Flag to disable automatic copying of contexts.

[openssl.git] / crypto / evp / evp.h

diff --git a/crypto/evp/evp.h b/crypto/evp/evp.h
index 509f8579af2a40d66c7ea97e67c077eab1c032df..2b130c483d5e7cc57709703e92f123eadf8d79a0 100644 (file)
--- a/crypto/evp/evp.h
+++ b/crypto/evp/evp.h
@@ -83,7 +83,7 @@
 #define EVP_RC5_32_12_16_KEY_SIZE      16
 */
 #define EVP_MAX_MD_SIZE                        64      /* longest known is SHA512 */
-#define EVP_MAX_KEY_LENGTH             32
+#define EVP_MAX_KEY_LENGTH             64
 #define EVP_MAX_IV_LENGTH              16
 #define EVP_MAX_BLOCK_LENGTH           32
 
@@ -114,7 +114,10 @@
 #define EVP_PKEY_DSA3  NID_dsaWithSHA1
 #define EVP_PKEY_DSA4  NID_dsaWithSHA1_2
 #define EVP_PKEY_DH    NID_dhKeyAgreement
+#define EVP_PKEY_DHX   NID_dhpublicnumber
 #define EVP_PKEY_EC    NID_X9_62_id_ecPublicKey
+#define EVP_PKEY_HMAC  NID_hmac
+#define EVP_PKEY_CMAC  NID_cmac
 
 #ifdef __cplusplus
 extern "C" {
@@ -215,9 +218,12 @@ typedef int evp_verify_method(int type,const unsigned char *m,
 
 #define EVP_MD_FLAG_DIGALGID_CUSTOM            0x0018
 
+#define EVP_MD_FLAG_FIPS       0x0400 /* Note if suitable for use in FIPS mode */
+
 /* Digest ctrls */
 
 #define        EVP_MD_CTRL_DIGALGID                    0x1
+#define        EVP_MD_CTRL_MICALG                      0x2
 
 /* Minimum Algorithm specific ctrl value */
 
@@ -265,6 +271,8 @@ struct env_md_ctx_st
        void *md_data;
        /* Public key context for sign/verify */
        EVP_PKEY_CTX *pctx;
+       /* Update function: usually copied from EVP_MD */
+       int (*update)(EVP_MD_CTX *ctx,const void *data,size_t count);
        } /* EVP_MD_CTX */;
 
 /* values for EVP_MD_CTX flags */
@@ -275,14 +283,29 @@ struct env_md_ctx_st
                                                * cleaned */
 #define EVP_MD_CTX_FLAG_REUSE          0x0004 /* Don't free up ctx->md_data
                                                * in EVP_MD_CTX_cleanup */
+/* FIPS and pad options are ignored in 1.0.0, definitions are here
+ * so we don't accidentally reuse the values for other purposes.
+ */
 
-/* MD operational flags */
-
-#define EVP_MD_CTX_FLAG_OP_MASK                0x00f0
+#define EVP_MD_CTX_FLAG_NON_FIPS_ALLOW 0x0008  /* Allow use of non FIPS digest
+                                                * in FIPS mode */
 
-#define EVP_MD_CTX_FLAG_OP_DIGEST      0x0000
-#define EVP_MD_CTX_FLAG_OP_SIGN                0x0010
-#define EVP_MD_CTX_FLAG_OP_VERIFY      0x0020
+/* The following PAD options are also currently ignored in 1.0.0, digest
+ * parameters are handled through EVP_DigestSign*() and EVP_DigestVerify*()
+ * instead.
+ */
+#define EVP_MD_CTX_FLAG_PAD_MASK       0xF0    /* RSA mode to use */
+#define EVP_MD_CTX_FLAG_PAD_PKCS1      0x00    /* PKCS#1 v1.5 mode */
+#define EVP_MD_CTX_FLAG_PAD_X931       0x10    /* X9.31 mode */
+#define EVP_MD_CTX_FLAG_PAD_PSS                0x20    /* PSS mode */
+
+#define EVP_MD_CTX_FLAG_NO_INIT                0x0100 /* Don't initialize md_data */
+/* Some functions such as EVP_DigestSign only finalise copies of internal
+ * contexts so additional data can be included after the finalisation call.
+ * This is inefficient if this functionality is not required: it is disabled
+ * if the following flag is set.
+ */
+#define EVP_MD_CTX_FLAG_FINALISE       0x0200
 
 struct evp_cipher_st
        {
@@ -294,7 +317,7 @@ struct evp_cipher_st
        int (*init)(EVP_CIPHER_CTX *ctx, const unsigned char *key,
                    const unsigned char *iv, int enc);  /* init key */
        int (*do_cipher)(EVP_CIPHER_CTX *ctx, unsigned char *out,
-                        const unsigned char *in, unsigned int inl);/* encrypt/decrypt data */
+                        const unsigned char *in, size_t inl);/* encrypt/decrypt data */
        int (*cleanup)(EVP_CIPHER_CTX *); /* cleanup ctx */
        int ctx_size;           /* how big ctx->cipher_data needs to be */
        int (*set_asn1_parameters)(EVP_CIPHER_CTX *, ASN1_TYPE *); /* Populate a ASN1_TYPE with parameters */
@@ -312,7 +335,12 @@ struct evp_cipher_st
 #define                EVP_CIPH_CBC_MODE               0x2
 #define                EVP_CIPH_CFB_MODE               0x3
 #define                EVP_CIPH_OFB_MODE               0x4
-#define        EVP_CIPH_MODE                   0x7
+#define                EVP_CIPH_CTR_MODE               0x5
+#define                EVP_CIPH_GCM_MODE               0x6
+#define                EVP_CIPH_CCM_MODE               0x7
+#define                EVP_CIPH_XTS_MODE               0x10001
+#define                EVP_CIPH_WRAP_MODE              0x10002
+#define        EVP_CIPH_MODE                   0xF0007
 /* Set if variable length cipher */
 #define        EVP_CIPH_VARIABLE_LENGTH        0x8
 /* Set if the iv handling should be done by the cipher itself */
@@ -327,6 +355,29 @@ struct evp_cipher_st
 #define        EVP_CIPH_NO_PADDING             0x100
 /* cipher handles random key generation */
 #define        EVP_CIPH_RAND_KEY               0x200
+/* cipher has its own additional copying logic */
+#define        EVP_CIPH_CUSTOM_COPY            0x400
+/* Allow use default ASN1 get/set iv */
+#define                EVP_CIPH_FLAG_DEFAULT_ASN1      0x1000
+/* Buffer length in bits not bytes: CFB1 mode only */
+#define                EVP_CIPH_FLAG_LENGTH_BITS       0x2000
+/* Note if suitable for use in FIPS mode */
+#define                EVP_CIPH_FLAG_FIPS              0x4000
+/* Allow non FIPS cipher in FIPS mode */
+#define                EVP_CIPH_FLAG_NON_FIPS_ALLOW    0x8000
+/* Cipher handles any and all padding logic as well
+ * as finalisation.
+ */
+#define        EVP_CIPH_FLAG_CUSTOM_CIPHER     0x100000
+#define                EVP_CIPH_FLAG_AEAD_CIPHER       0x200000
+#define                EVP_CIPH_FLAG_TLS1_1_MULTIBLOCK 0x400000
+
+/* Cipher context flag to indicate we can handle
+ * wrap mode: if allowed in older applications it could
+ * overflow buffers.
+ */
+
+#define        EVP_CIPHER_CTX_FLAG_WRAP_ALLOW  0x1
 
 /* ctrl() values */
 
@@ -338,6 +389,45 @@ struct evp_cipher_st
 #define        EVP_CTRL_SET_RC5_ROUNDS         0x5
 #define        EVP_CTRL_RAND_KEY               0x6
 #define        EVP_CTRL_PBE_PRF_NID            0x7
+#define        EVP_CTRL_COPY                   0x8
+#define        EVP_CTRL_GCM_SET_IVLEN          0x9
+#define        EVP_CTRL_GCM_GET_TAG            0x10
+#define        EVP_CTRL_GCM_SET_TAG            0x11
+#define                EVP_CTRL_GCM_SET_IV_FIXED       0x12
+#define                EVP_CTRL_GCM_IV_GEN             0x13
+#define                EVP_CTRL_CCM_SET_IVLEN          EVP_CTRL_GCM_SET_IVLEN
+#define                EVP_CTRL_CCM_GET_TAG            EVP_CTRL_GCM_GET_TAG
+#define                EVP_CTRL_CCM_SET_TAG            EVP_CTRL_GCM_SET_TAG
+#define                EVP_CTRL_CCM_SET_L              0x14
+#define                EVP_CTRL_CCM_SET_MSGLEN         0x15
+/* AEAD cipher deduces payload length and returns number of bytes
+ * required to store MAC and eventual padding. Subsequent call to
+ * EVP_Cipher even appends/verifies MAC.
+ */
+#define                EVP_CTRL_AEAD_TLS1_AAD          0x16
+/* Used by composite AEAD ciphers, no-op in GCM, CCM... */
+#define                EVP_CTRL_AEAD_SET_MAC_KEY       0x17
+/* Set the GCM invocation field, decrypt only */
+#define                EVP_CTRL_GCM_SET_IV_INV         0x18
+
+#define                EVP_CTRL_TLS1_1_MULTIBLOCK_AAD  0x19
+#define                EVP_CTRL_TLS1_1_MULTIBLOCK_ENCRYPT      0x1a
+#define                EVP_CTRL_TLS1_1_MULTIBLOCK_DECRYPT      0x1b
+
+typedef struct {
+       unsigned char *out;
+       const unsigned char *inp;
+       size_t len;
+       unsigned int interleave;
+} EVP_CTRL_TLS1_1_MULTIBLOCK_PARAM;
+
+/* GCM TLS constants */
+/* Length of fixed part of IV derived from PRF */
+#define EVP_GCM_TLS_FIXED_IV_LEN                       4
+/* Length of explicit part of IV part of TLS records */
+#define EVP_GCM_TLS_EXPLICIT_IV_LEN                    8
+/* Length of tag for TLS */
+#define EVP_GCM_TLS_TAG_LEN                            16
 
 typedef struct evp_cipher_info_st
        {
@@ -355,7 +445,7 @@ struct evp_cipher_ctx_st
        unsigned char  oiv[EVP_MAX_IV_LENGTH];  /* original iv */
        unsigned char  iv[EVP_MAX_IV_LENGTH];   /* working iv */
        unsigned char buf[EVP_MAX_BLOCK_LENGTH];/* saved partial block */
-       int num;                                /* used by cfb/ofb mode */
+       int num;                                /* used by cfb/ofb/ctr mode */
 
        void *app_data;         /* application stuff */
        int key_len;            /* May change for variable length cipher */
@@ -410,36 +500,66 @@ typedef int (EVP_PBE_KEYGEN)(EVP_CIPHER_CTX *ctx, const char *pass, int passlen,
 #define EVP_get_cipherbynid(a) EVP_get_cipherbyname(OBJ_nid2sn(a))
 #define EVP_get_cipherbyobj(a) EVP_get_cipherbynid(OBJ_obj2nid(a))
 
-#define EVP_MD_type(e)                 ((e)->type)
+/* Macros to reduce FIPS dependencies: do NOT use in applications */
+#define M_EVP_MD_size(e)               ((e)->md_size)
+#define M_EVP_MD_block_size(e)         ((e)->block_size)
+#define M_EVP_MD_CTX_set_flags(ctx,flgs) ((ctx)->flags|=(flgs))
+#define M_EVP_MD_CTX_clear_flags(ctx,flgs) ((ctx)->flags&=~(flgs))
+#define M_EVP_MD_CTX_test_flags(ctx,flgs) ((ctx)->flags&(flgs))
+#define M_EVP_MD_type(e)                       ((e)->type)
+#define M_EVP_MD_CTX_type(e)           M_EVP_MD_type(M_EVP_MD_CTX_md(e))
+#define M_EVP_MD_CTX_md(e)                     ((e)->digest)
+
+#define M_EVP_CIPHER_nid(e)            ((e)->nid)
+#define M_EVP_CIPHER_CTX_iv_length(e)  ((e)->cipher->iv_len)
+#define M_EVP_CIPHER_CTX_flags(e)      ((e)->cipher->flags)
+#define M_EVP_CIPHER_CTX_block_size(e) ((e)->cipher->block_size)
+#define M_EVP_CIPHER_CTX_cipher(e)     ((e)->cipher)
+#define M_EVP_CIPHER_CTX_mode(e)       (M_EVP_CIPHER_CTX_flags(e) & EVP_CIPH_MODE)
+
+#define M_EVP_CIPHER_CTX_set_flags(ctx,flgs) ((ctx)->flags|=(flgs))
+
+#define M_EVP_EncryptInit(ctx,ciph,key,iv) \
+       (EVP_CipherInit(ctx,ciph,key,iv,1))
+#define M_EVP_EncryptInit_ex(ctx,ciph,impl,key,iv) \
+       (EVP_CipherInit_ex(ctx,ciph,impl,key,iv,1))
+#define M_EVP_DecryptInit(ctx,ciph,key,iv) \
+       (EVP_CipherInit(ctx,ciph,key,iv,0))
+#define M_EVP_DecryptInit_ex(ctx,ciph,impl,key,iv) \
+       (EVP_CipherInit_ex(ctx,ciph,impl,key,iv,0))
+
+int EVP_MD_type(const EVP_MD *md);
 #define EVP_MD_nid(e)                  EVP_MD_type(e)
 #define EVP_MD_name(e)                 OBJ_nid2sn(EVP_MD_nid(e))
-#define EVP_MD_pkey_type(e)            ((e)->pkey_type)
-#define EVP_MD_size(e)                 ((e)->md_size)
-#define EVP_MD_block_size(e)           ((e)->block_size)
+int EVP_MD_pkey_type(const EVP_MD *md);        
+int EVP_MD_size(const EVP_MD *md);
+int EVP_MD_block_size(const EVP_MD *md);
+unsigned long EVP_MD_flags(const EVP_MD *md);
 
-#define EVP_MD_CTX_md(e)               ((e)->digest)
-#define EVP_MD_CTX_size(e)             EVP_MD_size((e)->digest)
-#define EVP_MD_CTX_block_size(e)       EVP_MD_block_size((e)->digest)
-#define EVP_MD_CTX_type(e)             EVP_MD_type((e)->digest)
+const EVP_MD *EVP_MD_CTX_md(const EVP_MD_CTX *ctx);
+#define EVP_MD_CTX_size(e)             EVP_MD_size(EVP_MD_CTX_md(e))
+#define EVP_MD_CTX_block_size(e)       EVP_MD_block_size(EVP_MD_CTX_md(e))
+#define EVP_MD_CTX_type(e)             EVP_MD_type(EVP_MD_CTX_md(e))
 
-#define EVP_CIPHER_nid(e)              ((e)->nid)
+int EVP_CIPHER_nid(const EVP_CIPHER *cipher);
 #define EVP_CIPHER_name(e)             OBJ_nid2sn(EVP_CIPHER_nid(e))
-#define EVP_CIPHER_block_size(e)       ((e)->block_size)
-#define EVP_CIPHER_key_length(e)       ((e)->key_len)
-#define EVP_CIPHER_iv_length(e)                ((e)->iv_len)
-#define EVP_CIPHER_flags(e)            ((e)->flags)
-#define EVP_CIPHER_mode(e)             (((e)->flags) & EVP_CIPH_MODE)
-
-#define EVP_CIPHER_CTX_cipher(e)       ((e)->cipher)
-#define EVP_CIPHER_CTX_nid(e)          ((e)->cipher->nid)
-#define EVP_CIPHER_CTX_block_size(e)   ((e)->cipher->block_size)
-#define EVP_CIPHER_CTX_key_length(e)   ((e)->key_len)
-#define EVP_CIPHER_CTX_iv_length(e)    ((e)->cipher->iv_len)
-#define EVP_CIPHER_CTX_get_app_data(e) ((e)->app_data)
-#define EVP_CIPHER_CTX_set_app_data(e,d) ((e)->app_data=(char *)(d))
+int EVP_CIPHER_block_size(const EVP_CIPHER *cipher);
+int EVP_CIPHER_key_length(const EVP_CIPHER *cipher);
+int EVP_CIPHER_iv_length(const EVP_CIPHER *cipher);
+unsigned long EVP_CIPHER_flags(const EVP_CIPHER *cipher);
+#define EVP_CIPHER_mode(e)             (EVP_CIPHER_flags(e) & EVP_CIPH_MODE)
+
+const EVP_CIPHER * EVP_CIPHER_CTX_cipher(const EVP_CIPHER_CTX *ctx);
+int EVP_CIPHER_CTX_nid(const EVP_CIPHER_CTX *ctx);
+int EVP_CIPHER_CTX_block_size(const EVP_CIPHER_CTX *ctx);
+int EVP_CIPHER_CTX_key_length(const EVP_CIPHER_CTX *ctx);
+int EVP_CIPHER_CTX_iv_length(const EVP_CIPHER_CTX *ctx);
+int EVP_CIPHER_CTX_copy(EVP_CIPHER_CTX *out, const EVP_CIPHER_CTX *in);
+void * EVP_CIPHER_CTX_get_app_data(const EVP_CIPHER_CTX *ctx);
+void EVP_CIPHER_CTX_set_app_data(EVP_CIPHER_CTX *ctx, void *data);
 #define EVP_CIPHER_CTX_type(c)         EVP_CIPHER_type(EVP_CIPHER_CTX_cipher(c))
-#define EVP_CIPHER_CTX_flags(e)                ((e)->cipher->flags)
-#define EVP_CIPHER_CTX_mode(e)         ((e)->cipher->flags & EVP_CIPH_MODE)
+unsigned long EVP_CIPHER_CTX_flags(const EVP_CIPHER_CTX *ctx);
+#define EVP_CIPHER_CTX_mode(e)         (EVP_CIPHER_CTX_flags(e) & EVP_CIPH_MODE)
 
 #define EVP_ENCODE_LENGTH(l)   (((l+2)/3*4)+(l/48+1)*2+80)
 #define EVP_DECODE_LENGTH(l)   ((l+3)/4*3+80)
@@ -452,8 +572,8 @@ typedef int (EVP_PBE_KEYGEN)(EVP_CIPHER_CTX *ctx, const char *pass, int passlen,
 #define        EVP_VerifyUpdate(a,b,c)         EVP_DigestUpdate(a,b,c)
 #define EVP_OpenUpdate(a,b,c,d,e)      EVP_DecryptUpdate(a,b,c,d,e)
 #define EVP_SealUpdate(a,b,c,d,e)      EVP_EncryptUpdate(a,b,c,d,e)    
-#define EVP_SignDigestUpdate(a,b,c)    EVP_DigestUpdate(a,b,c)
-#define EVP_VerifyDigestUpdate(a,b,c)  EVP_DigestUpdate(a,b,c)
+#define EVP_DigestSignUpdate(a,b,c)    EVP_DigestUpdate(a,b,c)
+#define EVP_DigestVerifyUpdate(a,b,c)  EVP_DigestUpdate(a,b,c)
 
 #ifdef CONST_STRICT
 void BIO_set_md(BIO *,const EVP_MD *md);
@@ -462,10 +582,14 @@ void BIO_set_md(BIO *,const EVP_MD *md);
 #endif
 #define BIO_get_md(b,mdp)              BIO_ctrl(b,BIO_C_GET_MD,0,(char *)mdp)
 #define BIO_get_md_ctx(b,mdcp)     BIO_ctrl(b,BIO_C_GET_MD_CTX,0,(char *)mdcp)
+#define BIO_set_md_ctx(b,mdcp)     BIO_ctrl(b,BIO_C_SET_MD_CTX,0,(char *)mdcp)
 #define BIO_get_cipher_status(b)       BIO_ctrl(b,BIO_C_GET_CIPHER_STATUS,0,NULL)
 #define BIO_get_cipher_ctx(b,c_pp)     BIO_ctrl(b,BIO_C_GET_CIPHER_CTX,0,(char *)c_pp)
 
-#define        EVP_Cipher(c,o,i,l)     (c)->cipher->do_cipher((c),(o),(i),(l))
+/*__owur*/ int EVP_Cipher(EVP_CIPHER_CTX *c,
+               unsigned char *out,
+               const unsigned char *in,
+               unsigned int inl);
 
 #define EVP_add_cipher_alias(n,alias) \
        OBJ_NAME_add((alias),OBJ_NAME_TYPE_CIPHER_METH|OBJ_NAME_ALIAS,(n))
@@ -480,83 +604,88 @@ void      EVP_MD_CTX_init(EVP_MD_CTX *ctx);
 int    EVP_MD_CTX_cleanup(EVP_MD_CTX *ctx);
 EVP_MD_CTX *EVP_MD_CTX_create(void);
 void   EVP_MD_CTX_destroy(EVP_MD_CTX *ctx);
-int     EVP_MD_CTX_copy_ex(EVP_MD_CTX *out,const EVP_MD_CTX *in);  
-#define EVP_MD_CTX_set_flags(ctx,flgs) ((ctx)->flags|=(flgs))
-#define EVP_MD_CTX_clear_flags(ctx,flgs) ((ctx)->flags&=~(flgs))
-#define EVP_MD_CTX_test_flags(ctx,flgs) ((ctx)->flags&(flgs))
-int    EVP_DigestInit_ex(EVP_MD_CTX *ctx, const EVP_MD *type, ENGINE *impl);
-int    EVP_DigestUpdate(EVP_MD_CTX *ctx,const void *d,
+/*__owur*/ int     EVP_MD_CTX_copy_ex(EVP_MD_CTX *out,const EVP_MD_CTX *in);  
+void   EVP_MD_CTX_set_flags(EVP_MD_CTX *ctx, int flags);
+void   EVP_MD_CTX_clear_flags(EVP_MD_CTX *ctx, int flags);
+int    EVP_MD_CTX_test_flags(const EVP_MD_CTX *ctx,int flags);
+/*__owur*/ int EVP_DigestInit_ex(EVP_MD_CTX *ctx, const EVP_MD *type, ENGINE *impl);
+/*__owur*/ int EVP_DigestUpdate(EVP_MD_CTX *ctx,const void *d,
                         size_t cnt);
-int    EVP_DigestFinal_ex(EVP_MD_CTX *ctx,unsigned char *md,unsigned int *s);
-int    EVP_Digest(const void *data, size_t count,
+/*__owur*/ int EVP_DigestFinal_ex(EVP_MD_CTX *ctx,unsigned char *md,unsigned int *s);
+/*__owur*/ int EVP_Digest(const void *data, size_t count,
                unsigned char *md, unsigned int *size, const EVP_MD *type, ENGINE *impl);
 
-int     EVP_MD_CTX_copy(EVP_MD_CTX *out,const EVP_MD_CTX *in);  
-int    EVP_DigestInit(EVP_MD_CTX *ctx, const EVP_MD *type);
-int    EVP_DigestFinal(EVP_MD_CTX *ctx,unsigned char *md,unsigned int *s);
+/*__owur*/ int     EVP_MD_CTX_copy(EVP_MD_CTX *out,const EVP_MD_CTX *in);  
+/*__owur*/ int EVP_DigestInit(EVP_MD_CTX *ctx, const EVP_MD *type);
+__owur int     EVP_DigestFinal(EVP_MD_CTX *ctx,unsigned char *md,unsigned int *s);
 
 int    EVP_read_pw_string(char *buf,int length,const char *prompt,int verify);
+int    EVP_read_pw_string_min(char *buf,int minlen,int maxlen,const char *prompt,int verify);
 void   EVP_set_pw_prompt(const char *prompt);
 char * EVP_get_pw_prompt(void);
 
-int    EVP_BytesToKey(const EVP_CIPHER *type,const EVP_MD *md,
+__owur int     EVP_BytesToKey(const EVP_CIPHER *type,const EVP_MD *md,
                const unsigned char *salt, const unsigned char *data,
                int datal, int count, unsigned char *key,unsigned char *iv);
 
-int    EVP_EncryptInit(EVP_CIPHER_CTX *ctx,const EVP_CIPHER *cipher,
+void   EVP_CIPHER_CTX_set_flags(EVP_CIPHER_CTX *ctx, int flags);
+void   EVP_CIPHER_CTX_clear_flags(EVP_CIPHER_CTX *ctx, int flags);
+int    EVP_CIPHER_CTX_test_flags(const EVP_CIPHER_CTX *ctx,int flags);
+
+__owur int     EVP_EncryptInit(EVP_CIPHER_CTX *ctx,const EVP_CIPHER *cipher,
                const unsigned char *key, const unsigned char *iv);
-int    EVP_EncryptInit_ex(EVP_CIPHER_CTX *ctx,const EVP_CIPHER *cipher, ENGINE *impl,
+/*__owur*/ int EVP_EncryptInit_ex(EVP_CIPHER_CTX *ctx,const EVP_CIPHER *cipher, ENGINE *impl,
                const unsigned char *key, const unsigned char *iv);
-int    EVP_EncryptUpdate(EVP_CIPHER_CTX *ctx, unsigned char *out,
+/*__owur*/ int EVP_EncryptUpdate(EVP_CIPHER_CTX *ctx, unsigned char *out,
                int *outl, const unsigned char *in, int inl);
-int    EVP_EncryptFinal_ex(EVP_CIPHER_CTX *ctx, unsigned char *out, int *outl);
-int    EVP_EncryptFinal(EVP_CIPHER_CTX *ctx, unsigned char *out, int *outl);
+/*__owur*/ int EVP_EncryptFinal_ex(EVP_CIPHER_CTX *ctx, unsigned char *out, int *outl);
+/*__owur*/ int EVP_EncryptFinal(EVP_CIPHER_CTX *ctx, unsigned char *out, int *outl);
 
-int    EVP_DecryptInit(EVP_CIPHER_CTX *ctx,const EVP_CIPHER *cipher,
+__owur int     EVP_DecryptInit(EVP_CIPHER_CTX *ctx,const EVP_CIPHER *cipher,
                const unsigned char *key, const unsigned char *iv);
-int    EVP_DecryptInit_ex(EVP_CIPHER_CTX *ctx,const EVP_CIPHER *cipher, ENGINE *impl,
+/*__owur*/ int EVP_DecryptInit_ex(EVP_CIPHER_CTX *ctx,const EVP_CIPHER *cipher, ENGINE *impl,
                const unsigned char *key, const unsigned char *iv);
-int    EVP_DecryptUpdate(EVP_CIPHER_CTX *ctx, unsigned char *out,
+/*__owur*/ int EVP_DecryptUpdate(EVP_CIPHER_CTX *ctx, unsigned char *out,
                int *outl, const unsigned char *in, int inl);
-int    EVP_DecryptFinal(EVP_CIPHER_CTX *ctx, unsigned char *outm, int *outl);
-int    EVP_DecryptFinal_ex(EVP_CIPHER_CTX *ctx, unsigned char *outm, int *outl);
+__owur int     EVP_DecryptFinal(EVP_CIPHER_CTX *ctx, unsigned char *outm, int *outl);
+/*__owur*/ int EVP_DecryptFinal_ex(EVP_CIPHER_CTX *ctx, unsigned char *outm, int *outl);
 
-int    EVP_CipherInit(EVP_CIPHER_CTX *ctx,const EVP_CIPHER *cipher,
+__owur int     EVP_CipherInit(EVP_CIPHER_CTX *ctx,const EVP_CIPHER *cipher,
                       const unsigned char *key,const unsigned char *iv,
                       int enc);
-int    EVP_CipherInit_ex(EVP_CIPHER_CTX *ctx,const EVP_CIPHER *cipher, ENGINE *impl,
+/*__owur*/ int EVP_CipherInit_ex(EVP_CIPHER_CTX *ctx,const EVP_CIPHER *cipher, ENGINE *impl,
                       const unsigned char *key,const unsigned char *iv,
                       int enc);
-int    EVP_CipherUpdate(EVP_CIPHER_CTX *ctx, unsigned char *out,
+__owur int     EVP_CipherUpdate(EVP_CIPHER_CTX *ctx, unsigned char *out,
                int *outl, const unsigned char *in, int inl);
-int    EVP_CipherFinal(EVP_CIPHER_CTX *ctx, unsigned char *outm, int *outl);
-int    EVP_CipherFinal_ex(EVP_CIPHER_CTX *ctx, unsigned char *outm, int *outl);
+__owur int     EVP_CipherFinal(EVP_CIPHER_CTX *ctx, unsigned char *outm, int *outl);
+__owur int     EVP_CipherFinal_ex(EVP_CIPHER_CTX *ctx, unsigned char *outm, int *outl);
 
-int    EVP_SignFinal(EVP_MD_CTX *ctx,unsigned char *md,unsigned int *s,
+__owur int     EVP_SignFinal(EVP_MD_CTX *ctx,unsigned char *md,unsigned int *s,
                EVP_PKEY *pkey);
 
-int    EVP_VerifyFinal(EVP_MD_CTX *ctx,const unsigned char *sigbuf,
+__owur int     EVP_VerifyFinal(EVP_MD_CTX *ctx,const unsigned char *sigbuf,
                unsigned int siglen,EVP_PKEY *pkey);
 
-int    EVP_DigestSignInit(EVP_MD_CTX *ctx, EVP_PKEY_CTX **pctx,
+/*__owur*/ int EVP_DigestSignInit(EVP_MD_CTX *ctx, EVP_PKEY_CTX **pctx,
                        const EVP_MD *type, ENGINE *e, EVP_PKEY *pkey);
-int    EVP_DigestSignFinal(EVP_MD_CTX *ctx,
+__owur int     EVP_DigestSignFinal(EVP_MD_CTX *ctx,
                        unsigned char *sigret, size_t *siglen);
 
-int    EVP_DigestVerifyInit(EVP_MD_CTX *ctx, EVP_PKEY_CTX **pctx,
+__owur int     EVP_DigestVerifyInit(EVP_MD_CTX *ctx, EVP_PKEY_CTX **pctx,
                        const EVP_MD *type, ENGINE *e, EVP_PKEY *pkey);
-int    EVP_DigestVerifyFinal(EVP_MD_CTX *ctx,
+__owur int     EVP_DigestVerifyFinal(EVP_MD_CTX *ctx,
                        unsigned char *sig, size_t siglen);
 
-int    EVP_OpenInit(EVP_CIPHER_CTX *ctx,const EVP_CIPHER *type,
+__owur int     EVP_OpenInit(EVP_CIPHER_CTX *ctx,const EVP_CIPHER *type,
                const unsigned char *ek, int ekl, const unsigned char *iv,
                EVP_PKEY *priv);
-int    EVP_OpenFinal(EVP_CIPHER_CTX *ctx, unsigned char *out, int *outl);
+__owur int     EVP_OpenFinal(EVP_CIPHER_CTX *ctx, unsigned char *out, int *outl);
 
-int    EVP_SealInit(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *type,
+__owur int     EVP_SealInit(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *type,
                 unsigned char **ek, int *ekl, unsigned char *iv,
                EVP_PKEY **pubk, int npubk);
-int    EVP_SealFinal(EVP_CIPHER_CTX *ctx,unsigned char *out,int *outl);
+__owur int     EVP_SealFinal(EVP_CIPHER_CTX *ctx,unsigned char *out,int *outl);
 
 void   EVP_EncodeInit(EVP_ENCODE_CTX *ctx);
 void   EVP_EncodeUpdate(EVP_ENCODE_CTX *ctx,unsigned char *out,int *outl,
@@ -585,7 +714,7 @@ BIO_METHOD *BIO_f_md(void);
 BIO_METHOD *BIO_f_base64(void);
 BIO_METHOD *BIO_f_cipher(void);
 BIO_METHOD *BIO_f_reliable(void);
-void BIO_set_cipher(BIO *b,const EVP_CIPHER *c,const unsigned char *k,
+__owur int BIO_set_cipher(BIO *b,const EVP_CIPHER *c,const unsigned char *k,
                const unsigned char *i, int enc);
 #endif
 
@@ -651,6 +780,7 @@ const EVP_CIPHER *EVP_des_cbc(void);
 const EVP_CIPHER *EVP_des_ede_cbc(void);
 const EVP_CIPHER *EVP_des_ede3_cbc(void);
 const EVP_CIPHER *EVP_desx_cbc(void);
+const EVP_CIPHER *EVP_des_ede3_wrap(void);
 /* This should now be supported through the dev_crypto ENGINE. But also, why are
  * rc4 and md5 declarations made here inside a "NO_DES" precompiler branch? */
 #if 0
@@ -664,6 +794,9 @@ const EVP_MD *EVP_dev_crypto_md5(void);
 #ifndef OPENSSL_NO_RC4
 const EVP_CIPHER *EVP_rc4(void);
 const EVP_CIPHER *EVP_rc4_40(void);
+#ifndef OPENSSL_NO_MD5
+const EVP_CIPHER *EVP_rc4_hmac_md5(void);
+#endif
 #endif
 #ifndef OPENSSL_NO_IDEA
 const EVP_CIPHER *EVP_idea_ecb(void);
@@ -710,9 +843,11 @@ const EVP_CIPHER *EVP_aes_128_cfb8(void);
 const EVP_CIPHER *EVP_aes_128_cfb128(void);
 # define EVP_aes_128_cfb EVP_aes_128_cfb128
 const EVP_CIPHER *EVP_aes_128_ofb(void);
-#if 0
 const EVP_CIPHER *EVP_aes_128_ctr(void);
-#endif
+const EVP_CIPHER *EVP_aes_128_ccm(void);
+const EVP_CIPHER *EVP_aes_128_gcm(void);
+const EVP_CIPHER *EVP_aes_128_xts(void);
+const EVP_CIPHER *EVP_aes_128_wrap(void);
 const EVP_CIPHER *EVP_aes_192_ecb(void);
 const EVP_CIPHER *EVP_aes_192_cbc(void);
 const EVP_CIPHER *EVP_aes_192_cfb1(void);
@@ -720,9 +855,10 @@ const EVP_CIPHER *EVP_aes_192_cfb8(void);
 const EVP_CIPHER *EVP_aes_192_cfb128(void);
 # define EVP_aes_192_cfb EVP_aes_192_cfb128
 const EVP_CIPHER *EVP_aes_192_ofb(void);
-#if 0
 const EVP_CIPHER *EVP_aes_192_ctr(void);
-#endif
+const EVP_CIPHER *EVP_aes_192_ccm(void);
+const EVP_CIPHER *EVP_aes_192_gcm(void);
+const EVP_CIPHER *EVP_aes_192_wrap(void);
 const EVP_CIPHER *EVP_aes_256_ecb(void);
 const EVP_CIPHER *EVP_aes_256_cbc(void);
 const EVP_CIPHER *EVP_aes_256_cfb1(void);
@@ -730,9 +866,19 @@ const EVP_CIPHER *EVP_aes_256_cfb8(void);
 const EVP_CIPHER *EVP_aes_256_cfb128(void);
 # define EVP_aes_256_cfb EVP_aes_256_cfb128
 const EVP_CIPHER *EVP_aes_256_ofb(void);
-#if 0
 const EVP_CIPHER *EVP_aes_256_ctr(void);
-#endif
+const EVP_CIPHER *EVP_aes_256_ccm(void);
+const EVP_CIPHER *EVP_aes_256_gcm(void);
+const EVP_CIPHER *EVP_aes_256_xts(void);
+const EVP_CIPHER *EVP_aes_256_wrap(void);
+# if !defined(OPENSSL_NO_SHA) && !defined(OPENSSL_NO_SHA1)
+const EVP_CIPHER *EVP_aes_128_cbc_hmac_sha1(void);
+const EVP_CIPHER *EVP_aes_256_cbc_hmac_sha1(void);
+# endif
+# ifndef OPENSSL_NO_SHA256
+const EVP_CIPHER *EVP_aes_128_cbc_hmac_sha256(void);
+const EVP_CIPHER *EVP_aes_256_cbc_hmac_sha256(void);
+# endif
 #endif
 #ifndef OPENSSL_NO_CAMELLIA
 const EVP_CIPHER *EVP_camellia_128_ecb(void);
@@ -758,6 +904,14 @@ const EVP_CIPHER *EVP_camellia_256_cfb128(void);
 const EVP_CIPHER *EVP_camellia_256_ofb(void);
 #endif
 
+#ifndef OPENSSL_NO_SEED
+const EVP_CIPHER *EVP_seed_ecb(void);
+const EVP_CIPHER *EVP_seed_cbc(void);
+const EVP_CIPHER *EVP_seed_cfb128(void);
+# define EVP_seed_cfb EVP_seed_cfb128
+const EVP_CIPHER *EVP_seed_ofb(void);
+#endif
+
 void OPENSSL_add_all_algorithms_noconf(void);
 void OPENSSL_add_all_algorithms_conf(void);
 
@@ -875,6 +1029,10 @@ int PKCS5_PBE_keyivgen(EVP_CIPHER_CTX *ctx, const char *pass, int passlen,
 int PKCS5_PBKDF2_HMAC_SHA1(const char *pass, int passlen,
                           const unsigned char *salt, int saltlen, int iter,
                           int keylen, unsigned char *out);
+int PKCS5_PBKDF2_HMAC(const char *pass, int passlen,
+                          const unsigned char *salt, int saltlen, int iter,
+                          const EVP_MD *digest,
+                     int keylen, unsigned char *out);
 int PKCS5_v2_PBE_keyivgen(EVP_CIPHER_CTX *ctx, const char *pass, int passlen,
                         ASN1_TYPE *param, const EVP_CIPHER *cipher, const EVP_MD *md,
                         int en_de);
@@ -906,6 +1064,9 @@ void EVP_PBE_cleanup(void);
 #define ASN1_PKEY_CTRL_PKCS7_SIGN      0x1
 #define ASN1_PKEY_CTRL_PKCS7_ENCRYPT   0x2
 #define ASN1_PKEY_CTRL_DEFAULT_MD_NID  0x3
+#define ASN1_PKEY_CTRL_CMS_SIGN                0x5
+#define ASN1_PKEY_CTRL_CMS_ENVELOPE    0x7
+#define ASN1_PKEY_CTRL_CMS_RI_TYPE     0x8
 
 int EVP_PKEY_asn1_get_count(void);
 const EVP_PKEY_ASN1_METHOD *EVP_PKEY_asn1_get0(int idx);
@@ -918,8 +1079,11 @@ int EVP_PKEY_asn1_get0_info(int *ppkey_id, int *pkey_base_id, int *ppkey_flags,
                                const char **pinfo, const char **ppem_str,
                                        const EVP_PKEY_ASN1_METHOD *ameth);
 
+const EVP_PKEY_ASN1_METHOD* EVP_PKEY_get0_asn1(EVP_PKEY *pkey);
 EVP_PKEY_ASN1_METHOD* EVP_PKEY_asn1_new(int id, int flags,
                                        const char *pem_str, const char *info);
+void EVP_PKEY_asn1_copy(EVP_PKEY_ASN1_METHOD *dst, 
+                       const EVP_PKEY_ASN1_METHOD *src);
 void EVP_PKEY_asn1_free(EVP_PKEY_ASN1_METHOD *ameth);
 void EVP_PKEY_asn1_set_public(EVP_PKEY_ASN1_METHOD *ameth,
                int (*pub_decode)(EVP_PKEY *pk, X509_PUBKEY *pub),
@@ -971,7 +1135,7 @@ void EVP_PKEY_asn1_set_ctrl(EVP_PKEY_ASN1_METHOD *ameth,
        (EVP_PKEY_OP_ENCRYPT | EVP_PKEY_OP_DECRYPT)
 
 #define EVP_PKEY_OP_TYPE_NOGEN \
-       (EVP_PKEY_OP_SIG | EVP_PKEY_OP_CRYPT | EVP_PKEY_OP_DERIVE)
+       (EVP_PKEY_OP_TYPE_SIG | EVP_PKEY_OP_TYPE_CRYPT | EVP_PKEY_OP_DERIVE)
 
 #define EVP_PKEY_OP_TYPE_GEN \
                (EVP_PKEY_OP_PARAMGEN | EVP_PKEY_OP_KEYGEN)
@@ -980,18 +1144,47 @@ void EVP_PKEY_asn1_set_ctrl(EVP_PKEY_ASN1_METHOD *ameth,
                EVP_PKEY_CTX_ctrl(ctx, -1, EVP_PKEY_OP_TYPE_SIG,  \
                                        EVP_PKEY_CTRL_MD, 0, (void *)md)
 
+#define         EVP_PKEY_CTX_get_signature_md(ctx, pmd)        \
+               EVP_PKEY_CTX_ctrl(ctx, -1, EVP_PKEY_OP_TYPE_SIG,  \
+                                       EVP_PKEY_CTRL_GET_MD, 0, (void *)pmd)
+
 #define EVP_PKEY_CTRL_MD               1
-#define EVP_PKEY_CTRL_PEER_KEY         2       
+#define EVP_PKEY_CTRL_PEER_KEY         2
+
+#define EVP_PKEY_CTRL_PKCS7_ENCRYPT    3
+#define EVP_PKEY_CTRL_PKCS7_DECRYPT    4
+
+#define EVP_PKEY_CTRL_PKCS7_SIGN       5
+
+#define EVP_PKEY_CTRL_SET_MAC_KEY      6
 
-#define EVP_PKEY_CTRL_PKCS7_ENCRYPT    3       
-#define EVP_PKEY_CTRL_PKCS7_DECRYPT    4       
+#define EVP_PKEY_CTRL_DIGESTINIT       7
+
+/* Used by GOST key encryption in TLS */
+#define EVP_PKEY_CTRL_SET_IV           8
+
+#define EVP_PKEY_CTRL_CMS_ENCRYPT      9
+#define EVP_PKEY_CTRL_CMS_DECRYPT      10
+#define EVP_PKEY_CTRL_CMS_SIGN         11
+
+#define EVP_PKEY_CTRL_CIPHER           12
+
+#define EVP_PKEY_CTRL_GET_MD           13
 
 #define EVP_PKEY_ALG_CTRL              0x1000
 
+
 #define EVP_PKEY_FLAG_AUTOARGLEN       2
+/* Method handles all operations: don't assume any digest related
+ * defaults.
+ */
+#define EVP_PKEY_FLAG_SIGCTX_CUSTOM    4
 
 const EVP_PKEY_METHOD *EVP_PKEY_meth_find(int type);
 EVP_PKEY_METHOD* EVP_PKEY_meth_new(int id, int flags);
+void EVP_PKEY_meth_get0_info(int *ppkey_id, int *pflags,
+                               const EVP_PKEY_METHOD *meth);
+void EVP_PKEY_meth_copy(EVP_PKEY_METHOD *dst, const EVP_PKEY_METHOD *src);
 void EVP_PKEY_meth_free(EVP_PKEY_METHOD *pmeth);
 int EVP_PKEY_meth_add0(const EVP_PKEY_METHOD *pmeth);
 
@@ -1008,10 +1201,15 @@ int EVP_PKEY_CTX_ctrl_str(EVP_PKEY_CTX *ctx, const char *type,
 int EVP_PKEY_CTX_get_operation(EVP_PKEY_CTX *ctx);
 void EVP_PKEY_CTX_set0_keygen_info(EVP_PKEY_CTX *ctx, int *dat, int datlen);
 
+EVP_PKEY *EVP_PKEY_new_mac_key(int type, ENGINE *e,
+                               const unsigned char *key, int keylen);
+
 void EVP_PKEY_CTX_set_data(EVP_PKEY_CTX *ctx, void *data);
 void *EVP_PKEY_CTX_get_data(EVP_PKEY_CTX *ctx);
 EVP_PKEY *EVP_PKEY_CTX_get0_pkey(EVP_PKEY_CTX *ctx);
 
+EVP_PKEY *EVP_PKEY_CTX_get0_peerkey(EVP_PKEY_CTX *ctx);
+
 void EVP_PKEY_CTX_set_app_data(EVP_PKEY_CTX *ctx, void *data);
 void *EVP_PKEY_CTX_get_app_data(EVP_PKEY_CTX *ctx);
 
@@ -1097,7 +1295,7 @@ void EVP_PKEY_meth_set_verifyctx(EVP_PKEY_METHOD *pmeth,
 
 void EVP_PKEY_meth_set_encrypt(EVP_PKEY_METHOD *pmeth,
        int (*encrypt_init)(EVP_PKEY_CTX *ctx),
-       int (*encrypt)(EVP_PKEY_CTX *ctx, unsigned char *out, size_t *outlen,
+       int (*encryptfn)(EVP_PKEY_CTX *ctx, unsigned char *out, size_t *outlen,
                                        const unsigned char *in, size_t inlen));
 
 void EVP_PKEY_meth_set_decrypt(EVP_PKEY_METHOD *pmeth,
@@ -1114,6 +1312,8 @@ void EVP_PKEY_meth_set_ctrl(EVP_PKEY_METHOD *pmeth,
        int (*ctrl_str)(EVP_PKEY_CTX *ctx,
                                        const char *type, const char *value));
 
+void EVP_add_alg_module(void);
+
 /* BEGIN ERROR CODES */
 /* The following lines are auto generated by the script mkerr.pl. Any changes
  * made after this point may be overwritten when the script is next run.
@@ -1123,22 +1323,34 @@ void ERR_load_EVP_strings(void);
 /* Error codes for the EVP functions. */
 
 /* Function codes. */
+#define EVP_F_AESNI_INIT_KEY                            165
+#define EVP_F_AESNI_XTS_CIPHER                          176
 #define EVP_F_AES_INIT_KEY                              133
+#define EVP_F_AES_T4_INIT_KEY                           178
+#define EVP_F_AES_XTS                                   172
+#define EVP_F_AES_XTS_CIPHER                            175
+#define EVP_F_ALG_MODULE_INIT                           177
 #define EVP_F_CAMELLIA_INIT_KEY                                 159
+#define EVP_F_CMAC_INIT                                         173
+#define EVP_F_CMLL_T4_INIT_KEY                          179
 #define EVP_F_D2I_PKEY                                  100
+#define EVP_F_DO_SIGVER_INIT                            161
 #define EVP_F_DSAPKEY2PKCS8                             134
 #define EVP_F_DSA_PKEY2PKCS8                            135
 #define EVP_F_ECDSA_PKEY2PKCS8                          129
 #define EVP_F_ECKEY_PKEY2PKCS8                          132
 #define EVP_F_EVP_CIPHERINIT_EX                                 123
+#define EVP_F_EVP_CIPHER_CTX_COPY                       163
 #define EVP_F_EVP_CIPHER_CTX_CTRL                       124
 #define EVP_F_EVP_CIPHER_CTX_SET_KEY_LENGTH             122
 #define EVP_F_EVP_DECRYPTFINAL_EX                       101
 #define EVP_F_EVP_DIGESTINIT_EX                                 128
 #define EVP_F_EVP_ENCRYPTFINAL_EX                       127
 #define EVP_F_EVP_MD_CTX_COPY_EX                        110
+#define EVP_F_EVP_MD_SIZE                               162
 #define EVP_F_EVP_OPENINIT                              102
 #define EVP_F_EVP_PBE_ALG_ADD                           115
+#define EVP_F_EVP_PBE_ALG_ADD_TYPE                      160
 #define EVP_F_EVP_PBE_CIPHERINIT                        116
 #define EVP_F_EVP_PKCS82PKEY                            111
 #define EVP_F_EVP_PKCS82PKEY_BROKEN                     136
@@ -1175,15 +1387,24 @@ void ERR_load_EVP_strings(void);
 #define EVP_F_EVP_RIJNDAEL                              126
 #define EVP_F_EVP_SIGNFINAL                             107
 #define EVP_F_EVP_VERIFYFINAL                           108
+#define EVP_F_FIPS_CIPHERINIT                           166
+#define EVP_F_FIPS_CIPHER_CTX_COPY                      170
+#define EVP_F_FIPS_CIPHER_CTX_CTRL                      167
+#define EVP_F_FIPS_CIPHER_CTX_SET_KEY_LENGTH            171
+#define EVP_F_FIPS_DIGESTINIT                           168
+#define EVP_F_FIPS_MD_CTX_COPY                          169
+#define EVP_F_HMAC_INIT_EX                              174
 #define EVP_F_INT_CTX_NEW                               157
 #define EVP_F_PKCS5_PBE_KEYIVGEN                        117
 #define EVP_F_PKCS5_V2_PBE_KEYIVGEN                     118
+#define EVP_F_PKCS5_V2_PBKDF2_KEYIVGEN                  164
 #define EVP_F_PKCS8_SET_BROKEN                          112
 #define EVP_F_PKEY_SET_TYPE                             158
 #define EVP_F_RC2_MAGIC_TO_METH                                 109
 #define EVP_F_RC5_CTRL                                  125
 
 /* Reason codes. */
+#define EVP_R_AES_IV_SETUP_FAILED                       162
 #define EVP_R_AES_KEY_SETUP_FAILED                      143
 #define EVP_R_ASN1_LIB                                  140
 #define EVP_R_BAD_BLOCK_LENGTH                          136
@@ -1201,23 +1422,30 @@ void ERR_load_EVP_strings(void);
 #define EVP_R_DECODE_ERROR                              114
 #define EVP_R_DIFFERENT_KEY_TYPES                       101
 #define EVP_R_DIFFERENT_PARAMETERS                      153
+#define EVP_R_DISABLED_FOR_FIPS                                 163
 #define EVP_R_ENCODE_ERROR                              115
+#define EVP_R_ERROR_LOADING_SECTION                     165
+#define EVP_R_ERROR_SETTING_FIPS_MODE                   166
 #define EVP_R_EVP_PBE_CIPHERINIT_ERROR                  119
 #define EVP_R_EXPECTING_AN_RSA_KEY                      127
 #define EVP_R_EXPECTING_A_DH_KEY                        128
 #define EVP_R_EXPECTING_A_DSA_KEY                       129
 #define EVP_R_EXPECTING_A_ECDSA_KEY                     141
 #define EVP_R_EXPECTING_A_EC_KEY                        142
+#define EVP_R_FIPS_MODE_NOT_SUPPORTED                   167
 #define EVP_R_INITIALIZATION_ERROR                      134
 #define EVP_R_INPUT_NOT_INITIALIZED                     111
 #define EVP_R_INVALID_DIGEST                            152
+#define EVP_R_INVALID_FIPS_MODE                                 168
 #define EVP_R_INVALID_KEY_LENGTH                        130
 #define EVP_R_INVALID_OPERATION                                 148
 #define EVP_R_IV_TOO_LARGE                              102
 #define EVP_R_KEYGEN_FAILURE                            120
+#define EVP_R_MESSAGE_DIGEST_IS_NULL                    159
 #define EVP_R_METHOD_NOT_SUPPORTED                      144
 #define EVP_R_MISSING_PARAMETERS                        103
 #define EVP_R_NO_CIPHER_SET                             131
+#define EVP_R_NO_DEFAULT_DIGEST                                 158
 #define EVP_R_NO_DIGEST_SET                             139
 #define EVP_R_NO_DSA_PARAMETERS                                 116
 #define EVP_R_NO_KEY_SET                                154
@@ -1230,6 +1458,10 @@ void ERR_load_EVP_strings(void);
 #define EVP_R_PRIVATE_KEY_DECODE_ERROR                  145
 #define EVP_R_PRIVATE_KEY_ENCODE_ERROR                  146
 #define EVP_R_PUBLIC_KEY_NOT_RSA                        106
+#define EVP_R_TOO_LARGE                                         164
+#define EVP_R_UNKNOWN_CIPHER                            160
+#define EVP_R_UNKNOWN_DIGEST                            161
+#define EVP_R_UNKNOWN_OPTION                            169
 #define EVP_R_UNKNOWN_PBE_ALGORITHM                     121
 #define EVP_R_UNSUPORTED_NUMBER_OF_ROUNDS               135
 #define EVP_R_UNSUPPORTED_ALGORITHM                     156
@@ -1240,6 +1472,7 @@ void ERR_load_EVP_strings(void);
 #define EVP_R_UNSUPPORTED_PRF                           125
 #define EVP_R_UNSUPPORTED_PRIVATE_KEY_ALGORITHM                 118
 #define EVP_R_UNSUPPORTED_SALT_TYPE                     126
+#define EVP_R_WRAP_MODE_NOT_ALLOWED                     170
 #define EVP_R_WRONG_FINAL_BLOCK_LENGTH                  109
 #define EVP_R_WRONG_PUBLIC_KEY_TYPE                     110