Implement internally opaque bn access from evp

[openssl.git] / crypto / evp / evp.h
diff --git a/crypto/evp/evp.h b/crypto/evp/evp.h

index b4c86750438f7094f33f1014cac2a86f4fbef70b..757b7968da62274ad8203e855a20617691dfbd0a 100644 (file)
--- a/crypto/evp/evp.h
+++ b/crypto/evp/evp.h
@@ -114,6 +114,7 @@
  #define EVP_PKEY_DSA3  NID_dsaWithSHA1
  #define EVP_PKEY_DSA4  NID_dsaWithSHA1_2
  #define EVP_PKEY_DH    NID_dhKeyAgreement
+#define EVP_PKEY_DHX   NID_dhpublicnumber
  #define EVP_PKEY_EC    NID_X9_62_id_ecPublicKey
  #define EVP_PKEY_HMAC  NID_hmac
  #define EVP_PKEY_CMAC  NID_cmac
@@ -299,6 +300,12 @@ struct env_md_ctx_st
  #define EVP_MD_CTX_FLAG_PAD_PSS                0x20    /* PSS mode */
  
  #define EVP_MD_CTX_FLAG_NO_INIT                0x0100 /* Don't initialize md_data */
+/* Some functions such as EVP_DigestSign only finalise copies of internal
+ * contexts so additional data can be included after the finalisation call.
+ * This is inefficient if this functionality is not required: it is disabled
+ * if the following flag is set.
+ */
+#define EVP_MD_CTX_FLAG_FINALISE       0x0200
  
  struct evp_cipher_st
         {
@@ -332,6 +339,8 @@ struct evp_cipher_st
  #define                EVP_CIPH_GCM_MODE               0x6
  #define                EVP_CIPH_CCM_MODE               0x7
  #define                EVP_CIPH_XTS_MODE               0x10001
+#define                EVP_CIPH_WRAP_MODE              0x10002
+#define                EVP_CIPH_OCB_MODE               0x10003
  #define        EVP_CIPH_MODE                   0xF0007
  /* Set if variable length cipher */
  #define        EVP_CIPH_VARIABLE_LENGTH        0x8
@@ -360,7 +369,16 @@ struct evp_cipher_st
  /* Cipher handles any and all padding logic as well
   * as finalisation.
   */
-#define        EVP_CIPH_FLAG_CUSTOM_CIPHER     0x10000
+#define        EVP_CIPH_FLAG_CUSTOM_CIPHER     0x100000
+#define                EVP_CIPH_FLAG_AEAD_CIPHER       0x200000
+#define                EVP_CIPH_FLAG_TLS1_1_MULTIBLOCK 0x400000
+
+/* Cipher context flag to indicate we can handle
+ * wrap mode: if allowed in older applications it could
+ * overflow buffers.
+ */
+
+#define        EVP_CIPHER_CTX_FLAG_WRAP_ALLOW  0x1
  
  /* ctrl() values */
  
@@ -378,6 +396,46 @@ struct evp_cipher_st
  #define        EVP_CTRL_GCM_SET_TAG            0x11
  #define                EVP_CTRL_GCM_SET_IV_FIXED       0x12
  #define                EVP_CTRL_GCM_IV_GEN             0x13
+#define                EVP_CTRL_CCM_SET_IVLEN          EVP_CTRL_GCM_SET_IVLEN
+#define                EVP_CTRL_CCM_GET_TAG            EVP_CTRL_GCM_GET_TAG
+#define                EVP_CTRL_CCM_SET_TAG            EVP_CTRL_GCM_SET_TAG
+#define                EVP_CTRL_CCM_SET_L              0x14
+#define                EVP_CTRL_CCM_SET_MSGLEN         0x15
+/* AEAD cipher deduces payload length and returns number of bytes
+ * required to store MAC and eventual padding. Subsequent call to
+ * EVP_Cipher even appends/verifies MAC.
+ */
+#define                EVP_CTRL_AEAD_TLS1_AAD          0x16
+/* Used by composite AEAD ciphers, no-op in GCM, CCM... */
+#define                EVP_CTRL_AEAD_SET_MAC_KEY       0x17
+/* Set the GCM invocation field, decrypt only */
+#define                EVP_CTRL_GCM_SET_IV_INV         0x18
+
+#define                EVP_CTRL_TLS1_1_MULTIBLOCK_AAD  0x19
+#define                EVP_CTRL_TLS1_1_MULTIBLOCK_ENCRYPT      0x1a
+#define                EVP_CTRL_TLS1_1_MULTIBLOCK_DECRYPT      0x1b
+#define                EVP_CTRL_TLS1_1_MULTIBLOCK_MAX_BUFSIZE  0x1c
+
+typedef struct {
+       unsigned char *out;
+       const unsigned char *inp;
+       size_t len;
+       unsigned int interleave;
+} EVP_CTRL_TLS1_1_MULTIBLOCK_PARAM;
+
+#define                EVP_CTRL_SET_IVLEN                      EVP_CTRL_GCM_SET_IVLEN
+#define                EVP_CTRL_GET_TAG                        EVP_CTRL_GCM_GET_TAG
+#define                EVP_CTRL_SET_TAG                        EVP_CTRL_GCM_SET_TAG
+#define                EVP_CTRL_OCB_SET_TAGLEN         0x1c
+
+
+/* GCM TLS constants */
+/* Length of fixed part of IV derived from PRF */
+#define EVP_GCM_TLS_FIXED_IV_LEN                       4
+/* Length of explicit part of IV part of TLS records */
+#define EVP_GCM_TLS_EXPLICIT_IV_LEN                    8
+/* Length of tag for TLS */
+#define EVP_GCM_TLS_TAG_LEN                            16
  
  typedef struct evp_cipher_info_st
         {
@@ -395,7 +453,7 @@ struct evp_cipher_ctx_st
         unsigned char  oiv[EVP_MAX_IV_LENGTH];  /* original iv */
         unsigned char  iv[EVP_MAX_IV_LENGTH];   /* working iv */
         unsigned char buf[EVP_MAX_BLOCK_LENGTH];/* saved partial block */
-       int num;                                /* used by cfb/ofb mode */
+       int num;                                /* used by cfb/ofb/ctr mode */
  
         void *app_data;         /* application stuff */
         int key_len;            /* May change for variable length cipher */
@@ -536,7 +594,7 @@ void BIO_set_md(BIO *,const EVP_MD *md);
  #define BIO_get_cipher_status(b)       BIO_ctrl(b,BIO_C_GET_CIPHER_STATUS,0,NULL)
  #define BIO_get_cipher_ctx(b,c_pp)     BIO_ctrl(b,BIO_C_GET_CIPHER_CTX,0,(char *)c_pp)
  
-__owur int EVP_Cipher(EVP_CIPHER_CTX *c,
+/*__owur*/ int EVP_Cipher(EVP_CIPHER_CTX *c,
                 unsigned char *out,
                 const unsigned char *in,
                 unsigned int inl);
@@ -554,19 +612,19 @@ void      EVP_MD_CTX_init(EVP_MD_CTX *ctx);
  int    EVP_MD_CTX_cleanup(EVP_MD_CTX *ctx);
  EVP_MD_CTX *EVP_MD_CTX_create(void);
  void   EVP_MD_CTX_destroy(EVP_MD_CTX *ctx);
-__owur int     EVP_MD_CTX_copy_ex(EVP_MD_CTX *out,const EVP_MD_CTX *in);  
+/*__owur*/ int     EVP_MD_CTX_copy_ex(EVP_MD_CTX *out,const EVP_MD_CTX *in);  
  void   EVP_MD_CTX_set_flags(EVP_MD_CTX *ctx, int flags);
  void   EVP_MD_CTX_clear_flags(EVP_MD_CTX *ctx, int flags);
  int    EVP_MD_CTX_test_flags(const EVP_MD_CTX *ctx,int flags);
-__owur int     EVP_DigestInit_ex(EVP_MD_CTX *ctx, const EVP_MD *type, ENGINE *impl);
-__owur int     EVP_DigestUpdate(EVP_MD_CTX *ctx,const void *d,
+/*__owur*/ int EVP_DigestInit_ex(EVP_MD_CTX *ctx, const EVP_MD *type, ENGINE *impl);
+/*__owur*/ int EVP_DigestUpdate(EVP_MD_CTX *ctx,const void *d,
                          size_t cnt);
-__owur int     EVP_DigestFinal_ex(EVP_MD_CTX *ctx,unsigned char *md,unsigned int *s);
-__owur int     EVP_Digest(const void *data, size_t count,
+/*__owur*/ int EVP_DigestFinal_ex(EVP_MD_CTX *ctx,unsigned char *md,unsigned int *s);
+/*__owur*/ int EVP_Digest(const void *data, size_t count,
                 unsigned char *md, unsigned int *size, const EVP_MD *type, ENGINE *impl);
  
-__owur int     EVP_MD_CTX_copy(EVP_MD_CTX *out,const EVP_MD_CTX *in);  
-__owur int     EVP_DigestInit(EVP_MD_CTX *ctx, const EVP_MD *type);
+/*__owur*/ int     EVP_MD_CTX_copy(EVP_MD_CTX *out,const EVP_MD_CTX *in);  
+/*__owur*/ int EVP_DigestInit(EVP_MD_CTX *ctx, const EVP_MD *type);
  __owur int     EVP_DigestFinal(EVP_MD_CTX *ctx,unsigned char *md,unsigned int *s);
  
  int    EVP_read_pw_string(char *buf,int length,const char *prompt,int verify);
@@ -584,26 +642,26 @@ int       EVP_CIPHER_CTX_test_flags(const EVP_CIPHER_CTX *ctx,int flags);
  
  __owur int     EVP_EncryptInit(EVP_CIPHER_CTX *ctx,const EVP_CIPHER *cipher,
                 const unsigned char *key, const unsigned char *iv);
-__owur int     EVP_EncryptInit_ex(EVP_CIPHER_CTX *ctx,const EVP_CIPHER *cipher, ENGINE *impl,
+/*__owur*/ int EVP_EncryptInit_ex(EVP_CIPHER_CTX *ctx,const EVP_CIPHER *cipher, ENGINE *impl,
                 const unsigned char *key, const unsigned char *iv);
-__owur int     EVP_EncryptUpdate(EVP_CIPHER_CTX *ctx, unsigned char *out,
+/*__owur*/ int EVP_EncryptUpdate(EVP_CIPHER_CTX *ctx, unsigned char *out,
                 int *outl, const unsigned char *in, int inl);
-__owur int     EVP_EncryptFinal_ex(EVP_CIPHER_CTX *ctx, unsigned char *out, int *outl);
-__owur int     EVP_EncryptFinal(EVP_CIPHER_CTX *ctx, unsigned char *out, int *outl);
+/*__owur*/ int EVP_EncryptFinal_ex(EVP_CIPHER_CTX *ctx, unsigned char *out, int *outl);
+/*__owur*/ int EVP_EncryptFinal(EVP_CIPHER_CTX *ctx, unsigned char *out, int *outl);
  
  __owur int     EVP_DecryptInit(EVP_CIPHER_CTX *ctx,const EVP_CIPHER *cipher,
                 const unsigned char *key, const unsigned char *iv);
-__owur int     EVP_DecryptInit_ex(EVP_CIPHER_CTX *ctx,const EVP_CIPHER *cipher, ENGINE *impl,
+/*__owur*/ int EVP_DecryptInit_ex(EVP_CIPHER_CTX *ctx,const EVP_CIPHER *cipher, ENGINE *impl,
                 const unsigned char *key, const unsigned char *iv);
-__owur int     EVP_DecryptUpdate(EVP_CIPHER_CTX *ctx, unsigned char *out,
+/*__owur*/ int EVP_DecryptUpdate(EVP_CIPHER_CTX *ctx, unsigned char *out,
                 int *outl, const unsigned char *in, int inl);
  __owur int     EVP_DecryptFinal(EVP_CIPHER_CTX *ctx, unsigned char *outm, int *outl);
-__owur int     EVP_DecryptFinal_ex(EVP_CIPHER_CTX *ctx, unsigned char *outm, int *outl);
+/*__owur*/ int EVP_DecryptFinal_ex(EVP_CIPHER_CTX *ctx, unsigned char *outm, int *outl);
  
  __owur int     EVP_CipherInit(EVP_CIPHER_CTX *ctx,const EVP_CIPHER *cipher,
                        const unsigned char *key,const unsigned char *iv,
                        int enc);
-__owur int     EVP_CipherInit_ex(EVP_CIPHER_CTX *ctx,const EVP_CIPHER *cipher, ENGINE *impl,
+/*__owur*/ int EVP_CipherInit_ex(EVP_CIPHER_CTX *ctx,const EVP_CIPHER *cipher, ENGINE *impl,
                        const unsigned char *key,const unsigned char *iv,
                        int enc);
  __owur int     EVP_CipherUpdate(EVP_CIPHER_CTX *ctx, unsigned char *out,
@@ -617,7 +675,7 @@ __owur int  EVP_SignFinal(EVP_MD_CTX *ctx,unsigned char *md,unsigned int *s,
  __owur int     EVP_VerifyFinal(EVP_MD_CTX *ctx,const unsigned char *sigbuf,
                 unsigned int siglen,EVP_PKEY *pkey);
  
-__owur int     EVP_DigestSignInit(EVP_MD_CTX *ctx, EVP_PKEY_CTX **pctx,
+/*__owur*/ int EVP_DigestSignInit(EVP_MD_CTX *ctx, EVP_PKEY_CTX **pctx,
                         const EVP_MD *type, ENGINE *e, EVP_PKEY *pkey);
  __owur int     EVP_DigestSignFinal(EVP_MD_CTX *ctx,
                         unsigned char *sigret, size_t *siglen);
@@ -625,7 +683,7 @@ __owur int  EVP_DigestSignFinal(EVP_MD_CTX *ctx,
  __owur int     EVP_DigestVerifyInit(EVP_MD_CTX *ctx, EVP_PKEY_CTX **pctx,
                         const EVP_MD *type, ENGINE *e, EVP_PKEY *pkey);
  __owur int     EVP_DigestVerifyFinal(EVP_MD_CTX *ctx,
-                       unsigned char *sig, size_t siglen);
+                       const unsigned char *sig, size_t siglen);
  
  __owur int     EVP_OpenInit(EVP_CIPHER_CTX *ctx,const EVP_CIPHER *type,
                 const unsigned char *ek, int ekl, const unsigned char *iv,
@@ -730,6 +788,7 @@ const EVP_CIPHER *EVP_des_cbc(void);
  const EVP_CIPHER *EVP_des_ede_cbc(void);
  const EVP_CIPHER *EVP_des_ede3_cbc(void);
  const EVP_CIPHER *EVP_desx_cbc(void);
+const EVP_CIPHER *EVP_des_ede3_wrap(void);
  /* This should now be supported through the dev_crypto ENGINE. But also, why are
   * rc4 and md5 declarations made here inside a "NO_DES" precompiler branch? */
  #if 0
@@ -743,6 +802,9 @@ const EVP_MD *EVP_dev_crypto_md5(void);
  #ifndef OPENSSL_NO_RC4
  const EVP_CIPHER *EVP_rc4(void);
  const EVP_CIPHER *EVP_rc4_40(void);
+#ifndef OPENSSL_NO_MD5
+const EVP_CIPHER *EVP_rc4_hmac_md5(void);
+#endif
  #endif
  #ifndef OPENSSL_NO_IDEA
  const EVP_CIPHER *EVP_idea_ecb(void);
@@ -790,8 +852,14 @@ const EVP_CIPHER *EVP_aes_128_cfb128(void);
  # define EVP_aes_128_cfb EVP_aes_128_cfb128
  const EVP_CIPHER *EVP_aes_128_ofb(void);
  const EVP_CIPHER *EVP_aes_128_ctr(void);
+const EVP_CIPHER *EVP_aes_128_ccm(void);
  const EVP_CIPHER *EVP_aes_128_gcm(void);
  const EVP_CIPHER *EVP_aes_128_xts(void);
+const EVP_CIPHER *EVP_aes_128_wrap(void);
+const EVP_CIPHER *EVP_aes_128_wrap_pad(void);
+#ifndef OPENSSL_NO_OCB
+const EVP_CIPHER *EVP_aes_128_ocb(void);
+#endif
  const EVP_CIPHER *EVP_aes_192_ecb(void);
  const EVP_CIPHER *EVP_aes_192_cbc(void);
  const EVP_CIPHER *EVP_aes_192_cfb1(void);
@@ -800,7 +868,13 @@ const EVP_CIPHER *EVP_aes_192_cfb128(void);
  # define EVP_aes_192_cfb EVP_aes_192_cfb128
  const EVP_CIPHER *EVP_aes_192_ofb(void);
  const EVP_CIPHER *EVP_aes_192_ctr(void);
+const EVP_CIPHER *EVP_aes_192_ccm(void);
  const EVP_CIPHER *EVP_aes_192_gcm(void);
+const EVP_CIPHER *EVP_aes_192_wrap(void);
+const EVP_CIPHER *EVP_aes_192_wrap_pad(void);
+#ifndef OPENSSL_NO_OCB
+const EVP_CIPHER *EVP_aes_192_ocb(void);
+#endif
  const EVP_CIPHER *EVP_aes_256_ecb(void);
  const EVP_CIPHER *EVP_aes_256_cbc(void);
  const EVP_CIPHER *EVP_aes_256_cfb1(void);
@@ -809,8 +883,22 @@ const EVP_CIPHER *EVP_aes_256_cfb128(void);
  # define EVP_aes_256_cfb EVP_aes_256_cfb128
  const EVP_CIPHER *EVP_aes_256_ofb(void);
  const EVP_CIPHER *EVP_aes_256_ctr(void);
+const EVP_CIPHER *EVP_aes_256_ccm(void);
  const EVP_CIPHER *EVP_aes_256_gcm(void);
  const EVP_CIPHER *EVP_aes_256_xts(void);
+const EVP_CIPHER *EVP_aes_256_wrap(void);
+const EVP_CIPHER *EVP_aes_256_wrap_pad(void);
+#ifndef OPENSSL_NO_OCB
+const EVP_CIPHER *EVP_aes_256_ocb(void);
+#endif
+# if !defined(OPENSSL_NO_SHA) && !defined(OPENSSL_NO_SHA1)
+const EVP_CIPHER *EVP_aes_128_cbc_hmac_sha1(void);
+const EVP_CIPHER *EVP_aes_256_cbc_hmac_sha1(void);
+# endif
+# ifndef OPENSSL_NO_SHA256
+const EVP_CIPHER *EVP_aes_128_cbc_hmac_sha256(void);
+const EVP_CIPHER *EVP_aes_256_cbc_hmac_sha256(void);
+# endif
  #endif
  #ifndef OPENSSL_NO_CAMELLIA
  const EVP_CIPHER *EVP_camellia_128_ecb(void);
@@ -888,6 +976,7 @@ int         EVP_PKEY_type(int type);
  int            EVP_PKEY_id(const EVP_PKEY *pkey);
  int            EVP_PKEY_base_id(const EVP_PKEY *pkey);
  int            EVP_PKEY_bits(EVP_PKEY *pkey);
+int            EVP_PKEY_security_bits(const EVP_PKEY *pkey);
  int            EVP_PKEY_size(EVP_PKEY *pkey);
  int            EVP_PKEY_set_type(EVP_PKEY *pkey,int type);
  int            EVP_PKEY_set_type_str(EVP_PKEY *pkey, const char *str, int len);
@@ -998,6 +1087,7 @@ void EVP_PBE_cleanup(void);
  #define ASN1_PKEY_CTRL_DEFAULT_MD_NID  0x3
  #define ASN1_PKEY_CTRL_CMS_SIGN                0x5
  #define ASN1_PKEY_CTRL_CMS_ENVELOPE    0x7
+#define ASN1_PKEY_CTRL_CMS_RI_TYPE     0x8
  
  int EVP_PKEY_asn1_get_count(void);
  const EVP_PKEY_ASN1_METHOD *EVP_PKEY_asn1_get0(int idx);
@@ -1045,6 +1135,9 @@ void EVP_PKEY_asn1_set_ctrl(EVP_PKEY_ASN1_METHOD *ameth,
                 int (*pkey_ctrl)(EVP_PKEY *pkey, int op,
                                                         long arg1, void *arg2));
  
+void EVP_PKEY_asn1_set_security_bits(EVP_PKEY_ASN1_METHOD *ameth,
+                               int (*pkey_security_bits)(const EVP_PKEY *pk));
+
  
  #define EVP_PKEY_OP_UNDEFINED          0
  #define EVP_PKEY_OP_PARAMGEN           (1<<1)
@@ -1066,7 +1159,7 @@ void EVP_PKEY_asn1_set_ctrl(EVP_PKEY_ASN1_METHOD *ameth,
         (EVP_PKEY_OP_ENCRYPT | EVP_PKEY_OP_DECRYPT)
  
  #define EVP_PKEY_OP_TYPE_NOGEN \
-       (EVP_PKEY_OP_SIG | EVP_PKEY_OP_CRYPT | EVP_PKEY_OP_DERIVE)
+       (EVP_PKEY_OP_TYPE_SIG | EVP_PKEY_OP_TYPE_CRYPT | EVP_PKEY_OP_DERIVE)
  
  #define EVP_PKEY_OP_TYPE_GEN \
                 (EVP_PKEY_OP_PARAMGEN | EVP_PKEY_OP_KEYGEN)
@@ -1075,6 +1168,10 @@ void EVP_PKEY_asn1_set_ctrl(EVP_PKEY_ASN1_METHOD *ameth,
                 EVP_PKEY_CTX_ctrl(ctx, -1, EVP_PKEY_OP_TYPE_SIG,  \
                                         EVP_PKEY_CTRL_MD, 0, (void *)md)
  
+#define         EVP_PKEY_CTX_get_signature_md(ctx, pmd)        \
+               EVP_PKEY_CTX_ctrl(ctx, -1, EVP_PKEY_OP_TYPE_SIG,  \
+                                       EVP_PKEY_CTRL_GET_MD, 0, (void *)pmd)
+
  #define EVP_PKEY_CTRL_MD               1
  #define EVP_PKEY_CTRL_PEER_KEY         2
  
@@ -1096,6 +1193,8 @@ void EVP_PKEY_asn1_set_ctrl(EVP_PKEY_ASN1_METHOD *ameth,
  
  #define EVP_PKEY_CTRL_CIPHER           12
  
+#define EVP_PKEY_CTRL_GET_MD           13
+
  #define EVP_PKEY_ALG_CTRL              0x1000
  
  
@@ -1237,6 +1336,8 @@ void EVP_PKEY_meth_set_ctrl(EVP_PKEY_METHOD *pmeth,
         int (*ctrl_str)(EVP_PKEY_CTX *ctx,
                                         const char *type, const char *value));
  
+void EVP_add_alg_module(void);
+
  /* BEGIN ERROR CODES */
  /* The following lines are auto generated by the script mkerr.pl. Any changes
   * made after this point may be overwritten when the script is next run.
@@ -1247,8 +1348,15 @@ void ERR_load_EVP_strings(void);
  
  /* Function codes. */
  #define EVP_F_AESNI_INIT_KEY                            165
+#define EVP_F_AESNI_XTS_CIPHER                          176
  #define EVP_F_AES_INIT_KEY                              133
+#define EVP_F_AES_T4_INIT_KEY                           178
+#define EVP_F_AES_XTS                                   172
+#define EVP_F_AES_XTS_CIPHER                            175
+#define EVP_F_ALG_MODULE_INIT                           177
  #define EVP_F_CAMELLIA_INIT_KEY                                 159
+#define EVP_F_CMAC_INIT                                         173
+#define EVP_F_CMLL_T4_INIT_KEY                          179
  #define EVP_F_D2I_PKEY                                  100
  #define EVP_F_DO_SIGVER_INIT                            161
  #define EVP_F_DSAPKEY2PKCS8                             134
@@ -1309,6 +1417,7 @@ void ERR_load_EVP_strings(void);
  #define EVP_F_FIPS_CIPHER_CTX_SET_KEY_LENGTH            171
  #define EVP_F_FIPS_DIGESTINIT                           168
  #define EVP_F_FIPS_MD_CTX_COPY                          169
+#define EVP_F_HMAC_INIT_EX                              174
  #define EVP_F_INT_CTX_NEW                               157
  #define EVP_F_PKCS5_PBE_KEYIVGEN                        117
  #define EVP_F_PKCS5_V2_PBE_KEYIVGEN                     118
@@ -1339,15 +1448,19 @@ void ERR_load_EVP_strings(void);
  #define EVP_R_DIFFERENT_PARAMETERS                      153
  #define EVP_R_DISABLED_FOR_FIPS                                 163
  #define EVP_R_ENCODE_ERROR                              115
+#define EVP_R_ERROR_LOADING_SECTION                     165
+#define EVP_R_ERROR_SETTING_FIPS_MODE                   166
  #define EVP_R_EVP_PBE_CIPHERINIT_ERROR                  119
  #define EVP_R_EXPECTING_AN_RSA_KEY                      127
  #define EVP_R_EXPECTING_A_DH_KEY                        128
  #define EVP_R_EXPECTING_A_DSA_KEY                       129
  #define EVP_R_EXPECTING_A_ECDSA_KEY                     141
  #define EVP_R_EXPECTING_A_EC_KEY                        142
+#define EVP_R_FIPS_MODE_NOT_SUPPORTED                   167
  #define EVP_R_INITIALIZATION_ERROR                      134
  #define EVP_R_INPUT_NOT_INITIALIZED                     111
  #define EVP_R_INVALID_DIGEST                            152
+#define EVP_R_INVALID_FIPS_MODE                                 168
  #define EVP_R_INVALID_KEY_LENGTH                        130
  #define EVP_R_INVALID_OPERATION                                 148
  #define EVP_R_IV_TOO_LARGE                              102
@@ -1369,8 +1482,10 @@ void ERR_load_EVP_strings(void);
  #define EVP_R_PRIVATE_KEY_DECODE_ERROR                  145
  #define EVP_R_PRIVATE_KEY_ENCODE_ERROR                  146
  #define EVP_R_PUBLIC_KEY_NOT_RSA                        106
+#define EVP_R_TOO_LARGE                                         164
  #define EVP_R_UNKNOWN_CIPHER                            160
  #define EVP_R_UNKNOWN_DIGEST                            161
+#define EVP_R_UNKNOWN_OPTION                            169
  #define EVP_R_UNKNOWN_PBE_ALGORITHM                     121
  #define EVP_R_UNSUPORTED_NUMBER_OF_ROUNDS               135
  #define EVP_R_UNSUPPORTED_ALGORITHM                     156
@@ -1381,6 +1496,7 @@ void ERR_load_EVP_strings(void);
  #define EVP_R_UNSUPPORTED_PRF                           125
  #define EVP_R_UNSUPPORTED_PRIVATE_KEY_ALGORITHM                 118
  #define EVP_R_UNSUPPORTED_SALT_TYPE                     126
+#define EVP_R_WRAP_MODE_NOT_ALLOWED                     170
  #define EVP_R_WRONG_FINAL_BLOCK_LENGTH                  109
  #define EVP_R_WRONG_PUBLIC_KEY_TYPE                     110