OSSL_STORE_unregister_loader" - or - name = "OSSL_TRACE" - or - name = "OSSL_TRACE1" - or - name = "OSSL_TRACE2" - or - name = "OSSL_TRACE3" - or - name = "OSSL_TRACE4" - or - name = "OSSL_TRACE5" - or - name = "OSSL_TRACE6" - or - name = "OSSL_TRACE7" - or - name = "OSSL_TRACE8" - or - name = "OSSL_TRACE9" - or - name = "OSSL_TRACEV" - or - name = "OSSL_TRACE_BEGIN" - or - name = "OSSL_TRACE_CANCEL" - or - name = "OSSL_TRACE_ENABLED" - or - name = "OSSL_TRACE_END" - or - name = "OSSL_TRACE_STRING" - or - name = "OSSL_TRACE_STRING_MAX" - or - name = "OSSL_default_cipher_list" - or - name = "OSSL_default_ciphersuites" - or - name = "OSSL_get_max_threads" - or - name = "OSSL_get_thread_support_flags" - or - name = "OSSL_parse_url" - or - name = "OSSL_set_max_threads" - or - name = "OSSL_sleep" - or - name = "OSSL_trace_begin" - or - name = "OSSL_trace_cb" - or - name = "OSSL_trace_enabled" - or - name = "OSSL_trace_end" - or - name = "OSSL_trace_get_category_name" - or - name = "OSSL_trace_get_category_num" - or - name = "OSSL_trace_set_callback" - or - name = "OSSL_trace_set_channel" - or - name = "OSSL_trace_set_prefix" - or - name = "OSSL_trace_set_suffix" - or - name = "OSSL_trace_string" - or - name = "OTHERNAME_free" - or - name = "OTHERNAME_new" - or - name = "OpenSSL_add_all_algorithms" - or - name = "OpenSSL_add_all_ciphers" - or - name = "OpenSSL_add_all_digests" - or - name = "OpenSSL_add_ssl_algorithms" - or - name = "OpenSSL_version" - or - name = "OpenSSL_version_num" - or - name = "PBE2PARAM_free" - or - name = "PBE2PARAM_new" - or - name = "PBEPARAM_free" - or - name = "PBEPARAM_new" - or - name = "PBKDF2PARAM_free" - or - name = "PBKDF2PARAM_new" - or - name = "PEM" - or - name = "PEM_FLAG_EAY_COMPATIBLE" - or - name = "PEM_FLAG_ONLY_B64" - or - name = "PEM_FLAG_SECURE" - or - name = "PEM_X509_INFO_read" - or - name = "PEM_X509_INFO_read_bio" - or - name = "PEM_X509_INFO_read_bio_ex" - or - name = "PEM_X509_INFO_read_ex" - or - name = "PEM_bytes_read_bio" - or - name = "PEM_bytes_read_bio_secmem" - or - name = "PEM_do_header" - or - name = "PEM_get_EVP_CIPHER_INFO" - or - name = "PEM_read" - or - name = "PEM_read_CMS" - or - name = "PEM_read_DHparams" - or - name = "PEM_read_DSAPrivateKey" - or - name = "PEM_read_DSA_PUBKEY" - or - name = "PEM_read_DSAparams" - or - name = "PEM_read_ECPKParameters" - or - name = "PEM_read_ECPrivateKey" - or - name = "PEM_read_EC_PUBKEY" - or - name = "PEM_read_NETSCAPE_CERT_SEQUENCE" - or - name = "PEM_read_PKCS7" - or - name = "PEM_read_PKCS8" - or - name = "PEM_read_PKCS8_PRIV_KEY_INFO" - or - name = "PEM_read_PUBKEY" - or - name = "PEM_read_PUBKEY_ex" - or - name = "PEM_read_PrivateKey" - or - name = "PEM_read_PrivateKey_ex" - or - name = "PEM_read_RSAPrivateKey" - or - name = "PEM_read_RSAPublicKey" - or - name = "PEM_read_RSA_PUBKEY" - or - name = "PEM_read_SSL_SESSION" - or - name = "PEM_read_X509" - or - name = "PEM_read_X509_AUX" - or - name = "PEM_read_X509_CRL" - or - name = "PEM_read_X509_PUBKEY" - or - name = "PEM_read_X509_REQ" - or - name = "PEM_read_bio" - or - name = "PEM_read_bio_CMS" - or - name = "PEM_read_bio_DHparams" - or - name = "PEM_read_bio_DSAPrivateKey" - or - name = "PEM_read_bio_DSA_PUBKEY" - or - name = "PEM_read_bio_DSAparams" - or - name = "PEM_read_bio_ECPKParameters" - or - name = "PEM_read_bio_EC_PUBKEY" - or - name = "PEM_read_bio_NETSCAPE_CERT_SEQUENCE" - or - name = "PEM_read_bio_PKCS7" - or - name = "PEM_read_bio_PKCS8" - or - name = "PEM_read_bio_PKCS8_PRIV_KEY_INFO" - or - name = "PEM_read_bio_PUBKEY" - or - name = "PEM_read_bio_PUBKEY_ex" - or - name = "PEM_read_bio_Parameters" - or - name = "PEM_read_bio_Parameters_ex" - or - name = "PEM_read_bio_PrivateKey" - or - name = "PEM_read_bio_PrivateKey_ex" - or - name = "PEM_read_bio_RSAPrivateKey" - or - name = "PEM_read_bio_RSAPublicKey" - or - name = "PEM_read_bio_RSA_PUBKEY" - or - name = "PEM_read_bio_SSL_SESSION" - or - name = "PEM_read_bio_X509" - or - name = "PEM_read_bio_X509_AUX" - or - name = "PEM_read_bio_X509_CRL" - or - name = "PEM_read_bio_X509_PUBKEY" - or - name = "PEM_read_bio_X509_REQ" - or - name = "PEM_read_bio_ex" - or - name = "PEM_write" - or - name = "PEM_write_CMS" - or - name = "PEM_write_DHparams" - or - name = "PEM_write_DHxparams" - or - name = "PEM_write_DSAPrivateKey" - or - name = "PEM_write_DSA_PUBKEY" - or - name = "PEM_write_DSAparams" - or - name = "PEM_write_ECPKParameters" - or - name = "PEM_write_ECPrivateKey" - or - name = "PEM_write_EC_PUBKEY" - or - name = "PEM_write_NETSCAPE_CERT_SEQUENCE" - or - name = "PEM_write_PKCS7" - or - name = "PEM_write_PKCS8" - or - name = "PEM_write_PKCS8PrivateKey" - or - name = "PEM_write_PKCS8PrivateKey_nid" - or - name = "PEM_write_PKCS8_PRIV_KEY_INFO" - or - name = "PEM_write_PUBKEY" - or - name = "PEM_write_PUBKEY_ex" - or - name = "PEM_write_PrivateKey" - or - name = "PEM_write_PrivateKey_ex" - or - name = "PEM_write_RSAPrivateKey" - or - name = "PEM_write_RSAPublicKey" - or - name = "PEM_write_RSA_PUBKEY" - or - name = "PEM_write_SSL_SESSION" - or - name = "PEM_write_X509" - or - name = "PEM_write_X509_AUX" - or - name = "PEM_write_X509_CRL" - or - name = "PEM_write_X509_PUBKEY" - or - name = "PEM_write_X509_REQ" - or - name = "PEM_write_X509_REQ_NEW" - or - name = "PEM_write_bio" - or - name = "PEM_write_bio_CMS" - or - name = "PEM_write_bio_CMS_stream" - or - name = "PEM_write_bio_DHparams" - or - name = "PEM_write_bio_DHxparams" - or - name = "PEM_write_bio_DSAPrivateKey" - or - name = "PEM_write_bio_DSA_PUBKEY" - or - name = "PEM_write_bio_DSAparams" - or - name = "PEM_write_bio_ECPKParameters" - or - name = "PEM_write_bio_ECPrivateKey" - or - name = "PEM_write_bio_EC_PUBKEY" - or - name = "PEM_write_bio_NETSCAPE_CERT_SEQUENCE" - or - name = "PEM_write_bio_PKCS7" - or - name = "PEM_write_bio_PKCS7_stream" - or - name = "PEM_write_bio_PKCS8" - or - name = "PEM_write_bio_PKCS8PrivateKey" - or - name = "PEM_write_bio_PKCS8PrivateKey_nid" - or - name = "PEM_write_bio_PKCS8_PRIV_KEY_INFO" - or - name = "PEM_write_bio_PUBKEY" - or - name = "PEM_write_bio_PUBKEY_ex" - or - name = "PEM_write_bio_Parameters" - or - name = "PEM_write_bio_PrivateKey" - or - name = "PEM_write_bio_PrivateKey_ex" - or - name = "PEM_write_bio_PrivateKey_traditional" - or - name = "PEM_write_bio_RSAPrivateKey" - or - name = "PEM_write_bio_RSAPublicKey" - or - name = "PEM_write_bio_RSA_PUBKEY" - or - name = "PEM_write_bio_SSL_SESSION" - or - name = "PEM_write_bio_X509" - or - name = "PEM_write_bio_X509_AUX" - or - name = "PEM_write_bio_X509_CRL" - or - name = "PEM_write_bio_X509_PUBKEY" - or - name = "PEM_write_bio_X509_REQ" - or - name = "PEM_write_bio_X509_REQ_NEW" - or - name = "PKCS12_BAGS_free" - or - name = "PKCS12_BAGS_new" - or - name = "PKCS12_MAC_DATA_free" - or - name = "PKCS12_MAC_DATA_new" - or - name = "PKCS12_PBE_keyivgen" - or - name = "PKCS12_PBE_keyivgen_ex" - or - name = "PKCS12_SAFEBAG_create0_p8inf" - or - name = "PKCS12_SAFEBAG_create0_pkcs8" - or - name = "PKCS12_SAFEBAG_create_cert" - or - name = "PKCS12_SAFEBAG_create_crl" - or - name = "PKCS12_SAFEBAG_create_pkcs8_encrypt" - or - name = "PKCS12_SAFEBAG_create_pkcs8_encrypt_ex" - or - name = "PKCS12_SAFEBAG_create_secret" - or - name = "PKCS12_SAFEBAG_free" - or - name = "PKCS12_SAFEBAG_get0_attr" - or - name = "PKCS12_SAFEBAG_get0_attrs" - or - name = "PKCS12_SAFEBAG_get0_bag_obj" - or - name = "PKCS12_SAFEBAG_get0_bag_type" - or - name = "PKCS12_SAFEBAG_get0_p8inf" - or - name = "PKCS12_SAFEBAG_get0_pkcs8" - or - name = "PKCS12_SAFEBAG_get0_safes" - or - name = "PKCS12_SAFEBAG_get0_type" - or - name = "PKCS12_SAFEBAG_get1_cert" - or - name = "PKCS12_SAFEBAG_get1_cert_ex" - or - name = "PKCS12_SAFEBAG_get1_crl" - or - name = "PKCS12_SAFEBAG_get1_crl_ex" - or - name = "PKCS12_SAFEBAG_get_bag_nid" - or - name = "PKCS12_SAFEBAG_get_nid" - or - name = "PKCS12_SAFEBAG_new" - or - name = "PKCS12_SAFEBAG_set0_attrs" - or - name = "PKCS12_add1_attr_by_NID" - or - name = "PKCS12_add1_attr_by_txt" - or - name = "PKCS12_add_CSPName_asc" - or - name = "PKCS12_add_cert" - or - name = "PKCS12_add_friendlyname_asc" - or - name = "PKCS12_add_friendlyname_uni" - or - name = "PKCS12_add_friendlyname_utf8" - or - name = "PKCS12_add_key" - or - name = "PKCS12_add_key_ex" - or - name = "PKCS12_add_localkeyid" - or - name = "PKCS12_add_safe" - or - name = "PKCS12_add_safe_ex" - or - name = "PKCS12_add_safes" - or - name = "PKCS12_add_safes_ex" - or - name = "PKCS12_add_secret" - or - name = "PKCS12_create" - or - name = "PKCS12_create_cb" - or - name = "PKCS12_create_ex" - or - name = "PKCS12_create_ex2" - or - name = "PKCS12_decrypt_skey" - or - name = "PKCS12_decrypt_skey_ex" - or - name = "PKCS12_free" - or - name = "PKCS12_gen_mac" - or - name = "PKCS12_get_attr_gen" - or - name = "PKCS12_get_friendlyname" - or - name = "PKCS12_init" - or - name = "PKCS12_init_ex" - or - name = "PKCS12_item_decrypt_d2i" - or - name = "PKCS12_item_decrypt_d2i_ex" - or - name = "PKCS12_item_i2d_encrypt" - or - name = "PKCS12_item_i2d_encrypt_ex" - or - name = "PKCS12_key_gen_asc" - or - name = "PKCS12_key_gen_asc_ex" - or - name = "PKCS12_key_gen_uni" - or - name = "PKCS12_key_gen_uni_ex" - or - name = "PKCS12_key_gen_utf8" - or - name = "PKCS12_key_gen_utf8_ex" - or - name = "PKCS12_new" - or - name = "PKCS12_newpass" - or - name = "PKCS12_pack_p7encdata" - or - name = "PKCS12_pack_p7encdata_ex" - or - name = "PKCS12_parse" - or - name = "PKCS12_pbe_crypt" - or - name = "PKCS12_pbe_crypt_ex" - or - name = "PKCS12_set_mac" - or - name = "PKCS12_setup_mac" - or - name = "PKCS12_verify_mac" - or - name = "PKCS5_PBE_keyivgen" - or - name = "PKCS5_PBE_keyivgen_ex" - or - name = "PKCS5_PBKDF2_HMAC" - or - name = "PKCS5_PBKDF2_HMAC_SHA1" - or - name = "PKCS5_pbe2_set" - or - name = "PKCS5_pbe2_set_iv" - or - name = "PKCS5_pbe2_set_iv_ex" - or - name = "PKCS5_pbe2_set_scrypt" - or - name = "PKCS5_pbe_set" - or - name = "PKCS5_pbe_set0_algor" - or - name = "PKCS5_pbe_set0_algor_ex" - or - name = "PKCS5_pbe_set_ex" - or - name = "PKCS5_pbkdf2_set" - or - name = "PKCS5_pbkdf2_set_ex" - or - name = "PKCS5_v2_PBE_keyivgen" - or - name = "PKCS5_v2_PBE_keyivgen_ex" - or - name = "PKCS5_v2_scrypt_keyivgen" - or - name = "PKCS5_v2_scrypt_keyivgen_ex" - or - name = "PKCS7_DIGEST_free" - or - name = "PKCS7_DIGEST_new" - or - name = "PKCS7_ENCRYPT_free" - or - name = "PKCS7_ENCRYPT_new" - or - name = "PKCS7_ENC_CONTENT_free" - or - name = "PKCS7_ENC_CONTENT_new" - or - name = "PKCS7_ENVELOPE_free" - or - name = "PKCS7_ENVELOPE_new" - or - name = "PKCS7_ISSUER_AND_SERIAL_digest" - or - name = "PKCS7_ISSUER_AND_SERIAL_free" - or - name = "PKCS7_ISSUER_AND_SERIAL_new" - or - name = "PKCS7_RECIP_INFO_free" - or - name = "PKCS7_RECIP_INFO_new" - or - name = "PKCS7_SIGNED_free" - or - name = "PKCS7_SIGNED_new" - or - name = "PKCS7_SIGNER_INFO_free" - or - name = "PKCS7_SIGNER_INFO_new" - or - name = "PKCS7_SIGN_ENVELOPE_free" - or - name = "PKCS7_SIGN_ENVELOPE_new" - or - name = "PKCS7_add_certificate" - or - name = "PKCS7_add_crl" - or - name = "PKCS7_decrypt" - or - name = "PKCS7_dup" - or - name = "PKCS7_encrypt" - or - name = "PKCS7_encrypt_ex" - or - name = "PKCS7_free" - or - name = "PKCS7_get0_signers" - or - name = "PKCS7_get_octet_string" - or - name = "PKCS7_new" - or - name = "PKCS7_new_ex" - or - name = "PKCS7_print_ctx" - or - name = "PKCS7_sign" - or - name = "PKCS7_sign_add_signer" - or - name = "PKCS7_sign_ex" - or - name = "PKCS7_type_is_other" - or - name = "PKCS7_verify" - or - name = "PKCS8_PRIV_KEY_INFO_free" - or - name = "PKCS8_PRIV_KEY_INFO_new" - or - name = "PKCS8_decrypt" - or - name = "PKCS8_decrypt_ex" - or - name = "PKCS8_encrypt" - or - name = "PKCS8_encrypt_ex" - or - name = "PKCS8_pkey_add1_attr" - or - name = "PKCS8_pkey_add1_attr_by_NID" - or - name = "PKCS8_pkey_add1_attr_by_OBJ" - or - name = "PKCS8_pkey_get0_attrs" - or - name = "PKCS8_set0_pbe" - or - name = "PKCS8_set0_pbe_ex" - or - name = "PKEY_USAGE_PERIOD_free" - or - name = "PKEY_USAGE_PERIOD_new" - or - name = "POLICYINFO_free" - or - name = "POLICYINFO_new" - or - name = "POLICYQUALINFO_free" - or - name = "POLICYQUALINFO_new" - or - name = "POLICY_CONSTRAINTS_free" - or - name = "POLICY_CONSTRAINTS_new" - or - name = "POLICY_MAPPING_free" - or - name = "POLICY_MAPPING_new" - or - name = "PROFESSION_INFO" - or - name = "PROFESSION_INFOS" - or - name = "PROFESSION_INFOS_free" - or - name = "PROFESSION_INFOS_new" - or - name = "PROFESSION_INFO_free" - or - name = "PROFESSION_INFO_get0_addProfessionInfo" - or - name = "PROFESSION_INFO_get0_namingAuthority" - or - name = "PROFESSION_INFO_get0_professionItems" - or - name = "PROFESSION_INFO_get0_professionOIDs" - or - name = "PROFESSION_INFO_get0_registrationNumber" - or - name = "PROFESSION_INFO_new" - or - name = "PROFESSION_INFO_set0_addProfessionInfo" - or - name = "PROFESSION_INFO_set0_namingAuthority" - or - name = "PROFESSION_INFO_set0_professionItems" - or - name = "PROFESSION_INFO_set0_professionOIDs" - or - name = "PROFESSION_INFO_set0_registrationNumber" - or - name = "PROXY_CERT_INFO_EXTENSION_free" - or - name = "PROXY_CERT_INFO_EXTENSION_new" - or - name = "PROXY_POLICY_free" - or - name = "PROXY_POLICY_new" - or - name = "RAND_DRBG_bytes" - or - name = "RAND_DRBG_cleanup_entropy_fn" - or - name = "RAND_DRBG_cleanup_nonce_fn" - or - name = "RAND_DRBG_free" - or - name = "RAND_DRBG_generate" - or - name = "RAND_DRBG_get0_master" - or - name = "RAND_DRBG_get0_private" - or - name = "RAND_DRBG_get0_public" - or - name = "RAND_DRBG_get_entropy_fn" - or - name = "RAND_DRBG_get_ex_data" - or - name = "RAND_DRBG_get_ex_new_index" - or - name = "RAND_DRBG_get_nonce_fn" - or - name = "RAND_DRBG_instantiate" - or - name = "RAND_DRBG_new" - or - name = "RAND_DRBG_reseed" - or - name = "RAND_DRBG_secure_new" - or - name = "RAND_DRBG_set" - or - name = "RAND_DRBG_set_callbacks" - or - name = "RAND_DRBG_set_defaults" - or - name = "RAND_DRBG_set_ex_data" - or - name = "RAND_DRBG_set_reseed_defaults" - or - name = "RAND_DRBG_set_reseed_interval" - or - name = "RAND_DRBG_set_reseed_time_interval" - or - name = "RAND_DRBG_uninstantiate" - or - name = "RAND_OpenSSL" - or - name = "RAND_SSLeay" - or - name = "RAND_add" - or - name = "RAND_bytes" - or - name = "RAND_bytes_ex" - or - name = "RAND_cleanup" - or - name = "RAND_egd" - or - name = "RAND_egd_bytes" - or - name = "RAND_event" - or - name = "RAND_file_name" - or - name = "RAND_get0_primary" - or - name = "RAND_get0_private" - or - name = "RAND_get0_public" - or - name = "RAND_get_rand_method" - or - name = "RAND_keep_random_devices_open" - or - name = "RAND_load_file" - or - name = "RAND_poll" - or - name = "RAND_priv_bytes" - or - name = "RAND_priv_bytes_ex" - or - name = "RAND_pseudo_bytes" - or - name = "RAND_query_egd_bytes" - or - name = "RAND_screen" - or - name = "RAND_seed" - or - name = "RAND_set0_private" - or - name = "RAND_set0_public" - or - name = "RAND_set_DRBG_type" - or - name = "RAND_set_rand_method" - or - name = "RAND_set_seed_source_type" - or - name = "RAND_status" - or - name = "RAND_write_file" - or - name = "RC4" - or - name = "RC4_set_key" - or - name = "RIPEMD160" - or - name = "RIPEMD160_Final" - or - name = "RIPEMD160_Init" - or - name = "RIPEMD160_Update" - or - name = "RSAPrivateKey_dup" - or - name = "RSAPublicKey_dup" - or - name = "RSA_OAEP_PARAMS_free" - or - name = "RSA_OAEP_PARAMS_new" - or - name = "RSA_PKCS1_OpenSSL" - or - name = "RSA_PKCS1_SSLeay" - or - name = "RSA_PSS_PARAMS_dup" - or - name = "RSA_PSS_PARAMS_free" - or - name = "RSA_PSS_PARAMS_new" - or - name = "RSA_bits" - or - name = "RSA_blinding_off" - or - name = "RSA_blinding_on" - or - name = "RSA_check_key" - or - name = "RSA_check_key_ex" - or - name = "RSA_clear_flags" - or - name = "RSA_flags" - or - name = "RSA_free" - or - name = "RSA_generate_key" - or - name = "RSA_generate_key_ex" - or - name = "RSA_generate_multi_prime_key" - or - name = "RSA_get0_crt_params" - or - name = "RSA_get0_d" - or - name = "RSA_get0_dmp1" - or - name = "RSA_get0_dmq1" - or - name = "RSA_get0_e" - or - name = "RSA_get0_engine" - or - name = "RSA_get0_factors" - or - name = "RSA_get0_iqmp" - or - name = "RSA_get0_key" - or - name = "RSA_get0_multi_prime_crt_params" - or - name = "RSA_get0_multi_prime_factors" - or - name = "RSA_get0_n" - or - name = "RSA_get0_p" - or - name = "RSA_get0_pss_params" - or - name = "RSA_get0_q" - or - name = "RSA_get_app_data" - or - name = "RSA_get_default_method" - or - name = "RSA_get_ex_data" - or - name = "RSA_get_ex_new_index" - or - name = "RSA_get_method" - or - name = "RSA_get_multi_prime_extra_count" - or - name = "RSA_get_version" - or - name = "RSA_meth_dup" - or - name = "RSA_meth_free" - or - name = "RSA_meth_get0_app_data" - or - name = "RSA_meth_get0_name" - or - name = "RSA_meth_get_bn_mod_exp" - or - name = "RSA_meth_get_finish" - or - name = "RSA_meth_get_flags" - or - name = "RSA_meth_get_init" - or - name = "RSA_meth_get_keygen" - or - name = "RSA_meth_get_mod_exp" - or - name = "RSA_meth_get_multi_prime_keygen" - or - name = "RSA_meth_get_priv_dec" - or - name = "RSA_meth_get_priv_enc" - or - name = "RSA_meth_get_pub_dec" - or - name = "RSA_meth_get_pub_enc" - or - name = "RSA_meth_get_sign" - or - name = "RSA_meth_get_verify" - or - name = "RSA_meth_new" - or - name = "RSA_meth_set0_app_data" - or - name = "RSA_meth_set1_name" - or - name = "RSA_meth_set_bn_mod_exp" - or - name = "RSA_meth_set_finish" - or - name = "RSA_meth_set_flags" - or - name = "RSA_meth_set_init" - or - name = "RSA_meth_set_keygen" - or - name = "RSA_meth_set_mod_exp" - or - name = "RSA_meth_set_multi_prime_keygen" - or - name = "RSA_meth_set_priv_dec" - or - name = "RSA_meth_set_priv_enc" - or - name = "RSA_meth_set_pub_dec" - or - name = "RSA_meth_set_pub_enc" - or - name = "RSA_meth_set_sign" - or - name = "RSA_meth_set_verify" - or - name = "RSA_new" - or - name = "RSA_new_method" - or - name = "RSA_null_method" - or - name = "RSA_padding_add_PKCS1_OAEP" - or - name = "RSA_padding_add_PKCS1_OAEP_mgf1" - or - name = "RSA_padding_add_PKCS1_type_1" - or - name = "RSA_padding_add_PKCS1_type_2" - or - name = "RSA_padding_add_SSLv23" - or - name = "RSA_padding_add_none" - or - name = "RSA_padding_check_PKCS1_OAEP" - or - name = "RSA_padding_check_PKCS1_OAEP_mgf1" - or - name = "RSA_padding_check_PKCS1_type_1" - or - name = "RSA_padding_check_PKCS1_type_2" - or - name = "RSA_padding_check_SSLv23" - or - name = "RSA_padding_check_none" - or - name = "RSA_print" - or - name = "RSA_print_fp" - or - name = "RSA_private_decrypt" - or - name = "RSA_private_encrypt" - or - name = "RSA_public_decrypt" - or - name = "RSA_public_encrypt" - or - name = "RSA_security_bits" - or - name = "RSA_set0_crt_params" - or - name = "RSA_set0_factors" - or - name = "RSA_set0_key" - or - name = "RSA_set0_multi_prime_params" - or - name = "RSA_set_app_data" - or - name = "RSA_set_default_method" - or - name = "RSA_set_ex_data" - or - name = "RSA_set_flags" - or - name = "RSA_set_method" - or - name = "RSA_sign" - or - name = "RSA_sign_ASN1_OCTET_STRING" - or - name = "RSA_size" - or - name = "RSA_test_flags" - or - name = "RSA_verify" - or - name = "RSA_verify_ASN1_OCTET_STRING" - or - name = "SCRYPT_PARAMS_free" - or - name = "SCRYPT_PARAMS_new" - or - name = "SCT_LIST_free" - or - name = "SCT_LIST_print" - or - name = "SCT_LIST_validate" - or - name = "SCT_free" - or - name = "SCT_get0_extensions" - or - name = "SCT_get0_log_id" - or - name = "SCT_get0_signature" - or - name = "SCT_get_log_entry_type" - or - name = "SCT_get_signature_nid" - or - name = "SCT_get_source" - or - name = "SCT_get_timestamp" - or - name = "SCT_get_validation_status" - or - name = "SCT_get_version" - or - name = "SCT_new" - or - name = "SCT_new_from_base64" - or - name = "SCT_print" - or - name = "SCT_set0_extensions" - or - name = "SCT_set0_log_id" - or - name = "SCT_set0_signature" - or - name = "SCT_set1_extensions" - or - name = "SCT_set1_log_id" - or - name = "SCT_set1_signature" - or - name = "SCT_set_log_entry_type" - or - name = "SCT_set_signature_nid" - or - name = "SCT_set_source" - or - name = "SCT_set_timestamp" - or - name = "SCT_set_version" - or - name = "SCT_validate" - or - name = "SCT_validation_status_string" - or - name = "SHA1" - or - name = "SHA1_Final" - or - name = "SHA1_Init" - or - name = "SHA1_Update" - or - name = "SHA224" - or - name = "SHA224_Final" - or - name = "SHA224_Init" - or - name = "SHA224_Update" - or - name = "SHA256" - or - name = "SHA256_Final" - or - name = "SHA256_Init" - or - name = "SHA256_Update" - or - name = "SHA384" - or - name = "SHA384_Final" - or - name = "SHA384_Init" - or - name = "SHA384_Update" - or - name = "SHA512" - or - name = "SHA512_Final" - or - name = "SHA512_Init" - or - name = "SHA512_Update" - or - name = "SMIME_read_ASN1" - or - name = "SMIME_read_ASN1_ex" - or - name = "SMIME_read_CMS" - or - name = "SMIME_read_CMS_ex" - or - name = "SMIME_read_PKCS7" - or - name = "SMIME_read_PKCS7_ex" - or - name = "SMIME_write_ASN1" - or - name = "SMIME_write_ASN1_ex" - or - name = "SMIME_write_CMS" - or - name = "SMIME_write_PKCS7" - or - name = "SRP_Calc_A" - or - name = "SRP_Calc_B" - or - name = "SRP_Calc_B_ex" - or - name = "SRP_Calc_client_key" - or - name = "SRP_Calc_client_key_ex" - or - name = "SRP_Calc_server_key" - or - name = "SRP_Calc_u" - or - name = "SRP_Calc_u_ex" - or - name = "SRP_Calc_x" - or - name = "SRP_Calc_x_ex" - or - name = "SRP_VBASE_add0_user" - or - name = "SRP_VBASE_free" - or - name = "SRP_VBASE_get1_by_user" - or - name = "SRP_VBASE_get_by_user" - or - name = "SRP_VBASE_init" - or - name = "SRP_VBASE_new" - or - name = "SRP_check_known_gN_param" - or - name = "SRP_create_verifier" - or - name = "SRP_create_verifier_BN" - or - name = "SRP_create_verifier_BN_ex" - or - name = "SRP_create_verifier_ex" - or - name = "SRP_get_default_gN" - or - name = "SRP_user_pwd_free" - or - name = "SRP_user_pwd_new" - or - name = "SRP_user_pwd_set0_sv" - or - name = "SRP_user_pwd_set1_ids" - or - name = "SRP_user_pwd_set_gN" - or - name = "SSL" - or - name = "SSL_CIPHER_description" - or - name = "SSL_CIPHER_find" - or - name = "SSL_CIPHER_get_auth_nid" - or - name = "SSL_CIPHER_get_bits" - or - name = "SSL_CIPHER_get_cipher_nid" - or - name = "SSL_CIPHER_get_digest_nid" - or - name = "SSL_CIPHER_get_handshake_digest" - or - name = "SSL_CIPHER_get_id" - or - name = "SSL_CIPHER_get_kx_nid" - or - name = "SSL_CIPHER_get_name" - or - name = "SSL_CIPHER_get_protocol_id" - or - name = "SSL_CIPHER_get_version" - or - name = "SSL_CIPHER_is_aead" - or - name = "SSL_CIPHER_standard_name" - or - name = "SSL_COMP_add_compression_method" - or - name = "SSL_COMP_free_compression_methods" - or - name = "SSL_COMP_get0_name" - or - name = "SSL_COMP_get_compression_methods" - or - name = "SSL_COMP_get_id" - or - name = "SSL_CONF_CTX_clear_flags" - or - name = "SSL_CONF_CTX_free" - or - name = "SSL_CONF_CTX_new" - or - name = "SSL_CONF_CTX_set1_prefix" - or - name = "SSL_CONF_CTX_set_flags" - or - name = "SSL_CONF_CTX_set_ssl" - or - name = "SSL_CONF_CTX_set_ssl_ctx" - or - name = "SSL_CONF_cmd" - or - name = "SSL_CONF_cmd_argv" - or - name = "SSL_CONF_cmd_value_type" - or - name = "SSL_CTX_add0_chain_cert" - or - name = "SSL_CTX_add1_chain_cert" - or - name = "SSL_CTX_add1_to_CA_list" - or - name = "SSL_CTX_add_client_CA" - or - name = "SSL_CTX_add_client_custom_ext" - or - name = "SSL_CTX_add_custom_ext" - or - name = "SSL_CTX_add_extra_chain_cert" - or - name = "SSL_CTX_add_server_custom_ext" - or - name = "SSL_CTX_add_session" - or - name = "SSL_CTX_build_cert_chain" - or - name = "SSL_CTX_callback_ctrl" - or - name = "SSL_CTX_check_private_key" - or - name = "SSL_CTX_clear_chain_certs" - or - name = "SSL_CTX_clear_extra_chain_certs" - or - name = "SSL_CTX_clear_mode" - or - name = "SSL_CTX_clear_options" - or - name = "SSL_CTX_compress_certs" - or - name = "SSL_CTX_config" - or - name = "SSL_CTX_ct_is_enabled" - or - name = "SSL_CTX_ctrl" - or - name = "SSL_CTX_dane_clear_flags" - or - name = "SSL_CTX_dane_enable" - or - name = "SSL_CTX_dane_mtype_set" - or - name = "SSL_CTX_dane_set_flags" - or - name = "SSL_CTX_decrypt_session_ticket_fn" - or - name = "SSL_CTX_disable_ct" - or - name = "SSL_CTX_enable_ct" - or - name = "SSL_CTX_flush_sessions" - or - name = "SSL_CTX_free" - or - name = "SSL_CTX_generate_session_ticket_fn" - or - name = "SSL_CTX_get0_CA_list" - or - name = "SSL_CTX_get0_chain_cert_store" - or - name = "SSL_CTX_get0_chain_certs" - or - name = "SSL_CTX_get0_client_cert_type" - or - name = "SSL_CTX_get0_param" - or - name = "SSL_CTX_get0_security_ex_data" - or - name = "SSL_CTX_get0_server_cert_type" - or - name = "SSL_CTX_get0_verify_cert_store" - or - name = "SSL_CTX_get1_compressed_cert" - or - name = "SSL_CTX_get_app_data" - or - name = "SSL_CTX_get_cert_store" - or - name = "SSL_CTX_get_ciphers" - or - name = "SSL_CTX_get_client_CA_list" - or - name = "SSL_CTX_get_client_cert_cb" - or - name = "SSL_CTX_get_default_passwd_cb" - or - name = "SSL_CTX_get_default_passwd_cb_userdata" - or - name = "SSL_CTX_get_default_read_ahead" - or - name = "SSL_CTX_get_ex_data" - or - name = "SSL_CTX_get_ex_new_index" - or - name = "SSL_CTX_get_extra_chain_certs" - or - name = "SSL_CTX_get_extra_chain_certs_only" - or - name = "SSL_CTX_get_info_callback" - or - name = "SSL_CTX_get_keylog_callback" - or - name = "SSL_CTX_get_max_cert_list" - or - name = "SSL_CTX_get_max_early_data" - or - name = "SSL_CTX_get_max_proto_version" - or - name = "SSL_CTX_get_min_proto_version" - or - name = "SSL_CTX_get_mode" - or - name = "SSL_CTX_get_num_tickets" - or - name = "SSL_CTX_get_options" - or - name = "SSL_CTX_get_quiet_shutdown" - or - name = "SSL_CTX_get_read_ahead" - or - name = "SSL_CTX_get_record_padding_callback_arg" - or - name = "SSL_CTX_get_recv_max_early_data" - or - name = "SSL_CTX_get_security_callback" - or - name = "SSL_CTX_get_security_level" - or - name = "SSL_CTX_get_session_cache_mode" - or - name = "SSL_CTX_get_ssl_method" - or - name = "SSL_CTX_get_timeout" - or - name = "SSL_CTX_get_tlsext_status_arg" - or - name = "SSL_CTX_get_tlsext_status_cb" - or - name = "SSL_CTX_get_tlsext_status_type" - or - name = "SSL_CTX_get_verify_callback" - or - name = "SSL_CTX_get_verify_depth" - or - name = "SSL_CTX_get_verify_mode" - or - name = "SSL_CTX_has_client_custom_ext" - or - name = "SSL_CTX_keylog_cb_func" - or - name = "SSL_CTX_load_verify_dir" - or - name = "SSL_CTX_load_verify_file" - or - name = "SSL_CTX_load_verify_locations" - or - name = "SSL_CTX_load_verify_store" - or - name = "SSL_CTX_need_tmp_rsa" - or - name = "SSL_CTX_new" - or - name = "SSL_CTX_new_ex" - or - name = "SSL_CTX_remove_session" - or - name = "SSL_CTX_select_current_cert" - or - name = "SSL_CTX_sess_accept" - or - name = "SSL_CTX_sess_accept_good" - or - name = "SSL_CTX_sess_accept_renegotiate" - or - name = "SSL_CTX_sess_cache_full" - or - name = "SSL_CTX_sess_cb_hits" - or - name = "SSL_CTX_sess_connect" - or - name = "SSL_CTX_sess_connect_good" - or - name = "SSL_CTX_sess_connect_renegotiate" - or - name = "SSL_CTX_sess_get_cache_size" - or - name = "SSL_CTX_sess_get_get_cb" - or - name = "SSL_CTX_sess_get_new_cb" - or - name = "SSL_CTX_sess_get_remove_cb" - or - name = "SSL_CTX_sess_hits" - or - name = "SSL_CTX_sess_misses" - or - name = "SSL_CTX_sess_number" - or - name = "SSL_CTX_sess_set_cache_size" - or - name = "SSL_CTX_sess_set_get_cb" - or - name = "SSL_CTX_sess_set_new_cb" - or - name = "SSL_CTX_sess_set_remove_cb" - or - name = "SSL_CTX_sess_timeouts" - or - name = "SSL_CTX_sessions" - or - name = "SSL_CTX_set0_CA_list" - or - name = "SSL_CTX_set0_chain" - or - name = "SSL_CTX_set0_chain_cert_store" - or - name = "SSL_CTX_set0_security_ex_data" - or - name = "SSL_CTX_set0_tmp_dh_pkey" - or - name = "SSL_CTX_set0_verify_cert_store" - or - name = "SSL_CTX_set1_cert_comp_preference" - or - name = "SSL_CTX_set1_cert_store" - or - name = "SSL_CTX_set1_chain" - or - name = "SSL_CTX_set1_chain_cert_store" - or - name = "SSL_CTX_set1_client_cert_type" - or - name = "SSL_CTX_set1_client_sigalgs" - or - name = "SSL_CTX_set1_client_sigalgs_list" - or - name = "SSL_CTX_set1_compressed_cert" - or - name = "SSL_CTX_set1_curves" - or - name = "SSL_CTX_set1_curves_list" - or - name = "SSL_CTX_set1_groups" - or - name = "SSL_CTX_set1_groups_list" - or - name = "SSL_CTX_set1_param" - or - name = "SSL_CTX_set1_server_cert_type" - or - name = "SSL_CTX_set1_sigalgs" - or - name = "SSL_CTX_set1_sigalgs_list" - or - name = "SSL_CTX_set1_verify_cert_store" - or - name = "SSL_CTX_set_allow_early_data_cb" - or - name = "SSL_CTX_set_alpn_protos" - or - name = "SSL_CTX_set_alpn_select_cb" - or - name = "SSL_CTX_set_app_data" - or - name = "SSL_CTX_set_async_callback" - or - name = "SSL_CTX_set_async_callback_arg" - or - name = "SSL_CTX_set_block_padding" - or - name = "SSL_CTX_set_cert_cb" - or - name = "SSL_CTX_set_cert_store" - or - name = "SSL_CTX_set_cert_verify_callback" - or - name = "SSL_CTX_set_cipher_list" - or - name = "SSL_CTX_set_ciphersuites" - or - name = "SSL_CTX_set_client_CA_list" - or - name = "SSL_CTX_set_client_cert_cb" - or - name = "SSL_CTX_set_client_hello_cb" - or - name = "SSL_CTX_set_cookie_generate_cb" - or - name = "SSL_CTX_set_cookie_verify_cb" - or - name = "SSL_CTX_set_ct_validation_callback" - or - name = "SSL_CTX_set_ctlog_list_file" - or - name = "SSL_CTX_set_current_cert" - or - name = "SSL_CTX_set_custom_cli_ext" - or - name = "SSL_CTX_set_default_ctlog_list_file" - or - name = "SSL_CTX_set_default_passwd_cb" - or - name = "SSL_CTX_set_default_passwd_cb_userdata" - or - name = "SSL_CTX_set_default_read_ahead" - or - name = "SSL_CTX_set_default_read_buffer_len" - or - name = "SSL_CTX_set_default_verify_dir" - or - name = "SSL_CTX_set_default_verify_file" - or - name = "SSL_CTX_set_default_verify_paths" - or - name = "SSL_CTX_set_default_verify_store" - or - name = "SSL_CTX_set_dh_auto" - or - name = "SSL_CTX_set_ecdh_auto" - or - name = "SSL_CTX_set_ex_data" - or - name = "SSL_CTX_set_generate_session_id" - or - name = "SSL_CTX_set_info_callback" - or - name = "SSL_CTX_set_keylog_callback" - or - name = "SSL_CTX_set_max_cert_list" - or - name = "SSL_CTX_set_max_early_data" - or - name = "SSL_CTX_set_max_pipelines" - or - name = "SSL_CTX_set_max_proto_version" - or - name = "SSL_CTX_set_max_send_fragment" - or - name = "SSL_CTX_set_min_proto_version" - or - name = "SSL_CTX_set_mode" - or - name = "SSL_CTX_set_msg_callback" - or - name = "SSL_CTX_set_msg_callback_arg" - or - name = "SSL_CTX_set_next_proto_select_cb" - or - name = "SSL_CTX_set_next_protos_advertised_cb" - or - name = "SSL_CTX_set_num_tickets" - or - name = "SSL_CTX_set_options" - or - name = "SSL_CTX_set_post_handshake_auth" - or - name = "SSL_CTX_set_psk_client_callback" - or - name = "SSL_CTX_set_psk_find_session_callback" - or - name = "SSL_CTX_set_psk_server_callback" - or - name = "SSL_CTX_set_psk_use_session_callback" - or - name = "SSL_CTX_set_purpose" - or - name = "SSL_CTX_set_quiet_shutdown" - or - name = "SSL_CTX_set_read_ahead" - or - name = "SSL_CTX_set_record_padding_callback" - or - name = "SSL_CTX_set_record_padding_callback_arg" - or - name = "SSL_CTX_set_recv_max_early_data" - or - name = "SSL_CTX_set_security_callback" - or - name = "SSL_CTX_set_security_level" - or - name = "SSL_CTX_set_session_cache_mode" - or - name = "SSL_CTX_set_session_id_context" - or - name = "SSL_CTX_set_session_ticket_cb" - or - name = "SSL_CTX_set_split_send_fragment" - or - name = "SSL_CTX_set_srp_cb_arg" - or - name = "SSL_CTX_set_srp_client_pwd_callback" - or - name = "SSL_CTX_set_srp_password" - or - name = "SSL_CTX_set_srp_strength" - or - name = "SSL_CTX_set_srp_username" - or - name = "SSL_CTX_set_srp_username_callback" - or - name = "SSL_CTX_set_srp_verify_param_callback" - or - name = "SSL_CTX_set_ssl_version" - or - name = "SSL_CTX_set_stateless_cookie_generate_cb" - or - name = "SSL_CTX_set_stateless_cookie_verify_cb" - or - name = "SSL_CTX_set_timeout" - or - name = "SSL_CTX_set_tlsext_max_fragment_length" - or - name = "SSL_CTX_set_tlsext_servername_arg" - or - name = "SSL_CTX_set_tlsext_servername_callback" - or - name = "SSL_CTX_set_tlsext_status_arg" - or - name = "SSL_CTX_set_tlsext_status_cb" - or - name = "SSL_CTX_set_tlsext_status_type" - or - name = "SSL_CTX_set_tlsext_ticket_key_cb" - or - name = "SSL_CTX_set_tlsext_ticket_key_evp_cb" - or - name = "SSL_CTX_set_tlsext_use_srtp" - or - name = "SSL_CTX_set_tmp_dh" - or - name = "SSL_CTX_set_tmp_dh_callback" - or - name = "SSL_CTX_set_tmp_ecdh" - or - name = "SSL_CTX_set_tmp_rsa" - or - name = "SSL_CTX_set_tmp_rsa_callback" - or - name = "SSL_CTX_set_trust" - or - name = "SSL_CTX_set_verify" - or - name = "SSL_CTX_set_verify_depth" - or - name = "SSL_CTX_up_ref" - or - name = "SSL_CTX_use_PrivateKey" - or - name = "SSL_CTX_use_PrivateKey_ASN1" - or - name = "SSL_CTX_use_PrivateKey_file" - or - name = "SSL_CTX_use_RSAPrivateKey" - or - name = "SSL_CTX_use_RSAPrivateKey_ASN1" - or - name = "SSL_CTX_use_RSAPrivateKey_file" - or - name = "SSL_CTX_use_cert_and_key" - or - name = "SSL_CTX_use_certificate" - or - name = "SSL_CTX_use_certificate_ASN1" - or - name = "SSL_CTX_use_certificate_chain_file" - or - name = "SSL_CTX_use_certificate_file" - or - name = "SSL_CTX_use_psk_identity_hint" - or - name = "SSL_CTX_use_serverinfo" - or - name = "SSL_CTX_use_serverinfo_ex" - or - name = "SSL_CTX_use_serverinfo_file" - or - name = "SSL_OP_BIT" - or - name = "SSL_SESSION_dup" - or - name = "SSL_SESSION_free" - or - name = "SSL_SESSION_get0_alpn_selected" - or - name = "SSL_SESSION_get0_cipher" - or - name = "SSL_SESSION_get0_hostname" - or - name = "SSL_SESSION_get0_id_context" - or - name = "SSL_SESSION_get0_peer" - or - name = "SSL_SESSION_get0_peer_rpk" - or - name = "SSL_SESSION_get0_ticket" - or - name = "SSL_SESSION_get0_ticket_appdata" - or - name = "SSL_SESSION_get_app_data" - or - name = "SSL_SESSION_get_compress_id" - or - name = "SSL_SESSION_get_ex_data" - or - name = "SSL_SESSION_get_ex_new_index" - or - name = "SSL_SESSION_get_id" - or - name = "SSL_SESSION_get_master_key" - or - name = "SSL_SESSION_get_max_early_data" - or - name = "SSL_SESSION_get_max_fragment_length" - or - name = "SSL_SESSION_get_protocol_version" - or - name = "SSL_SESSION_get_ticket_lifetime_hint" - or - name = "SSL_SESSION_get_time" - or - name = "SSL_SESSION_get_timeout" - or - name = "SSL_SESSION_has_ticket" - or - name = "SSL_SESSION_is_resumable" - or - name = "SSL_SESSION_new" - or - name = "SSL_SESSION_print" - or - name = "SSL_SESSION_print_fp" - or - name = "SSL_SESSION_print_keylog" - or - name = "SSL_SESSION_set1_alpn_selected" - or - name = "SSL_SESSION_set1_hostname" - or - name = "SSL_SESSION_set1_id" - or - name = "SSL_SESSION_set1_id_context" - or - name = "SSL_SESSION_set1_master_key" - or - name = "SSL_SESSION_set1_ticket_appdata" - or - name = "SSL_SESSION_set_app_data" - or - name = "SSL_SESSION_set_cipher" - or - name = "SSL_SESSION_set_ex_data" - or - name = "SSL_SESSION_set_max_early_data" - or - name = "SSL_SESSION_set_protocol_version" - or - name = "SSL_SESSION_set_time" - or - name = "SSL_SESSION_set_timeout" - or - name = "SSL_SESSION_up_ref" - or - name = "SSL_accept" - or - name = "SSL_add0_chain_cert" - or - name = "SSL_add1_chain_cert" - or - name = "SSL_add1_host" - or - name = "SSL_add1_to_CA_list" - or - name = "SSL_add_client_CA" - or - name = "SSL_add_dir_cert_subjects_to_stack" - or - name = "SSL_add_expected_rpk" - or - name = "SSL_add_file_cert_subjects_to_stack" - or - name = "SSL_add_session" - or - name = "SSL_add_store_cert_subjects_to_stack" - or - name = "SSL_alert_desc_string" - or - name = "SSL_alert_desc_string_long" - or - name = "SSL_alert_type_string" - or - name = "SSL_alert_type_string_long" - or - name = "SSL_alloc_buffers" - or - name = "SSL_allow_early_data_cb_fn" - or - name = "SSL_async_callback_fn" - or - name = "SSL_build_cert_chain" - or - name = "SSL_bytes_to_cipher_list" - or - name = "SSL_callback_ctrl" - or - name = "SSL_check_chain" - or - name = "SSL_check_private_key" - or - name = "SSL_clear" - or - name = "SSL_clear_chain_certs" - or - name = "SSL_clear_mode" - or - name = "SSL_clear_options" - or - name = "SSL_client_hello_cb_fn" - or - name = "SSL_client_hello_get0_ciphers" - or - name = "SSL_client_hello_get0_compression_methods" - or - name = "SSL_client_hello_get0_ext" - or - name = "SSL_client_hello_get0_legacy_version" - or - name = "SSL_client_hello_get0_random" - or - name = "SSL_client_hello_get0_session_id" - or - name = "SSL_client_hello_get1_extensions_present" - or - name = "SSL_client_hello_get_extension_order" - or - name = "SSL_client_hello_isv2" - or - name = "SSL_client_version" - or - name = "SSL_compress_certs" - or - name = "SSL_config" - or - name = "SSL_connect" - or - name = "SSL_ct_is_enabled" - or - name = "SSL_ctrl" - or - name = "SSL_custom_ext_add_cb_ex" - or - name = "SSL_custom_ext_free_cb_ex" - or - name = "SSL_custom_ext_parse_cb_ex" - or - name = "SSL_dane_clear_flags" - or - name = "SSL_dane_enable" - or - name = "SSL_dane_set_flags" - or - name = "SSL_dane_tlsa_add" - or - name = "SSL_disable_ct" - or - name = "SSL_do_handshake" - or - name = "SSL_dup" - or - name = "SSL_enable_ct" - or - name = "SSL_export_keying_material" - or - name = "SSL_export_keying_material_early" - or - name = "SSL_extension_supported" - or - name = "SSL_flush_sessions" - or - name = "SSL_free" - or - name = "SSL_free_buffers" - or - name = "SSL_get0_CA_list" - or - name = "SSL_get0_alpn_selected" - or - name = "SSL_get0_chain_cert_store" - or - name = "SSL_get0_chain_certs" - or - name = "SSL_get0_client_cert_type" - or - name = "SSL_get0_dane_authority" - or - name = "SSL_get0_dane_tlsa" - or - name = "SSL_get0_iana_groups" - or - name = "SSL_get0_next_proto_negotiated" - or - name = "SSL_get0_param" - or - name = "SSL_get0_peer_CA_list" - or - name = "SSL_get0_peer_certificate" - or - name = "SSL_get0_peer_rpk" - or - name = "SSL_get0_peer_scts" - or - name = "SSL_get0_peername" - or - name = "SSL_get0_security_ex_data" - or - name = "SSL_get0_server_cert_type" - or - name = "SSL_get0_session" - or - name = "SSL_get0_verified_chain" - or - name = "SSL_get0_verify_cert_store" - or - name = "SSL_get1_compressed_cert" - or - name = "SSL_get1_curves" - or - name = "SSL_get1_groups" - or - name = "SSL_get1_peer_certificate" - or - name = "SSL_get1_session" - or - name = "SSL_get1_supported_ciphers" - or - name = "SSL_get_SSL_CTX" - or - name = "SSL_get_accept_state" - or - name = "SSL_get_all_async_fds" - or - name = "SSL_get_app_data" - or - name = "SSL_get_async_status" - or - name = "SSL_get_blocking_mode" - or - name = "SSL_get_certificate" - or - name = "SSL_get_changed_async_fds" - or - name = "SSL_get_cipher" - or - name = "SSL_get_cipher_bits" - or - name = "SSL_get_cipher_list" - or - name = "SSL_get_cipher_name" - or - name = "SSL_get_cipher_version" - or - name = "SSL_get_ciphers" - or - name = "SSL_get_client_CA_list" - or - name = "SSL_get_client_ciphers" - or - name = "SSL_get_client_random" - or - name = "SSL_get_current_cipher" - or - name = "SSL_get_default_passwd_cb" - or - name = "SSL_get_default_passwd_cb_userdata" - or - name = "SSL_get_default_timeout" - or - name = "SSL_get_early_data_status" - or - name = "SSL_get_error" - or - name = "SSL_get_ex_data" - or - name = "SSL_get_ex_data_X509_STORE_CTX_idx" - or - name = "SSL_get_ex_new_index" - or - name = "SSL_get_extms_support" - or - name = "SSL_get_fd" - or - name = "SSL_get_info_callback" - or - name = "SSL_get_key_update_type" - or - name = "SSL_get_max_cert_list" - or - name = "SSL_get_max_early_data" - or - name = "SSL_get_max_proto_version" - or - name = "SSL_get_min_proto_version" - or - name = "SSL_get_mode" - or - name = "SSL_get_msg_callback_arg" - or - name = "SSL_get_negotiated_client_cert_type" - or - name = "SSL_get_negotiated_group" - or - name = "SSL_get_negotiated_server_cert_type" - or - name = "SSL_get_num_tickets" - or - name = "SSL_get_options" - or - name = "SSL_get_peer_cert_chain" - or - name = "SSL_get_peer_certificate" - or - name = "SSL_get_peer_signature_nid" - or - name = "SSL_get_peer_signature_type_nid" - or - name = "SSL_get_peer_tmp_key" - or - name = "SSL_get_pending_cipher" - or - name = "SSL_get_privatekey" - or - name = "SSL_get_psk_identity" - or - name = "SSL_get_psk_identity_hint" - or - name = "SSL_get_quiet_shutdown" - or - name = "SSL_get_rbio" - or - name = "SSL_get_read_ahead" - or - name = "SSL_get_record_padding_callback_arg" - or - name = "SSL_get_recv_max_early_data" - or - name = "SSL_get_rfd" - or - name = "SSL_get_rpoll_descriptor" - or - name = "SSL_get_secure_renegotiation_support" - or - name = "SSL_get_security_callback" - or - name = "SSL_get_security_level" - or - name = "SSL_get_selected_srtp_profile" - or - name = "SSL_get_server_random" - or - name = "SSL_get_server_tmp_key" - or - name = "SSL_get_servername" - or - name = "SSL_get_servername_type" - or - name = "SSL_get_session" - or - name = "SSL_get_shared_ciphers" - or - name = "SSL_get_shared_curve" - or - name = "SSL_get_shared_group" - or - name = "SSL_get_shared_sigalgs" - or - name = "SSL_get_shutdown" - or - name = "SSL_get_sigalgs" - or - name = "SSL_get_signature_nid" - or - name = "SSL_get_signature_type_nid" - or - name = "SSL_get_srp_N" - or - name = "SSL_get_srp_g" - or - name = "SSL_get_srp_userinfo" - or - name = "SSL_get_srp_username" - or - name = "SSL_get_srtp_profiles" - or - name = "SSL_get_ssl_method" - or - name = "SSL_get_state" - or - name = "SSL_get_tick_timeout" - or - name = "SSL_get_time" - or - name = "SSL_get_timeout" - or - name = "SSL_get_tlsext_status_ocsp_resp" - or - name = "SSL_get_tlsext_status_type" - or - name = "SSL_get_tmp_key" - or - name = "SSL_get_verify_callback" - or - name = "SSL_get_verify_depth" - or - name = "SSL_get_verify_mode" - or - name = "SSL_get_verify_result" - or - name = "SSL_get_version" - or - name = "SSL_get_wbio" - or - name = "SSL_get_wfd" - or - name = "SSL_get_wpoll_descriptor" - or - name = "SSL_group_to_name" - or - name = "SSL_has_matching_session_id" - or - name = "SSL_has_pending" - or - name = "SSL_in_accept_init" - or - name = "SSL_in_before" - or - name = "SSL_in_connect_init" - or - name = "SSL_in_init" - or - name = "SSL_inject_net_dgram" - or - name = "SSL_is_dtls" - or - name = "SSL_is_init_finished" - or - name = "SSL_is_quic" - or - name = "SSL_is_server" - or - name = "SSL_is_tls" - or - name = "SSL_key_update" - or - name = "SSL_library_init" - or - name = "SSL_load_client_CA_file" - or - name = "SSL_load_client_CA_file_ex" - or - name = "SSL_load_error_strings" - or - name = "SSL_need_tmp_rsa" - or - name = "SSL_net_read_desired" - or - name = "SSL_net_write_desired" - or - name = "SSL_new" - or - name = "SSL_new_session_ticket" - or - name = "SSL_peek" - or - name = "SSL_peek_ex" - or - name = "SSL_pending" - or - name = "SSL_psk_client_cb_func" - or - name = "SSL_psk_find_session_cb_func" - or - name = "SSL_psk_server_cb_func" - or - name = "SSL_psk_use_session_cb_func" - or - name = "SSL_read" - or - name = "SSL_read_early_data" - or - name = "SSL_read_ex" - or - name = "SSL_remove_session" - or - name = "SSL_renegotiate" - or - name = "SSL_renegotiate_abbreviated" - or - name = "SSL_renegotiate_pending" - or - name = "SSL_rstate_string" - or - name = "SSL_rstate_string_long" - or - name = "SSL_select_current_cert" - or - name = "SSL_select_next_proto" - or - name = "SSL_sendfile" - or - name = "SSL_session_reused" - or - name = "SSL_set0_CA_list" - or - name = "SSL_set0_chain" - or - name = "SSL_set0_chain_cert_store" - or - name = "SSL_set0_rbio" - or - name = "SSL_set0_security_ex_data" - or - name = "SSL_set0_tmp_dh_pkey" - or - name = "SSL_set0_verify_cert_store" - or - name = "SSL_set0_wbio" - or - name = "SSL_set1_cert_comp_preference" - or - name = "SSL_set1_chain" - or - name = "SSL_set1_chain_cert_store" - or - name = "SSL_set1_client_cert_type" - or - name = "SSL_set1_client_sigalgs" - or - name = "SSL_set1_client_sigalgs_list" - or - name = "SSL_set1_compressed_cert" - or - name = "SSL_set1_curves" - or - name = "SSL_set1_curves_list" - or - name = "SSL_set1_groups" - or - name = "SSL_set1_groups_list" - or - name = "SSL_set1_host" - or - name = "SSL_set1_param" - or - name = "SSL_set1_server_cert_type" - or - name = "SSL_set1_sigalgs" - or - name = "SSL_set1_sigalgs_list" - or - name = "SSL_set1_verify_cert_store" - or - name = "SSL_set_accept_state" - or - name = "SSL_set_allow_early_data_cb" - or - name = "SSL_set_alpn_protos" - or - name = "SSL_set_app_data" - or - name = "SSL_set_async_callback" - or - name = "SSL_set_async_callback_arg" - or - name = "SSL_set_bio" - or - name = "SSL_set_block_padding" - or - name = "SSL_set_blocking_mode" - or - name = "SSL_set_cert_cb" - or - name = "SSL_set_cipher_list" - or - name = "SSL_set_ciphersuites" - or - name = "SSL_set_client_CA_list" - or - name = "SSL_set_connect_state" - or - name = "SSL_set_ct_validation_callback" - or - name = "SSL_set_current_cert" - or - name = "SSL_set_default_passwd_cb" - or - name = "SSL_set_default_passwd_cb_userdata" - or - name = "SSL_set_default_read_buffer_len" - or - name = "SSL_set_dh_auto" - or - name = "SSL_set_ecdh_auto" - or - name = "SSL_set_ex_data" - or - name = "SSL_set_fd" - or - name = "SSL_set_generate_session_id" - or - name = "SSL_set_hostflags" - or - name = "SSL_set_info_callback" - or - name = "SSL_set_initial_peer_addr" - or - name = "SSL_set_max_cert_list" - or - name = "SSL_set_max_early_data" - or - name = "SSL_set_max_pipelines" - or - name = "SSL_set_max_proto_version" - or - name = "SSL_set_max_send_fragment" - or - name = "SSL_set_min_proto_version" - or - name = "SSL_set_mode" - or - name = "SSL_set_msg_callback" - or - name = "SSL_set_msg_callback_arg" - or - name = "SSL_set_num_tickets" - or - name = "SSL_set_options" - or - name = "SSL_set_post_handshake_auth" - or - name = "SSL_set_psk_client_callback" - or - name = "SSL_set_psk_find_session_callback" - or - name = "SSL_set_psk_server_callback" - or - name = "SSL_set_psk_use_session_callback" - or - name = "SSL_set_purpose" - or - name = "SSL_set_quiet_shutdown" - or - name = "SSL_set_read_ahead" - or - name = "SSL_set_record_padding_callback" - or - name = "SSL_set_record_padding_callback_arg" - or - name = "SSL_set_recv_max_early_data" - or - name = "SSL_set_retry_verify" - or - name = "SSL_set_rfd" - or - name = "SSL_set_security_callback" - or - name = "SSL_set_security_level" - or - name = "SSL_set_session" - or - name = "SSL_set_session_id_context" - or - name = "SSL_set_shutdown" - or - name = "SSL_set_split_send_fragment" - or - name = "SSL_set_srp_server_param" - or - name = "SSL_set_srp_server_param_pw" - or - name = "SSL_set_ssl_method" - or - name = "SSL_set_time" - or - name = "SSL_set_timeout" - or - name = "SSL_set_tlsext_host_name" - or - name = "SSL_set_tlsext_max_fragment_length" - or - name = "SSL_set_tlsext_status_ocsp_resp" - or - name = "SSL_set_tlsext_status_type" - or - name = "SSL_set_tlsext_use_srtp" - or - name = "SSL_set_tmp_dh" - or - name = "SSL_set_tmp_dh_callback" - or - name = "SSL_set_tmp_ecdh" - or - name = "SSL_set_tmp_rsa" - or - name = "SSL_set_tmp_rsa_callback" - or - name = "SSL_set_trust" - or - name = "SSL_set_verify" - or - name = "SSL_set_verify_depth" - or - name = "SSL_set_verify_result" - or - name = "SSL_set_wfd" - or - name = "SSL_shutdown" - or - name = "SSL_shutdown_ex" - or - name = "SSL_state_string" - or - name = "SSL_state_string_long" - or - name = "SSL_stateless" - or - name = "SSL_stream_conclude" - or - name = "SSL_tick" - or - name = "SSL_up_ref" - or - name = "SSL_use_PrivateKey" - or - name = "SSL_use_PrivateKey_ASN1" - or - name = "SSL_use_PrivateKey_file" - or - name = "SSL_use_RSAPrivateKey" - or - name = "SSL_use_RSAPrivateKey_ASN1" - or - name = "SSL_use_RSAPrivateKey_file" - or - name = "SSL_use_cert_and_key" - or - name = "SSL_use_certificate" - or - name = "SSL_use_certificate_ASN1" - or - name = "SSL_use_certificate_chain_file" - or - name = "SSL_use_certificate_file" - or - name = "SSL_use_psk_identity_hint" - or - name = "SSL_verify_cb" - or - name = "SSL_verify_client_post_handshake" - or - name = "SSL_version" - or - name = "SSL_waiting_for_async" - or - name = "SSL_want" - or - name = "SSL_want_async" - or - name = "SSL_want_async_job" - or - name = "SSL_want_client_hello_cb" - or - name = "SSL_want_nothing" - or - name = "SSL_want_read" - or - name = "SSL_want_retry_verify" - or - name = "SSL_want_write" - or - name = "SSL_want_x509_lookup" - or - name = "SSL_write" - or - name = "SSL_write_early_data" - or - name = "SSL_write_ex" - or - name = "SSLeay" - or - name = "SSLeay_add_ssl_algorithms" - or - name = "SSLeay_version" - or - name = "SSLv23_client_method" - or - name = "SSLv23_method" - or - name = "SSLv23_server_method" - or - name = "SSLv2_client_method" - or - name = "SSLv2_method" - or - name = "SSLv2_server_method" - or - name = "SSLv3_client_method" - or - name = "SSLv3_method" - or - name = "SSLv3_server_method" - or - name = "SXNETID_free" - or - name = "SXNETID_new" - or - name = "SXNET_free" - or - name = "SXNET_new" - or - name = "TLS_FEATURE_free" - or - name = "TLS_FEATURE_new" - or - name = "TLS_client_method" - or - name = "TLS_method" - or - name = "TLS_server_method" - or - name = "TLSv1_1_client_method" - or - name = "TLSv1_1_method" - or - name = "TLSv1_1_server_method" - or - name = "TLSv1_2_client_method" - or - name = "TLSv1_2_method" - or - name = "TLSv1_2_server_method" - or - name = "TLSv1_client_method" - or - name = "TLSv1_method" - or - name = "TLSv1_server_method" - or - name = "TS_ACCURACY_dup" - or - name = "TS_ACCURACY_free" - or - name = "TS_ACCURACY_new" - or - name = "TS_MSG_IMPRINT_dup" - or - name = "TS_MSG_IMPRINT_free" - or - name = "TS_MSG_IMPRINT_new" - or - name = "TS_REQ_dup" - or - name = "TS_REQ_free" - or - name = "TS_REQ_new" - or - name = "TS_RESP_CTX_free" - or - name = "TS_RESP_CTX_new" - or - name = "TS_RESP_CTX_new_ex" - or - name = "TS_RESP_dup" - or - name = "TS_RESP_free" - or - name = "TS_RESP_new" - or - name = "TS_STATUS_INFO_dup" - or - name = "TS_STATUS_INFO_free" - or - name = "TS_STATUS_INFO_new" - or - name = "TS_TST_INFO_dup" - or - name = "TS_TST_INFO_free" - or - name = "TS_TST_INFO_new" - or - name = "TS_VERIFY_CTS_set_certs" - or - name = "TS_VERIFY_CTX_set_certs" - or - name = "UI" - or - name = "UI_METHOD" - or - name = "UI_OpenSSL" - or - name = "UI_STRING" - or - name = "UI_UTIL_read_pw" - or - name = "UI_UTIL_read_pw_string" - or - name = "UI_UTIL_wrap_read_pem_callback" - or - name = "UI_add_error_string" - or - name = "UI_add_info_string" - or - name = "UI_add_input_boolean" - or - name = "UI_add_input_string" - or - name = "UI_add_user_data" - or - name = "UI_add_verify_string" - or - name = "UI_construct_prompt" - or - name = "UI_create_method" - or - name = "UI_ctrl" - or - name = "UI_destroy_method" - or - name = "UI_dup_error_string" - or - name = "UI_dup_info_string" - or - name = "UI_dup_input_boolean" - or - name = "UI_dup_input_string" - or - name = "UI_dup_user_data" - or - name = "UI_dup_verify_string" - or - name = "UI_free" - or - name = "UI_get0_action_string" - or - name = "UI_get0_output_string" - or - name = "UI_get0_result" - or - name = "UI_get0_result_string" - or - name = "UI_get0_test_string" - or - name = "UI_get0_user_data" - or - name = "UI_get_app_data" - or - name = "UI_get_default_method" - or - name = "UI_get_ex_data" - or - name = "UI_get_ex_new_index" - or - name = "UI_get_input_flags" - or - name = "UI_get_method" - or - name = "UI_get_result_length" - or - name = "UI_get_result_maxsize" - or - name = "UI_get_result_minsize" - or - name = "UI_get_result_string_length" - or - name = "UI_get_string_type" - or - name = "UI_method_get_closer" - or - name = "UI_method_get_data_destructor" - or - name = "UI_method_get_data_duplicator" - or - name = "UI_method_get_ex_data" - or - name = "UI_method_get_flusher" - or - name = "UI_method_get_opener" - or - name = "UI_method_get_prompt_constructor" - or - name = "UI_method_get_reader" - or - name = "UI_method_get_writer" - or - name = "UI_method_set_closer" - or - name = "UI_method_set_data_duplicator" - or - name = "UI_method_set_ex_data" - or - name = "UI_method_set_flusher" - or - name = "UI_method_set_opener" - or - name = "UI_method_set_prompt_constructor" - or - name = "UI_method_set_reader" - or - name = "UI_method_set_writer" - or - name = "UI_new" - or - name = "UI_new_method" - or - name = "UI_null" - or - name = "UI_process" - or - name = "UI_set_app_data" - or - name = "UI_set_default_method" - or - name = "UI_set_ex_data" - or - name = "UI_set_method" - or - name = "UI_set_result" - or - name = "UI_set_result_ex" - or - name = "UI_string_types" - or - name = "USERNOTICE_free" - or - name = "USERNOTICE_new" - or - name = "X509V3_EXT_d2i" - or - name = "X509V3_EXT_i2d" - or - name = "X509V3_add1_i2d" - or - name = "X509V3_get_d2i" - or - name = "X509V3_set_ctx" - or - name = "X509V3_set_issuer_pkey" - or - name = "X509_ALGOR_cmp" - or - name = "X509_ALGOR_copy" - or - name = "X509_ALGOR_dup" - or - name = "X509_ALGOR_free" - or - name = "X509_ALGOR_get0" - or - name = "X509_ALGOR_it" - or - name = "X509_ALGOR_new" - or - name = "X509_ALGOR_set0" - or - name = "X509_ALGOR_set_md" - or - name = "X509_ATTRIBUTE_dup" - or - name = "X509_ATTRIBUTE_free" - or - name = "X509_ATTRIBUTE_new" - or - name = "X509_CERT_AUX_free" - or - name = "X509_CERT_AUX_new" - or - name = "X509_CINF_free" - or - name = "X509_CINF_new" - or - name = "X509_CRL_INFO_free" - or - name = "X509_CRL_INFO_new" - or - name = "X509_CRL_add0_revoked" - or - name = "X509_CRL_add1_ext_i2d" - or - name = "X509_CRL_add_ext" - or - name = "X509_CRL_cmp" - or - name = "X509_CRL_delete_ext" - or - name = "X509_CRL_digest" - or - name = "X509_CRL_dup" - or - name = "X509_CRL_free" - or - name = "X509_CRL_get0_by_cert" - or - name = "X509_CRL_get0_by_serial" - or - name = "X509_CRL_get0_extensions" - or - name = "X509_CRL_get0_lastUpdate" - or - name = "X509_CRL_get0_nextUpdate" - or - name = "X509_CRL_get0_signature" - or - name = "X509_CRL_get_REVOKED" - or - name = "X509_CRL_get_ext" - or - name = "X509_CRL_get_ext_by_NID" - or - name = "X509_CRL_get_ext_by_OBJ" - or - name = "X509_CRL_get_ext_by_critical" - or - name = "X509_CRL_get_ext_count" - or - name = "X509_CRL_get_ext_d2i" - or - name = "X509_CRL_get_issuer" - or - name = "X509_CRL_get_signature_nid" - or - name = "X509_CRL_get_version" - or - name = "X509_CRL_http_nbio" - or - name = "X509_CRL_load_http" - or - name = "X509_CRL_match" - or - name = "X509_CRL_new" - or - name = "X509_CRL_new_ex" - or - name = "X509_CRL_set1_lastUpdate" - or - name = "X509_CRL_set1_nextUpdate" - or - name = "X509_CRL_set_issuer_name" - or - name = "X509_CRL_set_version" - or - name = "X509_CRL_sign" - or - name = "X509_CRL_sign_ctx" - or - name = "X509_CRL_sort" - or - name = "X509_CRL_verify" - or - name = "X509_EXTENSION_create_by_NID" - or - name = "X509_EXTENSION_create_by_OBJ" - or - name = "X509_EXTENSION_dup" - or - name = "X509_EXTENSION_free" - or - name = "X509_EXTENSION_get_critical" - or - name = "X509_EXTENSION_get_data" - or - name = "X509_EXTENSION_get_object" - or - name = "X509_EXTENSION_new" - or - name = "X509_EXTENSION_set_critical" - or - name = "X509_EXTENSION_set_data" - or - name = "X509_EXTENSION_set_object" - or - name = "X509_LOOKUP" - or - name = "X509_LOOKUP_METHOD" - or - name = "X509_LOOKUP_TYPE" - or - name = "X509_LOOKUP_add_dir" - or - name = "X509_LOOKUP_add_store" - or - name = "X509_LOOKUP_add_store_ex" - or - name = "X509_LOOKUP_by_alias" - or - name = "X509_LOOKUP_by_fingerprint" - or - name = "X509_LOOKUP_by_issuer_serial" - or - name = "X509_LOOKUP_by_subject" - or - name = "X509_LOOKUP_by_subject_ex" - or - name = "X509_LOOKUP_ctrl" - or - name = "X509_LOOKUP_ctrl_ex" - or - name = "X509_LOOKUP_ctrl_fn" - or - name = "X509_LOOKUP_file" - or - name = "X509_LOOKUP_free" - or - name = "X509_LOOKUP_get_by_alias_fn" - or - name = "X509_LOOKUP_get_by_fingerprint_fn" - or - name = "X509_LOOKUP_get_by_issuer_serial_fn" - or - name = "X509_LOOKUP_get_by_subject_fn" - or - name = "X509_LOOKUP_get_method_data" - or - name = "X509_LOOKUP_get_store" - or - name = "X509_LOOKUP_hash_dir" - or - name = "X509_LOOKUP_init" - or - name = "X509_LOOKUP_load_file" - or - name = "X509_LOOKUP_load_file_ex" - or - name = "X509_LOOKUP_load_store" - or - name = "X509_LOOKUP_load_store_ex" - or - name = "X509_LOOKUP_meth_free" - or - name = "X509_LOOKUP_meth_get_ctrl" - or - name = "X509_LOOKUP_meth_get_free" - or - name = "X509_LOOKUP_meth_get_get_by_alias" - or - name = "X509_LOOKUP_meth_get_get_by_fingerprint" - or - name = "X509_LOOKUP_meth_get_get_by_issuer_serial" - or - name = "X509_LOOKUP_meth_get_get_by_subject" - or - name = "X509_LOOKUP_meth_get_init" - or - name = "X509_LOOKUP_meth_get_new_item" - or - name = "X509_LOOKUP_meth_get_shutdown" - or - name = "X509_LOOKUP_meth_new" - or - name = "X509_LOOKUP_meth_set_ctrl" - or - name = "X509_LOOKUP_meth_set_free" - or - name = "X509_LOOKUP_meth_set_get_by_alias" - or - name = "X509_LOOKUP_meth_set_get_by_fingerprint" - or - name = "X509_LOOKUP_meth_set_get_by_issuer_serial" - or - name = "X509_LOOKUP_meth_set_get_by_subject" - or - name = "X509_LOOKUP_meth_set_init" - or - name = "X509_LOOKUP_meth_set_new_item" - or - name = "X509_LOOKUP_meth_set_shutdown" - or - name = "X509_LOOKUP_new" - or - name = "X509_LOOKUP_set_method_data" - or - name = "X509_LOOKUP_shutdown" - or - name = "X509_LOOKUP_store" - or - name = "X509_NAME_ENTRY_create_by_NID" - or - name = "X509_NAME_ENTRY_create_by_OBJ" - or - name = "X509_NAME_ENTRY_create_by_txt" - or - name = "X509_NAME_ENTRY_dup" - or - name = "X509_NAME_ENTRY_free" - or - name = "X509_NAME_ENTRY_get_data" - or - name = "X509_NAME_ENTRY_get_object" - or - name = "X509_NAME_ENTRY_new" - or - name = "X509_NAME_ENTRY_set_data" - or - name = "X509_NAME_ENTRY_set_object" - or - name = "X509_NAME_add_entry" - or - name = "X509_NAME_add_entry_by_NID" - or - name = "X509_NAME_add_entry_by_OBJ" - or - name = "X509_NAME_add_entry_by_txt" - or - name = "X509_NAME_cmp" - or - name = "X509_NAME_delete_entry" - or - name = "X509_NAME_digest" - or - name = "X509_NAME_dup" - or - name = "X509_NAME_entry_count" - or - name = "X509_NAME_free" - or - name = "X509_NAME_get0_der" - or - name = "X509_NAME_get_entry" - or - name = "X509_NAME_get_index_by_NID" - or - name = "X509_NAME_get_index_by_OBJ" - or - name = "X509_NAME_get_text_by_NID" - or - name = "X509_NAME_get_text_by_OBJ" - or - name = "X509_NAME_hash" - or - name = "X509_NAME_hash_ex" - or - name = "X509_NAME_new" - or - name = "X509_NAME_oneline" - or - name = "X509_NAME_print" - or - name = "X509_NAME_print_ex" - or - name = "X509_NAME_print_ex_fp" - or - name = "X509_OBJECT_set1_X509" - or - name = "X509_OBJECT_set1_X509_CRL" - or - name = "X509_PUBKEY_dup" - or - name = "X509_PUBKEY_eq" - or - name = "X509_PUBKEY_free" - or - name = "X509_PUBKEY_get" - or - name = "X509_PUBKEY_get0" - or - name = "X509_PUBKEY_get0_param" - or - name = "X509_PUBKEY_new" - or - name = "X509_PUBKEY_new_ex" - or - name = "X509_PUBKEY_set" - or - name = "X509_PUBKEY_set0_param" - or - name = "X509_PUBKEY_set0_public_key" - or - name = "X509_REQ_INFO_free" - or - name = "X509_REQ_INFO_new" - or - name = "X509_REQ_add_extensions" - or - name = "X509_REQ_add_extensions_nid" - or - name = "X509_REQ_check_private_key" - or - name = "X509_REQ_digest" - or - name = "X509_REQ_dup" - or - name = "X509_REQ_free" - or - name = "X509_REQ_get0_distinguishing_id" - or - name = "X509_REQ_get0_pubkey" - or - name = "X509_REQ_get0_signature" - or - name = "X509_REQ_get_X509_PUBKEY" - or - name = "X509_REQ_get_extensions" - or - name = "X509_REQ_get_pubkey" - or - name = "X509_REQ_get_signature_nid" - or - name = "X509_REQ_get_subject_name" - or - name = "X509_REQ_get_version" - or - name = "X509_REQ_new" - or - name = "X509_REQ_new_ex" - or - name = "X509_REQ_set0_distinguishing_id" - or - name = "X509_REQ_set0_signature" - or - name = "X509_REQ_set1_signature_algo" - or - name = "X509_REQ_set_pubkey" - or - name = "X509_REQ_set_subject_name" - or - name = "X509_REQ_set_version" - or - name = "X509_REQ_sign" - or - name = "X509_REQ_sign_ctx" - or - name = "X509_REQ_verify" - or - name = "X509_REQ_verify_ex" - or - name = "X509_REVOKED_add1_ext_i2d" - or - name = "X509_REVOKED_add_ext" - or - name = "X509_REVOKED_delete_ext" - or - name = "X509_REVOKED_dup" - or - name = "X509_REVOKED_free" - or - name = "X509_REVOKED_get0_extensions" - or - name = "X509_REVOKED_get0_revocationDate" - or - name = "X509_REVOKED_get0_serialNumber" - or - name = "X509_REVOKED_get_ext" - or - name = "X509_REVOKED_get_ext_by_NID" - or - name = "X509_REVOKED_get_ext_by_OBJ" - or - name = "X509_REVOKED_get_ext_by_critical" - or - name = "X509_REVOKED_get_ext_count" - or - name = "X509_REVOKED_get_ext_d2i" - or - name = "X509_REVOKED_new" - or - name = "X509_REVOKED_set_revocationDate" - or - name = "X509_REVOKED_set_serialNumber" - or - name = "X509_SIG_INFO_get" - or - name = "X509_SIG_INFO_set" - or - name = "X509_SIG_free" - or - name = "X509_SIG_get0" - or - name = "X509_SIG_getm" - or - name = "X509_SIG_new" - or - name = "X509_STORE" - or - name = "X509_STORE_CTX_cert_crl_fn" - or - name = "X509_STORE_CTX_check_crl_fn" - or - name = "X509_STORE_CTX_check_issued_fn" - or - name = "X509_STORE_CTX_check_policy_fn" - or - name = "X509_STORE_CTX_check_revocation_fn" - or - name = "X509_STORE_CTX_cleanup" - or - name = "X509_STORE_CTX_cleanup_fn" - or - name = "X509_STORE_CTX_free" - or - name = "X509_STORE_CTX_get0_cert" - or - name = "X509_STORE_CTX_get0_chain" - or - name = "X509_STORE_CTX_get0_param" - or - name = "X509_STORE_CTX_get0_rpk" - or - name = "X509_STORE_CTX_get0_untrusted" - or - name = "X509_STORE_CTX_get1_chain" - or - name = "X509_STORE_CTX_get1_issuer" - or - name = "X509_STORE_CTX_get_app_data" - or - name = "X509_STORE_CTX_get_by_subject" - or - name = "X509_STORE_CTX_get_cert_crl" - or - name = "X509_STORE_CTX_get_check_crl" - or - name = "X509_STORE_CTX_get_check_issued" - or - name = "X509_STORE_CTX_get_check_policy" - or - name = "X509_STORE_CTX_get_check_revocation" - or - name = "X509_STORE_CTX_get_cleanup" - or - name = "X509_STORE_CTX_get_crl_fn" - or - name = "X509_STORE_CTX_get_current_cert" - or - name = "X509_STORE_CTX_get_error" - or - name = "X509_STORE_CTX_get_error_depth" - or - name = "X509_STORE_CTX_get_ex_data" - or - name = "X509_STORE_CTX_get_ex_new_index" - or - name = "X509_STORE_CTX_get_get_crl" - or - name = "X509_STORE_CTX_get_get_issuer" - or - name = "X509_STORE_CTX_get_issuer_fn" - or - name = "X509_STORE_CTX_get_lookup_certs" - or - name = "X509_STORE_CTX_get_lookup_crls" - or - name = "X509_STORE_CTX_get_num_untrusted" - or - name = "X509_STORE_CTX_get_obj_by_subject" - or - name = "X509_STORE_CTX_get_verify" - or - name = "X509_STORE_CTX_get_verify_cb" - or - name = "X509_STORE_CTX_init" - or - name = "X509_STORE_CTX_init_rpk" - or - name = "X509_STORE_CTX_lookup_certs_fn" - or - name = "X509_STORE_CTX_lookup_crls_fn" - or - name = "X509_STORE_CTX_new" - or - name = "X509_STORE_CTX_new_ex" - or - name = "X509_STORE_CTX_print_verify_cb" - or - name = "X509_STORE_CTX_purpose_inherit" - or - name = "X509_STORE_CTX_set0_crls" - or - name = "X509_STORE_CTX_set0_param" - or - name = "X509_STORE_CTX_set0_rpk" - or - name = "X509_STORE_CTX_set0_trusted_stack" - or - name = "X509_STORE_CTX_set0_untrusted" - or - name = "X509_STORE_CTX_set0_verified_chain" - or - name = "X509_STORE_CTX_set_app_data" - or - name = "X509_STORE_CTX_set_cert" - or - name = "X509_STORE_CTX_set_chain" - or - name = "X509_STORE_CTX_set_current_cert" - or - name = "X509_STORE_CTX_set_default" - or - name = "X509_STORE_CTX_set_error" - or - name = "X509_STORE_CTX_set_error_depth" - or - name = "X509_STORE_CTX_set_ex_data" - or - name = "X509_STORE_CTX_set_purpose" - or - name = "X509_STORE_CTX_set_trust" - or - name = "X509_STORE_CTX_set_verify" - or - name = "X509_STORE_CTX_set_verify_cb" - or - name = "X509_STORE_CTX_trusted_stack" - or - name = "X509_STORE_CTX_verify" - or - name = "X509_STORE_CTX_verify_cb" - or - name = "X509_STORE_CTX_verify_fn" - or - name = "X509_STORE_add_cert" - or - name = "X509_STORE_add_crl" - or - name = "X509_STORE_add_lookup" - or - name = "X509_STORE_free" - or - name = "X509_STORE_get0_objects" - or - name = "X509_STORE_get0_param" - or - name = "X509_STORE_get1_all_certs" - or - name = "X509_STORE_get_cert_crl" - or - name = "X509_STORE_get_check_crl" - or - name = "X509_STORE_get_check_issued" - or - name = "X509_STORE_get_check_policy" - or - name = "X509_STORE_get_check_revocation" - or - name = "X509_STORE_get_cleanup" - or - name = "X509_STORE_get_ex_data" - or - name = "X509_STORE_get_ex_new_index" - or - name = "X509_STORE_get_get_crl" - or - name = "X509_STORE_get_get_issuer" - or - name = "X509_STORE_get_lookup_certs" - or - name = "X509_STORE_get_lookup_crls" - or - name = "X509_STORE_get_verify_cb" - or - name = "X509_STORE_load_file" - or - name = "X509_STORE_load_file_ex" - or - name = "X509_STORE_load_locations" - or - name = "X509_STORE_load_locations_ex" - or - name = "X509_STORE_load_path" - or - name = "X509_STORE_load_store" - or - name = "X509_STORE_load_store_ex" - or - name = "X509_STORE_lock" - or - name = "X509_STORE_new" - or - name = "X509_STORE_set1_param" - or - name = "X509_STORE_set_cert_crl" - or - name = "X509_STORE_set_check_crl" - or - name = "X509_STORE_set_check_issued" - or - name = "X509_STORE_set_check_policy" - or - name = "X509_STORE_set_check_revocation" - or - name = "X509_STORE_set_cleanup" - or - name = "X509_STORE_set_default_paths" - or - name = "X509_STORE_set_default_paths_ex" - or - name = "X509_STORE_set_depth" - or - name = "X509_STORE_set_ex_data" - or - name = "X509_STORE_set_flags" - or - name = "X509_STORE_set_get_crl" - or - name = "X509_STORE_set_get_issuer" - or - name = "X509_STORE_set_lookup_certs" - or - name = "X509_STORE_set_lookup_crls" - or - name = "X509_STORE_set_lookup_crls_cb" - or - name = "X509_STORE_set_purpose" - or - name = "X509_STORE_set_trust" - or - name = "X509_STORE_set_verify" - or - name = "X509_STORE_set_verify_cb" - or - name = "X509_STORE_set_verify_cb_func" - or - name = "X509_STORE_set_verify_func" - or - name = "X509_STORE_unlock" - or - name = "X509_STORE_up_ref" - or - name = "X509_VAL_free" - or - name = "X509_VAL_new" - or - name = "X509_VERIFY_PARAM_add0_policy" - or - name = "X509_VERIFY_PARAM_add1_host" - or - name = "X509_VERIFY_PARAM_clear_flags" - or - name = "X509_VERIFY_PARAM_get0_email" - or - name = "X509_VERIFY_PARAM_get0_host" - or - name = "X509_VERIFY_PARAM_get0_peername" - or - name = "X509_VERIFY_PARAM_get1_ip_asc" - or - name = "X509_VERIFY_PARAM_get_auth_level" - or - name = "X509_VERIFY_PARAM_get_depth" - or - name = "X509_VERIFY_PARAM_get_flags" - or - name = "X509_VERIFY_PARAM_get_hostflags" - or - name = "X509_VERIFY_PARAM_get_inh_flags" - or - name = "X509_VERIFY_PARAM_get_time" - or - name = "X509_VERIFY_PARAM_set1_email" - or - name = "X509_VERIFY_PARAM_set1_host" - or - name = "X509_VERIFY_PARAM_set1_ip" - or - name = "X509_VERIFY_PARAM_set1_ip_asc" - or - name = "X509_VERIFY_PARAM_set1_policies" - or - name = "X509_VERIFY_PARAM_set_auth_level" - or - name = "X509_VERIFY_PARAM_set_depth" - or - name = "X509_VERIFY_PARAM_set_flags" - or - name = "X509_VERIFY_PARAM_set_hostflags" - or - name = "X509_VERIFY_PARAM_set_inh_flags" - or - name = "X509_VERIFY_PARAM_set_purpose" - or - name = "X509_VERIFY_PARAM_set_time" - or - name = "X509_VERIFY_PARAM_set_trust" - or - name = "X509_add1_ext_i2d" - or - name = "X509_add_cert" - or - name = "X509_add_certs" - or - name = "X509_add_ext" - or - name = "X509_build_chain" - or - name = "X509_chain_up_ref" - or - name = "X509_check_ca" - or - name = "X509_check_email" - or - name = "X509_check_host" - or - name = "X509_check_ip" - or - name = "X509_check_ip_asc" - or - name = "X509_check_issued" - or - name = "X509_check_private_key" - or - name = "X509_check_purpose" - or - name = "X509_cmp" - or - name = "X509_cmp_current_time" - or - name = "X509_cmp_time" - or - name = "X509_cmp_timeframe" - or - name = "X509_delete_ext" - or - name = "X509_digest" - or - name = "X509_digest_sig" - or - name = "X509_dup" - or - name = "X509_free" - or - name = "X509_get0_authority_issuer" - or - name = "X509_get0_authority_key_id" - or - name = "X509_get0_authority_serial" - or - name = "X509_get0_distinguishing_id" - or - name = "X509_get0_extensions" - or - name = "X509_get0_notAfter" - or - name = "X509_get0_notBefore" - or - name = "X509_get0_pubkey" - or - name = "X509_get0_serialNumber" - or - name = "X509_get0_signature" - or - name = "X509_get0_subject_key_id" - or - name = "X509_get0_tbs_sigalg" - or - name = "X509_get0_uids" - or - name = "X509_get_X509_PUBKEY" - or - name = "X509_get_default_cert_dir" - or - name = "X509_get_default_cert_dir_env" - or - name = "X509_get_default_cert_file" - or - name = "X509_get_default_cert_file_env" - or - name = "X509_get_default_cert_path_env" - or - name = "X509_get_default_cert_uri" - or - name = "X509_get_default_cert_uri_env" - or - name = "X509_get_ex_data" - or - name = "X509_get_ex_new_index" - or - name = "X509_get_ext" - or - name = "X509_get_ext_by_NID" - or - name = "X509_get_ext_by_OBJ" - or - name = "X509_get_ext_by_critical" - or - name = "X509_get_ext_count" - or - name = "X509_get_ext_d2i" - or - name = "X509_get_extended_key_usage" - or - name = "X509_get_extension_flags" - or - name = "X509_get_issuer_name" - or - name = "X509_get_key_usage" - or - name = "X509_get_pathlen" - or - name = "X509_get_proxy_pathlen" - or - name = "X509_get_pubkey" - or - name = "X509_get_serialNumber" - or - name = "X509_get_signature_info" - or - name = "X509_get_signature_nid" - or - name = "X509_get_subject_name" - or - name = "X509_get_version" - or - name = "X509_getm_notAfter" - or - name = "X509_getm_notBefore" - or - name = "X509_gmtime_adj" - or - name = "X509_http_nbio" - or - name = "X509_issuer_and_serial_cmp" - or - name = "X509_issuer_name_cmp" - or - name = "X509_issuer_name_hash" - or - name = "X509_load_cert_crl_file" - or - name = "X509_load_cert_crl_file_ex" - or - name = "X509_load_cert_file" - or - name = "X509_load_cert_file_ex" - or - name = "X509_load_crl_file" - or - name = "X509_load_http" - or - name = "X509_new" - or - name = "X509_new_ex" - or - name = "X509_pubkey_digest" - or - name = "X509_self_signed" - or - name = "X509_set0_distinguishing_id" - or - name = "X509_set1_notAfter" - or - name = "X509_set1_notBefore" - or - name = "X509_set_ex_data" - or - name = "X509_set_issuer_name" - or - name = "X509_set_proxy_flag" - or - name = "X509_set_proxy_pathlen" - or - name = "X509_set_pubkey" - or - name = "X509_set_serialNumber" - or - name = "X509_set_subject_name" - or - name = "X509_set_version" - or - name = "X509_sign" - or - name = "X509_sign_ctx" - or - name = "X509_subject_name_cmp" - or - name = "X509_subject_name_hash" - or - name = "X509_time_adj" - or - name = "X509_time_adj_ex" - or - name = "X509_up_ref" - or - name = "X509_verify" - or - name = "X509_verify_cert" - or - name = "X509_verify_cert_error_string" - or - name = "X509v3_add_ext" - or - name = "X509v3_delete_ext" - or - name = "X509v3_get_ext" - or - name = "X509v3_get_ext_by_NID" - or - name = "X509v3_get_ext_by_OBJ" - or - name = "X509v3_get_ext_by_critical" - or - name = "X509v3_get_ext_count" - or - name = "b2i_PVK_bio" - or - name = "b2i_PVK_bio_ex" - or - name = "bio" - or - name = "blowfish" - or - name = "bn" - or - name = "bn_add_words" - or - name = "bn_check_top" - or - name = "bn_cmp_words" - or - name = "bn_div_words" - or - name = "bn_dump" - or - name = "bn_expand" - or - name = "bn_expand2" - or - name = "bn_fix_top" - or - name = "bn_internal" - or - name = "bn_mul_add_words" - or - name = "bn_mul_comba4" - or - name = "bn_mul_comba8" - or - name = "bn_mul_high" - or - name = "bn_mul_low_normal" - or - name = "bn_mul_low_recursive" - or - name = "bn_mul_normal" - or - name = "bn_mul_part_recursive" - or - name = "bn_mul_recursive" - or - name = "bn_mul_words" - or - name = "bn_print" - or - name = "bn_set_high" - or - name = "bn_set_low" - or - name = "bn_set_max" - or - name = "bn_sqr_comba4" - or - name = "bn_sqr_comba8" - or - name = "bn_sqr_normal" - or - name = "bn_sqr_recursive" - or - name = "bn_sqr_words" - or - name = "bn_sub_words" - or - name = "bn_wexpand" - or - name = "buffer" - or - name = "crypto" - or - name = "custom_ext_add_cb" - or - name = "custom_ext_free_cb" - or - name = "custom_ext_parse_cb" - or - name = "d2i_ACCESS_DESCRIPTION" - or - name = "d2i_ADMISSIONS" - or - name = "d2i_ADMISSION_SYNTAX" - or - name = "d2i_ASIdOrRange" - or - name = "d2i_ASIdentifierChoice" - or - name = "d2i_ASIdentifiers" - or - name = "d2i_ASN1_BIT_STRING" - or - name = "d2i_ASN1_BMPSTRING" - or - name = "d2i_ASN1_ENUMERATED" - or - name = "d2i_ASN1_GENERALIZEDTIME" - or - name = "d2i_ASN1_GENERALSTRING" - or - name = "d2i_ASN1_IA5STRING" - or - name = "d2i_ASN1_INTEGER" - or - name = "d2i_ASN1_NULL" - or - name = "d2i_ASN1_OBJECT" - or - name = "d2i_ASN1_OCTET_STRING" - or - name = "d2i_ASN1_PRINTABLE" - or - name = "d2i_ASN1_PRINTABLESTRING" - or - name = "d2i_ASN1_SEQUENCE_ANY" - or - name = "d2i_ASN1_SET_ANY" - or - name = "d2i_ASN1_T61STRING" - or - name = "d2i_ASN1_TIME" - or - name = "d2i_ASN1_TYPE" - or - name = "d2i_ASN1_UINTEGER" - or - name = "d2i_ASN1_UNIVERSALSTRING" - or - name = "d2i_ASN1_UTCTIME" - or - name = "d2i_ASN1_UTF8STRING" - or - name = "d2i_ASN1_VISIBLESTRING" - or - name = "d2i_ASRange" - or - name = "d2i_AUTHORITY_INFO_ACCESS" - or - name = "d2i_AUTHORITY_KEYID" - or - name = "d2i_AutoPrivateKey" - or - name = "d2i_AutoPrivateKey_ex" - or - name = "d2i_BASIC_CONSTRAINTS" - or - name = "d2i_CERTIFICATEPOLICIES" - or - name = "d2i_CMS_ContentInfo" - or - name = "d2i_CMS_ReceiptRequest" - or - name = "d2i_CMS_bio" - or - name = "d2i_CRL_DIST_POINTS" - or - name = "d2i_DHparams" - or - name = "d2i_DHparams_bio" - or - name = "d2i_DHparams_fp" - or - name = "d2i_DHxparams" - or - name = "d2i_DIRECTORYSTRING" - or - name = "d2i_DISPLAYTEXT" - or - name = "d2i_DIST_POINT" - or - name = "d2i_DIST_POINT_NAME" - or - name = "d2i_DSAPrivateKey" - or - name = "d2i_DSAPrivateKey_bio" - or - name = "d2i_DSAPrivateKey_fp" - or - name = "d2i_DSAPublicKey" - or - name = "d2i_DSA_PUBKEY" - or - name = "d2i_DSA_PUBKEY_bio" - or - name = "d2i_DSA_PUBKEY_fp" - or - name = "d2i_DSA_SIG" - or - name = "d2i_DSAparams" - or - name = "d2i_ECDSA_SIG" - or - name = "d2i_ECPKParameters" - or - name = "d2i_ECPKParameters_bio" - or - name = "d2i_ECPKParameters_fp" - or - name = "d2i_ECParameters" - or - name = "d2i_ECPrivateKey" - or - name = "d2i_ECPrivateKey_bio" - or - name = "d2i_ECPrivateKey_fp" - or - name = "d2i_ECPrivate_key" - or - name = "d2i_EC_PUBKEY" - or - name = "d2i_EC_PUBKEY_bio" - or - name = "d2i_EC_PUBKEY_fp" - or - name = "d2i_EDIPARTYNAME" - or - name = "d2i_ESS_CERT_ID" - or - name = "d2i_ESS_CERT_ID_V2" - or - name = "d2i_ESS_ISSUER_SERIAL" - or - name = "d2i_ESS_SIGNING_CERT" - or - name = "d2i_ESS_SIGNING_CERT_V2" - or - name = "d2i_EXTENDED_KEY_USAGE" - or - name = "d2i_GENERAL_NAME" - or - name = "d2i_GENERAL_NAMES" - or - name = "d2i_IPAddressChoice" - or - name = "d2i_IPAddressFamily" - or - name = "d2i_IPAddressOrRange" - or - name = "d2i_IPAddressRange" - or - name = "d2i_ISSUER_SIGN_TOOL" - or - name = "d2i_ISSUING_DIST_POINT" - or - name = "d2i_KeyParams" - or - name = "d2i_KeyParams_bio" - or - name = "d2i_NAMING_AUTHORITY" - or - name = "d2i_NETSCAPE_CERT_SEQUENCE" - or - name = "d2i_NETSCAPE_SPKAC" - or - name = "d2i_NETSCAPE_SPKI" - or - name = "d2i_NOTICEREF" - or - name = "d2i_Netscape_RSA" - or - name = "d2i_OCSP_BASICRESP" - or - name = "d2i_OCSP_CERTID" - or - name = "d2i_OCSP_CERTSTATUS" - or - name = "d2i_OCSP_CRLID" - or - name = "d2i_OCSP_ONEREQ" - or - name = "d2i_OCSP_REQINFO" - or - name = "d2i_OCSP_REQUEST" - or - name = "d2i_OCSP_RESPBYTES" - or - name = "d2i_OCSP_RESPDATA" - or - name = "d2i_OCSP_RESPID" - or - name = "d2i_OCSP_RESPONSE" - or - name = "d2i_OCSP_REVOKEDINFO" - or - name = "d2i_OCSP_SERVICELOC" - or - name = "d2i_OCSP_SIGNATURE" - or - name = "d2i_OCSP_SINGLERESP" - or - name = "d2i_OSSL_CMP_MSG" - or - name = "d2i_OSSL_CMP_MSG_bio" - or - name = "d2i_OSSL_CMP_PKIHEADER" - or - name = "d2i_OSSL_CMP_PKISI" - or - name = "d2i_OSSL_CRMF_CERTID" - or - name = "d2i_OSSL_CRMF_CERTTEMPLATE" - or - name = "d2i_OSSL_CRMF_ENCRYPTEDVALUE" - or - name = "d2i_OSSL_CRMF_MSG" - or - name = "d2i_OSSL_CRMF_MSGS" - or - name = "d2i_OSSL_CRMF_PBMPARAMETER" - or - name = "d2i_OSSL_CRMF_PKIPUBLICATIONINFO" - or - name = "d2i_OSSL_CRMF_SINGLEPUBINFO" - or - name = "d2i_OTHERNAME" - or - name = "d2i_PBE2PARAM" - or - name = "d2i_PBEPARAM" - or - name = "d2i_PBKDF2PARAM" - or - name = "d2i_PKCS12" - or - name = "d2i_PKCS12_BAGS" - or - name = "d2i_PKCS12_MAC_DATA" - or - name = "d2i_PKCS12_SAFEBAG" - or - name = "d2i_PKCS12_bio" - or - name = "d2i_PKCS12_fp" - or - name = "d2i_PKCS7" - or - name = "d2i_PKCS7_DIGEST" - or - name = "d2i_PKCS7_ENCRYPT" - or - name = "d2i_PKCS7_ENC_CONTENT" - or - name = "d2i_PKCS7_ENVELOPE" - or - name = "d2i_PKCS7_ISSUER_AND_SERIAL" - or - name = "d2i_PKCS7_RECIP_INFO" - or - name = "d2i_PKCS7_SIGNED" - or - name = "d2i_PKCS7_SIGNER_INFO" - or - name = "d2i_PKCS7_SIGN_ENVELOPE" - or - name = "d2i_PKCS7_bio" - or - name = "d2i_PKCS7_fp" - or - name = "d2i_PKCS8PrivateKey" - or - name = "d2i_PKCS8PrivateKey_bio" - or - name = "d2i_PKCS8PrivateKey_fp" - or - name = "d2i_PKCS8_PRIV_KEY_INFO" - or - name = "d2i_PKCS8_PRIV_KEY_INFO_bio" - or - name = "d2i_PKCS8_PRIV_KEY_INFO_fp" - or - name = "d2i_PKCS8_bio" - or - name = "d2i_PKCS8_fp" - or - name = "d2i_PKEY_USAGE_PERIOD" - or - name = "d2i_POLICYINFO" - or - name = "d2i_POLICYQUALINFO" - or - name = "d2i_PROFESSION_INFO" - or - name = "d2i_PROXY_CERT_INFO_EXTENSION" - or - name = "d2i_PROXY_POLICY" - or - name = "d2i_PUBKEY" - or - name = "d2i_PUBKEY_bio" - or - name = "d2i_PUBKEY_ex" - or - name = "d2i_PUBKEY_ex_bio" - or - name = "d2i_PUBKEY_ex_fp" - or - name = "d2i_PUBKEY_fp" - or - name = "d2i_PrivateKey" - or - name = "d2i_PrivateKey_bio" - or - name = "d2i_PrivateKey_ex" - or - name = "d2i_PrivateKey_ex_bio" - or - name = "d2i_PrivateKey_ex_fp" - or - name = "d2i_PrivateKey_fp" - or - name = "d2i_Private_key" - or - name = "d2i_PublicKey" - or - name = "d2i_RSAPrivateKey" - or - name = "d2i_RSAPrivateKey_bio" - or - name = "d2i_RSAPrivateKey_fp" - or - name = "d2i_RSAPublicKey" - or - name = "d2i_RSAPublicKey_bio" - or - name = "d2i_RSAPublicKey_fp" - or - name = "d2i_RSA_OAEP_PARAMS" - or - name = "d2i_RSA_PSS_PARAMS" - or - name = "d2i_RSA_PUBKEY" - or - name = "d2i_RSA_PUBKEY_bio" - or - name = "d2i_RSA_PUBKEY_fp" - or - name = "d2i_SCRYPT_PARAMS" - or - name = "d2i_SCT_LIST" - or - name = "d2i_SSL_SESSION" - or - name = "d2i_SSL_SESSION_ex" - or - name = "d2i_SXNET" - or - name = "d2i_SXNETID" - or - name = "d2i_TS_ACCURACY" - or - name = "d2i_TS_MSG_IMPRINT" - or - name = "d2i_TS_MSG_IMPRINT_bio" - or - name = "d2i_TS_MSG_IMPRINT_fp" - or - name = "d2i_TS_REQ" - or - name = "d2i_TS_REQ_bio" - or - name = "d2i_TS_REQ_fp" - or - name = "d2i_TS_RESP" - or - name = "d2i_TS_RESP_bio" - or - name = "d2i_TS_RESP_fp" - or - name = "d2i_TS_STATUS_INFO" - or - name = "d2i_TS_TST_INFO" - or - name = "d2i_TS_TST_INFO_bio" - or - name = "d2i_TS_TST_INFO_fp" - or - name = "d2i_USERNOTICE" - or - name = "d2i_X509" - or - name = "d2i_X509_ALGOR" - or - name = "d2i_X509_ALGORS" - or - name = "d2i_X509_ATTRIBUTE" - or - name = "d2i_X509_AUX" - or - name = "d2i_X509_CERT_AUX" - or - name = "d2i_X509_CINF" - or - name = "d2i_X509_CRL" - or - name = "d2i_X509_CRL_INFO" - or - name = "d2i_X509_CRL_bio" - or - name = "d2i_X509_CRL_fp" - or - name = "d2i_X509_EXTENSION" - or - name = "d2i_X509_EXTENSIONS" - or - name = "d2i_X509_NAME" - or - name = "d2i_X509_NAME_ENTRY" - or - name = "d2i_X509_PUBKEY" - or - name = "d2i_X509_PUBKEY_bio" - or - name = "d2i_X509_PUBKEY_fp" - or - name = "d2i_X509_REQ" - or - name = "d2i_X509_REQ_INFO" - or - name = "d2i_X509_REQ_bio" - or - name = "d2i_X509_REQ_fp" - or - name = "d2i_X509_REVOKED" - or - name = "d2i_X509_SIG" - or - name = "d2i_X509_VAL" - or - name = "d2i_X509_bio" - or - name = "d2i_X509_fp" - or - name = "des" - or - name = "des_read_2passwords" - or - name = "des_read_password" - or - name = "des_read_pw" - or - name = "des_read_pw_string" - or - name = "dh" - or - name = "dsa" - or - name = "ec" - or - name = "ecdsa" - or - name = "engine" - or - name = "err" - or - name = "evp" - or - name = "hmac" - or - name = "i2b_PVK_bio" - or - name = "i2b_PVK_bio_ex" - or - name = "i2d_ACCESS_DESCRIPTION" - or - name = "i2d_ADMISSIONS" - or - name = "i2d_ADMISSION_SYNTAX" - or - name = "i2d_ASIdOrRange" - or - name = "i2d_ASIdentifierChoice" - or - name = "i2d_ASIdentifiers" - or - name = "i2d_ASN1_BIT_STRING" - or - name = "i2d_ASN1_BMPSTRING" - or - name = "i2d_ASN1_ENUMERATED" - or - name = "i2d_ASN1_GENERALIZEDTIME" - or - name = "i2d_ASN1_GENERALSTRING" - or - name = "i2d_ASN1_IA5STRING" - or - name = "i2d_ASN1_INTEGER" - or - name = "i2d_ASN1_NULL" - or - name = "i2d_ASN1_OBJECT" - or - name = "i2d_ASN1_OCTET_STRING" - or - name = "i2d_ASN1_PRINTABLE" - or - name = "i2d_ASN1_PRINTABLESTRING" - or - name = "i2d_ASN1_SEQUENCE_ANY" - or - name = "i2d_ASN1_SET_ANY" - or - name = "i2d_ASN1_T61STRING" - or - name = "i2d_ASN1_TIME" - or - name = "i2d_ASN1_TYPE" - or - name = "i2d_ASN1_UNIVERSALSTRING" - or - name = "i2d_ASN1_UTCTIME" - or - name = "i2d_ASN1_UTF8STRING" - or - name = "i2d_ASN1_VISIBLESTRING" - or - name = "i2d_ASN1_bio_stream" - or - name = "i2d_ASRange" - or - name = "i2d_AUTHORITY_INFO_ACCESS" - or - name = "i2d_AUTHORITY_KEYID" - or - name = "i2d_BASIC_CONSTRAINTS" - or - name = "i2d_CERTIFICATEPOLICIES" - or - name = "i2d_CMS_ContentInfo" - or - name = "i2d_CMS_ReceiptRequest" - or - name = "i2d_CMS_bio" - or - name = "i2d_CMS_bio_stream" - or - name = "i2d_CRL_DIST_POINTS" - or - name = "i2d_DHparams" - or - name = "i2d_DHparams_bio" - or - name = "i2d_DHparams_fp" - or - name = "i2d_DHxparams" - or - name = "i2d_DIRECTORYSTRING" - or - name = "i2d_DISPLAYTEXT" - or - name = "i2d_DIST_POINT" - or - name = "i2d_DIST_POINT_NAME" - or - name = "i2d_DSAPrivateKey" - or - name = "i2d_DSAPrivateKey_bio" - or - name = "i2d_DSAPrivateKey_fp" - or - name = "i2d_DSAPublicKey" - or - name = "i2d_DSA_PUBKEY" - or - name = "i2d_DSA_PUBKEY_bio" - or - name = "i2d_DSA_PUBKEY_fp" - or - name = "i2d_DSA_SIG" - or - name = "i2d_DSAparams" - or - name = "i2d_ECDSA_SIG" - or - name = "i2d_ECPKParameters" - or - name = "i2d_ECPKParameters_bio" - or - name = "i2d_ECPKParameters_fp" - or - name = "i2d_ECParameters" - or - name = "i2d_ECPrivateKey" - or - name = "i2d_ECPrivateKey_bio" - or - name = "i2d_ECPrivateKey_fp" - or - name = "i2d_EC_PUBKEY" - or - name = "i2d_EC_PUBKEY_bio" - or - name = "i2d_EC_PUBKEY_fp" - or - name = "i2d_EDIPARTYNAME" - or - name = "i2d_ESS_CERT_ID" - or - name = "i2d_ESS_CERT_ID_V2" - or - name = "i2d_ESS_ISSUER_SERIAL" - or - name = "i2d_ESS_SIGNING_CERT" - or - name = "i2d_ESS_SIGNING_CERT_V2" - or - name = "i2d_EXTENDED_KEY_USAGE" - or - name = "i2d_GENERAL_NAME" - or - name = "i2d_GENERAL_NAMES" - or - name = "i2d_IPAddressChoice" - or - name = "i2d_IPAddressFamily" - or - name = "i2d_IPAddressOrRange" - or - name = "i2d_IPAddressRange" - or - name = "i2d_ISSUER_SIGN_TOOL" - or - name = "i2d_ISSUING_DIST_POINT" - or - name = "i2d_KeyParams" - or - name = "i2d_KeyParams_bio" - or - name = "i2d_NAMING_AUTHORITY" - or - name = "i2d_NETSCAPE_CERT_SEQUENCE" - or - name = "i2d_NETSCAPE_SPKAC" - or - name = "i2d_NETSCAPE_SPKI" - or - name = "i2d_NOTICEREF" - or - name = "i2d_Netscape_RSA" - or - name = "i2d_OCSP_BASICRESP" - or - name = "i2d_OCSP_CERTID" - or - name = "i2d_OCSP_CERTSTATUS" - or - name = "i2d_OCSP_CRLID" - or - name = "i2d_OCSP_ONEREQ" - or - name = "i2d_OCSP_REQINFO" - or - name = "i2d_OCSP_REQUEST" - or - name = "i2d_OCSP_RESPBYTES" - or - name = "i2d_OCSP_RESPDATA" - or - name = "i2d_OCSP_RESPID" - or - name = "i2d_OCSP_RESPONSE" - or - name = "i2d_OCSP_REVOKEDINFO" - or - name = "i2d_OCSP_SERVICELOC" - or - name = "i2d_OCSP_SIGNATURE" - or - name = "i2d_OCSP_SINGLERESP" - or - name = "i2d_OSSL_CMP_MSG" - or - name = "i2d_OSSL_CMP_MSG_bio" - or - name = "i2d_OSSL_CMP_PKIHEADER" - or - name = "i2d_OSSL_CMP_PKISI" - or - name = "i2d_OSSL_CRMF_CERTID" - or - name = "i2d_OSSL_CRMF_CERTTEMPLATE" - or - name = "i2d_OSSL_CRMF_ENCRYPTEDVALUE" - or - name = "i2d_OSSL_CRMF_MSG" - or - name = "i2d_OSSL_CRMF_MSGS" - or - name = "i2d_OSSL_CRMF_PBMPARAMETER" - or - name = "i2d_OSSL_CRMF_PKIPUBLICATIONINFO" - or - name = "i2d_OSSL_CRMF_SINGLEPUBINFO" - or - name = "i2d_OTHERNAME" - or - name = "i2d_PBE2PARAM" - or - name = "i2d_PBEPARAM" - or - name = "i2d_PBKDF2PARAM" - or - name = "i2d_PKCS12" - or - name = "i2d_PKCS12_BAGS" - or - name = "i2d_PKCS12_MAC_DATA" - or - name = "i2d_PKCS12_SAFEBAG" - or - name = "i2d_PKCS12_bio" - or - name = "i2d_PKCS12_fp" - or - name = "i2d_PKCS7" - or - name = "i2d_PKCS7_DIGEST" - or - name = "i2d_PKCS7_ENCRYPT" - or - name = "i2d_PKCS7_ENC_CONTENT" - or - name = "i2d_PKCS7_ENVELOPE" - or - name = "i2d_PKCS7_ISSUER_AND_SERIAL" - or - name = "i2d_PKCS7_NDEF" - or - name = "i2d_PKCS7_RECIP_INFO" - or - name = "i2d_PKCS7_SIGNED" - or - name = "i2d_PKCS7_SIGNER_INFO" - or - name = "i2d_PKCS7_SIGN_ENVELOPE" - or - name = "i2d_PKCS7_bio" - or - name = "i2d_PKCS7_bio_stream" - or - name = "i2d_PKCS7_fp" - or - name = "i2d_PKCS8PrivateKeyInfo_bio" - or - name = "i2d_PKCS8PrivateKeyInfo_fp" - or - name = "i2d_PKCS8PrivateKey_bio" - or - name = "i2d_PKCS8PrivateKey_fp" - or - name = "i2d_PKCS8PrivateKey_nid_bio" - or - name = "i2d_PKCS8PrivateKey_nid_fp" - or - name = "i2d_PKCS8_PRIV_KEY_INFO" - or - name = "i2d_PKCS8_PRIV_KEY_INFO_bio" - or - name = "i2d_PKCS8_PRIV_KEY_INFO_fp" - or - name = "i2d_PKCS8_bio" - or - name = "i2d_PKCS8_fp" - or - name = "i2d_PKEY_USAGE_PERIOD" - or - name = "i2d_POLICYINFO" - or - name = "i2d_POLICYQUALINFO" - or - name = "i2d_PROFESSION_INFO" - or - name = "i2d_PROXY_CERT_INFO_EXTENSION" - or - name = "i2d_PROXY_POLICY" - or - name = "i2d_PUBKEY" - or - name = "i2d_PUBKEY_bio" - or - name = "i2d_PUBKEY_fp" - or - name = "i2d_PrivateKey" - or - name = "i2d_PrivateKey_bio" - or - name = "i2d_PrivateKey_fp" - or - name = "i2d_PublicKey" - or - name = "i2d_RSAPrivateKey" - or - name = "i2d_RSAPrivateKey_bio" - or - name = "i2d_RSAPrivateKey_fp" - or - name = "i2d_RSAPublicKey" - or - name = "i2d_RSAPublicKey_bio" - or - name = "i2d_RSAPublicKey_fp" - or - name = "i2d_RSA_OAEP_PARAMS" - or - name = "i2d_RSA_PSS_PARAMS" - or - name = "i2d_RSA_PUBKEY" - or - name = "i2d_RSA_PUBKEY_bio" - or - name = "i2d_RSA_PUBKEY_fp" - or - name = "i2d_SCRYPT_PARAMS" - or - name = "i2d_SCT_LIST" - or - name = "i2d_SSL_SESSION" - or - name = "i2d_SXNET" - or - name = "i2d_SXNETID" - or - name = "i2d_TS_ACCURACY" - or - name = "i2d_TS_MSG_IMPRINT" - or - name = "i2d_TS_MSG_IMPRINT_bio" - or - name = "i2d_TS_MSG_IMPRINT_fp" - or - name = "i2d_TS_REQ" - or - name = "i2d_TS_REQ_bio" - or - name = "i2d_TS_REQ_fp" - or - name = "i2d_TS_RESP" - or - name = "i2d_TS_RESP_bio" - or - name = "i2d_TS_RESP_fp" - or - name = "i2d_TS_STATUS_INFO" - or - name = "i2d_TS_TST_INFO" - or - name = "i2d_TS_TST_INFO_bio" - or - name = "i2d_TS_TST_INFO_fp" - or - name = "i2d_USERNOTICE" - or - name = "i2d_X509" - or - name = "i2d_X509_ALGOR" - or - name = "i2d_X509_ALGORS" - or - name = "i2d_X509_ATTRIBUTE" - or - name = "i2d_X509_AUX" - or - name = "i2d_X509_CERT_AUX" - or - name = "i2d_X509_CINF" - or - name = "i2d_X509_CRL" - or - name = "i2d_X509_CRL_INFO" - or - name = "i2d_X509_CRL_bio" - or - name = "i2d_X509_CRL_fp" - or - name = "i2d_X509_EXTENSION" - or - name = "i2d_X509_EXTENSIONS" - or - name = "i2d_X509_NAME" - or - name = "i2d_X509_NAME_ENTRY" - or - name = "i2d_X509_PUBKEY" - or - name = "i2d_X509_PUBKEY_bio" - or - name = "i2d_X509_PUBKEY_fp" - or - name = "i2d_X509_REQ" - or - name = "i2d_X509_REQ_INFO" - or - name = "i2d_X509_REQ_bio" - or - name = "i2d_X509_REQ_fp" - or - name = "i2d_X509_REVOKED" - or - name = "i2d_X509_SIG" - or - name = "i2d_X509_VAL" - or - name = "i2d_X509_bio" - or - name = "i2d_X509_fp" - or - name = "i2d_re_X509_CRL_tbs" - or - name = "i2d_re_X509_REQ_tbs" - or - name = "i2d_re_X509_tbs" - or - name = "i2o_SCT" - or - name = "i2o_SCT_LIST" - or - name = "i2s_ASN1_ENUMERATED" - or - name = "i2s_ASN1_ENUMERATED_TABLE" - or - name = "i2s_ASN1_IA5STRING" - or - name = "i2s_ASN1_INTEGER" - or - name = "i2s_ASN1_OCTET_STRING" - or - name = "i2s_ASN1_UTF8STRING" - or - name = "i2t_ASN1_OBJECT" - or - name = "lh_TYPE_delete" - or - name = "lh_TYPE_doall" - or - name = "lh_TYPE_doall_arg" - or - name = "lh_TYPE_error" - or - name = "lh_TYPE_flush" - or - name = "lh_TYPE_free" - or - name = "lh_TYPE_insert" - or - name = "lh_TYPE_new" - or - name = "lh_TYPE_retrieve" - or - name = "lh_delete" - or - name = "lh_doall" - or - name = "lh_doall_arg" - or - name = "lh_error" - or - name = "lh_free" - or - name = "lh_insert" - or - name = "lh_new" - or - name = "lh_node_stats" - or - name = "lh_node_stats_bio" - or - name = "lh_node_usage_stats" - or - name = "lh_node_usage_stats_bio" - or - name = "lh_retrieve" - or - name = "lh_stats" - or - name = "lh_stats_bio" - or - name = "lhash" - or - name = "md5" - or - name = "mdc2" - or - name = "o2i_SCT" - or - name = "o2i_SCT_LIST" - or - name = "pem" - or - name = "pem_password_cb" - or - name = "rand" - or - name = "rc4" - or - name = "ripemd" - or - name = "rsa" - or - name = "s2i_ASN1_IA5STRING" - or - name = "s2i_ASN1_INTEGER" - or - name = "s2i_ASN1_OCTET_STRING" - or - name = "s2i_ASN1_UTF8STRING" - or - name = "sha" - or - name = "sk_TYPE_deep_copy" - or - name = "sk_TYPE_delete" - or - name = "sk_TYPE_delete_ptr" - or - name = "sk_TYPE_dup" - or - name = "sk_TYPE_find" - or - name = "sk_TYPE_find_all" - or - name = "sk_TYPE_find_ex" - or - name = "sk_TYPE_free" - or - name = "sk_TYPE_insert" - or - name = "sk_TYPE_is_sorted" - or - name = "sk_TYPE_new" - or - name = "sk_TYPE_new_null" - or - name = "sk_TYPE_new_reserve" - or - name = "sk_TYPE_num" - or - name = "sk_TYPE_pop" - or - name = "sk_TYPE_pop_free" - or - name = "sk_TYPE_push" - or - name = "sk_TYPE_reserve" - or - name = "sk_TYPE_set" - or - name = "sk_TYPE_set_cmp_func" - or - name = "sk_TYPE_shift" - or - name = "sk_TYPE_sort" - or - name = "sk_TYPE_unshift" - or - name = "sk_TYPE_value" - or - name = "sk_TYPE_zero" - or - name = "ssl" - or - name = "ssl_ct_validation_cb" - or - name = "threads" - or - name = "ui" - or - name = "ui_compat" - or - name = "x509" +predicate openSSLAPIFuncName(string name) { + name = "ACCESS_DESCRIPTION_free" + or + name = "ACCESS_DESCRIPTION_new" + or + name = "ADMISSIONS" + or + name = "ADMISSIONS_free" + or + name = "ADMISSIONS_get0_admissionAuthority" + or + name = "ADMISSIONS_get0_namingAuthority" + or + name = "ADMISSIONS_get0_professionInfos" + or + name = "ADMISSIONS_new" + or + name = "ADMISSIONS_set0_admissionAuthority" + or + name = "ADMISSIONS_set0_namingAuthority" + or + name = "ADMISSIONS_set0_professionInfos" + or + name = "ADMISSION_SYNTAX" + or + name = "ADMISSION_SYNTAX_free" + or + name = "ADMISSION_SYNTAX_get0_admissionAuthority" + or + name = "ADMISSION_SYNTAX_get0_contentsOfAdmissions" + or + name = "ADMISSION_SYNTAX_new" + or + name = "ADMISSION_SYNTAX_set0_admissionAuthority" + or + name = "ADMISSION_SYNTAX_set0_contentsOfAdmissions" + or + name = "ASIdOrRange_free" + or + name = "ASIdOrRange_new" + or + name = "ASIdentifierChoice_free" + or + name = "ASIdentifierChoice_new" + or + name = "ASIdentifiers_free" + or + name = "ASIdentifiers_new" + or + name = "ASN1_AUX" + or + name = "ASN1_ENUMERATED_get" + or + name = "ASN1_ENUMERATED_get_int64" + or + name = "ASN1_ENUMERATED_set" + or + name = "ASN1_ENUMERATED_set_int64" + or + name = "ASN1_ENUMERATED_to_BN" + or + name = "ASN1_EXTERN_FUNCS" + or + name = "ASN1_GENERALIZEDTIME_adj" + or + name = "ASN1_GENERALIZEDTIME_check" + or + name = "ASN1_GENERALIZEDTIME_dup" + or + name = "ASN1_GENERALIZEDTIME_print" + or + name = "ASN1_GENERALIZEDTIME_set" + or + name = "ASN1_GENERALIZEDTIME_set_string" + or + name = "ASN1_INTEGER_free" + or + name = "ASN1_INTEGER_get" + or + name = "ASN1_INTEGER_get_int64" + or + name = "ASN1_INTEGER_get_uint64" + or + name = "ASN1_INTEGER_new" + or + name = "ASN1_INTEGER_set" + or + name = "ASN1_INTEGER_set_int64" + or + name = "ASN1_INTEGER_set_uint64" + or + name = "ASN1_INTEGER_to_BN" + or + name = "ASN1_ITEM" + or + name = "ASN1_ITEM_get" + or + name = "ASN1_ITEM_lookup" + or + name = "ASN1_OBJECT_free" + or + name = "ASN1_OBJECT_new" + or + name = "ASN1_PRINT_ARG" + or + name = "ASN1_STREAM_ARG" + or + name = "ASN1_STRING_TABLE" + or + name = "ASN1_STRING_TABLE_add" + or + name = "ASN1_STRING_TABLE_cleanup" + or + name = "ASN1_STRING_TABLE_get" + or + name = "ASN1_STRING_cmp" + or + name = "ASN1_STRING_data" + or + name = "ASN1_STRING_dup" + or + name = "ASN1_STRING_free" + or + name = "ASN1_STRING_get0_data" + or + name = "ASN1_STRING_length" + or + name = "ASN1_STRING_length_set" + or + name = "ASN1_STRING_new" + or + name = "ASN1_STRING_print" + or + name = "ASN1_STRING_print_ex" + or + name = "ASN1_STRING_print_ex_fp" + or + name = "ASN1_STRING_set" + or + name = "ASN1_STRING_to_UTF8" + or + name = "ASN1_STRING_type" + or + name = "ASN1_STRING_type_new" + or + name = "ASN1_TIME_adj" + or + name = "ASN1_TIME_check" + or + name = "ASN1_TIME_cmp_time_t" + or + name = "ASN1_TIME_compare" + or + name = "ASN1_TIME_diff" + or + name = "ASN1_TIME_dup" + or + name = "ASN1_TIME_normalize" + or + name = "ASN1_TIME_print" + or + name = "ASN1_TIME_print_ex" + or + name = "ASN1_TIME_set" + or + name = "ASN1_TIME_set_string" + or + name = "ASN1_TIME_set_string_X509" + or + name = "ASN1_TIME_to_generalizedtime" + or + name = "ASN1_TIME_to_tm" + or + name = "ASN1_TYPE_cmp" + or + name = "ASN1_TYPE_get" + or + name = "ASN1_TYPE_pack_sequence" + or + name = "ASN1_TYPE_set" + or + name = "ASN1_TYPE_set1" + or + name = "ASN1_TYPE_unpack_sequence" + or + name = "ASN1_UTCTIME_adj" + or + name = "ASN1_UTCTIME_check" + or + name = "ASN1_UTCTIME_cmp_time_t" + or + name = "ASN1_UTCTIME_dup" + or + name = "ASN1_UTCTIME_print" + or + name = "ASN1_UTCTIME_set" + or + name = "ASN1_UTCTIME_set_string" + or + name = "ASN1_add_oid_module" + or + name = "ASN1_aux_cb" + or + name = "ASN1_aux_const_cb" + or + name = "ASN1_ex_d2i" + or + name = "ASN1_ex_d2i_ex" + or + name = "ASN1_ex_free_func" + or + name = "ASN1_ex_i2d" + or + name = "ASN1_ex_new_ex_func" + or + name = "ASN1_ex_new_func" + or + name = "ASN1_ex_print_func" + or + name = "ASN1_generate_nconf" + or + name = "ASN1_generate_v3" + or + name = "ASN1_item_d2i" + or + name = "ASN1_item_d2i_bio" + or + name = "ASN1_item_d2i_bio_ex" + or + name = "ASN1_item_d2i_ex" + or + name = "ASN1_item_d2i_fp" + or + name = "ASN1_item_d2i_fp_ex" + or + name = "ASN1_item_i2d_mem_bio" + or + name = "ASN1_item_new" + or + name = "ASN1_item_new_ex" + or + name = "ASN1_item_pack" + or + name = "ASN1_item_sign" + or + name = "ASN1_item_sign_ctx" + or + name = "ASN1_item_sign_ex" + or + name = "ASN1_item_unpack" + or + name = "ASN1_item_unpack_ex" + or + name = "ASN1_item_verify" + or + name = "ASN1_item_verify_ctx" + or + name = "ASN1_item_verify_ex" + or + name = "ASN1_tag2str" + or + name = "ASRange_free" + or + name = "ASRange_new" + or + name = "ASYNC_STATUS_EAGAIN" + or + name = "ASYNC_STATUS_ERR" + or + name = "ASYNC_STATUS_OK" + or + name = "ASYNC_STATUS_UNSUPPORTED" + or + name = "ASYNC_WAIT_CTX_clear_fd" + or + name = "ASYNC_WAIT_CTX_free" + or + name = "ASYNC_WAIT_CTX_get_all_fds" + or + name = "ASYNC_WAIT_CTX_get_callback" + or + name = "ASYNC_WAIT_CTX_get_changed_fds" + or + name = "ASYNC_WAIT_CTX_get_fd" + or + name = "ASYNC_WAIT_CTX_get_status" + or + name = "ASYNC_WAIT_CTX_new" + or + name = "ASYNC_WAIT_CTX_set_callback" + or + name = "ASYNC_WAIT_CTX_set_status" + or + name = "ASYNC_WAIT_CTX_set_wait_fd" + or + name = "ASYNC_block_pause" + or + name = "ASYNC_callback_fn" + or + name = "ASYNC_cleanup_thread" + or + name = "ASYNC_get_current_job" + or + name = "ASYNC_get_mem_functions" + or + name = "ASYNC_get_wait_ctx" + or + name = "ASYNC_init_thread" + or + name = "ASYNC_is_capable" + or + name = "ASYNC_pause_job" + or + name = "ASYNC_set_mem_functions" + or + name = "ASYNC_stack_alloc_fn" + or + name = "ASYNC_stack_free_fn" + or + name = "ASYNC_start_job" + or + name = "ASYNC_unblock_pause" + or + name = "AUTHORITY_INFO_ACCESS_free" + or + name = "AUTHORITY_INFO_ACCESS_new" + or + name = "AUTHORITY_KEYID_free" + or + name = "AUTHORITY_KEYID_new" + or + name = "BASIC_CONSTRAINTS_free" + or + name = "BASIC_CONSTRAINTS_new" + or + name = "BF_cbc_encrypt" + or + name = "BF_cfb64_encrypt" + or + name = "BF_decrypt" + or + name = "BF_ecb_encrypt" + or + name = "BF_encrypt" + or + name = "BF_ofb64_encrypt" + or + name = "BF_options" + or + name = "BF_set_key" + or + name = "BIO_ADDR" + or + name = "BIO_ADDRINFO" + or + name = "BIO_ADDRINFO_address" + or + name = "BIO_ADDRINFO_family" + or + name = "BIO_ADDRINFO_free" + or + name = "BIO_ADDRINFO_next" + or + name = "BIO_ADDRINFO_protocol" + or + name = "BIO_ADDRINFO_socktype" + or + name = "BIO_ADDR_clear" + or + name = "BIO_ADDR_dup" + or + name = "BIO_ADDR_family" + or + name = "BIO_ADDR_free" + or + name = "BIO_ADDR_hostname_string" + or + name = "BIO_ADDR_new" + or + name = "BIO_ADDR_path_string" + or + name = "BIO_ADDR_rawaddress" + or + name = "BIO_ADDR_rawmake" + or + name = "BIO_ADDR_rawport" + or + name = "BIO_ADDR_service_string" + or + name = "BIO_accept_ex" + or + name = "BIO_append_filename" + or + name = "BIO_bind" + or + name = "BIO_callback_ctrl" + or + name = "BIO_callback_fn" + or + name = "BIO_callback_fn_ex" + or + name = "BIO_closesocket" + or + name = "BIO_connect" + or + name = "BIO_ctrl" + or + name = "BIO_ctrl_dgram_connect" + or + name = "BIO_ctrl_get_read_request" + or + name = "BIO_ctrl_get_write_guarantee" + or + name = "BIO_ctrl_pending" + or + name = "BIO_ctrl_reset_read_request" + or + name = "BIO_ctrl_set_connected" + or + name = "BIO_ctrl_wpending" + or + name = "BIO_debug_callback" + or + name = "BIO_debug_callback_ex" + or + name = "BIO_destroy_bio_pair" + or + name = "BIO_dgram_get_caps" + or + name = "BIO_dgram_get_effective_caps" + or + name = "BIO_dgram_get_local_addr_cap" + or + name = "BIO_dgram_get_local_addr_enable" + or + name = "BIO_dgram_get_mtu" + or + name = "BIO_dgram_get_mtu_overhead" + or + name = "BIO_dgram_get_no_trunc" + or + name = "BIO_dgram_get_peer" + or + name = "BIO_dgram_recv_timedout" + or + name = "BIO_dgram_send_timedout" + or + name = "BIO_dgram_set_caps" + or + name = "BIO_dgram_set_local_addr_enable" + or + name = "BIO_dgram_set_mtu" + or + name = "BIO_dgram_set_no_trunc" + or + name = "BIO_dgram_set_peer" + or + name = "BIO_do_accept" + or + name = "BIO_do_connect" + or + name = "BIO_do_connect_retry" + or + name = "BIO_do_handshake" + or + name = "BIO_eof" + or + name = "BIO_err_is_non_fatal" + or + name = "BIO_f_base64" + or + name = "BIO_f_brotli" + or + name = "BIO_f_buffer" + or + name = "BIO_f_cipher" + or + name = "BIO_f_md" + or + name = "BIO_f_null" + or + name = "BIO_f_prefix" + or + name = "BIO_f_readbuffer" + or + name = "BIO_f_ssl" + or + name = "BIO_f_zlib" + or + name = "BIO_f_zstd" + or + name = "BIO_find_type" + or + name = "BIO_flush" + or + name = "BIO_free" + or + name = "BIO_free_all" + or + name = "BIO_get_accept_ip_family" + or + name = "BIO_get_accept_name" + or + name = "BIO_get_accept_port" + or + name = "BIO_get_app_data" + or + name = "BIO_get_bind_mode" + or + name = "BIO_get_buffer_num_lines" + or + name = "BIO_get_callback" + or + name = "BIO_get_callback_arg" + or + name = "BIO_get_callback_ex" + or + name = "BIO_get_cipher_ctx" + or + name = "BIO_get_cipher_status" + or + name = "BIO_get_close" + or + name = "BIO_get_conn_address" + or + name = "BIO_get_conn_hostname" + or + name = "BIO_get_conn_int_port" + or + name = "BIO_get_conn_ip" + or + name = "BIO_get_conn_ip_family" + or + name = "BIO_get_conn_mode" + or + name = "BIO_get_conn_port" + or + name = "BIO_get_data" + or + name = "BIO_get_ex_data" + or + name = "BIO_get_ex_new_index" + or + name = "BIO_get_fd" + or + name = "BIO_get_fp" + or + name = "BIO_get_indent" + or + name = "BIO_get_info_callback" + or + name = "BIO_get_init" + or + name = "BIO_get_ktls_recv" + or + name = "BIO_get_ktls_send" + or + name = "BIO_get_line" + or + name = "BIO_get_md" + or + name = "BIO_get_md_ctx" + or + name = "BIO_get_mem_data" + or + name = "BIO_get_mem_ptr" + or + name = "BIO_get_new_index" + or + name = "BIO_get_num_renegotiates" + or + name = "BIO_get_peer_name" + or + name = "BIO_get_peer_port" + or + name = "BIO_get_read_request" + or + name = "BIO_get_retry_BIO" + or + name = "BIO_get_retry_reason" + or + name = "BIO_get_rpoll_descriptor" + or + name = "BIO_get_shutdown" + or + name = "BIO_get_ssl" + or + name = "BIO_get_wpoll_descriptor" + or + name = "BIO_get_write_buf_size" + or + name = "BIO_get_write_guarantee" + or + name = "BIO_gets" + or + name = "BIO_hostserv_priorities" + or + name = "BIO_info_cb" + or + name = "BIO_int_ctrl" + or + name = "BIO_listen" + or + name = "BIO_lookup" + or + name = "BIO_lookup_ex" + or + name = "BIO_lookup_type" + or + name = "BIO_make_bio_pair" + or + name = "BIO_meth_free" + or + name = "BIO_meth_get_callback_ctrl" + or + name = "BIO_meth_get_create" + or + name = "BIO_meth_get_ctrl" + or + name = "BIO_meth_get_destroy" + or + name = "BIO_meth_get_gets" + or + name = "BIO_meth_get_puts" + or + name = "BIO_meth_get_read" + or + name = "BIO_meth_get_read_ex" + or + name = "BIO_meth_get_recvmmsg" + or + name = "BIO_meth_get_sendmmsg" + or + name = "BIO_meth_get_write" + or + name = "BIO_meth_get_write_ex" + or + name = "BIO_meth_new" + or + name = "BIO_meth_set_callback_ctrl" + or + name = "BIO_meth_set_create" + or + name = "BIO_meth_set_ctrl" + or + name = "BIO_meth_set_destroy" + or + name = "BIO_meth_set_gets" + or + name = "BIO_meth_set_puts" + or + name = "BIO_meth_set_read" + or + name = "BIO_meth_set_read_ex" + or + name = "BIO_meth_set_recvmmsg" + or + name = "BIO_meth_set_sendmmsg" + or + name = "BIO_meth_set_write" + or + name = "BIO_meth_set_write_ex" + or + name = "BIO_method_type" + or + name = "BIO_new" + or + name = "BIO_new_CMS" + or + name = "BIO_new_accept" + or + name = "BIO_new_bio_dgram_pair" + or + name = "BIO_new_bio_pair" + or + name = "BIO_new_buffer_ssl_connect" + or + name = "BIO_new_connect" + or + name = "BIO_new_dgram" + or + name = "BIO_new_ex" + or + name = "BIO_new_fd" + or + name = "BIO_new_file" + or + name = "BIO_new_fp" + or + name = "BIO_new_from_core_bio" + or + name = "BIO_new_mem_buf" + or + name = "BIO_new_socket" + or + name = "BIO_new_ssl" + or + name = "BIO_new_ssl_connect" + or + name = "BIO_next" + or + name = "BIO_parse_hostserv" + or + name = "BIO_pending" + or + name = "BIO_pop" + or + name = "BIO_printf" + or + name = "BIO_ptr_ctrl" + or + name = "BIO_push" + or + name = "BIO_puts" + or + name = "BIO_read" + or + name = "BIO_read_ex" + or + name = "BIO_read_filename" + or + name = "BIO_recvmmsg" + or + name = "BIO_reset" + or + name = "BIO_retry_type" + or + name = "BIO_rw_filename" + or + name = "BIO_s_accept" + or + name = "BIO_s_bio" + or + name = "BIO_s_connect" + or + name = "BIO_s_core" + or + name = "BIO_s_datagram" + or + name = "BIO_s_dgram_mem" + or + name = "BIO_s_dgram_pair" + or + name = "BIO_s_fd" + or + name = "BIO_s_file" + or + name = "BIO_s_mem" + or + name = "BIO_s_null" + or + name = "BIO_s_secmem" + or + name = "BIO_s_socket" + or + name = "BIO_seek" + or + name = "BIO_sendmmsg" + or + name = "BIO_set" + or + name = "BIO_set_accept_bios" + or + name = "BIO_set_accept_ip_family" + or + name = "BIO_set_accept_name" + or + name = "BIO_set_accept_port" + or + name = "BIO_set_app_data" + or + name = "BIO_set_bind_mode" + or + name = "BIO_set_buffer_read_data" + or + name = "BIO_set_buffer_size" + or + name = "BIO_set_callback" + or + name = "BIO_set_callback_arg" + or + name = "BIO_set_callback_ex" + or + name = "BIO_set_cipher" + or + name = "BIO_set_close" + or + name = "BIO_set_conn_address" + or + name = "BIO_set_conn_hostname" + or + name = "BIO_set_conn_int_port" + or + name = "BIO_set_conn_ip" + or + name = "BIO_set_conn_ip_family" + or + name = "BIO_set_conn_mode" + or + name = "BIO_set_conn_port" + or + name = "BIO_set_data" + or + name = "BIO_set_ex_data" + or + name = "BIO_set_fd" + or + name = "BIO_set_fp" + or + name = "BIO_set_indent" + or + name = "BIO_set_info_callback" + or + name = "BIO_set_init" + or + name = "BIO_set_md" + or + name = "BIO_set_mem_buf" + or + name = "BIO_set_mem_eof_return" + or + name = "BIO_set_nbio" + or + name = "BIO_set_nbio_accept" + or + name = "BIO_set_next" + or + name = "BIO_set_prefix" + or + name = "BIO_set_read_buffer_size" + or + name = "BIO_set_retry_reason" + or + name = "BIO_set_shutdown" + or + name = "BIO_set_ssl" + or + name = "BIO_set_ssl_mode" + or + name = "BIO_set_ssl_renegotiate_bytes" + or + name = "BIO_set_ssl_renegotiate_timeout" + or + name = "BIO_set_tfo" + or + name = "BIO_set_tfo_accept" + or + name = "BIO_set_write_buf_size" + or + name = "BIO_set_write_buffer_size" + or + name = "BIO_should_io_special" + or + name = "BIO_should_read" + or + name = "BIO_should_retry" + or + name = "BIO_should_write" + or + name = "BIO_shutdown_wr" + or + name = "BIO_snprintf" + or + name = "BIO_socket" + or + name = "BIO_socket_wait" + or + name = "BIO_ssl_copy_session_id" + or + name = "BIO_ssl_shutdown" + or + name = "BIO_tell" + or + name = "BIO_up_ref" + or + name = "BIO_vfree" + or + name = "BIO_vprintf" + or + name = "BIO_vsnprintf" + or + name = "BIO_wait" + or + name = "BIO_wpending" + or + name = "BIO_write" + or + name = "BIO_write_ex" + or + name = "BIO_write_filename" + or + name = "BN_BLINDING_convert" + or + name = "BN_BLINDING_convert_ex" + or + name = "BN_BLINDING_create_param" + or + name = "BN_BLINDING_free" + or + name = "BN_BLINDING_get_flags" + or + name = "BN_BLINDING_get_thread_id" + or + name = "BN_BLINDING_invert" + or + name = "BN_BLINDING_invert_ex" + or + name = "BN_BLINDING_is_current_thread" + or + name = "BN_BLINDING_lock" + or + name = "BN_BLINDING_new" + or + name = "BN_BLINDING_set_current_thread" + or + name = "BN_BLINDING_set_flags" + or + name = "BN_BLINDING_set_thread_id" + or + name = "BN_BLINDING_thread_id" + or + name = "BN_BLINDING_unlock" + or + name = "BN_BLINDING_update" + or + name = "BN_CTX_end" + or + name = "BN_CTX_free" + or + name = "BN_CTX_get" + or + name = "BN_CTX_init" + or + name = "BN_CTX_new" + or + name = "BN_CTX_new_ex" + or + name = "BN_CTX_secure_new" + or + name = "BN_CTX_secure_new_ex" + or + name = "BN_CTX_start" + or + name = "BN_GENCB_call" + or + name = "BN_GENCB_free" + or + name = "BN_GENCB_get_arg" + or + name = "BN_GENCB_new" + or + name = "BN_GENCB_set" + or + name = "BN_GENCB_set_old" + or + name = "BN_MONT_CTX_copy" + or + name = "BN_MONT_CTX_free" + or + name = "BN_MONT_CTX_init" + or + name = "BN_MONT_CTX_new" + or + name = "BN_MONT_CTX_set" + or + name = "BN_RECP_CTX_free" + or + name = "BN_RECP_CTX_init" + or + name = "BN_RECP_CTX_new" + or + name = "BN_RECP_CTX_set" + or + name = "BN_abs_is_word" + or + name = "BN_add" + or + name = "BN_add_word" + or + name = "BN_are_coprime" + or + name = "BN_bin2bn" + or + name = "BN_bn2bin" + or + name = "BN_bn2binpad" + or + name = "BN_bn2dec" + or + name = "BN_bn2hex" + or + name = "BN_bn2lebinpad" + or + name = "BN_bn2mpi" + or + name = "BN_bn2nativepad" + or + name = "BN_check_prime" + or + name = "BN_clear" + or + name = "BN_clear_bit" + or + name = "BN_clear_free" + or + name = "BN_cmp" + or + name = "BN_copy" + or + name = "BN_dec2bn" + or + name = "BN_div" + or + name = "BN_div_recp" + or + name = "BN_div_word" + or + name = "BN_dup" + or + name = "BN_exp" + or + name = "BN_free" + or + name = "BN_from_montgomery" + or + name = "BN_gcd" + or + name = "BN_generate_prime" + or + name = "BN_generate_prime_ex" + or + name = "BN_generate_prime_ex2" + or + name = "BN_get0_nist_prime_192" + or + name = "BN_get0_nist_prime_224" + or + name = "BN_get0_nist_prime_256" + or + name = "BN_get0_nist_prime_384" + or + name = "BN_get0_nist_prime_521" + or + name = "BN_get_rfc2409_prime_1024" + or + name = "BN_get_rfc2409_prime_768" + or + name = "BN_get_rfc3526_prime_1536" + or + name = "BN_get_rfc3526_prime_2048" + or + name = "BN_get_rfc3526_prime_3072" + or + name = "BN_get_rfc3526_prime_4096" + or + name = "BN_get_rfc3526_prime_6144" + or + name = "BN_get_rfc3526_prime_8192" + or + name = "BN_get_word" + or + name = "BN_hex2bn" + or + name = "BN_init" + or + name = "BN_is_bit_set" + or + name = "BN_is_odd" + or + name = "BN_is_one" + or + name = "BN_is_prime" + or + name = "BN_is_prime_ex" + or + name = "BN_is_prime_fasttest" + or + name = "BN_is_prime_fasttest_ex" + or + name = "BN_is_word" + or + name = "BN_is_zero" + or + name = "BN_lebin2bn" + or + name = "BN_lshift" + or + name = "BN_lshift1" + or + name = "BN_mask_bits" + or + name = "BN_mod" + or + name = "BN_mod_add" + or + name = "BN_mod_exp" + or + name = "BN_mod_exp_mont" + or + name = "BN_mod_exp_mont_consttime" + or + name = "BN_mod_exp_mont_consttime_x2" + or + name = "BN_mod_inverse" + or + name = "BN_mod_mul" + or + name = "BN_mod_mul_montgomery" + or + name = "BN_mod_mul_reciprocal" + or + name = "BN_mod_sqr" + or + name = "BN_mod_sqrt" + or + name = "BN_mod_sub" + or + name = "BN_mod_word" + or + name = "BN_mpi2bn" + or + name = "BN_mul" + or + name = "BN_mul_word" + or + name = "BN_native2bn" + or + name = "BN_new" + or + name = "BN_nnmod" + or + name = "BN_num_bits" + or + name = "BN_num_bits_word" + or + name = "BN_num_bytes" + or + name = "BN_one" + or + name = "BN_print" + or + name = "BN_print_fp" + or + name = "BN_priv_rand" + or + name = "BN_priv_rand_ex" + or + name = "BN_priv_rand_range" + or + name = "BN_priv_rand_range_ex" + or + name = "BN_pseudo_rand" + or + name = "BN_pseudo_rand_range" + or + name = "BN_rand" + or + name = "BN_rand_ex" + or + name = "BN_rand_range" + or + name = "BN_rand_range_ex" + or + name = "BN_rshift" + or + name = "BN_rshift1" + or + name = "BN_secure_new" + or + name = "BN_security_bits" + or + name = "BN_set_bit" + or + name = "BN_set_word" + or + name = "BN_signed_bin2bn" + or + name = "BN_signed_bn2bin" + or + name = "BN_signed_bn2lebin" + or + name = "BN_signed_bn2native" + or + name = "BN_signed_lebin2bn" + or + name = "BN_signed_native2bn" + or + name = "BN_sqr" + or + name = "BN_sub" + or + name = "BN_sub_word" + or + name = "BN_swap" + or + name = "BN_to_ASN1_ENUMERATED" + or + name = "BN_to_ASN1_INTEGER" + or + name = "BN_to_montgomery" + or + name = "BN_ucmp" + or + name = "BN_value_one" + or + name = "BN_with_flags" + or + name = "BN_zero" + or + name = "BUF_MEM_free" + or + name = "BUF_MEM_grow" + or + name = "BUF_MEM_grow_clean" + or + name = "BUF_MEM_new" + or + name = "BUF_MEM_new_ex" + or + name = "BUF_memdup" + or + name = "BUF_reverse" + or + name = "BUF_strdup" + or + name = "BUF_strlcat" + or + name = "BUF_strlcpy" + or + name = "BUF_strndup" + or + name = "CERTIFICATEPOLICIES_free" + or + name = "CERTIFICATEPOLICIES_new" + or + name = "CMS_AuthEnvelopedData_create" + or + name = "CMS_AuthEnvelopedData_create_ex" + or + name = "CMS_ContentInfo_free" + or + name = "CMS_ContentInfo_new" + or + name = "CMS_ContentInfo_new_ex" + or + name = "CMS_ContentInfo_print_ctx" + or + name = "CMS_EncryptedData_decrypt" + or + name = "CMS_EncryptedData_encrypt" + or + name = "CMS_EncryptedData_encrypt_ex" + or + name = "CMS_EnvelopedData_create" + or + name = "CMS_EnvelopedData_create_ex" + or + name = "CMS_EnvelopedData_decrypt" + or + name = "CMS_EnvelopedData_it" + or + name = "CMS_ReceiptRequest_create0" + or + name = "CMS_ReceiptRequest_create0_ex" + or + name = "CMS_ReceiptRequest_free" + or + name = "CMS_ReceiptRequest_get0_values" + or + name = "CMS_ReceiptRequest_new" + or + name = "CMS_RecipientInfo_decrypt" + or + name = "CMS_RecipientInfo_encrypt" + or + name = "CMS_RecipientInfo_kari_set0_pkey" + or + name = "CMS_RecipientInfo_kari_set0_pkey_and_peer" + or + name = "CMS_RecipientInfo_kekri_get0_id" + or + name = "CMS_RecipientInfo_kekri_id_cmp" + or + name = "CMS_RecipientInfo_ktri_cert_cmp" + or + name = "CMS_RecipientInfo_ktri_get0_signer_id" + or + name = "CMS_RecipientInfo_set0_key" + or + name = "CMS_RecipientInfo_set0_pkey" + or + name = "CMS_RecipientInfo_type" + or + name = "CMS_SignedData_free" + or + name = "CMS_SignedData_new" + or + name = "CMS_SignedData_verify" + or + name = "CMS_SignerInfo_cert_cmp" + or + name = "CMS_SignerInfo_get0_signature" + or + name = "CMS_SignerInfo_get0_signer_id" + or + name = "CMS_SignerInfo_set1_signer_cert" + or + name = "CMS_SignerInfo_sign" + or + name = "CMS_add0_cert" + or + name = "CMS_add0_crl" + or + name = "CMS_add0_recipient_key" + or + name = "CMS_add1_ReceiptRequest" + or + name = "CMS_add1_cert" + or + name = "CMS_add1_crl" + or + name = "CMS_add1_recipient" + or + name = "CMS_add1_recipient_cert" + or + name = "CMS_add1_signer" + or + name = "CMS_compress" + or + name = "CMS_data_create" + or + name = "CMS_data_create_ex" + or + name = "CMS_decrypt" + or + name = "CMS_decrypt_set1_password" + or + name = "CMS_decrypt_set1_pkey" + or + name = "CMS_decrypt_set1_pkey_and_peer" + or + name = "CMS_digest_create" + or + name = "CMS_digest_create_ex" + or + name = "CMS_encrypt" + or + name = "CMS_encrypt_ex" + or + name = "CMS_final" + or + name = "CMS_final_digest" + or + name = "CMS_get0_RecipientInfos" + or + name = "CMS_get0_SignerInfos" + or + name = "CMS_get0_content" + or + name = "CMS_get0_eContentType" + or + name = "CMS_get0_signers" + or + name = "CMS_get0_type" + or + name = "CMS_get1_ReceiptRequest" + or + name = "CMS_get1_certs" + or + name = "CMS_get1_crls" + or + name = "CMS_set1_eContentType" + or + name = "CMS_set1_signer_cert" + or + name = "CMS_sign" + or + name = "CMS_sign_ex" + or + name = "CMS_sign_receipt" + or + name = "CMS_uncompress" + or + name = "CMS_verify" + or + name = "CMS_verify_receipt" + or + name = "COMP_CTX_free" + or + name = "COMP_CTX_get_method" + or + name = "COMP_CTX_get_type" + or + name = "COMP_CTX_new" + or + name = "COMP_brotli" + or + name = "COMP_brotli_oneshot" + or + name = "COMP_compress_block" + or + name = "COMP_expand_block" + or + name = "COMP_get_name" + or + name = "COMP_get_type" + or + name = "COMP_zlib" + or + name = "COMP_zlib_oneshot" + or + name = "COMP_zstd" + or + name = "COMP_zstd_oneshot" + or + name = "CONF_get1_default_config_file" + or + name = "CONF_modules_finish" + or + name = "CONF_modules_free" + or + name = "CONF_modules_load" + or + name = "CONF_modules_load_file" + or + name = "CONF_modules_load_file_ex" + or + name = "CONF_modules_unload" + or + name = "CRL_DIST_POINTS_free" + or + name = "CRL_DIST_POINTS_new" + or + name = "CRYPTO_EX_dup" + or + name = "CRYPTO_EX_free" + or + name = "CRYPTO_EX_new" + or + name = "CRYPTO_THREADID_cmp" + or + name = "CRYPTO_THREADID_cpy" + or + name = "CRYPTO_THREADID_current" + or + name = "CRYPTO_THREADID_get_callback" + or + name = "CRYPTO_THREADID_hash" + or + name = "CRYPTO_THREADID_set_callback" + or + name = "CRYPTO_THREAD_lock_free" + or + name = "CRYPTO_THREAD_lock_new" + or + name = "CRYPTO_THREAD_read_lock" + or + name = "CRYPTO_THREAD_run_once" + or + name = "CRYPTO_THREAD_unlock" + or + name = "CRYPTO_THREAD_write_lock" + or + name = "CRYPTO_alloc_ex_data" + or + name = "CRYPTO_atomic_add" + or + name = "CRYPTO_atomic_load" + or + name = "CRYPTO_atomic_or" + or + name = "CRYPTO_clear_free" + or + name = "CRYPTO_clear_realloc" + or + name = "CRYPTO_destroy_dynlockid" + or + name = "CRYPTO_free" + or + name = "CRYPTO_free_ex_data" + or + name = "CRYPTO_free_ex_index" + or + name = "CRYPTO_free_fn" + or + name = "CRYPTO_get_alloc_counts" + or + name = "CRYPTO_get_ex_data" + or + name = "CRYPTO_get_ex_new_index" + or + name = "CRYPTO_get_mem_functions" + or + name = "CRYPTO_get_new_dynlockid" + or + name = "CRYPTO_lock" + or + name = "CRYPTO_malloc" + or + name = "CRYPTO_malloc_fn" + or + name = "CRYPTO_mem_ctrl" + or + name = "CRYPTO_mem_debug_pop" + or + name = "CRYPTO_mem_debug_push" + or + name = "CRYPTO_mem_leaks" + or + name = "CRYPTO_mem_leaks_cb" + or + name = "CRYPTO_mem_leaks_fp" + or + name = "CRYPTO_memcmp" + or + name = "CRYPTO_new_ex_data" + or + name = "CRYPTO_num_locks" + or + name = "CRYPTO_realloc" + or + name = "CRYPTO_realloc_fn" + or + name = "CRYPTO_secure_allocated" + or + name = "CRYPTO_secure_clear_free" + or + name = "CRYPTO_secure_free" + or + name = "CRYPTO_secure_malloc" + or + name = "CRYPTO_secure_malloc_done" + or + name = "CRYPTO_secure_malloc_init" + or + name = "CRYPTO_secure_malloc_initialized" + or + name = "CRYPTO_secure_used" + or + name = "CRYPTO_secure_zalloc" + or + name = "CRYPTO_set_dynlock_create_callback" + or + name = "CRYPTO_set_dynlock_destroy_callback" + or + name = "CRYPTO_set_dynlock_lock_callback" + or + name = "CRYPTO_set_ex_data" + or + name = "CRYPTO_set_locking_callback" + or + name = "CRYPTO_set_mem_debug" + or + name = "CRYPTO_set_mem_functions" + or + name = "CRYPTO_strdup" + or + name = "CRYPTO_strndup" + or + name = "CRYPTO_zalloc" + or + name = "CTLOG_STORE_free" + or + name = "CTLOG_STORE_get0_log_by_id" + or + name = "CTLOG_STORE_load_default_file" + or + name = "CTLOG_STORE_load_file" + or + name = "CTLOG_STORE_new" + or + name = "CTLOG_STORE_new_ex" + or + name = "CTLOG_free" + or + name = "CTLOG_get0_log_id" + or + name = "CTLOG_get0_name" + or + name = "CTLOG_get0_public_key" + or + name = "CTLOG_new" + or + name = "CTLOG_new_ex" + or + name = "CTLOG_new_from_base64" + or + name = "CTLOG_new_from_base64_ex" + or + name = "CT_POLICY_EVAL_CTX_free" + or + name = "CT_POLICY_EVAL_CTX_get0_cert" + or + name = "CT_POLICY_EVAL_CTX_get0_issuer" + or + name = "CT_POLICY_EVAL_CTX_get0_log_store" + or + name = "CT_POLICY_EVAL_CTX_get_time" + or + name = "CT_POLICY_EVAL_CTX_new" + or + name = "CT_POLICY_EVAL_CTX_new_ex" + or + name = "CT_POLICY_EVAL_CTX_set1_cert" + or + name = "CT_POLICY_EVAL_CTX_set1_issuer" + or + name = "CT_POLICY_EVAL_CTX_set_shared_CTLOG_STORE" + or + name = "CT_POLICY_EVAL_CTX_set_time" + or + name = "DECLARE_ASN1_FUNCTIONS" + or + name = "DECLARE_LHASH_OF" + or + name = "DECLARE_PEM_rw" + or + name = "DEFINE_LHASH_OF" + or + name = "DEFINE_LHASH_OF_EX" + or + name = "DEFINE_SPECIAL_STACK_OF" + or + name = "DEFINE_SPECIAL_STACK_OF_CONST" + or + name = "DEFINE_STACK_OF" + or + name = "DEFINE_STACK_OF_CONST" + or + name = "DES_cbc_cksum" + or + name = "DES_cfb64_encrypt" + or + name = "DES_cfb_encrypt" + or + name = "DES_crypt" + or + name = "DES_ecb2_encrypt" + or + name = "DES_ecb3_encrypt" + or + name = "DES_ecb_encrypt" + or + name = "DES_ede2_cbc_encrypt" + or + name = "DES_ede2_cfb64_encrypt" + or + name = "DES_ede2_ofb64_encrypt" + or + name = "DES_ede3_cbc_encrypt" + or + name = "DES_ede3_cbcm_encrypt" + or + name = "DES_ede3_cfb64_encrypt" + or + name = "DES_ede3_ofb64_encrypt" + or + name = "DES_enc_read" + or + name = "DES_enc_write" + or + name = "DES_fcrypt" + or + name = "DES_is_weak_key" + or + name = "DES_key_sched" + or + name = "DES_ncbc_encrypt" + or + name = "DES_ofb64_encrypt" + or + name = "DES_ofb_encrypt" + or + name = "DES_pcbc_encrypt" + or + name = "DES_quad_cksum" + or + name = "DES_random_key" + or + name = "DES_set_key" + or + name = "DES_set_key_checked" + or + name = "DES_set_key_unchecked" + or + name = "DES_set_odd_parity" + or + name = "DES_string_to_2keys" + or + name = "DES_string_to_key" + or + name = "DES_xcbc_encrypt" + or + name = "DH_OpenSSL" + or + name = "DH_bits" + or + name = "DH_check" + or + name = "DH_check_ex" + or + name = "DH_check_params" + or + name = "DH_check_params_ex" + or + name = "DH_check_pub_key_ex" + or + name = "DH_clear_flags" + or + name = "DH_compute_key" + or + name = "DH_compute_key_padded" + or + name = "DH_free" + or + name = "DH_generate_key" + or + name = "DH_generate_parameters" + or + name = "DH_generate_parameters_ex" + or + name = "DH_get0_engine" + or + name = "DH_get0_g" + or + name = "DH_get0_key" + or + name = "DH_get0_p" + or + name = "DH_get0_pqg" + or + name = "DH_get0_priv_key" + or + name = "DH_get0_pub_key" + or + name = "DH_get0_q" + or + name = "DH_get_1024_160" + or + name = "DH_get_2048_224" + or + name = "DH_get_2048_256" + or + name = "DH_get_default_method" + or + name = "DH_get_ex_data" + or + name = "DH_get_ex_new_index" + or + name = "DH_get_length" + or + name = "DH_get_nid" + or + name = "DH_meth_dup" + or + name = "DH_meth_free" + or + name = "DH_meth_get0_app_data" + or + name = "DH_meth_get0_name" + or + name = "DH_meth_get_bn_mod_exp" + or + name = "DH_meth_get_compute_key" + or + name = "DH_meth_get_finish" + or + name = "DH_meth_get_flags" + or + name = "DH_meth_get_generate_key" + or + name = "DH_meth_get_generate_params" + or + name = "DH_meth_get_init" + or + name = "DH_meth_new" + or + name = "DH_meth_set0_app_data" + or + name = "DH_meth_set1_name" + or + name = "DH_meth_set_bn_mod_exp" + or + name = "DH_meth_set_compute_key" + or + name = "DH_meth_set_finish" + or + name = "DH_meth_set_flags" + or + name = "DH_meth_set_generate_key" + or + name = "DH_meth_set_generate_params" + or + name = "DH_meth_set_init" + or + name = "DH_new" + or + name = "DH_new_by_nid" + or + name = "DH_new_method" + or + name = "DH_security_bits" + or + name = "DH_set0_key" + or + name = "DH_set0_pqg" + or + name = "DH_set_default_method" + or + name = "DH_set_ex_data" + or + name = "DH_set_flags" + or + name = "DH_set_length" + or + name = "DH_set_method" + or + name = "DH_size" + or + name = "DH_test_flags" + or + name = "DHparams_print" + or + name = "DHparams_print_fp" + or + name = "DIRECTORYSTRING_free" + or + name = "DIRECTORYSTRING_new" + or + name = "DISPLAYTEXT_free" + or + name = "DISPLAYTEXT_new" + or + name = "DIST_POINT_NAME_free" + or + name = "DIST_POINT_NAME_new" + or + name = "DIST_POINT_free" + or + name = "DIST_POINT_new" + or + name = "DSA_OpenSSL" + or + name = "DSA_SIG_free" + or + name = "DSA_SIG_get0" + or + name = "DSA_SIG_new" + or + name = "DSA_SIG_set0" + or + name = "DSA_bits" + or + name = "DSA_clear_flags" + or + name = "DSA_do_sign" + or + name = "DSA_do_verify" + or + name = "DSA_dup_DH" + or + name = "DSA_free" + or + name = "DSA_generate_key" + or + name = "DSA_generate_parameters" + or + name = "DSA_generate_parameters_ex" + or + name = "DSA_get0_engine" + or + name = "DSA_get0_g" + or + name = "DSA_get0_key" + or + name = "DSA_get0_p" + or + name = "DSA_get0_pqg" + or + name = "DSA_get0_priv_key" + or + name = "DSA_get0_pub_key" + or + name = "DSA_get0_q" + or + name = "DSA_get_default_method" + or + name = "DSA_get_ex_data" + or + name = "DSA_get_ex_new_index" + or + name = "DSA_meth_dup" + or + name = "DSA_meth_free" + or + name = "DSA_meth_get0_app_data" + or + name = "DSA_meth_get0_name" + or + name = "DSA_meth_get_bn_mod_exp" + or + name = "DSA_meth_get_finish" + or + name = "DSA_meth_get_flags" + or + name = "DSA_meth_get_init" + or + name = "DSA_meth_get_keygen" + or + name = "DSA_meth_get_mod_exp" + or + name = "DSA_meth_get_paramgen" + or + name = "DSA_meth_get_sign" + or + name = "DSA_meth_get_sign_setup" + or + name = "DSA_meth_get_verify" + or + name = "DSA_meth_new" + or + name = "DSA_meth_set0_app_data" + or + name = "DSA_meth_set1_name" + or + name = "DSA_meth_set_bn_mod_exp" + or + name = "DSA_meth_set_finish" + or + name = "DSA_meth_set_flags" + or + name = "DSA_meth_set_init" + or + name = "DSA_meth_set_keygen" + or + name = "DSA_meth_set_mod_exp" + or + name = "DSA_meth_set_paramgen" + or + name = "DSA_meth_set_sign" + or + name = "DSA_meth_set_sign_setup" + or + name = "DSA_meth_set_verify" + or + name = "DSA_new" + or + name = "DSA_new_method" + or + name = "DSA_print" + or + name = "DSA_print_fp" + or + name = "DSA_security_bits" + or + name = "DSA_set0_key" + or + name = "DSA_set0_pqg" + or + name = "DSA_set_default_method" + or + name = "DSA_set_ex_data" + or + name = "DSA_set_flags" + or + name = "DSA_set_method" + or + name = "DSA_sign" + or + name = "DSA_sign_setup" + or + name = "DSA_size" + or + name = "DSA_test_flags" + or + name = "DSA_verify" + or + name = "DSAparams_dup" + or + name = "DSAparams_print" + or + name = "DSAparams_print_fp" + or + name = "DTLS_client_method" + or + name = "DTLS_get_data_mtu" + or + name = "DTLS_method" + or + name = "DTLS_server_method" + or + name = "DTLS_set_timer_cb" + or + name = "DTLS_timer_cb" + or + name = "DTLSv1_2_client_method" + or + name = "DTLSv1_2_method" + or + name = "DTLSv1_2_server_method" + or + name = "DTLSv1_client_method" + or + name = "DTLSv1_get_timeout" + or + name = "DTLSv1_handle_timeout" + or + name = "DTLSv1_listen" + or + name = "DTLSv1_method" + or + name = "DTLSv1_server_method" + or + name = "ECDH_get_ex_data" + or + name = "ECDH_get_ex_new_index" + or + name = "ECDH_set_ex_data" + or + name = "ECDSA_SIG_free" + or + name = "ECDSA_SIG_get0" + or + name = "ECDSA_SIG_get0_r" + or + name = "ECDSA_SIG_get0_s" + or + name = "ECDSA_SIG_new" + or + name = "ECDSA_SIG_set0" + or + name = "ECDSA_do_sign" + or + name = "ECDSA_do_sign_ex" + or + name = "ECDSA_do_verify" + or + name = "ECDSA_sign" + or + name = "ECDSA_sign_ex" + or + name = "ECDSA_sign_setup" + or + name = "ECDSA_size" + or + name = "ECDSA_verify" + or + name = "ECPARAMETERS_free" + or + name = "ECPARAMETERS_new" + or + name = "ECPKPARAMETERS_free" + or + name = "ECPKPARAMETERS_new" + or + name = "ECPKParameters_print" + or + name = "ECPKParameters_print_fp" + or + name = "EC_GF2m_simple_method" + or + name = "EC_GFp_mont_method" + or + name = "EC_GFp_nist_method" + or + name = "EC_GFp_nistp224_method" + or + name = "EC_GFp_nistp256_method" + or + name = "EC_GFp_nistp521_method" + or + name = "EC_GFp_simple_method" + or + name = "EC_GROUP_check" + or + name = "EC_GROUP_check_discriminant" + or + name = "EC_GROUP_check_named_curve" + or + name = "EC_GROUP_clear_free" + or + name = "EC_GROUP_cmp" + or + name = "EC_GROUP_copy" + or + name = "EC_GROUP_dup" + or + name = "EC_GROUP_free" + or + name = "EC_GROUP_get0_cofactor" + or + name = "EC_GROUP_get0_field" + or + name = "EC_GROUP_get0_generator" + or + name = "EC_GROUP_get0_order" + or + name = "EC_GROUP_get0_seed" + or + name = "EC_GROUP_get_asn1_flag" + or + name = "EC_GROUP_get_basis_type" + or + name = "EC_GROUP_get_cofactor" + or + name = "EC_GROUP_get_curve" + or + name = "EC_GROUP_get_curve_GF2m" + or + name = "EC_GROUP_get_curve_GFp" + or + name = "EC_GROUP_get_curve_name" + or + name = "EC_GROUP_get_degree" + or + name = "EC_GROUP_get_ecparameters" + or + name = "EC_GROUP_get_ecpkparameters" + or + name = "EC_GROUP_get_field_type" + or + name = "EC_GROUP_get_order" + or + name = "EC_GROUP_get_pentanomial_basis" + or + name = "EC_GROUP_get_point_conversion_form" + or + name = "EC_GROUP_get_seed_len" + or + name = "EC_GROUP_get_trinomial_basis" + or + name = "EC_GROUP_have_precompute_mult" + or + name = "EC_GROUP_method_of" + or + name = "EC_GROUP_new" + or + name = "EC_GROUP_new_by_curve_name" + or + name = "EC_GROUP_new_by_curve_name_ex" + or + name = "EC_GROUP_new_curve_GF2m" + or + name = "EC_GROUP_new_curve_GFp" + or + name = "EC_GROUP_new_from_ecparameters" + or + name = "EC_GROUP_new_from_ecpkparameters" + or + name = "EC_GROUP_new_from_params" + or + name = "EC_GROUP_order_bits" + or + name = "EC_GROUP_precompute_mult" + or + name = "EC_GROUP_set_asn1_flag" + or + name = "EC_GROUP_set_curve" + or + name = "EC_GROUP_set_curve_GF2m" + or + name = "EC_GROUP_set_curve_GFp" + or + name = "EC_GROUP_set_curve_name" + or + name = "EC_GROUP_set_generator" + or + name = "EC_GROUP_set_point_conversion_form" + or + name = "EC_GROUP_set_seed" + or + name = "EC_GROUP_to_params" + or + name = "EC_KEY_check_key" + or + name = "EC_KEY_clear_flags" + or + name = "EC_KEY_copy" + or + name = "EC_KEY_decoded_from_explicit_params" + or + name = "EC_KEY_dup" + or + name = "EC_KEY_free" + or + name = "EC_KEY_generate_key" + or + name = "EC_KEY_get0_engine" + or + name = "EC_KEY_get0_group" + or + name = "EC_KEY_get0_private_key" + or + name = "EC_KEY_get0_public_key" + or + name = "EC_KEY_get_conv_form" + or + name = "EC_KEY_get_enc_flags" + or + name = "EC_KEY_get_ex_data" + or + name = "EC_KEY_get_ex_new_index" + or + name = "EC_KEY_get_flags" + or + name = "EC_KEY_get_key_method_data" + or + name = "EC_KEY_get_method" + or + name = "EC_KEY_insert_key_method_data" + or + name = "EC_KEY_key2buf" + or + name = "EC_KEY_new" + or + name = "EC_KEY_new_by_curve_name" + or + name = "EC_KEY_new_by_curve_name_ex" + or + name = "EC_KEY_new_ex" + or + name = "EC_KEY_oct2key" + or + name = "EC_KEY_oct2priv" + or + name = "EC_KEY_precompute_mult" + or + name = "EC_KEY_priv2buf" + or + name = "EC_KEY_priv2oct" + or + name = "EC_KEY_set_asn1_flag" + or + name = "EC_KEY_set_conv_form" + or + name = "EC_KEY_set_enc_flags" + or + name = "EC_KEY_set_ex_data" + or + name = "EC_KEY_set_flags" + or + name = "EC_KEY_set_group" + or + name = "EC_KEY_set_method" + or + name = "EC_KEY_set_private_key" + or + name = "EC_KEY_set_public_key" + or + name = "EC_KEY_set_public_key_affine_coordinates" + or + name = "EC_KEY_up_ref" + or + name = "EC_METHOD_get_field_type" + or + name = "EC_POINT_add" + or + name = "EC_POINT_bn2point" + or + name = "EC_POINT_clear_free" + or + name = "EC_POINT_cmp" + or + name = "EC_POINT_copy" + or + name = "EC_POINT_dbl" + or + name = "EC_POINT_dup" + or + name = "EC_POINT_free" + or + name = "EC_POINT_get_Jprojective_coordinates_GFp" + or + name = "EC_POINT_get_affine_coordinates" + or + name = "EC_POINT_get_affine_coordinates_GF2m" + or + name = "EC_POINT_get_affine_coordinates_GFp" + or + name = "EC_POINT_hex2point" + or + name = "EC_POINT_invert" + or + name = "EC_POINT_is_at_infinity" + or + name = "EC_POINT_is_on_curve" + or + name = "EC_POINT_make_affine" + or + name = "EC_POINT_method_of" + or + name = "EC_POINT_mul" + or + name = "EC_POINT_new" + or + name = "EC_POINT_oct2point" + or + name = "EC_POINT_point2bn" + or + name = "EC_POINT_point2buf" + or + name = "EC_POINT_point2hex" + or + name = "EC_POINT_point2oct" + or + name = "EC_POINT_set_Jprojective_coordinates" + or + name = "EC_POINT_set_Jprojective_coordinates_GFp" + or + name = "EC_POINT_set_affine_coordinates" + or + name = "EC_POINT_set_affine_coordinates_GF2m" + or + name = "EC_POINT_set_affine_coordinates_GFp" + or + name = "EC_POINT_set_compressed_coordinates" + or + name = "EC_POINT_set_compressed_coordinates_GF2m" + or + name = "EC_POINT_set_compressed_coordinates_GFp" + or + name = "EC_POINT_set_to_infinity" + or + name = "EC_POINTs_make_affine" + or + name = "EC_POINTs_mul" + or + name = "EC_get_builtin_curves" + or + name = "EDIPARTYNAME_free" + or + name = "EDIPARTYNAME_new" + or + name = "ENGINE_add" + or + name = "ENGINE_add_conf_module" + or + name = "ENGINE_by_id" + or + name = "ENGINE_cleanup" + or + name = "ENGINE_cmd_is_executable" + or + name = "ENGINE_ctrl" + or + name = "ENGINE_ctrl_cmd" + or + name = "ENGINE_ctrl_cmd_string" + or + name = "ENGINE_finish" + or + name = "ENGINE_free" + or + name = "ENGINE_get_DH" + or + name = "ENGINE_get_DSA" + or + name = "ENGINE_get_RAND" + or + name = "ENGINE_get_RSA" + or + name = "ENGINE_get_cipher" + or + name = "ENGINE_get_cipher_engine" + or + name = "ENGINE_get_ciphers" + or + name = "ENGINE_get_cmd_defns" + or + name = "ENGINE_get_ctrl_function" + or + name = "ENGINE_get_default_DH" + or + name = "ENGINE_get_default_DSA" + or + name = "ENGINE_get_default_RAND" + or + name = "ENGINE_get_default_RSA" + or + name = "ENGINE_get_destroy_function" + or + name = "ENGINE_get_digest" + or + name = "ENGINE_get_digest_engine" + or + name = "ENGINE_get_digests" + or + name = "ENGINE_get_ex_data" + or + name = "ENGINE_get_ex_new_index" + or + name = "ENGINE_get_finish_function" + or + name = "ENGINE_get_first" + or + name = "ENGINE_get_flags" + or + name = "ENGINE_get_id" + or + name = "ENGINE_get_init_function" + or + name = "ENGINE_get_last" + or + name = "ENGINE_get_load_privkey_function" + or + name = "ENGINE_get_load_pubkey_function" + or + name = "ENGINE_get_name" + or + name = "ENGINE_get_next" + or + name = "ENGINE_get_prev" + or + name = "ENGINE_get_table_flags" + or + name = "ENGINE_init" + or + name = "ENGINE_load_builtin_engines" + or + name = "ENGINE_load_private_key" + or + name = "ENGINE_load_public_key" + or + name = "ENGINE_new" + or + name = "ENGINE_register_DH" + or + name = "ENGINE_register_DSA" + or + name = "ENGINE_register_RAND" + or + name = "ENGINE_register_RSA" + or + name = "ENGINE_register_all_DH" + or + name = "ENGINE_register_all_DSA" + or + name = "ENGINE_register_all_RAND" + or + name = "ENGINE_register_all_RSA" + or + name = "ENGINE_register_all_ciphers" + or + name = "ENGINE_register_all_complete" + or + name = "ENGINE_register_all_digests" + or + name = "ENGINE_register_ciphers" + or + name = "ENGINE_register_complete" + or + name = "ENGINE_register_digests" + or + name = "ENGINE_remove" + or + name = "ENGINE_set_DH" + or + name = "ENGINE_set_DSA" + or + name = "ENGINE_set_RAND" + or + name = "ENGINE_set_RSA" + or + name = "ENGINE_set_ciphers" + or + name = "ENGINE_set_cmd_defns" + or + name = "ENGINE_set_ctrl_function" + or + name = "ENGINE_set_default" + or + name = "ENGINE_set_default_DH" + or + name = "ENGINE_set_default_DSA" + or + name = "ENGINE_set_default_RAND" + or + name = "ENGINE_set_default_RSA" + or + name = "ENGINE_set_default_ciphers" + or + name = "ENGINE_set_default_digests" + or + name = "ENGINE_set_default_string" + or + name = "ENGINE_set_destroy_function" + or + name = "ENGINE_set_digests" + or + name = "ENGINE_set_ex_data" + or + name = "ENGINE_set_finish_function" + or + name = "ENGINE_set_flags" + or + name = "ENGINE_set_id" + or + name = "ENGINE_set_init_function" + or + name = "ENGINE_set_load_privkey_function" + or + name = "ENGINE_set_load_pubkey_function" + or + name = "ENGINE_set_name" + or + name = "ENGINE_set_table_flags" + or + name = "ENGINE_unregister_DH" + or + name = "ENGINE_unregister_DSA" + or + name = "ENGINE_unregister_RAND" + or + name = "ENGINE_unregister_RSA" + or + name = "ENGINE_unregister_ciphers" + or + name = "ENGINE_unregister_digests" + or + name = "ENGINE_up_ref" + or + name = "ERR_FATAL_ERROR" + or + name = "ERR_GET_FUNC" + or + name = "ERR_GET_LIB" + or + name = "ERR_GET_REASON" + or + name = "ERR_PACK" + or + name = "ERR_add_error_data" + or + name = "ERR_add_error_mem_bio" + or + name = "ERR_add_error_txt" + or + name = "ERR_add_error_vdata" + or + name = "ERR_clear_error" + or + name = "ERR_clear_last_mark" + or + name = "ERR_error_string" + or + name = "ERR_error_string_n" + or + name = "ERR_free_strings" + or + name = "ERR_func_error_string" + or + name = "ERR_get_error" + or + name = "ERR_get_error_all" + or + name = "ERR_get_error_line" + or + name = "ERR_get_error_line_data" + or + name = "ERR_get_next_error_library" + or + name = "ERR_lib_error_string" + or + name = "ERR_load_UI_strings" + or + name = "ERR_load_crypto_strings" + or + name = "ERR_load_strings" + or + name = "ERR_new" + or + name = "ERR_peek_error" + or + name = "ERR_peek_error_all" + or + name = "ERR_peek_error_data" + or + name = "ERR_peek_error_func" + or + name = "ERR_peek_error_line" + or + name = "ERR_peek_error_line_data" + or + name = "ERR_peek_last_error" + or + name = "ERR_peek_last_error_all" + or + name = "ERR_peek_last_error_data" + or + name = "ERR_peek_last_error_func" + or + name = "ERR_peek_last_error_line" + or + name = "ERR_peek_last_error_line_data" + or + name = "ERR_pop_to_mark" + or + name = "ERR_print_errors" + or + name = "ERR_print_errors_cb" + or + name = "ERR_print_errors_fp" + or + name = "ERR_put_error" + or + name = "ERR_raise" + or + name = "ERR_raise_data" + or + name = "ERR_reason_error_string" + or + name = "ERR_remove_state" + or + name = "ERR_remove_thread_state" + or + name = "ERR_set_debug" + or + name = "ERR_set_error" + or + name = "ERR_set_mark" + or + name = "ERR_vset_error" + or + name = "ESS_CERT_ID_V2_dup" + or + name = "ESS_CERT_ID_V2_free" + or + name = "ESS_CERT_ID_V2_new" + or + name = "ESS_CERT_ID_dup" + or + name = "ESS_CERT_ID_free" + or + name = "ESS_CERT_ID_new" + or + name = "ESS_ISSUER_SERIAL_dup" + or + name = "ESS_ISSUER_SERIAL_free" + or + name = "ESS_ISSUER_SERIAL_new" + or + name = "ESS_SIGNING_CERT_V2_dup" + or + name = "ESS_SIGNING_CERT_V2_free" + or + name = "ESS_SIGNING_CERT_V2_it" + or + name = "ESS_SIGNING_CERT_V2_new" + or + name = "ESS_SIGNING_CERT_dup" + or + name = "ESS_SIGNING_CERT_free" + or + name = "ESS_SIGNING_CERT_it" + or + name = "ESS_SIGNING_CERT_new" + or + name = "EVP_ASYM_CIPHER_do_all_provided" + or + name = "EVP_ASYM_CIPHER_fetch" + or + name = "EVP_ASYM_CIPHER_free" + or + name = "EVP_ASYM_CIPHER_get0_description" + or + name = "EVP_ASYM_CIPHER_get0_name" + or + name = "EVP_ASYM_CIPHER_get0_provider" + or + name = "EVP_ASYM_CIPHER_gettable_ctx_params" + or + name = "EVP_ASYM_CIPHER_is_a" + or + name = "EVP_ASYM_CIPHER_names_do_all" + or + name = "EVP_ASYM_CIPHER_settable_ctx_params" + or + name = "EVP_ASYM_CIPHER_up_ref" + or + name = "EVP_BytesToKey" + or + name = "EVP_CIPHER_CTX_block_size" + or + name = "EVP_CIPHER_CTX_cipher" + or + name = "EVP_CIPHER_CTX_cleanup" + or + name = "EVP_CIPHER_CTX_clear_flags" + or + name = "EVP_CIPHER_CTX_copy" + or + name = "EVP_CIPHER_CTX_ctrl" + or + name = "EVP_CIPHER_CTX_dup" + or + name = "EVP_CIPHER_CTX_encrypting" + or + name = "EVP_CIPHER_CTX_flags" + or + name = "EVP_CIPHER_CTX_free" + or + name = "EVP_CIPHER_CTX_get0_cipher" + or + name = "EVP_CIPHER_CTX_get0_name" + or + name = "EVP_CIPHER_CTX_get1_cipher" + or + name = "EVP_CIPHER_CTX_get_app_data" + or + name = "EVP_CIPHER_CTX_get_block_size" + or + name = "EVP_CIPHER_CTX_get_cipher_data" + or + name = "EVP_CIPHER_CTX_get_iv_length" + or + name = "EVP_CIPHER_CTX_get_key_length" + or + name = "EVP_CIPHER_CTX_get_mode" + or + name = "EVP_CIPHER_CTX_get_nid" + or + name = "EVP_CIPHER_CTX_get_num" + or + name = "EVP_CIPHER_CTX_get_original_iv" + or + name = "EVP_CIPHER_CTX_get_params" + or + name = "EVP_CIPHER_CTX_get_tag_length" + or + name = "EVP_CIPHER_CTX_get_type" + or + name = "EVP_CIPHER_CTX_get_updated_iv" + or + name = "EVP_CIPHER_CTX_gettable_params" + or + name = "EVP_CIPHER_CTX_init" + or + name = "EVP_CIPHER_CTX_is_encrypting" + or + name = "EVP_CIPHER_CTX_iv" + or + name = "EVP_CIPHER_CTX_iv_length" + or + name = "EVP_CIPHER_CTX_iv_noconst" + or + name = "EVP_CIPHER_CTX_key_length" + or + name = "EVP_CIPHER_CTX_mode" + or + name = "EVP_CIPHER_CTX_new" + or + name = "EVP_CIPHER_CTX_nid" + or + name = "EVP_CIPHER_CTX_num" + or + name = "EVP_CIPHER_CTX_original_iv" + or + name = "EVP_CIPHER_CTX_reset" + or + name = "EVP_CIPHER_CTX_set_app_data" + or + name = "EVP_CIPHER_CTX_set_cipher_data" + or + name = "EVP_CIPHER_CTX_set_flags" + or + name = "EVP_CIPHER_CTX_set_key_length" + or + name = "EVP_CIPHER_CTX_set_num" + or + name = "EVP_CIPHER_CTX_set_padding" + or + name = "EVP_CIPHER_CTX_set_params" + or + name = "EVP_CIPHER_CTX_settable_params" + or + name = "EVP_CIPHER_CTX_tag_length" + or + name = "EVP_CIPHER_CTX_test_flags" + or + name = "EVP_CIPHER_CTX_type" + or + name = "EVP_CIPHER_asn1_to_param" + or + name = "EVP_CIPHER_block_size" + or + name = "EVP_CIPHER_do_all_provided" + or + name = "EVP_CIPHER_fetch" + or + name = "EVP_CIPHER_flags" + or + name = "EVP_CIPHER_free" + or + name = "EVP_CIPHER_get0_description" + or + name = "EVP_CIPHER_get0_name" + or + name = "EVP_CIPHER_get0_provider" + or + name = "EVP_CIPHER_get_block_size" + or + name = "EVP_CIPHER_get_flags" + or + name = "EVP_CIPHER_get_iv_length" + or + name = "EVP_CIPHER_get_key_length" + or + name = "EVP_CIPHER_get_mode" + or + name = "EVP_CIPHER_get_nid" + or + name = "EVP_CIPHER_get_params" + or + name = "EVP_CIPHER_get_type" + or + name = "EVP_CIPHER_gettable_ctx_params" + or + name = "EVP_CIPHER_gettable_params" + or + name = "EVP_CIPHER_is_a" + or + name = "EVP_CIPHER_iv_length" + or + name = "EVP_CIPHER_key_length" + or + name = "EVP_CIPHER_meth_dup" + or + name = "EVP_CIPHER_meth_free" + or + name = "EVP_CIPHER_meth_get_cleanup" + or + name = "EVP_CIPHER_meth_get_ctrl" + or + name = "EVP_CIPHER_meth_get_do_cipher" + or + name = "EVP_CIPHER_meth_get_get_asn1_params" + or + name = "EVP_CIPHER_meth_get_init" + or + name = "EVP_CIPHER_meth_get_set_asn1_params" + or + name = "EVP_CIPHER_meth_new" + or + name = "EVP_CIPHER_meth_set_cleanup" + or + name = "EVP_CIPHER_meth_set_ctrl" + or + name = "EVP_CIPHER_meth_set_do_cipher" + or + name = "EVP_CIPHER_meth_set_flags" + or + name = "EVP_CIPHER_meth_set_get_asn1_params" + or + name = "EVP_CIPHER_meth_set_impl_ctx_size" + or + name = "EVP_CIPHER_meth_set_init" + or + name = "EVP_CIPHER_meth_set_iv_length" + or + name = "EVP_CIPHER_meth_set_set_asn1_params" + or + name = "EVP_CIPHER_mode" + or + name = "EVP_CIPHER_name" + or + name = "EVP_CIPHER_names_do_all" + or + name = "EVP_CIPHER_nid" + or + name = "EVP_CIPHER_param_to_asn1" + or + name = "EVP_CIPHER_settable_ctx_params" + or + name = "EVP_CIPHER_type" + or + name = "EVP_CIPHER_up_ref" + or + name = "EVP_Cipher" + or + name = "EVP_CipherFinal" + or + name = "EVP_CipherFinal_ex" + or + name = "EVP_CipherInit" + or + name = "EVP_CipherInit_ex" + or + name = "EVP_CipherInit_ex2" + or + name = "EVP_CipherUpdate" + or + name = "EVP_DecodeBlock" + or + name = "EVP_DecodeFinal" + or + name = "EVP_DecodeInit" + or + name = "EVP_DecodeUpdate" + or + name = "EVP_DecryptFinal" + or + name = "EVP_DecryptFinal_ex" + or + name = "EVP_DecryptInit" + or + name = "EVP_DecryptInit_ex" + or + name = "EVP_DecryptInit_ex2" + or + name = "EVP_DecryptUpdate" + or + name = "EVP_Digest" + or + name = "EVP_DigestFinal" + or + name = "EVP_DigestFinalXOF" + or + name = "EVP_DigestFinal_ex" + or + name = "EVP_DigestInit" + or + name = "EVP_DigestInit_ex" + or + name = "EVP_DigestInit_ex2" + or + name = "EVP_DigestSign" + or + name = "EVP_DigestSignFinal" + or + name = "EVP_DigestSignInit" + or + name = "EVP_DigestSignInit_ex" + or + name = "EVP_DigestSignUpdate" + or + name = "EVP_DigestUpdate" + or + name = "EVP_DigestVerify" + or + name = "EVP_DigestVerifyFinal" + or + name = "EVP_DigestVerifyInit" + or + name = "EVP_DigestVerifyInit_ex" + or + name = "EVP_DigestVerifyUpdate" + or + name = "EVP_EC_gen" + or + name = "EVP_ENCODE_CTX_copy" + or + name = "EVP_ENCODE_CTX_free" + or + name = "EVP_ENCODE_CTX_new" + or + name = "EVP_ENCODE_CTX_num" + or + name = "EVP_EncodeBlock" + or + name = "EVP_EncodeFinal" + or + name = "EVP_EncodeInit" + or + name = "EVP_EncodeUpdate" + or + name = "EVP_EncryptFinal" + or + name = "EVP_EncryptFinal_ex" + or + name = "EVP_EncryptInit" + or + name = "EVP_EncryptInit_ex" + or + name = "EVP_EncryptInit_ex2" + or + name = "EVP_EncryptUpdate" + or + name = "EVP_KDF" + or + name = "EVP_KDF_CTX" + or + name = "EVP_KDF_CTX_dup" + or + name = "EVP_KDF_CTX_free" + or + name = "EVP_KDF_CTX_get_kdf_size" + or + name = "EVP_KDF_CTX_get_params" + or + name = "EVP_KDF_CTX_gettable_params" + or + name = "EVP_KDF_CTX_kdf" + or + name = "EVP_KDF_CTX_new" + or + name = "EVP_KDF_CTX_reset" + or + name = "EVP_KDF_CTX_set_params" + or + name = "EVP_KDF_CTX_settable_params" + or + name = "EVP_KDF_derive" + or + name = "EVP_KDF_do_all_provided" + or + name = "EVP_KDF_fetch" + or + name = "EVP_KDF_free" + or + name = "EVP_KDF_get0_description" + or + name = "EVP_KDF_get0_name" + or + name = "EVP_KDF_get0_provider" + or + name = "EVP_KDF_get_params" + or + name = "EVP_KDF_gettable_ctx_params" + or + name = "EVP_KDF_gettable_params" + or + name = "EVP_KDF_is_a" + or + name = "EVP_KDF_names_do_all" + or + name = "EVP_KDF_settable_ctx_params" + or + name = "EVP_KDF_up_ref" + or + name = "EVP_KEM_do_all_provided" + or + name = "EVP_KEM_fetch" + or + name = "EVP_KEM_free" + or + name = "EVP_KEM_get0_description" + or + name = "EVP_KEM_get0_name" + or + name = "EVP_KEM_get0_provider" + or + name = "EVP_KEM_gettable_ctx_params" + or + name = "EVP_KEM_is_a" + or + name = "EVP_KEM_names_do_all" + or + name = "EVP_KEM_settable_ctx_params" + or + name = "EVP_KEM_up_ref" + or + name = "EVP_KEYEXCH_do_all_provided" + or + name = "EVP_KEYEXCH_fetch" + or + name = "EVP_KEYEXCH_free" + or + name = "EVP_KEYEXCH_get0_description" + or + name = "EVP_KEYEXCH_get0_name" + or + name = "EVP_KEYEXCH_get0_provider" + or + name = "EVP_KEYEXCH_gettable_ctx_params" + or + name = "EVP_KEYEXCH_is_a" + or + name = "EVP_KEYEXCH_names_do_all" + or + name = "EVP_KEYEXCH_settable_ctx_params" + or + name = "EVP_KEYEXCH_up_ref" + or + name = "EVP_KEYMGMT" + or + name = "EVP_KEYMGMT_do_all_provided" + or + name = "EVP_KEYMGMT_fetch" + or + name = "EVP_KEYMGMT_free" + or + name = "EVP_KEYMGMT_gen_settable_params" + or + name = "EVP_KEYMGMT_get0_description" + or + name = "EVP_KEYMGMT_get0_name" + or + name = "EVP_KEYMGMT_get0_provider" + or + name = "EVP_KEYMGMT_gettable_params" + or + name = "EVP_KEYMGMT_is_a" + or + name = "EVP_KEYMGMT_names_do_all" + or + name = "EVP_KEYMGMT_settable_params" + or + name = "EVP_KEYMGMT_up_ref" + or + name = "EVP_MAC" + or + name = "EVP_MAC_CTX" + or + name = "EVP_MAC_CTX_dup" + or + name = "EVP_MAC_CTX_free" + or + name = "EVP_MAC_CTX_get0_mac" + or + name = "EVP_MAC_CTX_get_block_size" + or + name = "EVP_MAC_CTX_get_mac_size" + or + name = "EVP_MAC_CTX_get_params" + or + name = "EVP_MAC_CTX_gettable_params" + or + name = "EVP_MAC_CTX_new" + or + name = "EVP_MAC_CTX_set_params" + or + name = "EVP_MAC_CTX_settable_params" + or + name = "EVP_MAC_do_all_provided" + or + name = "EVP_MAC_fetch" + or + name = "EVP_MAC_final" + or + name = "EVP_MAC_finalXOF" + or + name = "EVP_MAC_free" + or + name = "EVP_MAC_get0_description" + or + name = "EVP_MAC_get0_name" + or + name = "EVP_MAC_get0_provider" + or + name = "EVP_MAC_get_params" + or + name = "EVP_MAC_gettable_ctx_params" + or + name = "EVP_MAC_gettable_params" + or + name = "EVP_MAC_init" + or + name = "EVP_MAC_is_a" + or + name = "EVP_MAC_names_do_all" + or + name = "EVP_MAC_settable_ctx_params" + or + name = "EVP_MAC_up_ref" + or + name = "EVP_MAC_update" + or + name = "EVP_MAX_MD_SIZE" + or + name = "EVP_MD_CTX_block_size" + or + name = "EVP_MD_CTX_cleanup" + or + name = "EVP_MD_CTX_clear_flags" + or + name = "EVP_MD_CTX_copy" + or + name = "EVP_MD_CTX_copy_ex" + or + name = "EVP_MD_CTX_create" + or + name = "EVP_MD_CTX_ctrl" + or + name = "EVP_MD_CTX_destroy" + or + name = "EVP_MD_CTX_dup" + or + name = "EVP_MD_CTX_free" + or + name = "EVP_MD_CTX_get0_md" + or + name = "EVP_MD_CTX_get0_md_data" + or + name = "EVP_MD_CTX_get0_name" + or + name = "EVP_MD_CTX_get1_md" + or + name = "EVP_MD_CTX_get_block_size" + or + name = "EVP_MD_CTX_get_params" + or + name = "EVP_MD_CTX_get_pkey_ctx" + or + name = "EVP_MD_CTX_get_size" + or + name = "EVP_MD_CTX_get_type" + or + name = "EVP_MD_CTX_gettable_params" + or + name = "EVP_MD_CTX_init" + or + name = "EVP_MD_CTX_md" + or + name = "EVP_MD_CTX_md_data" + or + name = "EVP_MD_CTX_new" + or + name = "EVP_MD_CTX_pkey_ctx" + or + name = "EVP_MD_CTX_reset" + or + name = "EVP_MD_CTX_set_flags" + or + name = "EVP_MD_CTX_set_params" + or + name = "EVP_MD_CTX_set_pkey_ctx" + or + name = "EVP_MD_CTX_set_update_fn" + or + name = "EVP_MD_CTX_settable_params" + or + name = "EVP_MD_CTX_size" + or + name = "EVP_MD_CTX_test_flags" + or + name = "EVP_MD_CTX_type" + or + name = "EVP_MD_CTX_update_fn" + or + name = "EVP_MD_block_size" + or + name = "EVP_MD_do_all_provided" + or + name = "EVP_MD_fetch" + or + name = "EVP_MD_flags" + or + name = "EVP_MD_free" + or + name = "EVP_MD_get0_description" + or + name = "EVP_MD_get0_name" + or + name = "EVP_MD_get0_provider" + or + name = "EVP_MD_get_block_size" + or + name = "EVP_MD_get_flags" + or + name = "EVP_MD_get_params" + or + name = "EVP_MD_get_pkey_type" + or + name = "EVP_MD_get_size" + or + name = "EVP_MD_get_type" + or + name = "EVP_MD_gettable_ctx_params" + or + name = "EVP_MD_gettable_params" + or + name = "EVP_MD_is_a" + or + name = "EVP_MD_meth_dup" + or + name = "EVP_MD_meth_free" + or + name = "EVP_MD_meth_get_app_datasize" + or + name = "EVP_MD_meth_get_cleanup" + or + name = "EVP_MD_meth_get_copy" + or + name = "EVP_MD_meth_get_ctrl" + or + name = "EVP_MD_meth_get_final" + or + name = "EVP_MD_meth_get_flags" + or + name = "EVP_MD_meth_get_init" + or + name = "EVP_MD_meth_get_input_blocksize" + or + name = "EVP_MD_meth_get_result_size" + or + name = "EVP_MD_meth_get_update" + or + name = "EVP_MD_meth_new" + or + name = "EVP_MD_meth_set_app_datasize" + or + name = "EVP_MD_meth_set_cleanup" + or + name = "EVP_MD_meth_set_copy" + or + name = "EVP_MD_meth_set_ctrl" + or + name = "EVP_MD_meth_set_final" + or + name = "EVP_MD_meth_set_flags" + or + name = "EVP_MD_meth_set_init" + or + name = "EVP_MD_meth_set_input_blocksize" + or + name = "EVP_MD_meth_set_result_size" + or + name = "EVP_MD_meth_set_update" + or + name = "EVP_MD_name" + or + name = "EVP_MD_names_do_all" + or + name = "EVP_MD_nid" + or + name = "EVP_MD_pkey_type" + or + name = "EVP_MD_settable_ctx_params" + or + name = "EVP_MD_size" + or + name = "EVP_MD_type" + or + name = "EVP_MD_up_ref" + or + name = "EVP_OpenFinal" + or + name = "EVP_OpenInit" + or + name = "EVP_OpenUpdate" + or + name = "EVP_PBE_CipherInit" + or + name = "EVP_PBE_CipherInit_ex" + or + name = "EVP_PBE_alg_add" + or + name = "EVP_PBE_alg_add_type" + or + name = "EVP_PBE_find" + or + name = "EVP_PBE_find_ex" + or + name = "EVP_PBE_scrypt" + or + name = "EVP_PBE_scrypt_ex" + or + name = "EVP_PKCS82PKEY" + or + name = "EVP_PKCS82PKEY_ex" + or + name = "EVP_PKEVP_PKEY_CTX_set_app_data" + or + name = "EVP_PKEY" + or + name = "EVP_PKEY2PKCS8" + or + name = "EVP_PKEY_ASN1_METHOD" + or + name = "EVP_PKEY_CTX_add1_hkdf_info" + or + name = "EVP_PKEY_CTX_add1_tls1_prf_seed" + or + name = "EVP_PKEY_CTX_ctrl" + or + name = "EVP_PKEY_CTX_ctrl_str" + or + name = "EVP_PKEY_CTX_ctrl_uint64" + or + name = "EVP_PKEY_CTX_dup" + or + name = "EVP_PKEY_CTX_free" + or + name = "EVP_PKEY_CTX_get0_dh_kdf_oid" + or + name = "EVP_PKEY_CTX_get0_dh_kdf_ukm" + or + name = "EVP_PKEY_CTX_get0_ecdh_kdf_ukm" + or + name = "EVP_PKEY_CTX_get0_libctx" + or + name = "EVP_PKEY_CTX_get0_peerkey" + or + name = "EVP_PKEY_CTX_get0_pkey" + or + name = "EVP_PKEY_CTX_get0_propq" + or + name = "EVP_PKEY_CTX_get0_provider" + or + name = "EVP_PKEY_CTX_get0_rsa_oaep_label" + or + name = "EVP_PKEY_CTX_get1_id" + or + name = "EVP_PKEY_CTX_get1_id_len" + or + name = "EVP_PKEY_CTX_get_app_data" + or + name = "EVP_PKEY_CTX_get_cb" + or + name = "EVP_PKEY_CTX_get_dh_kdf_md" + or + name = "EVP_PKEY_CTX_get_dh_kdf_outlen" + or + name = "EVP_PKEY_CTX_get_dh_kdf_type" + or + name = "EVP_PKEY_CTX_get_ecdh_cofactor_mode" + or + name = "EVP_PKEY_CTX_get_ecdh_kdf_md" + or + name = "EVP_PKEY_CTX_get_ecdh_kdf_outlen" + or + name = "EVP_PKEY_CTX_get_ecdh_kdf_type" + or + name = "EVP_PKEY_CTX_get_group_name" + or + name = "EVP_PKEY_CTX_get_keygen_info" + or + name = "EVP_PKEY_CTX_get_params" + or + name = "EVP_PKEY_CTX_get_rsa_mgf1_md" + or + name = "EVP_PKEY_CTX_get_rsa_mgf1_md_name" + or + name = "EVP_PKEY_CTX_get_rsa_oaep_md" + or + name = "EVP_PKEY_CTX_get_rsa_oaep_md_name" + or + name = "EVP_PKEY_CTX_get_rsa_padding" + or + name = "EVP_PKEY_CTX_get_rsa_pss_saltlen" + or + name = "EVP_PKEY_CTX_get_signature_md" + or + name = "EVP_PKEY_CTX_gettable_params" + or + name = "EVP_PKEY_CTX_hkdf_mode" + or + name = "EVP_PKEY_CTX_is_a" + or + name = "EVP_PKEY_CTX_md" + or + name = "EVP_PKEY_CTX_new" + or + name = "EVP_PKEY_CTX_new_from_name" + or + name = "EVP_PKEY_CTX_new_from_pkey" + or + name = "EVP_PKEY_CTX_new_id" + or + name = "EVP_PKEY_CTX_set0_dh_kdf_oid" + or + name = "EVP_PKEY_CTX_set0_dh_kdf_ukm" + or + name = "EVP_PKEY_CTX_set0_ecdh_kdf_ukm" + or + name = "EVP_PKEY_CTX_set0_rsa_oaep_label" + or + name = "EVP_PKEY_CTX_set1_hkdf_key" + or + name = "EVP_PKEY_CTX_set1_hkdf_salt" + or + name = "EVP_PKEY_CTX_set1_id" + or + name = "EVP_PKEY_CTX_set1_pbe_pass" + or + name = "EVP_PKEY_CTX_set1_rsa_keygen_pubexp" + or + name = "EVP_PKEY_CTX_set1_scrypt_salt" + or + name = "EVP_PKEY_CTX_set1_tls1_prf_secret" + or + name = "EVP_PKEY_CTX_set_app_data" + or + name = "EVP_PKEY_CTX_set_cb" + or + name = "EVP_PKEY_CTX_set_dh_kdf_md" + or + name = "EVP_PKEY_CTX_set_dh_kdf_outlen" + or + name = "EVP_PKEY_CTX_set_dh_kdf_type" + or + name = "EVP_PKEY_CTX_set_dh_nid" + or + name = "EVP_PKEY_CTX_set_dh_pad" + or + name = "EVP_PKEY_CTX_set_dh_paramgen_generator" + or + name = "EVP_PKEY_CTX_set_dh_paramgen_gindex" + or + name = "EVP_PKEY_CTX_set_dh_paramgen_prime_len" + or + name = "EVP_PKEY_CTX_set_dh_paramgen_seed" + or + name = "EVP_PKEY_CTX_set_dh_paramgen_subprime_len" + or + name = "EVP_PKEY_CTX_set_dh_paramgen_type" + or + name = "EVP_PKEY_CTX_set_dh_rfc5114" + or + name = "EVP_PKEY_CTX_set_dhx_rfc5114" + or + name = "EVP_PKEY_CTX_set_dsa_paramgen_bits" + or + name = "EVP_PKEY_CTX_set_dsa_paramgen_gindex" + or + name = "EVP_PKEY_CTX_set_dsa_paramgen_md" + or + name = "EVP_PKEY_CTX_set_dsa_paramgen_md_props" + or + name = "EVP_PKEY_CTX_set_dsa_paramgen_q_bits" + or + name = "EVP_PKEY_CTX_set_dsa_paramgen_seed" + or + name = "EVP_PKEY_CTX_set_dsa_paramgen_type" + or + name = "EVP_PKEY_CTX_set_ec_param_enc" + or + name = "EVP_PKEY_CTX_set_ec_paramgen_curve_nid" + or + name = "EVP_PKEY_CTX_set_ecdh_cofactor_mode" + or + name = "EVP_PKEY_CTX_set_ecdh_kdf_md" + or + name = "EVP_PKEY_CTX_set_ecdh_kdf_outlen" + or + name = "EVP_PKEY_CTX_set_ecdh_kdf_type" + or + name = "EVP_PKEY_CTX_set_group_name" + or + name = "EVP_PKEY_CTX_set_hkdf_md" + or + name = "EVP_PKEY_CTX_set_hkdf_mode" + or + name = "EVP_PKEY_CTX_set_kem_op" + or + name = "EVP_PKEY_CTX_set_mac_key" + or + name = "EVP_PKEY_CTX_set_params" + or + name = "EVP_PKEY_CTX_set_rsa_keygen_bits" + or + name = "EVP_PKEY_CTX_set_rsa_keygen_primes" + or + name = "EVP_PKEY_CTX_set_rsa_keygen_pubexp" + or + name = "EVP_PKEY_CTX_set_rsa_mgf1_md" + or + name = "EVP_PKEY_CTX_set_rsa_mgf1_md_name" + or + name = "EVP_PKEY_CTX_set_rsa_oaep_md" + or + name = "EVP_PKEY_CTX_set_rsa_oaep_md_name" + or + name = "EVP_PKEY_CTX_set_rsa_padding" + or + name = "EVP_PKEY_CTX_set_rsa_pss_keygen_md" + or + name = "EVP_PKEY_CTX_set_rsa_pss_keygen_md_name" + or + name = "EVP_PKEY_CTX_set_rsa_pss_keygen_mgf1_md" + or + name = "EVP_PKEY_CTX_set_rsa_pss_keygen_mgf1_md_name" + or + name = "EVP_PKEY_CTX_set_rsa_pss_keygen_saltlen" + or + name = "EVP_PKEY_CTX_set_rsa_pss_saltlen" + or + name = "EVP_PKEY_CTX_set_rsa_rsa_keygen_bits" + or + name = "EVP_PKEY_CTX_set_scrypt_N" + or + name = "EVP_PKEY_CTX_set_scrypt_maxmem_bytes" + or + name = "EVP_PKEY_CTX_set_scrypt_p" + or + name = "EVP_PKEY_CTX_set_scrypt_r" + or + name = "EVP_PKEY_CTX_set_signature_md" + or + name = "EVP_PKEY_CTX_set_tls1_prf_md" + or + name = "EVP_PKEY_CTX_settable_params" + or + name = "EVP_PKEY_METHOD" + or + name = "EVP_PKEY_Q_keygen" + or + name = "EVP_PKEY_asn1_add0" + or + name = "EVP_PKEY_asn1_add_alias" + or + name = "EVP_PKEY_asn1_copy" + or + name = "EVP_PKEY_asn1_find" + or + name = "EVP_PKEY_asn1_find_str" + or + name = "EVP_PKEY_asn1_free" + or + name = "EVP_PKEY_asn1_get0" + or + name = "EVP_PKEY_asn1_get0_info" + or + name = "EVP_PKEY_asn1_get_count" + or + name = "EVP_PKEY_asn1_new" + or + name = "EVP_PKEY_asn1_set_check" + or + name = "EVP_PKEY_asn1_set_ctrl" + or + name = "EVP_PKEY_asn1_set_free" + or + name = "EVP_PKEY_asn1_set_get_priv_key" + or + name = "EVP_PKEY_asn1_set_get_pub_key" + or + name = "EVP_PKEY_asn1_set_item" + or + name = "EVP_PKEY_asn1_set_param" + or + name = "EVP_PKEY_asn1_set_param_check" + or + name = "EVP_PKEY_asn1_set_private" + or + name = "EVP_PKEY_asn1_set_public" + or + name = "EVP_PKEY_asn1_set_public_check" + or + name = "EVP_PKEY_asn1_set_security_bits" + or + name = "EVP_PKEY_asn1_set_set_priv_key" + or + name = "EVP_PKEY_asn1_set_set_pub_key" + or + name = "EVP_PKEY_asn1_set_siginf" + or + name = "EVP_PKEY_assign_DH" + or + name = "EVP_PKEY_assign_DSA" + or + name = "EVP_PKEY_assign_EC_KEY" + or + name = "EVP_PKEY_assign_POLY1305" + or + name = "EVP_PKEY_assign_RSA" + or + name = "EVP_PKEY_assign_SIPHASH" + or + name = "EVP_PKEY_auth_decapsulate_init" + or + name = "EVP_PKEY_auth_encapsulate_init" + or + name = "EVP_PKEY_base_id" + or + name = "EVP_PKEY_bits" + or + name = "EVP_PKEY_can_sign" + or + name = "EVP_PKEY_check" + or + name = "EVP_PKEY_cmp" + or + name = "EVP_PKEY_cmp_parameters" + or + name = "EVP_PKEY_copy_parameters" + or + name = "EVP_PKEY_decapsulate" + or + name = "EVP_PKEY_decapsulate_init" + or + name = "EVP_PKEY_decrypt" + or + name = "EVP_PKEY_decrypt_init" + or + name = "EVP_PKEY_decrypt_init_ex" + or + name = "EVP_PKEY_derive" + or + name = "EVP_PKEY_derive_init" + or + name = "EVP_PKEY_derive_init_ex" + or + name = "EVP_PKEY_derive_set_peer" + or + name = "EVP_PKEY_derive_set_peer_ex" + or + name = "EVP_PKEY_digestsign_supports_digest" + or + name = "EVP_PKEY_dup" + or + name = "EVP_PKEY_encapsulate" + or + name = "EVP_PKEY_encapsulate_init" + or + name = "EVP_PKEY_encrypt" + or + name = "EVP_PKEY_encrypt_init" + or + name = "EVP_PKEY_encrypt_init_ex" + or + name = "EVP_PKEY_eq" + or + name = "EVP_PKEY_export" + or + name = "EVP_PKEY_free" + or + name = "EVP_PKEY_fromdata" + or + name = "EVP_PKEY_fromdata_init" + or + name = "EVP_PKEY_fromdata_settable" + or + name = "EVP_PKEY_gen_cb" + or + name = "EVP_PKEY_generate" + or + name = "EVP_PKEY_get0" + or + name = "EVP_PKEY_get0_DH" + or + name = "EVP_PKEY_get0_DSA" + or + name = "EVP_PKEY_get0_EC_KEY" + or + name = "EVP_PKEY_get0_RSA" + or + name = "EVP_PKEY_get0_asn1" + or + name = "EVP_PKEY_get0_description" + or + name = "EVP_PKEY_get0_engine" + or + name = "EVP_PKEY_get0_hmac" + or + name = "EVP_PKEY_get0_poly1305" + or + name = "EVP_PKEY_get0_provider" + or + name = "EVP_PKEY_get0_siphash" + or + name = "EVP_PKEY_get0_type_name" + or + name = "EVP_PKEY_get1_DH" + or + name = "EVP_PKEY_get1_DSA" + or + name = "EVP_PKEY_get1_EC_KEY" + or + name = "EVP_PKEY_get1_RSA" + or + name = "EVP_PKEY_get1_encoded_public_key" + or + name = "EVP_PKEY_get1_tls_encodedpoint" + or + name = "EVP_PKEY_get_base_id" + or + name = "EVP_PKEY_get_bits" + or + name = "EVP_PKEY_get_bn_param" + or + name = "EVP_PKEY_get_default_digest" + or + name = "EVP_PKEY_get_default_digest_name" + or + name = "EVP_PKEY_get_default_digest_nid" + or + name = "EVP_PKEY_get_ec_point_conv_form" + or + name = "EVP_PKEY_get_ex_data" + or + name = "EVP_PKEY_get_ex_new_index" + or + name = "EVP_PKEY_get_field_type" + or + name = "EVP_PKEY_get_group_name" + or + name = "EVP_PKEY_get_id" + or + name = "EVP_PKEY_get_int_param" + or + name = "EVP_PKEY_get_octet_string_param" + or + name = "EVP_PKEY_get_params" + or + name = "EVP_PKEY_get_raw_private_key" + or + name = "EVP_PKEY_get_raw_public_key" + or + name = "EVP_PKEY_get_security_bits" + or + name = "EVP_PKEY_get_size" + or + name = "EVP_PKEY_get_size_t_param" + or + name = "EVP_PKEY_get_utf8_string_param" + or + name = "EVP_PKEY_gettable_params" + or + name = "EVP_PKEY_id" + or + name = "EVP_PKEY_is_a" + or + name = "EVP_PKEY_keygen" + or + name = "EVP_PKEY_keygen_init" + or + name = "EVP_PKEY_meth_add0" + or + name = "EVP_PKEY_meth_copy" + or + name = "EVP_PKEY_meth_find" + or + name = "EVP_PKEY_meth_free" + or + name = "EVP_PKEY_meth_get0" + or + name = "EVP_PKEY_meth_get0_info" + or + name = "EVP_PKEY_meth_get_check" + or + name = "EVP_PKEY_meth_get_cleanup" + or + name = "EVP_PKEY_meth_get_copy" + or + name = "EVP_PKEY_meth_get_count" + or + name = "EVP_PKEY_meth_get_ctrl" + or + name = "EVP_PKEY_meth_get_decrypt" + or + name = "EVP_PKEY_meth_get_derive" + or + name = "EVP_PKEY_meth_get_digest_custom" + or + name = "EVP_PKEY_meth_get_digestsign" + or + name = "EVP_PKEY_meth_get_digestverify" + or + name = "EVP_PKEY_meth_get_encrypt" + or + name = "EVP_PKEY_meth_get_init" + or + name = "EVP_PKEY_meth_get_keygen" + or + name = "EVP_PKEY_meth_get_param_check" + or + name = "EVP_PKEY_meth_get_paramgen" + or + name = "EVP_PKEY_meth_get_public_check" + or + name = "EVP_PKEY_meth_get_sign" + or + name = "EVP_PKEY_meth_get_signctx" + or + name = "EVP_PKEY_meth_get_verify" + or + name = "EVP_PKEY_meth_get_verify_recover" + or + name = "EVP_PKEY_meth_get_verifyctx" + or + name = "EVP_PKEY_meth_new" + or + name = "EVP_PKEY_meth_remove" + or + name = "EVP_PKEY_meth_set_check" + or + name = "EVP_PKEY_meth_set_cleanup" + or + name = "EVP_PKEY_meth_set_copy" + or + name = "EVP_PKEY_meth_set_ctrl" + or + name = "EVP_PKEY_meth_set_decrypt" + or + name = "EVP_PKEY_meth_set_derive" + or + name = "EVP_PKEY_meth_set_digest_custom" + or + name = "EVP_PKEY_meth_set_digestsign" + or + name = "EVP_PKEY_meth_set_digestverify" + or + name = "EVP_PKEY_meth_set_encrypt" + or + name = "EVP_PKEY_meth_set_init" + or + name = "EVP_PKEY_meth_set_keygen" + or + name = "EVP_PKEY_meth_set_param_check" + or + name = "EVP_PKEY_meth_set_paramgen" + or + name = "EVP_PKEY_meth_set_public_check" + or + name = "EVP_PKEY_meth_set_sign" + or + name = "EVP_PKEY_meth_set_signctx" + or + name = "EVP_PKEY_meth_set_verify" + or + name = "EVP_PKEY_meth_set_verify_recover" + or + name = "EVP_PKEY_meth_set_verifyctx" + or + name = "EVP_PKEY_missing_parameters" + or + name = "EVP_PKEY_new" + or + name = "EVP_PKEY_new_CMAC_key" + or + name = "EVP_PKEY_new_mac_key" + or + name = "EVP_PKEY_new_raw_private_key" + or + name = "EVP_PKEY_new_raw_private_key_ex" + or + name = "EVP_PKEY_new_raw_public_key" + or + name = "EVP_PKEY_new_raw_public_key_ex" + or + name = "EVP_PKEY_pairwise_check" + or + name = "EVP_PKEY_param_check" + or + name = "EVP_PKEY_param_check_quick" + or + name = "EVP_PKEY_parameters_eq" + or + name = "EVP_PKEY_paramgen" + or + name = "EVP_PKEY_paramgen_init" + or + name = "EVP_PKEY_print_params" + or + name = "EVP_PKEY_print_params_fp" + or + name = "EVP_PKEY_print_private" + or + name = "EVP_PKEY_print_private_fp" + or + name = "EVP_PKEY_print_public" + or + name = "EVP_PKEY_print_public_fp" + or + name = "EVP_PKEY_private_check" + or + name = "EVP_PKEY_public_check" + or + name = "EVP_PKEY_public_check_quick" + or + name = "EVP_PKEY_security_bits" + or + name = "EVP_PKEY_set1_DH" + or + name = "EVP_PKEY_set1_DSA" + or + name = "EVP_PKEY_set1_EC_KEY" + or + name = "EVP_PKEY_set1_RSA" + or + name = "EVP_PKEY_set1_encoded_public_key" + or + name = "EVP_PKEY_set1_engine" + or + name = "EVP_PKEY_set1_tls_encodedpoint" + or + name = "EVP_PKEY_set_alias_type" + or + name = "EVP_PKEY_set_bn_param" + or + name = "EVP_PKEY_set_ex_data" + or + name = "EVP_PKEY_set_int_param" + or + name = "EVP_PKEY_set_octet_string_param" + or + name = "EVP_PKEY_set_params" + or + name = "EVP_PKEY_set_size_t_param" + or + name = "EVP_PKEY_set_type" + or + name = "EVP_PKEY_set_type_by_keymgmt" + or + name = "EVP_PKEY_set_type_str" + or + name = "EVP_PKEY_set_utf8_string_param" + or + name = "EVP_PKEY_settable_params" + or + name = "EVP_PKEY_sign" + or + name = "EVP_PKEY_sign_init" + or + name = "EVP_PKEY_sign_init_ex" + or + name = "EVP_PKEY_size" + or + name = "EVP_PKEY_todata" + or + name = "EVP_PKEY_type" + or + name = "EVP_PKEY_type_names_do_all" + or + name = "EVP_PKEY_up_ref" + or + name = "EVP_PKEY_verify" + or + name = "EVP_PKEY_verify_init" + or + name = "EVP_PKEY_verify_init_ex" + or + name = "EVP_PKEY_verify_recover" + or + name = "EVP_PKEY_verify_recover_init" + or + name = "EVP_PKEY_verify_recover_init_ex" + or + name = "EVP_Q_digest" + or + name = "EVP_Q_mac" + or + name = "EVP_RAND" + or + name = "EVP_RAND_CTX" + or + name = "EVP_RAND_CTX_free" + or + name = "EVP_RAND_CTX_get0_rand" + or + name = "EVP_RAND_CTX_get_params" + or + name = "EVP_RAND_CTX_gettable_params" + or + name = "EVP_RAND_CTX_new" + or + name = "EVP_RAND_CTX_set_params" + or + name = "EVP_RAND_CTX_settable_params" + or + name = "EVP_RAND_CTX_up_ref" + or + name = "EVP_RAND_STATE_ERROR" + or + name = "EVP_RAND_STATE_READY" + or + name = "EVP_RAND_STATE_UNINITIALISED" + or + name = "EVP_RAND_do_all_provided" + or + name = "EVP_RAND_enable_locking" + or + name = "EVP_RAND_fetch" + or + name = "EVP_RAND_free" + or + name = "EVP_RAND_generate" + or + name = "EVP_RAND_get0_description" + or + name = "EVP_RAND_get0_name" + or + name = "EVP_RAND_get0_provider" + or + name = "EVP_RAND_get_params" + or + name = "EVP_RAND_get_state" + or + name = "EVP_RAND_get_strength" + or + name = "EVP_RAND_gettable_ctx_params" + or + name = "EVP_RAND_gettable_params" + or + name = "EVP_RAND_instantiate" + or + name = "EVP_RAND_is_a" + or + name = "EVP_RAND_names_do_all" + or + name = "EVP_RAND_nonce" + or + name = "EVP_RAND_reseed" + or + name = "EVP_RAND_settable_ctx_params" + or + name = "EVP_RAND_uninstantiate" + or + name = "EVP_RAND_up_ref" + or + name = "EVP_RAND_verify_zeroization" + or + name = "EVP_RSA_gen" + or + name = "EVP_SIGNATURE" + or + name = "EVP_SIGNATURE_do_all_provided" + or + name = "EVP_SIGNATURE_fetch" + or + name = "EVP_SIGNATURE_free" + or + name = "EVP_SIGNATURE_get0_description" + or + name = "EVP_SIGNATURE_get0_name" + or + name = "EVP_SIGNATURE_get0_provider" + or + name = "EVP_SIGNATURE_gettable_ctx_params" + or + name = "EVP_SIGNATURE_is_a" + or + name = "EVP_SIGNATURE_names_do_all" + or + name = "EVP_SIGNATURE_settable_ctx_params" + or + name = "EVP_SIGNATURE_up_ref" + or + name = "EVP_SealFinal" + or + name = "EVP_SealInit" + or + name = "EVP_SealUpdate" + or + name = "EVP_SignFinal" + or + name = "EVP_SignFinal_ex" + or + name = "EVP_SignInit" + or + name = "EVP_SignInit_ex" + or + name = "EVP_SignUpdate" + or + name = "EVP_VerifyFinal" + or + name = "EVP_VerifyFinal_ex" + or + name = "EVP_VerifyInit" + or + name = "EVP_VerifyInit_ex" + or + name = "EVP_VerifyUpdate" + or + name = "EVP_aes" + or + name = "EVP_aes_128_cbc" + or + name = "EVP_aes_128_cbc_hmac_sha1" + or + name = "EVP_aes_128_cbc_hmac_sha256" + or + name = "EVP_aes_128_ccm" + or + name = "EVP_aes_128_cfb" + or + name = "EVP_aes_128_cfb1" + or + name = "EVP_aes_128_cfb128" + or + name = "EVP_aes_128_cfb8" + or + name = "EVP_aes_128_ctr" + or + name = "EVP_aes_128_ecb" + or + name = "EVP_aes_128_gcm" + or + name = "EVP_aes_128_ocb" + or + name = "EVP_aes_128_ofb" + or + name = "EVP_aes_128_wrap" + or + name = "EVP_aes_128_wrap_pad" + or + name = "EVP_aes_128_xts" + or + name = "EVP_aes_192_cbc" + or + name = "EVP_aes_192_ccm" + or + name = "EVP_aes_192_cfb" + or + name = "EVP_aes_192_cfb1" + or + name = "EVP_aes_192_cfb128" + or + name = "EVP_aes_192_cfb8" + or + name = "EVP_aes_192_ctr" + or + name = "EVP_aes_192_ecb" + or + name = "EVP_aes_192_gcm" + or + name = "EVP_aes_192_ocb" + or + name = "EVP_aes_192_ofb" + or + name = "EVP_aes_192_wrap" + or + name = "EVP_aes_192_wrap_pad" + or + name = "EVP_aes_256_cbc" + or + name = "EVP_aes_256_cbc_hmac_sha1" + or + name = "EVP_aes_256_cbc_hmac_sha256" + or + name = "EVP_aes_256_ccm" + or + name = "EVP_aes_256_cfb" + or + name = "EVP_aes_256_cfb1" + or + name = "EVP_aes_256_cfb128" + or + name = "EVP_aes_256_cfb8" + or + name = "EVP_aes_256_ctr" + or + name = "EVP_aes_256_ecb" + or + name = "EVP_aes_256_gcm" + or + name = "EVP_aes_256_ocb" + or + name = "EVP_aes_256_ofb" + or + name = "EVP_aes_256_wrap" + or + name = "EVP_aes_256_wrap_pad" + or + name = "EVP_aes_256_xts" + or + name = "EVP_aria" + or + name = "EVP_aria_128_cbc" + or + name = "EVP_aria_128_ccm" + or + name = "EVP_aria_128_cfb" + or + name = "EVP_aria_128_cfb1" + or + name = "EVP_aria_128_cfb128" + or + name = "EVP_aria_128_cfb8" + or + name = "EVP_aria_128_ctr" + or + name = "EVP_aria_128_ecb" + or + name = "EVP_aria_128_gcm" + or + name = "EVP_aria_128_ofb" + or + name = "EVP_aria_192_cbc" + or + name = "EVP_aria_192_ccm" + or + name = "EVP_aria_192_cfb" + or + name = "EVP_aria_192_cfb1" + or + name = "EVP_aria_192_cfb128" + or + name = "EVP_aria_192_cfb8" + or + name = "EVP_aria_192_ctr" + or + name = "EVP_aria_192_ecb" + or + name = "EVP_aria_192_gcm" + or + name = "EVP_aria_192_ofb" + or + name = "EVP_aria_256_cbc" + or + name = "EVP_aria_256_ccm" + or + name = "EVP_aria_256_cfb" + or + name = "EVP_aria_256_cfb1" + or + name = "EVP_aria_256_cfb128" + or + name = "EVP_aria_256_cfb8" + or + name = "EVP_aria_256_ctr" + or + name = "EVP_aria_256_ecb" + or + name = "EVP_aria_256_gcm" + or + name = "EVP_aria_256_ofb" + or + name = "EVP_bf_cbc" + or + name = "EVP_bf_cfb" + or + name = "EVP_bf_cfb64" + or + name = "EVP_bf_ecb" + or + name = "EVP_bf_ofb" + or + name = "EVP_blake2b512" + or + name = "EVP_blake2s256" + or + name = "EVP_camellia" + or + name = "EVP_camellia_128_cbc" + or + name = "EVP_camellia_128_cfb" + or + name = "EVP_camellia_128_cfb1" + or + name = "EVP_camellia_128_cfb128" + or + name = "EVP_camellia_128_cfb8" + or + name = "EVP_camellia_128_ctr" + or + name = "EVP_camellia_128_ecb" + or + name = "EVP_camellia_128_ofb" + or + name = "EVP_camellia_192_cbc" + or + name = "EVP_camellia_192_cfb" + or + name = "EVP_camellia_192_cfb1" + or + name = "EVP_camellia_192_cfb128" + or + name = "EVP_camellia_192_cfb8" + or + name = "EVP_camellia_192_ctr" + or + name = "EVP_camellia_192_ecb" + or + name = "EVP_camellia_192_ofb" + or + name = "EVP_camellia_256_cbc" + or + name = "EVP_camellia_256_cfb" + or + name = "EVP_camellia_256_cfb1" + or + name = "EVP_camellia_256_cfb128" + or + name = "EVP_camellia_256_cfb8" + or + name = "EVP_camellia_256_ctr" + or + name = "EVP_camellia_256_ecb" + or + name = "EVP_camellia_256_ofb" + or + name = "EVP_cast5_cbc" + or + name = "EVP_cast5_cfb" + or + name = "EVP_cast5_cfb64" + or + name = "EVP_cast5_ecb" + or + name = "EVP_cast5_ofb" + or + name = "EVP_chacha20" + or + name = "EVP_chacha20_poly1305" + or + name = "EVP_cleanup" + or + name = "EVP_default_properties_enable_fips" + or + name = "EVP_default_properties_is_fips_enabled" + or + name = "EVP_des" + or + name = "EVP_des_cbc" + or + name = "EVP_des_cfb" + or + name = "EVP_des_cfb1" + or + name = "EVP_des_cfb64" + or + name = "EVP_des_cfb8" + or + name = "EVP_des_ecb" + or + name = "EVP_des_ede" + or + name = "EVP_des_ede3" + or + name = "EVP_des_ede3_cbc" + or + name = "EVP_des_ede3_cfb" + or + name = "EVP_des_ede3_cfb1" + or + name = "EVP_des_ede3_cfb64" + or + name = "EVP_des_ede3_cfb8" + or + name = "EVP_des_ede3_ecb" + or + name = "EVP_des_ede3_ofb" + or + name = "EVP_des_ede3_wrap" + or + name = "EVP_des_ede_cbc" + or + name = "EVP_des_ede_cfb" + or + name = "EVP_des_ede_cfb64" + or + name = "EVP_des_ede_ecb" + or + name = "EVP_des_ede_ofb" + or + name = "EVP_des_ofb" + or + name = "EVP_desx_cbc" + or + name = "EVP_dss" + or + name = "EVP_dss1" + or + name = "EVP_enc_null" + or + name = "EVP_get_cipherbyname" + or + name = "EVP_get_cipherbynid" + or + name = "EVP_get_cipherbyobj" + or + name = "EVP_get_digestbyname" + or + name = "EVP_get_digestbynid" + or + name = "EVP_get_digestbyobj" + or + name = "EVP_idea_cbc" + or + name = "EVP_idea_cfb" + or + name = "EVP_idea_cfb64" + or + name = "EVP_idea_ecb" + or + name = "EVP_idea_ofb" + or + name = "EVP_md2" + or + name = "EVP_md4" + or + name = "EVP_md5" + or + name = "EVP_md5_sha1" + or + name = "EVP_md_null" + or + name = "EVP_mdc2" + or + name = "EVP_rc2_40_cbc" + or + name = "EVP_rc2_64_cbc" + or + name = "EVP_rc2_cbc" + or + name = "EVP_rc2_cfb" + or + name = "EVP_rc2_cfb64" + or + name = "EVP_rc2_ecb" + or + name = "EVP_rc2_ofb" + or + name = "EVP_rc4" + or + name = "EVP_rc4_40" + or + name = "EVP_rc4_hmac_md5" + or + name = "EVP_rc5_32_12_16_cbc" + or + name = "EVP_rc5_32_12_16_cfb" + or + name = "EVP_rc5_32_12_16_cfb64" + or + name = "EVP_rc5_32_12_16_ecb" + or + name = "EVP_rc5_32_12_16_ofb" + or + name = "EVP_ripemd160" + or + name = "EVP_seed_cbc" + or + name = "EVP_seed_cfb" + or + name = "EVP_seed_cfb128" + or + name = "EVP_seed_ecb" + or + name = "EVP_seed_ofb" + or + name = "EVP_set_default_properties" + or + name = "EVP_sha" + or + name = "EVP_sha1" + or + name = "EVP_sha224" + or + name = "EVP_sha256" + or + name = "EVP_sha384" + or + name = "EVP_sha3_224" + or + name = "EVP_sha3_256" + or + name = "EVP_sha3_384" + or + name = "EVP_sha3_512" + or + name = "EVP_sha512" + or + name = "EVP_sha512_224" + or + name = "EVP_sha512_256" + or + name = "EVP_shake128" + or + name = "EVP_shake256" + or + name = "EVP_sm3" + or + name = "EVP_sm4_cbc" + or + name = "EVP_sm4_cfb" + or + name = "EVP_sm4_cfb128" + or + name = "EVP_sm4_ctr" + or + name = "EVP_sm4_ecb" + or + name = "EVP_sm4_ofb" + or + name = "EVP_whirlpool" + or + name = "EXTENDED_KEY_USAGE_free" + or + name = "EXTENDED_KEY_USAGE_new" + or + name = "EXT_UTF8STRING" + or + name = "GENERAL_NAMES_free" + or + name = "GENERAL_NAMES_new" + or + name = "GENERAL_NAME_dup" + or + name = "GENERAL_NAME_free" + or + name = "GENERAL_NAME_new" + or + name = "GENERAL_SUBTREE_free" + or + name = "GENERAL_SUBTREE_new" + or + name = "GEN_SESSION_CB" + or + name = "HMAC" + or + name = "HMAC_CTX_cleanup" + or + name = "HMAC_CTX_copy" + or + name = "HMAC_CTX_free" + or + name = "HMAC_CTX_get_md" + or + name = "HMAC_CTX_init" + or + name = "HMAC_CTX_new" + or + name = "HMAC_CTX_reset" + or + name = "HMAC_CTX_set_flags" + or + name = "HMAC_Final" + or + name = "HMAC_Init" + or + name = "HMAC_Init_ex" + or + name = "HMAC_Update" + or + name = "HMAC_cleanup" + or + name = "HMAC_size" + or + name = "IMPLEMENT_ASN1_FUNCTIONS" + or + name = "IMPLEMENT_EXTERN_ASN1" + or + name = "IMPLEMENT_LHASH_COMP_FN" + or + name = "IMPLEMENT_LHASH_HASH_FN" + or + name = "IPAddressChoice_free" + or + name = "IPAddressChoice_new" + or + name = "IPAddressFamily_free" + or + name = "IPAddressFamily_new" + or + name = "IPAddressOrRange_free" + or + name = "IPAddressOrRange_new" + or + name = "IPAddressRange_free" + or + name = "IPAddressRange_new" + or + name = "ISSUER_SIGN_TOOL_free" + or + name = "ISSUER_SIGN_TOOL_it" + or + name = "ISSUER_SIGN_TOOL_new" + or + name = "ISSUING_DIST_POINT_free" + or + name = "ISSUING_DIST_POINT_it" + or + name = "ISSUING_DIST_POINT_new" + or + name = "LHASH" + or + name = "LHASH_DOALL_ARG_FN_TYPE" + or + name = "LHASH_OF" + or + name = "MD2" + or + name = "MD2_Final" + or + name = "MD2_Init" + or + name = "MD2_Update" + or + name = "MD4" + or + name = "MD4_Final" + or + name = "MD4_Init" + or + name = "MD4_Update" + or + name = "MD5" + or + name = "MD5_Final" + or + name = "MD5_Init" + or + name = "MD5_Update" + or + name = "MDC2" + or + name = "MDC2_Final" + or + name = "MDC2_Init" + or + name = "MDC2_Update" + or + name = "NAME_CONSTRAINTS_free" + or + name = "NAME_CONSTRAINTS_new" + or + name = "NAMING_AUTHORITY" + or + name = "NAMING_AUTHORITY_free" + or + name = "NAMING_AUTHORITY_get0_authorityId" + or + name = "NAMING_AUTHORITY_get0_authorityText" + or + name = "NAMING_AUTHORITY_get0_authorityURL" + or + name = "NAMING_AUTHORITY_new" + or + name = "NAMING_AUTHORITY_set0_authorityId" + or + name = "NAMING_AUTHORITY_set0_authorityText" + or + name = "NAMING_AUTHORITY_set0_authorityURL" + or + name = "NCONF_default" + or + name = "NCONF_free" + or + name = "NCONF_get0_libctx" + or + name = "NCONF_get_section" + or + name = "NCONF_get_section_names" + or + name = "NCONF_load" + or + name = "NCONF_new" + or + name = "NCONF_new_ex" + or + name = "NETSCAPE_CERT_SEQUENCE_free" + or + name = "NETSCAPE_CERT_SEQUENCE_new" + or + name = "NETSCAPE_SPKAC_free" + or + name = "NETSCAPE_SPKAC_new" + or + name = "NETSCAPE_SPKI_free" + or + name = "NETSCAPE_SPKI_new" + or + name = "NOTICEREF_free" + or + name = "NOTICEREF_new" + or + name = "OBJ_add_sigid" + or + name = "OBJ_cleanup" + or + name = "OBJ_cmp" + or + name = "OBJ_create" + or + name = "OBJ_dup" + or + name = "OBJ_get0_data" + or + name = "OBJ_length" + or + name = "OBJ_ln2nid" + or + name = "OBJ_nid2ln" + or + name = "OBJ_nid2obj" + or + name = "OBJ_nid2sn" + or + name = "OBJ_obj2nid" + or + name = "OBJ_obj2txt" + or + name = "OBJ_sn2nid" + or + name = "OBJ_txt2nid" + or + name = "OBJ_txt2obj" + or + name = "OCSP_BASICRESP_free" + or + name = "OCSP_BASICRESP_new" + or + name = "OCSP_CERTID_dup" + or + name = "OCSP_CERTID_free" + or + name = "OCSP_CERTID_new" + or + name = "OCSP_CERTSTATUS_free" + or + name = "OCSP_CERTSTATUS_new" + or + name = "OCSP_CRLID_free" + or + name = "OCSP_CRLID_new" + or + name = "OCSP_ONEREQ_free" + or + name = "OCSP_ONEREQ_new" + or + name = "OCSP_REQINFO_free" + or + name = "OCSP_REQINFO_new" + or + name = "OCSP_REQUEST_free" + or + name = "OCSP_REQUEST_new" + or + name = "OCSP_REQ_CTX" + or + name = "OCSP_REQ_CTX_add1_header" + or + name = "OCSP_REQ_CTX_free" + or + name = "OCSP_REQ_CTX_i2d" + or + name = "OCSP_REQ_CTX_set1_req" + or + name = "OCSP_RESPBYTES_free" + or + name = "OCSP_RESPBYTES_new" + or + name = "OCSP_RESPDATA_free" + or + name = "OCSP_RESPDATA_new" + or + name = "OCSP_RESPID_free" + or + name = "OCSP_RESPID_match" + or + name = "OCSP_RESPID_match_ex" + or + name = "OCSP_RESPID_new" + or + name = "OCSP_RESPID_set_by_key" + or + name = "OCSP_RESPID_set_by_key_ex" + or + name = "OCSP_RESPID_set_by_name" + or + name = "OCSP_RESPONSE_free" + or + name = "OCSP_RESPONSE_new" + or + name = "OCSP_REVOKEDINFO_free" + or + name = "OCSP_REVOKEDINFO_new" + or + name = "OCSP_SERVICELOC_free" + or + name = "OCSP_SERVICELOC_new" + or + name = "OCSP_SIGNATURE_free" + or + name = "OCSP_SIGNATURE_new" + or + name = "OCSP_SINGLERESP_free" + or + name = "OCSP_SINGLERESP_new" + or + name = "OCSP_basic_add1_nonce" + or + name = "OCSP_basic_sign" + or + name = "OCSP_basic_sign_ctx" + or + name = "OCSP_basic_verify" + or + name = "OCSP_cert_id_new" + or + name = "OCSP_cert_to_id" + or + name = "OCSP_check_nonce" + or + name = "OCSP_check_validity" + or + name = "OCSP_copy_nonce" + or + name = "OCSP_id_cmp" + or + name = "OCSP_id_get0_info" + or + name = "OCSP_id_issuer_cmp" + or + name = "OCSP_parse_url" + or + name = "OCSP_request_add0_id" + or + name = "OCSP_request_add1_cert" + or + name = "OCSP_request_add1_nonce" + or + name = "OCSP_request_onereq_count" + or + name = "OCSP_request_onereq_get0" + or + name = "OCSP_request_sign" + or + name = "OCSP_resp_count" + or + name = "OCSP_resp_find" + or + name = "OCSP_resp_find_status" + or + name = "OCSP_resp_get0" + or + name = "OCSP_resp_get0_certs" + or + name = "OCSP_resp_get0_id" + or + name = "OCSP_resp_get0_produced_at" + or + name = "OCSP_resp_get0_respdata" + or + name = "OCSP_resp_get0_signature" + or + name = "OCSP_resp_get0_signer" + or + name = "OCSP_resp_get0_tbs_sigalg" + or + name = "OCSP_resp_get1_id" + or + name = "OCSP_response_create" + or + name = "OCSP_response_get1_basic" + or + name = "OCSP_response_status" + or + name = "OCSP_sendreq_bio" + or + name = "OCSP_sendreq_nbio" + or + name = "OCSP_sendreq_new" + or + name = "OCSP_set_max_response_length" + or + name = "OCSP_single_get0_status" + or + name = "OPENSSL_Applink" + or + name = "OPENSSL_FILE" + or + name = "OPENSSL_FUNC" + or + name = "OPENSSL_INIT_free" + or + name = "OPENSSL_INIT_new" + or + name = "OPENSSL_INIT_set_config_appname" + or + name = "OPENSSL_INIT_set_config_file_flags" + or + name = "OPENSSL_INIT_set_config_filename" + or + name = "OPENSSL_LH_COMPFUNC" + or + name = "OPENSSL_LH_DOALL_FUNC" + or + name = "OPENSSL_LH_HASHFUNC" + or + name = "OPENSSL_LH_delete" + or + name = "OPENSSL_LH_doall" + or + name = "OPENSSL_LH_doall_arg" + or + name = "OPENSSL_LH_error" + or + name = "OPENSSL_LH_flush" + or + name = "OPENSSL_LH_free" + or + name = "OPENSSL_LH_insert" + or + name = "OPENSSL_LH_new" + or + name = "OPENSSL_LH_node_stats" + or + name = "OPENSSL_LH_node_stats_bio" + or + name = "OPENSSL_LH_node_usage_stats" + or + name = "OPENSSL_LH_node_usage_stats_bio" + or + name = "OPENSSL_LH_retrieve" + or + name = "OPENSSL_LH_stats" + or + name = "OPENSSL_LH_stats_bio" + or + name = "OPENSSL_LINE" + or + name = "OPENSSL_MALLOC_FAILURES" + or + name = "OPENSSL_MALLOC_FD" + or + name = "OPENSSL_MSTR" + or + name = "OPENSSL_MSTR_HELPER" + or + name = "OPENSSL_VERSION_BUILD_METADATA" + or + name = "OPENSSL_VERSION_MAJOR" + or + name = "OPENSSL_VERSION_MINOR" + or + name = "OPENSSL_VERSION_NUMBER" + or + name = "OPENSSL_VERSION_PATCH" + or + name = "OPENSSL_VERSION_PREREQ" + or + name = "OPENSSL_VERSION_PRE_RELEASE" + or + name = "OPENSSL_VERSION_TEXT" + or + name = "OPENSSL_atexit" + or + name = "OPENSSL_buf2hexstr" + or + name = "OPENSSL_buf2hexstr_ex" + or + name = "OPENSSL_cipher_name" + or + name = "OPENSSL_cleanse" + or + name = "OPENSSL_cleanup" + or + name = "OPENSSL_clear_free" + or + name = "OPENSSL_clear_realloc" + or + name = "OPENSSL_config" + or + name = "OPENSSL_fork_child" + or + name = "OPENSSL_fork_parent" + or + name = "OPENSSL_fork_prepare" + or + name = "OPENSSL_free" + or + name = "OPENSSL_gmtime" + or + name = "OPENSSL_gmtime_adj" + or + name = "OPENSSL_gmtime_diff" + or + name = "OPENSSL_hexchar2int" + or + name = "OPENSSL_hexstr2buf" + or + name = "OPENSSL_hexstr2buf_ex" + or + name = "OPENSSL_ia32cap" + or + name = "OPENSSL_ia32cap_loc" + or + name = "OPENSSL_info" + or + name = "OPENSSL_init_crypto" + or + name = "OPENSSL_init_ssl" + or + name = "OPENSSL_instrument_bus" + or + name = "OPENSSL_instrument_bus2" + or + name = "OPENSSL_load_builtin_modules" + or + name = "OPENSSL_malloc" + or + name = "OPENSSL_malloc_init" + or + name = "OPENSSL_mem_debug_pop" + or + name = "OPENSSL_mem_debug_push" + or + name = "OPENSSL_memdup" + or + name = "OPENSSL_no_config" + or + name = "OPENSSL_realloc" + or + name = "OPENSSL_s390xcap" + or + name = "OPENSSL_secure_actual_size" + or + name = "OPENSSL_secure_clear_free" + or + name = "OPENSSL_secure_free" + or + name = "OPENSSL_secure_malloc" + or + name = "OPENSSL_secure_zalloc" + or + name = "OPENSSL_sk_deep_copy" + or + name = "OPENSSL_sk_delete" + or + name = "OPENSSL_sk_delete_ptr" + or + name = "OPENSSL_sk_dup" + or + name = "OPENSSL_sk_find" + or + name = "OPENSSL_sk_find_all" + or + name = "OPENSSL_sk_find_ex" + or + name = "OPENSSL_sk_free" + or + name = "OPENSSL_sk_insert" + or + name = "OPENSSL_sk_is_sorted" + or + name = "OPENSSL_sk_new" + or + name = "OPENSSL_sk_new_null" + or + name = "OPENSSL_sk_new_reserve" + or + name = "OPENSSL_sk_num" + or + name = "OPENSSL_sk_pop" + or + name = "OPENSSL_sk_pop_free" + or + name = "OPENSSL_sk_push" + or + name = "OPENSSL_sk_reserve" + or + name = "OPENSSL_sk_set" + or + name = "OPENSSL_sk_set_cmp_func" + or + name = "OPENSSL_sk_shift" + or + name = "OPENSSL_sk_sort" + or + name = "OPENSSL_sk_unshift" + or + name = "OPENSSL_sk_value" + or + name = "OPENSSL_sk_zero" + or + name = "OPENSSL_strcasecmp" + or + name = "OPENSSL_strdup" + or + name = "OPENSSL_strlcat" + or + name = "OPENSSL_strlcpy" + or + name = "OPENSSL_strncasecmp" + or + name = "OPENSSL_strndup" + or + name = "OPENSSL_thread_stop" + or + name = "OPENSSL_thread_stop_ex" + or + name = "OPENSSL_version_build_metadata" + or + name = "OPENSSL_version_major" + or + name = "OPENSSL_version_minor" + or + name = "OPENSSL_version_patch" + or + name = "OPENSSL_version_pre_release" + or + name = "OPENSSL_zalloc" + or + name = "OSSL_ALGORITHM" + or + name = "OSSL_CALLBACK" + or + name = "OSSL_CMP_CR" + or + name = "OSSL_CMP_CTX_build_cert_chain" + or + name = "OSSL_CMP_CTX_free" + or + name = "OSSL_CMP_CTX_get0_libctx" + or + name = "OSSL_CMP_CTX_get0_newCert" + or + name = "OSSL_CMP_CTX_get0_newPkey" + or + name = "OSSL_CMP_CTX_get0_propq" + or + name = "OSSL_CMP_CTX_get0_statusString" + or + name = "OSSL_CMP_CTX_get0_trusted" + or + name = "OSSL_CMP_CTX_get0_trustedStore" + or + name = "OSSL_CMP_CTX_get0_untrusted" + or + name = "OSSL_CMP_CTX_get0_validatedSrvCert" + or + name = "OSSL_CMP_CTX_get1_caPubs" + or + name = "OSSL_CMP_CTX_get1_extraCertsIn" + or + name = "OSSL_CMP_CTX_get1_newChain" + or + name = "OSSL_CMP_CTX_get_certConf_cb_arg" + or + name = "OSSL_CMP_CTX_get_failInfoCode" + or + name = "OSSL_CMP_CTX_get_http_cb_arg" + or + name = "OSSL_CMP_CTX_get_option" + or + name = "OSSL_CMP_CTX_get_status" + or + name = "OSSL_CMP_CTX_get_transfer_cb_arg" + or + name = "OSSL_CMP_CTX_new" + or + name = "OSSL_CMP_CTX_print_errors" + or + name = "OSSL_CMP_CTX_push0_geninfo_ITAV" + or + name = "OSSL_CMP_CTX_push0_genm_ITAV" + or + name = "OSSL_CMP_CTX_push0_policy" + or + name = "OSSL_CMP_CTX_push1_subjectAltName" + or + name = "OSSL_CMP_CTX_reinit" + or + name = "OSSL_CMP_CTX_reqExtensions_have_SAN" + or + name = "OSSL_CMP_CTX_reset_geninfo_ITAVs" + or + name = "OSSL_CMP_CTX_server_perform" + or + name = "OSSL_CMP_CTX_set0_newPkey" + or + name = "OSSL_CMP_CTX_set0_reqExtensions" + or + name = "OSSL_CMP_CTX_set0_trusted" + or + name = "OSSL_CMP_CTX_set0_trustedStore" + or + name = "OSSL_CMP_CTX_set1_cert" + or + name = "OSSL_CMP_CTX_set1_expected_sender" + or + name = "OSSL_CMP_CTX_set1_extraCertsOut" + or + name = "OSSL_CMP_CTX_set1_issuer" + or + name = "OSSL_CMP_CTX_set1_no_proxy" + or + name = "OSSL_CMP_CTX_set1_oldCert" + or + name = "OSSL_CMP_CTX_set1_p10CSR" + or + name = "OSSL_CMP_CTX_set1_pkey" + or + name = "OSSL_CMP_CTX_set1_proxy" + or + name = "OSSL_CMP_CTX_set1_recipient" + or + name = "OSSL_CMP_CTX_set1_referenceValue" + or + name = "OSSL_CMP_CTX_set1_secretValue" + or + name = "OSSL_CMP_CTX_set1_senderNonce" + or + name = "OSSL_CMP_CTX_set1_server" + or + name = "OSSL_CMP_CTX_set1_serverPath" + or + name = "OSSL_CMP_CTX_set1_srvCert" + or + name = "OSSL_CMP_CTX_set1_subjectName" + or + name = "OSSL_CMP_CTX_set1_transactionID" + or + name = "OSSL_CMP_CTX_set1_untrusted" + or + name = "OSSL_CMP_CTX_set_certConf_cb" + or + name = "OSSL_CMP_CTX_set_certConf_cb_arg" + or + name = "OSSL_CMP_CTX_set_http_cb" + or + name = "OSSL_CMP_CTX_set_http_cb_arg" + or + name = "OSSL_CMP_CTX_set_log_cb" + or + name = "OSSL_CMP_CTX_set_log_verbosity" + or + name = "OSSL_CMP_CTX_set_option" + or + name = "OSSL_CMP_CTX_set_serverPort" + or + name = "OSSL_CMP_CTX_set_transfer_cb" + or + name = "OSSL_CMP_CTX_set_transfer_cb_arg" + or + name = "OSSL_CMP_CTX_setup_CRM" + or + name = "OSSL_CMP_CTX_snprint_PKIStatus" + or + name = "OSSL_CMP_HDR_get0_recipNonce" + or + name = "OSSL_CMP_HDR_get0_transactionID" + or + name = "OSSL_CMP_IR" + or + name = "OSSL_CMP_ITAV_create" + or + name = "OSSL_CMP_ITAV_dup" + or + name = "OSSL_CMP_ITAV_free" + or + name = "OSSL_CMP_ITAV_get0_type" + or + name = "OSSL_CMP_ITAV_get0_value" + or + name = "OSSL_CMP_ITAV_push0_stack_item" + or + name = "OSSL_CMP_ITAV_set0" + or + name = "OSSL_CMP_KUR" + or + name = "OSSL_CMP_LOG_ALERT" + or + name = "OSSL_CMP_LOG_CRIT" + or + name = "OSSL_CMP_LOG_DEBUG" + or + name = "OSSL_CMP_LOG_EMERG" + or + name = "OSSL_CMP_LOG_ERR" + or + name = "OSSL_CMP_LOG_INFO" + or + name = "OSSL_CMP_LOG_NOTICE" + or + name = "OSSL_CMP_LOG_TRACE" + or + name = "OSSL_CMP_LOG_WARNING" + or + name = "OSSL_CMP_MSG_dup" + or + name = "OSSL_CMP_MSG_free" + or + name = "OSSL_CMP_MSG_get0_header" + or + name = "OSSL_CMP_MSG_get_bodytype" + or + name = "OSSL_CMP_MSG_http_perform" + or + name = "OSSL_CMP_MSG_it" + or + name = "OSSL_CMP_MSG_read" + or + name = "OSSL_CMP_MSG_update_recipNonce" + or + name = "OSSL_CMP_MSG_update_transactionID" + or + name = "OSSL_CMP_MSG_write" + or + name = "OSSL_CMP_P10CR" + or + name = "OSSL_CMP_PKIHEADER_free" + or + name = "OSSL_CMP_PKIHEADER_it" + or + name = "OSSL_CMP_PKIHEADER_new" + or + name = "OSSL_CMP_PKISI_dup" + or + name = "OSSL_CMP_PKISI_free" + or + name = "OSSL_CMP_PKISI_it" + or + name = "OSSL_CMP_PKISI_new" + or + name = "OSSL_CMP_PKISTATUS_it" + or + name = "OSSL_CMP_SRV_CTX_free" + or + name = "OSSL_CMP_SRV_CTX_get0_cmp_ctx" + or + name = "OSSL_CMP_SRV_CTX_get0_custom_ctx" + or + name = "OSSL_CMP_SRV_CTX_init" + or + name = "OSSL_CMP_SRV_CTX_new" + or + name = "OSSL_CMP_SRV_CTX_set_accept_raverified" + or + name = "OSSL_CMP_SRV_CTX_set_accept_unprotected" + or + name = "OSSL_CMP_SRV_CTX_set_grant_implicit_confirm" + or + name = "OSSL_CMP_SRV_CTX_set_send_unprotected_errors" + or + name = "OSSL_CMP_SRV_certConf_cb_t" + or + name = "OSSL_CMP_SRV_cert_request_cb_t" + or + name = "OSSL_CMP_SRV_error_cb_t" + or + name = "OSSL_CMP_SRV_genm_cb_t" + or + name = "OSSL_CMP_SRV_pollReq_cb_t" + or + name = "OSSL_CMP_SRV_process_request" + or + name = "OSSL_CMP_SRV_rr_cb_t" + or + name = "OSSL_CMP_STATUSINFO_new" + or + name = "OSSL_CMP_certConf_cb" + or + name = "OSSL_CMP_certConf_cb_t" + or + name = "OSSL_CMP_exec_CR_ses" + or + name = "OSSL_CMP_exec_GENM_ses" + or + name = "OSSL_CMP_exec_IR_ses" + or + name = "OSSL_CMP_exec_KUR_ses" + or + name = "OSSL_CMP_exec_P10CR_ses" + or + name = "OSSL_CMP_exec_RR_ses" + or + name = "OSSL_CMP_exec_certreq" + or + name = "OSSL_CMP_log_cb_t" + or + name = "OSSL_CMP_log_close" + or + name = "OSSL_CMP_log_open" + or + name = "OSSL_CMP_print_errors_cb" + or + name = "OSSL_CMP_print_to_bio" + or + name = "OSSL_CMP_severity" + or + name = "OSSL_CMP_snprint_PKIStatusInfo" + or + name = "OSSL_CMP_transfer_cb_t" + or + name = "OSSL_CMP_try_certreq" + or + name = "OSSL_CMP_validate_cert_path" + or + name = "OSSL_CMP_validate_msg" + or + name = "OSSL_CORE_MAKE_FUNC" + or + name = "OSSL_CRMF_CERTID_dup" + or + name = "OSSL_CRMF_CERTID_free" + or + name = "OSSL_CRMF_CERTID_gen" + or + name = "OSSL_CRMF_CERTID_get0_issuer" + or + name = "OSSL_CRMF_CERTID_get0_serialNumber" + or + name = "OSSL_CRMF_CERTID_it" + or + name = "OSSL_CRMF_CERTID_new" + or + name = "OSSL_CRMF_CERTTEMPLATE_fill" + or + name = "OSSL_CRMF_CERTTEMPLATE_free" + or + name = "OSSL_CRMF_CERTTEMPLATE_get0_extensions" + or + name = "OSSL_CRMF_CERTTEMPLATE_get0_issuer" + or + name = "OSSL_CRMF_CERTTEMPLATE_get0_publicKey" + or + name = "OSSL_CRMF_CERTTEMPLATE_get0_serialNumber" + or + name = "OSSL_CRMF_CERTTEMPLATE_get0_subject" + or + name = "OSSL_CRMF_CERTTEMPLATE_it" + or + name = "OSSL_CRMF_CERTTEMPLATE_new" + or + name = "OSSL_CRMF_ENCRYPTEDVALUE_free" + or + name = "OSSL_CRMF_ENCRYPTEDVALUE_get1_encCert" + or + name = "OSSL_CRMF_ENCRYPTEDVALUE_it" + or + name = "OSSL_CRMF_ENCRYPTEDVALUE_new" + or + name = "OSSL_CRMF_MSGS_free" + or + name = "OSSL_CRMF_MSGS_it" + or + name = "OSSL_CRMF_MSGS_new" + or + name = "OSSL_CRMF_MSGS_verify_popo" + or + name = "OSSL_CRMF_MSG_PKIPublicationInfo_push0_SinglePubInfo" + or + name = "OSSL_CRMF_MSG_create_popo" + or + name = "OSSL_CRMF_MSG_dup" + or + name = "OSSL_CRMF_MSG_free" + or + name = "OSSL_CRMF_MSG_get0_regCtrl_authenticator" + or + name = "OSSL_CRMF_MSG_get0_regCtrl_oldCertID" + or + name = "OSSL_CRMF_MSG_get0_regCtrl_pkiPublicationInfo" + or + name = "OSSL_CRMF_MSG_get0_regCtrl_protocolEncrKey" + or + name = "OSSL_CRMF_MSG_get0_regCtrl_regToken" + or + name = "OSSL_CRMF_MSG_get0_regInfo_certReq" + or + name = "OSSL_CRMF_MSG_get0_regInfo_utf8Pairs" + or + name = "OSSL_CRMF_MSG_get0_tmpl" + or + name = "OSSL_CRMF_MSG_get_certReqId" + or + name = "OSSL_CRMF_MSG_it" + or + name = "OSSL_CRMF_MSG_new" + or + name = "OSSL_CRMF_MSG_push0_extension" + or + name = "OSSL_CRMF_MSG_set0_SinglePubInfo" + or + name = "OSSL_CRMF_MSG_set0_extensions" + or + name = "OSSL_CRMF_MSG_set0_validity" + or + name = "OSSL_CRMF_MSG_set1_regCtrl_authenticator" + or + name = "OSSL_CRMF_MSG_set1_regCtrl_oldCertID" + or + name = "OSSL_CRMF_MSG_set1_regCtrl_pkiPublicationInfo" + or + name = "OSSL_CRMF_MSG_set1_regCtrl_protocolEncrKey" + or + name = "OSSL_CRMF_MSG_set1_regCtrl_regToken" + or + name = "OSSL_CRMF_MSG_set1_regInfo_certReq" + or + name = "OSSL_CRMF_MSG_set1_regInfo_utf8Pairs" + or + name = "OSSL_CRMF_MSG_set_PKIPublicationInfo_action" + or + name = "OSSL_CRMF_MSG_set_certReqId" + or + name = "OSSL_CRMF_PBMPARAMETER_free" + or + name = "OSSL_CRMF_PBMPARAMETER_it" + or + name = "OSSL_CRMF_PBMPARAMETER_new" + or + name = "OSSL_CRMF_PKIPUBLICATIONINFO_free" + or + name = "OSSL_CRMF_PKIPUBLICATIONINFO_it" + or + name = "OSSL_CRMF_PKIPUBLICATIONINFO_new" + or + name = "OSSL_CRMF_SINGLEPUBINFO_free" + or + name = "OSSL_CRMF_SINGLEPUBINFO_it" + or + name = "OSSL_CRMF_SINGLEPUBINFO_new" + or + name = "OSSL_CRMF_pbm_new" + or + name = "OSSL_CRMF_pbmp_new" + or + name = "OSSL_DECODER" + or + name = "OSSL_DECODER_CLEANUP" + or + name = "OSSL_DECODER_CONSTRUCT" + or + name = "OSSL_DECODER_CTX" + or + name = "OSSL_DECODER_CTX_add_decoder" + or + name = "OSSL_DECODER_CTX_add_extra" + or + name = "OSSL_DECODER_CTX_free" + or + name = "OSSL_DECODER_CTX_get_cleanup" + or + name = "OSSL_DECODER_CTX_get_construct" + or + name = "OSSL_DECODER_CTX_get_construct_data" + or + name = "OSSL_DECODER_CTX_get_num_decoders" + or + name = "OSSL_DECODER_CTX_new" + or + name = "OSSL_DECODER_CTX_new_for_pkey" + or + name = "OSSL_DECODER_CTX_set_cleanup" + or + name = "OSSL_DECODER_CTX_set_construct" + or + name = "OSSL_DECODER_CTX_set_construct_data" + or + name = "OSSL_DECODER_CTX_set_input_structure" + or + name = "OSSL_DECODER_CTX_set_input_type" + or + name = "OSSL_DECODER_CTX_set_params" + or + name = "OSSL_DECODER_CTX_set_passphrase" + or + name = "OSSL_DECODER_CTX_set_passphrase_cb" + or + name = "OSSL_DECODER_CTX_set_passphrase_ui" + or + name = "OSSL_DECODER_CTX_set_pem_password_cb" + or + name = "OSSL_DECODER_CTX_set_selection" + or + name = "OSSL_DECODER_INSTANCE" + or + name = "OSSL_DECODER_INSTANCE_get_decoder" + or + name = "OSSL_DECODER_INSTANCE_get_decoder_ctx" + or + name = "OSSL_DECODER_INSTANCE_get_input_structure" + or + name = "OSSL_DECODER_INSTANCE_get_input_type" + or + name = "OSSL_DECODER_do_all_provided" + or + name = "OSSL_DECODER_export" + or + name = "OSSL_DECODER_fetch" + or + name = "OSSL_DECODER_free" + or + name = "OSSL_DECODER_from_bio" + or + name = "OSSL_DECODER_from_data" + or + name = "OSSL_DECODER_from_fp" + or + name = "OSSL_DECODER_get0_description" + or + name = "OSSL_DECODER_get0_name" + or + name = "OSSL_DECODER_get0_properties" + or + name = "OSSL_DECODER_get0_provider" + or + name = "OSSL_DECODER_get_params" + or + name = "OSSL_DECODER_gettable_params" + or + name = "OSSL_DECODER_is_a" + or + name = "OSSL_DECODER_names_do_all" + or + name = "OSSL_DECODER_settable_ctx_params" + or + name = "OSSL_DECODER_up_ref" + or + name = "OSSL_DISPATCH" + or + name = "OSSL_DISPATCH_END" + or + name = "OSSL_EC_curve_nid2name" + or + name = "OSSL_ENCODER" + or + name = "OSSL_ENCODER_CLEANUP" + or + name = "OSSL_ENCODER_CONSTRUCT" + or + name = "OSSL_ENCODER_CTX" + or + name = "OSSL_ENCODER_CTX_add_encoder" + or + name = "OSSL_ENCODER_CTX_add_extra" + or + name = "OSSL_ENCODER_CTX_free" + or + name = "OSSL_ENCODER_CTX_get_num_encoders" + or + name = "OSSL_ENCODER_CTX_new" + or + name = "OSSL_ENCODER_CTX_new_for_pkey" + or + name = "OSSL_ENCODER_CTX_set_cipher" + or + name = "OSSL_ENCODER_CTX_set_cleanup" + or + name = "OSSL_ENCODER_CTX_set_construct" + or + name = "OSSL_ENCODER_CTX_set_construct_data" + or + name = "OSSL_ENCODER_CTX_set_output_structure" + or + name = "OSSL_ENCODER_CTX_set_output_type" + or + name = "OSSL_ENCODER_CTX_set_params" + or + name = "OSSL_ENCODER_CTX_set_passphrase" + or + name = "OSSL_ENCODER_CTX_set_passphrase_cb" + or + name = "OSSL_ENCODER_CTX_set_passphrase_ui" + or + name = "OSSL_ENCODER_CTX_set_pem_password_cb" + or + name = "OSSL_ENCODER_CTX_set_selection" + or + name = "OSSL_ENCODER_INSTANCE" + or + name = "OSSL_ENCODER_INSTANCE_get_encoder" + or + name = "OSSL_ENCODER_INSTANCE_get_encoder_ctx" + or + name = "OSSL_ENCODER_INSTANCE_get_output_structure" + or + name = "OSSL_ENCODER_INSTANCE_get_output_type" + or + name = "OSSL_ENCODER_do_all_provided" + or + name = "OSSL_ENCODER_fetch" + or + name = "OSSL_ENCODER_free" + or + name = "OSSL_ENCODER_get0_description" + or + name = "OSSL_ENCODER_get0_name" + or + name = "OSSL_ENCODER_get0_properties" + or + name = "OSSL_ENCODER_get0_provider" + or + name = "OSSL_ENCODER_get_params" + or + name = "OSSL_ENCODER_gettable_params" + or + name = "OSSL_ENCODER_is_a" + or + name = "OSSL_ENCODER_names_do_all" + or + name = "OSSL_ENCODER_settable_ctx_params" + or + name = "OSSL_ENCODER_to_bio" + or + name = "OSSL_ENCODER_to_data" + or + name = "OSSL_ENCODER_to_fp" + or + name = "OSSL_ENCODER_up_ref" + or + name = "OSSL_ESS_check_signing_certs" + or + name = "OSSL_ESS_signing_cert_new_init" + or + name = "OSSL_ESS_signing_cert_v2_new_init" + or + name = "OSSL_HPKE_CTX_free" + or + name = "OSSL_HPKE_CTX_get_seq" + or + name = "OSSL_HPKE_CTX_new" + or + name = "OSSL_HPKE_CTX_set1_authpriv" + or + name = "OSSL_HPKE_CTX_set1_authpub" + or + name = "OSSL_HPKE_CTX_set1_ikme" + or + name = "OSSL_HPKE_CTX_set1_psk" + or + name = "OSSL_HPKE_CTX_set_seq" + or + name = "OSSL_HPKE_decap" + or + name = "OSSL_HPKE_encap" + or + name = "OSSL_HPKE_export" + or + name = "OSSL_HPKE_get_ciphertext_size" + or + name = "OSSL_HPKE_get_grease_value" + or + name = "OSSL_HPKE_get_public_encap_size" + or + name = "OSSL_HPKE_get_recommended_ikmelen" + or + name = "OSSL_HPKE_keygen" + or + name = "OSSL_HPKE_open" + or + name = "OSSL_HPKE_seal" + or + name = "OSSL_HPKE_str2suite" + or + name = "OSSL_HPKE_suite_check" + or + name = "OSSL_HTTP_REQ_CTX" + or + name = "OSSL_HTTP_REQ_CTX_add1_header" + or + name = "OSSL_HTTP_REQ_CTX_exchange" + or + name = "OSSL_HTTP_REQ_CTX_free" + or + name = "OSSL_HTTP_REQ_CTX_get0_mem_bio" + or + name = "OSSL_HTTP_REQ_CTX_get_resp_len" + or + name = "OSSL_HTTP_REQ_CTX_nbio" + or + name = "OSSL_HTTP_REQ_CTX_nbio_d2i" + or + name = "OSSL_HTTP_REQ_CTX_new" + or + name = "OSSL_HTTP_REQ_CTX_set1_req" + or + name = "OSSL_HTTP_REQ_CTX_set_expected" + or + name = "OSSL_HTTP_REQ_CTX_set_max_response_length" + or + name = "OSSL_HTTP_REQ_CTX_set_request_line" + or + name = "OSSL_HTTP_adapt_proxy" + or + name = "OSSL_HTTP_bio_cb_t" + or + name = "OSSL_HTTP_close" + or + name = "OSSL_HTTP_exchange" + or + name = "OSSL_HTTP_get" + or + name = "OSSL_HTTP_is_alive" + or + name = "OSSL_HTTP_open" + or + name = "OSSL_HTTP_parse_url" + or + name = "OSSL_HTTP_proxy_connect" + or + name = "OSSL_HTTP_set1_request" + or + name = "OSSL_HTTP_transfer" + or + name = "OSSL_ITEM" + or + name = "OSSL_LIB_CTX" + or + name = "OSSL_LIB_CTX_free" + or + name = "OSSL_LIB_CTX_get0_global_default" + or + name = "OSSL_LIB_CTX_load_config" + or + name = "OSSL_LIB_CTX_new" + or + name = "OSSL_LIB_CTX_new_child" + or + name = "OSSL_LIB_CTX_new_from_dispatch" + or + name = "OSSL_LIB_CTX_set0_default" + or + name = "OSSL_PARAM" + or + name = "OSSL_PARAM_BLD" + or + name = "OSSL_PARAM_BLD_free" + or + name = "OSSL_PARAM_BLD_new" + or + name = "OSSL_PARAM_BLD_push_BN" + or + name = "OSSL_PARAM_BLD_push_BN_pad" + or + name = "OSSL_PARAM_BLD_push_double" + or + name = "OSSL_PARAM_BLD_push_int" + or + name = "OSSL_PARAM_BLD_push_int32" + or + name = "OSSL_PARAM_BLD_push_int64" + or + name = "OSSL_PARAM_BLD_push_long" + or + name = "OSSL_PARAM_BLD_push_octet_ptr" + or + name = "OSSL_PARAM_BLD_push_octet_string" + or + name = "OSSL_PARAM_BLD_push_size_t" + or + name = "OSSL_PARAM_BLD_push_time_t" + or + name = "OSSL_PARAM_BLD_push_uint" + or + name = "OSSL_PARAM_BLD_push_uint32" + or + name = "OSSL_PARAM_BLD_push_uint64" + or + name = "OSSL_PARAM_BLD_push_ulong" + or + name = "OSSL_PARAM_BLD_push_utf8_ptr" + or + name = "OSSL_PARAM_BLD_push_utf8_string" + or + name = "OSSL_PARAM_BLD_to_param" + or + name = "OSSL_PARAM_BN" + or + name = "OSSL_PARAM_DEFN" + or + name = "OSSL_PARAM_END" + or + name = "OSSL_PARAM_UNMODIFIED" + or + name = "OSSL_PARAM_allocate_from_text" + or + name = "OSSL_PARAM_construct_BN" + or + name = "OSSL_PARAM_construct_double" + or + name = "OSSL_PARAM_construct_end" + or + name = "OSSL_PARAM_construct_int" + or + name = "OSSL_PARAM_construct_int32" + or + name = "OSSL_PARAM_construct_int64" + or + name = "OSSL_PARAM_construct_long" + or + name = "OSSL_PARAM_construct_octet_ptr" + or + name = "OSSL_PARAM_construct_octet_string" + or + name = "OSSL_PARAM_construct_size_t" + or + name = "OSSL_PARAM_construct_time_t" + or + name = "OSSL_PARAM_construct_uint" + or + name = "OSSL_PARAM_construct_uint32" + or + name = "OSSL_PARAM_construct_uint64" + or + name = "OSSL_PARAM_construct_ulong" + or + name = "OSSL_PARAM_construct_utf8_ptr" + or + name = "OSSL_PARAM_construct_utf8_string" + or + name = "OSSL_PARAM_double" + or + name = "OSSL_PARAM_dup" + or + name = "OSSL_PARAM_free" + or + name = "OSSL_PARAM_get_BN" + or + name = "OSSL_PARAM_get_double" + or + name = "OSSL_PARAM_get_int" + or + name = "OSSL_PARAM_get_int32" + or + name = "OSSL_PARAM_get_int64" + or + name = "OSSL_PARAM_get_long" + or + name = "OSSL_PARAM_get_octet_ptr" + or + name = "OSSL_PARAM_get_octet_string" + or + name = "OSSL_PARAM_get_octet_string_ptr" + or + name = "OSSL_PARAM_get_size_t" + or + name = "OSSL_PARAM_get_time_t" + or + name = "OSSL_PARAM_get_uint" + or + name = "OSSL_PARAM_get_uint32" + or + name = "OSSL_PARAM_get_uint64" + or + name = "OSSL_PARAM_get_ulong" + or + name = "OSSL_PARAM_get_utf8_ptr" + or + name = "OSSL_PARAM_get_utf8_string" + or + name = "OSSL_PARAM_get_utf8_string_ptr" + or + name = "OSSL_PARAM_int" + or + name = "OSSL_PARAM_int32" + or + name = "OSSL_PARAM_int64" + or + name = "OSSL_PARAM_locate" + or + name = "OSSL_PARAM_locate_const" + or + name = "OSSL_PARAM_long" + or + name = "OSSL_PARAM_merge" + or + name = "OSSL_PARAM_modified" + or + name = "OSSL_PARAM_octet_ptr" + or + name = "OSSL_PARAM_octet_string" + or + name = "OSSL_PARAM_set_BN" + or + name = "OSSL_PARAM_set_all_unmodified" + or + name = "OSSL_PARAM_set_double" + or + name = "OSSL_PARAM_set_int" + or + name = "OSSL_PARAM_set_int32" + or + name = "OSSL_PARAM_set_int64" + or + name = "OSSL_PARAM_set_long" + or + name = "OSSL_PARAM_set_octet_ptr" + or + name = "OSSL_PARAM_set_octet_string" + or + name = "OSSL_PARAM_set_size_t" + or + name = "OSSL_PARAM_set_time_t" + or + name = "OSSL_PARAM_set_uint" + or + name = "OSSL_PARAM_set_uint32" + or + name = "OSSL_PARAM_set_uint64" + or + name = "OSSL_PARAM_set_ulong" + or + name = "OSSL_PARAM_set_utf8_ptr" + or + name = "OSSL_PARAM_set_utf8_string" + or + name = "OSSL_PARAM_size_t" + or + name = "OSSL_PARAM_time_t" + or + name = "OSSL_PARAM_uint" + or + name = "OSSL_PARAM_uint32" + or + name = "OSSL_PARAM_uint64" + or + name = "OSSL_PARAM_ulong" + or + name = "OSSL_PARAM_utf8_ptr" + or + name = "OSSL_PARAM_utf8_string" + or + name = "OSSL_PASSPHRASE_CALLBACK" + or + name = "OSSL_PROVIDER" + or + name = "OSSL_PROVIDER_add_builtin" + or + name = "OSSL_PROVIDER_available" + or + name = "OSSL_PROVIDER_do_all" + or + name = "OSSL_PROVIDER_get0_default_search_path" + or + name = "OSSL_PROVIDER_get0_dispatch" + or + name = "OSSL_PROVIDER_get0_name" + or + name = "OSSL_PROVIDER_get0_provider_ctx" + or + name = "OSSL_PROVIDER_get_capabilities" + or + name = "OSSL_PROVIDER_get_params" + or + name = "OSSL_PROVIDER_gettable_params" + or + name = "OSSL_PROVIDER_load" + or + name = "OSSL_PROVIDER_query_operation" + or + name = "OSSL_PROVIDER_self_test" + or + name = "OSSL_PROVIDER_set_default_search_path" + or + name = "OSSL_PROVIDER_try_load" + or + name = "OSSL_PROVIDER_unload" + or + name = "OSSL_PROVIDER_unquery_operation" + or + name = "OSSL_QUIC_client_method" + or + name = "OSSL_QUIC_client_thread_method" + or + name = "OSSL_QUIC_server_method" + or + name = "OSSL_SELF_TEST_free" + or + name = "OSSL_SELF_TEST_get_callback" + or + name = "OSSL_SELF_TEST_new" + or + name = "OSSL_SELF_TEST_onbegin" + or + name = "OSSL_SELF_TEST_oncorrupt_byte" + or + name = "OSSL_SELF_TEST_onend" + or + name = "OSSL_SELF_TEST_set_callback" + or + name = "OSSL_STACK_OF_X509_free" + or + name = "OSSL_STORE_CTX" + or + name = "OSSL_STORE_INFO" + or + name = "OSSL_STORE_INFO_free" + or + name = "OSSL_STORE_INFO_get0_CERT" + or + name = "OSSL_STORE_INFO_get0_CRL" + or + name = "OSSL_STORE_INFO_get0_NAME" + or + name = "OSSL_STORE_INFO_get0_NAME_description" + or + name = "OSSL_STORE_INFO_get0_PARAMS" + or + name = "OSSL_STORE_INFO_get0_PKEY" + or + name = "OSSL_STORE_INFO_get0_PUBKEY" + or + name = "OSSL_STORE_INFO_get0_data" + or + name = "OSSL_STORE_INFO_get1_CERT" + or + name = "OSSL_STORE_INFO_get1_CRL" + or + name = "OSSL_STORE_INFO_get1_NAME" + or + name = "OSSL_STORE_INFO_get1_NAME_description" + or + name = "OSSL_STORE_INFO_get1_PARAMS" + or + name = "OSSL_STORE_INFO_get1_PKEY" + or + name = "OSSL_STORE_INFO_get1_PUBKEY" + or + name = "OSSL_STORE_INFO_get_type" + or + name = "OSSL_STORE_INFO_new" + or + name = "OSSL_STORE_INFO_new_CERT" + or + name = "OSSL_STORE_INFO_new_CRL" + or + name = "OSSL_STORE_INFO_new_NAME" + or + name = "OSSL_STORE_INFO_new_PARAMS" + or + name = "OSSL_STORE_INFO_new_PKEY" + or + name = "OSSL_STORE_INFO_new_PUBKEY" + or + name = "OSSL_STORE_INFO_set0_NAME_description" + or + name = "OSSL_STORE_INFO_type_string" + or + name = "OSSL_STORE_LOADER" + or + name = "OSSL_STORE_LOADER_CTX" + or + name = "OSSL_STORE_LOADER_do_all_provided" + or + name = "OSSL_STORE_LOADER_fetch" + or + name = "OSSL_STORE_LOADER_free" + or + name = "OSSL_STORE_LOADER_get0_description" + or + name = "OSSL_STORE_LOADER_get0_engine" + or + name = "OSSL_STORE_LOADER_get0_properties" + or + name = "OSSL_STORE_LOADER_get0_provider" + or + name = "OSSL_STORE_LOADER_get0_scheme" + or + name = "OSSL_STORE_LOADER_is_a" + or + name = "OSSL_STORE_LOADER_names_do_all" + or + name = "OSSL_STORE_LOADER_new" + or + name = "OSSL_STORE_LOADER_set_attach" + or + name = "OSSL_STORE_LOADER_set_close" + or + name = "OSSL_STORE_LOADER_set_ctrl" + or + name = "OSSL_STORE_LOADER_set_eof" + or + name = "OSSL_STORE_LOADER_set_error" + or + name = "OSSL_STORE_LOADER_set_expect" + or + name = "OSSL_STORE_LOADER_set_find" + or + name = "OSSL_STORE_LOADER_set_load" + or + name = "OSSL_STORE_LOADER_set_open" + or + name = "OSSL_STORE_LOADER_set_open_ex" + or + name = "OSSL_STORE_LOADER_up_ref" + or + name = "OSSL_STORE_SEARCH" + or + name = "OSSL_STORE_SEARCH_by_alias" + or + name = "OSSL_STORE_SEARCH_by_issuer_serial" + or + name = "OSSL_STORE_SEARCH_by_key_fingerprint" + or + name = "OSSL_STORE_SEARCH_by_name" + or + name = "OSSL_STORE_SEARCH_free" + or + name = "OSSL_STORE_SEARCH_get0_bytes" + or + name = "OSSL_STORE_SEARCH_get0_digest" + or + name = "OSSL_STORE_SEARCH_get0_name" + or + name = "OSSL_STORE_SEARCH_get0_serial" + or + name = "OSSL_STORE_SEARCH_get0_string" + or + name = "OSSL_STORE_SEARCH_get_type" + or + name = "OSSL_STORE_attach" + or + name = "OSSL_STORE_attach_fn" + or + name = "OSSL_STORE_close" + or + name = "OSSL_STORE_close_fn" + or + name = "OSSL_STORE_ctrl" + or + name = "OSSL_STORE_ctrl_fn" + or + name = "OSSL_STORE_eof" + or + name = "OSSL_STORE_eof_fn" + or + name = "OSSL_STORE_error" + or + name = "OSSL_STORE_error_fn" + or + name = "OSSL_STORE_expect" + or + name = "OSSL_STORE_expect_fn" + or + name = "OSSL_STORE_find" + or + name = "OSSL_STORE_find_fn" + or + name = "OSSL_STORE_load" + or + name = "OSSL_STORE_load_fn" + or + name = "OSSL_STORE_open" + or + name = "OSSL_STORE_open_ex" + or + name = "OSSL_STORE_open_ex_fn" + or + name = "OSSL_STORE_open_fn" + or + name = "OSSL_STORE_post_process_info_fn" + or + name = "OSSL_STORE_register_loader" + or + name = "OSSL_STORE_supports_search" + or + name = "OSSL_STORE_unregister_loader" + or + name = "OSSL_TRACE" + or + name = "OSSL_TRACE1" + or + name = "OSSL_TRACE2" + or + name = "OSSL_TRACE3" + or + name = "OSSL_TRACE4" + or + name = "OSSL_TRACE5" + or + name = "OSSL_TRACE6" + or + name = "OSSL_TRACE7" + or + name = "OSSL_TRACE8" + or + name = "OSSL_TRACE9" + or + name = "OSSL_TRACEV" + or + name = "OSSL_TRACE_BEGIN" + or + name = "OSSL_TRACE_CANCEL" + or + name = "OSSL_TRACE_ENABLED" + or + name = "OSSL_TRACE_END" + or + name = "OSSL_TRACE_STRING" + or + name = "OSSL_TRACE_STRING_MAX" + or + name = "OSSL_default_cipher_list" + or + name = "OSSL_default_ciphersuites" + or + name = "OSSL_get_max_threads" + or + name = "OSSL_get_thread_support_flags" + or + name = "OSSL_parse_url" + or + name = "OSSL_set_max_threads" + or + name = "OSSL_sleep" + or + name = "OSSL_trace_begin" + or + name = "OSSL_trace_cb" + or + name = "OSSL_trace_enabled" + or + name = "OSSL_trace_end" + or + name = "OSSL_trace_get_category_name" + or + name = "OSSL_trace_get_category_num" + or + name = "OSSL_trace_set_callback" + or + name = "OSSL_trace_set_channel" + or + name = "OSSL_trace_set_prefix" + or + name = "OSSL_trace_set_suffix" + or + name = "OSSL_trace_string" + or + name = "OTHERNAME_free" + or + name = "OTHERNAME_new" + or + name = "OpenSSL_add_all_algorithms" + or + name = "OpenSSL_add_all_ciphers" + or + name = "OpenSSL_add_all_digests" + or + name = "OpenSSL_add_ssl_algorithms" + or + name = "OpenSSL_version" + or + name = "OpenSSL_version_num" + or + name = "PBE2PARAM_free" + or + name = "PBE2PARAM_new" + or + name = "PBEPARAM_free" + or + name = "PBEPARAM_new" + or + name = "PBKDF2PARAM_free" + or + name = "PBKDF2PARAM_new" + or + name = "PEM" + or + name = "PEM_FLAG_EAY_COMPATIBLE" + or + name = "PEM_FLAG_ONLY_B64" + or + name = "PEM_FLAG_SECURE" + or + name = "PEM_X509_INFO_read" + or + name = "PEM_X509_INFO_read_bio" + or + name = "PEM_X509_INFO_read_bio_ex" + or + name = "PEM_X509_INFO_read_ex" + or + name = "PEM_bytes_read_bio" + or + name = "PEM_bytes_read_bio_secmem" + or + name = "PEM_do_header" + or + name = "PEM_get_EVP_CIPHER_INFO" + or + name = "PEM_read" + or + name = "PEM_read_CMS" + or + name = "PEM_read_DHparams" + or + name = "PEM_read_DSAPrivateKey" + or + name = "PEM_read_DSA_PUBKEY" + or + name = "PEM_read_DSAparams" + or + name = "PEM_read_ECPKParameters" + or + name = "PEM_read_ECPrivateKey" + or + name = "PEM_read_EC_PUBKEY" + or + name = "PEM_read_NETSCAPE_CERT_SEQUENCE" + or + name = "PEM_read_PKCS7" + or + name = "PEM_read_PKCS8" + or + name = "PEM_read_PKCS8_PRIV_KEY_INFO" + or + name = "PEM_read_PUBKEY" + or + name = "PEM_read_PUBKEY_ex" + or + name = "PEM_read_PrivateKey" + or + name = "PEM_read_PrivateKey_ex" + or + name = "PEM_read_RSAPrivateKey" + or + name = "PEM_read_RSAPublicKey" + or + name = "PEM_read_RSA_PUBKEY" + or + name = "PEM_read_SSL_SESSION" + or + name = "PEM_read_X509" + or + name = "PEM_read_X509_AUX" + or + name = "PEM_read_X509_CRL" + or + name = "PEM_read_X509_PUBKEY" + or + name = "PEM_read_X509_REQ" + or + name = "PEM_read_bio" + or + name = "PEM_read_bio_CMS" + or + name = "PEM_read_bio_DHparams" + or + name = "PEM_read_bio_DSAPrivateKey" + or + name = "PEM_read_bio_DSA_PUBKEY" + or + name = "PEM_read_bio_DSAparams" + or + name = "PEM_read_bio_ECPKParameters" + or + name = "PEM_read_bio_EC_PUBKEY" + or + name = "PEM_read_bio_NETSCAPE_CERT_SEQUENCE" + or + name = "PEM_read_bio_PKCS7" + or + name = "PEM_read_bio_PKCS8" + or + name = "PEM_read_bio_PKCS8_PRIV_KEY_INFO" + or + name = "PEM_read_bio_PUBKEY" + or + name = "PEM_read_bio_PUBKEY_ex" + or + name = "PEM_read_bio_Parameters" + or + name = "PEM_read_bio_Parameters_ex" + or + name = "PEM_read_bio_PrivateKey" + or + name = "PEM_read_bio_PrivateKey_ex" + or + name = "PEM_read_bio_RSAPrivateKey" + or + name = "PEM_read_bio_RSAPublicKey" + or + name = "PEM_read_bio_RSA_PUBKEY" + or + name = "PEM_read_bio_SSL_SESSION" + or + name = "PEM_read_bio_X509" + or + name = "PEM_read_bio_X509_AUX" + or + name = "PEM_read_bio_X509_CRL" + or + name = "PEM_read_bio_X509_PUBKEY" + or + name = "PEM_read_bio_X509_REQ" + or + name = "PEM_read_bio_ex" + or + name = "PEM_write" + or + name = "PEM_write_CMS" + or + name = "PEM_write_DHparams" + or + name = "PEM_write_DHxparams" + or + name = "PEM_write_DSAPrivateKey" + or + name = "PEM_write_DSA_PUBKEY" + or + name = "PEM_write_DSAparams" + or + name = "PEM_write_ECPKParameters" + or + name = "PEM_write_ECPrivateKey" + or + name = "PEM_write_EC_PUBKEY" + or + name = "PEM_write_NETSCAPE_CERT_SEQUENCE" + or + name = "PEM_write_PKCS7" + or + name = "PEM_write_PKCS8" + or + name = "PEM_write_PKCS8PrivateKey" + or + name = "PEM_write_PKCS8PrivateKey_nid" + or + name = "PEM_write_PKCS8_PRIV_KEY_INFO" + or + name = "PEM_write_PUBKEY" + or + name = "PEM_write_PUBKEY_ex" + or + name = "PEM_write_PrivateKey" + or + name = "PEM_write_PrivateKey_ex" + or + name = "PEM_write_RSAPrivateKey" + or + name = "PEM_write_RSAPublicKey" + or + name = "PEM_write_RSA_PUBKEY" + or + name = "PEM_write_SSL_SESSION" + or + name = "PEM_write_X509" + or + name = "PEM_write_X509_AUX" + or + name = "PEM_write_X509_CRL" + or + name = "PEM_write_X509_PUBKEY" + or + name = "PEM_write_X509_REQ" + or + name = "PEM_write_X509_REQ_NEW" + or + name = "PEM_write_bio" + or + name = "PEM_write_bio_CMS" + or + name = "PEM_write_bio_CMS_stream" + or + name = "PEM_write_bio_DHparams" + or + name = "PEM_write_bio_DHxparams" + or + name = "PEM_write_bio_DSAPrivateKey" + or + name = "PEM_write_bio_DSA_PUBKEY" + or + name = "PEM_write_bio_DSAparams" + or + name = "PEM_write_bio_ECPKParameters" + or + name = "PEM_write_bio_ECPrivateKey" + or + name = "PEM_write_bio_EC_PUBKEY" + or + name = "PEM_write_bio_NETSCAPE_CERT_SEQUENCE" + or + name = "PEM_write_bio_PKCS7" + or + name = "PEM_write_bio_PKCS7_stream" + or + name = "PEM_write_bio_PKCS8" + or + name = "PEM_write_bio_PKCS8PrivateKey" + or + name = "PEM_write_bio_PKCS8PrivateKey_nid" + or + name = "PEM_write_bio_PKCS8_PRIV_KEY_INFO" + or + name = "PEM_write_bio_PUBKEY" + or + name = "PEM_write_bio_PUBKEY_ex" + or + name = "PEM_write_bio_Parameters" + or + name = "PEM_write_bio_PrivateKey" + or + name = "PEM_write_bio_PrivateKey_ex" + or + name = "PEM_write_bio_PrivateKey_traditional" + or + name = "PEM_write_bio_RSAPrivateKey" + or + name = "PEM_write_bio_RSAPublicKey" + or + name = "PEM_write_bio_RSA_PUBKEY" + or + name = "PEM_write_bio_SSL_SESSION" + or + name = "PEM_write_bio_X509" + or + name = "PEM_write_bio_X509_AUX" + or + name = "PEM_write_bio_X509_CRL" + or + name = "PEM_write_bio_X509_PUBKEY" + or + name = "PEM_write_bio_X509_REQ" + or + name = "PEM_write_bio_X509_REQ_NEW" + or + name = "PKCS12_BAGS_free" + or + name = "PKCS12_BAGS_new" + or + name = "PKCS12_MAC_DATA_free" + or + name = "PKCS12_MAC_DATA_new" + or + name = "PKCS12_PBE_keyivgen" + or + name = "PKCS12_PBE_keyivgen_ex" + or + name = "PKCS12_SAFEBAG_create0_p8inf" + or + name = "PKCS12_SAFEBAG_create0_pkcs8" + or + name = "PKCS12_SAFEBAG_create_cert" + or + name = "PKCS12_SAFEBAG_create_crl" + or + name = "PKCS12_SAFEBAG_create_pkcs8_encrypt" + or + name = "PKCS12_SAFEBAG_create_pkcs8_encrypt_ex" + or + name = "PKCS12_SAFEBAG_create_secret" + or + name = "PKCS12_SAFEBAG_free" + or + name = "PKCS12_SAFEBAG_get0_attr" + or + name = "PKCS12_SAFEBAG_get0_attrs" + or + name = "PKCS12_SAFEBAG_get0_bag_obj" + or + name = "PKCS12_SAFEBAG_get0_bag_type" + or + name = "PKCS12_SAFEBAG_get0_p8inf" + or + name = "PKCS12_SAFEBAG_get0_pkcs8" + or + name = "PKCS12_SAFEBAG_get0_safes" + or + name = "PKCS12_SAFEBAG_get0_type" + or + name = "PKCS12_SAFEBAG_get1_cert" + or + name = "PKCS12_SAFEBAG_get1_cert_ex" + or + name = "PKCS12_SAFEBAG_get1_crl" + or + name = "PKCS12_SAFEBAG_get1_crl_ex" + or + name = "PKCS12_SAFEBAG_get_bag_nid" + or + name = "PKCS12_SAFEBAG_get_nid" + or + name = "PKCS12_SAFEBAG_new" + or + name = "PKCS12_SAFEBAG_set0_attrs" + or + name = "PKCS12_add1_attr_by_NID" + or + name = "PKCS12_add1_attr_by_txt" + or + name = "PKCS12_add_CSPName_asc" + or + name = "PKCS12_add_cert" + or + name = "PKCS12_add_friendlyname_asc" + or + name = "PKCS12_add_friendlyname_uni" + or + name = "PKCS12_add_friendlyname_utf8" + or + name = "PKCS12_add_key" + or + name = "PKCS12_add_key_ex" + or + name = "PKCS12_add_localkeyid" + or + name = "PKCS12_add_safe" + or + name = "PKCS12_add_safe_ex" + or + name = "PKCS12_add_safes" + or + name = "PKCS12_add_safes_ex" + or + name = "PKCS12_add_secret" + or + name = "PKCS12_create" + or + name = "PKCS12_create_cb" + or + name = "PKCS12_create_ex" + or + name = "PKCS12_create_ex2" + or + name = "PKCS12_decrypt_skey" + or + name = "PKCS12_decrypt_skey_ex" + or + name = "PKCS12_free" + or + name = "PKCS12_gen_mac" + or + name = "PKCS12_get_attr_gen" + or + name = "PKCS12_get_friendlyname" + or + name = "PKCS12_init" + or + name = "PKCS12_init_ex" + or + name = "PKCS12_item_decrypt_d2i" + or + name = "PKCS12_item_decrypt_d2i_ex" + or + name = "PKCS12_item_i2d_encrypt" + or + name = "PKCS12_item_i2d_encrypt_ex" + or + name = "PKCS12_key_gen_asc" + or + name = "PKCS12_key_gen_asc_ex" + or + name = "PKCS12_key_gen_uni" + or + name = "PKCS12_key_gen_uni_ex" + or + name = "PKCS12_key_gen_utf8" + or + name = "PKCS12_key_gen_utf8_ex" + or + name = "PKCS12_new" + or + name = "PKCS12_newpass" + or + name = "PKCS12_pack_p7encdata" + or + name = "PKCS12_pack_p7encdata_ex" + or + name = "PKCS12_parse" + or + name = "PKCS12_pbe_crypt" + or + name = "PKCS12_pbe_crypt_ex" + or + name = "PKCS12_set_mac" + or + name = "PKCS12_setup_mac" + or + name = "PKCS12_verify_mac" + or + name = "PKCS5_PBE_keyivgen" + or + name = "PKCS5_PBE_keyivgen_ex" + or + name = "PKCS5_PBKDF2_HMAC" + or + name = "PKCS5_PBKDF2_HMAC_SHA1" + or + name = "PKCS5_pbe2_set" + or + name = "PKCS5_pbe2_set_iv" + or + name = "PKCS5_pbe2_set_iv_ex" + or + name = "PKCS5_pbe2_set_scrypt" + or + name = "PKCS5_pbe_set" + or + name = "PKCS5_pbe_set0_algor" + or + name = "PKCS5_pbe_set0_algor_ex" + or + name = "PKCS5_pbe_set_ex" + or + name = "PKCS5_pbkdf2_set" + or + name = "PKCS5_pbkdf2_set_ex" + or + name = "PKCS5_v2_PBE_keyivgen" + or + name = "PKCS5_v2_PBE_keyivgen_ex" + or + name = "PKCS5_v2_scrypt_keyivgen" + or + name = "PKCS5_v2_scrypt_keyivgen_ex" + or + name = "PKCS7_DIGEST_free" + or + name = "PKCS7_DIGEST_new" + or + name = "PKCS7_ENCRYPT_free" + or + name = "PKCS7_ENCRYPT_new" + or + name = "PKCS7_ENC_CONTENT_free" + or + name = "PKCS7_ENC_CONTENT_new" + or + name = "PKCS7_ENVELOPE_free" + or + name = "PKCS7_ENVELOPE_new" + or + name = "PKCS7_ISSUER_AND_SERIAL_digest" + or + name = "PKCS7_ISSUER_AND_SERIAL_free" + or + name = "PKCS7_ISSUER_AND_SERIAL_new" + or + name = "PKCS7_RECIP_INFO_free" + or + name = "PKCS7_RECIP_INFO_new" + or + name = "PKCS7_SIGNED_free" + or + name = "PKCS7_SIGNED_new" + or + name = "PKCS7_SIGNER_INFO_free" + or + name = "PKCS7_SIGNER_INFO_new" + or + name = "PKCS7_SIGN_ENVELOPE_free" + or + name = "PKCS7_SIGN_ENVELOPE_new" + or + name = "PKCS7_add_certificate" + or + name = "PKCS7_add_crl" + or + name = "PKCS7_decrypt" + or + name = "PKCS7_dup" + or + name = "PKCS7_encrypt" + or + name = "PKCS7_encrypt_ex" + or + name = "PKCS7_free" + or + name = "PKCS7_get0_signers" + or + name = "PKCS7_get_octet_string" + or + name = "PKCS7_new" + or + name = "PKCS7_new_ex" + or + name = "PKCS7_print_ctx" + or + name = "PKCS7_sign" + or + name = "PKCS7_sign_add_signer" + or + name = "PKCS7_sign_ex" + or + name = "PKCS7_type_is_other" + or + name = "PKCS7_verify" + or + name = "PKCS8_PRIV_KEY_INFO_free" + or + name = "PKCS8_PRIV_KEY_INFO_new" + or + name = "PKCS8_decrypt" + or + name = "PKCS8_decrypt_ex" + or + name = "PKCS8_encrypt" + or + name = "PKCS8_encrypt_ex" + or + name = "PKCS8_pkey_add1_attr" + or + name = "PKCS8_pkey_add1_attr_by_NID" + or + name = "PKCS8_pkey_add1_attr_by_OBJ" + or + name = "PKCS8_pkey_get0_attrs" + or + name = "PKCS8_set0_pbe" + or + name = "PKCS8_set0_pbe_ex" + or + name = "PKEY_USAGE_PERIOD_free" + or + name = "PKEY_USAGE_PERIOD_new" + or + name = "POLICYINFO_free" + or + name = "POLICYINFO_new" + or + name = "POLICYQUALINFO_free" + or + name = "POLICYQUALINFO_new" + or + name = "POLICY_CONSTRAINTS_free" + or + name = "POLICY_CONSTRAINTS_new" + or + name = "POLICY_MAPPING_free" + or + name = "POLICY_MAPPING_new" + or + name = "PROFESSION_INFO" + or + name = "PROFESSION_INFOS" + or + name = "PROFESSION_INFOS_free" + or + name = "PROFESSION_INFOS_new" + or + name = "PROFESSION_INFO_free" + or + name = "PROFESSION_INFO_get0_addProfessionInfo" + or + name = "PROFESSION_INFO_get0_namingAuthority" + or + name = "PROFESSION_INFO_get0_professionItems" + or + name = "PROFESSION_INFO_get0_professionOIDs" + or + name = "PROFESSION_INFO_get0_registrationNumber" + or + name = "PROFESSION_INFO_new" + or + name = "PROFESSION_INFO_set0_addProfessionInfo" + or + name = "PROFESSION_INFO_set0_namingAuthority" + or + name = "PROFESSION_INFO_set0_professionItems" + or + name = "PROFESSION_INFO_set0_professionOIDs" + or + name = "PROFESSION_INFO_set0_registrationNumber" + or + name = "PROXY_CERT_INFO_EXTENSION_free" + or + name = "PROXY_CERT_INFO_EXTENSION_new" + or + name = "PROXY_POLICY_free" + or + name = "PROXY_POLICY_new" + or + name = "RAND_DRBG_bytes" + or + name = "RAND_DRBG_cleanup_entropy_fn" + or + name = "RAND_DRBG_cleanup_nonce_fn" + or + name = "RAND_DRBG_free" + or + name = "RAND_DRBG_generate" + or + name = "RAND_DRBG_get0_master" + or + name = "RAND_DRBG_get0_private" + or + name = "RAND_DRBG_get0_public" + or + name = "RAND_DRBG_get_entropy_fn" + or + name = "RAND_DRBG_get_ex_data" + or + name = "RAND_DRBG_get_ex_new_index" + or + name = "RAND_DRBG_get_nonce_fn" + or + name = "RAND_DRBG_instantiate" + or + name = "RAND_DRBG_new" + or + name = "RAND_DRBG_reseed" + or + name = "RAND_DRBG_secure_new" + or + name = "RAND_DRBG_set" + or + name = "RAND_DRBG_set_callbacks" + or + name = "RAND_DRBG_set_defaults" + or + name = "RAND_DRBG_set_ex_data" + or + name = "RAND_DRBG_set_reseed_defaults" + or + name = "RAND_DRBG_set_reseed_interval" + or + name = "RAND_DRBG_set_reseed_time_interval" + or + name = "RAND_DRBG_uninstantiate" + or + name = "RAND_OpenSSL" + or + name = "RAND_SSLeay" + or + name = "RAND_add" + or + name = "RAND_bytes" + or + name = "RAND_bytes_ex" + or + name = "RAND_cleanup" + or + name = "RAND_egd" + or + name = "RAND_egd_bytes" + or + name = "RAND_event" + or + name = "RAND_file_name" + or + name = "RAND_get0_primary" + or + name = "RAND_get0_private" + or + name = "RAND_get0_public" + or + name = "RAND_get_rand_method" + or + name = "RAND_keep_random_devices_open" + or + name = "RAND_load_file" + or + name = "RAND_poll" + or + name = "RAND_priv_bytes" + or + name = "RAND_priv_bytes_ex" + or + name = "RAND_pseudo_bytes" + or + name = "RAND_query_egd_bytes" + or + name = "RAND_screen" + or + name = "RAND_seed" + or + name = "RAND_set0_private" + or + name = "RAND_set0_public" + or + name = "RAND_set_DRBG_type" + or + name = "RAND_set_rand_method" + or + name = "RAND_set_seed_source_type" + or + name = "RAND_status" + or + name = "RAND_write_file" + or + name = "RC4" + or + name = "RC4_set_key" + or + name = "RIPEMD160" + or + name = "RIPEMD160_Final" + or + name = "RIPEMD160_Init" + or + name = "RIPEMD160_Update" + or + name = "RSAPrivateKey_dup" + or + name = "RSAPublicKey_dup" + or + name = "RSA_OAEP_PARAMS_free" + or + name = "RSA_OAEP_PARAMS_new" + or + name = "RSA_PKCS1_OpenSSL" + or + name = "RSA_PKCS1_SSLeay" + or + name = "RSA_PSS_PARAMS_dup" + or + name = "RSA_PSS_PARAMS_free" + or + name = "RSA_PSS_PARAMS_new" + or + name = "RSA_bits" + or + name = "RSA_blinding_off" + or + name = "RSA_blinding_on" + or + name = "RSA_check_key" + or + name = "RSA_check_key_ex" + or + name = "RSA_clear_flags" + or + name = "RSA_flags" + or + name = "RSA_free" + or + name = "RSA_generate_key" + or + name = "RSA_generate_key_ex" + or + name = "RSA_generate_multi_prime_key" + or + name = "RSA_get0_crt_params" + or + name = "RSA_get0_d" + or + name = "RSA_get0_dmp1" + or + name = "RSA_get0_dmq1" + or + name = "RSA_get0_e" + or + name = "RSA_get0_engine" + or + name = "RSA_get0_factors" + or + name = "RSA_get0_iqmp" + or + name = "RSA_get0_key" + or + name = "RSA_get0_multi_prime_crt_params" + or + name = "RSA_get0_multi_prime_factors" + or + name = "RSA_get0_n" + or + name = "RSA_get0_p" + or + name = "RSA_get0_pss_params" + or + name = "RSA_get0_q" + or + name = "RSA_get_app_data" + or + name = "RSA_get_default_method" + or + name = "RSA_get_ex_data" + or + name = "RSA_get_ex_new_index" + or + name = "RSA_get_method" + or + name = "RSA_get_multi_prime_extra_count" + or + name = "RSA_get_version" + or + name = "RSA_meth_dup" + or + name = "RSA_meth_free" + or + name = "RSA_meth_get0_app_data" + or + name = "RSA_meth_get0_name" + or + name = "RSA_meth_get_bn_mod_exp" + or + name = "RSA_meth_get_finish" + or + name = "RSA_meth_get_flags" + or + name = "RSA_meth_get_init" + or + name = "RSA_meth_get_keygen" + or + name = "RSA_meth_get_mod_exp" + or + name = "RSA_meth_get_multi_prime_keygen" + or + name = "RSA_meth_get_priv_dec" + or + name = "RSA_meth_get_priv_enc" + or + name = "RSA_meth_get_pub_dec" + or + name = "RSA_meth_get_pub_enc" + or + name = "RSA_meth_get_sign" + or + name = "RSA_meth_get_verify" + or + name = "RSA_meth_new" + or + name = "RSA_meth_set0_app_data" + or + name = "RSA_meth_set1_name" + or + name = "RSA_meth_set_bn_mod_exp" + or + name = "RSA_meth_set_finish" + or + name = "RSA_meth_set_flags" + or + name = "RSA_meth_set_init" + or + name = "RSA_meth_set_keygen" + or + name = "RSA_meth_set_mod_exp" + or + name = "RSA_meth_set_multi_prime_keygen" + or + name = "RSA_meth_set_priv_dec" + or + name = "RSA_meth_set_priv_enc" + or + name = "RSA_meth_set_pub_dec" + or + name = "RSA_meth_set_pub_enc" + or + name = "RSA_meth_set_sign" + or + name = "RSA_meth_set_verify" + or + name = "RSA_new" + or + name = "RSA_new_method" + or + name = "RSA_null_method" + or + name = "RSA_padding_add_PKCS1_OAEP" + or + name = "RSA_padding_add_PKCS1_OAEP_mgf1" + or + name = "RSA_padding_add_PKCS1_type_1" + or + name = "RSA_padding_add_PKCS1_type_2" + or + name = "RSA_padding_add_SSLv23" + or + name = "RSA_padding_add_none" + or + name = "RSA_padding_check_PKCS1_OAEP" + or + name = "RSA_padding_check_PKCS1_OAEP_mgf1" + or + name = "RSA_padding_check_PKCS1_type_1" + or + name = "RSA_padding_check_PKCS1_type_2" + or + name = "RSA_padding_check_SSLv23" + or + name = "RSA_padding_check_none" + or + name = "RSA_print" + or + name = "RSA_print_fp" + or + name = "RSA_private_decrypt" + or + name = "RSA_private_encrypt" + or + name = "RSA_public_decrypt" + or + name = "RSA_public_encrypt" + or + name = "RSA_security_bits" + or + name = "RSA_set0_crt_params" + or + name = "RSA_set0_factors" + or + name = "RSA_set0_key" + or + name = "RSA_set0_multi_prime_params" + or + name = "RSA_set_app_data" + or + name = "RSA_set_default_method" + or + name = "RSA_set_ex_data" + or + name = "RSA_set_flags" + or + name = "RSA_set_method" + or + name = "RSA_sign" + or + name = "RSA_sign_ASN1_OCTET_STRING" + or + name = "RSA_size" + or + name = "RSA_test_flags" + or + name = "RSA_verify" + or + name = "RSA_verify_ASN1_OCTET_STRING" + or + name = "SCRYPT_PARAMS_free" + or + name = "SCRYPT_PARAMS_new" + or + name = "SCT_LIST_free" + or + name = "SCT_LIST_print" + or + name = "SCT_LIST_validate" + or + name = "SCT_free" + or + name = "SCT_get0_extensions" + or + name = "SCT_get0_log_id" + or + name = "SCT_get0_signature" + or + name = "SCT_get_log_entry_type" + or + name = "SCT_get_signature_nid" + or + name = "SCT_get_source" + or + name = "SCT_get_timestamp" + or + name = "SCT_get_validation_status" + or + name = "SCT_get_version" + or + name = "SCT_new" + or + name = "SCT_new_from_base64" + or + name = "SCT_print" + or + name = "SCT_set0_extensions" + or + name = "SCT_set0_log_id" + or + name = "SCT_set0_signature" + or + name = "SCT_set1_extensions" + or + name = "SCT_set1_log_id" + or + name = "SCT_set1_signature" + or + name = "SCT_set_log_entry_type" + or + name = "SCT_set_signature_nid" + or + name = "SCT_set_source" + or + name = "SCT_set_timestamp" + or + name = "SCT_set_version" + or + name = "SCT_validate" + or + name = "SCT_validation_status_string" + or + name = "SHA1" + or + name = "SHA1_Final" + or + name = "SHA1_Init" + or + name = "SHA1_Update" + or + name = "SHA224" + or + name = "SHA224_Final" + or + name = "SHA224_Init" + or + name = "SHA224_Update" + or + name = "SHA256" + or + name = "SHA256_Final" + or + name = "SHA256_Init" + or + name = "SHA256_Update" + or + name = "SHA384" + or + name = "SHA384_Final" + or + name = "SHA384_Init" + or + name = "SHA384_Update" + or + name = "SHA512" + or + name = "SHA512_Final" + or + name = "SHA512_Init" + or + name = "SHA512_Update" + or + name = "SMIME_read_ASN1" + or + name = "SMIME_read_ASN1_ex" + or + name = "SMIME_read_CMS" + or + name = "SMIME_read_CMS_ex" + or + name = "SMIME_read_PKCS7" + or + name = "SMIME_read_PKCS7_ex" + or + name = "SMIME_write_ASN1" + or + name = "SMIME_write_ASN1_ex" + or + name = "SMIME_write_CMS" + or + name = "SMIME_write_PKCS7" + or + name = "SRP_Calc_A" + or + name = "SRP_Calc_B" + or + name = "SRP_Calc_B_ex" + or + name = "SRP_Calc_client_key" + or + name = "SRP_Calc_client_key_ex" + or + name = "SRP_Calc_server_key" + or + name = "SRP_Calc_u" + or + name = "SRP_Calc_u_ex" + or + name = "SRP_Calc_x" + or + name = "SRP_Calc_x_ex" + or + name = "SRP_VBASE_add0_user" + or + name = "SRP_VBASE_free" + or + name = "SRP_VBASE_get1_by_user" + or + name = "SRP_VBASE_get_by_user" + or + name = "SRP_VBASE_init" + or + name = "SRP_VBASE_new" + or + name = "SRP_check_known_gN_param" + or + name = "SRP_create_verifier" + or + name = "SRP_create_verifier_BN" + or + name = "SRP_create_verifier_BN_ex" + or + name = "SRP_create_verifier_ex" + or + name = "SRP_get_default_gN" + or + name = "SRP_user_pwd_free" + or + name = "SRP_user_pwd_new" + or + name = "SRP_user_pwd_set0_sv" + or + name = "SRP_user_pwd_set1_ids" + or + name = "SRP_user_pwd_set_gN" + or + name = "SSL" + or + name = "SSL_CIPHER_description" + or + name = "SSL_CIPHER_find" + or + name = "SSL_CIPHER_get_auth_nid" + or + name = "SSL_CIPHER_get_bits" + or + name = "SSL_CIPHER_get_cipher_nid" + or + name = "SSL_CIPHER_get_digest_nid" + or + name = "SSL_CIPHER_get_handshake_digest" + or + name = "SSL_CIPHER_get_id" + or + name = "SSL_CIPHER_get_kx_nid" + or + name = "SSL_CIPHER_get_name" + or + name = "SSL_CIPHER_get_protocol_id" + or + name = "SSL_CIPHER_get_version" + or + name = "SSL_CIPHER_is_aead" + or + name = "SSL_CIPHER_standard_name" + or + name = "SSL_COMP_add_compression_method" + or + name = "SSL_COMP_free_compression_methods" + or + name = "SSL_COMP_get0_name" + or + name = "SSL_COMP_get_compression_methods" + or + name = "SSL_COMP_get_id" + or + name = "SSL_CONF_CTX_clear_flags" + or + name = "SSL_CONF_CTX_free" + or + name = "SSL_CONF_CTX_new" + or + name = "SSL_CONF_CTX_set1_prefix" + or + name = "SSL_CONF_CTX_set_flags" + or + name = "SSL_CONF_CTX_set_ssl" + or + name = "SSL_CONF_CTX_set_ssl_ctx" + or + name = "SSL_CONF_cmd" + or + name = "SSL_CONF_cmd_argv" + or + name = "SSL_CONF_cmd_value_type" + or + name = "SSL_CTX_add0_chain_cert" + or + name = "SSL_CTX_add1_chain_cert" + or + name = "SSL_CTX_add1_to_CA_list" + or + name = "SSL_CTX_add_client_CA" + or + name = "SSL_CTX_add_client_custom_ext" + or + name = "SSL_CTX_add_custom_ext" + or + name = "SSL_CTX_add_extra_chain_cert" + or + name = "SSL_CTX_add_server_custom_ext" + or + name = "SSL_CTX_add_session" + or + name = "SSL_CTX_build_cert_chain" + or + name = "SSL_CTX_callback_ctrl" + or + name = "SSL_CTX_check_private_key" + or + name = "SSL_CTX_clear_chain_certs" + or + name = "SSL_CTX_clear_extra_chain_certs" + or + name = "SSL_CTX_clear_mode" + or + name = "SSL_CTX_clear_options" + or + name = "SSL_CTX_compress_certs" + or + name = "SSL_CTX_config" + or + name = "SSL_CTX_ct_is_enabled" + or + name = "SSL_CTX_ctrl" + or + name = "SSL_CTX_dane_clear_flags" + or + name = "SSL_CTX_dane_enable" + or + name = "SSL_CTX_dane_mtype_set" + or + name = "SSL_CTX_dane_set_flags" + or + name = "SSL_CTX_decrypt_session_ticket_fn" + or + name = "SSL_CTX_disable_ct" + or + name = "SSL_CTX_enable_ct" + or + name = "SSL_CTX_flush_sessions" + or + name = "SSL_CTX_free" + or + name = "SSL_CTX_generate_session_ticket_fn" + or + name = "SSL_CTX_get0_CA_list" + or + name = "SSL_CTX_get0_chain_cert_store" + or + name = "SSL_CTX_get0_chain_certs" + or + name = "SSL_CTX_get0_client_cert_type" + or + name = "SSL_CTX_get0_param" + or + name = "SSL_CTX_get0_security_ex_data" + or + name = "SSL_CTX_get0_server_cert_type" + or + name = "SSL_CTX_get0_verify_cert_store" + or + name = "SSL_CTX_get1_compressed_cert" + or + name = "SSL_CTX_get_app_data" + or + name = "SSL_CTX_get_cert_store" + or + name = "SSL_CTX_get_ciphers" + or + name = "SSL_CTX_get_client_CA_list" + or + name = "SSL_CTX_get_client_cert_cb" + or + name = "SSL_CTX_get_default_passwd_cb" + or + name = "SSL_CTX_get_default_passwd_cb_userdata" + or + name = "SSL_CTX_get_default_read_ahead" + or + name = "SSL_CTX_get_ex_data" + or + name = "SSL_CTX_get_ex_new_index" + or + name = "SSL_CTX_get_extra_chain_certs" + or + name = "SSL_CTX_get_extra_chain_certs_only" + or + name = "SSL_CTX_get_info_callback" + or + name = "SSL_CTX_get_keylog_callback" + or + name = "SSL_CTX_get_max_cert_list" + or + name = "SSL_CTX_get_max_early_data" + or + name = "SSL_CTX_get_max_proto_version" + or + name = "SSL_CTX_get_min_proto_version" + or + name = "SSL_CTX_get_mode" + or + name = "SSL_CTX_get_num_tickets" + or + name = "SSL_CTX_get_options" + or + name = "SSL_CTX_get_quiet_shutdown" + or + name = "SSL_CTX_get_read_ahead" + or + name = "SSL_CTX_get_record_padding_callback_arg" + or + name = "SSL_CTX_get_recv_max_early_data" + or + name = "SSL_CTX_get_security_callback" + or + name = "SSL_CTX_get_security_level" + or + name = "SSL_CTX_get_session_cache_mode" + or + name = "SSL_CTX_get_ssl_method" + or + name = "SSL_CTX_get_timeout" + or + name = "SSL_CTX_get_tlsext_status_arg" + or + name = "SSL_CTX_get_tlsext_status_cb" + or + name = "SSL_CTX_get_tlsext_status_type" + or + name = "SSL_CTX_get_verify_callback" + or + name = "SSL_CTX_get_verify_depth" + or + name = "SSL_CTX_get_verify_mode" + or + name = "SSL_CTX_has_client_custom_ext" + or + name = "SSL_CTX_keylog_cb_func" + or + name = "SSL_CTX_load_verify_dir" + or + name = "SSL_CTX_load_verify_file" + or + name = "SSL_CTX_load_verify_locations" + or + name = "SSL_CTX_load_verify_store" + or + name = "SSL_CTX_need_tmp_rsa" + or + name = "SSL_CTX_new" + or + name = "SSL_CTX_new_ex" + or + name = "SSL_CTX_remove_session" + or + name = "SSL_CTX_select_current_cert" + or + name = "SSL_CTX_sess_accept" + or + name = "SSL_CTX_sess_accept_good" + or + name = "SSL_CTX_sess_accept_renegotiate" + or + name = "SSL_CTX_sess_cache_full" + or + name = "SSL_CTX_sess_cb_hits" + or + name = "SSL_CTX_sess_connect" + or + name = "SSL_CTX_sess_connect_good" + or + name = "SSL_CTX_sess_connect_renegotiate" + or + name = "SSL_CTX_sess_get_cache_size" + or + name = "SSL_CTX_sess_get_get_cb" + or + name = "SSL_CTX_sess_get_new_cb" + or + name = "SSL_CTX_sess_get_remove_cb" + or + name = "SSL_CTX_sess_hits" + or + name = "SSL_CTX_sess_misses" + or + name = "SSL_CTX_sess_number" + or + name = "SSL_CTX_sess_set_cache_size" + or + name = "SSL_CTX_sess_set_get_cb" + or + name = "SSL_CTX_sess_set_new_cb" + or + name = "SSL_CTX_sess_set_remove_cb" + or + name = "SSL_CTX_sess_timeouts" + or + name = "SSL_CTX_sessions" + or + name = "SSL_CTX_set0_CA_list" + or + name = "SSL_CTX_set0_chain" + or + name = "SSL_CTX_set0_chain_cert_store" + or + name = "SSL_CTX_set0_security_ex_data" + or + name = "SSL_CTX_set0_tmp_dh_pkey" + or + name = "SSL_CTX_set0_verify_cert_store" + or + name = "SSL_CTX_set1_cert_comp_preference" + or + name = "SSL_CTX_set1_cert_store" + or + name = "SSL_CTX_set1_chain" + or + name = "SSL_CTX_set1_chain_cert_store" + or + name = "SSL_CTX_set1_client_cert_type" + or + name = "SSL_CTX_set1_client_sigalgs" + or + name = "SSL_CTX_set1_client_sigalgs_list" + or + name = "SSL_CTX_set1_compressed_cert" + or + name = "SSL_CTX_set1_curves" + or + name = "SSL_CTX_set1_curves_list" + or + name = "SSL_CTX_set1_groups" + or + name = "SSL_CTX_set1_groups_list" + or + name = "SSL_CTX_set1_param" + or + name = "SSL_CTX_set1_server_cert_type" + or + name = "SSL_CTX_set1_sigalgs" + or + name = "SSL_CTX_set1_sigalgs_list" + or + name = "SSL_CTX_set1_verify_cert_store" + or + name = "SSL_CTX_set_allow_early_data_cb" + or + name = "SSL_CTX_set_alpn_protos" + or + name = "SSL_CTX_set_alpn_select_cb" + or + name = "SSL_CTX_set_app_data" + or + name = "SSL_CTX_set_async_callback" + or + name = "SSL_CTX_set_async_callback_arg" + or + name = "SSL_CTX_set_block_padding" + or + name = "SSL_CTX_set_cert_cb" + or + name = "SSL_CTX_set_cert_store" + or + name = "SSL_CTX_set_cert_verify_callback" + or + name = "SSL_CTX_set_cipher_list" + or + name = "SSL_CTX_set_ciphersuites" + or + name = "SSL_CTX_set_client_CA_list" + or + name = "SSL_CTX_set_client_cert_cb" + or + name = "SSL_CTX_set_client_hello_cb" + or + name = "SSL_CTX_set_cookie_generate_cb" + or + name = "SSL_CTX_set_cookie_verify_cb" + or + name = "SSL_CTX_set_ct_validation_callback" + or + name = "SSL_CTX_set_ctlog_list_file" + or + name = "SSL_CTX_set_current_cert" + or + name = "SSL_CTX_set_custom_cli_ext" + or + name = "SSL_CTX_set_default_ctlog_list_file" + or + name = "SSL_CTX_set_default_passwd_cb" + or + name = "SSL_CTX_set_default_passwd_cb_userdata" + or + name = "SSL_CTX_set_default_read_ahead" + or + name = "SSL_CTX_set_default_read_buffer_len" + or + name = "SSL_CTX_set_default_verify_dir" + or + name = "SSL_CTX_set_default_verify_file" + or + name = "SSL_CTX_set_default_verify_paths" + or + name = "SSL_CTX_set_default_verify_store" + or + name = "SSL_CTX_set_dh_auto" + or + name = "SSL_CTX_set_ecdh_auto" + or + name = "SSL_CTX_set_ex_data" + or + name = "SSL_CTX_set_generate_session_id" + or + name = "SSL_CTX_set_info_callback" + or + name = "SSL_CTX_set_keylog_callback" + or + name = "SSL_CTX_set_max_cert_list" + or + name = "SSL_CTX_set_max_early_data" + or + name = "SSL_CTX_set_max_pipelines" + or + name = "SSL_CTX_set_max_proto_version" + or + name = "SSL_CTX_set_max_send_fragment" + or + name = "SSL_CTX_set_min_proto_version" + or + name = "SSL_CTX_set_mode" + or + name = "SSL_CTX_set_msg_callback" + or + name = "SSL_CTX_set_msg_callback_arg" + or + name = "SSL_CTX_set_next_proto_select_cb" + or + name = "SSL_CTX_set_next_protos_advertised_cb" + or + name = "SSL_CTX_set_num_tickets" + or + name = "SSL_CTX_set_options" + or + name = "SSL_CTX_set_post_handshake_auth" + or + name = "SSL_CTX_set_psk_client_callback" + or + name = "SSL_CTX_set_psk_find_session_callback" + or + name = "SSL_CTX_set_psk_server_callback" + or + name = "SSL_CTX_set_psk_use_session_callback" + or + name = "SSL_CTX_set_purpose" + or + name = "SSL_CTX_set_quiet_shutdown" + or + name = "SSL_CTX_set_read_ahead" + or + name = "SSL_CTX_set_record_padding_callback" + or + name = "SSL_CTX_set_record_padding_callback_arg" + or + name = "SSL_CTX_set_recv_max_early_data" + or + name = "SSL_CTX_set_security_callback" + or + name = "SSL_CTX_set_security_level" + or + name = "SSL_CTX_set_session_cache_mode" + or + name = "SSL_CTX_set_session_id_context" + or + name = "SSL_CTX_set_session_ticket_cb" + or + name = "SSL_CTX_set_split_send_fragment" + or + name = "SSL_CTX_set_srp_cb_arg" + or + name = "SSL_CTX_set_srp_client_pwd_callback" + or + name = "SSL_CTX_set_srp_password" + or + name = "SSL_CTX_set_srp_strength" + or + name = "SSL_CTX_set_srp_username" + or + name = "SSL_CTX_set_srp_username_callback" + or + name = "SSL_CTX_set_srp_verify_param_callback" + or + name = "SSL_CTX_set_ssl_version" + or + name = "SSL_CTX_set_stateless_cookie_generate_cb" + or + name = "SSL_CTX_set_stateless_cookie_verify_cb" + or + name = "SSL_CTX_set_timeout" + or + name = "SSL_CTX_set_tlsext_max_fragment_length" + or + name = "SSL_CTX_set_tlsext_servername_arg" + or + name = "SSL_CTX_set_tlsext_servername_callback" + or + name = "SSL_CTX_set_tlsext_status_arg" + or + name = "SSL_CTX_set_tlsext_status_cb" + or + name = "SSL_CTX_set_tlsext_status_type" + or + name = "SSL_CTX_set_tlsext_ticket_key_cb" + or + name = "SSL_CTX_set_tlsext_ticket_key_evp_cb" + or + name = "SSL_CTX_set_tlsext_use_srtp" + or + name = "SSL_CTX_set_tmp_dh" + or + name = "SSL_CTX_set_tmp_dh_callback" + or + name = "SSL_CTX_set_tmp_ecdh" + or + name = "SSL_CTX_set_tmp_rsa" + or + name = "SSL_CTX_set_tmp_rsa_callback" + or + name = "SSL_CTX_set_trust" + or + name = "SSL_CTX_set_verify" + or + name = "SSL_CTX_set_verify_depth" + or + name = "SSL_CTX_up_ref" + or + name = "SSL_CTX_use_PrivateKey" + or + name = "SSL_CTX_use_PrivateKey_ASN1" + or + name = "SSL_CTX_use_PrivateKey_file" + or + name = "SSL_CTX_use_RSAPrivateKey" + or + name = "SSL_CTX_use_RSAPrivateKey_ASN1" + or + name = "SSL_CTX_use_RSAPrivateKey_file" + or + name = "SSL_CTX_use_cert_and_key" + or + name = "SSL_CTX_use_certificate" + or + name = "SSL_CTX_use_certificate_ASN1" + or + name = "SSL_CTX_use_certificate_chain_file" + or + name = "SSL_CTX_use_certificate_file" + or + name = "SSL_CTX_use_psk_identity_hint" + or + name = "SSL_CTX_use_serverinfo" + or + name = "SSL_CTX_use_serverinfo_ex" + or + name = "SSL_CTX_use_serverinfo_file" + or + name = "SSL_OP_BIT" + or + name = "SSL_SESSION_dup" + or + name = "SSL_SESSION_free" + or + name = "SSL_SESSION_get0_alpn_selected" + or + name = "SSL_SESSION_get0_cipher" + or + name = "SSL_SESSION_get0_hostname" + or + name = "SSL_SESSION_get0_id_context" + or + name = "SSL_SESSION_get0_peer" + or + name = "SSL_SESSION_get0_peer_rpk" + or + name = "SSL_SESSION_get0_ticket" + or + name = "SSL_SESSION_get0_ticket_appdata" + or + name = "SSL_SESSION_get_app_data" + or + name = "SSL_SESSION_get_compress_id" + or + name = "SSL_SESSION_get_ex_data" + or + name = "SSL_SESSION_get_ex_new_index" + or + name = "SSL_SESSION_get_id" + or + name = "SSL_SESSION_get_master_key" + or + name = "SSL_SESSION_get_max_early_data" + or + name = "SSL_SESSION_get_max_fragment_length" + or + name = "SSL_SESSION_get_protocol_version" + or + name = "SSL_SESSION_get_ticket_lifetime_hint" + or + name = "SSL_SESSION_get_time" + or + name = "SSL_SESSION_get_timeout" + or + name = "SSL_SESSION_has_ticket" + or + name = "SSL_SESSION_is_resumable" + or + name = "SSL_SESSION_new" + or + name = "SSL_SESSION_print" + or + name = "SSL_SESSION_print_fp" + or + name = "SSL_SESSION_print_keylog" + or + name = "SSL_SESSION_set1_alpn_selected" + or + name = "SSL_SESSION_set1_hostname" + or + name = "SSL_SESSION_set1_id" + or + name = "SSL_SESSION_set1_id_context" + or + name = "SSL_SESSION_set1_master_key" + or + name = "SSL_SESSION_set1_ticket_appdata" + or + name = "SSL_SESSION_set_app_data" + or + name = "SSL_SESSION_set_cipher" + or + name = "SSL_SESSION_set_ex_data" + or + name = "SSL_SESSION_set_max_early_data" + or + name = "SSL_SESSION_set_protocol_version" + or + name = "SSL_SESSION_set_time" + or + name = "SSL_SESSION_set_timeout" + or + name = "SSL_SESSION_up_ref" + or + name = "SSL_accept" + or + name = "SSL_add0_chain_cert" + or + name = "SSL_add1_chain_cert" + or + name = "SSL_add1_host" + or + name = "SSL_add1_to_CA_list" + or + name = "SSL_add_client_CA" + or + name = "SSL_add_dir_cert_subjects_to_stack" + or + name = "SSL_add_expected_rpk" + or + name = "SSL_add_file_cert_subjects_to_stack" + or + name = "SSL_add_session" + or + name = "SSL_add_store_cert_subjects_to_stack" + or + name = "SSL_alert_desc_string" + or + name = "SSL_alert_desc_string_long" + or + name = "SSL_alert_type_string" + or + name = "SSL_alert_type_string_long" + or + name = "SSL_alloc_buffers" + or + name = "SSL_allow_early_data_cb_fn" + or + name = "SSL_async_callback_fn" + or + name = "SSL_build_cert_chain" + or + name = "SSL_bytes_to_cipher_list" + or + name = "SSL_callback_ctrl" + or + name = "SSL_check_chain" + or + name = "SSL_check_private_key" + or + name = "SSL_clear" + or + name = "SSL_clear_chain_certs" + or + name = "SSL_clear_mode" + or + name = "SSL_clear_options" + or + name = "SSL_client_hello_cb_fn" + or + name = "SSL_client_hello_get0_ciphers" + or + name = "SSL_client_hello_get0_compression_methods" + or + name = "SSL_client_hello_get0_ext" + or + name = "SSL_client_hello_get0_legacy_version" + or + name = "SSL_client_hello_get0_random" + or + name = "SSL_client_hello_get0_session_id" + or + name = "SSL_client_hello_get1_extensions_present" + or + name = "SSL_client_hello_get_extension_order" + or + name = "SSL_client_hello_isv2" + or + name = "SSL_client_version" + or + name = "SSL_compress_certs" + or + name = "SSL_config" + or + name = "SSL_connect" + or + name = "SSL_ct_is_enabled" + or + name = "SSL_ctrl" + or + name = "SSL_custom_ext_add_cb_ex" + or + name = "SSL_custom_ext_free_cb_ex" + or + name = "SSL_custom_ext_parse_cb_ex" + or + name = "SSL_dane_clear_flags" + or + name = "SSL_dane_enable" + or + name = "SSL_dane_set_flags" + or + name = "SSL_dane_tlsa_add" + or + name = "SSL_disable_ct" + or + name = "SSL_do_handshake" + or + name = "SSL_dup" + or + name = "SSL_enable_ct" + or + name = "SSL_export_keying_material" + or + name = "SSL_export_keying_material_early" + or + name = "SSL_extension_supported" + or + name = "SSL_flush_sessions" + or + name = "SSL_free" + or + name = "SSL_free_buffers" + or + name = "SSL_get0_CA_list" + or + name = "SSL_get0_alpn_selected" + or + name = "SSL_get0_chain_cert_store" + or + name = "SSL_get0_chain_certs" + or + name = "SSL_get0_client_cert_type" + or + name = "SSL_get0_dane_authority" + or + name = "SSL_get0_dane_tlsa" + or + name = "SSL_get0_iana_groups" + or + name = "SSL_get0_next_proto_negotiated" + or + name = "SSL_get0_param" + or + name = "SSL_get0_peer_CA_list" + or + name = "SSL_get0_peer_certificate" + or + name = "SSL_get0_peer_rpk" + or + name = "SSL_get0_peer_scts" + or + name = "SSL_get0_peername" + or + name = "SSL_get0_security_ex_data" + or + name = "SSL_get0_server_cert_type" + or + name = "SSL_get0_session" + or + name = "SSL_get0_verified_chain" + or + name = "SSL_get0_verify_cert_store" + or + name = "SSL_get1_compressed_cert" + or + name = "SSL_get1_curves" + or + name = "SSL_get1_groups" + or + name = "SSL_get1_peer_certificate" + or + name = "SSL_get1_session" + or + name = "SSL_get1_supported_ciphers" + or + name = "SSL_get_SSL_CTX" + or + name = "SSL_get_accept_state" + or + name = "SSL_get_all_async_fds" + or + name = "SSL_get_app_data" + or + name = "SSL_get_async_status" + or + name = "SSL_get_blocking_mode" + or + name = "SSL_get_certificate" + or + name = "SSL_get_changed_async_fds" + or + name = "SSL_get_cipher" + or + name = "SSL_get_cipher_bits" + or + name = "SSL_get_cipher_list" + or + name = "SSL_get_cipher_name" + or + name = "SSL_get_cipher_version" + or + name = "SSL_get_ciphers" + or + name = "SSL_get_client_CA_list" + or + name = "SSL_get_client_ciphers" + or + name = "SSL_get_client_random" + or + name = "SSL_get_current_cipher" + or + name = "SSL_get_default_passwd_cb" + or + name = "SSL_get_default_passwd_cb_userdata" + or + name = "SSL_get_default_timeout" + or + name = "SSL_get_early_data_status" + or + name = "SSL_get_error" + or + name = "SSL_get_ex_data" + or + name = "SSL_get_ex_data_X509_STORE_CTX_idx" + or + name = "SSL_get_ex_new_index" + or + name = "SSL_get_extms_support" + or + name = "SSL_get_fd" + or + name = "SSL_get_info_callback" + or + name = "SSL_get_key_update_type" + or + name = "SSL_get_max_cert_list" + or + name = "SSL_get_max_early_data" + or + name = "SSL_get_max_proto_version" + or + name = "SSL_get_min_proto_version" + or + name = "SSL_get_mode" + or + name = "SSL_get_msg_callback_arg" + or + name = "SSL_get_negotiated_client_cert_type" + or + name = "SSL_get_negotiated_group" + or + name = "SSL_get_negotiated_server_cert_type" + or + name = "SSL_get_num_tickets" + or + name = "SSL_get_options" + or + name = "SSL_get_peer_cert_chain" + or + name = "SSL_get_peer_certificate" + or + name = "SSL_get_peer_signature_nid" + or + name = "SSL_get_peer_signature_type_nid" + or + name = "SSL_get_peer_tmp_key" + or + name = "SSL_get_pending_cipher" + or + name = "SSL_get_privatekey" + or + name = "SSL_get_psk_identity" + or + name = "SSL_get_psk_identity_hint" + or + name = "SSL_get_quiet_shutdown" + or + name = "SSL_get_rbio" + or + name = "SSL_get_read_ahead" + or + name = "SSL_get_record_padding_callback_arg" + or + name = "SSL_get_recv_max_early_data" + or + name = "SSL_get_rfd" + or + name = "SSL_get_rpoll_descriptor" + or + name = "SSL_get_secure_renegotiation_support" + or + name = "SSL_get_security_callback" + or + name = "SSL_get_security_level" + or + name = "SSL_get_selected_srtp_profile" + or + name = "SSL_get_server_random" + or + name = "SSL_get_server_tmp_key" + or + name = "SSL_get_servername" + or + name = "SSL_get_servername_type" + or + name = "SSL_get_session" + or + name = "SSL_get_shared_ciphers" + or + name = "SSL_get_shared_curve" + or + name = "SSL_get_shared_group" + or + name = "SSL_get_shared_sigalgs" + or + name = "SSL_get_shutdown" + or + name = "SSL_get_sigalgs" + or + name = "SSL_get_signature_nid" + or + name = "SSL_get_signature_type_nid" + or + name = "SSL_get_srp_N" + or + name = "SSL_get_srp_g" + or + name = "SSL_get_srp_userinfo" + or + name = "SSL_get_srp_username" + or + name = "SSL_get_srtp_profiles" + or + name = "SSL_get_ssl_method" + or + name = "SSL_get_state" + or + name = "SSL_get_tick_timeout" + or + name = "SSL_get_time" + or + name = "SSL_get_timeout" + or + name = "SSL_get_tlsext_status_ocsp_resp" + or + name = "SSL_get_tlsext_status_type" + or + name = "SSL_get_tmp_key" + or + name = "SSL_get_verify_callback" + or + name = "SSL_get_verify_depth" + or + name = "SSL_get_verify_mode" + or + name = "SSL_get_verify_result" + or + name = "SSL_get_version" + or + name = "SSL_get_wbio" + or + name = "SSL_get_wfd" + or + name = "SSL_get_wpoll_descriptor" + or + name = "SSL_group_to_name" + or + name = "SSL_has_matching_session_id" + or + name = "SSL_has_pending" + or + name = "SSL_in_accept_init" + or + name = "SSL_in_before" + or + name = "SSL_in_connect_init" + or + name = "SSL_in_init" + or + name = "SSL_inject_net_dgram" + or + name = "SSL_is_dtls" + or + name = "SSL_is_init_finished" + or + name = "SSL_is_quic" + or + name = "SSL_is_server" + or + name = "SSL_is_tls" + or + name = "SSL_key_update" + or + name = "SSL_library_init" + or + name = "SSL_load_client_CA_file" + or + name = "SSL_load_client_CA_file_ex" + or + name = "SSL_load_error_strings" + or + name = "SSL_need_tmp_rsa" + or + name = "SSL_net_read_desired" + or + name = "SSL_net_write_desired" + or + name = "SSL_new" + or + name = "SSL_new_session_ticket" + or + name = "SSL_peek" + or + name = "SSL_peek_ex" + or + name = "SSL_pending" + or + name = "SSL_psk_client_cb_func" + or + name = "SSL_psk_find_session_cb_func" + or + name = "SSL_psk_server_cb_func" + or + name = "SSL_psk_use_session_cb_func" + or + name = "SSL_read" + or + name = "SSL_read_early_data" + or + name = "SSL_read_ex" + or + name = "SSL_remove_session" + or + name = "SSL_renegotiate" + or + name = "SSL_renegotiate_abbreviated" + or + name = "SSL_renegotiate_pending" + or + name = "SSL_rstate_string" + or + name = "SSL_rstate_string_long" + or + name = "SSL_select_current_cert" + or + name = "SSL_select_next_proto" + or + name = "SSL_sendfile" + or + name = "SSL_session_reused" + or + name = "SSL_set0_CA_list" + or + name = "SSL_set0_chain" + or + name = "SSL_set0_chain_cert_store" + or + name = "SSL_set0_rbio" + or + name = "SSL_set0_security_ex_data" + or + name = "SSL_set0_tmp_dh_pkey" + or + name = "SSL_set0_verify_cert_store" + or + name = "SSL_set0_wbio" + or + name = "SSL_set1_cert_comp_preference" + or + name = "SSL_set1_chain" + or + name = "SSL_set1_chain_cert_store" + or + name = "SSL_set1_client_cert_type" + or + name = "SSL_set1_client_sigalgs" + or + name = "SSL_set1_client_sigalgs_list" + or + name = "SSL_set1_compressed_cert" + or + name = "SSL_set1_curves" + or + name = "SSL_set1_curves_list" + or + name = "SSL_set1_groups" + or + name = "SSL_set1_groups_list" + or + name = "SSL_set1_host" + or + name = "SSL_set1_param" + or + name = "SSL_set1_server_cert_type" + or + name = "SSL_set1_sigalgs" + or + name = "SSL_set1_sigalgs_list" + or + name = "SSL_set1_verify_cert_store" + or + name = "SSL_set_accept_state" + or + name = "SSL_set_allow_early_data_cb" + or + name = "SSL_set_alpn_protos" + or + name = "SSL_set_app_data" + or + name = "SSL_set_async_callback" + or + name = "SSL_set_async_callback_arg" + or + name = "SSL_set_bio" + or + name = "SSL_set_block_padding" + or + name = "SSL_set_blocking_mode" + or + name = "SSL_set_cert_cb" + or + name = "SSL_set_cipher_list" + or + name = "SSL_set_ciphersuites" + or + name = "SSL_set_client_CA_list" + or + name = "SSL_set_connect_state" + or + name = "SSL_set_ct_validation_callback" + or + name = "SSL_set_current_cert" + or + name = "SSL_set_default_passwd_cb" + or + name = "SSL_set_default_passwd_cb_userdata" + or + name = "SSL_set_default_read_buffer_len" + or + name = "SSL_set_dh_auto" + or + name = "SSL_set_ecdh_auto" + or + name = "SSL_set_ex_data" + or + name = "SSL_set_fd" + or + name = "SSL_set_generate_session_id" + or + name = "SSL_set_hostflags" + or + name = "SSL_set_info_callback" + or + name = "SSL_set_initial_peer_addr" + or + name = "SSL_set_max_cert_list" + or + name = "SSL_set_max_early_data" + or + name = "SSL_set_max_pipelines" + or + name = "SSL_set_max_proto_version" + or + name = "SSL_set_max_send_fragment" + or + name = "SSL_set_min_proto_version" + or + name = "SSL_set_mode" + or + name = "SSL_set_msg_callback" + or + name = "SSL_set_msg_callback_arg" + or + name = "SSL_set_num_tickets" + or + name = "SSL_set_options" + or + name = "SSL_set_post_handshake_auth" + or + name = "SSL_set_psk_client_callback" + or + name = "SSL_set_psk_find_session_callback" + or + name = "SSL_set_psk_server_callback" + or + name = "SSL_set_psk_use_session_callback" + or + name = "SSL_set_purpose" + or + name = "SSL_set_quiet_shutdown" + or + name = "SSL_set_read_ahead" + or + name = "SSL_set_record_padding_callback" + or + name = "SSL_set_record_padding_callback_arg" + or + name = "SSL_set_recv_max_early_data" + or + name = "SSL_set_retry_verify" + or + name = "SSL_set_rfd" + or + name = "SSL_set_security_callback" + or + name = "SSL_set_security_level" + or + name = "SSL_set_session" + or + name = "SSL_set_session_id_context" + or + name = "SSL_set_shutdown" + or + name = "SSL_set_split_send_fragment" + or + name = "SSL_set_srp_server_param" + or + name = "SSL_set_srp_server_param_pw" + or + name = "SSL_set_ssl_method" + or + name = "SSL_set_time" + or + name = "SSL_set_timeout" + or + name = "SSL_set_tlsext_host_name" + or + name = "SSL_set_tlsext_max_fragment_length" + or + name = "SSL_set_tlsext_status_ocsp_resp" + or + name = "SSL_set_tlsext_status_type" + or + name = "SSL_set_tlsext_use_srtp" + or + name = "SSL_set_tmp_dh" + or + name = "SSL_set_tmp_dh_callback" + or + name = "SSL_set_tmp_ecdh" + or + name = "SSL_set_tmp_rsa" + or + name = "SSL_set_tmp_rsa_callback" + or + name = "SSL_set_trust" + or + name = "SSL_set_verify" + or + name = "SSL_set_verify_depth" + or + name = "SSL_set_verify_result" + or + name = "SSL_set_wfd" + or + name = "SSL_shutdown" + or + name = "SSL_shutdown_ex" + or + name = "SSL_state_string" + or + name = "SSL_state_string_long" + or + name = "SSL_stateless" + or + name = "SSL_stream_conclude" + or + name = "SSL_tick" + or + name = "SSL_up_ref" + or + name = "SSL_use_PrivateKey" + or + name = "SSL_use_PrivateKey_ASN1" + or + name = "SSL_use_PrivateKey_file" + or + name = "SSL_use_RSAPrivateKey" + or + name = "SSL_use_RSAPrivateKey_ASN1" + or + name = "SSL_use_RSAPrivateKey_file" + or + name = "SSL_use_cert_and_key" + or + name = "SSL_use_certificate" + or + name = "SSL_use_certificate_ASN1" + or + name = "SSL_use_certificate_chain_file" + or + name = "SSL_use_certificate_file" + or + name = "SSL_use_psk_identity_hint" + or + name = "SSL_verify_cb" + or + name = "SSL_verify_client_post_handshake" + or + name = "SSL_version" + or + name = "SSL_waiting_for_async" + or + name = "SSL_want" + or + name = "SSL_want_async" + or + name = "SSL_want_async_job" + or + name = "SSL_want_client_hello_cb" + or + name = "SSL_want_nothing" + or + name = "SSL_want_read" + or + name = "SSL_want_retry_verify" + or + name = "SSL_want_write" + or + name = "SSL_want_x509_lookup" + or + name = "SSL_write" + or + name = "SSL_write_early_data" + or + name = "SSL_write_ex" + or + name = "SSLeay" + or + name = "SSLeay_add_ssl_algorithms" + or + name = "SSLeay_version" + or + name = "SSLv23_client_method" + or + name = "SSLv23_method" + or + name = "SSLv23_server_method" + or + name = "SSLv2_client_method" + or + name = "SSLv2_method" + or + name = "SSLv2_server_method" + or + name = "SSLv3_client_method" + or + name = "SSLv3_method" + or + name = "SSLv3_server_method" + or + name = "SXNETID_free" + or + name = "SXNETID_new" + or + name = "SXNET_free" + or + name = "SXNET_new" + or + name = "TLS_FEATURE_free" + or + name = "TLS_FEATURE_new" + or + name = "TLS_client_method" + or + name = "TLS_method" + or + name = "TLS_server_method" + or + name = "TLSv1_1_client_method" + or + name = "TLSv1_1_method" + or + name = "TLSv1_1_server_method" + or + name = "TLSv1_2_client_method" + or + name = "TLSv1_2_method" + or + name = "TLSv1_2_server_method" + or + name = "TLSv1_client_method" + or + name = "TLSv1_method" + or + name = "TLSv1_server_method" + or + name = "TS_ACCURACY_dup" + or + name = "TS_ACCURACY_free" + or + name = "TS_ACCURACY_new" + or + name = "TS_MSG_IMPRINT_dup" + or + name = "TS_MSG_IMPRINT_free" + or + name = "TS_MSG_IMPRINT_new" + or + name = "TS_REQ_dup" + or + name = "TS_REQ_free" + or + name = "TS_REQ_new" + or + name = "TS_RESP_CTX_free" + or + name = "TS_RESP_CTX_new" + or + name = "TS_RESP_CTX_new_ex" + or + name = "TS_RESP_dup" + or + name = "TS_RESP_free" + or + name = "TS_RESP_new" + or + name = "TS_STATUS_INFO_dup" + or + name = "TS_STATUS_INFO_free" + or + name = "TS_STATUS_INFO_new" + or + name = "TS_TST_INFO_dup" + or + name = "TS_TST_INFO_free" + or + name = "TS_TST_INFO_new" + or + name = "TS_VERIFY_CTS_set_certs" + or + name = "TS_VERIFY_CTX_set_certs" + or + name = "UI" + or + name = "UI_METHOD" + or + name = "UI_OpenSSL" + or + name = "UI_STRING" + or + name = "UI_UTIL_read_pw" + or + name = "UI_UTIL_read_pw_string" + or + name = "UI_UTIL_wrap_read_pem_callback" + or + name = "UI_add_error_string" + or + name = "UI_add_info_string" + or + name = "UI_add_input_boolean" + or + name = "UI_add_input_string" + or + name = "UI_add_user_data" + or + name = "UI_add_verify_string" + or + name = "UI_construct_prompt" + or + name = "UI_create_method" + or + name = "UI_ctrl" + or + name = "UI_destroy_method" + or + name = "UI_dup_error_string" + or + name = "UI_dup_info_string" + or + name = "UI_dup_input_boolean" + or + name = "UI_dup_input_string" + or + name = "UI_dup_user_data" + or + name = "UI_dup_verify_string" + or + name = "UI_free" + or + name = "UI_get0_action_string" + or + name = "UI_get0_output_string" + or + name = "UI_get0_result" + or + name = "UI_get0_result_string" + or + name = "UI_get0_test_string" + or + name = "UI_get0_user_data" + or + name = "UI_get_app_data" + or + name = "UI_get_default_method" + or + name = "UI_get_ex_data" + or + name = "UI_get_ex_new_index" + or + name = "UI_get_input_flags" + or + name = "UI_get_method" + or + name = "UI_get_result_length" + or + name = "UI_get_result_maxsize" + or + name = "UI_get_result_minsize" + or + name = "UI_get_result_string_length" + or + name = "UI_get_string_type" + or + name = "UI_method_get_closer" + or + name = "UI_method_get_data_destructor" + or + name = "UI_method_get_data_duplicator" + or + name = "UI_method_get_ex_data" + or + name = "UI_method_get_flusher" + or + name = "UI_method_get_opener" + or + name = "UI_method_get_prompt_constructor" + or + name = "UI_method_get_reader" + or + name = "UI_method_get_writer" + or + name = "UI_method_set_closer" + or + name = "UI_method_set_data_duplicator" + or + name = "UI_method_set_ex_data" + or + name = "UI_method_set_flusher" + or + name = "UI_method_set_opener" + or + name = "UI_method_set_prompt_constructor" + or + name = "UI_method_set_reader" + or + name = "UI_method_set_writer" + or + name = "UI_new" + or + name = "UI_new_method" + or + name = "UI_null" + or + name = "UI_process" + or + name = "UI_set_app_data" + or + name = "UI_set_default_method" + or + name = "UI_set_ex_data" + or + name = "UI_set_method" + or + name = "UI_set_result" + or + name = "UI_set_result_ex" + or + name = "UI_string_types" + or + name = "USERNOTICE_free" + or + name = "USERNOTICE_new" + or + name = "X509V3_EXT_d2i" + or + name = "X509V3_EXT_i2d" + or + name = "X509V3_add1_i2d" + or + name = "X509V3_get_d2i" + or + name = "X509V3_set_ctx" + or + name = "X509V3_set_issuer_pkey" + or + name = "X509_ALGOR_cmp" + or + name = "X509_ALGOR_copy" + or + name = "X509_ALGOR_dup" + or + name = "X509_ALGOR_free" + or + name = "X509_ALGOR_get0" + or + name = "X509_ALGOR_it" + or + name = "X509_ALGOR_new" + or + name = "X509_ALGOR_set0" + or + name = "X509_ALGOR_set_md" + or + name = "X509_ATTRIBUTE_dup" + or + name = "X509_ATTRIBUTE_free" + or + name = "X509_ATTRIBUTE_new" + or + name = "X509_CERT_AUX_free" + or + name = "X509_CERT_AUX_new" + or + name = "X509_CINF_free" + or + name = "X509_CINF_new" + or + name = "X509_CRL_INFO_free" + or + name = "X509_CRL_INFO_new" + or + name = "X509_CRL_add0_revoked" + or + name = "X509_CRL_add1_ext_i2d" + or + name = "X509_CRL_add_ext" + or + name = "X509_CRL_cmp" + or + name = "X509_CRL_delete_ext" + or + name = "X509_CRL_digest" + or + name = "X509_CRL_dup" + or + name = "X509_CRL_free" + or + name = "X509_CRL_get0_by_cert" + or + name = "X509_CRL_get0_by_serial" + or + name = "X509_CRL_get0_extensions" + or + name = "X509_CRL_get0_lastUpdate" + or + name = "X509_CRL_get0_nextUpdate" + or + name = "X509_CRL_get0_signature" + or + name = "X509_CRL_get_REVOKED" + or + name = "X509_CRL_get_ext" + or + name = "X509_CRL_get_ext_by_NID" + or + name = "X509_CRL_get_ext_by_OBJ" + or + name = "X509_CRL_get_ext_by_critical" + or + name = "X509_CRL_get_ext_count" + or + name = "X509_CRL_get_ext_d2i" + or + name = "X509_CRL_get_issuer" + or + name = "X509_CRL_get_signature_nid" + or + name = "X509_CRL_get_version" + or + name = "X509_CRL_http_nbio" + or + name = "X509_CRL_load_http" + or + name = "X509_CRL_match" + or + name = "X509_CRL_new" + or + name = "X509_CRL_new_ex" + or + name = "X509_CRL_set1_lastUpdate" + or + name = "X509_CRL_set1_nextUpdate" + or + name = "X509_CRL_set_issuer_name" + or + name = "X509_CRL_set_version" + or + name = "X509_CRL_sign" + or + name = "X509_CRL_sign_ctx" + or + name = "X509_CRL_sort" + or + name = "X509_CRL_verify" + or + name = "X509_EXTENSION_create_by_NID" + or + name = "X509_EXTENSION_create_by_OBJ" + or + name = "X509_EXTENSION_dup" + or + name = "X509_EXTENSION_free" + or + name = "X509_EXTENSION_get_critical" + or + name = "X509_EXTENSION_get_data" + or + name = "X509_EXTENSION_get_object" + or + name = "X509_EXTENSION_new" + or + name = "X509_EXTENSION_set_critical" + or + name = "X509_EXTENSION_set_data" + or + name = "X509_EXTENSION_set_object" + or + name = "X509_LOOKUP" + or + name = "X509_LOOKUP_METHOD" + or + name = "X509_LOOKUP_TYPE" + or + name = "X509_LOOKUP_add_dir" + or + name = "X509_LOOKUP_add_store" + or + name = "X509_LOOKUP_add_store_ex" + or + name = "X509_LOOKUP_by_alias" + or + name = "X509_LOOKUP_by_fingerprint" + or + name = "X509_LOOKUP_by_issuer_serial" + or + name = "X509_LOOKUP_by_subject" + or + name = "X509_LOOKUP_by_subject_ex" + or + name = "X509_LOOKUP_ctrl" + or + name = "X509_LOOKUP_ctrl_ex" + or + name = "X509_LOOKUP_ctrl_fn" + or + name = "X509_LOOKUP_file" + or + name = "X509_LOOKUP_free" + or + name = "X509_LOOKUP_get_by_alias_fn" + or + name = "X509_LOOKUP_get_by_fingerprint_fn" + or + name = "X509_LOOKUP_get_by_issuer_serial_fn" + or + name = "X509_LOOKUP_get_by_subject_fn" + or + name = "X509_LOOKUP_get_method_data" + or + name = "X509_LOOKUP_get_store" + or + name = "X509_LOOKUP_hash_dir" + or + name = "X509_LOOKUP_init" + or + name = "X509_LOOKUP_load_file" + or + name = "X509_LOOKUP_load_file_ex" + or + name = "X509_LOOKUP_load_store" + or + name = "X509_LOOKUP_load_store_ex" + or + name = "X509_LOOKUP_meth_free" + or + name = "X509_LOOKUP_meth_get_ctrl" + or + name = "X509_LOOKUP_meth_get_free" + or + name = "X509_LOOKUP_meth_get_get_by_alias" + or + name = "X509_LOOKUP_meth_get_get_by_fingerprint" + or + name = "X509_LOOKUP_meth_get_get_by_issuer_serial" + or + name = "X509_LOOKUP_meth_get_get_by_subject" + or + name = "X509_LOOKUP_meth_get_init" + or + name = "X509_LOOKUP_meth_get_new_item" + or + name = "X509_LOOKUP_meth_get_shutdown" + or + name = "X509_LOOKUP_meth_new" + or + name = "X509_LOOKUP_meth_set_ctrl" + or + name = "X509_LOOKUP_meth_set_free" + or + name = "X509_LOOKUP_meth_set_get_by_alias" + or + name = "X509_LOOKUP_meth_set_get_by_fingerprint" + or + name = "X509_LOOKUP_meth_set_get_by_issuer_serial" + or + name = "X509_LOOKUP_meth_set_get_by_subject" + or + name = "X509_LOOKUP_meth_set_init" + or + name = "X509_LOOKUP_meth_set_new_item" + or + name = "X509_LOOKUP_meth_set_shutdown" + or + name = "X509_LOOKUP_new" + or + name = "X509_LOOKUP_set_method_data" + or + name = "X509_LOOKUP_shutdown" + or + name = "X509_LOOKUP_store" + or + name = "X509_NAME_ENTRY_create_by_NID" + or + name = "X509_NAME_ENTRY_create_by_OBJ" + or + name = "X509_NAME_ENTRY_create_by_txt" + or + name = "X509_NAME_ENTRY_dup" + or + name = "X509_NAME_ENTRY_free" + or + name = "X509_NAME_ENTRY_get_data" + or + name = "X509_NAME_ENTRY_get_object" + or + name = "X509_NAME_ENTRY_new" + or + name = "X509_NAME_ENTRY_set_data" + or + name = "X509_NAME_ENTRY_set_object" + or + name = "X509_NAME_add_entry" + or + name = "X509_NAME_add_entry_by_NID" + or + name = "X509_NAME_add_entry_by_OBJ" + or + name = "X509_NAME_add_entry_by_txt" + or + name = "X509_NAME_cmp" + or + name = "X509_NAME_delete_entry" + or + name = "X509_NAME_digest" + or + name = "X509_NAME_dup" + or + name = "X509_NAME_entry_count" + or + name = "X509_NAME_free" + or + name = "X509_NAME_get0_der" + or + name = "X509_NAME_get_entry" + or + name = "X509_NAME_get_index_by_NID" + or + name = "X509_NAME_get_index_by_OBJ" + or + name = "X509_NAME_get_text_by_NID" + or + name = "X509_NAME_get_text_by_OBJ" + or + name = "X509_NAME_hash" + or + name = "X509_NAME_hash_ex" + or + name = "X509_NAME_new" + or + name = "X509_NAME_oneline" + or + name = "X509_NAME_print" + or + name = "X509_NAME_print_ex" + or + name = "X509_NAME_print_ex_fp" + or + name = "X509_OBJECT_set1_X509" + or + name = "X509_OBJECT_set1_X509_CRL" + or + name = "X509_PUBKEY_dup" + or + name = "X509_PUBKEY_eq" + or + name = "X509_PUBKEY_free" + or + name = "X509_PUBKEY_get" + or + name = "X509_PUBKEY_get0" + or + name = "X509_PUBKEY_get0_param" + or + name = "X509_PUBKEY_new" + or + name = "X509_PUBKEY_new_ex" + or + name = "X509_PUBKEY_set" + or + name = "X509_PUBKEY_set0_param" + or + name = "X509_PUBKEY_set0_public_key" + or + name = "X509_REQ_INFO_free" + or + name = "X509_REQ_INFO_new" + or + name = "X509_REQ_add_extensions" + or + name = "X509_REQ_add_extensions_nid" + or + name = "X509_REQ_check_private_key" + or + name = "X509_REQ_digest" + or + name = "X509_REQ_dup" + or + name = "X509_REQ_free" + or + name = "X509_REQ_get0_distinguishing_id" + or + name = "X509_REQ_get0_pubkey" + or + name = "X509_REQ_get0_signature" + or + name = "X509_REQ_get_X509_PUBKEY" + or + name = "X509_REQ_get_extensions" + or + name = "X509_REQ_get_pubkey" + or + name = "X509_REQ_get_signature_nid" + or + name = "X509_REQ_get_subject_name" + or + name = "X509_REQ_get_version" + or + name = "X509_REQ_new" + or + name = "X509_REQ_new_ex" + or + name = "X509_REQ_set0_distinguishing_id" + or + name = "X509_REQ_set0_signature" + or + name = "X509_REQ_set1_signature_algo" + or + name = "X509_REQ_set_pubkey" + or + name = "X509_REQ_set_subject_name" + or + name = "X509_REQ_set_version" + or + name = "X509_REQ_sign" + or + name = "X509_REQ_sign_ctx" + or + name = "X509_REQ_verify" + or + name = "X509_REQ_verify_ex" + or + name = "X509_REVOKED_add1_ext_i2d" + or + name = "X509_REVOKED_add_ext" + or + name = "X509_REVOKED_delete_ext" + or + name = "X509_REVOKED_dup" + or + name = "X509_REVOKED_free" + or + name = "X509_REVOKED_get0_extensions" + or + name = "X509_REVOKED_get0_revocationDate" + or + name = "X509_REVOKED_get0_serialNumber" + or + name = "X509_REVOKED_get_ext" + or + name = "X509_REVOKED_get_ext_by_NID" + or + name = "X509_REVOKED_get_ext_by_OBJ" + or + name = "X509_REVOKED_get_ext_by_critical" + or + name = "X509_REVOKED_get_ext_count" + or + name = "X509_REVOKED_get_ext_d2i" + or + name = "X509_REVOKED_new" + or + name = "X509_REVOKED_set_revocationDate" + or + name = "X509_REVOKED_set_serialNumber" + or + name = "X509_SIG_INFO_get" + or + name = "X509_SIG_INFO_set" + or + name = "X509_SIG_free" + or + name = "X509_SIG_get0" + or + name = "X509_SIG_getm" + or + name = "X509_SIG_new" + or + name = "X509_STORE" + or + name = "X509_STORE_CTX_cert_crl_fn" + or + name = "X509_STORE_CTX_check_crl_fn" + or + name = "X509_STORE_CTX_check_issued_fn" + or + name = "X509_STORE_CTX_check_policy_fn" + or + name = "X509_STORE_CTX_check_revocation_fn" + or + name = "X509_STORE_CTX_cleanup" + or + name = "X509_STORE_CTX_cleanup_fn" + or + name = "X509_STORE_CTX_free" + or + name = "X509_STORE_CTX_get0_cert" + or + name = "X509_STORE_CTX_get0_chain" + or + name = "X509_STORE_CTX_get0_param" + or + name = "X509_STORE_CTX_get0_rpk" + or + name = "X509_STORE_CTX_get0_untrusted" + or + name = "X509_STORE_CTX_get1_chain" + or + name = "X509_STORE_CTX_get1_issuer" + or + name = "X509_STORE_CTX_get_app_data" + or + name = "X509_STORE_CTX_get_by_subject" + or + name = "X509_STORE_CTX_get_cert_crl" + or + name = "X509_STORE_CTX_get_check_crl" + or + name = "X509_STORE_CTX_get_check_issued" + or + name = "X509_STORE_CTX_get_check_policy" + or + name = "X509_STORE_CTX_get_check_revocation" + or + name = "X509_STORE_CTX_get_cleanup" + or + name = "X509_STORE_CTX_get_crl_fn" + or + name = "X509_STORE_CTX_get_current_cert" + or + name = "X509_STORE_CTX_get_error" + or + name = "X509_STORE_CTX_get_error_depth" + or + name = "X509_STORE_CTX_get_ex_data" + or + name = "X509_STORE_CTX_get_ex_new_index" + or + name = "X509_STORE_CTX_get_get_crl" + or + name = "X509_STORE_CTX_get_get_issuer" + or + name = "X509_STORE_CTX_get_issuer_fn" + or + name = "X509_STORE_CTX_get_lookup_certs" + or + name = "X509_STORE_CTX_get_lookup_crls" + or + name = "X509_STORE_CTX_get_num_untrusted" + or + name = "X509_STORE_CTX_get_obj_by_subject" + or + name = "X509_STORE_CTX_get_verify" + or + name = "X509_STORE_CTX_get_verify_cb" + or + name = "X509_STORE_CTX_init" + or + name = "X509_STORE_CTX_init_rpk" + or + name = "X509_STORE_CTX_lookup_certs_fn" + or + name = "X509_STORE_CTX_lookup_crls_fn" + or + name = "X509_STORE_CTX_new" + or + name = "X509_STORE_CTX_new_ex" + or + name = "X509_STORE_CTX_print_verify_cb" + or + name = "X509_STORE_CTX_purpose_inherit" + or + name = "X509_STORE_CTX_set0_crls" + or + name = "X509_STORE_CTX_set0_param" + or + name = "X509_STORE_CTX_set0_rpk" + or + name = "X509_STORE_CTX_set0_trusted_stack" + or + name = "X509_STORE_CTX_set0_untrusted" + or + name = "X509_STORE_CTX_set0_verified_chain" + or + name = "X509_STORE_CTX_set_app_data" + or + name = "X509_STORE_CTX_set_cert" + or + name = "X509_STORE_CTX_set_chain" + or + name = "X509_STORE_CTX_set_current_cert" + or + name = "X509_STORE_CTX_set_default" + or + name = "X509_STORE_CTX_set_error" + or + name = "X509_STORE_CTX_set_error_depth" + or + name = "X509_STORE_CTX_set_ex_data" + or + name = "X509_STORE_CTX_set_purpose" + or + name = "X509_STORE_CTX_set_trust" + or + name = "X509_STORE_CTX_set_verify" + or + name = "X509_STORE_CTX_set_verify_cb" + or + name = "X509_STORE_CTX_trusted_stack" + or + name = "X509_STORE_CTX_verify" + or + name = "X509_STORE_CTX_verify_cb" + or + name = "X509_STORE_CTX_verify_fn" + or + name = "X509_STORE_add_cert" + or + name = "X509_STORE_add_crl" + or + name = "X509_STORE_add_lookup" + or + name = "X509_STORE_free" + or + name = "X509_STORE_get0_objects" + or + name = "X509_STORE_get0_param" + or + name = "X509_STORE_get1_all_certs" + or + name = "X509_STORE_get_cert_crl" + or + name = "X509_STORE_get_check_crl" + or + name = "X509_STORE_get_check_issued" + or + name = "X509_STORE_get_check_policy" + or + name = "X509_STORE_get_check_revocation" + or + name = "X509_STORE_get_cleanup" + or + name = "X509_STORE_get_ex_data" + or + name = "X509_STORE_get_ex_new_index" + or + name = "X509_STORE_get_get_crl" + or + name = "X509_STORE_get_get_issuer" + or + name = "X509_STORE_get_lookup_certs" + or + name = "X509_STORE_get_lookup_crls" + or + name = "X509_STORE_get_verify_cb" + or + name = "X509_STORE_load_file" + or + name = "X509_STORE_load_file_ex" + or + name = "X509_STORE_load_locations" + or + name = "X509_STORE_load_locations_ex" + or + name = "X509_STORE_load_path" + or + name = "X509_STORE_load_store" + or + name = "X509_STORE_load_store_ex" + or + name = "X509_STORE_lock" + or + name = "X509_STORE_new" + or + name = "X509_STORE_set1_param" + or + name = "X509_STORE_set_cert_crl" + or + name = "X509_STORE_set_check_crl" + or + name = "X509_STORE_set_check_issued" + or + name = "X509_STORE_set_check_policy" + or + name = "X509_STORE_set_check_revocation" + or + name = "X509_STORE_set_cleanup" + or + name = "X509_STORE_set_default_paths" + or + name = "X509_STORE_set_default_paths_ex" + or + name = "X509_STORE_set_depth" + or + name = "X509_STORE_set_ex_data" + or + name = "X509_STORE_set_flags" + or + name = "X509_STORE_set_get_crl" + or + name = "X509_STORE_set_get_issuer" + or + name = "X509_STORE_set_lookup_certs" + or + name = "X509_STORE_set_lookup_crls" + or + name = "X509_STORE_set_lookup_crls_cb" + or + name = "X509_STORE_set_purpose" + or + name = "X509_STORE_set_trust" + or + name = "X509_STORE_set_verify" + or + name = "X509_STORE_set_verify_cb" + or + name = "X509_STORE_set_verify_cb_func" + or + name = "X509_STORE_set_verify_func" + or + name = "X509_STORE_unlock" + or + name = "X509_STORE_up_ref" + or + name = "X509_VAL_free" + or + name = "X509_VAL_new" + or + name = "X509_VERIFY_PARAM_add0_policy" + or + name = "X509_VERIFY_PARAM_add1_host" + or + name = "X509_VERIFY_PARAM_clear_flags" + or + name = "X509_VERIFY_PARAM_get0_email" + or + name = "X509_VERIFY_PARAM_get0_host" + or + name = "X509_VERIFY_PARAM_get0_peername" + or + name = "X509_VERIFY_PARAM_get1_ip_asc" + or + name = "X509_VERIFY_PARAM_get_auth_level" + or + name = "X509_VERIFY_PARAM_get_depth" + or + name = "X509_VERIFY_PARAM_get_flags" + or + name = "X509_VERIFY_PARAM_get_hostflags" + or + name = "X509_VERIFY_PARAM_get_inh_flags" + or + name = "X509_VERIFY_PARAM_get_time" + or + name = "X509_VERIFY_PARAM_set1_email" + or + name = "X509_VERIFY_PARAM_set1_host" + or + name = "X509_VERIFY_PARAM_set1_ip" + or + name = "X509_VERIFY_PARAM_set1_ip_asc" + or + name = "X509_VERIFY_PARAM_set1_policies" + or + name = "X509_VERIFY_PARAM_set_auth_level" + or + name = "X509_VERIFY_PARAM_set_depth" + or + name = "X509_VERIFY_PARAM_set_flags" + or + name = "X509_VERIFY_PARAM_set_hostflags" + or + name = "X509_VERIFY_PARAM_set_inh_flags" + or + name = "X509_VERIFY_PARAM_set_purpose" + or + name = "X509_VERIFY_PARAM_set_time" + or + name = "X509_VERIFY_PARAM_set_trust" + or + name = "X509_add1_ext_i2d" + or + name = "X509_add_cert" + or + name = "X509_add_certs" + or + name = "X509_add_ext" + or + name = "X509_build_chain" + or + name = "X509_chain_up_ref" + or + name = "X509_check_ca" + or + name = "X509_check_email" + or + name = "X509_check_host" + or + name = "X509_check_ip" + or + name = "X509_check_ip_asc" + or + name = "X509_check_issued" + or + name = "X509_check_private_key" + or + name = "X509_check_purpose" + or + name = "X509_cmp" + or + name = "X509_cmp_current_time" + or + name = "X509_cmp_time" + or + name = "X509_cmp_timeframe" + or + name = "X509_delete_ext" + or + name = "X509_digest" + or + name = "X509_digest_sig" + or + name = "X509_dup" + or + name = "X509_free" + or + name = "X509_get0_authority_issuer" + or + name = "X509_get0_authority_key_id" + or + name = "X509_get0_authority_serial" + or + name = "X509_get0_distinguishing_id" + or + name = "X509_get0_extensions" + or + name = "X509_get0_notAfter" + or + name = "X509_get0_notBefore" + or + name = "X509_get0_pubkey" + or + name = "X509_get0_serialNumber" + or + name = "X509_get0_signature" + or + name = "X509_get0_subject_key_id" + or + name = "X509_get0_tbs_sigalg" + or + name = "X509_get0_uids" + or + name = "X509_get_X509_PUBKEY" + or + name = "X509_get_default_cert_dir" + or + name = "X509_get_default_cert_dir_env" + or + name = "X509_get_default_cert_file" + or + name = "X509_get_default_cert_file_env" + or + name = "X509_get_default_cert_path_env" + or + name = "X509_get_default_cert_uri" + or + name = "X509_get_default_cert_uri_env" + or + name = "X509_get_ex_data" + or + name = "X509_get_ex_new_index" + or + name = "X509_get_ext" + or + name = "X509_get_ext_by_NID" + or + name = "X509_get_ext_by_OBJ" + or + name = "X509_get_ext_by_critical" + or + name = "X509_get_ext_count" + or + name = "X509_get_ext_d2i" + or + name = "X509_get_extended_key_usage" + or + name = "X509_get_extension_flags" + or + name = "X509_get_issuer_name" + or + name = "X509_get_key_usage" + or + name = "X509_get_pathlen" + or + name = "X509_get_proxy_pathlen" + or + name = "X509_get_pubkey" + or + name = "X509_get_serialNumber" + or + name = "X509_get_signature_info" + or + name = "X509_get_signature_nid" + or + name = "X509_get_subject_name" + or + name = "X509_get_version" + or + name = "X509_getm_notAfter" + or + name = "X509_getm_notBefore" + or + name = "X509_gmtime_adj" + or + name = "X509_http_nbio" + or + name = "X509_issuer_and_serial_cmp" + or + name = "X509_issuer_name_cmp" + or + name = "X509_issuer_name_hash" + or + name = "X509_load_cert_crl_file" + or + name = "X509_load_cert_crl_file_ex" + or + name = "X509_load_cert_file" + or + name = "X509_load_cert_file_ex" + or + name = "X509_load_crl_file" + or + name = "X509_load_http" + or + name = "X509_new" + or + name = "X509_new_ex" + or + name = "X509_pubkey_digest" + or + name = "X509_self_signed" + or + name = "X509_set0_distinguishing_id" + or + name = "X509_set1_notAfter" + or + name = "X509_set1_notBefore" + or + name = "X509_set_ex_data" + or + name = "X509_set_issuer_name" + or + name = "X509_set_proxy_flag" + or + name = "X509_set_proxy_pathlen" + or + name = "X509_set_pubkey" + or + name = "X509_set_serialNumber" + or + name = "X509_set_subject_name" + or + name = "X509_set_version" + or + name = "X509_sign" + or + name = "X509_sign_ctx" + or + name = "X509_subject_name_cmp" + or + name = "X509_subject_name_hash" + or + name = "X509_time_adj" + or + name = "X509_time_adj_ex" + or + name = "X509_up_ref" + or + name = "X509_verify" + or + name = "X509_verify_cert" + or + name = "X509_verify_cert_error_string" + or + name = "X509v3_add_ext" + or + name = "X509v3_delete_ext" + or + name = "X509v3_get_ext" + or + name = "X509v3_get_ext_by_NID" + or + name = "X509v3_get_ext_by_OBJ" + or + name = "X509v3_get_ext_by_critical" + or + name = "X509v3_get_ext_count" + or + name = "b2i_PVK_bio" + or + name = "b2i_PVK_bio_ex" + or + name = "bio" + or + name = "blowfish" + or + name = "bn" + or + name = "bn_add_words" + or + name = "bn_check_top" + or + name = "bn_cmp_words" + or + name = "bn_div_words" + or + name = "bn_dump" + or + name = "bn_expand" + or + name = "bn_expand2" + or + name = "bn_fix_top" + or + name = "bn_internal" + or + name = "bn_mul_add_words" + or + name = "bn_mul_comba4" + or + name = "bn_mul_comba8" + or + name = "bn_mul_high" + or + name = "bn_mul_low_normal" + or + name = "bn_mul_low_recursive" + or + name = "bn_mul_normal" + or + name = "bn_mul_part_recursive" + or + name = "bn_mul_recursive" + or + name = "bn_mul_words" + or + name = "bn_print" + or + name = "bn_set_high" + or + name = "bn_set_low" + or + name = "bn_set_max" + or + name = "bn_sqr_comba4" + or + name = "bn_sqr_comba8" + or + name = "bn_sqr_normal" + or + name = "bn_sqr_recursive" + or + name = "bn_sqr_words" + or + name = "bn_sub_words" + or + name = "bn_wexpand" + or + name = "buffer" + or + name = "crypto" + or + name = "custom_ext_add_cb" + or + name = "custom_ext_free_cb" + or + name = "custom_ext_parse_cb" + or + name = "d2i_ACCESS_DESCRIPTION" + or + name = "d2i_ADMISSIONS" + or + name = "d2i_ADMISSION_SYNTAX" + or + name = "d2i_ASIdOrRange" + or + name = "d2i_ASIdentifierChoice" + or + name = "d2i_ASIdentifiers" + or + name = "d2i_ASN1_BIT_STRING" + or + name = "d2i_ASN1_BMPSTRING" + or + name = "d2i_ASN1_ENUMERATED" + or + name = "d2i_ASN1_GENERALIZEDTIME" + or + name = "d2i_ASN1_GENERALSTRING" + or + name = "d2i_ASN1_IA5STRING" + or + name = "d2i_ASN1_INTEGER" + or + name = "d2i_ASN1_NULL" + or + name = "d2i_ASN1_OBJECT" + or + name = "d2i_ASN1_OCTET_STRING" + or + name = "d2i_ASN1_PRINTABLE" + or + name = "d2i_ASN1_PRINTABLESTRING" + or + name = "d2i_ASN1_SEQUENCE_ANY" + or + name = "d2i_ASN1_SET_ANY" + or + name = "d2i_ASN1_T61STRING" + or + name = "d2i_ASN1_TIME" + or + name = "d2i_ASN1_TYPE" + or + name = "d2i_ASN1_UINTEGER" + or + name = "d2i_ASN1_UNIVERSALSTRING" + or + name = "d2i_ASN1_UTCTIME" + or + name = "d2i_ASN1_UTF8STRING" + or + name = "d2i_ASN1_VISIBLESTRING" + or + name = "d2i_ASRange" + or + name = "d2i_AUTHORITY_INFO_ACCESS" + or + name = "d2i_AUTHORITY_KEYID" + or + name = "d2i_AutoPrivateKey" + or + name = "d2i_AutoPrivateKey_ex" + or + name = "d2i_BASIC_CONSTRAINTS" + or + name = "d2i_CERTIFICATEPOLICIES" + or + name = "d2i_CMS_ContentInfo" + or + name = "d2i_CMS_ReceiptRequest" + or + name = "d2i_CMS_bio" + or + name = "d2i_CRL_DIST_POINTS" + or + name = "d2i_DHparams" + or + name = "d2i_DHparams_bio" + or + name = "d2i_DHparams_fp" + or + name = "d2i_DHxparams" + or + name = "d2i_DIRECTORYSTRING" + or + name = "d2i_DISPLAYTEXT" + or + name = "d2i_DIST_POINT" + or + name = "d2i_DIST_POINT_NAME" + or + name = "d2i_DSAPrivateKey" + or + name = "d2i_DSAPrivateKey_bio" + or + name = "d2i_DSAPrivateKey_fp" + or + name = "d2i_DSAPublicKey" + or + name = "d2i_DSA_PUBKEY" + or + name = "d2i_DSA_PUBKEY_bio" + or + name = "d2i_DSA_PUBKEY_fp" + or + name = "d2i_DSA_SIG" + or + name = "d2i_DSAparams" + or + name = "d2i_ECDSA_SIG" + or + name = "d2i_ECPKParameters" + or + name = "d2i_ECPKParameters_bio" + or + name = "d2i_ECPKParameters_fp" + or + name = "d2i_ECParameters" + or + name = "d2i_ECPrivateKey" + or + name = "d2i_ECPrivateKey_bio" + or + name = "d2i_ECPrivateKey_fp" + or + name = "d2i_ECPrivate_key" + or + name = "d2i_EC_PUBKEY" + or + name = "d2i_EC_PUBKEY_bio" + or + name = "d2i_EC_PUBKEY_fp" + or + name = "d2i_EDIPARTYNAME" + or + name = "d2i_ESS_CERT_ID" + or + name = "d2i_ESS_CERT_ID_V2" + or + name = "d2i_ESS_ISSUER_SERIAL" + or + name = "d2i_ESS_SIGNING_CERT" + or + name = "d2i_ESS_SIGNING_CERT_V2" + or + name = "d2i_EXTENDED_KEY_USAGE" + or + name = "d2i_GENERAL_NAME" + or + name = "d2i_GENERAL_NAMES" + or + name = "d2i_IPAddressChoice" + or + name = "d2i_IPAddressFamily" + or + name = "d2i_IPAddressOrRange" + or + name = "d2i_IPAddressRange" + or + name = "d2i_ISSUER_SIGN_TOOL" + or + name = "d2i_ISSUING_DIST_POINT" + or + name = "d2i_KeyParams" + or + name = "d2i_KeyParams_bio" + or + name = "d2i_NAMING_AUTHORITY" + or + name = "d2i_NETSCAPE_CERT_SEQUENCE" + or + name = "d2i_NETSCAPE_SPKAC" + or + name = "d2i_NETSCAPE_SPKI" + or + name = "d2i_NOTICEREF" + or + name = "d2i_Netscape_RSA" + or + name = "d2i_OCSP_BASICRESP" + or + name = "d2i_OCSP_CERTID" + or + name = "d2i_OCSP_CERTSTATUS" + or + name = "d2i_OCSP_CRLID" + or + name = "d2i_OCSP_ONEREQ" + or + name = "d2i_OCSP_REQINFO" + or + name = "d2i_OCSP_REQUEST" + or + name = "d2i_OCSP_RESPBYTES" + or + name = "d2i_OCSP_RESPDATA" + or + name = "d2i_OCSP_RESPID" + or + name = "d2i_OCSP_RESPONSE" + or + name = "d2i_OCSP_REVOKEDINFO" + or + name = "d2i_OCSP_SERVICELOC" + or + name = "d2i_OCSP_SIGNATURE" + or + name = "d2i_OCSP_SINGLERESP" + or + name = "d2i_OSSL_CMP_MSG" + or + name = "d2i_OSSL_CMP_MSG_bio" + or + name = "d2i_OSSL_CMP_PKIHEADER" + or + name = "d2i_OSSL_CMP_PKISI" + or + name = "d2i_OSSL_CRMF_CERTID" + or + name = "d2i_OSSL_CRMF_CERTTEMPLATE" + or + name = "d2i_OSSL_CRMF_ENCRYPTEDVALUE" + or + name = "d2i_OSSL_CRMF_MSG" + or + name = "d2i_OSSL_CRMF_MSGS" + or + name = "d2i_OSSL_CRMF_PBMPARAMETER" + or + name = "d2i_OSSL_CRMF_PKIPUBLICATIONINFO" + or + name = "d2i_OSSL_CRMF_SINGLEPUBINFO" + or + name = "d2i_OTHERNAME" + or + name = "d2i_PBE2PARAM" + or + name = "d2i_PBEPARAM" + or + name = "d2i_PBKDF2PARAM" + or + name = "d2i_PKCS12" + or + name = "d2i_PKCS12_BAGS" + or + name = "d2i_PKCS12_MAC_DATA" + or + name = "d2i_PKCS12_SAFEBAG" + or + name = "d2i_PKCS12_bio" + or + name = "d2i_PKCS12_fp" + or + name = "d2i_PKCS7" + or + name = "d2i_PKCS7_DIGEST" + or + name = "d2i_PKCS7_ENCRYPT" + or + name = "d2i_PKCS7_ENC_CONTENT" + or + name = "d2i_PKCS7_ENVELOPE" + or + name = "d2i_PKCS7_ISSUER_AND_SERIAL" + or + name = "d2i_PKCS7_RECIP_INFO" + or + name = "d2i_PKCS7_SIGNED" + or + name = "d2i_PKCS7_SIGNER_INFO" + or + name = "d2i_PKCS7_SIGN_ENVELOPE" + or + name = "d2i_PKCS7_bio" + or + name = "d2i_PKCS7_fp" + or + name = "d2i_PKCS8PrivateKey" + or + name = "d2i_PKCS8PrivateKey_bio" + or + name = "d2i_PKCS8PrivateKey_fp" + or + name = "d2i_PKCS8_PRIV_KEY_INFO" + or + name = "d2i_PKCS8_PRIV_KEY_INFO_bio" + or + name = "d2i_PKCS8_PRIV_KEY_INFO_fp" + or + name = "d2i_PKCS8_bio" + or + name = "d2i_PKCS8_fp" + or + name = "d2i_PKEY_USAGE_PERIOD" + or + name = "d2i_POLICYINFO" + or + name = "d2i_POLICYQUALINFO" + or + name = "d2i_PROFESSION_INFO" + or + name = "d2i_PROXY_CERT_INFO_EXTENSION" + or + name = "d2i_PROXY_POLICY" + or + name = "d2i_PUBKEY" + or + name = "d2i_PUBKEY_bio" + or + name = "d2i_PUBKEY_ex" + or + name = "d2i_PUBKEY_ex_bio" + or + name = "d2i_PUBKEY_ex_fp" + or + name = "d2i_PUBKEY_fp" + or + name = "d2i_PrivateKey" + or + name = "d2i_PrivateKey_bio" + or + name = "d2i_PrivateKey_ex" + or + name = "d2i_PrivateKey_ex_bio" + or + name = "d2i_PrivateKey_ex_fp" + or + name = "d2i_PrivateKey_fp" + or + name = "d2i_Private_key" + or + name = "d2i_PublicKey" + or + name = "d2i_RSAPrivateKey" + or + name = "d2i_RSAPrivateKey_bio" + or + name = "d2i_RSAPrivateKey_fp" + or + name = "d2i_RSAPublicKey" + or + name = "d2i_RSAPublicKey_bio" + or + name = "d2i_RSAPublicKey_fp" + or + name = "d2i_RSA_OAEP_PARAMS" + or + name = "d2i_RSA_PSS_PARAMS" + or + name = "d2i_RSA_PUBKEY" + or + name = "d2i_RSA_PUBKEY_bio" + or + name = "d2i_RSA_PUBKEY_fp" + or + name = "d2i_SCRYPT_PARAMS" + or + name = "d2i_SCT_LIST" + or + name = "d2i_SSL_SESSION" + or + name = "d2i_SSL_SESSION_ex" + or + name = "d2i_SXNET" + or + name = "d2i_SXNETID" + or + name = "d2i_TS_ACCURACY" + or + name = "d2i_TS_MSG_IMPRINT" + or + name = "d2i_TS_MSG_IMPRINT_bio" + or + name = "d2i_TS_MSG_IMPRINT_fp" + or + name = "d2i_TS_REQ" + or + name = "d2i_TS_REQ_bio" + or + name = "d2i_TS_REQ_fp" + or + name = "d2i_TS_RESP" + or + name = "d2i_TS_RESP_bio" + or + name = "d2i_TS_RESP_fp" + or + name = "d2i_TS_STATUS_INFO" + or + name = "d2i_TS_TST_INFO" + or + name = "d2i_TS_TST_INFO_bio" + or + name = "d2i_TS_TST_INFO_fp" + or + name = "d2i_USERNOTICE" + or + name = "d2i_X509" + or + name = "d2i_X509_ALGOR" + or + name = "d2i_X509_ALGORS" + or + name = "d2i_X509_ATTRIBUTE" + or + name = "d2i_X509_AUX" + or + name = "d2i_X509_CERT_AUX" + or + name = "d2i_X509_CINF" + or + name = "d2i_X509_CRL" + or + name = "d2i_X509_CRL_INFO" + or + name = "d2i_X509_CRL_bio" + or + name = "d2i_X509_CRL_fp" + or + name = "d2i_X509_EXTENSION" + or + name = "d2i_X509_EXTENSIONS" + or + name = "d2i_X509_NAME" + or + name = "d2i_X509_NAME_ENTRY" + or + name = "d2i_X509_PUBKEY" + or + name = "d2i_X509_PUBKEY_bio" + or + name = "d2i_X509_PUBKEY_fp" + or + name = "d2i_X509_REQ" + or + name = "d2i_X509_REQ_INFO" + or + name = "d2i_X509_REQ_bio" + or + name = "d2i_X509_REQ_fp" + or + name = "d2i_X509_REVOKED" + or + name = "d2i_X509_SIG" + or + name = "d2i_X509_VAL" + or + name = "d2i_X509_bio" + or + name = "d2i_X509_fp" + or + name = "des" + or + name = "des_read_2passwords" + or + name = "des_read_password" + or + name = "des_read_pw" + or + name = "des_read_pw_string" + or + name = "dh" + or + name = "dsa" + or + name = "ec" + or + name = "ecdsa" + or + name = "engine" + or + name = "err" + or + name = "evp" + or + name = "hmac" + or + name = "i2b_PVK_bio" + or + name = "i2b_PVK_bio_ex" + or + name = "i2d_ACCESS_DESCRIPTION" + or + name = "i2d_ADMISSIONS" + or + name = "i2d_ADMISSION_SYNTAX" + or + name = "i2d_ASIdOrRange" + or + name = "i2d_ASIdentifierChoice" + or + name = "i2d_ASIdentifiers" + or + name = "i2d_ASN1_BIT_STRING" + or + name = "i2d_ASN1_BMPSTRING" + or + name = "i2d_ASN1_ENUMERATED" + or + name = "i2d_ASN1_GENERALIZEDTIME" + or + name = "i2d_ASN1_GENERALSTRING" + or + name = "i2d_ASN1_IA5STRING" + or + name = "i2d_ASN1_INTEGER" + or + name = "i2d_ASN1_NULL" + or + name = "i2d_ASN1_OBJECT" + or + name = "i2d_ASN1_OCTET_STRING" + or + name = "i2d_ASN1_PRINTABLE" + or + name = "i2d_ASN1_PRINTABLESTRING" + or + name = "i2d_ASN1_SEQUENCE_ANY" + or + name = "i2d_ASN1_SET_ANY" + or + name = "i2d_ASN1_T61STRING" + or + name = "i2d_ASN1_TIME" + or + name = "i2d_ASN1_TYPE" + or + name = "i2d_ASN1_UNIVERSALSTRING" + or + name = "i2d_ASN1_UTCTIME" + or + name = "i2d_ASN1_UTF8STRING" + or + name = "i2d_ASN1_VISIBLESTRING" + or + name = "i2d_ASN1_bio_stream" + or + name = "i2d_ASRange" + or + name = "i2d_AUTHORITY_INFO_ACCESS" + or + name = "i2d_AUTHORITY_KEYID" + or + name = "i2d_BASIC_CONSTRAINTS" + or + name = "i2d_CERTIFICATEPOLICIES" + or + name = "i2d_CMS_ContentInfo" + or + name = "i2d_CMS_ReceiptRequest" + or + name = "i2d_CMS_bio" + or + name = "i2d_CMS_bio_stream" + or + name = "i2d_CRL_DIST_POINTS" + or + name = "i2d_DHparams" + or + name = "i2d_DHparams_bio" + or + name = "i2d_DHparams_fp" + or + name = "i2d_DHxparams" + or + name = "i2d_DIRECTORYSTRING" + or + name = "i2d_DISPLAYTEXT" + or + name = "i2d_DIST_POINT" + or + name = "i2d_DIST_POINT_NAME" + or + name = "i2d_DSAPrivateKey" + or + name = "i2d_DSAPrivateKey_bio" + or + name = "i2d_DSAPrivateKey_fp" + or + name = "i2d_DSAPublicKey" + or + name = "i2d_DSA_PUBKEY" + or + name = "i2d_DSA_PUBKEY_bio" + or + name = "i2d_DSA_PUBKEY_fp" + or + name = "i2d_DSA_SIG" + or + name = "i2d_DSAparams" + or + name = "i2d_ECDSA_SIG" + or + name = "i2d_ECPKParameters" + or + name = "i2d_ECPKParameters_bio" + or + name = "i2d_ECPKParameters_fp" + or + name = "i2d_ECParameters" + or + name = "i2d_ECPrivateKey" + or + name = "i2d_ECPrivateKey_bio" + or + name = "i2d_ECPrivateKey_fp" + or + name = "i2d_EC_PUBKEY" + or + name = "i2d_EC_PUBKEY_bio" + or + name = "i2d_EC_PUBKEY_fp" + or + name = "i2d_EDIPARTYNAME" + or + name = "i2d_ESS_CERT_ID" + or + name = "i2d_ESS_CERT_ID_V2" + or + name = "i2d_ESS_ISSUER_SERIAL" + or + name = "i2d_ESS_SIGNING_CERT" + or + name = "i2d_ESS_SIGNING_CERT_V2" + or + name = "i2d_EXTENDED_KEY_USAGE" + or + name = "i2d_GENERAL_NAME" + or + name = "i2d_GENERAL_NAMES" + or + name = "i2d_IPAddressChoice" + or + name = "i2d_IPAddressFamily" + or + name = "i2d_IPAddressOrRange" + or + name = "i2d_IPAddressRange" + or + name = "i2d_ISSUER_SIGN_TOOL" + or + name = "i2d_ISSUING_DIST_POINT" + or + name = "i2d_KeyParams" + or + name = "i2d_KeyParams_bio" + or + name = "i2d_NAMING_AUTHORITY" + or + name = "i2d_NETSCAPE_CERT_SEQUENCE" + or + name = "i2d_NETSCAPE_SPKAC" + or + name = "i2d_NETSCAPE_SPKI" + or + name = "i2d_NOTICEREF" + or + name = "i2d_Netscape_RSA" + or + name = "i2d_OCSP_BASICRESP" + or + name = "i2d_OCSP_CERTID" + or + name = "i2d_OCSP_CERTSTATUS" + or + name = "i2d_OCSP_CRLID" + or + name = "i2d_OCSP_ONEREQ" + or + name = "i2d_OCSP_REQINFO" + or + name = "i2d_OCSP_REQUEST" + or + name = "i2d_OCSP_RESPBYTES" + or + name = "i2d_OCSP_RESPDATA" + or + name = "i2d_OCSP_RESPID" + or + name = "i2d_OCSP_RESPONSE" + or + name = "i2d_OCSP_REVOKEDINFO" + or + name = "i2d_OCSP_SERVICELOC" + or + name = "i2d_OCSP_SIGNATURE" + or + name = "i2d_OCSP_SINGLERESP" + or + name = "i2d_OSSL_CMP_MSG" + or + name = "i2d_OSSL_CMP_MSG_bio" + or + name = "i2d_OSSL_CMP_PKIHEADER" + or + name = "i2d_OSSL_CMP_PKISI" + or + name = "i2d_OSSL_CRMF_CERTID" + or + name = "i2d_OSSL_CRMF_CERTTEMPLATE" + or + name = "i2d_OSSL_CRMF_ENCRYPTEDVALUE" + or + name = "i2d_OSSL_CRMF_MSG" + or + name = "i2d_OSSL_CRMF_MSGS" + or + name = "i2d_OSSL_CRMF_PBMPARAMETER" + or + name = "i2d_OSSL_CRMF_PKIPUBLICATIONINFO" + or + name = "i2d_OSSL_CRMF_SINGLEPUBINFO" + or + name = "i2d_OTHERNAME" + or + name = "i2d_PBE2PARAM" + or + name = "i2d_PBEPARAM" + or + name = "i2d_PBKDF2PARAM" + or + name = "i2d_PKCS12" + or + name = "i2d_PKCS12_BAGS" + or + name = "i2d_PKCS12_MAC_DATA" + or + name = "i2d_PKCS12_SAFEBAG" + or + name = "i2d_PKCS12_bio" + or + name = "i2d_PKCS12_fp" + or + name = "i2d_PKCS7" + or + name = "i2d_PKCS7_DIGEST" + or + name = "i2d_PKCS7_ENCRYPT" + or + name = "i2d_PKCS7_ENC_CONTENT" + or + name = "i2d_PKCS7_ENVELOPE" + or + name = "i2d_PKCS7_ISSUER_AND_SERIAL" + or + name = "i2d_PKCS7_NDEF" + or + name = "i2d_PKCS7_RECIP_INFO" + or + name = "i2d_PKCS7_SIGNED" + or + name = "i2d_PKCS7_SIGNER_INFO" + or + name = "i2d_PKCS7_SIGN_ENVELOPE" + or + name = "i2d_PKCS7_bio" + or + name = "i2d_PKCS7_bio_stream" + or + name = "i2d_PKCS7_fp" + or + name = "i2d_PKCS8PrivateKeyInfo_bio" + or + name = "i2d_PKCS8PrivateKeyInfo_fp" + or + name = "i2d_PKCS8PrivateKey_bio" + or + name = "i2d_PKCS8PrivateKey_fp" + or + name = "i2d_PKCS8PrivateKey_nid_bio" + or + name = "i2d_PKCS8PrivateKey_nid_fp" + or + name = "i2d_PKCS8_PRIV_KEY_INFO" + or + name = "i2d_PKCS8_PRIV_KEY_INFO_bio" + or + name = "i2d_PKCS8_PRIV_KEY_INFO_fp" + or + name = "i2d_PKCS8_bio" + or + name = "i2d_PKCS8_fp" + or + name = "i2d_PKEY_USAGE_PERIOD" + or + name = "i2d_POLICYINFO" + or + name = "i2d_POLICYQUALINFO" + or + name = "i2d_PROFESSION_INFO" + or + name = "i2d_PROXY_CERT_INFO_EXTENSION" + or + name = "i2d_PROXY_POLICY" + or + name = "i2d_PUBKEY" + or + name = "i2d_PUBKEY_bio" + or + name = "i2d_PUBKEY_fp" + or + name = "i2d_PrivateKey" + or + name = "i2d_PrivateKey_bio" + or + name = "i2d_PrivateKey_fp" + or + name = "i2d_PublicKey" + or + name = "i2d_RSAPrivateKey" + or + name = "i2d_RSAPrivateKey_bio" + or + name = "i2d_RSAPrivateKey_fp" + or + name = "i2d_RSAPublicKey" + or + name = "i2d_RSAPublicKey_bio" + or + name = "i2d_RSAPublicKey_fp" + or + name = "i2d_RSA_OAEP_PARAMS" + or + name = "i2d_RSA_PSS_PARAMS" + or + name = "i2d_RSA_PUBKEY" + or + name = "i2d_RSA_PUBKEY_bio" + or + name = "i2d_RSA_PUBKEY_fp" + or + name = "i2d_SCRYPT_PARAMS" + or + name = "i2d_SCT_LIST" + or + name = "i2d_SSL_SESSION" + or + name = "i2d_SXNET" + or + name = "i2d_SXNETID" + or + name = "i2d_TS_ACCURACY" + or + name = "i2d_TS_MSG_IMPRINT" + or + name = "i2d_TS_MSG_IMPRINT_bio" + or + name = "i2d_TS_MSG_IMPRINT_fp" + or + name = "i2d_TS_REQ" + or + name = "i2d_TS_REQ_bio" + or + name = "i2d_TS_REQ_fp" + or + name = "i2d_TS_RESP" + or + name = "i2d_TS_RESP_bio" + or + name = "i2d_TS_RESP_fp" + or + name = "i2d_TS_STATUS_INFO" + or + name = "i2d_TS_TST_INFO" + or + name = "i2d_TS_TST_INFO_bio" + or + name = "i2d_TS_TST_INFO_fp" + or + name = "i2d_USERNOTICE" + or + name = "i2d_X509" + or + name = "i2d_X509_ALGOR" + or + name = "i2d_X509_ALGORS" + or + name = "i2d_X509_ATTRIBUTE" + or + name = "i2d_X509_AUX" + or + name = "i2d_X509_CERT_AUX" + or + name = "i2d_X509_CINF" + or + name = "i2d_X509_CRL" + or + name = "i2d_X509_CRL_INFO" + or + name = "i2d_X509_CRL_bio" + or + name = "i2d_X509_CRL_fp" + or + name = "i2d_X509_EXTENSION" + or + name = "i2d_X509_EXTENSIONS" + or + name = "i2d_X509_NAME" + or + name = "i2d_X509_NAME_ENTRY" + or + name = "i2d_X509_PUBKEY" + or + name = "i2d_X509_PUBKEY_bio" + or + name = "i2d_X509_PUBKEY_fp" + or + name = "i2d_X509_REQ" + or + name = "i2d_X509_REQ_INFO" + or + name = "i2d_X509_REQ_bio" + or + name = "i2d_X509_REQ_fp" + or + name = "i2d_X509_REVOKED" + or + name = "i2d_X509_SIG" + or + name = "i2d_X509_VAL" + or + name = "i2d_X509_bio" + or + name = "i2d_X509_fp" + or + name = "i2d_re_X509_CRL_tbs" + or + name = "i2d_re_X509_REQ_tbs" + or + name = "i2d_re_X509_tbs" + or + name = "i2o_SCT" + or + name = "i2o_SCT_LIST" + or + name = "i2s_ASN1_ENUMERATED" + or + name = "i2s_ASN1_ENUMERATED_TABLE" + or + name = "i2s_ASN1_IA5STRING" + or + name = "i2s_ASN1_INTEGER" + or + name = "i2s_ASN1_OCTET_STRING" + or + name = "i2s_ASN1_UTF8STRING" + or + name = "i2t_ASN1_OBJECT" + or + name = "lh_TYPE_delete" + or + name = "lh_TYPE_doall" + or + name = "lh_TYPE_doall_arg" + or + name = "lh_TYPE_error" + or + name = "lh_TYPE_flush" + or + name = "lh_TYPE_free" + or + name = "lh_TYPE_insert" + or + name = "lh_TYPE_new" + or + name = "lh_TYPE_retrieve" + or + name = "lh_delete" + or + name = "lh_doall" + or + name = "lh_doall_arg" + or + name = "lh_error" + or + name = "lh_free" + or + name = "lh_insert" + or + name = "lh_new" + or + name = "lh_node_stats" + or + name = "lh_node_stats_bio" + or + name = "lh_node_usage_stats" + or + name = "lh_node_usage_stats_bio" + or + name = "lh_retrieve" + or + name = "lh_stats" + or + name = "lh_stats_bio" + or + name = "lhash" + or + name = "md5" + or + name = "mdc2" + or + name = "o2i_SCT" + or + name = "o2i_SCT_LIST" + or + name = "pem" + or + name = "pem_password_cb" + or + name = "rand" + or + name = "rc4" + or + name = "ripemd" + or + name = "rsa" + or + name = "s2i_ASN1_IA5STRING" + or + name = "s2i_ASN1_INTEGER" + or + name = "s2i_ASN1_OCTET_STRING" + or + name = "s2i_ASN1_UTF8STRING" + or + name = "sha" + or + name = "sk_TYPE_deep_copy" + or + name = "sk_TYPE_delete" + or + name = "sk_TYPE_delete_ptr" + or + name = "sk_TYPE_dup" + or + name = "sk_TYPE_find" + or + name = "sk_TYPE_find_all" + or + name = "sk_TYPE_find_ex" + or + name = "sk_TYPE_free" + or + name = "sk_TYPE_insert" + or + name = "sk_TYPE_is_sorted" + or + name = "sk_TYPE_new" + or + name = "sk_TYPE_new_null" + or + name = "sk_TYPE_new_reserve" + or + name = "sk_TYPE_num" + or + name = "sk_TYPE_pop" + or + name = "sk_TYPE_pop_free" + or + name = "sk_TYPE_push" + or + name = "sk_TYPE_reserve" + or + name = "sk_TYPE_set" + or + name = "sk_TYPE_set_cmp_func" + or + name = "sk_TYPE_shift" + or + name = "sk_TYPE_sort" + or + name = "sk_TYPE_unshift" + or + name = "sk_TYPE_value" + or + name = "sk_TYPE_zero" + or + name = "ssl" + or + name = "ssl_ct_validation_cb" + or + name = "threads" + or + name = "ui" + or + name = "ui_compat" + or + name = "x509" } diff --git a/cpp/ql/lib/experimental/cryptography/utils/OpenSSL/PassthroughFunction.qll b/cpp/ql/lib/experimental/cryptography/utils/OpenSSL/PassthroughFunction.qll index e4e40f4e6af..f772f85afb1 100644 --- a/cpp/ql/lib/experimental/cryptography/utils/OpenSSL/PassthroughFunction.qll +++ b/cpp/ql/lib/experimental/cryptography/utils/OpenSSL/PassthroughFunction.qll @@ -1,60 +1,59 @@ -import cpp +import cpp import experimental.cryptography.utils.OpenSSL.LibraryFunction import semmle.code.cpp.ir.dataflow.DataFlow - // TODO: possible use of extensible predicates here // NOTE: -1 for outInd represents the return value -predicate knownPassthroughFunction(Function f, int inInd, int outInd){ - // Trace through functions - // See https://www.openssl.org/docs/man1.1.1/man3/OBJ_obj2txt - // https://www.openssl.org/docs/man3.0/man3/EVP_CIPHER_get0_name - openSSLLibraryFunc(f) - and - ( - ( - f.getName() in [ - "OBJ_nid2obj", "OBJ_nid2ln", "OBJ_nid2sn", - "OBJ_obj2nid", "OBJ_ln2nid", "OBJ_sn2nid", - "OBJ_txt2nid","OBJ_txt2obj", "OBJ_dup", - "EVP_CIPHER_get0_name"] - and inInd = 0 and outInd = -1) - or - ( - f.getName() in ["OBJ_obj2txt","i2t_ASN1_OBJECT"] and - inInd = 2 and outInd = 0 - ) - or - // Dup/copy pattern occurs in more places, - //see: https://www.openssl.org/docs/manmaster/man3/EC_KEY_copy.html and https://www.openssl.org/docs/manmaster/man3/EVP_PKEY_CTX_dup.html - f.getName().matches("%_dup") and inInd = 0 and outInd = -1 - or - f.getName().matches("%_copy") and inInd = 0 and outInd = -1 - ) +predicate knownPassthroughFunction(Function f, int inInd, int outInd) { + // Trace through functions + // See https://www.openssl.org/docs/man1.1.1/man3/OBJ_obj2txt + // https://www.openssl.org/docs/man3.0/man3/EVP_CIPHER_get0_name + openSSLLibraryFunc(f) and + ( + f.getName() in [ + "OBJ_nid2obj", "OBJ_nid2ln", "OBJ_nid2sn", "OBJ_obj2nid", "OBJ_ln2nid", "OBJ_sn2nid", + "OBJ_txt2nid", "OBJ_txt2obj", "OBJ_dup", "EVP_CIPHER_get0_name" + ] and + inInd = 0 and + outInd = -1 + or + f.getName() in ["OBJ_obj2txt", "i2t_ASN1_OBJECT"] and + inInd = 2 and + outInd = 0 + or + // Dup/copy pattern occurs in more places, + //see: https://www.openssl.org/docs/manmaster/man3/EC_KEY_copy.html and https://www.openssl.org/docs/manmaster/man3/EVP_PKEY_CTX_dup.html + f.getName().matches("%_dup") and inInd = 0 and outInd = -1 + or + f.getName().matches("%_copy") and inInd = 0 and outInd = -1 + ) } /** - * `c` is a call to a function that preserves the algorithm but changes its form. + * `c` is a call to a function that preserves the algorithm but changes its form. * `onExpr` is the input argument passing through to, `outExpr` is the next expression in a dataflow step associated with `c` */ -predicate knownPassthoughCall(Call c, Expr inExpr, Expr outExpr){ - exists(int inInd, int outInd | - knownPassthroughFunction(c.getTarget(), inInd, outInd) and - inExpr = c.getArgument(inInd) and - if(outInd = -1) - then outExpr = c - else outExpr = c.getArgument(outInd) - ) +predicate knownPassthoughCall(Call c, Expr inExpr, Expr outExpr) { + exists(int inInd, int outInd | + knownPassthroughFunction(c.getTarget(), inInd, outInd) and + inExpr = c.getArgument(inInd) and + if outInd = -1 then outExpr = c else outExpr = c.getArgument(outInd) + ) } /* -* Explicitly add flow through openssl functions that preserve the algorithm but alter the form (e.g., from NID to string) -*/ -predicate knownPassThroughStep(DataFlow::Node node1, DataFlow::Node node2){ - exists(Expr cur, Expr next | - (cur = node1.asExpr() or cur = node1.asIndirectArgument()) and - (next = node2.asExpr() or next = node2.asIndirectArgument() or next = node2.asDefiningArgument()) - | - exists(Call c | knownPassthoughCall(c, cur, next))) -} + * Explicitly add flow through openssl functions that preserve the algorithm but alter the form (e.g., from NID to string) + */ +predicate knownPassThroughStep(DataFlow::Node node1, DataFlow::Node node2) { + exists(Expr cur, Expr next | + (cur = node1.asExpr() or cur = node1.asIndirectArgument()) and + ( + next = node2.asExpr() or + next = node2.asIndirectArgument() or + next = node2.asDefiningArgument() + ) + | + exists(Call c | knownPassthoughCall(c, cur, next)) + ) +} diff --git a/cpp/ql/src/experimental/cryptography/example_alerts/UnknownAsymmetricKeyGen.ql b/cpp/ql/src/experimental/cryptography/example_alerts/UnknownAsymmetricKeyGen.ql index 7216fbb7259..722449d2fe4 100644 --- a/cpp/ql/src/experimental/cryptography/example_alerts/UnknownAsymmetricKeyGen.ql +++ b/cpp/ql/src/experimental/cryptography/example_alerts/UnknownAsymmetricKeyGen.ql @@ -1,20 +1,19 @@ /** * @name Unknown key generation key size - * @description + * @description * @id cpp/unknown-asymmetric-key-gen-size * @kind problem * @problem.severity error * @precision high * @tags external/cwe/cwe-326 */ -import cpp +import cpp import experimental.cryptography.Concepts from AsymmetricKeyGeneration op, AsymmetricAlgorithm alg -where - alg = op.getAlgorithm() and - not alg instanceof EllipticCurveAlgorithm and - not exists(op.getKeySizeInBits(alg)) +where + alg = op.getAlgorithm() and + not alg instanceof EllipticCurveAlgorithm and + not exists(op.getKeySizeInBits(alg)) select op, "Use of unknown asymmetric key size for algorithm $@", alg, alg.getName().toString() - diff --git a/cpp/ql/src/experimental/cryptography/example_alerts/WeakAsymmetricKeyGen.ql b/cpp/ql/src/experimental/cryptography/example_alerts/WeakAsymmetricKeyGen.ql index bb7ffc93f94..c11e01acf0c 100644 --- a/cpp/ql/src/experimental/cryptography/example_alerts/WeakAsymmetricKeyGen.ql +++ b/cpp/ql/src/experimental/cryptography/example_alerts/WeakAsymmetricKeyGen.ql @@ -1,21 +1,23 @@ /** * @name Weak asymmetric key generation key size (< 2048 bits) - * @description + * @description * @id cpp/weak-asymmetric-key-gen-size * @kind problem * @problem.severity error * @precision high * @tags external/cwe/cwe-326 */ -import cpp +import cpp import experimental.cryptography.Concepts from AsymmetricKeyGeneration op, AsymmetricAlgorithm alg, Expr configSrc, int size -where - alg = op.getAlgorithm() and - not alg instanceof EllipticCurveAlgorithm and - configSrc = op.getKeyConfigurationSource(alg) and - size = configSrc.getValue().toInt() and - size < 2048 -select op, "Use of weak asymmetric key size (in bits) " + size + " configured at $@ for algorithm $@", configSrc, configSrc.toString(), alg, alg.getName().toString() +where + alg = op.getAlgorithm() and + not alg instanceof EllipticCurveAlgorithm and + configSrc = op.getKeyConfigurationSource(alg) and + size = configSrc.getValue().toInt() and + size < 2048 +select op, + "Use of weak asymmetric key size (in bits) " + size + " configured at $@ for algorithm $@", + configSrc, configSrc.toString(), alg, alg.getName().toString() diff --git a/cpp/ql/src/experimental/cryptography/example_alerts/WeakBlockMode.ql b/cpp/ql/src/experimental/cryptography/example_alerts/WeakBlockMode.ql index fe74cac341f..8242bc14438 100644 --- a/cpp/ql/src/experimental/cryptography/example_alerts/WeakBlockMode.ql +++ b/cpp/ql/src/experimental/cryptography/example_alerts/WeakBlockMode.ql @@ -1,31 +1,34 @@ -/** -* @name Weak block mode -* @description Finds uses of symmetric encryption block modes that are weak, obsolete, or otherwise unaccepted. -* @id cpp/weak-block-mode -* @kind problem -* @problem.severity error -* @precision high -* @tags external/cwe/cwe-327 -*/ +/** + * @name Weak block mode + * @description Finds uses of symmetric encryption block modes that are weak, obsolete, or otherwise unaccepted. + * @id cpp/weak-block-mode + * @kind problem + * @problem.severity error + * @precision high + * @tags external/cwe/cwe-327 + */ + import cpp import experimental.cryptography.Concepts from BlockModeAlgorithm alg, string name, string msg, Expr confSink where -exists(string tmpMsg | + exists(string tmpMsg | ( - (name = alg.getBlockModeName() and name = unknownAlgorithm() and tmpMsg = "Use of unrecognized block mode algorithm.") - or - ( - name != unknownAlgorithm() and - name = alg.getBlockModeName() and - not name = ["CBC","CTS","XTS"] and - tmpMsg = "Use of weak block mode algorithm " + name + "." - ) - ) - and + name = alg.getBlockModeName() and + name = unknownAlgorithm() and + tmpMsg = "Use of unrecognized block mode algorithm." + or + name != unknownAlgorithm() and + name = alg.getBlockModeName() and + not name = ["CBC", "CTS", "XTS"] and + tmpMsg = "Use of weak block mode algorithm " + name + "." + ) and if alg.hasConfigurationSink() and alg.configurationSink() != alg - then (confSink = alg.configurationSink() and msg = tmpMsg + " Algorithm used at sink: $@.") - else (confSink = alg and msg = tmpMsg) -) -select alg, msg, confSink, confSink.toString() \ No newline at end of file + then ( + confSink = alg.configurationSink() and msg = tmpMsg + " Algorithm used at sink: $@." + ) else ( + confSink = alg and msg = tmpMsg + ) + ) +select alg, msg, confSink, confSink.toString() diff --git a/cpp/ql/src/experimental/cryptography/example_alerts/WeakEllipticCurve.ql b/cpp/ql/src/experimental/cryptography/example_alerts/WeakEllipticCurve.ql index 58f4564f8be..f51795bad95 100644 --- a/cpp/ql/src/experimental/cryptography/example_alerts/WeakEllipticCurve.ql +++ b/cpp/ql/src/experimental/cryptography/example_alerts/WeakEllipticCurve.ql @@ -7,28 +7,34 @@ * @precision high * @tags external/cwe/cwe-327 */ + import cpp import experimental.cryptography.Concepts from EllipticCurveAlgorithm alg, string name, string msg, Expr confSink where -exists(string tmpMsg | + exists(string tmpMsg | ( - (name = alg.getCurveName() and name = unknownAlgorithm() and tmpMsg = "Use of unrecognized curve algorithm.") - or - ( - name != unknownAlgorithm() and - name = alg.getCurveName() and - not name = ["SECP256R1", "PRIME256V1",//P-256 - "SECP384R1", //P-384 - "SECP521R1", //P-521 - "ED25519", "X25519"] and - tmpMsg = "Use of weak curve algorithm " + name + "." - ) - ) - and + name = alg.getCurveName() and + name = unknownAlgorithm() and + tmpMsg = "Use of unrecognized curve algorithm." + or + name != unknownAlgorithm() and + name = alg.getCurveName() and + not name = + [ + "SECP256R1", "PRIME256V1", //P-256 + "SECP384R1", //P-384 + "SECP521R1", //P-521 + "ED25519", "X25519" + ] and + tmpMsg = "Use of weak curve algorithm " + name + "." + ) and if alg.hasConfigurationSink() and alg.configurationSink() != alg - then (confSink = alg.configurationSink() and msg = tmpMsg + " Algorithm used at sink: $@.") - else (confSink = alg and msg = tmpMsg) -) -select alg, msg, confSink, confSink.toString() \ No newline at end of file + then ( + confSink = alg.configurationSink() and msg = tmpMsg + " Algorithm used at sink: $@." + ) else ( + confSink = alg and msg = tmpMsg + ) + ) +select alg, msg, confSink, confSink.toString() diff --git a/cpp/ql/src/experimental/cryptography/example_alerts/WeakEncryption.ql b/cpp/ql/src/experimental/cryptography/example_alerts/WeakEncryption.ql index 16ddc74480d..d8d5c4e4a56 100644 --- a/cpp/ql/src/experimental/cryptography/example_alerts/WeakEncryption.ql +++ b/cpp/ql/src/experimental/cryptography/example_alerts/WeakEncryption.ql @@ -11,24 +11,31 @@ import cpp import experimental.cryptography.Concepts - from SymmetricEncryptionAlgorithm alg, Expr confSink, string msg -where -exists (string resMsg | - ( - if alg.getEncryptionName() = unknownAlgorithm() - then ( - alg instanceof Literal and resMsg = "Use of unrecognized symmetric encryption algorithm: " + alg.(Literal).getValueText().toString() + "." - or - not alg instanceof Literal and resMsg = "Use of unrecognized symmetric encryption algorithm." +where + exists(string resMsg | + ( + if alg.getEncryptionName() = unknownAlgorithm() + then ( + alg instanceof Literal and + resMsg = + "Use of unrecognized symmetric encryption algorithm: " + + alg.(Literal).getValueText().toString() + "." + or + not alg instanceof Literal and + resMsg = "Use of unrecognized symmetric encryption algorithm." + ) else ( + not alg.getEncryptionName().matches("AES%") and + resMsg = "Use of banned symmetric encryption algorithm: " + alg.getEncryptionName() + "." + ) + ) and + ( + if alg.hasConfigurationSink() and alg.configurationSink() != alg + then ( + confSink = alg.configurationSink() and msg = resMsg + " Algorithm used at sink: $@." + ) else ( + confSink = alg and msg = resMsg + ) ) - else (not alg.getEncryptionName().matches("AES%") and resMsg = "Use of banned symmetric encryption algorithm: " + alg.getEncryptionName() + ".") ) - and - ( - if alg.hasConfigurationSink() and alg.configurationSink() != alg - then (confSink = alg.configurationSink() and msg = resMsg + " Algorithm used at sink: $@.") - else (confSink = alg and msg = resMsg) - ) -) select alg, msg, confSink, confSink.toString() diff --git a/cpp/ql/src/experimental/cryptography/example_alerts/WeakHashes.ql b/cpp/ql/src/experimental/cryptography/example_alerts/WeakHashes.ql index 688e713fc1e..8b6835d9b26 100644 --- a/cpp/ql/src/experimental/cryptography/example_alerts/WeakHashes.ql +++ b/cpp/ql/src/experimental/cryptography/example_alerts/WeakHashes.ql @@ -1,6 +1,6 @@ /** * @name Weak cryptography - * @description Finds explicit uses of cryptographic hash algorithms that are weak and obsolete. + * @description Finds explicit uses of cryptographic hash algorithms that are weak and obsolete. * @kind problem * @id cpp/weak-crypto/banned-hash-algorithms * @problem.severity error @@ -11,25 +11,26 @@ import cpp import semmle.code.cpp.dataflow.DataFlow as ASTDataFlow import experimental.cryptography.Concepts - -from HashAlgorithm alg, Expr confSink, string msg -where -exists(string name, string msgTmp | name = alg.getHashName() | - not name = ["SHA256", "SHA384", "SHA512"] and - ( - if name = unknownAlgorithm() - then - ( - not alg instanceof Literal and msgTmp = "Use of unrecognized hash algorithm." - or - alg instanceof Literal and msgTmp = "Use of unrecognized hash algorithm: " + alg.(Literal).getValueText().toString() + "." - ) - else msgTmp = "Use of banned hash algorithm " + name + "." - ) - and - if alg.hasConfigurationSink() and alg.configurationSink() != alg - then (confSink = alg.configurationSink() and msg = msgTmp + " Algorithm used at sink: $@.") - else (confSink = alg and msg = msgTmp) - ) +from HashAlgorithm alg, Expr confSink, string msg +where + exists(string name, string msgTmp | name = alg.getHashName() | + not name = ["SHA256", "SHA384", "SHA512"] and + ( + if name = unknownAlgorithm() + then + not alg instanceof Literal and msgTmp = "Use of unrecognized hash algorithm." + or + alg instanceof Literal and + msgTmp = + "Use of unrecognized hash algorithm: " + alg.(Literal).getValueText().toString() + "." + else msgTmp = "Use of banned hash algorithm " + name + "." + ) and + if alg.hasConfigurationSink() and alg.configurationSink() != alg + then ( + confSink = alg.configurationSink() and msg = msgTmp + " Algorithm used at sink: $@." + ) else ( + confSink = alg and msg = msgTmp + ) + ) select alg, msg, confSink, confSink.toString() diff --git a/python/ql/lib/experimental/cryptography/Concepts.qll b/python/ql/lib/experimental/cryptography/Concepts.qll index 4297c8aa7c3..e7befd8f239 100644 --- a/python/ql/lib/experimental/cryptography/Concepts.qll +++ b/python/ql/lib/experimental/cryptography/Concepts.qll @@ -1,7 +1,6 @@ import experimental.cryptography.CryptoArtifact import experimental.cryptography.CryptoAlgorithmNames import semmle.python.ApiGraphs - import experimental.cryptography.modules.stdlib.HashlibModule as HashLibModule import experimental.cryptography.modules.stdlib.HmacModule as HMacModule import experimental.cryptography.modules.CryptographyModule as CryptographyModule diff --git a/python/ql/lib/experimental/cryptography/CryptoAlgorithmNames.qll b/python/ql/lib/experimental/cryptography/CryptoAlgorithmNames.qll index cfb79773e06..937b45b7aac 100644 --- a/python/ql/lib/experimental/cryptography/CryptoAlgorithmNames.qll +++ b/python/ql/lib/experimental/cryptography/CryptoAlgorithmNames.qll @@ -11,31 +11,40 @@ string unknownAlgorithm() { result = "UNKNOWN" } string getHashType() { result = "HASH" } + string getSymmetricEncryptionType() { result = "SYMMETRIC_ENCRYPTION" } + string getAsymmetricEncryptionType() { result = "ASYMMETRIC_ENCRYPTION" } + string getKeyDerivationType() { result = "KEY_DERIVATION" } + string getCipherBlockModeType() { result = "BLOCK_MODE" } + string getSymmetricPaddingType() { result = "SYMMETRIC_PADDING" } + string getAsymmetricPaddingType() { result = "ASYMMETRIC_PADDING" } + string getEllipticCurveType() { result = "ELLIPTIC_CURVE" } + string getSignatureType() { result = "SIGNATURE" } + string getKeyExchangeType() { result = "KEY_EXCHANGE" } -predicate isKnownType(string algType){ +predicate isKnownType(string algType) { algType in [ - getHashType(), getSymmetricEncryptionType(), getAsymmetricEncryptionType(), getKeyDerivationType(), - getCipherBlockModeType(), getSymmetricPaddingType(), getAsymmetricPaddingType(), getEllipticCurveType(), - getSignatureType(), getKeyExchangeType() - ] + getHashType(), getSymmetricEncryptionType(), getAsymmetricEncryptionType(), + getKeyDerivationType(), getCipherBlockModeType(), getSymmetricPaddingType(), + getAsymmetricPaddingType(), getEllipticCurveType(), getSignatureType(), getKeyExchangeType() + ] } - predicate isKnownAlgorithm(string name) { isKnownAlgorithm(name, _) } predicate isKnownAlgorithm(string name, string algType) { isHashingAlgorithm(name) and algType = "HASH" or - isEncryptionAlgorithm(name, algType) and algType in ["SYMMETRIC_ENCRYPTION", "ASYMMETRIC_ENCRYPTION"] + isEncryptionAlgorithm(name, algType) and + algType in ["SYMMETRIC_ENCRYPTION", "ASYMMETRIC_ENCRYPTION"] or isKeyDerivationAlgorithm(name) and algType = "KEY_DERIVATION" or @@ -56,11 +65,11 @@ predicate isKnownAlgorithm(string name, string algType) { predicate isHashingAlgorithm(string name) { name = [ - "BLAKE2", "BLAKE2B", "BLAKE2S", - "SHA2", "SHA224", "SHA256", "SHA384", "SHA512", "SHA512224", "SHA512256", - "SHA3", "SHA3224", "SHA3256", "SHA3384", "SHA3512", "SHAKE128", "SHAKE256", "SM3", - "WHIRLPOOL", "POLY1305", "HAVEL128", "MD2", "MD4", "MD5", "PANAMA", "RIPEMD", "RIPEMD128", - "RIPEMD256", "RIPEMD160", "RIPEMD320", "SHA0", "SHA1", "SHA", "MGF1","MGF1SHA1", "MDC2", "SIPHASH" + "BLAKE2", "BLAKE2B", "BLAKE2S", "SHA2", "SHA224", "SHA256", "SHA384", "SHA512", "SHA512224", + "SHA512256", "SHA3", "SHA3224", "SHA3256", "SHA3384", "SHA3512", "SHAKE128", "SHAKE256", + "SM3", "WHIRLPOOL", "POLY1305", "HAVEL128", "MD2", "MD4", "MD5", "PANAMA", "RIPEMD", + "RIPEMD128", "RIPEMD256", "RIPEMD160", "RIPEMD320", "SHA0", "SHA1", "SHA", "MGF1", "MGF1SHA1", + "MDC2", "SIPHASH" ] } @@ -82,10 +91,10 @@ predicate isSymmetricEncryptionAlgorithm(string name) { "AES", "AES128", "AES192", "AES256", "ARIA", "BLOWFISH", "BF", "ECIES", "CAST", "CAST5", "CAMELLIA", "CAMELLIA128", "CAMELLIA192", "CAMELLIA256", "CHACHA", "CHACHA20", "CHACHA20POLY1305", "GOST", "GOSTR34102001", "GOSTR341094", "GOSTR341194", "GOST2814789", - "GOSTR341194", "GOST2814789", "GOST28147", "GOSTR341094", "GOST89", "GOST94", "GOST34102012", - "GOST34112012", "IDEA", "RABBIT", - "SEED", "SM4", "DES", "DESX", "3DES", "TDES", "2DES", "DES3", "TRIPLEDES", "TDEA", "TRIPLEDEA", - "ARC2", "RC2", "ARC4", "RC4", "ARCFOUR", "ARC5", "RC5", "MAGMA", "KUZNYECHIK" + "GOSTR341194", "GOST2814789", "GOST28147", "GOSTR341094", "GOST89", "GOST94", "GOST34102012", + "GOST34112012", "IDEA", "RABBIT", "SEED", "SM4", "DES", "DESX", "3DES", "TDES", "2DES", + "DES3", "TRIPLEDES", "TDEA", "TRIPLEDEA", "ARC2", "RC2", "ARC4", "RC4", "ARCFOUR", "ARC5", + "RC5", "MAGMA", "KUZNYECHIK" ] } @@ -200,8 +209,12 @@ predicate isEllipticCurveAlgorithm(string curveName, int keySize) { /** * Holds if `name` corresponds to a known signature algorithm. */ -predicate isSignatureAlgorithm(string name) { - name = ["DSA", "ECDSA", "EDDSA", "ES256", "ES256K", "ES384", "ES512", "ED25519", "ED448", "ECDSA256", "ECDSA384", "ECDSA512"] +predicate isSignatureAlgorithm(string name) { + name = + [ + "DSA", "ECDSA", "EDDSA", "ES256", "ES256K", "ES384", "ES512", "ED25519", "ED448", "ECDSA256", + "ECDSA384", "ECDSA512" + ] } /** diff --git a/python/ql/lib/experimental/cryptography/CryptoArtifact.qll b/python/ql/lib/experimental/cryptography/CryptoArtifact.qll index 77adf8c79a8..f976379720a 100644 --- a/python/ql/lib/experimental/cryptography/CryptoArtifact.qll +++ b/python/ql/lib/experimental/cryptography/CryptoArtifact.qll @@ -3,56 +3,53 @@ private import semmle.python.ApiGraphs private import experimental.cryptography.CryptoAlgorithmNames private import experimental.cryptography.utils.Utils as Utils - /* -* A cryptographic artifact is a DataFlow::Node associated with some -* operation, algorithm, or any other aspect of cryptography. -*/ -abstract class CryptographicArtifact extends DataFlow::Node {} + * A cryptographic artifact is a DataFlow::Node associated with some + * operation, algorithm, or any other aspect of cryptography. + */ + +abstract class CryptographicArtifact extends DataFlow::Node { } /** * Associates a symmetric encryption algorithm with a block mode. * The DataFlow::Node representing this association should be the - * point where the algorithm and block mode are combined. - * This may be at the call to encryption or in the construction - * of an object prior to encryption. + * point where the algorithm and block mode are combined. + * This may be at the call to encryption or in the construction + * of an object prior to encryption. */ -abstract class SymmetricCipher extends CryptographicArtifact{ +abstract class SymmetricCipher extends CryptographicArtifact { abstract SymmetricEncryptionAlgorithm getEncryptionAlgorithm(); + abstract BlockMode getBlockMode(); - final predicate hasBlockMode(){ - exists(this.getBlockMode()) - } + + final predicate hasBlockMode() { exists(this.getBlockMode()) } } /** * A cryptographic operation is a method call that invokes a cryptographic * algorithm (encrypt/decrypt) or a function in support of a cryptographic algorithm * (key generation). - * + * * Since operations are related to or in support of algorithms, operations must * provide a reference to their associated algorithm. Often operataions themselves * encapsulate algorithms, so operations can also extend CryptographicAlgorithm - * and refer to themselves as the target algorithm. + * and refer to themselves as the target algorithm. */ -abstract class CryptographicOperation extends CryptographicArtifact, API::CallNode{ - +abstract class CryptographicOperation extends CryptographicArtifact, API::CallNode { bindingset[paramName, ind] - final DataFlow::Node getParameterSource(int ind, string paramName){ + final DataFlow::Node getParameterSource(int ind, string paramName) { result = Utils::getUltimateSrcFromApiNode(this.(API::CallNode).getParameter(ind, paramName)) } - final string getAlgorithmName(){ + final string getAlgorithmName() { if exists(this.getAlgorithm().getName()) then result = this.getAlgorithm().getName() else result = unknownAlgorithm() } - final predicate hasAlgorithm(){ - exists(this.getAlgorithm()) - } + final predicate hasAlgorithm() { exists(this.getAlgorithm()) } - final predicate isUnknownAlgorithm(){ + final predicate isUnknownAlgorithm() { this.getAlgorithmName() = unknownAlgorithm() or not this.hasAlgorithm() @@ -61,65 +58,51 @@ abstract class CryptographicOperation extends CryptographicArtifact, API::CallNo // TODO: this might have to be parameterized by a configuration source for // situations where an operation is passed an algorithm abstract CryptographicAlgorithm getAlgorithm(); - } /** A key generation operation for asymmetric keys */ -abstract class KeyGen extends CryptographicOperation{ +abstract class KeyGen extends CryptographicOperation { + int getAKeySizeInBits() { result = getKeySizeInBits(_) } - - int getAKeySizeInBits(){ - result = getKeySizeInBits(_) - } + final predicate hasKeySize(DataFlow::Node configSrc) { exists(this.getKeySizeInBits(configSrc)) } - final predicate hasKeySize(DataFlow::Node configSrc){ - exists(this.getKeySizeInBits(configSrc)) - } - - final predicate hasKeySize(){ - exists(this.getAKeySizeInBits()) - } + final predicate hasKeySize() { exists(this.getAKeySizeInBits()) } abstract DataFlow::Node getKeyConfigSrc(); - abstract int getKeySizeInBits(DataFlow::Node configSrc); + abstract int getKeySizeInBits(DataFlow::Node configSrc); } -abstract class AsymmetricKeyGen extends KeyGen{} -abstract class SymmetricKeyGen extends KeyGen{} +abstract class AsymmetricKeyGen extends KeyGen { } +abstract class SymmetricKeyGen extends KeyGen { } /** - * A cryptographic algorithm is a `CryptographicArtifact` + * A cryptographic algorithm is a `CryptographicArtifact` * representing a cryptographic algorithm (see `CryptoAlgorithmNames.qll`). * Cryptographic algorithms can be functions referencing common crypto algorithms (e.g., hashlib.md5) * or strings that are used in cryptographic operation configurations (e.g., hashlib.new("md5")). * Cryptogrpahic algorithms may also be operations that wrap or abstract one or * more algorithms (e.g., cyrptography.fernet.Fernet and AES, CBC and PKCS7). - * + * * In principle, this class should model the location where an algorithm enters the program, not - * necessarily where it is used. + * necessarily where it is used. */ -abstract class CryptographicAlgorithm extends CryptographicArtifact -{ +abstract class CryptographicAlgorithm extends CryptographicArtifact { abstract string getName(); - // TODO: handle case where name isn't known, not just unknown? - + // TODO: handle case where name isn't known, not just unknown? /** * Normalizes a raw name into a normalized name as found in `CryptoAlgorithmNames.qll`. * Subclassess should override for more api-specific normalization. - * By deafult, converts a raw name to upper-case with no hyphen, underscore, hash, or space. + * By deafult, converts a raw name to upper-case with no hyphen, underscore, hash, or space. */ bindingset[s] - string normalizeName(string s) - { - exists(string normStr | - normStr = s.toUpperCase().regexpReplaceAll("[-_ ]", "") - | - (result = normStr and isKnownAlgorithm(result)) + string normalizeName(string s) { + exists(string normStr | normStr = s.toUpperCase().regexpReplaceAll("[-_ ]", "") | + result = normStr and isKnownAlgorithm(result) or - (result = unknownAlgorithm() and not isKnownAlgorithm(normStr)) + result = unknownAlgorithm() and not isKnownAlgorithm(normStr) ) } } @@ -129,84 +112,69 @@ abstract class CryptographicAlgorithm extends CryptographicArtifact // super.getName() = unknownAlgorithm() // } // } - -abstract class HashAlgorithm extends CryptographicAlgorithm{ - final string getHashName(){ +abstract class HashAlgorithm extends CryptographicAlgorithm { + final string getHashName() { if exists(string n | n = this.getName() and isHashingAlgorithm(n)) - then (isHashingAlgorithm(result) and result = this.getName()) + then isHashingAlgorithm(result) and result = this.getName() else result = unknownAlgorithm() } } - -abstract class KeyDerivationAlgorithm extends CryptographicAlgorithm{ - final string getKDFName(){ +abstract class KeyDerivationAlgorithm extends CryptographicAlgorithm { + final string getKDFName() { if exists(string n | n = this.getName() and isKeyDerivationAlgorithm(n)) - then (isKeyDerivationAlgorithm(result) and result = this.getName()) + then isKeyDerivationAlgorithm(result) and result = this.getName() else result = unknownAlgorithm() } } -abstract class KeyDerivationOperation extends CryptographicOperation{ - DataFlow::Node getIterationSizeSrc(){ - none() - } +abstract class KeyDerivationOperation extends CryptographicOperation { + DataFlow::Node getIterationSizeSrc() { none() } - DataFlow::Node getSaltConfigSrc(){ - none() - } + DataFlow::Node getSaltConfigSrc() { none() } - DataFlow::Node getHashConfigSrc(){ - none() - } + DataFlow::Node getHashConfigSrc() { none() } // TODO: get encryption algorithm for CBC-based KDF? + DataFlow::Node getDerivedKeySizeSrc() { none() } - DataFlow::Node getDerivedKeySizeSrc(){ - none() - } - - DataFlow::Node getModeSrc(){ - none() - } + DataFlow::Node getModeSrc() { none() } // TODO: add more to cover all the parameters of most KDF operations? Perhaps subclass for each type? - abstract predicate requiresIteration(); + abstract predicate requiresSalt(); + abstract predicate requiresHash(); + //abstract predicate requiresKeySize(); // Going to assume all requires a size abstract predicate requiresMode(); - } /** * A parent class to represent any algorithm for which * asymmetric cryptography is involved. * Intended to be distinct from AsymmetricEncryptionAlgorithm - * which is intended only for asymmetric algorithms that specifically encrypt. + * which is intended only for asymmetric algorithms that specifically encrypt. */ -abstract class AsymmetricAlgorithm extends CryptographicAlgorithm{} +abstract class AsymmetricAlgorithm extends CryptographicAlgorithm { } - -abstract class EncryptionAlgorithm extends CryptographicAlgorithm -{ +abstract class EncryptionAlgorithm extends CryptographicAlgorithm { final predicate isAsymmetric() { this instanceof AsymmetricEncryptionAlgorithm } - final predicate isSymmetric() { not this.isAsymmetric() } + final predicate isSymmetric() { not this.isAsymmetric() } // NOTE: DO_NOT add getEncryptionName here, we rely on the fact the parent // class does not have this common predicate. } - /** * Algorithms directly or indirectly related to asymmetric encryption, * e.g., RSA, DSA, but also RSA padding algorithms */ -abstract class AsymmetricEncryptionAlgorithm extends AsymmetricAlgorithm, EncryptionAlgorithm{ - final string getEncryptionName(){ +abstract class AsymmetricEncryptionAlgorithm extends AsymmetricAlgorithm, EncryptionAlgorithm { + final string getEncryptionName() { if exists(string n | n = this.getName() and isAsymmetricEncryptionAlgorithm(n)) - then (isAsymmetricEncryptionAlgorithm(result) and result = this.getName()) + then isAsymmetricEncryptionAlgorithm(result) and result = this.getName() else result = unknownAlgorithm() } } @@ -215,87 +183,82 @@ abstract class AsymmetricEncryptionAlgorithm extends AsymmetricAlgorithm, Encryp * Algorithms directly or indirectly related to symmetric encryption, * e.g., AES, DES, but also block modes and padding */ -abstract class SymmetricEncryptionAlgorithm extends EncryptionAlgorithm -{ - final string getEncryptionName(){ +abstract class SymmetricEncryptionAlgorithm extends EncryptionAlgorithm { + final string getEncryptionName() { if exists(string n | n = this.getName() and isSymmetricEncryptionAlgorithm(n)) - then (isSymmetricEncryptionAlgorithm(result) and result = this.getName()) + then isSymmetricEncryptionAlgorithm(result) and result = this.getName() else result = unknownAlgorithm() } // TODO: add a stream cipher predicate? } // Used only to categorize all padding into a single object, -// DO_NOT add predicates here. Only for categorization purposes. -abstract class PaddingAlgorithm extends CryptographicAlgorithm{} +// DO_NOT add predicates here. Only for categorization purposes. +abstract class PaddingAlgorithm extends CryptographicAlgorithm { } abstract class SymmetricPadding extends PaddingAlgorithm { - final string getPaddingName(){ + final string getPaddingName() { if exists(string n | n = this.getName() and isSymmetricPaddingAlgorithm(n)) - then (isSymmetricPaddingAlgorithm(result) and result = this.getName()) + then isSymmetricPaddingAlgorithm(result) and result = this.getName() else result = unknownAlgorithm() } } abstract class AsymmetricPadding extends PaddingAlgorithm { - final string getPaddingName(){ + final string getPaddingName() { if exists(string n | n = this.getName() and isAsymmetricPaddingAlgorithm(n)) - then (isAsymmetricPaddingAlgorithm(result) and result = this.getName()) + then isAsymmetricPaddingAlgorithm(result) and result = this.getName() else result = unknownAlgorithm() } } -abstract class EllipticCurveAlgorithm extends AsymmetricAlgorithm{ - final string getCurveName(){ +abstract class EllipticCurveAlgorithm extends AsymmetricAlgorithm { + final string getCurveName() { if exists(string n | n = this.getName() and isEllipticCurveAlgorithm(n)) - then (isEllipticCurveAlgorithm(result) and result = this.getName()) + then isEllipticCurveAlgorithm(result) and result = this.getName() else result = unknownAlgorithm() } - final int getCurveBitSize(){ - isEllipticCurveAlgorithm(this.getCurveName(), result) - } + final int getCurveBitSize() { isEllipticCurveAlgorithm(this.getCurveName(), result) } } -abstract class BlockMode extends CryptographicAlgorithm{ - final string getBlockModeName(){ +abstract class BlockMode extends CryptographicAlgorithm { + final string getBlockModeName() { if exists(string n | n = this.getName() and isCipherBlockModeAlgorithm(n)) - then (isCipherBlockModeAlgorithm(result) and result = this.getName()) + then isCipherBlockModeAlgorithm(result) and result = this.getName() else result = unknownAlgorithm() } /** - * Gets the source of the IV configuration. + * Gets the source of the IV configuration. */ abstract DataFlow::Node getIVorNonce(); final predicate hasIVorNonce() { exists(this.getIVorNonce()) } } -abstract class KeyWrapOperation extends CryptographicOperation{ -} +abstract class KeyWrapOperation extends CryptographicOperation { } -abstract class AuthenticatedEncryptionAlgorithm extends SymmetricEncryptionAlgorithm{ - final string getAuthticatedEncryptionName(){ +abstract class AuthenticatedEncryptionAlgorithm extends SymmetricEncryptionAlgorithm { + final string getAuthticatedEncryptionName() { if exists(string n | n = this.getName() and isSymmetricEncryptionAlgorithm(n)) - then (isSymmetricEncryptionAlgorithm(result) and result = this.getName()) + then isSymmetricEncryptionAlgorithm(result) and result = this.getName() else result = unknownAlgorithm() } } -abstract class KeyExchangeAlgorithm extends AsymmetricAlgorithm{ - final string getKeyExchangeName(){ +abstract class KeyExchangeAlgorithm extends AsymmetricAlgorithm { + final string getKeyExchangeName() { if exists(string n | n = this.getName() and isKeyExchangeAlgorithm(n)) - then (isKeyExchangeAlgorithm(result) and result = this.getName()) + then isKeyExchangeAlgorithm(result) and result = this.getName() else result = unknownAlgorithm() } } -abstract class SigningAlgorithm extends AsymmetricAlgorithm{ - final string getSigningName(){ +abstract class SigningAlgorithm extends AsymmetricAlgorithm { + final string getSigningName() { if exists(string n | n = this.getName() and isSignatureAlgorithm(n)) - then (isSignatureAlgorithm(result) and result = this.getName()) + then isSignatureAlgorithm(result) and result = this.getName() else result = unknownAlgorithm() } } - diff --git a/python/ql/lib/experimental/cryptography/modules/CryptographyModule.qll b/python/ql/lib/experimental/cryptography/modules/CryptographyModule.qll index ba995dda721..6f38d703b64 100644 --- a/python/ql/lib/experimental/cryptography/modules/CryptographyModule.qll +++ b/python/ql/lib/experimental/cryptography/modules/CryptographyModule.qll @@ -3,36 +3,38 @@ import semmle.python.ApiGraphs import experimental.cryptography.CryptoArtifact import experimental.cryptography.CryptoAlgorithmNames import experimental.cryptography.utils.CallCfgNodeWithTarget -private import experimental.cryptography.utils.Utils as Utils - +private import experimental.cryptography.utils.Utils as Utils /** -* Provides models for the `cryptography` PyPI package. -* See https://cryptography.io/en/latest/. -*/ - + * Provides models for the `cryptography` PyPI package. + * See https://cryptography.io/en/latest/. + */ // ----------------------------------------------- // Hash Artifacts // https://cryptography.io/en/latest/hazmat/primitives/cryptographic-hashes/#module-cryptography.hazmat.primitives.hashes // ----------------------------------------------- - module Hashes{ +module Hashes { /** - * Gets a member access of cryptography.hazmat.primitives.hashes - * that is a hash algorithm invocation. - * `hashName` is the name of the hash algorithm. - */ - pragma[nomagic] // Copying use of nomagic from similar predicate in codeql/main - DataFlow::Node cryptographyMemberHashAlgorithm(string hashName) { - result = API::moduleImport("cryptography") - .getMember("hazmat") - .getMember("primitives") - .getMember("hashes") - .getMember(hashName).asSource() and + * Gets a member access of cryptography.hazmat.primitives.hashes + * that is a hash algorithm invocation. + * `hashName` is the name of the hash algorithm. + */ + // Copying use of nomagic from similar predicate in codeql/main + pragma[nomagic] + DataFlow::Node cryptographyMemberHashAlgorithm(string hashName) { + result = + API::moduleImport("cryptography") + .getMember("hazmat") + .getMember("primitives") + .getMember("hashes") + .getMember(hashName) + .asSource() and // Don't matches known non-hash members // https://github.com/pyca/cryptography/blob/main/src/cryptography/hazmat/primitives/hashes.py#L69-L111 - not hashName in - ["abc", "already_finalized", "ExtendableOutputFunction", "Hash", - "HashAlgorithm", "HashContext", "typing", "utils"] and + not hashName in [ + "abc", "already_finalized", "ExtendableOutputFunction", "Hash", "HashAlgorithm", + "HashContext", "typing", "utils" + ] and // Don't match things like __file__ not hashName.regexpMatch("_.*") } @@ -41,41 +43,38 @@ private import experimental.cryptography.utils.Utils as Utils * Identifies hashing algorithm members (i.e., functions) of the `cryptography` module, * e.g., `cryptography.hazmat.primitives.hashes.SHA256`. * https://cryptography.io/en/latest/hazmat/primitives/cryptographic-hashes/#cryptography.hazmat.primitives.hashes.Hash - */ - class CryptographyGenericHashAlgorithm extends HashAlgorithm - { - CryptographyGenericHashAlgorithm(){ - this = cryptographyMemberHashAlgorithm(_) - } + */ + class CryptographyGenericHashAlgorithm extends HashAlgorithm { + CryptographyGenericHashAlgorithm() { this = cryptographyMemberHashAlgorithm(_) } - override string getName(){ + override string getName() { exists(string rawName | this = cryptographyMemberHashAlgorithm(rawName) | result = super.normalizeName(rawName) ) } } - // NOTE: no need to model hashes used for PBKDF2HMAC (and other similar KDF HMAC), the API requires the specified algorithm // is an instance of `HashAlgorithm` handled by `CryptographyGenericHashArtifact` } // https://cryptography.io/en/latest/hazmat/primitives/key-derivation-functions/#module-cryptography.hazmat.primitives.kdf - module KDF{ - DataFlow::Node genericKDFArtifact(API::Node algModule, string algName) { - exists(string member | - algModule = API::moduleImport("cryptography") - .getMember("hazmat") - .getMember("primitives") - .getMember("kdf") - .getMember(member) - .getMember(algName) - and - result = algModule.asSource() - and +module KDF { + DataFlow::Node genericKDFArtifact(API::Node algModule, string algName) { + exists(string member | + algModule = + API::moduleImport("cryptography") + .getMember("hazmat") + .getMember("primitives") + .getMember("kdf") + .getMember(member) + .getMember(algName) and + result = algModule.asSource() and // https://github.com/pyca/cryptography/tree/main/src/cryptography/hazmat/primitives/kdf - member in ["concatkdf", "hkdf", "kbkdf", "pbkdf2", "scrypt", "x963kdf"] - and - algName in ["ConcatKDFHash", "ConcatKDFHMAC", "HKDF", "HKDFExpand", "KBKDFCMAC", "KBKDFHMAC", "PBKDF2HMAC", "Scrypt", "X963KDF"] + member in ["concatkdf", "hkdf", "kbkdf", "pbkdf2", "scrypt", "x963kdf"] and + algName in [ + "ConcatKDFHash", "ConcatKDFHMAC", "HKDF", "HKDFExpand", "KBKDFCMAC", "KBKDFHMAC", + "PBKDF2HMAC", "Scrypt", "X963KDF" + ] ) } @@ -83,227 +82,194 @@ private import experimental.cryptography.utils.Utils as Utils * Identifies key derivation function members (i.e., functions) of the `cryptography` module * https://cryptography.io/en/latest/hazmat/primitives/key-derivation-functions/#module-cryptography.hazmat.primitives.kdf */ - class CryptographyKDFAlgorithm extends KeyDerivationAlgorithm - { - CryptographyKDFAlgorithm(){ - this = genericKDFArtifact(_,_) - } + class CryptographyKDFAlgorithm extends KeyDerivationAlgorithm { + CryptographyKDFAlgorithm() { this = genericKDFArtifact(_, _) } - override string getName(){ - exists(string rawName | this = genericKDFArtifact(_,rawName) | + override string getName() { + exists(string rawName | this = genericKDFArtifact(_, rawName) | // TODO: is HKDFExpand ok to categorize as HKDF? result = super.normalizeName(rawName) ) } - API::Node getModule(){ - this = genericKDFArtifact(result,_) - } + API::Node getModule() { this = genericKDFArtifact(result, _) } } - - API::CallNode getCryptographyKDFOperation(CryptographyKDFAlgorithm kdf){ + API::CallNode getCryptographyKDFOperation(CryptographyKDFAlgorithm kdf) { result = kdf.getModule().getACall() } + class CryptographyKDFOperation extends KeyDerivationOperation { + CryptographyKDFOperation() { this = getCryptographyKDFOperation(_) } - class CryptographyKDFOperation extends KeyDerivationOperation - { - CryptographyKDFOperation(){ - this = getCryptographyKDFOperation(_) - } + override KeyDerivationAlgorithm getAlgorithm() { this = getCryptographyKDFOperation(result) } - override KeyDerivationAlgorithm getAlgorithm(){ - this = getCryptographyKDFOperation(result) - } + override predicate requiresHash() { this.getAlgorithm().getKDFName() != "KBKDFCMAC" } - override predicate requiresHash(){ - this.getAlgorithm().getKDFName() != "KBKDFCMAC" - } - - override predicate requiresMode(){ + override predicate requiresMode() { this.getAlgorithm().getKDFName() in ["KBKDFCMAC", "KBKDFHMAC"] } - override predicate requiresSalt(){ + override predicate requiresSalt() { this.getAlgorithm().getKDFName() in ["PBKDF2HMAC", "CONCATKDFHMAC", "HKDF"] } - override predicate requiresIteration(){ - this.getAlgorithm().getKDFName() in ["PBKDF2HMAC"] - } - + override predicate requiresIteration() { this.getAlgorithm().getKDFName() in ["PBKDF2HMAC"] } - override DataFlow::Node getIterationSizeSrc(){ - if this.requiresIteration() then - // ASSUMPTION: ONLY EVER in arg 3 in PBKDF2HMAC + override DataFlow::Node getIterationSizeSrc() { + if this.requiresIteration() + then + // ASSUMPTION: ONLY EVER in arg 3 in PBKDF2HMAC result = Utils::getUltimateSrcFromApiNode(this.getParameter(3, "iterations")) - else - none() + else none() } - - override DataFlow::Node getSaltConfigSrc(){ - if this.requiresSalt() then + + override DataFlow::Node getSaltConfigSrc() { + if this.requiresSalt() + then // SCRYPT has it in arg 1 if this.getAlgorithm().getKDFName() = "SCRYPT" then result = Utils::getUltimateSrcFromApiNode(this.getParameter(1, "salt")) - // EVERYTHING ELSE that uses salt is in arg 2 - else result = Utils::getUltimateSrcFromApiNode(this.getParameter(2, "salt")) - else - none() - } - - override DataFlow::Node getHashConfigSrc(){ - if this.requiresHash() then - // ASSUMPTION: ONLY EVER in arg 0 - result = Utils::getUltimateSrcFromApiNode(this.getParameter(0, "algorithm")) - else - none() - } - - // TODO: get encryption algorithm for CBC-based KDF? - - override DataFlow::Node getDerivedKeySizeSrc(){ - if this.getAlgorithm().getKDFName() in ["KBKDFHMAC", "KBKDFCMAC"] then - result = Utils::getUltimateSrcFromApiNode(this.getParameter(2, "length")) - else - result = Utils::getUltimateSrcFromApiNode(this.getParameter(1, "length")) - } - - override DataFlow::Node getModeSrc(){ - if this.requiresMode() then - // ASSUMPTION: ONLY EVER in arg 1 - result = Utils::getUltimateSrcFromApiNode(this.getParameter(1, "mode")) - else - none() + else + // EVERYTHING ELSE that uses salt is in arg 2 + result = Utils::getUltimateSrcFromApiNode(this.getParameter(2, "salt")) + else none() } + override DataFlow::Node getHashConfigSrc() { + if this.requiresHash() + then + // ASSUMPTION: ONLY EVER in arg 0 + result = Utils::getUltimateSrcFromApiNode(this.getParameter(0, "algorithm")) + else none() + } + + // TODO: get encryption algorithm for CBC-based KDF? + override DataFlow::Node getDerivedKeySizeSrc() { + if this.getAlgorithm().getKDFName() in ["KBKDFHMAC", "KBKDFCMAC"] + then result = Utils::getUltimateSrcFromApiNode(this.getParameter(2, "length")) + else result = Utils::getUltimateSrcFromApiNode(this.getParameter(1, "length")) + } + + override DataFlow::Node getModeSrc() { + if this.requiresMode() + then + // ASSUMPTION: ONLY EVER in arg 1 + result = Utils::getUltimateSrcFromApiNode(this.getParameter(1, "mode")) + else none() + } } } - - module Encryption{ - +module Encryption { /** * https://cryptography.io/en/latest/hazmat/primitives/aead/#module-cryptography.hazmat.primitives.ciphers.aead * https://cryptography.io/en/latest/fernet/ * https://cryptography.io/en/latest/hazmat/primitives/symmetric-encryption/ */ - module SymmetricEncryption{ - // https://cryptography.io/en/latest/hazmat/primitives/keywrap/ - module KeyWrap{ - + module SymmetricEncryption { + // https://cryptography.io/en/latest/hazmat/primitives/keywrap/ + module KeyWrap { // TODO: what padding mode is used by default? - - DataFlow::Node genericKeyWrapArtifact() { - exists(string opName | - result = API::moduleImport("cryptography") - .getMember("hazmat") - .getMember("primitives") - .getMember("keywrap") - .getMember(opName).getACall() - and - opName in ["aes_key_wrap", "aes_key_wrap_with_padding", "aes_key_unwrap", "aes_key_unwrap_with_padding"] + DataFlow::Node genericKeyWrapArtifact() { + exists(string opName | + result = + API::moduleImport("cryptography") + .getMember("hazmat") + .getMember("primitives") + .getMember("keywrap") + .getMember(opName) + .getACall() and + opName in [ + "aes_key_wrap", "aes_key_wrap_with_padding", "aes_key_unwrap", + "aes_key_unwrap_with_padding" + ] ) } - class CryptographyKeyWrap extends KeyWrapOperation, SymmetricEncryptionAlgorithm, BlockMode, SymmetricCipher + class CryptographyKeyWrap extends KeyWrapOperation, SymmetricEncryptionAlgorithm, BlockMode, + SymmetricCipher { - CryptographyKeyWrap(){ - this = genericKeyWrapArtifact() - } + CryptographyKeyWrap() { this = genericKeyWrapArtifact() } - override string getName(){ - //Cryptography Key Wrap Artifact's use ECB block mode by default: + override string getName() { + //Cryptography Key Wrap Artifact's use ECB block mode by default: // https://github.com/pyca/cryptography/blob/main/src/cryptography/hazmat/primitives/keywrap.py#L14 - result = super.normalizeName("ECB") or + result = super.normalizeName("ECB") + or // TODO: the actual AES used is dependent on the key size, get key size and set name accordingly - // Only allowed key sizes: + // Only allowed key sizes: // https://github.com/pyca/cryptography/blob/main/src/cryptography/hazmat/primitives/keywrap.py#L38-L54 result = super.normalizeName("AES") } /** - * ECB mode is effectively no block mode and no IV is associated with this mode. + * ECB mode is effectively no block mode and no IV is associated with this mode. */ - override DataFlow::Node getIVorNonce() - { - none() - } + override DataFlow::Node getIVorNonce() { none() } - override SymmetricEncryptionAlgorithm getEncryptionAlgorithm(){ - result = this - } - - override BlockMode getBlockMode(){ - result = this - } + override SymmetricEncryptionAlgorithm getEncryptionAlgorithm() { result = this } - override CryptographicAlgorithm getAlgorithm(){ - result = this - } + override BlockMode getBlockMode() { result = this } + + override CryptographicAlgorithm getAlgorithm() { result = this } } } - /** * Authenticated Encryption Artifacts * https://cryptography.io/en/latest/hazmat/primitives/aead/#module-cryptography.hazmat.primitives.ciphers.aead */ - module AuthenticatedEncryption{ - + module AuthenticatedEncryption { API::Node genericAEADAPINode(string algName) { - result = API::moduleImport("cryptography") - .getMember("hazmat") - .getMember("primitives") - .getMember("ciphers") - .getMember("aead") - .getMember(algName) - and algName in ["AESGCM", "AESCCM", "AESOCB3", "AESSIV", "ChaCha20Poly1305"] + result = + API::moduleImport("cryptography") + .getMember("hazmat") + .getMember("primitives") + .getMember("ciphers") + .getMember("aead") + .getMember(algName) and + algName in ["AESGCM", "AESCCM", "AESOCB3", "AESSIV", "ChaCha20Poly1305"] } - DataFlow::Node genericAEADArtifact(API::Node algModule, string algName){ + DataFlow::Node genericAEADArtifact(API::Node algModule, string algName) { algModule = genericAEADAPINode(algName) and result = algModule.asSource() } - - class CryptographyAEAD extends BlockMode, AuthenticatedEncryptionAlgorithm, SymmetricCipher - { - CryptographyAEAD(){ - this = genericAEADArtifact(_,_) - } - API::Node getMember(string memberName){ - result = this.getModule().getMember(memberName) - } + class CryptographyAEAD extends BlockMode, AuthenticatedEncryptionAlgorithm, SymmetricCipher { + CryptographyAEAD() { this = genericAEADArtifact(_, _) } - API::Node getModule(){ - this = genericAEADArtifact(result,_) - } + API::Node getMember(string memberName) { result = this.getModule().getMember(memberName) } - override string getName(){ - exists(string rawName | genericAEADArtifact(_,rawName) = this | + API::Node getModule() { this = genericAEADArtifact(result, _) } + + override string getName() { + exists(string rawName | genericAEADArtifact(_, rawName) = this | result = normalizedBlockNames(rawName) or result = normalizedEncryptionName(rawName) ) } bindingset[rawName] - string normalizedBlockNames(string rawName){ - // https://cryptography.io/en/latest/hazmat/primitives/aead/#module-cryptography.hazmat.primitives.ciphers.aead - if rawName = "AESGCM" - then result = super.normalizeName("GCM") - else if rawName = "AESCCM" + string normalizedBlockNames(string rawName) { + // https://cryptography.io/en/latest/hazmat/primitives/aead/#module-cryptography.hazmat.primitives.ciphers.aead + if rawName = "AESGCM" + then result = super.normalizeName("GCM") + else + if rawName = "AESCCM" then result = super.normalizeName("CCM") - else if rawName = "AESOCB3" - then result = super.normalizeName("OCB") - else if rawName = "AESSIV" - then result = super.normalizeName("SIV") - else result = super.normalizeName(rawName) + else + if rawName = "AESOCB3" + then result = super.normalizeName("OCB") + else + if rawName = "AESSIV" + then result = super.normalizeName("SIV") + else result = super.normalizeName(rawName) } bindingset[rawName] - string normalizedEncryptionName(string rawName){ + string normalizedEncryptionName(string rawName) { if rawName.matches("AES%") then result = super.normalizeName("AES") else result = super.normalizeName(rawName) @@ -312,51 +278,44 @@ private import experimental.cryptography.utils.Utils as Utils /** * Since the IV/Nonce is dependent on the API, we could attempt a dataflow to derive * what it is internal to the library, but instead we take the stance that - * the IV/Nonce is non-existent/unknown to simplify analyses and to be + * the IV/Nonce is non-existent/unknown to simplify analyses and to be * safe in case of API changes. Uses of this API must therefore be - * individually assessed for correct IV use. + * individually assessed for correct IV use. */ - override DataFlow::Node getIVorNonce(){ - none() - } + override DataFlow::Node getIVorNonce() { none() } - override SymmetricEncryptionAlgorithm getEncryptionAlgorithm(){ - result = this - } - - override BlockMode getBlockMode(){ - result = this - } + override SymmetricEncryptionAlgorithm getEncryptionAlgorithm() { result = this } + + override BlockMode getBlockMode() { result = this } } - DataFlow::Node genericAEADKeyGen(CryptographyAEAD aead){ + DataFlow::Node genericAEADKeyGen(CryptographyAEAD aead) { aead.getMember("generate_key").getACall() = result } - class CryptographyAEADKeyGen extends SymmetricKeyGen - { - CryptographyAEADKeyGen(){ - this = genericAEADKeyGen(_) - } + class CryptographyAEADKeyGen extends SymmetricKeyGen { + CryptographyAEADKeyGen() { this = genericAEADKeyGen(_) } - override CryptographyAEAD getAlgorithm(){ - this = genericAEADKeyGen(result) - } + override CryptographyAEAD getAlgorithm() { this = genericAEADKeyGen(result) } - override int getKeySizeInBits(DataFlow::Node configSrc){ + override int getKeySizeInBits(DataFlow::Node configSrc) { if this.getAlgorithm().getAuthticatedEncryptionName() = "ChaCha20Poly1305 " - then result = 32*8 - else (result = configSrc.asExpr().(IntegerLiteral).getValue() and configSrc = this.getKeyConfigSrc()) - + then result = 32 * 8 + else ( + result = configSrc.asExpr().(IntegerLiteral).getValue() and + configSrc = this.getKeyConfigSrc() + ) } - DataFlow::Node keyBitLengthSrc(){ - result = Utils::getUltimateSrcFromApiNode(this.(API::CallNode).getParameter(0, "bit_length")) + DataFlow::Node keyBitLengthSrc() { + result = + Utils::getUltimateSrcFromApiNode(this.(API::CallNode).getParameter(0, "bit_length")) } - override DataFlow::Node getKeyConfigSrc(){ - result = keyBitLengthSrc() or - (not exists(keyBitLengthSrc()) and result = this) + override DataFlow::Node getKeyConfigSrc() { + result = keyBitLengthSrc() + or + not exists(keyBitLengthSrc()) and result = this } } } @@ -364,23 +323,20 @@ private import experimental.cryptography.utils.Utils as Utils /** * https://cryptography.io/en/latest/fernet/ */ - module Fernet{ - - DataFlow::Node fernetConstructor() { - exists(string member | member = ["Fernet", "MultiFernet"] | - result = API::moduleImport("cryptography") - .getMember("fernet") - .getMember(member) - .getACall() + module Fernet { + DataFlow::Node fernetConstructor() { + exists(string member | member = ["Fernet", "MultiFernet"] | + result = + API::moduleImport("cryptography").getMember("fernet").getMember(member).getACall() ) } - class CryptographyFernet extends SymmetricPadding, BlockMode, SymmetricEncryptionAlgorithm, SymmetricCipher{ - CryptographyFernet(){ - this = fernetConstructor() - } + class CryptographyFernet extends SymmetricPadding, BlockMode, SymmetricEncryptionAlgorithm, + SymmetricCipher + { + CryptographyFernet() { this = fernetConstructor() } - override string getName(){ + override string getName() { result = super.normalizeName("PKCS7") or result = super.normalizeName("AES128") or result = super.normalizeName("CBC") @@ -389,112 +345,97 @@ private import experimental.cryptography.utils.Utils as Utils /** * Since the IV/Nonce is dependent on the API, we could attempt a dataflow to derive * what it is internal to the library, but instead we take the stance that - * the IV/Nonce is non-existent/unknown to simplify analyses and to be + * the IV/Nonce is non-existent/unknown to simplify analyses and to be * safe in case of API changes. Uses of this API must therefore be * individually assessed for correct IV use. - * + * * The current API shows the IV is set via os.urandom: * https://github.com/pyca/cryptography/blob/main/src/cryptography/fernet.py */ - override DataFlow::Node getIVorNonce(){ - none() - } + override DataFlow::Node getIVorNonce() { none() } - override SymmetricEncryptionAlgorithm getEncryptionAlgorithm(){ - result = this - } - - override BlockMode getBlockMode(){ - result = this - } - + override SymmetricEncryptionAlgorithm getEncryptionAlgorithm() { result = this } + + override BlockMode getBlockMode() { result = this } } - - API::CallNode fernetKeyGen(CryptographyFernet fernetCall){ - result = fernetCall.(API::CallNode).getReturn().getMember("generate_key").getACall() + API::CallNode fernetKeyGen(CryptographyFernet fernetCall) { + result = fernetCall.(API::CallNode).getReturn().getMember("generate_key").getACall() } - + /** - * https://cryptography.io/en/latest/fernet/#cryptography.fernet.Fernet.generate_key - */ - class FernetKeyGen extends SymmetricKeyGen{ - FernetKeyGen(){ - this = fernetKeyGen(_) - } + * https://cryptography.io/en/latest/fernet/#cryptography.fernet.Fernet.generate_key + */ + class FernetKeyGen extends SymmetricKeyGen { + FernetKeyGen() { this = fernetKeyGen(_) } - override DataFlow::Node getKeyConfigSrc(){ - result = this - } + override DataFlow::Node getKeyConfigSrc() { result = this } - override int getKeySizeInBits(DataFlow::Node configSrc){ + override int getKeySizeInBits(DataFlow::Node configSrc) { // https://github.com/pyca/cryptography/blob/main/src/cryptography/fernet.py#L44 // requires a 256 bit key, but only uses half of it for 128 bit encryption/signing - result = 128 - and + result = 128 and configSrc = this } - override CryptographyFernet getAlgorithm() { - this = fernetKeyGen(result) - } + override CryptographyFernet getAlgorithm() { this = fernetKeyGen(result) } } - // NOTE: not implementing MultiFernet since it operates on Fernet which is already modeled: // https://cryptography.io/en/latest/fernet/#cryptography.fernet.MultiFernet } // https://cryptography.io/en/latest/hazmat/primitives/symmetric-encryption/#module-cryptography.hazmat.primitives.ciphers.modes - module GenericCryptoArtifact{ - - DataFlow::Node genericBlockMode(string name){ + module GenericCryptoArtifact { + DataFlow::Node genericBlockMode(string name) { // getACall since the typical case is to construct the block mode with initialization values // not to pass the mode uninitialized - result = API::moduleImport("cryptography") - .getMember("hazmat") - .getMember("primitives") - .getMember("ciphers") - .getMember("modes") - .getMember(name).getACall() - and not name.regexpMatch("_.*") - } + result = + API::moduleImport("cryptography") + .getMember("hazmat") + .getMember("primitives") + .getMember("ciphers") + .getMember("modes") + .getMember(name) + .getACall() and + not name.regexpMatch("_.*") + } // https://cryptography.io/en/latest/hazmat/primitives/symmetric-encryption/#module-cryptography.hazmat.primitives.ciphers.modes - class CryptographyGenericBlockMode extends BlockMode{ - CryptographyGenericBlockMode(){ - this = genericBlockMode(_) - } + class CryptographyGenericBlockMode extends BlockMode { + CryptographyGenericBlockMode() { this = genericBlockMode(_) } - override string getName(){ + override string getName() { exists(string rawName | this = genericBlockMode(rawName) | result = super.normalizeName(rawName) ) } - override DataFlow::Node getIVorNonce(){ + override DataFlow::Node getIVorNonce() { exists(string paramName | paramName = ["initialization_vector", "nonce"] | - result = Utils::getUltimateSrcFromApiNode(this.(API::CallNode).getParameter(0, paramName))) + result = + Utils::getUltimateSrcFromApiNode(this.(API::CallNode).getParameter(0, paramName)) + ) } } - DataFlow::Node genericSymmetricEncryptionArtifact(string name){ + DataFlow::Node genericSymmetricEncryptionArtifact(string name) { // getCall since the typical case is to construct the algorithm with initialization values (e.g., keys) // not to pass the mode uninitialized - result = API::moduleImport("cryptography") - .getMember("hazmat") - .getMember("primitives") - .getMember("ciphers") - .getMember("algorithms") - .getMember(name).getACall() - and not name.regexpMatch("_.*") + result = + API::moduleImport("cryptography") + .getMember("hazmat") + .getMember("primitives") + .getMember("ciphers") + .getMember("algorithms") + .getMember(name) + .getACall() and + not name.regexpMatch("_.*") } - class CrytographyGenericSymmetricEncryption extends SymmetricEncryptionAlgorithm{ - CrytographyGenericSymmetricEncryption(){ - this = genericSymmetricEncryptionArtifact(_) - } + class CrytographyGenericSymmetricEncryption extends SymmetricEncryptionAlgorithm { + CrytographyGenericSymmetricEncryption() { this = genericSymmetricEncryptionArtifact(_) } - override string getName(){ + override string getName() { exists(string rawName | this = genericSymmetricEncryptionArtifact(rawName) | result = super.normalizeName(rawName) ) @@ -502,158 +443,157 @@ private import experimental.cryptography.utils.Utils as Utils } // class CryptographcyGenericSymmetricKeyGen extends SymmetricKeyGen{ - // CryptographcyGenericSymmetricKeyGen(){ // this = genericSymmetricEncryptionArtifact(_) // } - // override DataFlow::Node getKeyConfigSrc(){ // result = this.(API::CallNode).getParameter(0, "key").getAValueReachingSink() // } - // override int getKeySizeInBits(DataFlow::Node configSrc){ // // TODO: if/else over all posibilities // } - // override string getAlgorithmName() { // exists(SymmetricEncryptionAlgorithm a, string algName | // this = genericSymmetricEncryptionArtifact(algName) and - // a = genericSymmetricEncryptionArtifact(algName) and + // a = genericSymmetricEncryptionArtifact(algName) and // result = a.normalizeName(algName) // ) // } // } - /** * Gets a symmetric padding operation: * https://cryptography.io/en/latest/hazmat/primitives/padding/#module-cryptography.hazmat.primitives.padding */ - DataFlow::Node genericSymmetricPadding(string name){ + DataFlow::Node genericSymmetricPadding(string name) { // getACall since the typical case is to construct the padding with initialization values, // not to pass the mode uninitialized - result = API::moduleImport("cryptography") - .getMember("hazmat") - .getMember("primitives") - .getMember("ciphers") - .getMember("padding") - .getMember(name).getACall() - and name != "PaddingContext" - and not name.regexpMatch("_.*") + result = + API::moduleImport("cryptography") + .getMember("hazmat") + .getMember("primitives") + .getMember("ciphers") + .getMember("padding") + .getMember(name) + .getACall() and + name != "PaddingContext" and + not name.regexpMatch("_.*") } - class CryptographyGenericSymmetricPadding extends SymmetricPadding{ - CryptographyGenericSymmetricPadding(){ - this = genericSymmetricPadding(_) - } + class CryptographyGenericSymmetricPadding extends SymmetricPadding { + CryptographyGenericSymmetricPadding() { this = genericSymmetricPadding(_) } - override string getName(){ + override string getName() { exists(string rawName | this = genericSymmetricPadding(rawName) | result = super.normalizeName(rawName) ) } - } /** - * https://cryptography.io/en/latest/hazmat/primitives/symmetric-encryption/#cryptography.hazmat.primitives.ciphers.Cipher + * https://cryptography.io/en/latest/hazmat/primitives/symmetric-encryption/#cryptography.hazmat.primitives.ciphers.Cipher */ - class CyrptographyGenericCipher extends SymmetricCipher{ - CyrptographyGenericCipher(){ - this = API::moduleImport("cryptography") - .getMember("hazmat") - .getMember("primitives") - .getMember("ciphers") - .getMember("Cipher").getACall() - } - override SymmetricEncryptionAlgorithm getEncryptionAlgorithm(){ - result = Utils::getUltimateSrcFromApiNode(this.(API::CallNode).getParameter(0, "algorithm")) + class CyrptographyGenericCipher extends SymmetricCipher { + CyrptographyGenericCipher() { + this = + API::moduleImport("cryptography") + .getMember("hazmat") + .getMember("primitives") + .getMember("ciphers") + .getMember("Cipher") + .getACall() } - override BlockMode getBlockMode(){ + override SymmetricEncryptionAlgorithm getEncryptionAlgorithm() { + result = + Utils::getUltimateSrcFromApiNode(this.(API::CallNode).getParameter(0, "algorithm")) + } + + override BlockMode getBlockMode() { result = Utils::getUltimateSrcFromApiNode(this.(API::CallNode).getParameter(1, "mode")) } - } } } - module AsymmetricEncryption{ - module RSA{ + module AsymmetricEncryption { + module RSA { /** - * Returns a member of cryptography asymmetric padding module that is + * Returns a member of cryptography asymmetric padding module that is * a padding algorithm (filteres out non-padding members) */ - DataFlow::CallCfgNode cryptographyAsymmetricPadding(string name){ + DataFlow::CallCfgNode cryptographyAsymmetricPadding(string name) { // getACall since the typical case is to construct the padding with initialization values, // not to pass the mode uninitialized - result = API::moduleImport("cryptography") - .getMember("hazmat") - .getMember("primitives") - .getMember("asymmetric") - .getMember("padding") - .getMember(name).getACall() and - ( - name = "PKCS1v15" or - name = "OAEP" or - name = "PSS" - ) + result = + API::moduleImport("cryptography") + .getMember("hazmat") + .getMember("primitives") + .getMember("asymmetric") + .getMember("padding") + .getMember(name) + .getACall() and + ( + name = "PKCS1v15" or + name = "OAEP" or + name = "PSS" + ) } /** * A cryptography asymmetric padding algorithm. */ - class CryptographyAsymmetricPadding extends AsymmetricPadding{ - CryptographyAsymmetricPadding(){ - this = cryptographyAsymmetricPadding(_) - } + class CryptographyAsymmetricPadding extends AsymmetricPadding { + CryptographyAsymmetricPadding() { this = cryptographyAsymmetricPadding(_) } - override string getName(){ + override string getName() { exists(string rawName | this = cryptographyAsymmetricPadding(rawName) | result = super.normalizeName(rawName) ) } } - API::CallNode getRSAKeyGenCall(){ - result = API::moduleImport("cryptography") - .getMember("hazmat") - .getMember("primitives") - .getMember("asymmetric") - .getMember("rsa") - .getMember("generate_private_key").getACall() + API::CallNode getRSAKeyGenCall() { + result = + API::moduleImport("cryptography") + .getMember("hazmat") + .getMember("primitives") + .getMember("asymmetric") + .getMember("rsa") + .getMember("generate_private_key") + .getACall() } - API::CallNode getRSAKeyLoadCall(){ - result = API::moduleImport("cryptography") - .getMember("hazmat") - .getMember("primitives") - .getMember("serialization") - .getMember("load_pem_private_key").getACall() + API::CallNode getRSAKeyLoadCall() { + result = + API::moduleImport("cryptography") + .getMember("hazmat") + .getMember("primitives") + .getMember("serialization") + .getMember("load_pem_private_key") + .getACall() } - API::Node getRSAPrivateKey(){ + API::Node getRSAPrivateKey() { result = getRSAKeyGenCall().getReturn() or result = getRSAKeyLoadCall().getReturn() } - API::Node getRSAPublicKey(){ + API::Node getRSAPublicKey() { result = getRSAPrivateKey().getMember("public_key").getACall().getReturn() } - DataFlow::Node getRSASignCall(){ - result = getRSAPrivateKey().getMember("sign").getACall() - } + DataFlow::Node getRSASignCall() { result = getRSAPrivateKey().getMember("sign").getACall() } - DataFlow::Node getRSAVerifyCall(){ + DataFlow::Node getRSAVerifyCall() { result = getRSAPublicKey().getMember("verify").getACall() } - DataFlow::Node getRSAEncryptCall(){ + DataFlow::Node getRSAEncryptCall() { result = getRSAPublicKey().getMember("encrypt").getACall() } - DataFlow::Node getRSADecryptCall(){ + DataFlow::Node getRSADecryptCall() { result = getRSAPrivateKey().getMember("decrypt").getACall() } @@ -661,114 +601,102 @@ private import experimental.cryptography.utils.Utils as Utils * Finds the parameter DataFlow::Node representing padding for all RSA operations * that accept a padding parameter. */ - API::Node getRSAPaddingParameter(API::CallNode c){ - (c = getRSASignCall() and result = c.(API::CallNode).getParameter(1, "padding")) + API::Node getRSAPaddingParameter(API::CallNode c) { + c = getRSASignCall() and result = c.(API::CallNode).getParameter(1, "padding") or - (c = getRSAVerifyCall() and result = c.(API::CallNode).getParameter(2, "padding")) + c = getRSAVerifyCall() and result = c.(API::CallNode).getParameter(2, "padding") or - (c = getRSAEncryptCall() and result = c.(API::CallNode).getParameter(1, "padding")) + c = getRSAEncryptCall() and result = c.(API::CallNode).getParameter(1, "padding") or - (c = getRSADecryptCall() and result = c.(API::CallNode).getParameter(1, "padding")) + c = getRSADecryptCall() and result = c.(API::CallNode).getParameter(1, "padding") } - predicate isRSAPaddingCall(API::CallNode c){ - c = getRSASignCall() or + predicate isRSAPaddingCall(API::CallNode c) { + c = getRSASignCall() or c = getRSAVerifyCall() or c = getRSAEncryptCall() or c = getRSADecryptCall() } /** - * All unknown padding algorithms determined by - * tracing RSA operations that accept a padding parameter back to their source. + * All unknown padding algorithms determined by + * tracing RSA operations that accept a padding parameter back to their source. * If the source is not `cryptographyAsymmetricPadding`, then mark it as unknown. */ - class UnknownRSAOperationAsymmetricPadding extends AsymmetricPadding - { - UnknownRSAOperationAsymmetricPadding(){ + class UnknownRSAOperationAsymmetricPadding extends AsymmetricPadding { + UnknownRSAOperationAsymmetricPadding() { // Either the padding parameter is known and it isn't a member of cryptographyAsymmetricPadding - // or the padding parameter does not exist, and the operation itself will be considered the - // source of an unknown padding algorithm. + // or the padding parameter does not exist, and the operation itself will be considered the + // source of an unknown padding algorithm. exists(API::CallNode c, API::Node p | isRSAPaddingCall(c) | - ( - p = getRSAPaddingParameter(c) and - this = Utils::getUltimateSrcFromApiNode(p) and - not (this = cryptographyAsymmetricPadding(_)) - ) + p = getRSAPaddingParameter(c) and + this = Utils::getUltimateSrcFromApiNode(p) and + not this = cryptographyAsymmetricPadding(_) or - ( - not exists(getRSAPaddingParameter(c)) and - this = c - ) + not exists(getRSAPaddingParameter(c)) and + this = c ) } - override string getName(){ - result = unknownAlgorithm() - } + override string getName() { result = unknownAlgorithm() } } /** * The result of a RSA key generation operation */ - class CryptographyRSAKeyGen extends AsymmetricKeyGen, AsymmetricEncryptionAlgorithm{ - CryptographyRSAKeyGen(){ - this = getRSAKeyGenCall() + class CryptographyRSAKeyGen extends AsymmetricKeyGen, AsymmetricEncryptionAlgorithm { + CryptographyRSAKeyGen() { this = getRSAKeyGenCall() } + + override DataFlow::Node getKeyConfigSrc() { + result = + Utils::getUltimateSrcFromApiNode(this.(API::CallNode).getParameter(1, "key_size")) } - override DataFlow::Node getKeyConfigSrc(){ - result = Utils::getUltimateSrcFromApiNode(this.(API::CallNode).getParameter(1, "key_size")) + override int getKeySizeInBits(DataFlow::Node configSrc) { + result = configSrc.asExpr().(IntegerLiteral).getValue() and + configSrc = this.getKeyConfigSrc() } - override int getKeySizeInBits(DataFlow::Node configSrc){ - result = configSrc.asExpr().(IntegerLiteral).getValue() - and configSrc = this.getKeyConfigSrc() - } - - override AsymmetricEncryptionAlgorithm getAlgorithm() { - result = this - } - - override string getName(){ - result = super.normalizeName("RSA") - } + override AsymmetricEncryptionAlgorithm getAlgorithm() { result = this } + override string getName() { result = super.normalizeName("RSA") } } /** - * Identifies an RSA operation or artifact. + * Identifies an RSA operation or artifact. * https://cryptography.io/en/latest/hazmat/primitives/asymmetric/rsa/#module-cryptography.hazmat.primitives.asymmetric.rsa - * Since the use of such an operation or artifact infers the algorithm all + * Since the use of such an operation or artifact infers the algorithm all * operations/artifacts are identified as an RSA algorithm */ class CryptographyRSAAlgorithm extends AsymmetricEncryptionAlgorithm { - CryptographyRSAAlgorithm(){ - this = API::moduleImport("cryptography") - .getMember("hazmat") - .getMember("primitives") - .getMember("asymmetric") - .getMember("rsa") - .getAMember*().asSource() + CryptographyRSAAlgorithm() { + this = + API::moduleImport("cryptography") + .getMember("hazmat") + .getMember("primitives") + .getMember("asymmetric") + .getMember("rsa") + .getAMember*() + .asSource() } - override string getName(){ - result = super.normalizeName("RSA") - } + override string getName() { result = super.normalizeName("RSA") } } } - module EllipticCurve{ - + module EllipticCurve { /** * Gets a call to an elliptic curve key generation operation */ - DataFlow::Node getEllipticCurveKeyGenCall(){ - result = API::moduleImport("cryptography") - .getMember("hazmat") - .getMember("primitives") - .getMember("asymmetric") - .getMember("ec") - .getMember("generate_private_key").getACall() + DataFlow::Node getEllipticCurveKeyGenCall() { + result = + API::moduleImport("cryptography") + .getMember("hazmat") + .getMember("primitives") + .getMember("asymmetric") + .getMember("ec") + .getMember("generate_private_key") + .getACall() } /** @@ -785,80 +713,66 @@ private import experimental.cryptography.utils.Utils as Utils .getMember("primitives") .getMember("asymmetric") .getMember("ec") - .getMember(curveName).getACall() - and - curveName = ["SECP256R1", - "SECP384R1", - "SECP521R1", - "SECP224R1", - "SECP192R1", - "SECP256K1", - "BrainpoolP256R1", - "BrainpoolP384R1", - "BrainpoolP512R1", - "SECT571K1", - "SECT409K1", - "SECT283K1", - "SECT233K1", - "SECT163K1", - "SECT571R1", - "SECT409R1", - "SECT283R1", - "SECT233R1", - "SECT163R2" - ] + .getMember(curveName) + .getACall() and + curveName = + [ + "SECP256R1", "SECP384R1", "SECP521R1", "SECP224R1", "SECP192R1", "SECP256K1", + "BrainpoolP256R1", "BrainpoolP384R1", "BrainpoolP512R1", "SECT571K1", "SECT409K1", + "SECT283K1", "SECT233K1", "SECT163K1", "SECT571R1", "SECT409R1", "SECT283R1", + "SECT233R1", "SECT163R2" + ] } /** * Gets calls to EllipticCurvePublicNumbers * https://cryptography.io/en/latest/hazmat/primitives/asymmetric/ec/#cryptography.hazmat.primitives.asymmetric.ec.EllipticCurvePublicNumbers */ - DataFlow::Node getEllipticCurvePublicNumbersCall(){ - result = API::moduleImport("cryptography") - .getMember("hazmat") - .getMember("primitives") - .getMember("asymmetric") - .getMember("ec") - .getMember("EllipticCurvePublicNumbers").getACall() + DataFlow::Node getEllipticCurvePublicNumbersCall() { + result = + API::moduleImport("cryptography") + .getMember("hazmat") + .getMember("primitives") + .getMember("asymmetric") + .getMember("ec") + .getMember("EllipticCurvePublicNumbers") + .getACall() } /** * Gets calls to derive_private_key * https://cryptography.io/en/latest/hazmat/primitives/asymmetric/ec/#cryptography.hazmat.primitives.asymmetric.ec.derive_private_key */ - DataFlow::Node getEllipticCurveDerivePrivateKeyCall(){ - result = API::moduleImport("cryptography") - .getMember("hazmat") - .getMember("primitives") - .getMember("asymmetric") - .getMember("ec") - .getMember("derive_private_key").getACall() + DataFlow::Node getEllipticCurveDerivePrivateKeyCall() { + result = + API::moduleImport("cryptography") + .getMember("hazmat") + .getMember("primitives") + .getMember("asymmetric") + .getMember("ec") + .getMember("derive_private_key") + .getACall() } - /** * An elliptic curve key generation operation */ class CryptographyEllipticCurveKeyGen extends AsymmetricKeyGen { - CryptographyEllipticCurveKeyGen(){ - this = getEllipticCurveKeyGenCall() - } + CryptographyEllipticCurveKeyGen() { this = getEllipticCurveKeyGenCall() } - override DataFlow::Node getKeyConfigSrc(){ + override DataFlow::Node getKeyConfigSrc() { result = Utils::getUltimateSrcFromApiNode(this.(API::CallNode).getParameter(0, "curve")) } - override EllipticCurveAlgorithm getAlgorithm(){ - result = this.getKeyConfigSrc() - } + override EllipticCurveAlgorithm getAlgorithm() { result = this.getKeyConfigSrc() } - override int getKeySizeInBits(DataFlow::Node configSrc){ + override int getKeySizeInBits(DataFlow::Node configSrc) { // TODO/NOTE: there is a general issue if config sources are defined as calls vs general dataflow nodes // The issue is if defined asSource, a call may be seen as the source, hence, this predicate // and others like it, will not resolve, since there is no satisfying configSrc (there is a mismatch // as observed is a call, and the Curve is actually defined using `asSource`.) // We need to find a generalized solution to be able to have both cases happen and rely upon - // getting algorithms consistently. + // getting algorithms consistently. isEllipticCurveAlgorithm(configSrc.(EllipticCurveAlgorithm).getCurveName(), result) } } @@ -867,276 +781,256 @@ private import experimental.cryptography.utils.Utils as Utils * Any operation that takes in a Curve, trace the curve back to its ultimate source * and if it is not a known curve, the curve is considered unknown an a member of this class. */ - class CryptographyUnknownEllipticCurve extends EllipticCurveAlgorithm{ - CryptographyUnknownEllipticCurve(){ + class CryptographyUnknownEllipticCurve extends EllipticCurveAlgorithm { + CryptographyUnknownEllipticCurve() { ( - Utils::getUltimateSrcFromApiNode(getEllipticCurvePublicNumbersCall().(API::CallNode).getParameter(2, "curve")) = this - or - Utils::getUltimateSrcFromApiNode(getEllipticCurveKeyGenCall().(API::CallNode).getParameter(0, "curve")) = this + Utils::getUltimateSrcFromApiNode(getEllipticCurvePublicNumbersCall() + .(API::CallNode) + .getParameter(2, "curve")) = this or - Utils::getUltimateSrcFromApiNode(getEllipticCurveDerivePrivateKeyCall().(API::CallNode).getParameter(1, "curve")) = this - ) - and + Utils::getUltimateSrcFromApiNode(getEllipticCurveKeyGenCall() + .(API::CallNode) + .getParameter(0, "curve")) = this + or + Utils::getUltimateSrcFromApiNode(getEllipticCurveDerivePrivateKeyCall() + .(API::CallNode) + .getParameter(1, "curve")) = this + ) and not predefinedCurveClass(_) = this } - override string getName(){ - result = unknownAlgorithm() - } + override string getName() { result = unknownAlgorithm() } } - + /** * An elliptic curve as defined in this cryptography.hazmat.primitives.asymmetric.ec module. * Includes all members of the module thata are elliptic curves (filters out non-curve members) */ - class CryptographyEllipticCurveAlgorithm extends EllipticCurveAlgorithm{ - CryptographyEllipticCurveAlgorithm(){ - this = predefinedCurveClass(_) - } + class CryptographyEllipticCurveAlgorithm extends EllipticCurveAlgorithm { + CryptographyEllipticCurveAlgorithm() { this = predefinedCurveClass(_) } - override string getName(){ + override string getName() { exists(string rawName | this = predefinedCurveClass(rawName) | result = super.normalizeName(rawName) ) } - } - } - module DiffieHellman{ - + module DiffieHellman { /** - * Any diffie-hellman module operation or artifact. + * Any diffie-hellman module operation or artifact. * https://cryptography.io/en/latest/hazmat/primitives/asymmetric/dh/#diffie-hellman-key-exchange - * - * Since the algorithm is hidden within all operations, all operations are identified by this class. + * + * Since the algorithm is hidden within all operations, all operations are identified by this class. */ - class CryptographyDiffieHellmanAlgorithm extends KeyExchangeAlgorithm{ - CryptographyDiffieHellmanAlgorithm(){ - this = API::moduleImport("cryptography") - .getMember("hazmat") - .getMember("primitives") - .getMember("asymmetric") - .getMember("dh") - .getAMember*().asSource() + class CryptographyDiffieHellmanAlgorithm extends KeyExchangeAlgorithm { + CryptographyDiffieHellmanAlgorithm() { + this = + API::moduleImport("cryptography") + .getMember("hazmat") + .getMember("primitives") + .getMember("asymmetric") + .getMember("dh") + .getAMember*() + .asSource() } - override string getName(){ - result = super.normalizeName("DiffieHellman") - } + override string getName() { result = super.normalizeName("DiffieHellman") } } - class CrytographyDiffieHellmanKeyGen extends AsymmetricKeyGen, KeyExchangeAlgorithm{ - CrytographyDiffieHellmanKeyGen(){ - this = API::moduleImport("cryptography") - .getMember("hazmat") - .getMember("primitives") - .getMember("asymmetric") - .getMember("dh") - .getMember("generate_parameters") - .getACall() + class CrytographyDiffieHellmanKeyGen extends AsymmetricKeyGen, KeyExchangeAlgorithm { + CrytographyDiffieHellmanKeyGen() { + this = + API::moduleImport("cryptography") + .getMember("hazmat") + .getMember("primitives") + .getMember("asymmetric") + .getMember("dh") + .getMember("generate_parameters") + .getACall() } - override string getName(){ - result = super.normalizeName("DiffieHellman") + override string getName() { result = super.normalizeName("DiffieHellman") } + + override DataFlow::Node getKeyConfigSrc() { + result = + Utils::getUltimateSrcFromApiNode(this.(API::CallNode).getParameter(1, "key_size")) } - override DataFlow::Node getKeyConfigSrc(){ - result = Utils::getUltimateSrcFromApiNode(this.(API::CallNode).getParameter(1, "key_size")) - } - - override int getKeySizeInBits(DataFlow::Node configSrc){ - result = configSrc.asExpr().(IntegerLiteral).getValue() - and configSrc = this.getKeyConfigSrc() - } - - - override KeyExchangeAlgorithm getAlgorithm() { - result = this + override int getKeySizeInBits(DataFlow::Node configSrc) { + result = configSrc.asExpr().(IntegerLiteral).getValue() and + configSrc = this.getKeyConfigSrc() } + + override KeyExchangeAlgorithm getAlgorithm() { result = this } } - class CryptographyX25519 extends KeyExchangeAlgorithm, AsymmetricKeyGen, EllipticCurveAlgorithm { - CryptographyX25519(){ - this = API::moduleImport("cryptography") - .getMember("hazmat") - .getMember("primitives") - .getMember("asymmetric") - .getMember("x25519") - .getAMember*().asSource() + class CryptographyX25519 extends KeyExchangeAlgorithm, AsymmetricKeyGen, + EllipticCurveAlgorithm + { + CryptographyX25519() { + this = + API::moduleImport("cryptography") + .getMember("hazmat") + .getMember("primitives") + .getMember("asymmetric") + .getMember("x25519") + .getAMember*() + .asSource() } - override string getName(){ + override string getName() { result = super.normalizeName("DiffieHellman") or result = super.normalizeName("Curve25519") } - override DataFlow::Node getKeyConfigSrc(){ - result = this - } - - override int getKeySizeInBits(DataFlow::Node configSrc){ - isEllipticCurveAlgorithm(this.getCurveName(), result) - and configSrc = this - } - - override CryptographicAlgorithm getAlgorithm() { - result = this + override DataFlow::Node getKeyConfigSrc() { result = this } + + override int getKeySizeInBits(DataFlow::Node configSrc) { + isEllipticCurveAlgorithm(this.getCurveName(), result) and + configSrc = this } + + override CryptographicAlgorithm getAlgorithm() { result = this } } /** * Identifies the key exchange algorithm from x448 API: * https://cryptography.io/en/latest/hazmat/primitives/asymmetric/x448/#x448 - * + * * Modeling as both an operation and algorithm because the algorithm is hidden - * within all operations. All operations are therefore modeled by this class. + * within all operations. All operations are therefore modeled by this class. */ class CryptographyX448 extends KeyExchangeAlgorithm, AsymmetricKeyGen, EllipticCurveAlgorithm { - CryptographyX448(){ - this = API::moduleImport("cryptography") - .getMember("hazmat") - .getMember("primitives") - .getMember("asymmetric") - .getMember("x448") - .getAMember*().asSource() + CryptographyX448() { + this = + API::moduleImport("cryptography") + .getMember("hazmat") + .getMember("primitives") + .getMember("asymmetric") + .getMember("x448") + .getAMember*() + .asSource() } - override string getName(){ + override string getName() { result = super.normalizeName("DiffieHellman") or result = super.normalizeName("Curve448") } - override DataFlow::Node getKeyConfigSrc(){ - result = this - } - - override int getKeySizeInBits(DataFlow::Node configSrc){ - isEllipticCurveAlgorithm(this.getCurveName(), result) - and configSrc = this - } - - override CryptographicAlgorithm getAlgorithm() { - result = this + override DataFlow::Node getKeyConfigSrc() { result = this } + + override int getKeySizeInBits(DataFlow::Node configSrc) { + isEllipticCurveAlgorithm(this.getCurveName(), result) and + configSrc = this } + + override CryptographicAlgorithm getAlgorithm() { result = this } } } - module Signing{ - class CryptographyDSAKeyGen extends AsymmetricKeyGen, SigningAlgorithm{ - CryptographyDSAKeyGen(){ + module Signing { + class CryptographyDSAKeyGen extends AsymmetricKeyGen, SigningAlgorithm { + CryptographyDSAKeyGen() { exists(string op | op = ["generate_private_key", "generate_parameters"] | - this = API::moduleImport("cryptography") - .getMember("hazmat") - .getMember("primitives") - .getMember("asymmetric") - .getMember("dsa") - .getMember(op) - .getACall() + this = + API::moduleImport("cryptography") + .getMember("hazmat") + .getMember("primitives") + .getMember("asymmetric") + .getMember("dsa") + .getMember(op) + .getACall() ) } - override DataFlow::Node getKeyConfigSrc(){ - result = Utils::getUltimateSrcFromApiNode(this.(API::CallNode).getParameter(0, "key_size")) + + override DataFlow::Node getKeyConfigSrc() { + result = + Utils::getUltimateSrcFromApiNode(this.(API::CallNode).getParameter(0, "key_size")) } - override int getKeySizeInBits(DataFlow::Node configSrc){ - result = configSrc.asExpr().(IntegerLiteral).getValue() - and configSrc = this.getKeyConfigSrc() - } - - - override SigningAlgorithm getAlgorithm() { - result = this + override int getKeySizeInBits(DataFlow::Node configSrc) { + result = configSrc.asExpr().(IntegerLiteral).getValue() and + configSrc = this.getKeyConfigSrc() } - override string getName(){ - result = super.normalizeName("DSA") - } + override SigningAlgorithm getAlgorithm() { result = this } + + override string getName() { result = super.normalizeName("DSA") } } - /** - * Identifies the signing algorithm from the ed25519 signing API: + * Identifies the signing algorithm from the ed25519 signing API: * https://cryptography.io/en/latest/hazmat/primitives/asymmetric/ed25519/#ed25519-signing - * + * * Modeling as both an operation and algorithm because the algorithm is hidden - * within all operations. All operations are therefore modeled by this class. + * within all operations. All operations are therefore modeled by this class. */ class CryptographyED25519 extends SigningAlgorithm, AsymmetricKeyGen, EllipticCurveAlgorithm { - CryptographyED25519(){ - this = API::moduleImport("cryptography") - .getMember("hazmat") - .getMember("primitives") - .getMember("asymmetric") - .getMember("ed25519") - .getAMember*().asSource() + CryptographyED25519() { + this = + API::moduleImport("cryptography") + .getMember("hazmat") + .getMember("primitives") + .getMember("asymmetric") + .getMember("ed25519") + .getAMember*() + .asSource() } - override string getName(){ + override string getName() { result = super.normalizeName("EDDSA") or result = super.normalizeName("Curve25519") } - - override DataFlow::Node getKeyConfigSrc(){ - result = this - } - - override int getKeySizeInBits(DataFlow::Node configSrc){ - isEllipticCurveAlgorithm(this.getCurveName(), result) - and configSrc = this - } - - override CryptographicAlgorithm getAlgorithm() { - result = this + override DataFlow::Node getKeyConfigSrc() { result = this } + + override int getKeySizeInBits(DataFlow::Node configSrc) { + isEllipticCurveAlgorithm(this.getCurveName(), result) and + configSrc = this } + override CryptographicAlgorithm getAlgorithm() { result = this } } /** * Identifies the signing algorithm from the ed448 signing API: * https://cryptography.io/en/latest/hazmat/primitives/asymmetric/ed448/#ed448-signing - * + * * Modeling as both an operation and algorithm because the algorithm is hidden - * within all operations. All operations are therefore modeled by this class. + * within all operations. All operations are therefore modeled by this class. */ class CryptographyED448 extends SigningAlgorithm, AsymmetricKeyGen, EllipticCurveAlgorithm { - CryptographyED448(){ - this = API::moduleImport("cryptography") - .getMember("hazmat") - .getMember("primitives") - .getMember("asymmetric") - .getMember("ed448") - .getAMember*().asSource() + CryptographyED448() { + this = + API::moduleImport("cryptography") + .getMember("hazmat") + .getMember("primitives") + .getMember("asymmetric") + .getMember("ed448") + .getAMember*() + .asSource() } - override string getName(){ + override string getName() { result = super.normalizeName("EDDSA") or result = super.normalizeName("Curve448") } - - override DataFlow::Node getKeyConfigSrc(){ - result = this - } - - override int getKeySizeInBits(DataFlow::Node configSrc){ - isEllipticCurveAlgorithm(this.getCurveName(), result) - and configSrc = this - } - - override CryptographicAlgorithm getAlgorithm() { - result = this + + override DataFlow::Node getKeyConfigSrc() { result = this } + + override int getKeySizeInBits(DataFlow::Node configSrc) { + isEllipticCurveAlgorithm(this.getCurveName(), result) and + configSrc = this } + + override CryptographicAlgorithm getAlgorithm() { result = this } } } } } - - - - diff --git a/python/ql/lib/experimental/cryptography/modules/stdlib/HashlibModule.qll b/python/ql/lib/experimental/cryptography/modules/stdlib/HashlibModule.qll index 3ac8e3266db..7ceb58c109d 100644 --- a/python/ql/lib/experimental/cryptography/modules/stdlib/HashlibModule.qll +++ b/python/ql/lib/experimental/cryptography/modules/stdlib/HashlibModule.qll @@ -2,7 +2,7 @@ import python import semmle.python.ApiGraphs import experimental.cryptography.CryptoArtifact private import experimental.cryptography.utils.Utils as Utils -private import experimental.cryptography.CryptoAlgorithmNames +private import experimental.cryptography.CryptoAlgorithmNames /** * `hashlib` is a ptyhon standard library module for hashing algorithms. @@ -12,142 +12,140 @@ private import experimental.cryptography.CryptoAlgorithmNames // ----------------------------------------------- // Hash Artifacts // ----------------------------------------------- - module Hashes{ - - +module Hashes { /** * Represents a hash algorithm used by `hashlib.new`, where the hash algorithm is a string in the first argument. */ - class HashlibNewHashAlgorithm extends HashAlgorithm - { - HashlibNewHashAlgorithm(){ - this = Utils::getUltimateSrcFromApiNode(API::moduleImport("hashlib").getMember("new").getACall().getParameter(0, "name")) + class HashlibNewHashAlgorithm extends HashAlgorithm { + HashlibNewHashAlgorithm() { + this = + Utils::getUltimateSrcFromApiNode(API::moduleImport("hashlib") + .getMember("new") + .getACall() + .getParameter(0, "name")) } - - override string getName(){ + + override string getName() { result = super.normalizeName(this.asExpr().(StrConst).getText()) or // if not a known/static string, assume from an outside source and the algorithm is UNKNOWN - (not this.asExpr() instanceof StrConst and result = unknownAlgorithm()) + not this.asExpr() instanceof StrConst and result = unknownAlgorithm() } } /** * Identifies hashlib.pbdkf2_hmac calls, identifying the hash algorithm used * in the hmac (matching kdf is handled separately by `HashlibPbkdf2HMACArtifact`). - * + * * https://docs.python.org/3/library/hashlib.html#hashlib.pbkdf2_hmac */ - class HashlibPbkdf2HMACHashAlgorithm extends HashAlgorithm - { - HashlibPbkdf2HMACHashAlgorithm(){ - this = Utils::getUltimateSrcFromApiNode(API::moduleImport("hashlib").getMember("pbkdf2_hmac").getACall().getParameter(0, "hash_name")) + class HashlibPbkdf2HMACHashAlgorithm extends HashAlgorithm { + HashlibPbkdf2HMACHashAlgorithm() { + this = + Utils::getUltimateSrcFromApiNode(API::moduleImport("hashlib") + .getMember("pbkdf2_hmac") + .getACall() + .getParameter(0, "hash_name")) } - override string getName(){ + override string getName() { result = super.normalizeName(this.asExpr().(StrConst).getText()) or // if not a known/static string, assume from an outside source and the algorithm is UNKNOWN - (not this.asExpr() instanceof StrConst and result = unknownAlgorithm()) + not this.asExpr() instanceof StrConst and result = unknownAlgorithm() } - } /** * Gets a call to `hashlib.file_digest` where the hash algorithm is the first argument in `digest` * `nameSrc` is the source of the first argument. - * + * * https://docs.python.org/3/library/hashlib.html#hashlib.file_digest - * + * * NOTE: the digest argument can be, in addition to a string, * a callable that returns a hash object or a hash constructor. - * These cases are not considered here since they would be detected separately. - * Specifically, other non-string cases are themselves considered sources for alerts, e.g., + * These cases are not considered here since they would be detected separately. + * Specifically, other non-string cases are themselves considered sources for alerts, e.g., * references to hashlib.sha512 is found by `HashlibMemberAlgorithm`. * The only exception is if the source is not a string constant or HashlibMemberAlgorithm. * In these cases, the algorithm is considered 'UNKNOWN'. - * - */ - class HashlibFileDigestAlgorithm extends HashAlgorithm - { - HashlibFileDigestAlgorithm(){ - this = Utils::getUltimateSrcFromApiNode(API::moduleImport("hashlib").getMember("file_digest").getACall().getParameter(1, "digest")) - and + class HashlibFileDigestAlgorithm extends HashAlgorithm { + HashlibFileDigestAlgorithm() { + this = + Utils::getUltimateSrcFromApiNode(API::moduleImport("hashlib") + .getMember("file_digest") + .getACall() + .getParameter(1, "digest")) and // Ignore sources that are hash constructors, allow `HashlibMemberAlgorithm` to detect these - this != hashlibMemberHashAlgorithm(_) + this != hashlibMemberHashAlgorithm(_) and // Ignore sources that are HMAC objects, to be handled by HmacModule - and - this != API::moduleImport("hmac").getMember("new").getACall() - and + this != API::moduleImport("hmac").getMember("new").getACall() and this != API::moduleImport("hmac").getMember("HMAC").getACall() - } - override string getName(){ + override string getName() { // Name is a string constant or consider the name unknown // NOTE: we are excluding hmac.new and hmac.HMAC constructor calls so we are expecting - // a string or an outside configuration only + // a string or an outside configuration only result = super.normalizeName(this.asExpr().(StrConst).getText()) or - ( - not this.asExpr() instanceof StrConst - and - result = unknownAlgorithm() - ) + not this.asExpr() instanceof StrConst and + result = unknownAlgorithm() } } /** - * Gets a member access of hashlib that is an algorithm invocation. - * `hashName` is the name of the hash algorithm. - * - * Note: oringally a variant of this predicate was in codeql/github/main - * to a predicate to avoid a bad join order. - */ - pragma[nomagic] // Copying use of nomagic from similar predicate in codeql/main - DataFlow::Node hashlibMemberHashAlgorithm(string hashName) { + * Gets a member access of hashlib that is an algorithm invocation. + * `hashName` is the name of the hash algorithm. + * + * Note: oringally a variant of this predicate was in codeql/github/main + * to a predicate to avoid a bad join order. + */ + // Copying use of nomagic from similar predicate in codeql/main + pragma[nomagic] + DataFlow::Node hashlibMemberHashAlgorithm(string hashName) { result = API::moduleImport("hashlib").getMember(hashName).asSource() and // Don't matches known non-hash members - not hashName in ["new", "pbkdf2_hmac", "algorithms_available", - "algorithms_guaranteed", "file_digest"] + not hashName in [ + "new", "pbkdf2_hmac", "algorithms_available", "algorithms_guaranteed", "file_digest" + ] and // Don't match things like __file__ - and not hashName.regexpMatch("_.*") + not hashName.regexpMatch("_.*") } /** * Identifies hashing algorithm members (i.e., functions) of the `hashlib` module, * e.g., `hashlib.sha512`. - */ - class HashlibMemberAlgorithm extends HashAlgorithm - { - HashlibMemberAlgorithm(){ - this = hashlibMemberHashAlgorithm(_) - } + */ + class HashlibMemberAlgorithm extends HashAlgorithm { + HashlibMemberAlgorithm() { this = hashlibMemberHashAlgorithm(_) } - override string getName(){ - exists(string rawName | + override string getName() { + exists(string rawName | result = super.normalizeName(rawName) and this = hashlibMemberHashAlgorithm(rawName) - ) + ) } } } + // ----------------------------------------------- // Key Derivation Functions // ----------------------------------------------- - module KDF{ - +module KDF { // NOTE: Only finds the params of `pbkdf2_hmac` that are non-optional // dk_len is optional, i.e., can be None, and if addressed in this predicate - // would result in an unsatisfiable predicate. - predicate hashlibPBDKF2HMACKDFRequiredParams(HashlibPbkdf2HMACOperation kdf, - API::Node hashParam, API::Node saltParam, API::Node iterationParam){ + // would result in an unsatisfiable predicate. + predicate hashlibPBDKF2HMACKDFRequiredParams( + HashlibPbkdf2HMACOperation kdf, API::Node hashParam, API::Node saltParam, + API::Node iterationParam + ) { kdf.getParameter(0, "hash_name") = hashParam and kdf.getParameter(2, "salt") = saltParam and - kdf.getParameter(3, "iterations") = iterationParam + kdf.getParameter(3, "iterations") = iterationParam } - predicate hashlibPBDKF2HMACKDFOptionalParams(HashlibPbkdf2HMACOperation kdf, API::Node keylenParam){ + predicate hashlibPBDKF2HMACKDFOptionalParams(HashlibPbkdf2HMACOperation kdf, API::Node keylenParam) { kdf.getParameter(4, "dklen") = keylenParam } @@ -155,36 +153,33 @@ private import experimental.cryptography.CryptoAlgorithmNames * Identifies kery derivation function hashlib.pbdkf2_hmac accesses. * https://docs.python.org/3/library/hashlib.html#hashlib.pbkdf2_hmac */ - class HashlibPbkdf2HMACOperation extends KeyDerivationAlgorithm, KeyDerivationOperation - { - HashlibPbkdf2HMACOperation(){ + class HashlibPbkdf2HMACOperation extends KeyDerivationAlgorithm, KeyDerivationOperation { + HashlibPbkdf2HMACOperation() { this = API::moduleImport("hashlib").getMember("pbkdf2_hmac").getACall() } - override string getName(){ - result = super.normalizeName("pbkdf2_hmac") - } + override string getName() { result = super.normalizeName("pbkdf2_hmac") } - override DataFlow::Node getIterationSizeSrc(){ - exists(API::Node it | hashlibPBDKF2HMACKDFRequiredParams(this, _, _, it) | + override DataFlow::Node getIterationSizeSrc() { + exists(API::Node it | hashlibPBDKF2HMACKDFRequiredParams(this, _, _, it) | result = Utils::getUltimateSrcFromApiNode(it) ) } - override DataFlow::Node getSaltConfigSrc(){ - exists(API::Node s | hashlibPBDKF2HMACKDFRequiredParams(this, _, s, _) | + override DataFlow::Node getSaltConfigSrc() { + exists(API::Node s | hashlibPBDKF2HMACKDFRequiredParams(this, _, s, _) | result = Utils::getUltimateSrcFromApiNode(s) ) } - - override DataFlow::Node getHashConfigSrc(){ - exists(API::Node h | hashlibPBDKF2HMACKDFRequiredParams(this,h,_,_) | + + override DataFlow::Node getHashConfigSrc() { + exists(API::Node h | hashlibPBDKF2HMACKDFRequiredParams(this, h, _, _) | result = Utils::getUltimateSrcFromApiNode(h) ) } - - override DataFlow::Node getDerivedKeySizeSrc(){ - exists(API::Node dk | hashlibPBDKF2HMACKDFOptionalParams(this,dk) | + + override DataFlow::Node getDerivedKeySizeSrc() { + exists(API::Node dk | hashlibPBDKF2HMACKDFOptionalParams(this, dk) | result = Utils::getUltimateSrcFromApiNode(dk) ) } @@ -193,66 +188,50 @@ private import experimental.cryptography.CryptoAlgorithmNames // The issue is the src is what we model not the size // For now, we are not modeling this and are relying on the fact that the accepted hashes are of accepted length. // I.e., any query looking at length will ignore cases where it is unknown + override KeyDerivationAlgorithm getAlgorithm() { result = this } - override KeyDerivationAlgorithm getAlgorithm(){ - result = this - } + override predicate requiresHash() { any() } - override predicate requiresHash(){ any() } + override predicate requiresMode() { none() } - override predicate requiresMode(){none()} + override predicate requiresSalt() { any() } - override predicate requiresSalt(){any()} - - override predicate requiresIteration(){any()} + override predicate requiresIteration() { any() } } - // TODO: better modeling of scrypt - /** * Identifies key derivation fucntion hashlib.scrypt accesses. */ - class HashlibScryptAlgorithm extends KeyDerivationAlgorithm, KeyDerivationOperation - { - HashlibScryptAlgorithm(){ - this = API::moduleImport("hashlib").getMember("scrypt").getACall() - } + class HashlibScryptAlgorithm extends KeyDerivationAlgorithm, KeyDerivationOperation { + HashlibScryptAlgorithm() { this = API::moduleImport("hashlib").getMember("scrypt").getACall() } - override string getName(){ - result = super.normalizeName("scrypt") - } + override string getName() { result = super.normalizeName("scrypt") } - override DataFlow::Node getIterationSizeSrc(){ - none() - } + override DataFlow::Node getIterationSizeSrc() { none() } - override DataFlow::Node getSaltConfigSrc(){ + override DataFlow::Node getSaltConfigSrc() { // TODO: need to address getting salt from params, unsure how this works in CodeQL // since the signature is defined as hashlib.scrypt(password, *, salt, n, r, p, maxmem=0, dklen=64) // What position is 'salt' then such that we can reliably extract it? none() } - - override DataFlow::Node getHashConfigSrc(){ - none() - } - - override DataFlow::Node getDerivedKeySizeSrc(){ + + override DataFlow::Node getHashConfigSrc() { none() } + + override DataFlow::Node getDerivedKeySizeSrc() { //TODO: see comment for getSaltConfigSrc above none() } - override KeyDerivationAlgorithm getAlgorithm(){ - result = this - } + override KeyDerivationAlgorithm getAlgorithm() { result = this } - override predicate requiresHash(){ none() } + override predicate requiresHash() { none() } - override predicate requiresMode(){none()} + override predicate requiresMode() { none() } - override predicate requiresSalt(){any()} + override predicate requiresSalt() { any() } - override predicate requiresIteration(){none()} + override predicate requiresIteration() { none() } } } diff --git a/python/ql/lib/experimental/cryptography/modules/stdlib/HmacModule.qll b/python/ql/lib/experimental/cryptography/modules/stdlib/HmacModule.qll index c35daaa0818..25634543a0b 100644 --- a/python/ql/lib/experimental/cryptography/modules/stdlib/HmacModule.qll +++ b/python/ql/lib/experimental/cryptography/modules/stdlib/HmacModule.qll @@ -9,23 +9,19 @@ private import experimental.cryptography.modules.stdlib.HashlibModule as Hashlib * `hmac` is a ptyhon standard library module for key-based hashing algorithms. * https://docs.python.org/3/library/hmac.html */ - // ----------------------------------------------- // Hash Artifacts // ----------------------------------------------- -module Hashes{ - - class GenericHmacHashCall extends API::CallNode - { - GenericHmacHashCall(){ - this = API::moduleImport("hmac").getMember("new").getACall() - or this = API::moduleImport("hmac").getMember("HMAC").getACall() - or this = API::moduleImport("hmac").getMember("digest").getACall() +module Hashes { + class GenericHmacHashCall extends API::CallNode { + GenericHmacHashCall() { + this = API::moduleImport("hmac").getMember("new").getACall() or + this = API::moduleImport("hmac").getMember("HMAC").getACall() or + this = API::moduleImport("hmac").getMember("digest").getACall() } } - - DataFlow::Node getDigestModParamSrc(GenericHmacHashCall call){ + DataFlow::Node getDigestModParamSrc(GenericHmacHashCall call) { result = Utils::getUltimateSrcFromApiNode(call.(API::CallNode).getParameter(2, "digestmod")) } @@ -34,46 +30,41 @@ module Hashes{ * hmac.HMAC https://docs.python.org/3/library/hmac.html#hmac.HMAC * hmac.new https://docs.python.org/3/library/hmac.html#hmac.new * hmac.digest https://docs.python.org/3/library/hmac.html#hmac.digest - * These operations commonly set the algorithm as a string in the third argument (`digestmod`) + * These operations commonly set the algorithm as a string in the third argument (`digestmod`) * of the operation itself. - * + * * NOTE: `digestmod` is the digest name, digest constructor or module for the HMAC object to use, however * this class only identifies string names. The other forms are found by CryptopgraphicArtifacts, - * modeled in `HmacHMACConsArtifact` and `Hashlib.qll`, specifically through hashlib.new and + * modeled in `HmacHMACConsArtifact` and `Hashlib.qll`, specifically through hashlib.new and * direct member accesses (e.g., hashlib.md5). - * + * * Where no `digestmod` exists, the algorithm is assumed to be `md5` per the docs found here: * https://docs.python.org/3/library/hmac.html#hmac.new - * + * * Where `digestmod` exists but is not a string and not a hashlib algorithm, it is assumed * to be `UNKNOWN`. Note this includes cases wheere the digest is provided as a `A module supporting PEP 247.` - * Such modules are currently not modeled. + * Such modules are currently not modeled. */ class HmacGenericAlgorithm extends HashAlgorithm { - - HmacGenericAlgorithm(){ - exists(GenericHmacHashCall c | - if not exists(getDigestModParamSrc(c)) - then this = c - else this = getDigestModParamSrc(c) - ) - and + HmacGenericAlgorithm() { + exists(GenericHmacHashCall c | + if not exists(getDigestModParamSrc(c)) then this = c else this = getDigestModParamSrc(c) + ) and // Ignore case where the algorithm is a hashlib algorithm, rely on `HashlibMemberAlgorithm` to catch these cases not this instanceof HashlibModule::Hashes::HashlibMemberAlgorithm // NOTE: the docs say the digest can be `A module supporting PEP 247.`, however, this is not modeled, and will be considered UNKNOWN } - override string getName(){ + override string getName() { // when the this is a generic hmac call // it means the algorithm parameter was not identified, assume the default case of 'md5' (per the docs) - if this instanceof GenericHmacHashCall + if this instanceof GenericHmacHashCall then result = super.normalizeName("MD5") - else - ( + else ( // Else get the string name, if its a string constant, or UNKNOWN if otherwise result = super.normalizeName(this.asExpr().(StrConst).getText()) or - (not this.asExpr() instanceof StrConst and result = unknownAlgorithm()) + not this.asExpr() instanceof StrConst and result = unknownAlgorithm() ) } } diff --git a/python/ql/lib/experimental/cryptography/utils/CallCfgNodeWithTarget.qll b/python/ql/lib/experimental/cryptography/utils/CallCfgNodeWithTarget.qll index 8c9c2e8d878..4d5ecd8f6bd 100644 --- a/python/ql/lib/experimental/cryptography/utils/CallCfgNodeWithTarget.qll +++ b/python/ql/lib/experimental/cryptography/utils/CallCfgNodeWithTarget.qll @@ -1,5 +1,5 @@ /** - * Patches all DataFlow::CallCfgNode adding a getTarget predicate to a new + * Patches all DataFlow::CallCfgNode adding a getTarget predicate to a new * subclass of CallCfgNode */ @@ -7,9 +7,6 @@ import python private import semmle.python.dataflow.new.internal.TypeTrackerSpecific private import semmle.python.ApiGraphs -class CallCfgNodeWithTarget extends DataFlow::Node instanceof DataFlow::CallCfgNode{ - - DataFlow::Node getTarget(){ - returnStep(result, this) - } -} \ No newline at end of file +class CallCfgNodeWithTarget extends DataFlow::Node instanceof DataFlow::CallCfgNode { + DataFlow::Node getTarget() { returnStep(result, this) } +} diff --git a/python/ql/lib/experimental/cryptography/utils/Utils.qll b/python/ql/lib/experimental/cryptography/utils/Utils.qll index 1837d1c0fec..b53134ec7a0 100644 --- a/python/ql/lib/experimental/cryptography/utils/Utils.qll +++ b/python/ql/lib/experimental/cryptography/utils/Utils.qll @@ -1,28 +1,21 @@ import python private import semmle.python.ApiGraphs private import experimental.cryptography.utils.CallCfgNodeWithTarget + /** * Gets an ultimate local source (not a source in a library) */ -DataFlow::Node getUltimateSrcFromApiNode(API::Node n){ - result = n.getAValueReachingSink() - and - ( +DataFlow::Node getUltimateSrcFromApiNode(API::Node n) { + result = n.getAValueReachingSink() and + ( // the result is a call to a library only - ( - result instanceof CallCfgNodeWithTarget and - not result.(CallCfgNodeWithTarget).getTarget().asExpr().getEnclosingModule().inSource() - ) - // the result is not a call, and not a function signataure or parameter + result instanceof CallCfgNodeWithTarget and + not result.(CallCfgNodeWithTarget).getTarget().asExpr().getEnclosingModule().inSource() or - ( - not result instanceof CallCfgNodeWithTarget - and - not result instanceof DataFlow::ParameterNode - and - not result.asExpr() instanceof FunctionExpr - and - result.asExpr().getEnclosingModule().inSource() - ) - ) -} \ No newline at end of file + // the result is not a call, and not a function signataure or parameter + not result instanceof CallCfgNodeWithTarget and + not result instanceof DataFlow::ParameterNode and + not result.asExpr() instanceof FunctionExpr and + result.asExpr().getEnclosingModule().inSource() + ) +} diff --git a/python/ql/src/experimental/cryptography/example_alerts/UnknownAsymmetricKeyGen.ql b/python/ql/src/experimental/cryptography/example_alerts/UnknownAsymmetricKeyGen.ql index 769f80444f1..511b1f0c176 100644 --- a/python/ql/src/experimental/cryptography/example_alerts/UnknownAsymmetricKeyGen.ql +++ b/python/ql/src/experimental/cryptography/example_alerts/UnknownAsymmetricKeyGen.ql @@ -1,19 +1,21 @@ /** * @name Unknown key generation key size - * @description + * @description * @id py/unknown-asymmetric-key-gen-size * @kind problem * @problem.severity error * @precision high * @tags external/cwe/cwe-326 */ + import python import experimental.cryptography.Concepts from AsymmetricKeyGen op, DataFlow::Node configSrc, string algName -where -not op.hasKeySize(configSrc) and -configSrc = op.getKeyConfigSrc() and -algName = op.getAlgorithm().getName() -select op, "Non-statically verifiable key size used for key generation for algorithm " + algName.toString() + " at config source $@", - configSrc, configSrc.toString() \ No newline at end of file +where + not op.hasKeySize(configSrc) and + configSrc = op.getKeyConfigSrc() and + algName = op.getAlgorithm().getName() +select op, + "Non-statically verifiable key size used for key generation for algorithm " + algName.toString() + + " at config source $@", configSrc, configSrc.toString() diff --git a/python/ql/src/experimental/cryptography/example_alerts/WeakAsymmetricKeyGen.ql b/python/ql/src/experimental/cryptography/example_alerts/WeakAsymmetricKeyGen.ql index 3bee13153e0..7cc85731217 100644 --- a/python/ql/src/experimental/cryptography/example_alerts/WeakAsymmetricKeyGen.ql +++ b/python/ql/src/experimental/cryptography/example_alerts/WeakAsymmetricKeyGen.ql @@ -1,6 +1,6 @@ /** * @name Weak key generation key size (< 2048 bits) - * @description + * @description * @id py/weak-asymmetric-key-gen-size * @kind problem * @problem.severity error @@ -12,11 +12,12 @@ import python import experimental.cryptography.Concepts from AsymmetricKeyGen op, DataFlow::Node configSrc, int keySize, string algName -where -keySize = op.getKeySizeInBits(configSrc) -and keySize < 2048 -and algName = op.getAlgorithm().getName() -// Can't be an elliptic curve -and not isEllipticCurveAlgorithm(algName, _) -select op, "Use of weak asymmetric key size (int bits)" + keySize.toString() + " for algorithm " + algName.toString() +" at config source $@", - configSrc, configSrc.toString() +where + keySize = op.getKeySizeInBits(configSrc) and + keySize < 2048 and + algName = op.getAlgorithm().getName() and + // Can't be an elliptic curve + not isEllipticCurveAlgorithm(algName, _) +select op, + "Use of weak asymmetric key size (int bits)" + keySize.toString() + " for algorithm " + + algName.toString() + " at config source $@", configSrc, configSrc.toString() diff --git a/python/ql/src/experimental/cryptography/example_alerts/WeakAsymmetricPadding.ql b/python/ql/src/experimental/cryptography/example_alerts/WeakAsymmetricPadding.ql index 874c17c7e5c..846882d5148 100644 --- a/python/ql/src/experimental/cryptography/example_alerts/WeakAsymmetricPadding.ql +++ b/python/ql/src/experimental/cryptography/example_alerts/WeakAsymmetricPadding.ql @@ -1,16 +1,17 @@ /** * @name Weak or unknown asymmetric padding - * @description + * @description * @id py/weak-asymmetric-padding * @kind problem * @problem.severity error * @precision high */ + import python import experimental.cryptography.Concepts from AsymmetricPadding pad, string name -where -name = pad.getPaddingName() and -not name = ["OAEP", "KEM", "PSS"] +where + name = pad.getPaddingName() and + not name = ["OAEP", "KEM", "PSS"] select pad, "Use of unapproved, weak, or unknown asymmetric padding algorithm or API: " + name diff --git a/python/ql/src/experimental/cryptography/example_alerts/WeakBlockMode.ql b/python/ql/src/experimental/cryptography/example_alerts/WeakBlockMode.ql index a6a546a2e6b..f0f7253589c 100644 --- a/python/ql/src/experimental/cryptography/example_alerts/WeakBlockMode.ql +++ b/python/ql/src/experimental/cryptography/example_alerts/WeakBlockMode.ql @@ -8,41 +8,41 @@ * @tags external/cwe/cwe-327 */ - import python - import experimental.cryptography.Concepts +import python +import experimental.cryptography.Concepts - - from CryptographicArtifact op, string msg - where -// False positive hack, some projects are directly including all of cryptography, -// filter any match that is in cryptography/hazmat -// Specifically happening for ECB being used in keywrap operations internally to the cryptography keywrap/unwrap API -not op.asExpr().getLocation().getFile().getAbsolutePath().toString().matches("%cryptography/hazmat/%") and -( +from CryptographicArtifact op, string msg +where + // False positive hack, some projects are directly including all of cryptography, + // filter any match that is in cryptography/hazmat + // Specifically happening for ECB being used in keywrap operations internally to the cryptography keywrap/unwrap API + not op.asExpr() + .getLocation() + .getFile() + .getAbsolutePath() + .toString() + .matches("%cryptography/hazmat/%") and ( op instanceof BlockMode and // ECB is only allowed for KeyWrapOperations, i.e., only alert on ECB is not a KeyWrapOperation - (op.(BlockMode).getBlockModeName() = "ECB" implies not op instanceof KeyWrapOperation) - and - exists(string name | name = op.(BlockMode).getBlockModeName() | - // Only CBC, CTS, XTS modes are allowed. - // https://liquid.microsoft.com/Web/Object/Read/MS.Security/Requirements/Microsoft.Security.Cryptography.10002 - not name = ["CBC","CTS","XTS"] and - if name = unknownAlgorithm() - then msg = "Use of unrecognized block mode algorithm." - else if name in ["GCM", "CCM"] - then msg = "Use of block mode algorithm " + name + " requires special crypto board approval/review." + (op.(BlockMode).getBlockModeName() = "ECB" implies not op instanceof KeyWrapOperation) and + exists(string name | name = op.(BlockMode).getBlockModeName() | + // Only CBC, CTS, XTS modes are allowed. + // https://liquid.microsoft.com/Web/Object/Read/MS.Security/Requirements/Microsoft.Security.Cryptography.10002 + not name = ["CBC", "CTS", "XTS"] and + if name = unknownAlgorithm() + then msg = "Use of unrecognized block mode algorithm." + else + if name in ["GCM", "CCM"] + then + msg = + "Use of block mode algorithm " + name + + " requires special crypto board approval/review." else msg = "Use of unapproved block mode algorithm or API " + name + "." - ) - ) - or - ( - op instanceof SymmetricCipher and + ) + or + op instanceof SymmetricCipher and not op.(SymmetricCipher).hasBlockMode() and msg = "Cipher has unspecified block mode algorithm." ) -) select op, msg - - - \ No newline at end of file diff --git a/python/ql/src/experimental/cryptography/example_alerts/WeakBlockModeIVorNonce.ql b/python/ql/src/experimental/cryptography/example_alerts/WeakBlockModeIVorNonce.ql index 2356169bde7..d11638a1d1d 100644 --- a/python/ql/src/experimental/cryptography/example_alerts/WeakBlockModeIVorNonce.ql +++ b/python/ql/src/experimental/cryptography/example_alerts/WeakBlockModeIVorNonce.ql @@ -2,34 +2,36 @@ * @name Weak block mode IV or nonce * @description Finds initialization vectors or nonces used by block modes that are weak, obsolete, or otherwise unaccepted. * Looks for IVs or nonces that are not generated by a cryptographically secure random number generator - * - * NOTE: for simplicity, if an IV or nonce is not known or not form os.urandom it is flagged. - * More specific considerations, such as correct use of nonces are currently not handled. - * In particular, GCM requires the use of a nonce. Using urandom is possible but may still be configured + * + * NOTE: for simplicity, if an IV or nonce is not known or not form os.urandom it is flagged. + * More specific considerations, such as correct use of nonces are currently not handled. + * In particular, GCM requires the use of a nonce. Using urandom is possible but may still be configured * incorrectly. We currently assume that GCM is flagged as a block mode regardless through a separate - * query, and such uses will need to be reivewed by the crypto board. - * + * query, and such uses will need to be reivewed by the crypto board. + * * Additionally, some functions, which infer a mode and IV may be flagged by this query. * For now, we will rely on users suppressing these cases rather than filtering them out. * The exception is Fernet, which is explicitly ignored since it's implementation uses os.urandom. - * * @id py/weak-block-mode-iv-or-nonce * @kind problem * @problem.severity error * @precision high */ - import python import experimental.cryptography.Concepts from BlockMode op, string msg, DataFlow::Node conf -where -not op instanceof CryptographyModule::Encryption::SymmetricEncryption::Fernet::CryptographyFernet and -(not op.hasIVorNonce() or not API::moduleImport("os").getMember("urandom").getACall() = op.getIVorNonce()) -and -if not op.hasIVorNonce() -then conf = op and msg = "Block mode is missing IV/Nonce initialization." -else conf = op.getIVorNonce() and msg = "Block mode is not using an accepted IV/Nonce initialization: $@" +where + not op instanceof CryptographyModule::Encryption::SymmetricEncryption::Fernet::CryptographyFernet and + ( + not op.hasIVorNonce() or + not API::moduleImport("os").getMember("urandom").getACall() = op.getIVorNonce() + ) and + ( + if not op.hasIVorNonce() + then conf = op and msg = "Block mode is missing IV/Nonce initialization." + else conf = op.getIVorNonce() + ) and + msg = "Block mode is not using an accepted IV/Nonce initialization: $@" select op, msg, conf, conf.toString() - diff --git a/python/ql/src/experimental/cryptography/example_alerts/WeakEllipticCurve.ql b/python/ql/src/experimental/cryptography/example_alerts/WeakEllipticCurve.ql index 6d07aa179d7..a5f6f735e50 100644 --- a/python/ql/src/experimental/cryptography/example_alerts/WeakEllipticCurve.ql +++ b/python/ql/src/experimental/cryptography/example_alerts/WeakEllipticCurve.ql @@ -7,22 +7,26 @@ * @precision high * @tags external/cwe/cwe-327 */ + import python import experimental.cryptography.Concepts from EllipticCurveAlgorithm op, string msg, string name -where -( - (name = op.getCurveName() and name = unknownAlgorithm() and msg = "Use of unrecognized curve algorithm.") - or - ( - name != unknownAlgorithm() and - name = op.getCurveName() and - not name = ["SECP256R1", "PRIME256V1",//P-256 - "SECP384R1", //P-384 - "SECP521R1", //P-521 - "ED25519", "X25519"] and - msg = "Use of weak curve algorithm " + name + "." - ) -) -select op, msg \ No newline at end of file +where + ( + name = op.getCurveName() and + name = unknownAlgorithm() and + msg = "Use of unrecognized curve algorithm." + or + name != unknownAlgorithm() and + name = op.getCurveName() and + not name = + [ + "SECP256R1", "PRIME256V1", //P-256 + "SECP384R1", //P-384 + "SECP521R1", //P-521 + "ED25519", "X25519" + ] and + msg = "Use of weak curve algorithm " + name + "." + ) +select op, msg diff --git a/python/ql/src/experimental/cryptography/example_alerts/WeakHashes.ql b/python/ql/src/experimental/cryptography/example_alerts/WeakHashes.ql index 4578f07b8a5..7aa88e2d58f 100644 --- a/python/ql/src/experimental/cryptography/example_alerts/WeakHashes.ql +++ b/python/ql/src/experimental/cryptography/example_alerts/WeakHashes.ql @@ -12,10 +12,10 @@ import python import experimental.cryptography.Concepts from HashAlgorithm op, string name, string msg -where -name = op.getHashName() and -not name = ["SHA256", "SHA384", "SHA512"] and -if name = unknownAlgorithm() -then msg = "Use of unrecognized hash algorithm." -else msg = "Use of unapproved hash algorithm or API " + name + "." +where + name = op.getHashName() and + not name = ["SHA256", "SHA384", "SHA512"] and + if name = unknownAlgorithm() + then msg = "Use of unrecognized hash algorithm." + else msg = "Use of unapproved hash algorithm or API " + name + "." select op, msg diff --git a/python/ql/src/experimental/cryptography/example_alerts/WeakKDFAlgorithm.ql b/python/ql/src/experimental/cryptography/example_alerts/WeakKDFAlgorithm.ql index 9a2bb97c657..0f30571385a 100644 --- a/python/ql/src/experimental/cryptography/example_alerts/WeakKDFAlgorithm.ql +++ b/python/ql/src/experimental/cryptography/example_alerts/WeakKDFAlgorithm.ql @@ -1,6 +1,5 @@ - /** - * @name Weak KDF algorithm. + * @name Weak KDF algorithm. * @description Approved KDF algorithms must one of the following * ["PBKDF2" , "PBKDF2HMAC", "KBKDF", "KBKDFHMAC", "CONCATKDF", "CONCATKDFHASH"] * @assumption The value being used to derive a key (either a key or a password) is correct for the algorithm (i.e., a key is used for KBKDF and a password for PBKDF). @@ -9,10 +8,15 @@ * @problem.severity error * @precision high */ + import python import experimental.cryptography.Concepts -from KeyDerivationAlgorithm op -where -not op.getKDFName() = ["PBKDF2" , "PBKDF2HMAC", "KBKDF", "KBKDFHMAC", "KBKDFCMAC", "CONCATKDF", "CONCATKDFHASH", "CONCATKDFHMAC"] -select op, "Use of unapproved, weak, or unknown key derivation algorithm or API." \ No newline at end of file +from KeyDerivationAlgorithm op +where + not op.getKDFName() = + [ + "PBKDF2", "PBKDF2HMAC", "KBKDF", "KBKDFHMAC", "KBKDFCMAC", "CONCATKDF", "CONCATKDFHASH", + "CONCATKDFHMAC" + ] +select op, "Use of unapproved, weak, or unknown key derivation algorithm or API." diff --git a/python/ql/src/experimental/cryptography/example_alerts/WeakKDFIteration.ql b/python/ql/src/experimental/cryptography/example_alerts/WeakKDFIteration.ql index e2b16ade393..055b4781516 100644 --- a/python/ql/src/experimental/cryptography/example_alerts/WeakKDFIteration.ql +++ b/python/ql/src/experimental/cryptography/example_alerts/WeakKDFIteration.ql @@ -1,34 +1,31 @@ /** * @name Use iteration count at least 100k to prevent brute force attacks - * @description When deriving cryptographic keys from user-provided inputs such as password, + * @description When deriving cryptographic keys from user-provided inputs such as password, * use sufficient iteration count (at least 100k). - * + * * This query will alert if the iteration count is less than 10000 (i.e., a constant <100000 is observed) - * or if the source for the iteration count is not known statically. - + * or if the source for the iteration count is not known statically. * @kind problem * @id py/kdf-low-iteration-count * @problem.severity error * @precision high */ + import python import experimental.cryptography.Concepts private import experimental.cryptography.utils.Utils as Utils from KeyDerivationOperation op, string msg, DataFlow::Node iterConfSrc -where -op.requiresIteration() and -iterConfSrc = op.getIterationSizeSrc() and -( - ( - exists(iterConfSrc.asExpr().(IntegerLiteral).getValue()) - and iterConfSrc.asExpr().(IntegerLiteral).getValue()< 10000 - and msg = "Iteration count is too low. " - ) - or - ( - not exists(iterConfSrc.asExpr().(IntegerLiteral).getValue()) - and msg = "Iteration count is not a statically verifiable size. " - ) -) -select op, msg + "Iteration count must be a minimum of 10000. Iteration Config: $@", iterConfSrc.asExpr(), iterConfSrc.asExpr().toString() \ No newline at end of file +where + op.requiresIteration() and + iterConfSrc = op.getIterationSizeSrc() and + ( + exists(iterConfSrc.asExpr().(IntegerLiteral).getValue()) and + iterConfSrc.asExpr().(IntegerLiteral).getValue() < 10000 and + msg = "Iteration count is too low. " + or + not exists(iterConfSrc.asExpr().(IntegerLiteral).getValue()) and + msg = "Iteration count is not a statically verifiable size. " + ) +select op, msg + "Iteration count must be a minimum of 10000. Iteration Config: $@", + iterConfSrc.asExpr(), iterConfSrc.asExpr().toString() diff --git a/python/ql/src/experimental/cryptography/example_alerts/WeakKDFKeyLength.ql b/python/ql/src/experimental/cryptography/example_alerts/WeakKDFKeyLength.ql index 7d5cead85db..a7c83f9e62e 100644 --- a/python/ql/src/experimental/cryptography/example_alerts/WeakKDFKeyLength.ql +++ b/python/ql/src/experimental/cryptography/example_alerts/WeakKDFKeyLength.ql @@ -1,37 +1,32 @@ /** * @name Small KDF derived key length. * @description KDF derived keys should be a minimum of 128 bits (16 bytes). - * @assumption If the key length is not explicitly provided (e.g., it is None or otherwise not specified) assumes the length is derived from the hash length. - * @assumption The query assumes only hashes with adequately sized lengths are chosen ("SHA256", "SHA384", "SHA512"), not verified here. - * This alerts if a constant traces to to a key length sink less than 128-bits or - * if the value that traces to a key length sink is not known statically. If the value is None or does not exist, we will assume the length - * is from the hash length, and again assume other queries will assess that those are of sufficient quality (length). + * @assumption If the key length is not explicitly provided (e.g., it is None or otherwise not specified) assumes the length is derived from the hash length. * @kind problem * @id py/kdf-small-key-size * @problem.severity error * @precision high */ + import python import experimental.cryptography.Concepts private import experimental.cryptography.utils.Utils as Utils from KeyDerivationOperation op, string msg, DataFlow::Node derivedKeySizeSrc -where -// NOTE/ASSUMPTION: if the key size is not specified or explicitly None, it is common that the size is derived from the hash used. -// The only acceptable hashes are currently "SHA256", "SHA384", "SHA512", which are all large enough. -// We will currently rely on other acceptable hash queries therefore to determine if the size is -// is sufficient where the key is not specified. -derivedKeySizeSrc = op.getDerivedKeySizeSrc() and not derivedKeySizeSrc.asExpr() instanceof None and -( - ( - exists(derivedKeySizeSrc.asExpr().(IntegerLiteral).getValue()) - and derivedKeySizeSrc.asExpr().(IntegerLiteral).getValue() < 16 - and msg = "Derived key size is too small. " - ) - or - ( - not exists(derivedKeySizeSrc.asExpr().(IntegerLiteral).getValue()) - and msg = "Derived key size is not a statically verifiable size. " - ) -) -select op, msg + "Derived key size must be a minimum of 16 (bytes). Derived Key Size Config: $@", derivedKeySizeSrc.asExpr(), derivedKeySizeSrc.asExpr().toString() \ No newline at end of file +where + // NOTE/ASSUMPTION: if the key size is not specified or explicitly None, it is common that the size is derived from the hash used. + // The only acceptable hashes are currently "SHA256", "SHA384", "SHA512", which are all large enough. + // We will currently rely on other acceptable hash queries therefore to determine if the size is + // is sufficient where the key is not specified. + derivedKeySizeSrc = op.getDerivedKeySizeSrc() and + not derivedKeySizeSrc.asExpr() instanceof None and + ( + exists(derivedKeySizeSrc.asExpr().(IntegerLiteral).getValue()) and + derivedKeySizeSrc.asExpr().(IntegerLiteral).getValue() < 16 and + msg = "Derived key size is too small. " + or + not exists(derivedKeySizeSrc.asExpr().(IntegerLiteral).getValue()) and + msg = "Derived key size is not a statically verifiable size. " + ) +select op, msg + "Derived key size must be a minimum of 16 (bytes). Derived Key Size Config: $@", + derivedKeySizeSrc.asExpr(), derivedKeySizeSrc.asExpr().toString() diff --git a/python/ql/src/experimental/cryptography/example_alerts/WeakKDFMode.ql b/python/ql/src/experimental/cryptography/example_alerts/WeakKDFMode.ql index 8ce94c80b0c..08da21f8e15 100644 --- a/python/ql/src/experimental/cryptography/example_alerts/WeakKDFMode.ql +++ b/python/ql/src/experimental/cryptography/example_alerts/WeakKDFMode.ql @@ -6,20 +6,23 @@ * @problem.severity error * @precision high */ + import python import experimental.cryptography.Concepts private import experimental.cryptography.utils.Utils as Utils - from KeyDerivationOperation op, DataFlow::Node modeConfSrc -where -op.requiresMode() -and modeConfSrc = op.getModeSrc() -and not modeConfSrc = API::moduleImport("cryptography") - .getMember("hazmat") - .getMember("primitives") - .getMember("kdf") - .getMember("kbkdf") - .getMember("Mode") - .getMember("CounterMode").asSource() -select op, "Key derivation mode is not set to CounterMode. Mode Config: $@", modeConfSrc, modeConfSrc.toString() \ No newline at end of file +where + op.requiresMode() and + modeConfSrc = op.getModeSrc() and + not modeConfSrc = + API::moduleImport("cryptography") + .getMember("hazmat") + .getMember("primitives") + .getMember("kdf") + .getMember("kbkdf") + .getMember("Mode") + .getMember("CounterMode") + .asSource() +select op, "Key derivation mode is not set to CounterMode. Mode Config: $@", modeConfSrc, + modeConfSrc.toString() diff --git a/python/ql/src/experimental/cryptography/example_alerts/WeakKDFSaltGen.ql b/python/ql/src/experimental/cryptography/example_alerts/WeakKDFSaltGen.ql index fdeb060b5ba..9d312583912 100644 --- a/python/ql/src/experimental/cryptography/example_alerts/WeakKDFSaltGen.ql +++ b/python/ql/src/experimental/cryptography/example_alerts/WeakKDFSaltGen.ql @@ -6,13 +6,15 @@ * @problem.severity error * @precision high */ + import python import experimental.cryptography.Concepts private import experimental.cryptography.utils.Utils as Utils from KeyDerivationOperation op, DataFlow::Node saltSrc -where -op.requiresSalt() -and not API::moduleImport("os").getMember("urandom").getACall() = saltSrc -and saltSrc = op.getSaltConfigSrc() -select op, "Salt configuration is not from an accepted random source: $@. Must be os.urandom", saltSrc, saltSrc.toString() +where + op.requiresSalt() and + not API::moduleImport("os").getMember("urandom").getACall() = saltSrc and + saltSrc = op.getSaltConfigSrc() +select op, "Salt configuration is not from an accepted random source: $@. Must be os.urandom", + saltSrc, saltSrc.toString() diff --git a/python/ql/src/experimental/cryptography/example_alerts/WeakKDFSaltSize.ql b/python/ql/src/experimental/cryptography/example_alerts/WeakKDFSaltSize.ql index 16cf427c1a9..54f72de0594 100644 --- a/python/ql/src/experimental/cryptography/example_alerts/WeakKDFSaltSize.ql +++ b/python/ql/src/experimental/cryptography/example_alerts/WeakKDFSaltSize.ql @@ -1,9 +1,9 @@ /** * @name Small KDF salt length. * @description KDF salts should be a minimum of 128 bits (16 bytes). - * + * * This alerts if a constant traces to to a salt length sink less than 128-bits or - * if the value that traces to a salt length sink is not known statically. + * if the value that traces to a salt length sink is not known statically. * @kind problem * @id py/kdf-small-salt-size * @problem.severity error @@ -15,15 +15,18 @@ import experimental.cryptography.Concepts private import experimental.cryptography.utils.Utils as Utils from KeyDerivationOperation op, DataFlow::Node randConfSrc, API::CallNode call, string msg -where -op.requiresSalt() and - API::moduleImport("os").getMember("urandom").getACall() = call - and call = op.getSaltConfigSrc() - and randConfSrc = Utils::getUltimateSrcFromApiNode(call.getParameter(0, "size")) - and - ( - (not exists(randConfSrc.asExpr().(IntegerLiteral).getValue()) and msg = "Salt config is not a statically verifiable size. ") - or - (randConfSrc.asExpr().(IntegerLiteral).getValue() < 16 and msg = "Salt config is insufficiently large. ") - ) -select op, msg + "Salt size must be a minimum of 16 (bytes). os.urandom Config: $@, Size Config: $@", call, call.toString(), randConfSrc, randConfSrc.toString() \ No newline at end of file +where + op.requiresSalt() and + API::moduleImport("os").getMember("urandom").getACall() = call and + call = op.getSaltConfigSrc() and + randConfSrc = Utils::getUltimateSrcFromApiNode(call.getParameter(0, "size")) and + ( + not exists(randConfSrc.asExpr().(IntegerLiteral).getValue()) and + msg = "Salt config is not a statically verifiable size. " + or + randConfSrc.asExpr().(IntegerLiteral).getValue() < 16 and + msg = "Salt config is insufficiently large. " + ) +select op, + msg + "Salt size must be a minimum of 16 (bytes). os.urandom Config: $@, Size Config: $@", call, + call.toString(), randConfSrc, randConfSrc.toString() diff --git a/python/ql/src/experimental/cryptography/example_alerts/WeakSymmetricEncryption.ql b/python/ql/src/experimental/cryptography/example_alerts/WeakSymmetricEncryption.ql index 68ffadea931..1c3ac4bce5b 100644 --- a/python/ql/src/experimental/cryptography/example_alerts/WeakSymmetricEncryption.ql +++ b/python/ql/src/experimental/cryptography/example_alerts/WeakSymmetricEncryption.ql @@ -1,10 +1,9 @@ /** * @name Weak symmetric encryption algorithm * @description Finds uses of symmetric cryptography algorithms that are weak, obsolete, or otherwise unaccepted. - - * The key lengths allowed are 128, 192, and 256 bits. These are all the key lengths supported by AES, so any + * + * The key lengths allowed are 128, 192, and 256 bits. These are all the key lengths supported by AES, so any * application of AES is considered acceptable. - * * @id py/weak-symmetric-encryption * @kind problem * @problem.severity error @@ -12,17 +11,14 @@ * @tags external/cwe/cwe-327 */ - import python import experimental.cryptography.Concepts -from - SymmetricEncryptionAlgorithm op, string name, string msg +from SymmetricEncryptionAlgorithm op, string name, string msg where -name = op.getEncryptionName() and -not name = ["AES","AES128", "AES192", "AES256"] and -if name = unknownAlgorithm() -then msg = "Use of unrecognized symmetric encryption algorithm." -else msg = "Use of unapproved symmetric encryption algorithm or API " + name + "." + name = op.getEncryptionName() and + not name = ["AES", "AES128", "AES192", "AES256"] and + if name = unknownAlgorithm() + then msg = "Use of unrecognized symmetric encryption algorithm." + else msg = "Use of unapproved symmetric encryption algorithm or API " + name + "." select op, msg -