aboutsummaryrefslogtreecommitdiff
path: root/include/crypto
diff options
context:
space:
mode:
authorEmma Miler <emma.pi@protonmail.com>2022-12-02 23:00:33 +0100
committerGitHub <noreply@github.com>2022-12-02 23:00:33 +0100
commit2d59006262d6e45f41ee325af78433475884dca4 (patch)
tree939c84779bf6a455102c74937f238a0ec05698eb /include/crypto
parentbe78dbacc5dcc95e7d9be503d61ceb5de640c661 (diff)
downloadNorthstarLauncher-1.11.0-rc1.tar.gz
NorthstarLauncher-1.11.0-rc1.zip
Move include directory (#337)v1.11.0-rc1
* Move include directory to shared folder This commit moves the `include` directory from the NorthstarDLL project folder to the solution folder. This allows both the DLL and Launcher project to target it properly. * Fix filters * Update memalloc.h * Fix filters * Update NorthstarLauncher.vcxproj * Remove stuff from other PR * Update NorthstarLauncher.vcxproj * Update NorthstarLauncher.vcxproj * Update NorthstarDLL.vcxproj
Diffstat (limited to 'include/crypto')
-rw-r--r--include/crypto/__DECC_INCLUDE_EPILOGUE.H16
-rw-r--r--include/crypto/__DECC_INCLUDE_PROLOGUE.H20
-rw-r--r--include/crypto/aes_platform.h450
-rw-r--r--include/crypto/aria.h51
-rw-r--r--include/crypto/asn1.h149
-rw-r--r--include/crypto/asn1_dsa.h24
-rw-r--r--include/crypto/asn1err.h27
-rw-r--r--include/crypto/async.h19
-rw-r--r--include/crypto/asyncerr.h27
-rw-r--r--include/crypto/bioerr.h27
-rw-r--r--include/crypto/bn.h117
-rw-r--r--include/crypto/bn_conf.h29
-rw-r--r--include/crypto/bn_conf.h.in28
-rw-r--r--include/crypto/bn_dh.h43
-rw-r--r--include/crypto/bn_srp.h32
-rw-r--r--include/crypto/bnerr.h27
-rw-r--r--include/crypto/buffererr.h27
-rw-r--r--include/crypto/chacha.h43
-rw-r--r--include/crypto/cmll_platform.h51
-rw-r--r--include/crypto/cmperr.h30
-rw-r--r--include/crypto/cmserr.h30
-rw-r--r--include/crypto/comperr.h30
-rw-r--r--include/crypto/conferr.h27
-rw-r--r--include/crypto/crmferr.h30
-rw-r--r--include/crypto/cryptlib.h39
-rw-r--r--include/crypto/cryptoerr.h27
-rw-r--r--include/crypto/cterr.h30
-rw-r--r--include/crypto/ctype.h83
-rw-r--r--include/crypto/decoder.h42
-rw-r--r--include/crypto/decodererr.h27
-rw-r--r--include/crypto/des_platform.h35
-rw-r--r--include/crypto/dh.h61
-rw-r--r--include/crypto/dherr.h30
-rw-r--r--include/crypto/dsa.h48
-rw-r--r--include/crypto/dsaerr.h30
-rw-r--r--include/crypto/dso_conf.h18
-rw-r--r--include/crypto/dso_conf.h.in33
-rw-r--r--include/crypto/ec.h100
-rw-r--r--include/crypto/ecerr.h30
-rw-r--r--include/crypto/ecx.h150
-rw-r--r--include/crypto/encoder.h14
-rw-r--r--include/crypto/encodererr.h27
-rw-r--r--include/crypto/engine.h20
-rw-r--r--include/crypto/engineerr.h30
-rw-r--r--include/crypto/err.h20
-rw-r--r--include/crypto/ess.h76
-rw-r--r--include/crypto/esserr.h27
-rw-r--r--include/crypto/evp.h944
-rw-r--r--include/crypto/evperr.h27
-rw-r--r--include/crypto/httperr.h27
-rw-r--r--include/crypto/lhash.h16
-rw-r--r--include/crypto/md32_common.h256
-rw-r--r--include/crypto/modes.h223
-rw-r--r--include/crypto/objects.h12
-rw-r--r--include/crypto/objectserr.h27
-rw-r--r--include/crypto/ocsperr.h30
-rw-r--r--include/crypto/pem.h51
-rw-r--r--include/crypto/pemerr.h27
-rw-r--r--include/crypto/pkcs12err.h27
-rw-r--r--include/crypto/pkcs7.h19
-rw-r--r--include/crypto/pkcs7err.h27
-rw-r--r--include/crypto/poly1305.h46
-rw-r--r--include/crypto/ppc_arch.h28
-rw-r--r--include/crypto/punycode.h24
-rw-r--r--include/crypto/rand.h128
-rw-r--r--include/crypto/rand_pool.h109
-rw-r--r--include/crypto/randerr.h27
-rw-r--r--include/crypto/rsa.h129
-rw-r--r--include/crypto/rsaerr.h27
-rw-r--r--include/crypto/security_bits.h16
-rw-r--r--include/crypto/sha.h22
-rw-r--r--include/crypto/siphash.h50
-rw-r--r--include/crypto/siv.h33
-rw-r--r--include/crypto/sm2.h86
-rw-r--r--include/crypto/sm2err.h49
-rw-r--r--include/crypto/sm4.h38
-rw-r--r--include/crypto/sparc_arch.h122
-rw-r--r--include/crypto/sparse_array.h92
-rw-r--r--include/crypto/store.h21
-rw-r--r--include/crypto/storeerr.h27
-rw-r--r--include/crypto/tserr.h30
-rw-r--r--include/crypto/types.h29
-rw-r--r--include/crypto/uierr.h27
-rw-r--r--include/crypto/x509.h367
-rw-r--r--include/crypto/x509err.h27
-rw-r--r--include/crypto/x509v3err.h27
86 files changed, 5645 insertions, 0 deletions
diff --git a/include/crypto/__DECC_INCLUDE_EPILOGUE.H b/include/crypto/__DECC_INCLUDE_EPILOGUE.H
new file mode 100644
index 00000000..e57c0eab
--- /dev/null
+++ b/include/crypto/__DECC_INCLUDE_EPILOGUE.H
@@ -0,0 +1,16 @@
+/*
+ * Copyright 2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the Apache License 2.0 (the "License"). You may not use
+ * this file except in compliance with the License. You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+/*
+ * This file is only used by HP C on VMS, and is included automatically
+ * after each header file from this directory
+ */
+
+/* restore state. Must correspond to the save in __decc_include_prologue.h */
+#pragma names restore
diff --git a/include/crypto/__DECC_INCLUDE_PROLOGUE.H b/include/crypto/__DECC_INCLUDE_PROLOGUE.H
new file mode 100644
index 00000000..a0139575
--- /dev/null
+++ b/include/crypto/__DECC_INCLUDE_PROLOGUE.H
@@ -0,0 +1,20 @@
+/*
+ * Copyright 2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the Apache License 2.0 (the "License"). You may not use
+ * this file except in compliance with the License. You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+/*
+ * This file is only used by HP C on VMS, and is included automatically
+ * after each header file from this directory
+ */
+
+/* save state */
+#pragma names save
+/* have the compiler shorten symbols larger than 31 chars to 23 chars
+ * followed by a 8 hex char CRC
+ */
+#pragma names as_is,shortened
diff --git a/include/crypto/aes_platform.h b/include/crypto/aes_platform.h
new file mode 100644
index 00000000..e95ad5aa
--- /dev/null
+++ b/include/crypto/aes_platform.h
@@ -0,0 +1,450 @@
+/*
+ * Copyright 2019-2021 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the Apache License 2.0 (the "License"). You may not use
+ * this file except in compliance with the License. You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#ifndef OSSL_AES_PLATFORM_H
+# define OSSL_AES_PLATFORM_H
+# pragma once
+
+# include <openssl/aes.h>
+
+# ifdef VPAES_ASM
+int vpaes_set_encrypt_key(const unsigned char *userKey, int bits,
+ AES_KEY *key);
+int vpaes_set_decrypt_key(const unsigned char *userKey, int bits,
+ AES_KEY *key);
+void vpaes_encrypt(const unsigned char *in, unsigned char *out,
+ const AES_KEY *key);
+void vpaes_decrypt(const unsigned char *in, unsigned char *out,
+ const AES_KEY *key);
+void vpaes_cbc_encrypt(const unsigned char *in,
+ unsigned char *out,
+ size_t length,
+ const AES_KEY *key, unsigned char *ivec, int enc);
+# endif /* VPAES_ASM */
+
+# ifdef BSAES_ASM
+void ossl_bsaes_cbc_encrypt(const unsigned char *in, unsigned char *out,
+ size_t length, const AES_KEY *key,
+ unsigned char ivec[16], int enc);
+void ossl_bsaes_ctr32_encrypt_blocks(const unsigned char *in,
+ unsigned char *out, size_t len,
+ const AES_KEY *key,
+ const unsigned char ivec[16]);
+void ossl_bsaes_xts_encrypt(const unsigned char *inp, unsigned char *out,
+ size_t len, const AES_KEY *key1,
+ const AES_KEY *key2, const unsigned char iv[16]);
+void ossl_bsaes_xts_decrypt(const unsigned char *inp, unsigned char *out,
+ size_t len, const AES_KEY *key1,
+ const AES_KEY *key2, const unsigned char iv[16]);
+# endif /* BSAES_ASM */
+
+# ifdef AES_CTR_ASM
+void AES_ctr32_encrypt(const unsigned char *in, unsigned char *out,
+ size_t blocks, const AES_KEY *key,
+ const unsigned char ivec[AES_BLOCK_SIZE]);
+# endif /* AES_CTR_ASM */
+
+# ifdef AES_XTS_ASM
+void AES_xts_encrypt(const unsigned char *inp, unsigned char *out, size_t len,
+ const AES_KEY *key1, const AES_KEY *key2,
+ const unsigned char iv[16]);
+void AES_xts_decrypt(const unsigned char *inp, unsigned char *out, size_t len,
+ const AES_KEY *key1, const AES_KEY *key2,
+ const unsigned char iv[16]);
+# endif /* AES_XTS_ASM */
+
+# if defined(OPENSSL_CPUID_OBJ)
+# if (defined(__powerpc__) || defined(__ppc__) || defined(_ARCH_PPC))
+# include "crypto/ppc_arch.h"
+# ifdef VPAES_ASM
+# define VPAES_CAPABLE (OPENSSL_ppccap_P & PPC_ALTIVEC)
+# endif
+# define HWAES_CAPABLE (OPENSSL_ppccap_P & PPC_CRYPTO207)
+# define HWAES_set_encrypt_key aes_p8_set_encrypt_key
+# define HWAES_set_decrypt_key aes_p8_set_decrypt_key
+# define HWAES_encrypt aes_p8_encrypt
+# define HWAES_decrypt aes_p8_decrypt
+# define HWAES_cbc_encrypt aes_p8_cbc_encrypt
+# define HWAES_ctr32_encrypt_blocks aes_p8_ctr32_encrypt_blocks
+# define HWAES_xts_encrypt aes_p8_xts_encrypt
+# define HWAES_xts_decrypt aes_p8_xts_decrypt
+# endif /* PPC */
+
+# if (defined(__arm__) || defined(__arm) || defined(__aarch64__))
+# include "arm_arch.h"
+# if __ARM_MAX_ARCH__>=7
+# if defined(BSAES_ASM)
+# define BSAES_CAPABLE (OPENSSL_armcap_P & ARMV7_NEON)
+# endif
+# if defined(VPAES_ASM)
+# define VPAES_CAPABLE (OPENSSL_armcap_P & ARMV7_NEON)
+# endif
+# define HWAES_CAPABLE (OPENSSL_armcap_P & ARMV8_AES)
+# define HWAES_set_encrypt_key aes_v8_set_encrypt_key
+# define HWAES_set_decrypt_key aes_v8_set_decrypt_key
+# define HWAES_encrypt aes_v8_encrypt
+# define HWAES_decrypt aes_v8_decrypt
+# define HWAES_cbc_encrypt aes_v8_cbc_encrypt
+# define HWAES_ecb_encrypt aes_v8_ecb_encrypt
+# if __ARM_MAX_ARCH__>=8 && defined(__aarch64__)
+# define HWAES_xts_encrypt aes_v8_xts_encrypt
+# define HWAES_xts_decrypt aes_v8_xts_decrypt
+# endif
+# define HWAES_ctr32_encrypt_blocks aes_v8_ctr32_encrypt_blocks
+# define AES_PMULL_CAPABLE ((OPENSSL_armcap_P & ARMV8_PMULL) && (OPENSSL_armcap_P & ARMV8_AES))
+# define AES_GCM_ENC_BYTES 512
+# define AES_GCM_DEC_BYTES 512
+# if __ARM_MAX_ARCH__>=8 && defined(__aarch64__)
+# define AES_gcm_encrypt armv8_aes_gcm_encrypt
+# define AES_gcm_decrypt armv8_aes_gcm_decrypt
+# define AES_GCM_ASM(gctx) ((gctx)->ctr==aes_v8_ctr32_encrypt_blocks && \
+ (gctx)->gcm.ghash==gcm_ghash_v8)
+size_t aes_gcm_enc_128_kernel(const uint8_t * plaintext, uint64_t plaintext_length, uint8_t * ciphertext,
+ uint64_t *Xi, unsigned char ivec[16], const void *key);
+size_t aes_gcm_enc_192_kernel(const uint8_t * plaintext, uint64_t plaintext_length, uint8_t * ciphertext,
+ uint64_t *Xi, unsigned char ivec[16], const void *key);
+size_t aes_gcm_enc_256_kernel(const uint8_t * plaintext, uint64_t plaintext_length, uint8_t * ciphertext,
+ uint64_t *Xi, unsigned char ivec[16], const void *key);
+size_t aes_gcm_dec_128_kernel(const uint8_t * ciphertext, uint64_t plaintext_length, uint8_t * plaintext,
+ uint64_t *Xi, unsigned char ivec[16], const void *key);
+size_t aes_gcm_dec_192_kernel(const uint8_t * ciphertext, uint64_t plaintext_length, uint8_t * plaintext,
+ uint64_t *Xi, unsigned char ivec[16], const void *key);
+size_t aes_gcm_dec_256_kernel(const uint8_t * ciphertext, uint64_t plaintext_length, uint8_t * plaintext,
+ uint64_t *Xi, unsigned char ivec[16], const void *key);
+size_t armv8_aes_gcm_encrypt(const unsigned char *in, unsigned char *out, size_t len, const void *key,
+ unsigned char ivec[16], u64 *Xi);
+size_t armv8_aes_gcm_decrypt(const unsigned char *in, unsigned char *out, size_t len, const void *key,
+ unsigned char ivec[16], u64 *Xi);
+void gcm_ghash_v8(u64 Xi[2],const u128 Htable[16],const u8 *inp, size_t len);
+# endif
+# endif
+# endif
+# endif /* OPENSSL_CPUID_OBJ */
+
+# if defined(AES_ASM) && ( \
+ defined(__x86_64) || defined(__x86_64__) || \
+ defined(_M_AMD64) || defined(_M_X64) )
+# define AES_CBC_HMAC_SHA_CAPABLE 1
+# define AESNI_CBC_HMAC_SHA_CAPABLE (OPENSSL_ia32cap_P[1]&(1<<(57-32)))
+# endif
+
+# if defined(AES_ASM) && !defined(I386_ONLY) && ( \
+ ((defined(__i386) || defined(__i386__) || \
+ defined(_M_IX86)) && defined(OPENSSL_IA32_SSE2))|| \
+ defined(__x86_64) || defined(__x86_64__) || \
+ defined(_M_AMD64) || defined(_M_X64) )
+
+/* AES-NI section */
+
+# define AESNI_CAPABLE (OPENSSL_ia32cap_P[1]&(1<<(57-32)))
+# ifdef VPAES_ASM
+# define VPAES_CAPABLE (OPENSSL_ia32cap_P[1]&(1<<(41-32)))
+# endif
+# ifdef BSAES_ASM
+# define BSAES_CAPABLE (OPENSSL_ia32cap_P[1]&(1<<(41-32)))
+# endif
+
+# define AES_GCM_ENC_BYTES 32
+# define AES_GCM_DEC_BYTES 16
+
+int aesni_set_encrypt_key(const unsigned char *userKey, int bits,
+ AES_KEY *key);
+int aesni_set_decrypt_key(const unsigned char *userKey, int bits,
+ AES_KEY *key);
+
+void aesni_encrypt(const unsigned char *in, unsigned char *out,
+ const AES_KEY *key);
+void aesni_decrypt(const unsigned char *in, unsigned char *out,
+ const AES_KEY *key);
+
+void aesni_ecb_encrypt(const unsigned char *in,
+ unsigned char *out,
+ size_t length, const AES_KEY *key, int enc);
+void aesni_cbc_encrypt(const unsigned char *in,
+ unsigned char *out,
+ size_t length,
+ const AES_KEY *key, unsigned char *ivec, int enc);
+# ifndef OPENSSL_NO_OCB
+void aesni_ocb_encrypt(const unsigned char *in, unsigned char *out,
+ size_t blocks, const void *key,
+ size_t start_block_num,
+ unsigned char offset_i[16],
+ const unsigned char L_[][16],
+ unsigned char checksum[16]);
+void aesni_ocb_decrypt(const unsigned char *in, unsigned char *out,
+ size_t blocks, const void *key,
+ size_t start_block_num,
+ unsigned char offset_i[16],
+ const unsigned char L_[][16],
+ unsigned char checksum[16]);
+# endif /* OPENSSL_NO_OCB */
+
+void aesni_ctr32_encrypt_blocks(const unsigned char *in,
+ unsigned char *out,
+ size_t blocks,
+ const void *key, const unsigned char *ivec);
+
+void aesni_xts_encrypt(const unsigned char *in,
+ unsigned char *out,
+ size_t length,
+ const AES_KEY *key1, const AES_KEY *key2,
+ const unsigned char iv[16]);
+
+void aesni_xts_decrypt(const unsigned char *in,
+ unsigned char *out,
+ size_t length,
+ const AES_KEY *key1, const AES_KEY *key2,
+ const unsigned char iv[16]);
+
+void aesni_ccm64_encrypt_blocks(const unsigned char *in,
+ unsigned char *out,
+ size_t blocks,
+ const void *key,
+ const unsigned char ivec[16],
+ unsigned char cmac[16]);
+
+void aesni_ccm64_decrypt_blocks(const unsigned char *in,
+ unsigned char *out,
+ size_t blocks,
+ const void *key,
+ const unsigned char ivec[16],
+ unsigned char cmac[16]);
+
+# if defined(__x86_64) || defined(__x86_64__) || defined(_M_AMD64) || defined(_M_X64)
+size_t aesni_gcm_encrypt(const unsigned char *in, unsigned char *out, size_t len,
+ const void *key, unsigned char ivec[16], u64 *Xi);
+size_t aesni_gcm_decrypt(const unsigned char *in, unsigned char *out, size_t len,
+ const void *key, unsigned char ivec[16], u64 *Xi);
+void gcm_ghash_avx(u64 Xi[2], const u128 Htable[16], const u8 *in, size_t len);
+
+# define AES_gcm_encrypt aesni_gcm_encrypt
+# define AES_gcm_decrypt aesni_gcm_decrypt
+# define AES_GCM_ASM(ctx) (ctx->ctr == aesni_ctr32_encrypt_blocks && \
+ ctx->gcm.ghash == gcm_ghash_avx)
+# endif
+
+
+# elif defined(AES_ASM) && (defined(__sparc) || defined(__sparc__))
+
+/* Fujitsu SPARC64 X support */
+# include "crypto/sparc_arch.h"
+
+# define SPARC_AES_CAPABLE (OPENSSL_sparcv9cap_P[1] & CFR_AES)
+# define HWAES_CAPABLE (OPENSSL_sparcv9cap_P[0] & SPARCV9_FJAESX)
+# define HWAES_set_encrypt_key aes_fx_set_encrypt_key
+# define HWAES_set_decrypt_key aes_fx_set_decrypt_key
+# define HWAES_encrypt aes_fx_encrypt
+# define HWAES_decrypt aes_fx_decrypt
+# define HWAES_cbc_encrypt aes_fx_cbc_encrypt
+# define HWAES_ctr32_encrypt_blocks aes_fx_ctr32_encrypt_blocks
+
+void aes_t4_set_encrypt_key(const unsigned char *key, int bits, AES_KEY *ks);
+void aes_t4_set_decrypt_key(const unsigned char *key, int bits, AES_KEY *ks);
+void aes_t4_encrypt(const unsigned char *in, unsigned char *out,
+ const AES_KEY *key);
+void aes_t4_decrypt(const unsigned char *in, unsigned char *out,
+ const AES_KEY *key);
+/*
+ * Key-length specific subroutines were chosen for following reason.
+ * Each SPARC T4 core can execute up to 8 threads which share core's
+ * resources. Loading as much key material to registers allows to
+ * minimize references to shared memory interface, as well as amount
+ * of instructions in inner loops [much needed on T4]. But then having
+ * non-key-length specific routines would require conditional branches
+ * either in inner loops or on subroutines' entries. Former is hardly
+ * acceptable, while latter means code size increase to size occupied
+ * by multiple key-length specific subroutines, so why fight?
+ */
+void aes128_t4_cbc_encrypt(const unsigned char *in, unsigned char *out,
+ size_t len, const AES_KEY *key,
+ unsigned char *ivec, int /*unused*/);
+void aes128_t4_cbc_decrypt(const unsigned char *in, unsigned char *out,
+ size_t len, const AES_KEY *key,
+ unsigned char *ivec, int /*unused*/);
+void aes192_t4_cbc_encrypt(const unsigned char *in, unsigned char *out,
+ size_t len, const AES_KEY *key,
+ unsigned char *ivec, int /*unused*/);
+void aes192_t4_cbc_decrypt(const unsigned char *in, unsigned char *out,
+ size_t len, const AES_KEY *key,
+ unsigned char *ivec, int /*unused*/);
+void aes256_t4_cbc_encrypt(const unsigned char *in, unsigned char *out,
+ size_t len, const AES_KEY *key,
+ unsigned char *ivec, int /*unused*/);
+void aes256_t4_cbc_decrypt(const unsigned char *in, unsigned char *out,
+ size_t len, const AES_KEY *key,
+ unsigned char *ivec, int /*unused*/);
+void aes128_t4_ctr32_encrypt(const unsigned char *in, unsigned char *out,
+ size_t blocks, const AES_KEY *key,
+ unsigned char *ivec);
+void aes192_t4_ctr32_encrypt(const unsigned char *in, unsigned char *out,
+ size_t blocks, const AES_KEY *key,
+ unsigned char *ivec);
+void aes256_t4_ctr32_encrypt(const unsigned char *in, unsigned char *out,
+ size_t blocks, const AES_KEY *key,
+ unsigned char *ivec);
+void aes128_t4_xts_encrypt(const unsigned char *in, unsigned char *out,
+ size_t blocks, const AES_KEY *key1,
+ const AES_KEY *key2, const unsigned char *ivec);
+void aes128_t4_xts_decrypt(const unsigned char *in, unsigned char *out,
+ size_t blocks, const AES_KEY *key1,
+ const AES_KEY *key2, const unsigned char *ivec);
+void aes256_t4_xts_encrypt(const unsigned char *in, unsigned char *out,
+ size_t blocks, const AES_KEY *key1,
+ const AES_KEY *key2, const unsigned char *ivec);
+void aes256_t4_xts_decrypt(const unsigned char *in, unsigned char *out,
+ size_t blocks, const AES_KEY *key1,
+ const AES_KEY *key2, const unsigned char *ivec);
+
+# elif defined(OPENSSL_CPUID_OBJ) && defined(__s390__)
+/* IBM S390X support */
+# include "s390x_arch.h"
+
+
+/* Convert key size to function code: [16,24,32] -> [18,19,20]. */
+# define S390X_AES_FC(keylen) (S390X_AES_128 + ((((keylen) << 3) - 128) >> 6))
+
+/* Most modes of operation need km for partial block processing. */
+# define S390X_aes_128_CAPABLE (OPENSSL_s390xcap_P.km[0] & \
+ S390X_CAPBIT(S390X_AES_128))
+# define S390X_aes_192_CAPABLE (OPENSSL_s390xcap_P.km[0] & \
+ S390X_CAPBIT(S390X_AES_192))
+# define S390X_aes_256_CAPABLE (OPENSSL_s390xcap_P.km[0] & \
+ S390X_CAPBIT(S390X_AES_256))
+
+# define S390X_aes_128_cbc_CAPABLE 1 /* checked by callee */
+# define S390X_aes_192_cbc_CAPABLE 1
+# define S390X_aes_256_cbc_CAPABLE 1
+
+# define S390X_aes_128_ecb_CAPABLE S390X_aes_128_CAPABLE
+# define S390X_aes_192_ecb_CAPABLE S390X_aes_192_CAPABLE
+# define S390X_aes_256_ecb_CAPABLE S390X_aes_256_CAPABLE
+
+# define S390X_aes_128_ofb_CAPABLE (S390X_aes_128_CAPABLE && \
+ (OPENSSL_s390xcap_P.kmo[0] & \
+ S390X_CAPBIT(S390X_AES_128)))
+# define S390X_aes_192_ofb_CAPABLE (S390X_aes_192_CAPABLE && \
+ (OPENSSL_s390xcap_P.kmo[0] & \
+ S390X_CAPBIT(S390X_AES_192)))
+# define S390X_aes_256_ofb_CAPABLE (S390X_aes_256_CAPABLE && \
+ (OPENSSL_s390xcap_P.kmo[0] & \
+ S390X_CAPBIT(S390X_AES_256)))
+
+# define S390X_aes_128_cfb_CAPABLE (S390X_aes_128_CAPABLE && \
+ (OPENSSL_s390xcap_P.kmf[0] & \
+ S390X_CAPBIT(S390X_AES_128)))
+# define S390X_aes_192_cfb_CAPABLE (S390X_aes_192_CAPABLE && \
+ (OPENSSL_s390xcap_P.kmf[0] & \
+ S390X_CAPBIT(S390X_AES_192)))
+# define S390X_aes_256_cfb_CAPABLE (S390X_aes_256_CAPABLE && \
+ (OPENSSL_s390xcap_P.kmf[0] & \
+ S390X_CAPBIT(S390X_AES_256)))
+# define S390X_aes_128_cfb8_CAPABLE (OPENSSL_s390xcap_P.kmf[0] & \
+ S390X_CAPBIT(S390X_AES_128))
+# define S390X_aes_192_cfb8_CAPABLE (OPENSSL_s390xcap_P.kmf[0] & \
+ S390X_CAPBIT(S390X_AES_192))
+# define S390X_aes_256_cfb8_CAPABLE (OPENSSL_s390xcap_P.kmf[0] & \
+ S390X_CAPBIT(S390X_AES_256))
+# define S390X_aes_128_cfb1_CAPABLE 0
+# define S390X_aes_192_cfb1_CAPABLE 0
+# define S390X_aes_256_cfb1_CAPABLE 0
+
+# define S390X_aes_128_ctr_CAPABLE 1 /* checked by callee */
+# define S390X_aes_192_ctr_CAPABLE 1
+# define S390X_aes_256_ctr_CAPABLE 1
+
+# define S390X_aes_128_xts_CAPABLE 1 /* checked by callee */
+# define S390X_aes_256_xts_CAPABLE 1
+
+# define S390X_aes_128_gcm_CAPABLE (S390X_aes_128_CAPABLE && \
+ (OPENSSL_s390xcap_P.kma[0] & \
+ S390X_CAPBIT(S390X_AES_128)))
+# define S390X_aes_192_gcm_CAPABLE (S390X_aes_192_CAPABLE && \
+ (OPENSSL_s390xcap_P.kma[0] & \
+ S390X_CAPBIT(S390X_AES_192)))
+# define S390X_aes_256_gcm_CAPABLE (S390X_aes_256_CAPABLE && \
+ (OPENSSL_s390xcap_P.kma[0] & \
+ S390X_CAPBIT(S390X_AES_256)))
+
+# define S390X_aes_128_ccm_CAPABLE (S390X_aes_128_CAPABLE && \
+ (OPENSSL_s390xcap_P.kmac[0] & \
+ S390X_CAPBIT(S390X_AES_128)))
+# define S390X_aes_192_ccm_CAPABLE (S390X_aes_192_CAPABLE && \
+ (OPENSSL_s390xcap_P.kmac[0] & \
+ S390X_CAPBIT(S390X_AES_192)))
+# define S390X_aes_256_ccm_CAPABLE (S390X_aes_256_CAPABLE && \
+ (OPENSSL_s390xcap_P.kmac[0] & \
+ S390X_CAPBIT(S390X_AES_256)))
+# define S390X_CCM_AAD_FLAG 0x40
+
+# ifndef OPENSSL_NO_OCB
+# define S390X_aes_128_ocb_CAPABLE 0
+# define S390X_aes_192_ocb_CAPABLE 0
+# define S390X_aes_256_ocb_CAPABLE 0
+# endif /* OPENSSL_NO_OCB */
+
+# ifndef OPENSSL_NO_SIV
+# define S390X_aes_128_siv_CAPABLE 0
+# define S390X_aes_192_siv_CAPABLE 0
+# define S390X_aes_256_siv_CAPABLE 0
+# endif /* OPENSSL_NO_SIV */
+
+/* Convert key size to function code: [16,24,32] -> [18,19,20]. */
+# define S390X_AES_FC(keylen) (S390X_AES_128 + ((((keylen) << 3) - 128) >> 6))
+# endif
+
+# if defined(HWAES_CAPABLE)
+int HWAES_set_encrypt_key(const unsigned char *userKey, const int bits,
+ AES_KEY *key);
+int HWAES_set_decrypt_key(const unsigned char *userKey, const int bits,
+ AES_KEY *key);
+void HWAES_encrypt(const unsigned char *in, unsigned char *out,
+ const AES_KEY *key);
+void HWAES_decrypt(const unsigned char *in, unsigned char *out,
+ const AES_KEY *key);
+void HWAES_cbc_encrypt(const unsigned char *in, unsigned char *out,
+ size_t length, const AES_KEY *key,
+ unsigned char *ivec, const int enc);
+void HWAES_ecb_encrypt(const unsigned char *in, unsigned char *out,
+ size_t length, const AES_KEY *key,
+ const int enc);
+void HWAES_ctr32_encrypt_blocks(const unsigned char *in, unsigned char *out,
+ size_t len, const void *key,
+ const unsigned char ivec[16]);
+void HWAES_xts_encrypt(const unsigned char *inp, unsigned char *out,
+ size_t len, const AES_KEY *key1,
+ const AES_KEY *key2, const unsigned char iv[16]);
+void HWAES_xts_decrypt(const unsigned char *inp, unsigned char *out,
+ size_t len, const AES_KEY *key1,
+ const AES_KEY *key2, const unsigned char iv[16]);
+# ifndef OPENSSL_NO_OCB
+# ifdef HWAES_ocb_encrypt
+void HWAES_ocb_encrypt(const unsigned char *in, unsigned char *out,
+ size_t blocks, const void *key,
+ size_t start_block_num,
+ unsigned char offset_i[16],
+ const unsigned char L_[][16],
+ unsigned char checksum[16]);
+# else
+# define HWAES_ocb_encrypt ((ocb128_f)NULL)
+# endif
+# ifdef HWAES_ocb_decrypt
+void HWAES_ocb_decrypt(const unsigned char *in, unsigned char *out,
+ size_t blocks, const void *key,
+ size_t start_block_num,
+ unsigned char offset_i[16],
+ const unsigned char L_[][16],
+ unsigned char checksum[16]);
+# else
+# define HWAES_ocb_decrypt ((ocb128_f)NULL)
+# endif
+# endif /* OPENSSL_NO_OCB */
+
+# endif /* HWAES_CAPABLE */
+
+#endif /* OSSL_AES_PLATFORM_H */
diff --git a/include/crypto/aria.h b/include/crypto/aria.h
new file mode 100644
index 00000000..21a9932e
--- /dev/null
+++ b/include/crypto/aria.h
@@ -0,0 +1,51 @@
+/*
+ * Copyright 2006-2021 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright (c) 2017, Oracle and/or its affiliates. All rights reserved.
+ *
+ * Licensed under the Apache License 2.0 (the "License"). You may not use
+ * this file except in compliance with the License. You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+ /* Copyright (c) 2017 National Security Research Institute. All rights reserved. */
+
+#ifndef OSSL_CRYPTO_ARIA_H
+# define OSSL_CRYPTO_ARIA_H
+# pragma once
+
+# include <openssl/opensslconf.h>
+
+# ifdef OPENSSL_NO_ARIA
+# error ARIA is disabled.
+# endif
+
+# define ARIA_ENCRYPT 1
+# define ARIA_DECRYPT 0
+
+# define ARIA_BLOCK_SIZE 16 /* Size of each encryption/decryption block */
+# define ARIA_MAX_KEYS 17 /* Number of keys needed in the worst case */
+
+typedef union {
+ unsigned char c[ARIA_BLOCK_SIZE];
+ unsigned int u[ARIA_BLOCK_SIZE / sizeof(unsigned int)];
+} ARIA_u128;
+
+typedef unsigned char ARIA_c128[ARIA_BLOCK_SIZE];
+
+struct aria_key_st {
+ ARIA_u128 rd_key[ARIA_MAX_KEYS];
+ unsigned int rounds;
+};
+typedef struct aria_key_st ARIA_KEY;
+
+
+int ossl_aria_set_encrypt_key(const unsigned char *userKey, const int bits,
+ ARIA_KEY *key);
+int ossl_aria_set_decrypt_key(const unsigned char *userKey, const int bits,
+ ARIA_KEY *key);
+
+void ossl_aria_encrypt(const unsigned char *in, unsigned char *out,
+ const ARIA_KEY *key);
+
+#endif
diff --git a/include/crypto/asn1.h b/include/crypto/asn1.h
new file mode 100644
index 00000000..ec76ae6f
--- /dev/null
+++ b/include/crypto/asn1.h
@@ -0,0 +1,149 @@
+/*
+ * Copyright 2015-2021 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the Apache License 2.0 (the "License"). You may not use
+ * this file except in compliance with the License. You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#ifndef OSSL_CRYPTO_ASN1_H
+# define OSSL_CRYPTO_ASN1_H
+# pragma once
+
+# include <openssl/asn1.h>
+# include <openssl/core_dispatch.h> /* OSSL_FUNC_keymgmt_import() */
+
+/* Internal ASN1 structures and functions: not for application use */
+
+/* ASN1 public key method structure */
+
+#include <openssl/core.h>
+
+struct evp_pkey_asn1_method_st {
+ int pkey_id;
+ int pkey_base_id;
+ unsigned long pkey_flags;
+ char *pem_str;
+ char *info;
+ int (*pub_decode) (EVP_PKEY *pk, const X509_PUBKEY *pub);
+ int (*pub_encode) (X509_PUBKEY *pub, const EVP_PKEY *pk);
+ int (*pub_cmp) (const EVP_PKEY *a, const EVP_PKEY *b);
+ int (*pub_print) (BIO *out, const EVP_PKEY *pkey, int indent,
+ ASN1_PCTX *pctx);
+ int (*priv_decode) (EVP_PKEY *pk, const PKCS8_PRIV_KEY_INFO *p8inf);
+ int (*priv_encode) (PKCS8_PRIV_KEY_INFO *p8, const EVP_PKEY *pk);
+ int (*priv_print) (BIO *out, const EVP_PKEY *pkey, int indent,
+ ASN1_PCTX *pctx);
+ int (*pkey_size) (const EVP_PKEY *pk);
+ int (*pkey_bits) (const EVP_PKEY *pk);
+ int (*pkey_security_bits) (const EVP_PKEY *pk);
+ int (*param_decode) (EVP_PKEY *pkey,
+ const unsigned char **pder, int derlen);
+ int (*param_encode) (const EVP_PKEY *pkey, unsigned char **pder);
+ int (*param_missing) (const EVP_PKEY *pk);
+ int (*param_copy) (EVP_PKEY *to, const EVP_PKEY *from);
+ int (*param_cmp) (const EVP_PKEY *a, const EVP_PKEY *b);
+ int (*param_print) (BIO *out, const EVP_PKEY *pkey, int indent,
+ ASN1_PCTX *pctx);
+ int (*sig_print) (BIO *out,
+ const X509_ALGOR *sigalg, const ASN1_STRING *sig,
+ int indent, ASN1_PCTX *pctx);
+ void (*pkey_free) (EVP_PKEY *pkey);
+ int (*pkey_ctrl) (EVP_PKEY *pkey, int op, long arg1, void *arg2);
+ /* Legacy functions for old PEM */
+ int (*old_priv_decode) (EVP_PKEY *pkey,
+ const unsigned char **pder, int derlen);
+ int (*old_priv_encode) (const EVP_PKEY *pkey, unsigned char **pder);
+ /* Custom ASN1 signature verification */
+ int (*item_verify) (EVP_MD_CTX *ctx, const ASN1_ITEM *it, const void *data,
+ const X509_ALGOR *a, const ASN1_BIT_STRING *sig,
+ EVP_PKEY *pkey);
+ int (*item_sign) (EVP_MD_CTX *ctx, const ASN1_ITEM *it, const void *data,
+ X509_ALGOR *alg1, X509_ALGOR *alg2,
+ ASN1_BIT_STRING *sig);
+ int (*siginf_set) (X509_SIG_INFO *siginf, const X509_ALGOR *alg,
+ const ASN1_STRING *sig);
+ /* Check */
+ int (*pkey_check) (const EVP_PKEY *pk);
+ int (*pkey_public_check) (const EVP_PKEY *pk);
+ int (*pkey_param_check) (const EVP_PKEY *pk);
+ /* Get/set raw private/public key data */
+ int (*set_priv_key) (EVP_PKEY *pk, const unsigned char *priv, size_t len);
+ int (*set_pub_key) (EVP_PKEY *pk, const unsigned char *pub, size_t len);
+ int (*get_priv_key) (const EVP_PKEY *pk, unsigned char *priv, size_t *len);
+ int (*get_pub_key) (const EVP_PKEY *pk, unsigned char *pub, size_t *len);
+
+ /* Exports and imports to / from providers */
+ size_t (*dirty_cnt) (const EVP_PKEY *pk);
+ int (*export_to) (const EVP_PKEY *pk, void *to_keydata,
+ OSSL_FUNC_keymgmt_import_fn *importer,
+ OSSL_LIB_CTX *libctx, const char *propq);
+ OSSL_CALLBACK *import_from;
+ int (*copy) (EVP_PKEY *to, EVP_PKEY *from);
+
+ int (*priv_decode_ex) (EVP_PKEY *pk,
+ const PKCS8_PRIV_KEY_INFO *p8inf,
+ OSSL_LIB_CTX *libctx,
+ const char *propq);
+} /* EVP_PKEY_ASN1_METHOD */ ;
+
+DEFINE_STACK_OF_CONST(EVP_PKEY_ASN1_METHOD)
+
+extern const EVP_PKEY_ASN1_METHOD ossl_dh_asn1_meth;
+extern const EVP_PKEY_ASN1_METHOD ossl_dhx_asn1_meth;
+extern const EVP_PKEY_ASN1_METHOD ossl_dsa_asn1_meths[5];
+extern const EVP_PKEY_ASN1_METHOD ossl_eckey_asn1_meth;
+extern const EVP_PKEY_ASN1_METHOD ossl_ecx25519_asn1_meth;
+extern const EVP_PKEY_ASN1_METHOD ossl_ecx448_asn1_meth;
+extern const EVP_PKEY_ASN1_METHOD ossl_ed25519_asn1_meth;
+extern const EVP_PKEY_ASN1_METHOD ossl_ed448_asn1_meth;
+extern const EVP_PKEY_ASN1_METHOD ossl_sm2_asn1_meth;
+
+extern const EVP_PKEY_ASN1_METHOD ossl_rsa_asn1_meths[2];
+extern const EVP_PKEY_ASN1_METHOD ossl_rsa_pss_asn1_meth;
+
+/*
+ * These are used internally in the ASN1_OBJECT to keep track of whether the
+ * names and data need to be free()ed
+ */
+# define ASN1_OBJECT_FLAG_DYNAMIC 0x01/* internal use */
+# define ASN1_OBJECT_FLAG_CRITICAL 0x02/* critical x509v3 object id */
+# define ASN1_OBJECT_FLAG_DYNAMIC_STRINGS 0x04/* internal use */
+# define ASN1_OBJECT_FLAG_DYNAMIC_DATA 0x08/* internal use */
+struct asn1_object_st {
+ const char *sn, *ln;
+ int nid;
+ int length;
+ const unsigned char *data; /* data remains const after init */
+ int flags; /* Should we free this one */
+};
+
+/* ASN1 print context structure */
+
+struct asn1_pctx_st {
+ unsigned long flags;
+ unsigned long nm_flags;
+ unsigned long cert_flags;
+ unsigned long oid_flags;
+ unsigned long str_flags;
+} /* ASN1_PCTX */ ;
+
+/* ASN1 type functions */
+
+int ossl_asn1_type_set_octetstring_int(ASN1_TYPE *a, long num,
+ unsigned char *data, int len);
+int ossl_asn1_type_get_octetstring_int(const ASN1_TYPE *a, long *num,
+ unsigned char *data, int max_len);
+
+int ossl_x509_algor_new_from_md(X509_ALGOR **palg, const EVP_MD *md);
+const EVP_MD *ossl_x509_algor_get_md(X509_ALGOR *alg);
+X509_ALGOR *ossl_x509_algor_mgf1_decode(X509_ALGOR *alg);
+int ossl_x509_algor_md_to_mgf1(X509_ALGOR **palg, const EVP_MD *mgf1md);
+int ossl_asn1_time_print_ex(BIO *bp, const ASN1_TIME *tm, unsigned long flags);
+
+EVP_PKEY * ossl_d2i_PrivateKey_legacy(int keytype, EVP_PKEY **a,
+ const unsigned char **pp, long length,
+ OSSL_LIB_CTX *libctx, const char *propq);
+
+#endif /* ndef OSSL_CRYPTO_ASN1_H */
diff --git a/include/crypto/asn1_dsa.h b/include/crypto/asn1_dsa.h
new file mode 100644
index 00000000..3eadb9ec
--- /dev/null
+++ b/include/crypto/asn1_dsa.h
@@ -0,0 +1,24 @@
+/*
+ * Copyright 2019-2021 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the Apache License 2.0 (the "License"). You may not use
+ * this file except in compliance with the License. You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#ifndef OSSL_CRYPTO_ASN1_DSA_H
+# define OSSL_CRYPTO_ASN1_DSA_H
+# pragma once
+
+#include "internal/packet.h"
+
+int ossl_encode_der_length(WPACKET *pkt, size_t cont_len);
+int ossl_encode_der_integer(WPACKET *pkt, const BIGNUM *n);
+int ossl_encode_der_dsa_sig(WPACKET *pkt, const BIGNUM *r, const BIGNUM *s);
+int ossl_decode_der_length(PACKET *pkt, PACKET *subpkt);
+int ossl_decode_der_integer(PACKET *pkt, BIGNUM *n);
+size_t ossl_decode_der_dsa_sig(BIGNUM *r, BIGNUM *s, const unsigned char **ppin,
+ size_t len);
+
+#endif
diff --git a/include/crypto/asn1err.h b/include/crypto/asn1err.h
new file mode 100644
index 00000000..6441386b
--- /dev/null
+++ b/include/crypto/asn1err.h
@@ -0,0 +1,27 @@
+/*
+ * Generated by util/mkerr.pl DO NOT EDIT
+ * Copyright 2020-2021 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the Apache License 2.0 (the "License"). You may not use
+ * this file except in compliance with the License. You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#ifndef OSSL_CRYPTO_ASN1ERR_H
+# define OSSL_CRYPTO_ASN1ERR_H
+# pragma once
+
+# include <openssl/opensslconf.h>
+# include <openssl/symhacks.h>
+
+# ifdef __cplusplus
+extern "C" {
+# endif
+
+int ossl_err_load_ASN1_strings(void);
+
+# ifdef __cplusplus
+}
+# endif
+#endif
diff --git a/include/crypto/async.h b/include/crypto/async.h
new file mode 100644
index 00000000..7bc0dbb6
--- /dev/null
+++ b/include/crypto/async.h
@@ -0,0 +1,19 @@
+/*
+ * Copyright 2016-2021 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the Apache License 2.0 (the "License"). You may not use
+ * this file except in compliance with the License. You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#ifndef OSSL_CRYPTO_ASYNC_H
+# define OSSL_CRYPTO_ASYNC_H
+# pragma once
+
+# include <openssl/async.h>
+
+int async_init(void);
+void async_deinit(void);
+
+#endif
diff --git a/include/crypto/asyncerr.h b/include/crypto/asyncerr.h
new file mode 100644
index 00000000..574e0af7
--- /dev/null
+++ b/include/crypto/asyncerr.h
@@ -0,0 +1,27 @@
+/*
+ * Generated by util/mkerr.pl DO NOT EDIT
+ * Copyright 2020-2021 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the Apache License 2.0 (the "License"). You may not use
+ * this file except in compliance with the License. You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#ifndef OSSL_CRYPTO_ASYNCERR_H
+# define OSSL_CRYPTO_ASYNCERR_H
+# pragma once
+
+# include <openssl/opensslconf.h>
+# include <openssl/symhacks.h>
+
+# ifdef __cplusplus
+extern "C" {
+# endif
+
+int ossl_err_load_ASYNC_strings(void);
+
+# ifdef __cplusplus
+}
+# endif
+#endif
diff --git a/include/crypto/bioerr.h b/include/crypto/bioerr.h
new file mode 100644
index 00000000..a0c06099
--- /dev/null
+++ b/include/crypto/bioerr.h
@@ -0,0 +1,27 @@
+/*
+ * Generated by util/mkerr.pl DO NOT EDIT
+ * Copyright 2020-2021 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the Apache License 2.0 (the "License"). You may not use
+ * this file except in compliance with the License. You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#ifndef OSSL_CRYPTO_BIOERR_H
+# define OSSL_CRYPTO_BIOERR_H
+# pragma once
+
+# include <openssl/opensslconf.h>
+# include <openssl/symhacks.h>
+
+# ifdef __cplusplus
+extern "C" {
+# endif
+
+int ossl_err_load_BIO_strings(void);
+
+# ifdef __cplusplus
+}
+# endif
+#endif
diff --git a/include/crypto/bn.h b/include/crypto/bn.h
new file mode 100644
index 00000000..cf69bea8
--- /dev/null
+++ b/include/crypto/bn.h
@@ -0,0 +1,117 @@
+/*
+ * Copyright 2014-2021 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the Apache License 2.0 (the "License"). You may not use
+ * this file except in compliance with the License. You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#ifndef OSSL_CRYPTO_BN_H
+# define OSSL_CRYPTO_BN_H
+# pragma once
+
+# include <openssl/bn.h>
+# include <limits.h>
+
+BIGNUM *bn_wexpand(BIGNUM *a, int words);
+BIGNUM *bn_expand2(BIGNUM *a, int words);
+
+void bn_correct_top(BIGNUM *a);
+
+/*
+ * Determine the modified width-(w+1) Non-Adjacent Form (wNAF) of 'scalar'.
+ * This is an array r[] of values that are either zero or odd with an
+ * absolute value less than 2^w satisfying scalar = \sum_j r[j]*2^j where at
+ * most one of any w+1 consecutive digits is non-zero with the exception that
+ * the most significant digit may be only w-1 zeros away from that next
+ * non-zero digit.
+ */
+signed char *bn_compute_wNAF(const BIGNUM *scalar, int w, size_t *ret_len);
+
+int bn_get_top(const BIGNUM *a);
+
+int bn_get_dmax(const BIGNUM *a);
+
+/* Set all words to zero */
+void bn_set_all_zero(BIGNUM *a);
+
+/*
+ * Copy the internal BIGNUM words into out which holds size elements (and size
+ * must be bigger than top)
+ */
+int bn_copy_words(BN_ULONG *out, const BIGNUM *in, int size);
+
+BN_ULONG *bn_get_words(const BIGNUM *a);
+
+/*
+ * Set the internal data words in a to point to words which contains size
+ * elements. The BN_FLG_STATIC_DATA flag is set
+ */
+void bn_set_static_words(BIGNUM *a, const BN_ULONG *words, int size);
+
+/*
+ * Copy words into the BIGNUM |a|, reallocating space as necessary.
+ * The negative flag of |a| is not modified.
+ * Returns 1 on success and 0 on failure.
+ */
+/*
+ * |num_words| is int because bn_expand2 takes an int. This is an internal
+ * function so we simply trust callers not to pass negative values.
+ */
+int bn_set_words(BIGNUM *a, const BN_ULONG *words, int num_words);
+
+/*
+ * Some BIGNUM functions assume most significant limb to be non-zero, which
+ * is customarily arranged by bn_correct_top. Output from below functions
+ * is not processed with bn_correct_top, and for this reason it may not be
+ * returned out of public API. It may only be passed internally into other
+ * functions known to support non-minimal or zero-padded BIGNUMs. Even
+ * though the goal is to facilitate constant-time-ness, not each subroutine
+ * is constant-time by itself. They all have pre-conditions, consult source
+ * code...
+ */
+int bn_mul_mont_fixed_top(BIGNUM *r, const BIGNUM *a, const BIGNUM *b,
+ BN_MONT_CTX *mont, BN_CTX *ctx);
+int bn_to_mont_fixed_top(BIGNUM *r, const BIGNUM *a, BN_MONT_CTX *mont,
+ BN_CTX *ctx);
+int bn_from_mont_fixed_top(BIGNUM *r, const BIGNUM *a, BN_MONT_CTX *mont,
+ BN_CTX *ctx);
+int bn_mod_add_fixed_top(BIGNUM *r, const BIGNUM *a, const BIGNUM *b,
+ const BIGNUM *m);
+int bn_mod_sub_fixed_top(BIGNUM *r, const BIGNUM *a, const BIGNUM *b,
+ const BIGNUM *m);
+int bn_mul_fixed_top(BIGNUM *r, const BIGNUM *a, const BIGNUM *b, BN_CTX *ctx);
+int bn_sqr_fixed_top(BIGNUM *r, const BIGNUM *a, BN_CTX *ctx);
+int bn_lshift_fixed_top(BIGNUM *r, const BIGNUM *a, int n);
+int bn_rshift_fixed_top(BIGNUM *r, const BIGNUM *a, int n);
+int bn_div_fixed_top(BIGNUM *dv, BIGNUM *rem, const BIGNUM *m,
+ const BIGNUM *d, BN_CTX *ctx);
+
+#define BN_PRIMETEST_COMPOSITE 0
+#define BN_PRIMETEST_COMPOSITE_WITH_FACTOR 1
+#define BN_PRIMETEST_COMPOSITE_NOT_POWER_OF_PRIME 2
+#define BN_PRIMETEST_PROBABLY_PRIME 3
+
+int ossl_bn_miller_rabin_is_prime(const BIGNUM *w, int iterations, BN_CTX *ctx,
+ BN_GENCB *cb, int enhanced, int *status);
+
+const BIGNUM *ossl_bn_get0_small_factors(void);
+
+int ossl_bn_rsa_fips186_4_gen_prob_primes(BIGNUM *p, BIGNUM *Xpout,
+ BIGNUM *p1, BIGNUM *p2,
+ const BIGNUM *Xp, const BIGNUM *Xp1,
+ const BIGNUM *Xp2, int nlen,
+ const BIGNUM *e, BN_CTX *ctx,
+ BN_GENCB *cb);
+
+int ossl_bn_rsa_fips186_4_derive_prime(BIGNUM *Y, BIGNUM *X, const BIGNUM *Xin,
+ const BIGNUM *r1, const BIGNUM *r2,
+ int nlen, const BIGNUM *e, BN_CTX *ctx,
+ BN_GENCB *cb);
+
+OSSL_LIB_CTX *ossl_bn_get_libctx(BN_CTX *ctx);
+
+extern const BIGNUM ossl_bn_inv_sqrt_2;
+
+#endif
diff --git a/include/crypto/bn_conf.h b/include/crypto/bn_conf.h
new file mode 100644
index 00000000..a6f73d4a
--- /dev/null
+++ b/include/crypto/bn_conf.h
@@ -0,0 +1,29 @@
+/* WARNING: do not edit! */
+/* Generated by makefile from include\crypto\bn_conf.h.in */
+/*
+ * Copyright 2016-2021 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the Apache License 2.0 (the "License"). You may not use
+ * this file except in compliance with the License. You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#ifndef OSSL_CRYPTO_BN_CONF_H
+# define OSSL_CRYPTO_BN_CONF_H
+# pragma once
+
+/*
+ * The contents of this file are not used in the UEFI build, as
+ * both 32-bit and 64-bit builds are supported from a single run
+ * of the Configure script.
+ */
+
+/* Should we define BN_DIV2W here? */
+
+/* Only one for the following should be defined */
+#undef SIXTY_FOUR_BIT_LONG
+#define SIXTY_FOUR_BIT
+#undef THIRTY_TWO_BIT
+
+#endif
diff --git a/include/crypto/bn_conf.h.in b/include/crypto/bn_conf.h.in
new file mode 100644
index 00000000..dbc901b1
--- /dev/null
+++ b/include/crypto/bn_conf.h.in
@@ -0,0 +1,28 @@
+{- join("\n",map { "/* $_ */" } @autowarntext) -}
+/*
+ * Copyright 2016-2021 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the Apache License 2.0 (the "License"). You may not use
+ * this file except in compliance with the License. You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#ifndef OSSL_CRYPTO_BN_CONF_H
+# define OSSL_CRYPTO_BN_CONF_H
+# pragma once
+
+/*
+ * The contents of this file are not used in the UEFI build, as
+ * both 32-bit and 64-bit builds are supported from a single run
+ * of the Configure script.
+ */
+
+/* Should we define BN_DIV2W here? */
+
+/* Only one for the following should be defined */
+{- $config{b64l} ? "#define" : "#undef" -} SIXTY_FOUR_BIT_LONG
+{- $config{b64} ? "#define" : "#undef" -} SIXTY_FOUR_BIT
+{- $config{b32} ? "#define" : "#undef" -} THIRTY_TWO_BIT
+
+#endif
diff --git a/include/crypto/bn_dh.h b/include/crypto/bn_dh.h
new file mode 100644
index 00000000..6d12c20e
--- /dev/null
+++ b/include/crypto/bn_dh.h
@@ -0,0 +1,43 @@
+/*
+ * Copyright 2015-2021 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the Apache License 2.0 (the "License"). You may not use
+ * this file except in compliance with the License. You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#define declare_dh_bn(x) \
+ extern const BIGNUM ossl_bignum_dh##x##_p; \
+ extern const BIGNUM ossl_bignum_dh##x##_q; \
+ extern const BIGNUM ossl_bignum_dh##x##_g; \
+
+declare_dh_bn(1024_160)
+declare_dh_bn(2048_224)
+declare_dh_bn(2048_256)
+
+extern const BIGNUM ossl_bignum_const_2;
+
+extern const BIGNUM ossl_bignum_ffdhe2048_p;
+extern const BIGNUM ossl_bignum_ffdhe3072_p;
+extern const BIGNUM ossl_bignum_ffdhe4096_p;
+extern const BIGNUM ossl_bignum_ffdhe6144_p;
+extern const BIGNUM ossl_bignum_ffdhe8192_p;
+extern const BIGNUM ossl_bignum_ffdhe2048_q;
+extern const BIGNUM ossl_bignum_ffdhe3072_q;
+extern const BIGNUM ossl_bignum_ffdhe4096_q;
+extern const BIGNUM ossl_bignum_ffdhe6144_q;
+extern const BIGNUM ossl_bignum_ffdhe8192_q;
+
+extern const BIGNUM ossl_bignum_modp_1536_p;
+extern const BIGNUM ossl_bignum_modp_2048_p;
+extern const BIGNUM ossl_bignum_modp_3072_p;
+extern const BIGNUM ossl_bignum_modp_4096_p;
+extern const BIGNUM ossl_bignum_modp_6144_p;
+extern const BIGNUM ossl_bignum_modp_8192_p;
+extern const BIGNUM ossl_bignum_modp_1536_q;
+extern const BIGNUM ossl_bignum_modp_2048_q;
+extern const BIGNUM ossl_bignum_modp_3072_q;
+extern const BIGNUM ossl_bignum_modp_4096_q;
+extern const BIGNUM ossl_bignum_modp_6144_q;
+extern const BIGNUM ossl_bignum_modp_8192_q;
diff --git a/include/crypto/bn_srp.h b/include/crypto/bn_srp.h
new file mode 100644
index 00000000..00b160aa
--- /dev/null
+++ b/include/crypto/bn_srp.h
@@ -0,0 +1,32 @@
+/*
+ * Copyright 2014-2021 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the Apache License 2.0 (the "License"). You may not use
+ * this file except in compliance with the License. You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#ifndef OPENSSL_NO_SRP
+
+extern const BIGNUM ossl_bn_group_1024;
+
+extern const BIGNUM ossl_bn_group_1536;
+
+extern const BIGNUM ossl_bn_group_2048;
+
+extern const BIGNUM ossl_bn_group_3072;
+
+extern const BIGNUM ossl_bn_group_4096;
+
+extern const BIGNUM ossl_bn_group_6144;
+
+extern const BIGNUM ossl_bn_group_8192;
+
+extern const BIGNUM ossl_bn_generator_19;
+
+extern const BIGNUM ossl_bn_generator_5;
+
+extern const BIGNUM ossl_bn_generator_2;
+
+#endif
diff --git a/include/crypto/bnerr.h b/include/crypto/bnerr.h
new file mode 100644
index 00000000..7282c915
--- /dev/null
+++ b/include/crypto/bnerr.h
@@ -0,0 +1,27 @@
+/*
+ * Generated by util/mkerr.pl DO NOT EDIT
+ * Copyright 2020-2021 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the Apache License 2.0 (the "License"). You may not use
+ * this file except in compliance with the License. You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#ifndef OSSL_CRYPTO_BNERR_H
+# define OSSL_CRYPTO_BNERR_H
+# pragma once
+
+# include <openssl/opensslconf.h>
+# include <openssl/symhacks.h>
+
+# ifdef __cplusplus
+extern "C" {
+# endif
+
+int ossl_err_load_BN_strings(void);
+
+# ifdef __cplusplus
+}
+# endif
+#endif
diff --git a/include/crypto/buffererr.h b/include/crypto/buffererr.h
new file mode 100644
index 00000000..54976d95
--- /dev/null
+++ b/include/crypto/buffererr.h
@@ -0,0 +1,27 @@
+/*
+ * Generated by util/mkerr.pl DO NOT EDIT
+ * Copyright 2020-2021 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the Apache License 2.0 (the "License"). You may not use
+ * this file except in compliance with the License. You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#ifndef OSSL_CRYPTO_BUFFERERR_H
+# define OSSL_CRYPTO_BUFFERERR_H
+# pragma once
+
+# include <openssl/opensslconf.h>
+# include <openssl/symhacks.h>
+
+# ifdef __cplusplus
+extern "C" {
+# endif
+
+int ossl_err_load_BUF_strings(void);
+
+# ifdef __cplusplus
+}
+# endif
+#endif
diff --git a/include/crypto/chacha.h b/include/crypto/chacha.h
new file mode 100644
index 00000000..d29998ff
--- /dev/null
+++ b/include/crypto/chacha.h
@@ -0,0 +1,43 @@
+/*
+ * Copyright 2015-2021 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the Apache License 2.0 (the "License"). You may not use
+ * this file except in compliance with the License. You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#ifndef OSSL_CRYPTO_CHACHA_H
+#define OSSL_CRYPTO_CHACHA_H
+# pragma once
+
+#include <stddef.h>
+
+/*
+ * ChaCha20_ctr32 encrypts |len| bytes from |inp| with the given key and
+ * nonce and writes the result to |out|, which may be equal to |inp|.
+ * The |key| is not 32 bytes of verbatim key material though, but the
+ * said material collected into 8 32-bit elements array in host byte
+ * order. Same approach applies to nonce: the |counter| argument is
+ * pointer to concatenated nonce and counter values collected into 4
+ * 32-bit elements. This, passing crypto material collected into 32-bit
+ * elements as opposite to passing verbatim byte vectors, is chosen for
+ * efficiency in multi-call scenarios.
+ */
+void ChaCha20_ctr32(unsigned char *out, const unsigned char *inp,
+ size_t len, const unsigned int key[8],
+ const unsigned int counter[4]);
+/*
+ * You can notice that there is no key setup procedure. Because it's
+ * as trivial as collecting bytes into 32-bit elements, it's reckoned
+ * that below macro is sufficient.
+ */
+#define CHACHA_U8TOU32(p) ( \
+ ((unsigned int)(p)[0]) | ((unsigned int)(p)[1]<<8) | \
+ ((unsigned int)(p)[2]<<16) | ((unsigned int)(p)[3]<<24) )
+
+#define CHACHA_KEY_SIZE 32
+#define CHACHA_CTR_SIZE 16
+#define CHACHA_BLK_SIZE 64
+
+#endif
diff --git a/include/crypto/cmll_platform.h b/include/crypto/cmll_platform.h
new file mode 100644
index 00000000..8cadadf6
--- /dev/null
+++ b/include/crypto/cmll_platform.h
@@ -0,0 +1,51 @@
+/*
+ * Copyright 2019-2021 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the Apache License 2.0 (the "License"). You may not use
+ * this file except in compliance with the License. You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#ifndef OSSL_CMLL_PLATFORM_H
+# define OSSL_CMLL_PLATFORM_H
+# pragma once
+
+# if defined(CMLL_ASM) && (defined(__sparc) || defined(__sparc__))
+
+/* Fujitsu SPARC64 X support */
+# include "crypto/sparc_arch.h"
+
+# ifndef OPENSSL_NO_CAMELLIA
+# define SPARC_CMLL_CAPABLE (OPENSSL_sparcv9cap_P[1] & CFR_CAMELLIA)
+# include <openssl/camellia.h>
+
+void cmll_t4_set_key(const unsigned char *key, int bits, CAMELLIA_KEY *ks);
+void cmll_t4_encrypt(const unsigned char *in, unsigned char *out,
+ const CAMELLIA_KEY *key);
+void cmll_t4_decrypt(const unsigned char *in, unsigned char *out,
+ const CAMELLIA_KEY *key);
+
+void cmll128_t4_cbc_encrypt(const unsigned char *in, unsigned char *out,
+ size_t len, const CAMELLIA_KEY *key,
+ unsigned char *ivec, int /*unused*/);
+void cmll128_t4_cbc_decrypt(const unsigned char *in, unsigned char *out,
+ size_t len, const CAMELLIA_KEY *key,
+ unsigned char *ivec, int /*unused*/);
+void cmll256_t4_cbc_encrypt(const unsigned char *in, unsigned char *out,
+ size_t len, const CAMELLIA_KEY *key,
+ unsigned char *ivec, int /*unused*/);
+void cmll256_t4_cbc_decrypt(const unsigned char *in, unsigned char *out,
+ size_t len, const CAMELLIA_KEY *key,
+ unsigned char *ivec, int /*unused*/);
+void cmll128_t4_ctr32_encrypt(const unsigned char *in, unsigned char *out,
+ size_t blocks, const CAMELLIA_KEY *key,
+ unsigned char *ivec);
+void cmll256_t4_ctr32_encrypt(const unsigned char *in, unsigned char *out,
+ size_t blocks, const CAMELLIA_KEY *key,
+ unsigned char *ivec);
+# endif /* OPENSSL_NO_CAMELLIA */
+
+# endif /* CMLL_ASM && sparc */
+
+#endif /* OSSL_CRYPTO_CIPHERMODE_PLATFORM_H */
diff --git a/include/crypto/cmperr.h b/include/crypto/cmperr.h
new file mode 100644
index 00000000..ac61dd48
--- /dev/null
+++ b/include/crypto/cmperr.h
@@ -0,0 +1,30 @@
+/*
+ * Generated by util/mkerr.pl DO NOT EDIT
+ * Copyright 2020-2021 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the Apache License 2.0 (the "License"). You may not use
+ * this file except in compliance with the License. You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#ifndef OSSL_CRYPTO_CMPERR_H
+# define OSSL_CRYPTO_CMPERR_H
+# pragma once
+
+# include <openssl/opensslconf.h>
+# include <openssl/symhacks.h>
+
+# ifdef __cplusplus
+extern "C" {
+# endif
+
+# ifndef OPENSSL_NO_CMP
+
+int ossl_err_load_CMP_strings(void);
+# endif
+
+# ifdef __cplusplus
+}
+# endif
+#endif
diff --git a/include/crypto/cmserr.h b/include/crypto/cmserr.h
new file mode 100644
index 00000000..1de2f9c7
--- /dev/null
+++ b/include/crypto/cmserr.h
@@ -0,0 +1,30 @@
+/*
+ * Generated by util/mkerr.pl DO NOT EDIT
+ * Copyright 2020-2021 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the Apache License 2.0 (the "License"). You may not use
+ * this file except in compliance with the License. You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#ifndef OSSL_CRYPTO_CMSERR_H
+# define OSSL_CRYPTO_CMSERR_H
+# pragma once
+
+# include <openssl/opensslconf.h>
+# include <openssl/symhacks.h>
+
+# ifdef __cplusplus
+extern "C" {
+# endif
+
+# ifndef OPENSSL_NO_CMS
+
+int ossl_err_load_CMS_strings(void);
+# endif
+
+# ifdef __cplusplus
+}
+# endif
+#endif
diff --git a/include/crypto/comperr.h b/include/crypto/comperr.h
new file mode 100644
index 00000000..0fd9c6de
--- /dev/null
+++ b/include/crypto/comperr.h
@@ -0,0 +1,30 @@
+/*
+ * Generated by util/mkerr.pl DO NOT EDIT
+ * Copyright 2020-2021 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the Apache License 2.0 (the "License"). You may not use
+ * this file except in compliance with the License. You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#ifndef OSSL_CRYPTO_COMPERR_H
+# define OSSL_CRYPTO_COMPERR_H
+# pragma once
+
+# include <openssl/opensslconf.h>
+# include <openssl/symhacks.h>
+
+# ifdef __cplusplus
+extern "C" {
+# endif
+
+# ifndef OPENSSL_NO_COMP
+
+int ossl_err_load_COMP_strings(void);
+# endif
+
+# ifdef __cplusplus
+}
+# endif
+#endif
diff --git a/include/crypto/conferr.h b/include/crypto/conferr.h
new file mode 100644
index 00000000..cb367e4f
--- /dev/null
+++ b/include/crypto/conferr.h
@@ -0,0 +1,27 @@
+/*
+ * Generated by util/mkerr.pl DO NOT EDIT
+ * Copyright 2020-2021 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the Apache License 2.0 (the "License"). You may not use
+ * this file except in compliance with the License. You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#ifndef OSSL_CRYPTO_CONFERR_H
+# define OSSL_CRYPTO_CONFERR_H
+# pragma once
+
+# include <openssl/opensslconf.h>
+# include <openssl/symhacks.h>
+
+# ifdef __cplusplus
+extern "C" {
+# endif
+
+int ossl_err_load_CONF_strings(void);
+
+# ifdef __cplusplus
+}
+# endif
+#endif
diff --git a/include/crypto/crmferr.h b/include/crypto/crmferr.h
new file mode 100644
index 00000000..f1a27e04
--- /dev/null
+++ b/include/crypto/crmferr.h
@@ -0,0 +1,30 @@
+/*
+ * Generated by util/mkerr.pl DO NOT EDIT
+ * Copyright 2020-2021 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the Apache License 2.0 (the "License"). You may not use
+ * this file except in compliance with the License. You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#ifndef OSSL_CRYPTO_CRMFERR_H
+# define OSSL_CRYPTO_CRMFERR_H
+# pragma once
+
+# include <openssl/opensslconf.h>
+# include <openssl/symhacks.h>
+
+# ifdef __cplusplus
+extern "C" {
+# endif
+
+# ifndef OPENSSL_NO_CRMF
+
+int ossl_err_load_CRMF_strings(void);
+# endif
+
+# ifdef __cplusplus
+}
+# endif
+#endif
diff --git a/include/crypto/cryptlib.h b/include/crypto/cryptlib.h
new file mode 100644
index 00000000..39a956bf
--- /dev/null
+++ b/include/crypto/cryptlib.h
@@ -0,0 +1,39 @@
+/*
+ * Copyright 2016-2021 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the Apache License 2.0 (the "License"). You may not use
+ * this file except in compliance with the License. You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#ifndef OSSL_CRYPTO_CRYPTLIB_H
+# define OSSL_CRYPTO_CRYPTLIB_H
+# pragma once
+
+# include <openssl/core.h>
+# include "internal/cryptlib.h"
+
+/* This file is not scanned by mkdef.pl, whereas cryptlib.h is */
+
+int ossl_init_thread_start(const void *index, void *arg,
+ OSSL_thread_stop_handler_fn handfn);
+int ossl_init_thread_deregister(void *index);
+int ossl_init_thread(void);
+void ossl_cleanup_thread(void);
+void ossl_ctx_thread_stop(OSSL_LIB_CTX *ctx);
+
+/*
+ * OPENSSL_INIT flags. The primary list of these is in crypto.h. Flags below
+ * are those omitted from crypto.h because they are "reserved for internal
+ * use".
+ */
+# define OPENSSL_INIT_BASE_ONLY 0x00040000L
+
+void ossl_trace_cleanup(void);
+void ossl_malloc_setup_failures(void);
+
+int ossl_crypto_alloc_ex_data_intern(int class_index, void *obj,
+ CRYPTO_EX_DATA *ad, int idx);
+
+#endif /* OSSL_CRYPTO_CRYPTLIB_H */
diff --git a/include/crypto/cryptoerr.h b/include/crypto/cryptoerr.h
new file mode 100644
index 00000000..288b87ac
--- /dev/null
+++ b/include/crypto/cryptoerr.h
@@ -0,0 +1,27 @@
+/*
+ * Generated by util/mkerr.pl DO NOT EDIT
+ * Copyright 2020-2021 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the Apache License 2.0 (the "License"). You may not use
+ * this file except in compliance with the License. You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#ifndef OSSL_CRYPTO_CRYPTOERR_H
+# define OSSL_CRYPTO_CRYPTOERR_H
+# pragma once
+
+# include <openssl/opensslconf.h>
+# include <openssl/symhacks.h>
+
+# ifdef __cplusplus
+extern "C" {
+# endif
+
+int ossl_err_load_CRYPTO_strings(void);
+
+# ifdef __cplusplus
+}
+# endif
+#endif
diff --git a/include/crypto/cterr.h b/include/crypto/cterr.h
new file mode 100644
index 00000000..760bc796
--- /dev/null
+++ b/include/crypto/cterr.h
@@ -0,0 +1,30 @@
+/*
+ * Generated by util/mkerr.pl DO NOT EDIT
+ * Copyright 2020-2021 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the Apache License 2.0 (the "License"). You may not use
+ * this file except in compliance with the License. You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#ifndef OSSL_CRYPTO_CTERR_H
+# define OSSL_CRYPTO_CTERR_H
+# pragma once
+
+# include <openssl/opensslconf.h>
+# include <openssl/symhacks.h>
+
+# ifdef __cplusplus
+extern "C" {
+# endif
+
+# ifndef OPENSSL_NO_CT
+
+int ossl_err_load_CT_strings(void);
+# endif
+
+# ifdef __cplusplus
+}
+# endif
+#endif
diff --git a/include/crypto/ctype.h b/include/crypto/ctype.h
new file mode 100644
index 00000000..a35c137e
--- /dev/null
+++ b/include/crypto/ctype.h
@@ -0,0 +1,83 @@
+/*
+ * Copyright 2017-2021 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the Apache License 2.0 (the "License"). You may not use
+ * this file except in compliance with the License. You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+/*
+ * This version of ctype.h provides a standardised and platform
+ * independent implementation that supports seven bit ASCII characters.
+ * The specific intent is to not pass extended ASCII characters (> 127)
+ * even if the host operating system would.
+ *
+ * There is EBCDIC support included for machines which use this. However,
+ * there are a number of concerns about how well EBCDIC is supported
+ * throughout the rest of the source code. Refer to issue #4154 for
+ * details.
+ */
+#ifndef OSSL_CRYPTO_CTYPE_H
+# define OSSL_CRYPTO_CTYPE_H
+# pragma once
+
+# define CTYPE_MASK_lower 0x1
+# define CTYPE_MASK_upper 0x2
+# define CTYPE_MASK_digit 0x4
+# define CTYPE_MASK_space 0x8
+# define CTYPE_MASK_xdigit 0x10
+# define CTYPE_MASK_blank 0x20
+# define CTYPE_MASK_cntrl 0x40
+# define CTYPE_MASK_graph 0x80
+# define CTYPE_MASK_print 0x100
+# define CTYPE_MASK_punct 0x200
+# define CTYPE_MASK_base64 0x400
+# define CTYPE_MASK_asn1print 0x800
+
+# define CTYPE_MASK_alpha (CTYPE_MASK_lower | CTYPE_MASK_upper)
+# define CTYPE_MASK_alnum (CTYPE_MASK_alpha | CTYPE_MASK_digit)
+
+/*
+ * The ascii mask assumes that any other classification implies that
+ * the character is ASCII and that there are no ASCII characters
+ * that aren't in any of the classifications.
+ *
+ * This assumption holds at the moment, but it might not in the future.
+ */
+# define CTYPE_MASK_ascii (~0)
+
+# ifdef CHARSET_EBCDIC
+int ossl_toascii(int c);
+int ossl_fromascii(int c);
+# else
+# define ossl_toascii(c) (c)
+# define ossl_fromascii(c) (c)
+# endif
+int ossl_ctype_check(int c, unsigned int mask);
+int ossl_tolower(int c);
+int ossl_toupper(int c);
+
+int ossl_ascii_isdigit(const char inchar);
+
+# define ossl_isalnum(c) (ossl_ctype_check((c), CTYPE_MASK_alnum))
+# define ossl_isalpha(c) (ossl_ctype_check((c), CTYPE_MASK_alpha))
+# ifdef CHARSET_EBCDIC
+# define ossl_isascii(c) (ossl_ctype_check((c), CTYPE_MASK_ascii))
+# else
+# define ossl_isascii(c) (((c) & ~127) == 0)
+# endif
+# define ossl_isblank(c) (ossl_ctype_check((c), CTYPE_MASK_blank))
+# define ossl_iscntrl(c) (ossl_ctype_check((c), CTYPE_MASK_cntrl))
+# define ossl_isdigit(c) (ossl_ctype_check((c), CTYPE_MASK_digit))
+# define ossl_isgraph(c) (ossl_ctype_check((c), CTYPE_MASK_graph))
+# define ossl_islower(c) (ossl_ctype_check((c), CTYPE_MASK_lower))
+# define ossl_isprint(c) (ossl_ctype_check((c), CTYPE_MASK_print))
+# define ossl_ispunct(c) (ossl_ctype_check((c), CTYPE_MASK_punct))
+# define ossl_isspace(c) (ossl_ctype_check((c), CTYPE_MASK_space))
+# define ossl_isupper(c) (ossl_ctype_check((c), CTYPE_MASK_upper))
+# define ossl_isxdigit(c) (ossl_ctype_check((c), CTYPE_MASK_xdigit))
+# define ossl_isbase64(c) (ossl_ctype_check((c), CTYPE_MASK_base64))
+# define ossl_isasn1print(c) (ossl_ctype_check((c), CTYPE_MASK_asn1print))
+
+#endif
diff --git a/include/crypto/decoder.h b/include/crypto/decoder.h
new file mode 100644
index 00000000..cc06ef29
--- /dev/null
+++ b/include/crypto/decoder.h
@@ -0,0 +1,42 @@
+/*
+ * Copyright 2020-2021 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the Apache License 2.0 (the "License"). You may not use
+ * this file except in compliance with the License. You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#ifndef OSSL_CRYPTO_DECODER_H
+# define OSSL_CRYPTO_DECODER_H
+# pragma once
+
+# include <openssl/decoder.h>
+
+OSSL_DECODER *ossl_decoder_fetch_by_number(OSSL_LIB_CTX *libctx,
+ int id,
+ const char *properties);
+
+/*
+ * These are specially made for the 'file:' provider-native loader, which
+ * uses this to install a DER to anything decoder, which doesn't do much
+ * except read a DER blob and pass it on as a provider object abstraction
+ * (provider-object(7)).
+ */
+void *ossl_decoder_from_algorithm(int id, const OSSL_ALGORITHM *algodef,
+ OSSL_PROVIDER *prov);
+
+OSSL_DECODER_INSTANCE *
+ossl_decoder_instance_new(OSSL_DECODER *decoder, void *decoderctx);
+void ossl_decoder_instance_free(OSSL_DECODER_INSTANCE *decoder_inst);
+int ossl_decoder_ctx_add_decoder_inst(OSSL_DECODER_CTX *ctx,
+ OSSL_DECODER_INSTANCE *di);
+
+int ossl_decoder_ctx_setup_for_pkey(OSSL_DECODER_CTX *ctx,
+ EVP_PKEY **pkey, const char *keytype,
+ OSSL_LIB_CTX *libctx,
+ const char *propquery);
+
+int ossl_decoder_get_number(const OSSL_DECODER *encoder);
+
+#endif
diff --git a/include/crypto/decodererr.h b/include/crypto/decodererr.h
new file mode 100644
index 00000000..d7badc43
--- /dev/null
+++ b/include/crypto/decodererr.h
@@ -0,0 +1,27 @@
+/*
+ * Generated by util/mkerr.pl DO NOT EDIT
+ * Copyright 2020-2021 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the Apache License 2.0 (the "License"). You may not use
+ * this file except in compliance with the License. You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#ifndef OSSL_CRYPTO_DECODERERR_H
+# define OSSL_CRYPTO_DECODERERR_H
+# pragma once
+
+# include <openssl/opensslconf.h>
+# include <openssl/symhacks.h>
+
+# ifdef __cplusplus
+extern "C" {
+# endif
+
+int ossl_err_load_OSSL_DECODER_strings(void);
+
+# ifdef __cplusplus
+}
+# endif
+#endif
diff --git a/include/crypto/des_platform.h b/include/crypto/des_platform.h
new file mode 100644
index 00000000..07ea1ddd
--- /dev/null
+++ b/include/crypto/des_platform.h
@@ -0,0 +1,35 @@
+/*
+ * Copyright 2019-2021 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the Apache License 2.0 (the "License"). You may not use
+ * this file except in compliance with the License. You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#ifndef OSSL_DES_PLATFORM_H
+# define OSSL_DES_PLATFORM_H
+# pragma once
+
+# if defined(DES_ASM) && (defined(__sparc) || defined(__sparc__))
+
+/* Fujitsu SPARC64 X support */
+# include "crypto/sparc_arch.h"
+
+# ifndef OPENSSL_NO_DES
+# define SPARC_DES_CAPABLE (OPENSSL_sparcv9cap_P[1] & CFR_DES)
+# include <openssl/des.h>
+void des_t4_key_expand(const void *key, DES_key_schedule *ks);
+void des_t4_ede3_cbc_encrypt(const void *inp, void *out, size_t len,
+ const DES_key_schedule ks[3], unsigned char iv[8]);
+void des_t4_ede3_cbc_decrypt(const void *inp, void *out, size_t len,
+ const DES_key_schedule ks[3], unsigned char iv[8]);
+void des_t4_cbc_encrypt(const void *inp, void *out, size_t len,
+ const DES_key_schedule *ks, unsigned char iv[8]);
+void des_t4_cbc_decrypt(const void *inp, void *out, size_t len,
+ const DES_key_schedule *ks, unsigned char iv[8]);
+# endif /* OPENSSL_NO_DES */
+
+# endif /* DES_ASM && sparc */
+
+#endif /* OSSL_CRYPTO_CIPHERMODE_PLATFORM_H */
diff --git a/include/crypto/dh.h b/include/crypto/dh.h
new file mode 100644
index 00000000..f6be4ae0
--- /dev/null
+++ b/include/crypto/dh.h
@@ -0,0 +1,61 @@
+/*
+ * Copyright 2020-2021 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the Apache License 2.0 (the "License"). You may not use
+ * this file except in compliance with the License. You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#ifndef OSSL_CRYPTO_DH_H
+# define OSSL_CRYPTO_DH_H
+# pragma once
+
+# include <openssl/core.h>
+# include <openssl/params.h>
+# include <openssl/dh.h>
+# include "internal/ffc.h"
+
+DH *ossl_dh_new_by_nid_ex(OSSL_LIB_CTX *libctx, int nid);
+DH *ossl_dh_new_ex(OSSL_LIB_CTX *libctx);
+void ossl_dh_set0_libctx(DH *d, OSSL_LIB_CTX *libctx);
+int ossl_dh_generate_ffc_parameters(DH *dh, int type, int pbits, int qbits,
+ BN_GENCB *cb);
+int ossl_dh_generate_public_key(BN_CTX *ctx, const DH *dh,
+ const BIGNUM *priv_key, BIGNUM *pub_key);
+int ossl_dh_get_named_group_uid_from_size(int pbits);
+const char *ossl_dh_gen_type_id2name(int id);
+int ossl_dh_gen_type_name2id(const char *name, int type);
+void ossl_dh_cache_named_group(DH *dh);
+int ossl_dh_is_named_safe_prime_group(const DH *dh);
+
+FFC_PARAMS *ossl_dh_get0_params(DH *dh);
+int ossl_dh_get0_nid(const DH *dh);
+int ossl_dh_params_fromdata(DH *dh, const OSSL_PARAM params[]);
+int ossl_dh_key_fromdata(DH *dh, const OSSL_PARAM params[]);
+int ossl_dh_params_todata(DH *dh, OSSL_PARAM_BLD *bld, OSSL_PARAM params[]);
+int ossl_dh_key_todata(DH *dh, OSSL_PARAM_BLD *bld, OSSL_PARAM params[]);
+DH *ossl_dh_key_from_pkcs8(const PKCS8_PRIV_KEY_INFO *p8inf,
+ OSSL_LIB_CTX *libctx, const char *propq);
+int ossl_dh_compute_key(unsigned char *key, const BIGNUM *pub_key, DH *dh);
+
+int ossl_dh_check_pub_key_partial(const DH *dh, const BIGNUM *pub_key, int *ret);
+int ossl_dh_check_priv_key(const DH *dh, const BIGNUM *priv_key, int *ret);
+int ossl_dh_check_pairwise(const DH *dh);
+
+const DH_METHOD *ossl_dh_get_method(const DH *dh);
+
+int ossl_dh_buf2key(DH *key, const unsigned char *buf, size_t len);
+size_t ossl_dh_key2buf(const DH *dh, unsigned char **pbuf, size_t size,
+ int alloc);
+
+int ossl_dh_kdf_X9_42_asn1(unsigned char *out, size_t outlen,
+ const unsigned char *Z, size_t Zlen,
+ const char *cek_alg,
+ const unsigned char *ukm, size_t ukmlen,
+ const EVP_MD *md,
+ OSSL_LIB_CTX *libctx, const char *propq);
+int ossl_dh_is_foreign(const DH *dh);
+DH *ossl_dh_dup(const DH *dh, int selection);
+
+#endif /* OSSL_CRYPTO_DH_H */
diff --git a/include/crypto/dherr.h b/include/crypto/dherr.h
new file mode 100644
index 00000000..bb24d131
--- /dev/null
+++ b/include/crypto/dherr.h
@@ -0,0 +1,30 @@
+/*
+ * Generated by util/mkerr.pl DO NOT EDIT
+ * Copyright 2020-2021 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the Apache License 2.0 (the "License"). You may not use
+ * this file except in compliance with the License. You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#ifndef OSSL_CRYPTO_DHERR_H
+# define OSSL_CRYPTO_DHERR_H
+# pragma once
+
+# include <openssl/opensslconf.h>
+# include <openssl/symhacks.h>
+
+# ifdef __cplusplus
+extern "C" {
+# endif
+
+# ifndef OPENSSL_NO_DH
+
+int ossl_err_load_DH_strings(void);
+# endif
+
+# ifdef __cplusplus
+}
+# endif
+#endif
diff --git a/include/crypto/dsa.h b/include/crypto/dsa.h
new file mode 100644
index 00000000..eedbd8c7
--- /dev/null
+++ b/include/crypto/dsa.h
@@ -0,0 +1,48 @@
+/*
+ * Copyright 2019-2021 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the Apache License 2.0 (the "License"). You may not use
+ * this file except in compliance with the License. You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#ifndef OSSL_CRYPTO_DSAERR_H
+# define OSSL_CRYPTO_DSAERR_H
+# pragma once
+
+# include <openssl/core.h>
+# include <openssl/dsa.h>
+# include "internal/ffc.h"
+
+#define DSA_PARAMGEN_TYPE_FIPS_186_4 0 /* Use FIPS186-4 standard */
+#define DSA_PARAMGEN_TYPE_FIPS_186_2 1 /* Use legacy FIPS186-2 standard */
+#define DSA_PARAMGEN_TYPE_FIPS_DEFAULT 2
+
+DSA *ossl_dsa_new(OSSL_LIB_CTX *libctx);
+void ossl_dsa_set0_libctx(DSA *d, OSSL_LIB_CTX *libctx);
+
+int ossl_dsa_generate_ffc_parameters(DSA *dsa, int type, int pbits, int qbits,
+ BN_GENCB *cb);
+
+int ossl_dsa_sign_int(int type, const unsigned char *dgst, int dlen,
+ unsigned char *sig, unsigned int *siglen, DSA *dsa);
+
+FFC_PARAMS *ossl_dsa_get0_params(DSA *dsa);
+int ossl_dsa_ffc_params_fromdata(DSA *dsa, const OSSL_PARAM params[]);
+int ossl_dsa_key_fromdata(DSA *dsa, const OSSL_PARAM params[]);
+DSA *ossl_dsa_key_from_pkcs8(const PKCS8_PRIV_KEY_INFO *p8inf,
+ OSSL_LIB_CTX *libctx, const char *propq);
+
+int ossl_dsa_generate_public_key(BN_CTX *ctx, const DSA *dsa,
+ const BIGNUM *priv_key, BIGNUM *pub_key);
+int ossl_dsa_check_params(const DSA *dsa, int checktype, int *ret);
+int ossl_dsa_check_pub_key(const DSA *dsa, const BIGNUM *pub_key, int *ret);
+int ossl_dsa_check_pub_key_partial(const DSA *dsa, const BIGNUM *pub_key,
+ int *ret);
+int ossl_dsa_check_priv_key(const DSA *dsa, const BIGNUM *priv_key, int *ret);
+int ossl_dsa_check_pairwise(const DSA *dsa);
+int ossl_dsa_is_foreign(const DSA *dsa);
+DSA *ossl_dsa_dup(const DSA *dsa, int selection);
+
+#endif
diff --git a/include/crypto/dsaerr.h b/include/crypto/dsaerr.h
new file mode 100644
index 00000000..9898097d
--- /dev/null
+++ b/include/crypto/dsaerr.h
@@ -0,0 +1,30 @@
+/*
+ * Generated by util/mkerr.pl DO NOT EDIT
+ * Copyright 2020-2021 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the Apache License 2.0 (the "License"). You may not use
+ * this file except in compliance with the License. You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#ifndef OSSL_CRYPTO_DSAERR_H
+# define OSSL_CRYPTO_DSAERR_H
+# pragma once
+
+# include <openssl/opensslconf.h>
+# include <openssl/symhacks.h>
+
+# ifdef __cplusplus
+extern "C" {
+# endif
+
+# ifndef OPENSSL_NO_DSA
+
+int ossl_err_load_DSA_strings(void);
+# endif
+
+# ifdef __cplusplus
+}
+# endif
+#endif
diff --git a/include/crypto/dso_conf.h b/include/crypto/dso_conf.h
new file mode 100644
index 00000000..99514321
--- /dev/null
+++ b/include/crypto/dso_conf.h
@@ -0,0 +1,18 @@
+/* WARNING: do not edit! */
+/* Generated by makefile from include\crypto\dso_conf.h.in */
+/*
+ * Copyright 2016-2021 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the Apache License 2.0 (the "License"). You may not use
+ * this file except in compliance with the License. You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#ifndef OSSL_CRYPTO_DSO_CONF_H
+# define OSSL_CRYPTO_DSO_CONF_H
+# pragma once
+
+# define DSO_WIN32
+# define DSO_EXTENSION ".dll"
+#endif
diff --git a/include/crypto/dso_conf.h.in b/include/crypto/dso_conf.h.in
new file mode 100644
index 00000000..12de11ad
--- /dev/null
+++ b/include/crypto/dso_conf.h.in
@@ -0,0 +1,33 @@
+{- join("\n",map { "/* $_ */" } @autowarntext) -}
+/*
+ * Copyright 2016-2021 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the Apache License 2.0 (the "License"). You may not use
+ * this file except in compliance with the License. You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#ifndef OSSL_CRYPTO_DSO_CONF_H
+# define OSSL_CRYPTO_DSO_CONF_H
+# pragma once
+
+{- # The DSO code currently always implements all functions so that no
+ # applications will have to worry about that from a compilation point
+ # of view. However, the "method"s may return zero unless that platform
+ # has support compiled in for them. Currently each method is enabled
+ # by a define "DSO_<name>" ... we translate the "dso_scheme" config
+ # string entry into using the following logic;
+ my $scheme = $disabled{dso} ? undef : uc $target{dso_scheme};
+ if (!$scheme) {
+ $scheme = "NONE";
+ }
+ my @macros = ( "DSO_$scheme" );
+ if ($scheme eq 'DLFCN') {
+ @macros = ( "DSO_DLFCN", "HAVE_DLFCN_H" );
+ } elsif ($scheme eq "DLFCN_NO_H") {
+ @macros = ( "DSO_DLFCN" );
+ }
+ join("\n", map { "# define $_" } @macros); -}
+# define DSO_EXTENSION "{- platform->dsoext() -}"
+#endif
diff --git a/include/crypto/ec.h b/include/crypto/ec.h
new file mode 100644
index 00000000..62163b31
--- /dev/null
+++ b/include/crypto/ec.h
@@ -0,0 +1,100 @@
+/*
+ * Copyright 2018-2021 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the Apache License 2.0 (the "License"). You may not use
+ * this file except in compliance with the License. You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+/* Internal EC functions for other submodules: not for application use */
+
+#ifndef OSSL_CRYPTO_EC_H
+# define OSSL_CRYPTO_EC_H
+# pragma once
+
+# include <openssl/opensslconf.h>
+# include <openssl/evp.h>
+
+int ossl_ec_curve_name2nid(const char *name);
+const char *ossl_ec_curve_nid2nist_int(int nid);
+int ossl_ec_curve_nist2nid_int(const char *name);
+int evp_pkey_ctx_set_ec_param_enc_prov(EVP_PKEY_CTX *ctx, int param_enc);
+
+# ifndef OPENSSL_NO_EC
+# include <openssl/core.h>
+# include <openssl/ec.h>
+# include "crypto/types.h"
+
+/*-
+ * Computes the multiplicative inverse of x in the range
+ * [1,EC_GROUP::order), where EC_GROUP::order is the cardinality of the
+ * subgroup generated by the generator G:
+ *
+ * res := x^(-1) (mod EC_GROUP::order).
+ *
+ * This function expects the following two conditions to hold:
+ * - the EC_GROUP order is prime, and
+ * - x is included in the range [1, EC_GROUP::order).
+ *
+ * This function returns 1 on success, 0 on error.
+ *
+ * If the EC_GROUP order is even, this function explicitly returns 0 as
+ * an error.
+ * In case any of the two conditions stated above is not satisfied,
+ * the correctness of its output is not guaranteed, even if the return
+ * value could still be 1 (as primality testing and a conditional modular
+ * reduction round on the input can be omitted by the underlying
+ * implementations for better SCA properties on regular input values).
+ */
+__owur int ossl_ec_group_do_inverse_ord(const EC_GROUP *group, BIGNUM *res,
+ const BIGNUM *x, BN_CTX *ctx);
+
+/*-
+ * ECDH Key Derivation Function as defined in ANSI X9.63
+ */
+int ossl_ecdh_kdf_X9_63(unsigned char *out, size_t outlen,
+ const unsigned char *Z, size_t Zlen,
+ const unsigned char *sinfo, size_t sinfolen,
+ const EVP_MD *md, OSSL_LIB_CTX *libctx,
+ const char *propq);
+
+int ossl_ec_key_public_check(const EC_KEY *eckey, BN_CTX *ctx);
+int ossl_ec_key_public_check_quick(const EC_KEY *eckey, BN_CTX *ctx);
+int ossl_ec_key_private_check(const EC_KEY *eckey);
+int ossl_ec_key_pairwise_check(const EC_KEY *eckey, BN_CTX *ctx);
+OSSL_LIB_CTX *ossl_ec_key_get_libctx(const EC_KEY *eckey);
+const char *ossl_ec_key_get0_propq(const EC_KEY *eckey);
+void ossl_ec_key_set0_libctx(EC_KEY *key, OSSL_LIB_CTX *libctx);
+
+/* Backend support */
+int ossl_ec_group_todata(const EC_GROUP *group, OSSL_PARAM_BLD *tmpl,
+ OSSL_PARAM params[], OSSL_LIB_CTX *libctx,
+ const char *propq,
+ BN_CTX *bnctx, unsigned char **genbuf);
+int ossl_ec_group_fromdata(EC_KEY *ec, const OSSL_PARAM params[]);
+int ossl_ec_group_set_params(EC_GROUP *group, const OSSL_PARAM params[]);
+int ossl_ec_key_fromdata(EC_KEY *ecx, const OSSL_PARAM params[],
+ int include_private);
+int ossl_ec_key_otherparams_fromdata(EC_KEY *ec, const OSSL_PARAM params[]);
+int ossl_ec_key_is_foreign(const EC_KEY *ec);
+EC_KEY *ossl_ec_key_dup(const EC_KEY *key, int selection);
+int ossl_x509_algor_is_sm2(const X509_ALGOR *palg);
+EC_KEY *ossl_ec_key_param_from_x509_algor(const X509_ALGOR *palg,
+ OSSL_LIB_CTX *libctx,
+ const char *propq);
+EC_KEY *ossl_ec_key_from_pkcs8(const PKCS8_PRIV_KEY_INFO *p8inf,
+ OSSL_LIB_CTX *libctx, const char *propq);
+
+int ossl_ec_set_ecdh_cofactor_mode(EC_KEY *ec, int mode);
+int ossl_ec_encoding_name2id(const char *name);
+int ossl_ec_encoding_param2id(const OSSL_PARAM *p, int *id);
+int ossl_ec_pt_format_name2id(const char *name);
+int ossl_ec_pt_format_param2id(const OSSL_PARAM *p, int *id);
+char *ossl_ec_pt_format_id2name(int id);
+
+char *ossl_ec_check_group_type_id2name(int flags);
+int ossl_ec_set_check_group_type_from_name(EC_KEY *ec, const char *name);
+
+# endif /* OPENSSL_NO_EC */
+#endif
diff --git a/include/crypto/ecerr.h b/include/crypto/ecerr.h
new file mode 100644
index 00000000..07b6c7aa
--- /dev/null
+++ b/include/crypto/ecerr.h
@@ -0,0 +1,30 @@
+/*
+ * Generated by util/mkerr.pl DO NOT EDIT
+ * Copyright 2020-2021 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the Apache License 2.0 (the "License"). You may not use
+ * this file except in compliance with the License. You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#ifndef OSSL_CRYPTO_ECERR_H
+# define OSSL_CRYPTO_ECERR_H
+# pragma once
+
+# include <openssl/opensslconf.h>
+# include <openssl/symhacks.h>
+
+# ifdef __cplusplus
+extern "C" {
+# endif
+
+# ifndef OPENSSL_NO_EC
+
+int ossl_err_load_EC_strings(void);
+# endif
+
+# ifdef __cplusplus
+}
+# endif
+#endif
diff --git a/include/crypto/ecx.h b/include/crypto/ecx.h
new file mode 100644
index 00000000..48b95fa5
--- /dev/null
+++ b/include/crypto/ecx.h
@@ -0,0 +1,150 @@
+/*
+ * Copyright 2020-2021 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the Apache License 2.0 (the "License"). You may not use
+ * this file except in compliance with the License. You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+/* Internal EC functions for other submodules: not for application use */
+
+#ifndef OSSL_CRYPTO_ECX_H
+# define OSSL_CRYPTO_ECX_H
+# pragma once
+
+# include <openssl/opensslconf.h>
+
+# ifndef OPENSSL_NO_EC
+
+# include <openssl/core.h>
+# include <openssl/e_os2.h>
+# include <openssl/crypto.h>
+# include "internal/refcount.h"
+# include "crypto/types.h"
+
+# define X25519_KEYLEN 32
+# define X448_KEYLEN 56
+# define ED25519_KEYLEN 32
+# define ED448_KEYLEN 57
+
+# define MAX_KEYLEN ED448_KEYLEN
+
+# define X25519_BITS 253
+# define X25519_SECURITY_BITS 128
+
+# define X448_BITS 448
+# define X448_SECURITY_BITS 224
+
+# define ED25519_BITS 256
+/* RFC8032 Section 8.5 */
+# define ED25519_SECURITY_BITS 128
+# define ED25519_SIGSIZE 64
+
+# define ED448_BITS 456
+/* RFC8032 Section 8.5 */
+# define ED448_SECURITY_BITS 224
+# define ED448_SIGSIZE 114
+
+
+typedef enum {
+ ECX_KEY_TYPE_X25519,
+ ECX_KEY_TYPE_X448,
+ ECX_KEY_TYPE_ED25519,
+ ECX_KEY_TYPE_ED448
+} ECX_KEY_TYPE;
+
+#define KEYTYPE2NID(type) \
+ ((type) == ECX_KEY_TYPE_X25519 \
+ ? EVP_PKEY_X25519 \
+ : ((type) == ECX_KEY_TYPE_X448 \
+ ? EVP_PKEY_X448 \
+ : ((type) == ECX_KEY_TYPE_ED25519 \
+ ? EVP_PKEY_ED25519 \
+ : EVP_PKEY_ED448)))
+
+struct ecx_key_st {
+ OSSL_LIB_CTX *libctx;
+ char *propq;
+ unsigned int haspubkey:1;
+ unsigned char pubkey[MAX_KEYLEN];
+ unsigned char *privkey;
+ size_t keylen;
+ ECX_KEY_TYPE type;
+ CRYPTO_REF_COUNT references;
+ CRYPTO_RWLOCK *lock;
+};
+
+size_t ossl_ecx_key_length(ECX_KEY_TYPE type);
+ECX_KEY *ossl_ecx_key_new(OSSL_LIB_CTX *libctx, ECX_KEY_TYPE type,
+ int haspubkey, const char *propq);
+void ossl_ecx_key_set0_libctx(ECX_KEY *key, OSSL_LIB_CTX *libctx);
+unsigned char *ossl_ecx_key_allocate_privkey(ECX_KEY *key);
+void ossl_ecx_key_free(ECX_KEY *key);
+int ossl_ecx_key_up_ref(ECX_KEY *key);
+ECX_KEY *ossl_ecx_key_dup(const ECX_KEY *key, int selection);
+
+int ossl_x25519(uint8_t out_shared_key[32], const uint8_t private_key[32],
+ const uint8_t peer_public_value[32]);
+void ossl_x25519_public_from_private(uint8_t out_public_value[32],
+ const uint8_t private_key[32]);
+
+int
+ossl_ed25519_public_from_private(OSSL_LIB_CTX *ctx, uint8_t out_public_key[32],
+ const uint8_t private_key[32],
+ const char *propq);
+int
+ossl_ed25519_sign(uint8_t *out_sig, const uint8_t *message, size_t message_len,
+ const uint8_t public_key[32], const uint8_t private_key[32],
+ OSSL_LIB_CTX *libctx, const char *propq);
+int
+ossl_ed25519_verify(const uint8_t *message, size_t message_len,
+ const uint8_t signature[64], const uint8_t public_key[32],
+ OSSL_LIB_CTX *libctx, const char *propq);
+
+int
+ossl_ed448_public_from_private(OSSL_LIB_CTX *ctx, uint8_t out_public_key[57],
+ const uint8_t private_key[57], const char *propq);
+int
+ossl_ed448_sign(OSSL_LIB_CTX *ctx, uint8_t *out_sig, const uint8_t *message,
+ size_t message_len, const uint8_t public_key[57],
+ const uint8_t private_key[57], const uint8_t *context,
+ size_t context_len, const char *propq);
+
+int
+ossl_ed448_verify(OSSL_LIB_CTX *ctx, const uint8_t *message, size_t message_len,
+ const uint8_t signature[114], const uint8_t public_key[57],
+ const uint8_t *context, size_t context_len, const char *propq);
+
+int
+ossl_x448(uint8_t out_shared_key[56], const uint8_t private_key[56],
+ const uint8_t peer_public_value[56]);
+void
+ossl_x448_public_from_private(uint8_t out_public_value[56],
+ const uint8_t private_key[56]);
+
+
+/* Backend support */
+typedef enum {
+ KEY_OP_PUBLIC,
+ KEY_OP_PRIVATE,
+ KEY_OP_KEYGEN
+} ecx_key_op_t;
+
+ECX_KEY *ossl_ecx_key_op(const X509_ALGOR *palg,
+ const unsigned char *p, int plen,
+ int pkey_id, ecx_key_op_t op,
+ OSSL_LIB_CTX *libctx, const char *propq);
+
+int ossl_ecx_public_from_private(ECX_KEY *key);
+int ossl_ecx_key_fromdata(ECX_KEY *ecx, const OSSL_PARAM params[],
+ int include_private);
+ECX_KEY *ossl_ecx_key_from_pkcs8(const PKCS8_PRIV_KEY_INFO *p8inf,
+ OSSL_LIB_CTX *libctx, const char *propq);
+
+ECX_KEY *ossl_evp_pkey_get1_X25519(EVP_PKEY *pkey);
+ECX_KEY *ossl_evp_pkey_get1_X448(EVP_PKEY *pkey);
+ECX_KEY *ossl_evp_pkey_get1_ED25519(EVP_PKEY *pkey);
+ECX_KEY *ossl_evp_pkey_get1_ED448(EVP_PKEY *pkey);
+# endif /* OPENSSL_NO_EC */
+#endif
diff --git a/include/crypto/encoder.h b/include/crypto/encoder.h
new file mode 100644
index 00000000..09d445d2
--- /dev/null
+++ b/include/crypto/encoder.h
@@ -0,0 +1,14 @@
+/*
+ * Copyright 2019-2021 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the Apache License 2.0 (the "License"). You may not use
+ * this file except in compliance with the License. You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <openssl/types.h>
+
+OSSL_ENCODER *ossl_encoder_fetch_by_number(OSSL_LIB_CTX *libctx, int id,
+ const char *properties);
+int ossl_encoder_get_number(const OSSL_ENCODER *encoder);
diff --git a/include/crypto/encodererr.h b/include/crypto/encodererr.h
new file mode 100644
index 00000000..56c45823
--- /dev/null
+++ b/include/crypto/encodererr.h
@@ -0,0 +1,27 @@
+/*
+ * Generated by util/mkerr.pl DO NOT EDIT
+ * Copyright 2020-2021 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the Apache License 2.0 (the "License"). You may not use
+ * this file except in compliance with the License. You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#ifndef OSSL_CRYPTO_ENCODERERR_H
+# define OSSL_CRYPTO_ENCODERERR_H
+# pragma once
+
+# include <openssl/opensslconf.h>
+# include <openssl/symhacks.h>
+
+# ifdef __cplusplus
+extern "C" {
+# endif
+
+int ossl_err_load_OSSL_ENCODER_strings(void);
+
+# ifdef __cplusplus
+}
+# endif
+#endif
diff --git a/include/crypto/engine.h b/include/crypto/engine.h
new file mode 100644
index 00000000..fac6ed09
--- /dev/null
+++ b/include/crypto/engine.h
@@ -0,0 +1,20 @@
+/*
+ * Copyright 2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the Apache License 2.0 (the "License"). You may not use
+ * this file except in compliance with the License. You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <openssl/engine.h>
+
+void engine_load_openssl_int(void);
+void engine_load_devcrypto_int(void);
+void engine_load_rdrand_int(void);
+void engine_load_dynamic_int(void);
+void engine_load_padlock_int(void);
+void engine_load_capi_int(void);
+void engine_load_dasync_int(void);
+void engine_load_afalg_int(void);
+void engine_cleanup_int(void);
diff --git a/include/crypto/engineerr.h b/include/crypto/engineerr.h
new file mode 100644
index 00000000..737c841d
--- /dev/null
+++ b/include/crypto/engineerr.h
@@ -0,0 +1,30 @@
+/*
+ * Generated by util/mkerr.pl DO NOT EDIT
+ * Copyright 2020-2021 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the Apache License 2.0 (the "License"). You may not use
+ * this file except in compliance with the License. You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#ifndef OSSL_CRYPTO_ENGINEERR_H
+# define OSSL_CRYPTO_ENGINEERR_H
+# pragma once
+
+# include <openssl/opensslconf.h>
+# include <openssl/symhacks.h>
+
+# ifdef __cplusplus
+extern "C" {
+# endif
+
+# ifndef OPENSSL_NO_ENGINE
+
+int ossl_err_load_ENGINE_strings(void);
+# endif
+
+# ifdef __cplusplus
+}
+# endif
+#endif
diff --git a/include/crypto/err.h b/include/crypto/err.h
new file mode 100644
index 00000000..15ec6fd0
--- /dev/null
+++ b/include/crypto/err.h
@@ -0,0 +1,20 @@
+/*
+ * Copyright 2016-2021 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the Apache License 2.0 (the "License"). You may not use
+ * this file except in compliance with the License. You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#ifndef OSSL_CRYPTO_ERR_H
+# define OSSL_CRYPTO_ERR_H
+# pragma once
+
+int ossl_err_load_ERR_strings(void);
+int ossl_err_load_crypto_strings(void);
+void err_cleanup(void);
+int err_shelve_state(void **);
+void err_unshelve_state(void *);
+
+#endif
diff --git a/include/crypto/ess.h b/include/crypto/ess.h
new file mode 100644
index 00000000..7acde5f8
--- /dev/null
+++ b/include/crypto/ess.h
@@ -0,0 +1,76 @@
+/*
+ * Copyright 2019-2021 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the Apache License 2.0 (the "License"). You may not use
+ * this file except in compliance with the License. You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#ifndef OSSL_CRYPTO_ESS_H
+# define OSSL_CRYPTO_ESS_H
+# pragma once
+
+/*-
+ * IssuerSerial ::= SEQUENCE {
+ * issuer GeneralNames,
+ * serialNumber CertificateSerialNumber
+ * }
+ */
+
+struct ESS_issuer_serial {
+ STACK_OF(GENERAL_NAME) *issuer;
+ ASN1_INTEGER *serial;
+};
+
+/*-
+ * ESSCertID ::= SEQUENCE {
+ * certHash Hash,
+ * issuerSerial IssuerSerial OPTIONAL
+ * }
+ */
+
+struct ESS_cert_id {
+ ASN1_OCTET_STRING *hash; /* Always SHA-1 digest. */
+ ESS_ISSUER_SERIAL *issuer_serial;
+};
+
+/*-
+ * SigningCertificate ::= SEQUENCE {
+ * certs SEQUENCE OF ESSCertID,
+ * policies SEQUENCE OF PolicyInformation OPTIONAL
+ * }
+ */
+
+struct ESS_signing_cert {
+ STACK_OF(ESS_CERT_ID) *cert_ids;
+ STACK_OF(POLICYINFO) *policy_info;
+};
+
+/*-
+ * ESSCertIDv2 ::= SEQUENCE {
+ * hashAlgorithm AlgorithmIdentifier DEFAULT id-sha256,
+ * certHash Hash,
+ * issuerSerial IssuerSerial OPTIONAL
+ * }
+ */
+
+struct ESS_cert_id_v2_st {
+ X509_ALGOR *hash_alg; /* Default: SHA-256 */
+ ASN1_OCTET_STRING *hash;
+ ESS_ISSUER_SERIAL *issuer_serial;
+};
+
+/*-
+ * SigningCertificateV2 ::= SEQUENCE {
+ * certs SEQUENCE OF ESSCertIDv2,
+ * policies SEQUENCE OF PolicyInformation OPTIONAL
+ * }
+ */
+
+struct ESS_signing_cert_v2_st {
+ STACK_OF(ESS_CERT_ID_V2) *cert_ids;
+ STACK_OF(POLICYINFO) *policy_info;
+};
+
+#endif /* OSSL_CRYPTO_ESS_H */
diff --git a/include/crypto/esserr.h b/include/crypto/esserr.h
new file mode 100644
index 00000000..8df2df11
--- /dev/null
+++ b/include/crypto/esserr.h
@@ -0,0 +1,27 @@
+/*
+ * Generated by util/mkerr.pl DO NOT EDIT
+ * Copyright 2020-2021 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the Apache License 2.0 (the "License"). You may not use
+ * this file except in compliance with the License. You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#ifndef OSSL_CRYPTO_ESSERR_H
+# define OSSL_CRYPTO_ESSERR_H
+# pragma once
+
+# include <openssl/opensslconf.h>
+# include <openssl/symhacks.h>
+
+# ifdef __cplusplus
+extern "C" {
+# endif
+
+int ossl_err_load_ESS_strings(void);
+
+# ifdef __cplusplus
+}
+# endif
+#endif
diff --git a/include/crypto/evp.h b/include/crypto/evp.h
new file mode 100644
index 00000000..c5d3a930
--- /dev/null
+++ b/include/crypto/evp.h
@@ -0,0 +1,944 @@
+/*
+ * Copyright 2015-2021 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the Apache License 2.0 (the "License"). You may not use
+ * this file except in compliance with the License. You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#ifndef OSSL_CRYPTO_EVP_H
+# define OSSL_CRYPTO_EVP_H
+# pragma once
+
+# include <openssl/evp.h>
+# include <openssl/core_dispatch.h>
+# include "internal/refcount.h"
+# include "crypto/ecx.h"
+
+/*
+ * Don't free up md_ctx->pctx in EVP_MD_CTX_reset, use the reserved flag
+ * values in evp.h
+ */
+#define EVP_MD_CTX_FLAG_KEEP_PKEY_CTX 0x0400
+
+#define evp_pkey_ctx_is_legacy(ctx) \
+ ((ctx)->keymgmt == NULL)
+#define evp_pkey_ctx_is_provided(ctx) \
+ (!evp_pkey_ctx_is_legacy(ctx))
+
+struct evp_pkey_ctx_st {
+ /* Actual operation */
+ int operation;
+
+ /*
+ * Library context, property query, keytype and keymgmt associated with
+ * this context
+ */
+ OSSL_LIB_CTX *libctx;
+ char *propquery;
+ const char *keytype;
+ /* If |pkey| below is set, this field is always a reference to its keymgmt */
+ EVP_KEYMGMT *keymgmt;
+
+ union {
+ struct {
+ void *genctx;
+ } keymgmt;
+
+ struct {
+ EVP_KEYEXCH *exchange;
+ /*
+ * Opaque ctx returned from a providers exchange algorithm
+ * implementation OSSL_FUNC_keyexch_newctx()
+ */
+ void *algctx;
+ } kex;
+
+ struct {
+ EVP_SIGNATURE *signature;
+ /*
+ * Opaque ctx returned from a providers signature algorithm
+ * implementation OSSL_FUNC_signature_newctx()
+ */
+ void *algctx;
+ } sig;
+
+ struct {
+ EVP_ASYM_CIPHER *cipher;
+ /*
+ * Opaque ctx returned from a providers asymmetric cipher algorithm
+ * implementation OSSL_FUNC_asym_cipher_newctx()
+ */
+ void *algctx;
+ } ciph;
+ struct {
+ EVP_KEM *kem;
+ /*
+ * Opaque ctx returned from a providers KEM algorithm
+ * implementation OSSL_FUNC_kem_newctx()
+ */
+ void *algctx;
+ } encap;
+ } op;
+
+ /*
+ * Cached parameters. Inits of operations that depend on these should
+ * call evp_pkey_ctx_use_delayed_data() when the operation has been set
+ * up properly.
+ */
+ struct {
+ /* Distinguishing Identifier, ISO/IEC 15946-3, FIPS 196 */
+ char *dist_id_name; /* The name used with EVP_PKEY_CTX_ctrl_str() */
+ void *dist_id; /* The distinguishing ID itself */
+ size_t dist_id_len; /* The length of the distinguishing ID */
+
+ /* Indicators of what has been set. Keep them together! */
+ unsigned int dist_id_set : 1;
+ } cached_parameters;
+
+ /* Application specific data, usually used by the callback */
+ void *app_data;
+ /* Keygen callback */
+ EVP_PKEY_gen_cb *pkey_gencb;
+ /* implementation specific keygen data */
+ int *keygen_info;
+ int keygen_info_count;
+
+ /* Legacy fields below */
+
+ /* EVP_PKEY identity */
+ int legacy_keytype;
+ /* Method associated with this operation */
+ const EVP_PKEY_METHOD *pmeth;
+ /* Engine that implements this method or NULL if builtin */
+ ENGINE *engine;
+ /* Key: may be NULL */
+ EVP_PKEY *pkey;
+ /* Peer key for key agreement, may be NULL */
+ EVP_PKEY *peerkey;
+ /* Algorithm specific data */
+ void *data;
+ /* Indicator if digest_custom needs to be called */
+ unsigned int flag_call_digest_custom:1;
+ /*
+ * Used to support taking custody of memory in the case of a provider being
+ * used with the deprecated EVP_PKEY_CTX_set_rsa_keygen_pubexp() API. This
+ * member should NOT be used for any other purpose and should be removed
+ * when said deprecated API is excised completely.
+ */
+ BIGNUM *rsa_pubexp;
+} /* EVP_PKEY_CTX */ ;
+
+#define EVP_PKEY_FLAG_DYNAMIC 1
+
+struct evp_pkey_method_st {
+ int pkey_id;
+ int flags;
+ int (*init) (EVP_PKEY_CTX *ctx);
+ int (*copy) (EVP_PKEY_CTX *dst, const EVP_PKEY_CTX *src);
+ void (*cleanup) (EVP_PKEY_CTX *ctx);
+ int (*paramgen_init) (EVP_PKEY_CTX *ctx);
+ int (*paramgen) (EVP_PKEY_CTX *ctx, EVP_PKEY *pkey);
+ int (*keygen_init) (EVP_PKEY_CTX *ctx);
+ int (*keygen) (EVP_PKEY_CTX *ctx, EVP_PKEY *pkey);
+ int (*sign_init) (EVP_PKEY_CTX *ctx);
+ int (*sign) (EVP_PKEY_CTX *ctx, unsigned char *sig, size_t *siglen,
+ const unsigned char *tbs, size_t tbslen);
+ int (*verify_init) (EVP_PKEY_CTX *ctx);
+ int (*verify) (EVP_PKEY_CTX *ctx,
+ const unsigned char *sig, size_t siglen,
+ const unsigned char *tbs, size_t tbslen);
+ int (*verify_recover_init) (EVP_PKEY_CTX *ctx);
+ int (*verify_recover) (EVP_PKEY_CTX *ctx,
+ unsigned char *rout, size_t *routlen,
+ const unsigned char *sig, size_t siglen);
+ int (*signctx_init) (EVP_PKEY_CTX *ctx, EVP_MD_CTX *mctx);
+ int (*signctx) (EVP_PKEY_CTX *ctx, unsigned char *sig, size_t *siglen,
+ EVP_MD_CTX *mctx);
+ int (*verifyctx_init) (EVP_PKEY_CTX *ctx, EVP_MD_CTX *mctx);
+ int (*verifyctx) (EVP_PKEY_CTX *ctx, const unsigned char *sig, int siglen,
+ EVP_MD_CTX *mctx);
+ int (*encrypt_init) (EVP_PKEY_CTX *ctx);
+ int (*encrypt) (EVP_PKEY_CTX *ctx, unsigned char *out, size_t *outlen,
+ const unsigned char *in, size_t inlen);
+ int (*decrypt_init) (EVP_PKEY_CTX *ctx);
+ int (*decrypt) (EVP_PKEY_CTX *ctx, unsigned char *out, size_t *outlen,
+ const unsigned char *in, size_t inlen);
+ int (*derive_init) (EVP_PKEY_CTX *ctx);
+ int (*derive) (EVP_PKEY_CTX *ctx, unsigned char *key, size_t *keylen);
+ int (*ctrl) (EVP_PKEY_CTX *ctx, int type, int p1, void *p2);
+ int (*ctrl_str) (EVP_PKEY_CTX *ctx, const char *type, const char *value);
+ int (*digestsign) (EVP_MD_CTX *ctx, unsigned char *sig, size_t *siglen,
+ const unsigned char *tbs, size_t tbslen);
+ int (*digestverify) (EVP_MD_CTX *ctx, const unsigned char *sig,
+ size_t siglen, const unsigned char *tbs,
+ size_t tbslen);
+ int (*check) (EVP_PKEY *pkey);
+ int (*public_check) (EVP_PKEY *pkey);
+ int (*param_check) (EVP_PKEY *pkey);
+
+ int (*digest_custom) (EVP_PKEY_CTX *ctx, EVP_MD_CTX *mctx);
+} /* EVP_PKEY_METHOD */ ;
+
+DEFINE_STACK_OF_CONST(EVP_PKEY_METHOD)
+
+void evp_pkey_set_cb_translate(BN_GENCB *cb, EVP_PKEY_CTX *ctx);
+
+const EVP_PKEY_METHOD *ossl_dh_pkey_method(void);
+const EVP_PKEY_METHOD *ossl_dhx_pkey_method(void);
+const EVP_PKEY_METHOD *ossl_dsa_pkey_method(void);
+const EVP_PKEY_METHOD *ossl_ec_pkey_method(void);
+const EVP_PKEY_METHOD *ossl_ecx25519_pkey_method(void);
+const EVP_PKEY_METHOD *ossl_ecx448_pkey_method(void);
+const EVP_PKEY_METHOD *ossl_ed25519_pkey_method(void);
+const EVP_PKEY_METHOD *ossl_ed448_pkey_method(void);
+const EVP_PKEY_METHOD *ossl_rsa_pkey_method(void);
+const EVP_PKEY_METHOD *ossl_rsa_pss_pkey_method(void);
+
+struct evp_mac_st {
+ OSSL_PROVIDER *prov;
+ int name_id;
+ char *type_name;
+ const char *description;
+
+ CRYPTO_REF_COUNT refcnt;
+ CRYPTO_RWLOCK *lock;
+
+ OSSL_FUNC_mac_newctx_fn *newctx;
+ OSSL_FUNC_mac_dupctx_fn *dupctx;
+ OSSL_FUNC_mac_freectx_fn *freectx;
+ OSSL_FUNC_mac_init_fn *init;
+ OSSL_FUNC_mac_update_fn *update;
+ OSSL_FUNC_mac_final_fn *final;
+ OSSL_FUNC_mac_gettable_params_fn *gettable_params;
+ OSSL_FUNC_mac_gettable_ctx_params_fn *gettable_ctx_params;
+ OSSL_FUNC_mac_settable_ctx_params_fn *settable_ctx_params;
+ OSSL_FUNC_mac_get_params_fn *get_params;
+ OSSL_FUNC_mac_get_ctx_params_fn *get_ctx_params;
+ OSSL_FUNC_mac_set_ctx_params_fn *set_ctx_params;
+};
+
+struct evp_kdf_st {
+ OSSL_PROVIDER *prov;
+ int name_id;
+ char *type_name;
+ const char *description;
+ CRYPTO_REF_COUNT refcnt;
+ CRYPTO_RWLOCK *lock;
+
+ OSSL_FUNC_kdf_newctx_fn *newctx;
+ OSSL_FUNC_kdf_dupctx_fn *dupctx;
+ OSSL_FUNC_kdf_freectx_fn *freectx;
+ OSSL_FUNC_kdf_reset_fn *reset;
+ OSSL_FUNC_kdf_derive_fn *derive;
+ OSSL_FUNC_kdf_gettable_params_fn *gettable_params;
+ OSSL_FUNC_kdf_gettable_ctx_params_fn *gettable_ctx_params;
+ OSSL_FUNC_kdf_settable_ctx_params_fn *settable_ctx_params;
+ OSSL_FUNC_kdf_get_params_fn *get_params;
+ OSSL_FUNC_kdf_get_ctx_params_fn *get_ctx_params;
+ OSSL_FUNC_kdf_set_ctx_params_fn *set_ctx_params;
+};
+
+#define EVP_ORIG_DYNAMIC 0
+#define EVP_ORIG_GLOBAL 1
+#define EVP_ORIG_METH 2
+
+struct evp_md_st {
+ /* nid */
+ int type;
+
+ /* Legacy structure members */
+ int pkey_type;
+ int md_size;
+ unsigned long flags;
+ int origin;
+ int (*init) (EVP_MD_CTX *ctx);
+ int (*update) (EVP_MD_CTX *ctx, const void *data, size_t count);
+ int (*final) (EVP_MD_CTX *ctx, unsigned char *md);
+ int (*copy) (EVP_MD_CTX *to, const EVP_MD_CTX *from);
+ int (*cleanup) (EVP_MD_CTX *ctx);
+ int block_size;
+ int ctx_size; /* how big does the ctx->md_data need to be */
+ /* control function */
+ int (*md_ctrl) (EVP_MD_CTX *ctx, int cmd, int p1, void *p2);
+
+ /* New structure members */
+ /* Above comment to be removed when legacy has gone */
+ int name_id;
+ char *type_name;
+ const char *description;
+ OSSL_PROVIDER *prov;
+ CRYPTO_REF_COUNT refcnt;
+ CRYPTO_RWLOCK *lock;
+ OSSL_FUNC_digest_newctx_fn *newctx;
+ OSSL_FUNC_digest_init_fn *dinit;
+ OSSL_FUNC_digest_update_fn *dupdate;
+ OSSL_FUNC_digest_final_fn *dfinal;
+ OSSL_FUNC_digest_digest_fn *digest;
+ OSSL_FUNC_digest_freectx_fn *freectx;
+ OSSL_FUNC_digest_dupctx_fn *dupctx;
+ OSSL_FUNC_digest_get_params_fn *get_params;
+ OSSL_FUNC_digest_set_ctx_params_fn *set_ctx_params;
+ OSSL_FUNC_digest_get_ctx_params_fn *get_ctx_params;
+ OSSL_FUNC_digest_gettable_params_fn *gettable_params;
+ OSSL_FUNC_digest_settable_ctx_params_fn *settable_ctx_params;
+ OSSL_FUNC_digest_gettable_ctx_params_fn *gettable_ctx_params;
+
+} /* EVP_MD */ ;
+
+struct evp_cipher_st {
+ int nid;
+
+ int block_size;
+ /* Default value for variable length ciphers */
+ int key_len;
+ int iv_len;
+
+ /* Legacy structure members */
+ /* Various flags */
+ unsigned long flags;
+ /* How the EVP_CIPHER was created. */
+ int origin;
+ /* init key */
+ int (*init) (EVP_CIPHER_CTX *ctx, const unsigned char *key,
+ const unsigned char *iv, int enc);
+ /* encrypt/decrypt data */
+ int (*do_cipher) (EVP_CIPHER_CTX *ctx, unsigned char *out,
+ const unsigned char *in, size_t inl);
+ /* cleanup ctx */
+ int (*cleanup) (EVP_CIPHER_CTX *);
+ /* how big ctx->cipher_data needs to be */
+ int ctx_size;
+ /* Populate a ASN1_TYPE with parameters */
+ int (*set_asn1_parameters) (EVP_CIPHER_CTX *, ASN1_TYPE *);
+ /* Get parameters from a ASN1_TYPE */
+ int (*get_asn1_parameters) (EVP_CIPHER_CTX *, ASN1_TYPE *);
+ /* Miscellaneous operations */
+ int (*ctrl) (EVP_CIPHER_CTX *, int type, int arg, void *ptr);
+ /* Application data */
+ void *app_data;
+
+ /* New structure members */
+ /* Above comment to be removed when legacy has gone */
+ int name_id;
+ char *type_name;
+ const char *description;
+ OSSL_PROVIDER *prov;
+ CRYPTO_REF_COUNT refcnt;
+ CRYPTO_RWLOCK *lock;
+ OSSL_FUNC_cipher_newctx_fn *newctx;
+ OSSL_FUNC_cipher_encrypt_init_fn *einit;
+ OSSL_FUNC_cipher_decrypt_init_fn *dinit;
+ OSSL_FUNC_cipher_update_fn *cupdate;
+ OSSL_FUNC_cipher_final_fn *cfinal;
+ OSSL_FUNC_cipher_cipher_fn *ccipher;
+ OSSL_FUNC_cipher_freectx_fn *freectx;
+ OSSL_FUNC_cipher_dupctx_fn *dupctx;
+ OSSL_FUNC_cipher_get_params_fn *get_params;
+ OSSL_FUNC_cipher_get_ctx_params_fn *get_ctx_params;
+ OSSL_FUNC_cipher_set_ctx_params_fn *set_ctx_params;
+ OSSL_FUNC_cipher_gettable_params_fn *gettable_params;
+ OSSL_FUNC_cipher_gettable_ctx_params_fn *gettable_ctx_params;
+ OSSL_FUNC_cipher_settable_ctx_params_fn *settable_ctx_params;
+} /* EVP_CIPHER */ ;
+
+/* Macros to code block cipher wrappers */
+
+/* Wrapper functions for each cipher mode */
+
+#define EVP_C_DATA(kstruct, ctx) \
+ ((kstruct *)EVP_CIPHER_CTX_get_cipher_data(ctx))
+
+#define BLOCK_CIPHER_ecb_loop() \
+ size_t i, bl; \
+ bl = EVP_CIPHER_CTX_get0_cipher(ctx)->block_size; \
+ if (inl < bl) return 1;\
+ inl -= bl; \
+ for (i=0; i <= inl; i+=bl)
+
+#define BLOCK_CIPHER_func_ecb(cname, cprefix, kstruct, ksched) \
+static int cname##_ecb_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, const unsigned char *in, size_t inl) \
+{\
+ BLOCK_CIPHER_ecb_loop() \
+ cprefix##_ecb_encrypt(in + i, out + i, &EVP_C_DATA(kstruct,ctx)->ksched, EVP_CIPHER_CTX_is_encrypting(ctx)); \
+ return 1;\
+}
+
+#define EVP_MAXCHUNK ((size_t)1<<(sizeof(long)*8-2))
+
+#define BLOCK_CIPHER_func_ofb(cname, cprefix, cbits, kstruct, ksched) \
+ static int cname##_ofb_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, const unsigned char *in, size_t inl) \
+{\
+ while(inl>=EVP_MAXCHUNK) {\
+ int num = EVP_CIPHER_CTX_get_num(ctx);\
+ cprefix##_ofb##cbits##_encrypt(in, out, (long)EVP_MAXCHUNK, &EVP_C_DATA(kstruct,ctx)->ksched, ctx->iv, &num); \
+ EVP_CIPHER_CTX_set_num(ctx, num);\
+ inl-=EVP_MAXCHUNK;\
+ in +=EVP_MAXCHUNK;\
+ out+=EVP_MAXCHUNK;\
+ }\
+ if (inl) {\
+ int num = EVP_CIPHER_CTX_get_num(ctx);\
+ cprefix##_ofb##cbits##_encrypt(in, out, (long)inl, &EVP_C_DATA(kstruct,ctx)->ksched, ctx->iv, &num); \
+ EVP_CIPHER_CTX_set_num(ctx, num);\
+ }\
+ return 1;\
+}
+
+#define BLOCK_CIPHER_func_cbc(cname, cprefix, kstruct, ksched) \
+static int cname##_cbc_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, const unsigned char *in, size_t inl) \
+{\
+ while(inl>=EVP_MAXCHUNK) \
+ {\
+ cprefix##_cbc_encrypt(in, out, (long)EVP_MAXCHUNK, &EVP_C_DATA(kstruct,ctx)->ksched, ctx->iv, EVP_CIPHER_CTX_is_encrypting(ctx));\
+ inl-=EVP_MAXCHUNK;\
+ in +=EVP_MAXCHUNK;\
+ out+=EVP_MAXCHUNK;\
+ }\
+ if (inl)\
+ cprefix##_cbc_encrypt(in, out, (long)inl, &EVP_C_DATA(kstruct,ctx)->ksched, ctx->iv, EVP_CIPHER_CTX_is_encrypting(ctx));\
+ return 1;\
+}
+
+#define BLOCK_CIPHER_func_cfb(cname, cprefix, cbits, kstruct, ksched) \
+static int cname##_cfb##cbits##_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, const unsigned char *in, size_t inl) \
+{\
+ size_t chunk = EVP_MAXCHUNK;\
+ if (cbits == 1) chunk >>= 3;\
+ if (inl < chunk) chunk = inl;\
+ while (inl && inl >= chunk)\
+ {\
+ int num = EVP_CIPHER_CTX_get_num(ctx);\
+ cprefix##_cfb##cbits##_encrypt(in, out, (long) \
+ ((cbits == 1) \
+ && !EVP_CIPHER_CTX_test_flags(ctx, EVP_CIPH_FLAG_LENGTH_BITS) \
+ ? chunk*8 : chunk), \
+ &EVP_C_DATA(kstruct, ctx)->ksched, ctx->iv,\
+ &num, EVP_CIPHER_CTX_is_encrypting(ctx));\
+ EVP_CIPHER_CTX_set_num(ctx, num);\
+ inl -= chunk;\
+ in += chunk;\
+ out += chunk;\
+ if (inl < chunk) chunk = inl;\
+ }\
+ return 1;\
+}
+
+#define BLOCK_CIPHER_all_funcs(cname, cprefix, cbits, kstruct, ksched) \
+ BLOCK_CIPHER_func_cbc(cname, cprefix, kstruct, ksched) \
+ BLOCK_CIPHER_func_cfb(cname, cprefix, cbits, kstruct, ksched) \
+ BLOCK_CIPHER_func_ecb(cname, cprefix, kstruct, ksched) \
+ BLOCK_CIPHER_func_ofb(cname, cprefix, cbits, kstruct, ksched)
+
+#define BLOCK_CIPHER_def1(cname, nmode, mode, MODE, kstruct, nid, block_size, \
+ key_len, iv_len, flags, init_key, cleanup, \
+ set_asn1, get_asn1, ctrl) \
+static const EVP_CIPHER cname##_##mode = { \
+ nid##_##nmode, block_size, key_len, iv_len, \
+ flags | EVP_CIPH_##MODE##_MODE, \
+ EVP_ORIG_GLOBAL, \
+ init_key, \
+ cname##_##mode##_cipher, \
+ cleanup, \
+ sizeof(kstruct), \
+ set_asn1, get_asn1,\
+ ctrl, \
+ NULL \
+}; \
+const EVP_CIPHER *EVP_##cname##_##mode(void) { return &cname##_##mode; }
+
+#define BLOCK_CIPHER_def_cbc(cname, kstruct, nid, block_size, key_len, \
+ iv_len, flags, init_key, cleanup, set_asn1, \
+ get_asn1, ctrl) \
+BLOCK_CIPHER_def1(cname, cbc, cbc, CBC, kstruct, nid, block_size, key_len, \
+ iv_len, flags, init_key, cleanup, set_asn1, get_asn1, ctrl)
+
+#define BLOCK_CIPHER_def_cfb(cname, kstruct, nid, key_len, \
+ iv_len, cbits, flags, init_key, cleanup, \
+ set_asn1, get_asn1, ctrl) \
+BLOCK_CIPHER_def1(cname, cfb##cbits, cfb##cbits, CFB, kstruct, nid, 1, \
+ key_len, iv_len, flags, init_key, cleanup, set_asn1, \
+ get_asn1, ctrl)
+
+#define BLOCK_CIPHER_def_ofb(cname, kstruct, nid, key_len, \
+ iv_len, cbits, flags, init_key, cleanup, \
+ set_asn1, get_asn1, ctrl) \
+BLOCK_CIPHER_def1(cname, ofb##cbits, ofb, OFB, kstruct, nid, 1, \
+ key_len, iv_len, flags, init_key, cleanup, set_asn1, \
+ get_asn1, ctrl)
+
+#define BLOCK_CIPHER_def_ecb(cname, kstruct, nid, block_size, key_len, \
+ flags, init_key, cleanup, set_asn1, \
+ get_asn1, ctrl) \
+BLOCK_CIPHER_def1(cname, ecb, ecb, ECB, kstruct, nid, block_size, key_len, \
+ 0, flags, init_key, cleanup, set_asn1, get_asn1, ctrl)
+
+#define BLOCK_CIPHER_defs(cname, kstruct, \
+ nid, block_size, key_len, iv_len, cbits, flags, \
+ init_key, cleanup, set_asn1, get_asn1, ctrl) \
+BLOCK_CIPHER_def_cbc(cname, kstruct, nid, block_size, key_len, iv_len, flags, \
+ init_key, cleanup, set_asn1, get_asn1, ctrl) \
+BLOCK_CIPHER_def_cfb(cname, kstruct, nid, key_len, iv_len, cbits, \
+ flags, init_key, cleanup, set_asn1, get_asn1, ctrl) \
+BLOCK_CIPHER_def_ofb(cname, kstruct, nid, key_len, iv_len, cbits, \
+ flags, init_key, cleanup, set_asn1, get_asn1, ctrl) \
+BLOCK_CIPHER_def_ecb(cname, kstruct, nid, block_size, key_len, flags, \
+ init_key, cleanup, set_asn1, get_asn1, ctrl)
+
+/*-
+#define BLOCK_CIPHER_defs(cname, kstruct, \
+ nid, block_size, key_len, iv_len, flags,\
+ init_key, cleanup, set_asn1, get_asn1, ctrl)\
+static const EVP_CIPHER cname##_cbc = {\
+ nid##_cbc, block_size, key_len, iv_len, \
+ flags | EVP_CIPH_CBC_MODE,\
+ EVP_ORIG_GLOBAL,\
+ init_key,\
+ cname##_cbc_cipher,\
+ cleanup,\
+ sizeof(EVP_CIPHER_CTX)-sizeof((((EVP_CIPHER_CTX *)NULL)->c))+\
+ sizeof((((EVP_CIPHER_CTX *)NULL)->c.kstruct)),\
+ set_asn1, get_asn1,\
+ ctrl, \
+ NULL \
+};\
+const EVP_CIPHER *EVP_##cname##_cbc(void) { return &cname##_cbc; }\
+static const EVP_CIPHER cname##_cfb = {\
+ nid##_cfb64, 1, key_len, iv_len, \
+ flags | EVP_CIPH_CFB_MODE,\
+ EVP_ORIG_GLOBAL,\
+ init_key,\
+ cname##_cfb_cipher,\
+ cleanup,\
+ sizeof(EVP_CIPHER_CTX)-sizeof((((EVP_CIPHER_CTX *)NULL)->c))+\
+ sizeof((((EVP_CIPHER_CTX *)NULL)->c.kstruct)),\
+ set_asn1, get_asn1,\
+ ctrl,\
+ NULL \
+};\
+const EVP_CIPHER *EVP_##cname##_cfb(void) { return &cname##_cfb; }\
+static const EVP_CIPHER cname##_ofb = {\
+ nid##_ofb64, 1, key_len, iv_len, \
+ flags | EVP_CIPH_OFB_MODE,\
+ EVP_ORIG_GLOBAL,\
+ init_key,\
+ cname##_ofb_cipher,\
+ cleanup,\
+ sizeof(EVP_CIPHER_CTX)-sizeof((((EVP_CIPHER_CTX *)NULL)->c))+\
+ sizeof((((EVP_CIPHER_CTX *)NULL)->c.kstruct)),\
+ set_asn1, get_asn1,\
+ ctrl,\
+ NULL \
+};\
+const EVP_CIPHER *EVP_##cname##_ofb(void) { return &cname##_ofb; }\
+static const EVP_CIPHER cname##_ecb = {\
+ nid##_ecb, block_size, key_len, iv_len, \
+ flags | EVP_CIPH_ECB_MODE,\
+ EVP_ORIG_GLOBAL,\
+ init_key,\
+ cname##_ecb_cipher,\
+ cleanup,\
+ sizeof(EVP_CIPHER_CTX)-sizeof((((EVP_CIPHER_CTX *)NULL)->c))+\
+ sizeof((((EVP_CIPHER_CTX *)NULL)->c.kstruct)),\
+ set_asn1, get_asn1,\
+ ctrl,\
+ NULL \
+};\
+const EVP_CIPHER *EVP_##cname##_ecb(void) { return &cname##_ecb; }
+*/
+
+#define IMPLEMENT_BLOCK_CIPHER(cname, ksched, cprefix, kstruct, nid, \
+ block_size, key_len, iv_len, cbits, \
+ flags, init_key, \
+ cleanup, set_asn1, get_asn1, ctrl) \
+ BLOCK_CIPHER_all_funcs(cname, cprefix, cbits, kstruct, ksched) \
+ BLOCK_CIPHER_defs(cname, kstruct, nid, block_size, key_len, iv_len, \
+ cbits, flags, init_key, cleanup, set_asn1, \
+ get_asn1, ctrl)
+
+#define IMPLEMENT_CFBR(cipher,cprefix,kstruct,ksched,keysize,cbits,iv_len,fl) \
+ BLOCK_CIPHER_func_cfb(cipher##_##keysize,cprefix,cbits,kstruct,ksched) \
+ BLOCK_CIPHER_def_cfb(cipher##_##keysize,kstruct, \
+ NID_##cipher##_##keysize, keysize/8, iv_len, cbits, \
+ (fl)|EVP_CIPH_FLAG_DEFAULT_ASN1, \
+ cipher##_init_key, NULL, NULL, NULL, NULL)
+
+typedef struct {
+ unsigned char iv[EVP_MAX_IV_LENGTH];
+ unsigned int iv_len;
+ unsigned int tag_len;
+} evp_cipher_aead_asn1_params;
+
+int evp_cipher_param_to_asn1_ex(EVP_CIPHER_CTX *c, ASN1_TYPE *type,
+ evp_cipher_aead_asn1_params *params);
+
+int evp_cipher_asn1_to_param_ex(EVP_CIPHER_CTX *c, ASN1_TYPE *type,
+ evp_cipher_aead_asn1_params *params);
+
+/*
+ * To support transparent execution of operation in backends other
+ * than the "origin" key, we support transparent export/import to
+ * those providers, and maintain a cache of the imported keydata,
+ * so we don't need to redo the export/import every time we perform
+ * the same operation in that same provider.
+ * This requires that the "origin" backend (whether it's a legacy or a
+ * provider "origin") implements exports, and that the target provider
+ * has an EVP_KEYMGMT that implements import.
+ */
+typedef struct {
+ EVP_KEYMGMT *keymgmt;
+ void *keydata;
+} OP_CACHE_ELEM;
+
+DEFINE_STACK_OF(OP_CACHE_ELEM)
+
+/*
+ * An EVP_PKEY can have the following states:
+ *
+ * untyped & empty:
+ *
+ * type == EVP_PKEY_NONE && keymgmt == NULL
+ *
+ * typed & empty:
+ *
+ * (type != EVP_PKEY_NONE && pkey.ptr == NULL) ## legacy (libcrypto only)
+ * || (keymgmt != NULL && keydata == NULL) ## provider side
+ *
+ * fully assigned:
+ *
+ * (type != EVP_PKEY_NONE && pkey.ptr != NULL) ## legacy (libcrypto only)
+ * || (keymgmt != NULL && keydata != NULL) ## provider side
+ *
+ * The easiest way to detect a legacy key is:
+ *
+ * keymgmt == NULL && type != EVP_PKEY_NONE
+ *
+ * The easiest way to detect a provider side key is:
+ *
+ * keymgmt != NULL
+ */
+#define evp_pkey_is_blank(pk) \
+ ((pk)->type == EVP_PKEY_NONE && (pk)->keymgmt == NULL)
+#define evp_pkey_is_typed(pk) \
+ ((pk)->type != EVP_PKEY_NONE || (pk)->keymgmt != NULL)
+#ifndef FIPS_MODULE
+# define evp_pkey_is_assigned(pk) \
+ ((pk)->pkey.ptr != NULL || (pk)->keydata != NULL)
+#else
+# define evp_pkey_is_assigned(pk) \
+ ((pk)->keydata != NULL)
+#endif
+#define evp_pkey_is_legacy(pk) \
+ ((pk)->type != EVP_PKEY_NONE && (pk)->keymgmt == NULL)
+#define evp_pkey_is_provided(pk) \
+ ((pk)->keymgmt != NULL)
+
+union legacy_pkey_st {
+ void *ptr;
+ struct rsa_st *rsa; /* RSA */
+# ifndef OPENSSL_NO_DSA
+ struct dsa_st *dsa; /* DSA */
+# endif
+# ifndef OPENSSL_NO_DH
+ struct dh_st *dh; /* DH */
+# endif
+# ifndef OPENSSL_NO_EC
+ struct ec_key_st *ec; /* ECC */
+ ECX_KEY *ecx; /* X25519, X448, Ed25519, Ed448 */
+# endif
+};
+
+struct evp_pkey_st {
+ /* == Legacy attributes == */
+ int type;
+ int save_type;
+
+# ifndef FIPS_MODULE
+ /*
+ * Legacy key "origin" is composed of a pointer to an EVP_PKEY_ASN1_METHOD,
+ * a pointer to a low level key and possibly a pointer to an engine.
+ */
+ const EVP_PKEY_ASN1_METHOD *ameth;
+ ENGINE *engine;
+ ENGINE *pmeth_engine; /* If not NULL public key ENGINE to use */
+
+ /* Union to store the reference to an origin legacy key */
+ union legacy_pkey_st pkey;
+
+ /* Union to store the reference to a non-origin legacy key */
+ union legacy_pkey_st legacy_cache_pkey;
+# endif
+
+ /* == Common attributes == */
+ CRYPTO_REF_COUNT references;
+ CRYPTO_RWLOCK *lock;
+#ifndef FIPS_MODULE
+ STACK_OF(X509_ATTRIBUTE) *attributes; /* [ 0 ] */
+ int save_parameters;
+ unsigned int foreign:1; /* the low-level key is using an engine or an app-method */
+ CRYPTO_EX_DATA ex_data;
+#endif
+
+ /* == Provider attributes == */
+
+ /*
+ * Provider keydata "origin" is composed of a pointer to an EVP_KEYMGMT
+ * and a pointer to the provider side key data. This is never used at
+ * the same time as the legacy key data above.
+ */
+ EVP_KEYMGMT *keymgmt;
+ void *keydata;
+ /*
+ * If any libcrypto code does anything that may modify the keydata
+ * contents, this dirty counter must be incremented.
+ */
+ size_t dirty_cnt;
+
+ /*
+ * To support transparent execution of operation in backends other
+ * than the "origin" key, we support transparent export/import to
+ * those providers, and maintain a cache of the imported keydata,
+ * so we don't need to redo the export/import every time we perform
+ * the same operation in that same provider.
+ */
+ STACK_OF(OP_CACHE_ELEM) *operation_cache;
+
+ /*
+ * We keep a copy of that "origin"'s dirty count, so we know if the
+ * operation cache needs flushing.
+ */
+ size_t dirty_cnt_copy;
+
+ /* Cache of key object information */
+ struct {
+ int bits;
+ int security_bits;
+ int size;
+ } cache;
+} /* EVP_PKEY */ ;
+
+#define EVP_PKEY_CTX_IS_SIGNATURE_OP(ctx) \
+ ((ctx)->operation == EVP_PKEY_OP_SIGN \
+ || (ctx)->operation == EVP_PKEY_OP_SIGNCTX \
+ || (ctx)->operation == EVP_PKEY_OP_VERIFY \
+ || (ctx)->operation == EVP_PKEY_OP_VERIFYCTX \
+ || (ctx)->operation == EVP_PKEY_OP_VERIFYRECOVER)
+
+#define EVP_PKEY_CTX_IS_DERIVE_OP(ctx) \
+ ((ctx)->operation == EVP_PKEY_OP_DERIVE)
+
+#define EVP_PKEY_CTX_IS_ASYM_CIPHER_OP(ctx) \
+ ((ctx)->operation == EVP_PKEY_OP_ENCRYPT \
+ || (ctx)->operation == EVP_PKEY_OP_DECRYPT)
+
+#define EVP_PKEY_CTX_IS_GEN_OP(ctx) \
+ ((ctx)->operation == EVP_PKEY_OP_PARAMGEN \
+ || (ctx)->operation == EVP_PKEY_OP_KEYGEN)
+
+#define EVP_PKEY_CTX_IS_FROMDATA_OP(ctx) \
+ ((ctx)->operation == EVP_PKEY_OP_FROMDATA)
+
+#define EVP_PKEY_CTX_IS_KEM_OP(ctx) \
+ ((ctx)->operation == EVP_PKEY_OP_ENCAPSULATE \
+ || (ctx)->operation == EVP_PKEY_OP_DECAPSULATE)
+
+void openssl_add_all_ciphers_int(void);
+void openssl_add_all_digests_int(void);
+void evp_cleanup_int(void);
+void evp_app_cleanup_int(void);
+void *evp_pkey_export_to_provider(EVP_PKEY *pk, OSSL_LIB_CTX *libctx,
+ EVP_KEYMGMT **keymgmt,
+ const char *propquery);
+#ifndef FIPS_MODULE
+int evp_pkey_copy_downgraded(EVP_PKEY **dest, const EVP_PKEY *src);
+void *evp_pkey_get_legacy(EVP_PKEY *pk);
+void evp_pkey_free_legacy(EVP_PKEY *x);
+EVP_PKEY *evp_pkcs82pkey_legacy(const PKCS8_PRIV_KEY_INFO *p8inf,
+ OSSL_LIB_CTX *libctx, const char *propq);
+#endif
+
+/*
+ * KEYMGMT utility functions
+ */
+
+/*
+ * Key import structure and helper function, to be used as an export callback
+ */
+struct evp_keymgmt_util_try_import_data_st {
+ EVP_KEYMGMT *keymgmt;
+ void *keydata;
+
+ int selection;
+};
+int evp_keymgmt_util_try_import(const OSSL_PARAM params[], void *arg);
+int evp_keymgmt_util_assign_pkey(EVP_PKEY *pkey, EVP_KEYMGMT *keymgmt,
+ void *keydata);
+EVP_PKEY *evp_keymgmt_util_make_pkey(EVP_KEYMGMT *keymgmt, void *keydata);
+
+int evp_keymgmt_util_export(const EVP_PKEY *pk, int selection,
+ OSSL_CALLBACK *export_cb, void *export_cbarg);
+void *evp_keymgmt_util_export_to_provider(EVP_PKEY *pk, EVP_KEYMGMT *keymgmt);
+OP_CACHE_ELEM *evp_keymgmt_util_find_operation_cache(EVP_PKEY *pk,
+ EVP_KEYMGMT *keymgmt);
+int evp_keymgmt_util_clear_operation_cache(EVP_PKEY *pk, int locking);
+int evp_keymgmt_util_cache_keydata(EVP_PKEY *pk,
+ EVP_KEYMGMT *keymgmt, void *keydata);
+void evp_keymgmt_util_cache_keyinfo(EVP_PKEY *pk);
+void *evp_keymgmt_util_fromdata(EVP_PKEY *target, EVP_KEYMGMT *keymgmt,
+ int selection, const OSSL_PARAM params[]);
+int evp_keymgmt_util_has(EVP_PKEY *pk, int selection);
+int evp_keymgmt_util_match(EVP_PKEY *pk1, EVP_PKEY *pk2, int selection);
+int evp_keymgmt_util_copy(EVP_PKEY *to, EVP_PKEY *from, int selection);
+void *evp_keymgmt_util_gen(EVP_PKEY *target, EVP_KEYMGMT *keymgmt,
+ void *genctx, OSSL_CALLBACK *cb, void *cbarg);
+int evp_keymgmt_util_get_deflt_digest_name(EVP_KEYMGMT *keymgmt,
+ void *keydata,
+ char *mdname, size_t mdname_sz);
+const char *evp_keymgmt_util_query_operation_name(EVP_KEYMGMT *keymgmt,
+ int op_id);
+
+/*
+ * KEYMGMT provider interface functions
+ */
+void *evp_keymgmt_newdata(const EVP_KEYMGMT *keymgmt);
+void evp_keymgmt_freedata(const EVP_KEYMGMT *keymgmt, void *keyddata);
+int evp_keymgmt_get_params(const EVP_KEYMGMT *keymgmt,
+ void *keydata, OSSL_PARAM params[]);
+int evp_keymgmt_set_params(const EVP_KEYMGMT *keymgmt,
+ void *keydata, const OSSL_PARAM params[]);
+void *evp_keymgmt_gen_init(const EVP_KEYMGMT *keymgmt, int selection,
+ const OSSL_PARAM params[]);
+int evp_keymgmt_gen_set_template(const EVP_KEYMGMT *keymgmt, void *genctx,
+ void *template);
+int evp_keymgmt_gen_set_params(const EVP_KEYMGMT *keymgmt, void *genctx,
+ const OSSL_PARAM params[]);
+void *evp_keymgmt_gen(const EVP_KEYMGMT *keymgmt, void *genctx,
+ OSSL_CALLBACK *cb, void *cbarg);
+void evp_keymgmt_gen_cleanup(const EVP_KEYMGMT *keymgmt, void *genctx);
+
+int evp_keymgmt_has_load(const EVP_KEYMGMT *keymgmt);
+void *evp_keymgmt_load(const EVP_KEYMGMT *keymgmt,
+ const void *objref, size_t objref_sz);
+
+int evp_keymgmt_has(const EVP_KEYMGMT *keymgmt, void *keyddata, int selection);
+int evp_keymgmt_validate(const EVP_KEYMGMT *keymgmt, void *keydata,
+ int selection, int checktype);
+int evp_keymgmt_match(const EVP_KEYMGMT *keymgmt,
+ const void *keydata1, const void *keydata2,
+ int selection);
+
+int evp_keymgmt_import(const EVP_KEYMGMT *keymgmt, void *keydata,
+ int selection, const OSSL_PARAM params[]);
+const OSSL_PARAM *evp_keymgmt_import_types(const EVP_KEYMGMT *keymgmt,
+ int selection);
+int evp_keymgmt_export(const EVP_KEYMGMT *keymgmt, void *keydata,
+ int selection, OSSL_CALLBACK *param_cb, void *cbarg);
+const OSSL_PARAM *evp_keymgmt_export_types(const EVP_KEYMGMT *keymgmt,
+ int selection);
+void *evp_keymgmt_dup(const EVP_KEYMGMT *keymgmt,
+ const void *keydata_from, int selection);
+
+/* Pulling defines out of C source files */
+
+# define EVP_RC4_KEY_SIZE 16
+# ifndef TLS1_1_VERSION
+# define TLS1_1_VERSION 0x0302
+# endif
+
+void evp_encode_ctx_set_flags(EVP_ENCODE_CTX *ctx, unsigned int flags);
+
+/* EVP_ENCODE_CTX flags */
+/* Don't generate new lines when encoding */
+#define EVP_ENCODE_CTX_NO_NEWLINES 1
+/* Use the SRP base64 alphabet instead of the standard one */
+#define EVP_ENCODE_CTX_USE_SRP_ALPHABET 2
+
+const EVP_CIPHER *evp_get_cipherbyname_ex(OSSL_LIB_CTX *libctx,
+ const char *name);
+const EVP_MD *evp_get_digestbyname_ex(OSSL_LIB_CTX *libctx,
+ const char *name);
+
+int ossl_pkcs5_pbkdf2_hmac_ex(const char *pass, int passlen,
+ const unsigned char *salt, int saltlen, int iter,
+ const EVP_MD *digest, int keylen,
+ unsigned char *out,
+ OSSL_LIB_CTX *libctx, const char *propq);
+
+# ifndef FIPS_MODULE
+/*
+ * Internal helpers for stricter EVP_PKEY_CTX_{set,get}_params().
+ *
+ * Return 1 on success, 0 or negative for errors.
+ *
+ * In particular they return -2 if any of the params is not supported.
+ *
+ * They are not available in FIPS_MODULE as they depend on
+ * - EVP_PKEY_CTX_{get,set}_params()
+ * - EVP_PKEY_CTX_{gettable,settable}_params()
+ *
+ */
+int evp_pkey_ctx_set_params_strict(EVP_PKEY_CTX *ctx, OSSL_PARAM *params);
+int evp_pkey_ctx_get_params_strict(EVP_PKEY_CTX *ctx, OSSL_PARAM *params);
+
+EVP_MD_CTX *evp_md_ctx_new_ex(EVP_PKEY *pkey, const ASN1_OCTET_STRING *id,
+ OSSL_LIB_CTX *libctx, const char *propq);
+int evp_pkey_name2type(const char *name);
+const char *evp_pkey_type2name(int type);
+
+int evp_pkey_ctx_set1_id_prov(EVP_PKEY_CTX *ctx, const void *id, int len);
+int evp_pkey_ctx_get1_id_prov(EVP_PKEY_CTX *ctx, void *id);
+int evp_pkey_ctx_get1_id_len_prov(EVP_PKEY_CTX *ctx, size_t *id_len);
+
+int evp_pkey_ctx_use_cached_data(EVP_PKEY_CTX *ctx);
+# endif /* !defined(FIPS_MODULE) */
+
+int evp_method_store_flush(OSSL_LIB_CTX *libctx);
+int evp_default_properties_enable_fips_int(OSSL_LIB_CTX *libctx, int enable,
+ int loadconfig);
+int evp_set_default_properties_int(OSSL_LIB_CTX *libctx, const char *propq,
+ int loadconfig, int mirrored);
+char *evp_get_global_properties_str(OSSL_LIB_CTX *libctx, int loadconfig);
+
+void evp_md_ctx_clear_digest(EVP_MD_CTX *ctx, int force);
+
+/* Three possible states: */
+# define EVP_PKEY_STATE_UNKNOWN 0
+# define EVP_PKEY_STATE_LEGACY 1
+# define EVP_PKEY_STATE_PROVIDER 2
+int evp_pkey_ctx_state(const EVP_PKEY_CTX *ctx);
+
+/* These two must ONLY be called for provider side operations */
+int evp_pkey_ctx_ctrl_to_param(EVP_PKEY_CTX *ctx,
+ int keytype, int optype,
+ int cmd, int p1, void *p2);
+int evp_pkey_ctx_ctrl_str_to_param(EVP_PKEY_CTX *ctx,
+ const char *name, const char *value);
+
+/* These two must ONLY be called for legacy operations */
+int evp_pkey_ctx_set_params_to_ctrl(EVP_PKEY_CTX *ctx, const OSSL_PARAM *params);
+int evp_pkey_ctx_get_params_to_ctrl(EVP_PKEY_CTX *ctx, OSSL_PARAM *params);
+
+/* This must ONLY be called for legacy EVP_PKEYs */
+int evp_pkey_get_params_to_ctrl(const EVP_PKEY *pkey, OSSL_PARAM *params);
+
+/* Same as the public get0 functions but are not const */
+# ifndef OPENSSL_NO_DEPRECATED_3_0
+DH *evp_pkey_get0_DH_int(const EVP_PKEY *pkey);
+EC_KEY *evp_pkey_get0_EC_KEY_int(const EVP_PKEY *pkey);
+RSA *evp_pkey_get0_RSA_int(const EVP_PKEY *pkey);
+# endif
+
+/* Get internal identification number routines */
+int evp_asym_cipher_get_number(const EVP_ASYM_CIPHER *cipher);
+int evp_cipher_get_number(const EVP_CIPHER *cipher);
+int evp_kdf_get_number(const EVP_KDF *kdf);
+int evp_kem_get_number(const EVP_KEM *wrap);
+int evp_keyexch_get_number(const EVP_KEYEXCH *keyexch);
+int evp_keymgmt_get_number(const EVP_KEYMGMT *keymgmt);
+int evp_mac_get_number(const EVP_MAC *mac);
+int evp_md_get_number(const EVP_MD *md);
+int evp_rand_get_number(const EVP_RAND *rand);
+int evp_signature_get_number(const EVP_SIGNATURE *signature);
+
+#endif /* OSSL_CRYPTO_EVP_H */
diff --git a/include/crypto/evperr.h b/include/crypto/evperr.h
new file mode 100644
index 00000000..d90ba83f
--- /dev/null
+++ b/include/crypto/evperr.h
@@ -0,0 +1,27 @@
+/*
+ * Generated by util/mkerr.pl DO NOT EDIT
+ * Copyright 2020-2021 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the Apache License 2.0 (the "License"). You may not use
+ * this file except in compliance with the License. You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#ifndef OSSL_CRYPTO_EVPERR_H
+# define OSSL_CRYPTO_EVPERR_H
+# pragma once
+
+# include <openssl/opensslconf.h>
+# include <openssl/symhacks.h>
+
+# ifdef __cplusplus
+extern "C" {
+# endif
+
+int ossl_err_load_EVP_strings(void);
+
+# ifdef __cplusplus
+}
+# endif
+#endif
diff --git a/include/crypto/httperr.h b/include/crypto/httperr.h
new file mode 100644
index 00000000..969df17b
--- /dev/null
+++ b/include/crypto/httperr.h
@@ -0,0 +1,27 @@
+/*
+ * Generated by util/mkerr.pl DO NOT EDIT
+ * Copyright 2020-2021 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the Apache License 2.0 (the "License"). You may not use
+ * this file except in compliance with the License. You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#ifndef OSSL_CRYPTO_HTTPERR_H
+# define OSSL_CRYPTO_HTTPERR_H
+# pragma once
+
+# include <openssl/opensslconf.h>
+# include <openssl/symhacks.h>
+
+# ifdef __cplusplus
+extern "C" {
+# endif
+
+int ossl_err_load_HTTP_strings(void);
+
+# ifdef __cplusplus
+}
+# endif
+#endif
diff --git a/include/crypto/lhash.h b/include/crypto/lhash.h
new file mode 100644
index 00000000..0f64869f
--- /dev/null
+++ b/include/crypto/lhash.h
@@ -0,0 +1,16 @@
+/*
+ * Copyright 2018-2021 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the Apache License 2.0 (the "License"). You may not use
+ * this file except in compliance with the License. You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#ifndef OSSL_CRYPTO_LHASH_H
+# define OSSL_CRYPTO_LHASH_H
+# pragma once
+
+unsigned long ossl_lh_strcasehash(const char *);
+
+#endif /* OSSL_CRYPTO_LHASH_H */
diff --git a/include/crypto/md32_common.h b/include/crypto/md32_common.h
new file mode 100644
index 00000000..3b16f1b7
--- /dev/null
+++ b/include/crypto/md32_common.h
@@ -0,0 +1,256 @@
+/*
+ * Copyright 1999-2018 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the Apache License 2.0 (the "License"). You may not use
+ * this file except in compliance with the License. You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+/*-
+ * This is a generic 32 bit "collector" for message digest algorithms.
+ * Whenever needed it collects input character stream into chunks of
+ * 32 bit values and invokes a block function that performs actual hash
+ * calculations.
+ *
+ * Porting guide.
+ *
+ * Obligatory macros:
+ *
+ * DATA_ORDER_IS_BIG_ENDIAN or DATA_ORDER_IS_LITTLE_ENDIAN
+ * this macro defines byte order of input stream.
+ * HASH_CBLOCK
+ * size of a unit chunk HASH_BLOCK operates on.
+ * HASH_LONG
+ * has to be at least 32 bit wide.
+ * HASH_CTX
+ * context structure that at least contains following
+ * members:
+ * typedef struct {
+ * ...
+ * HASH_LONG Nl,Nh;
+ * either {
+ * HASH_LONG data[HASH_LBLOCK];
+ * unsigned char data[HASH_CBLOCK];
+ * };
+ * unsigned int num;
+ * ...
+ * } HASH_CTX;
+ * data[] vector is expected to be zeroed upon first call to
+ * HASH_UPDATE.
+ * HASH_UPDATE
+ * name of "Update" function, implemented here.
+ * HASH_TRANSFORM
+ * name of "Transform" function, implemented here.
+ * HASH_FINAL
+ * name of "Final" function, implemented here.
+ * HASH_BLOCK_DATA_ORDER
+ * name of "block" function capable of treating *unaligned* input
+ * message in original (data) byte order, implemented externally.
+ * HASH_MAKE_STRING
+ * macro converting context variables to an ASCII hash string.
+ *
+ * MD5 example:
+ *
+ * #define DATA_ORDER_IS_LITTLE_ENDIAN
+ *
+ * #define HASH_LONG MD5_LONG
+ * #define HASH_CTX MD5_CTX
+ * #define HASH_CBLOCK MD5_CBLOCK
+ * #define HASH_UPDATE MD5_Update
+ * #define HASH_TRANSFORM MD5_Transform
+ * #define HASH_FINAL MD5_Final
+ * #define HASH_BLOCK_DATA_ORDER md5_block_data_order
+ */
+
+#include <openssl/crypto.h>
+
+#if !defined(DATA_ORDER_IS_BIG_ENDIAN) && !defined(DATA_ORDER_IS_LITTLE_ENDIAN)
+# error "DATA_ORDER must be defined!"
+#endif
+
+#ifndef HASH_CBLOCK
+# error "HASH_CBLOCK must be defined!"
+#endif
+#ifndef HASH_LONG
+# error "HASH_LONG must be defined!"
+#endif
+#ifndef HASH_CTX
+# error "HASH_CTX must be defined!"
+#endif
+
+#ifndef HASH_UPDATE
+# error "HASH_UPDATE must be defined!"
+#endif
+#ifndef HASH_TRANSFORM
+# error "HASH_TRANSFORM must be defined!"
+#endif
+#ifndef HASH_FINAL
+# error "HASH_FINAL must be defined!"
+#endif
+
+#ifndef HASH_BLOCK_DATA_ORDER
+# error "HASH_BLOCK_DATA_ORDER must be defined!"
+#endif
+
+#define ROTATE(a,n) (((a)<<(n))|(((a)&0xffffffff)>>(32-(n))))
+
+#if defined(DATA_ORDER_IS_BIG_ENDIAN)
+
+# define HOST_c2l(c,l) (l =(((unsigned long)(*((c)++)))<<24), \
+ l|=(((unsigned long)(*((c)++)))<<16), \
+ l|=(((unsigned long)(*((c)++)))<< 8), \
+ l|=(((unsigned long)(*((c)++))) ) )
+# define HOST_l2c(l,c) (*((c)++)=(unsigned char)(((l)>>24)&0xff), \
+ *((c)++)=(unsigned char)(((l)>>16)&0xff), \
+ *((c)++)=(unsigned char)(((l)>> 8)&0xff), \
+ *((c)++)=(unsigned char)(((l) )&0xff), \
+ l)
+
+#elif defined(DATA_ORDER_IS_LITTLE_ENDIAN)
+
+# define HOST_c2l(c,l) (l =(((unsigned long)(*((c)++))) ), \
+ l|=(((unsigned long)(*((c)++)))<< 8), \
+ l|=(((unsigned long)(*((c)++)))<<16), \
+ l|=(((unsigned long)(*((c)++)))<<24) )
+# define HOST_l2c(l,c) (*((c)++)=(unsigned char)(((l) )&0xff), \
+ *((c)++)=(unsigned char)(((l)>> 8)&0xff), \
+ *((c)++)=(unsigned char)(((l)>>16)&0xff), \
+ *((c)++)=(unsigned char)(((l)>>24)&0xff), \
+ l)
+
+#endif
+
+/*
+ * Time for some action :-)
+ */
+
+int HASH_UPDATE(HASH_CTX *c, const void *data_, size_t len)
+{
+ const unsigned char *data = data_;
+ unsigned char *p;
+ HASH_LONG l;
+ size_t n;
+
+ if (len == 0)
+ return 1;
+
+ l = (c->Nl + (((HASH_LONG) len) << 3)) & 0xffffffffUL;
+ if (l < c->Nl) /* overflow */
+ c->Nh++;
+ c->Nh += (HASH_LONG) (len >> 29); /* might cause compiler warning on
+ * 16-bit */
+ c->Nl = l;
+
+ n = c->num;
+ if (n != 0) {
+ p = (unsigned char *)c->data;
+
+ if (len >= HASH_CBLOCK || len + n >= HASH_CBLOCK) {
+ memcpy(p + n, data, HASH_CBLOCK - n);
+ HASH_BLOCK_DATA_ORDER(c, p, 1);
+ n = HASH_CBLOCK - n;
+ data += n;
+ len -= n;
+ c->num = 0;
+ /*
+ * We use memset rather than OPENSSL_cleanse() here deliberately.
+ * Using OPENSSL_cleanse() here could be a performance issue. It
+ * will get properly cleansed on finalisation so this isn't a
+ * security problem.
+ */
+ memset(p, 0, HASH_CBLOCK); /* keep it zeroed */
+ } else {
+ memcpy(p + n, data, len);
+ c->num += (unsigned int)len;
+ return 1;
+ }
+ }
+
+ n = len / HASH_CBLOCK;
+ if (n > 0) {
+ HASH_BLOCK_DATA_ORDER(c, data, n);
+ n *= HASH_CBLOCK;
+ data += n;
+ len -= n;
+ }
+
+ if (len != 0) {
+ p = (unsigned char *)c->data;
+ c->num = (unsigned int)len;
+ memcpy(p, data, len);
+ }
+ return 1;
+}
+
+void HASH_TRANSFORM(HASH_CTX *c, const unsigned char *data)
+{
+ HASH_BLOCK_DATA_ORDER(c, data, 1);
+}
+
+int HASH_FINAL(unsigned char *md, HASH_CTX *c)
+{
+ unsigned char *p = (unsigned char *)c->data;
+ size_t n = c->num;
+
+ p[n] = 0x80; /* there is always room for one */
+ n++;
+
+ if (n > (HASH_CBLOCK - 8)) {
+ memset(p + n, 0, HASH_CBLOCK - n);
+ n = 0;
+ HASH_BLOCK_DATA_ORDER(c, p, 1);
+ }
+ memset(p + n, 0, HASH_CBLOCK - 8 - n);
+
+ p += HASH_CBLOCK - 8;
+#if defined(DATA_ORDER_IS_BIG_ENDIAN)
+ (void)HOST_l2c(c->Nh, p);
+ (void)HOST_l2c(c->Nl, p);
+#elif defined(DATA_ORDER_IS_LITTLE_ENDIAN)
+ (void)HOST_l2c(c->Nl, p);
+ (void)HOST_l2c(c->Nh, p);
+#endif
+ p -= HASH_CBLOCK;
+ HASH_BLOCK_DATA_ORDER(c, p, 1);
+ c->num = 0;
+ OPENSSL_cleanse(p, HASH_CBLOCK);
+
+#ifndef HASH_MAKE_STRING
+# error "HASH_MAKE_STRING must be defined!"
+#else
+ HASH_MAKE_STRING(c, md);
+#endif
+
+ return 1;
+}
+
+#ifndef MD32_REG_T
+# if defined(__alpha) || defined(__sparcv9) || defined(__mips)
+# define MD32_REG_T long
+/*
+ * This comment was originally written for MD5, which is why it
+ * discusses A-D. But it basically applies to all 32-bit digests,
+ * which is why it was moved to common header file.
+ *
+ * In case you wonder why A-D are declared as long and not
+ * as MD5_LONG. Doing so results in slight performance
+ * boost on LP64 architectures. The catch is we don't
+ * really care if 32 MSBs of a 64-bit register get polluted
+ * with eventual overflows as we *save* only 32 LSBs in
+ * *either* case. Now declaring 'em long excuses the compiler
+ * from keeping 32 MSBs zeroed resulting in 13% performance
+ * improvement under SPARC Solaris7/64 and 5% under AlphaLinux.
+ * Well, to be honest it should say that this *prevents*
+ * performance degradation.
+ */
+# else
+/*
+ * Above is not absolute and there are LP64 compilers that
+ * generate better code if MD32_REG_T is defined int. The above
+ * pre-processor condition reflects the circumstances under which
+ * the conclusion was made and is subject to further extension.
+ */
+# define MD32_REG_T int
+# endif
+#endif
diff --git a/include/crypto/modes.h b/include/crypto/modes.h
new file mode 100644
index 00000000..19f9d859
--- /dev/null
+++ b/include/crypto/modes.h
@@ -0,0 +1,223 @@
+/*
+ * Copyright 2010-2021 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the Apache License 2.0 (the "License"). You may not use
+ * this file except in compliance with the License. You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+/* This header can move into provider when legacy support is removed */
+#include <openssl/modes.h>
+
+#if (defined(_WIN32) || defined(_WIN64)) && !defined(__MINGW32__)
+typedef __int64 i64;
+typedef unsigned __int64 u64;
+# define U64(C) C##UI64
+#elif defined(__arch64__)
+typedef long i64;
+typedef unsigned long u64;
+# define U64(C) C##UL
+#else
+typedef long long i64;
+typedef unsigned long long u64;
+# define U64(C) C##ULL
+#endif
+
+typedef unsigned int u32;
+typedef unsigned char u8;
+
+#define STRICT_ALIGNMENT 1
+#ifndef PEDANTIC
+# if defined(__i386) || defined(__i386__) || \
+ defined(__x86_64) || defined(__x86_64__) || \
+ defined(_M_IX86) || defined(_M_AMD64) || defined(_M_X64) || \
+ defined(__aarch64__) || \
+ defined(__s390__) || defined(__s390x__)
+# undef STRICT_ALIGNMENT
+# endif
+#endif
+
+#if !defined(PEDANTIC) && !defined(OPENSSL_NO_ASM) && !defined(OPENSSL_NO_INLINE_ASM)
+# if defined(__GNUC__) && __GNUC__>=2
+# if defined(__x86_64) || defined(__x86_64__)
+# define BSWAP8(x) ({ u64 ret_=(x); \
+ asm ("bswapq %0" \
+ : "+r"(ret_)); ret_; })
+# define BSWAP4(x) ({ u32 ret_=(x); \
+ asm ("bswapl %0" \
+ : "+r"(ret_)); ret_; })
+# elif (defined(__i386) || defined(__i386__)) && !defined(I386_ONLY)
+# define BSWAP8(x) ({ u32 lo_=(u64)(x)>>32,hi_=(x); \
+ asm ("bswapl %0; bswapl %1" \
+ : "+r"(hi_),"+r"(lo_)); \
+ (u64)hi_<<32|lo_; })
+# define BSWAP4(x) ({ u32 ret_=(x); \
+ asm ("bswapl %0" \
+ : "+r"(ret_)); ret_; })
+# elif defined(__aarch64__)
+# if defined(__BYTE_ORDER__) && defined(__ORDER_LITTLE_ENDIAN__) && \
+ __BYTE_ORDER__==__ORDER_LITTLE_ENDIAN__
+# define BSWAP8(x) ({ u64 ret_; \
+ asm ("rev %0,%1" \
+ : "=r"(ret_) : "r"(x)); ret_; })
+# define BSWAP4(x) ({ u32 ret_; \
+ asm ("rev %w0,%w1" \
+ : "=r"(ret_) : "r"(x)); ret_; })
+# endif
+# elif (defined(__arm__) || defined(__arm)) && !defined(STRICT_ALIGNMENT)
+# define BSWAP8(x) ({ u32 lo_=(u64)(x)>>32,hi_=(x); \
+ asm ("rev %0,%0; rev %1,%1" \
+ : "+r"(hi_),"+r"(lo_)); \
+ (u64)hi_<<32|lo_; })
+# define BSWAP4(x) ({ u32 ret_; \
+ asm ("rev %0,%1" \
+ : "=r"(ret_) : "r"((u32)(x))); \
+ ret_; })
+# endif
+# elif defined(_MSC_VER)
+# if _MSC_VER>=1300
+# include <stdlib.h>
+# pragma intrinsic(_byteswap_uint64,_byteswap_ulong)
+# define BSWAP8(x) _byteswap_uint64((u64)(x))
+# define BSWAP4(x) _byteswap_ulong((u32)(x))
+# elif defined(_M_IX86)
+__inline u32 _bswap4(u32 val)
+{
+_asm mov eax, val _asm bswap eax}
+# define BSWAP4(x) _bswap4(x)
+# endif
+# endif
+#endif
+#if defined(BSWAP4) && !defined(STRICT_ALIGNMENT)
+# define GETU32(p) BSWAP4(*(const u32 *)(p))
+# define PUTU32(p,v) *(u32 *)(p) = BSWAP4(v)
+#else
+# define GETU32(p) ((u32)(p)[0]<<24|(u32)(p)[1]<<16|(u32)(p)[2]<<8|(u32)(p)[3])
+# define PUTU32(p,v) ((p)[0]=(u8)((v)>>24),(p)[1]=(u8)((v)>>16),(p)[2]=(u8)((v)>>8),(p)[3]=(u8)(v))
+#endif
+/*- GCM definitions */ typedef struct {
+ u64 hi, lo;
+} u128;
+
+#ifdef TABLE_BITS
+# undef TABLE_BITS
+#endif
+/*
+ * Even though permitted values for TABLE_BITS are 8, 4 and 1, it should
+ * never be set to 8 [or 1]. For further information see gcm128.c.
+ */
+#define TABLE_BITS 4
+
+struct gcm128_context {
+ /* Following 6 names follow names in GCM specification */
+ union {
+ u64 u[2];
+ u32 d[4];
+ u8 c[16];
+ size_t t[16 / sizeof(size_t)];
+ } Yi, EKi, EK0, len, Xi, H;
+ /*
+ * Relative position of Xi, H and pre-computed Htable is used in some
+ * assembler modules, i.e. don't change the order!
+ */
+#if TABLE_BITS==8
+ u128 Htable[256];
+#else
+ u128 Htable[16];
+ void (*gmult) (u64 Xi[2], const u128 Htable[16]);
+ void (*ghash) (u64 Xi[2], const u128 Htable[16], const u8 *inp,
+ size_t len);
+#endif
+ unsigned int mres, ares;
+ block128_f block;
+ void *key;
+#if !defined(OPENSSL_SMALL_FOOTPRINT)
+ unsigned char Xn[48];
+#endif
+};
+
+/*
+ * The maximum permitted number of cipher blocks per data unit in XTS mode.
+ * Reference IEEE Std 1619-2018.
+ */
+#define XTS_MAX_BLOCKS_PER_DATA_UNIT (1<<20)
+
+struct xts128_context {
+ void *key1, *key2;
+ block128_f block1, block2;
+};
+
+struct ccm128_context {
+ union {
+ u64 u[2];
+ u8 c[16];
+ } nonce, cmac;
+ u64 blocks;
+ block128_f block;
+ void *key;
+};
+
+#ifndef OPENSSL_NO_OCB
+
+typedef union {
+ u64 a[2];
+ unsigned char c[16];
+} OCB_BLOCK;
+# define ocb_block16_xor(in1,in2,out) \
+ ( (out)->a[0]=(in1)->a[0]^(in2)->a[0], \
+ (out)->a[1]=(in1)->a[1]^(in2)->a[1] )
+# if STRICT_ALIGNMENT
+# define ocb_block16_xor_misaligned(in1,in2,out) \
+ ocb_block_xor((in1)->c,(in2)->c,16,(out)->c)
+# else
+# define ocb_block16_xor_misaligned ocb_block16_xor
+# endif
+
+struct ocb128_context {
+ /* Need both encrypt and decrypt key schedules for decryption */
+ block128_f encrypt;
+ block128_f decrypt;
+ void *keyenc;
+ void *keydec;
+ ocb128_f stream; /* direction dependent */
+ /* Key dependent variables. Can be reused if key remains the same */
+ size_t l_index;
+ size_t max_l_index;
+ OCB_BLOCK l_star;
+ OCB_BLOCK l_dollar;
+ OCB_BLOCK *l;
+ /* Must be reset for each session */
+ struct {
+ u64 blocks_hashed;
+ u64 blocks_processed;
+ OCB_BLOCK offset_aad;
+ OCB_BLOCK sum;
+ OCB_BLOCK offset;
+ OCB_BLOCK checksum;
+ } sess;
+};
+#endif /* OPENSSL_NO_OCB */
+
+#ifndef OPENSSL_NO_SIV
+
+#define SIV_LEN 16
+
+typedef union siv_block_u {
+ uint64_t word[SIV_LEN/sizeof(uint64_t)];
+ unsigned char byte[SIV_LEN];
+} SIV_BLOCK;
+
+struct siv128_context {
+ /* d stores intermediate results of S2V; it corresponds to D from the
+ pseudocode in section 2.4 of RFC 5297. */
+ SIV_BLOCK d;
+ SIV_BLOCK tag;
+ EVP_CIPHER_CTX *cipher_ctx;
+ EVP_MAC *mac;
+ EVP_MAC_CTX *mac_ctx_init;
+ int final_ret;
+ int crypto_ok;
+};
+
+#endif /* OPENSSL_NO_SIV */
diff --git a/include/crypto/objects.h b/include/crypto/objects.h
new file mode 100644
index 00000000..f22e9287
--- /dev/null
+++ b/include/crypto/objects.h
@@ -0,0 +1,12 @@
+/*
+ * Copyright 2016-2021 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the Apache License 2.0 (the "License"). You may not use
+ * this file except in compliance with the License. You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <openssl/objects.h>
+
+void ossl_obj_cleanup_int(void);
diff --git a/include/crypto/objectserr.h b/include/crypto/objectserr.h
new file mode 100644
index 00000000..ec994824
--- /dev/null
+++ b/include/crypto/objectserr.h
@@ -0,0 +1,27 @@
+/*
+ * Generated by util/mkerr.pl DO NOT EDIT
+ * Copyright 2020-2021 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the Apache License 2.0 (the "License"). You may not use
+ * this file except in compliance with the License. You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#ifndef OSSL_CRYPTO_OBJECTSERR_H
+# define OSSL_CRYPTO_OBJECTSERR_H
+# pragma once
+
+# include <openssl/opensslconf.h>
+# include <openssl/symhacks.h>
+
+# ifdef __cplusplus
+extern "C" {
+# endif
+
+int ossl_err_load_OBJ_strings(void);
+
+# ifdef __cplusplus
+}
+# endif
+#endif
diff --git a/include/crypto/ocsperr.h b/include/crypto/ocsperr.h
new file mode 100644
index 00000000..f9529b2a
--- /dev/null
+++ b/include/crypto/ocsperr.h
@@ -0,0 +1,30 @@
+/*
+ * Generated by util/mkerr.pl DO NOT EDIT
+ * Copyright 2020-2021 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the Apache License 2.0 (the "License"). You may not use
+ * this file except in compliance with the License. You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#ifndef OSSL_CRYPTO_OCSPERR_H
+# define OSSL_CRYPTO_OCSPERR_H
+# pragma once
+
+# include <openssl/opensslconf.h>
+# include <openssl/symhacks.h>
+
+# ifdef __cplusplus
+extern "C" {
+# endif
+
+# ifndef OPENSSL_NO_OCSP
+
+int ossl_err_load_OCSP_strings(void);
+# endif
+
+# ifdef __cplusplus
+}
+# endif
+#endif
diff --git a/include/crypto/pem.h b/include/crypto/pem.h
new file mode 100644
index 00000000..840dc18f
--- /dev/null
+++ b/include/crypto/pem.h
@@ -0,0 +1,51 @@
+/*
+ * Copyright 2018-2021 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License"). You may not use
+ * this file except in compliance with the License. You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#ifndef OSSL_INTERNAL_PEM_H
+# define OSSL_INTERNAL_PEM_H
+# pragma once
+
+# include <openssl/pem.h>
+# include "crypto/types.h"
+
+/* Found in crypto/pem/pvkfmt.c */
+
+/* Maximum length of a blob after header */
+# define BLOB_MAX_LENGTH 102400
+
+int ossl_do_blob_header(const unsigned char **in, unsigned int length,
+ unsigned int *pmagic, unsigned int *pbitlen,
+ int *pisdss, int *pispub);
+unsigned int ossl_blob_length(unsigned bitlen, int isdss, int ispub);
+int ossl_do_PVK_header(const unsigned char **in, unsigned int length,
+ int skip_magic,
+ unsigned int *psaltlen, unsigned int *pkeylen);
+# ifndef OPENSSL_NO_DEPRECATED_3_0
+# ifndef OPENSSL_NO_DSA
+DSA *ossl_b2i_DSA_after_header(const unsigned char **in, unsigned int bitlen,
+ int ispub);
+# endif
+RSA *ossl_b2i_RSA_after_header(const unsigned char **in, unsigned int bitlen,
+ int ispub);
+# endif
+EVP_PKEY *ossl_b2i(const unsigned char **in, unsigned int length, int *ispub);
+EVP_PKEY *ossl_b2i_bio(BIO *in, int *ispub);
+
+# ifndef OPENSSL_NO_DEPRECATED_3_0
+# ifndef OPENSSL_NO_DSA
+DSA *b2i_DSA_PVK_bio(BIO *in, pem_password_cb *cb, void *u);
+DSA *b2i_DSA_PVK_bio_ex(BIO *in, pem_password_cb *cb, void *u,
+ OSSL_LIB_CTX *libctx, const char *propq);
+# endif
+RSA *b2i_RSA_PVK_bio(BIO *in, pem_password_cb *cb, void *u);
+RSA *b2i_RSA_PVK_bio_ex(BIO *in, pem_password_cb *cb, void *u,
+ OSSL_LIB_CTX *libctx, const char *propq);
+# endif
+
+#endif
diff --git a/include/crypto/pemerr.h b/include/crypto/pemerr.h
new file mode 100644
index 00000000..b255ff5c
--- /dev/null
+++ b/include/crypto/pemerr.h
@@ -0,0 +1,27 @@
+/*
+ * Generated by util/mkerr.pl DO NOT EDIT
+ * Copyright 2020-2021 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the Apache License 2.0 (the "License"). You may not use
+ * this file except in compliance with the License. You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#ifndef OSSL_CRYPTO_PEMERR_H
+# define OSSL_CRYPTO_PEMERR_H
+# pragma once
+
+# include <openssl/opensslconf.h>
+# include <openssl/symhacks.h>
+
+# ifdef __cplusplus
+extern "C" {
+# endif
+
+int ossl_err_load_PEM_strings(void);
+
+# ifdef __cplusplus
+}
+# endif
+#endif
diff --git a/include/crypto/pkcs12err.h b/include/crypto/pkcs12err.h
new file mode 100644
index 00000000..662f412e
--- /dev/null
+++ b/include/crypto/pkcs12err.h
@@ -0,0 +1,27 @@
+/*
+ * Generated by util/mkerr.pl DO NOT EDIT
+ * Copyright 2020-2021 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the Apache License 2.0 (the "License"). You may not use
+ * this file except in compliance with the License. You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#ifndef OSSL_CRYPTO_PKCS12ERR_H
+# define OSSL_CRYPTO_PKCS12ERR_H
+# pragma once
+
+# include <openssl/opensslconf.h>
+# include <openssl/symhacks.h>
+
+# ifdef __cplusplus
+extern "C" {
+# endif
+
+int ossl_err_load_PKCS12_strings(void);
+
+# ifdef __cplusplus
+}
+# endif
+#endif
diff --git a/include/crypto/pkcs7.h b/include/crypto/pkcs7.h
new file mode 100644
index 00000000..9caa9af4
--- /dev/null
+++ b/include/crypto/pkcs7.h
@@ -0,0 +1,19 @@
+/*
+ * Copyright 2020-2021 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the Apache License 2.0 (the "License"). You may not use
+ * this file except in compliance with the License. You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#ifndef OSSL_CRYPTO_PKCS7_H
+# define OSSL_CRYPTO_PKCS7_H
+# pragma once
+
+void ossl_pkcs7_resolve_libctx(PKCS7 *p7);
+
+void ossl_pkcs7_set0_libctx(PKCS7 *p7, OSSL_LIB_CTX *ctx);
+int ossl_pkcs7_set1_propq(PKCS7 *p7, const char *propq);
+
+#endif
diff --git a/include/crypto/pkcs7err.h b/include/crypto/pkcs7err.h
new file mode 100644
index 00000000..c195190b
--- /dev/null
+++ b/include/crypto/pkcs7err.h
@@ -0,0 +1,27 @@
+/*
+ * Generated by util/mkerr.pl DO NOT EDIT
+ * Copyright 2020-2021 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the Apache License 2.0 (the "License"). You may not use
+ * this file except in compliance with the License. You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#ifndef OSSL_CRYPTO_PKCS7ERR_H
+# define OSSL_CRYPTO_PKCS7ERR_H
+# pragma once
+
+# include <openssl/opensslconf.h>
+# include <openssl/symhacks.h>
+
+# ifdef __cplusplus
+extern "C" {
+# endif
+
+int ossl_err_load_PKCS7_strings(void);
+
+# ifdef __cplusplus
+}
+# endif
+#endif
diff --git a/include/crypto/poly1305.h b/include/crypto/poly1305.h
new file mode 100644
index 00000000..ba54f3bd
--- /dev/null
+++ b/include/crypto/poly1305.h
@@ -0,0 +1,46 @@
+/*
+ * Copyright 2015-2021 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the Apache License 2.0 (the "License"). You may not use
+ * this file except in compliance with the License. You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#ifndef OSSL_CRYPTO_POLY1305_H
+# define OSSL_CRYPTO_POLY1305_H
+# pragma once
+
+#include <stddef.h>
+
+#define POLY1305_BLOCK_SIZE 16
+#define POLY1305_DIGEST_SIZE 16
+#define POLY1305_KEY_SIZE 32
+
+typedef struct poly1305_context POLY1305;
+
+typedef void (*poly1305_blocks_f) (void *ctx, const unsigned char *inp,
+ size_t len, unsigned int padbit);
+typedef void (*poly1305_emit_f) (void *ctx, unsigned char mac[16],
+ const unsigned int nonce[4]);
+
+struct poly1305_context {
+ double opaque[24]; /* large enough to hold internal state, declared
+ * 'double' to ensure at least 64-bit invariant
+ * alignment across all platforms and
+ * configurations */
+ unsigned int nonce[4];
+ unsigned char data[POLY1305_BLOCK_SIZE];
+ size_t num;
+ struct {
+ poly1305_blocks_f blocks;
+ poly1305_emit_f emit;
+ } func;
+};
+
+size_t Poly1305_ctx_size(void);
+void Poly1305_Init(POLY1305 *ctx, const unsigned char key[32]);
+void Poly1305_Update(POLY1305 *ctx, const unsigned char *inp, size_t len);
+void Poly1305_Final(POLY1305 *ctx, unsigned char mac[16]);
+
+#endif /* OSSL_CRYPTO_POLY1305_H */
diff --git a/include/crypto/ppc_arch.h b/include/crypto/ppc_arch.h
new file mode 100644
index 00000000..3b3ce4bf
--- /dev/null
+++ b/include/crypto/ppc_arch.h
@@ -0,0 +1,28 @@
+/*
+ * Copyright 2014-2021 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the Apache License 2.0 (the "License"). You may not use
+ * this file except in compliance with the License. You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#ifndef OSSL_CRYPTO_PPC_ARCH_H
+# define OSSL_CRYPTO_PPC_ARCH_H
+
+extern unsigned int OPENSSL_ppccap_P;
+
+/*
+ * Flags' usage can appear ambiguous, because they are set rather
+ * to reflect OpenSSL performance preferences than actual processor
+ * capabilities.
+ */
+# define PPC_FPU64 (1<<0)
+# define PPC_ALTIVEC (1<<1)
+# define PPC_CRYPTO207 (1<<2)
+# define PPC_FPU (1<<3)
+# define PPC_MADD300 (1<<4)
+# define PPC_MFTB (1<<5)
+# define PPC_MFSPR268 (1<<6)
+
+#endif
diff --git a/include/crypto/punycode.h b/include/crypto/punycode.h
new file mode 100644
index 00000000..133826d8
--- /dev/null
+++ b/include/crypto/punycode.h
@@ -0,0 +1,24 @@
+/*
+ * Copyright 2019-2021 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the Apache License 2.0 (the "License"). You may not use
+ * this file except in compliance with the License. You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#ifndef OSSL_CRYPTO_PUNYCODE_H
+# define OSSL_CRYPTO_PUNYCODE_H
+# pragma once
+
+int ossl_punycode_decode (
+ const char *pEncoded,
+ const size_t enc_len,
+ unsigned int *pDecoded,
+ unsigned int *pout_length
+);
+
+int ossl_a2ulabel(const char *in, char *out, size_t *outlen);
+
+int ossl_a2ucompare(const char *a, const char *u);
+#endif
diff --git a/include/crypto/rand.h b/include/crypto/rand.h
new file mode 100644
index 00000000..fa3b5b2b
--- /dev/null
+++ b/include/crypto/rand.h
@@ -0,0 +1,128 @@
+/*
+ * Copyright 2016-2021 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the Apache License 2.0 (the "License"). You may not use
+ * this file except in compliance with the License. You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+/*
+ * Licensed under the Apache License 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ * https://www.openssl.org/source/license.html
+ * or in the file LICENSE in the source distribution.
+ */
+
+#ifndef OSSL_CRYPTO_RAND_H
+# define OSSL_CRYPTO_RAND_H
+# pragma once
+
+# include <openssl/rand.h>
+# include "crypto/rand_pool.h"
+
+# if defined(__APPLE__) && !defined(OPENSSL_NO_APPLE_CRYPTO_RANDOM)
+# include <Availability.h>
+# if (defined(__MAC_OS_X_VERSION_MIN_REQUIRED) && __MAC_OS_X_VERSION_MIN_REQUIRED >= 101200) || \
+ (defined(__IPHONE_OS_VERSION_MIN_REQUIRED) && __IPHONE_OS_VERSION_MIN_REQUIRED >= 80000)
+# define OPENSSL_APPLE_CRYPTO_RANDOM 1
+# include <CommonCrypto/CommonCryptoError.h>
+# include <CommonCrypto/CommonRandom.h>
+# endif
+# endif
+
+/*
+ * Defines related to seed sources
+ */
+#ifndef DEVRANDOM
+/*
+ * set this to a comma-separated list of 'random' device files to try out. By
+ * default, we will try to read at least one of these files
+ */
+# define DEVRANDOM "/dev/urandom", "/dev/random", "/dev/hwrng", "/dev/srandom"
+# if defined(__linux) && !defined(__ANDROID__)
+# ifndef DEVRANDOM_WAIT
+# define DEVRANDOM_WAIT "/dev/random"
+# endif
+/*
+ * Linux kernels 4.8 and later changes how their random device works and there
+ * is no reliable way to tell that /dev/urandom has been seeded -- getentropy(2)
+ * should be used instead.
+ */
+# ifndef DEVRANDOM_SAFE_KERNEL
+# define DEVRANDOM_SAFE_KERNEL 4, 8
+# endif
+/*
+ * Some operating systems do not permit select(2) on their random devices,
+ * defining this to zero will force the use of read(2) to extract one byte
+ * from /dev/random.
+ */
+# ifndef DEVRANDM_WAIT_USE_SELECT
+# define DEVRANDM_WAIT_USE_SELECT 1
+# endif
+/*
+ * Define the shared memory identifier used to indicate if the operating
+ * system has properly seeded the DEVRANDOM source.
+ */
+# ifndef OPENSSL_RAND_SEED_DEVRANDOM_SHM_ID
+# define OPENSSL_RAND_SEED_DEVRANDOM_SHM_ID 114
+# endif
+
+# endif
+#endif
+
+#if !defined(OPENSSL_NO_EGD) && !defined(DEVRANDOM_EGD)
+/*
+ * set this to a comma-separated list of 'egd' sockets to try out. These
+ * sockets will be tried in the order listed in case accessing the device
+ * files listed in DEVRANDOM did not return enough randomness.
+ */
+# define DEVRANDOM_EGD "/var/run/egd-pool", "/dev/egd-pool", "/etc/egd-pool", "/etc/entropy"
+#endif
+
+void ossl_rand_cleanup_int(void);
+
+/*
+ * Initialise the random pool reseeding sources.
+ *
+ * Returns 1 on success and 0 on failure.
+ */
+int ossl_rand_pool_init(void);
+
+/*
+ * Finalise the random pool reseeding sources.
+ */
+void ossl_rand_pool_cleanup(void);
+
+/*
+ * Control the random pool use of open file descriptors.
+ */
+void ossl_rand_pool_keep_random_devices_open(int keep);
+
+/*
+ * Configuration
+ */
+void ossl_random_add_conf_module(void);
+
+/*
+ * Get and cleanup random seed material.
+ */
+size_t ossl_rand_get_entropy(ossl_unused OSSL_CORE_HANDLE *handle,
+ unsigned char **pout, int entropy,
+ size_t min_len, size_t max_len);
+void ossl_rand_cleanup_entropy(ossl_unused OSSL_CORE_HANDLE *handle,
+ unsigned char *buf, size_t len);
+size_t ossl_rand_get_nonce(ossl_unused OSSL_CORE_HANDLE *handle,
+ unsigned char **pout, size_t min_len, size_t max_len,
+ const void *salt, size_t salt_len);
+void ossl_rand_cleanup_nonce(ossl_unused OSSL_CORE_HANDLE *handle,
+ unsigned char *buf, size_t len);
+
+/*
+ * Get seeding material from the operating system sources.
+ */
+size_t ossl_pool_acquire_entropy(RAND_POOL *pool);
+int ossl_pool_add_nonce_data(RAND_POOL *pool);
+
+#endif
diff --git a/include/crypto/rand_pool.h b/include/crypto/rand_pool.h
new file mode 100644
index 00000000..f4d1d954
--- /dev/null
+++ b/include/crypto/rand_pool.h
@@ -0,0 +1,109 @@
+/*
+ * Copyright 1995-2021 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the Apache License 2.0 (the "License"). You may not use
+ * this file except in compliance with the License. You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#ifndef OSSL_PROVIDER_RAND_POOL_H
+# define OSSL_PROVIDER_RAND_POOL_H
+# pragma once
+
+# include <stdio.h>
+# include <openssl/rand.h>
+
+/*
+ * Maximum allocation size for RANDOM_POOL buffers
+ *
+ * The max_len value for the buffer provided to the rand_drbg_get_entropy()
+ * callback is currently 2^31 bytes (2 gigabytes), if a derivation function
+ * is used. Since this is much too large to be allocated, the ossl_rand_pool_new()
+ * function chooses more modest values as default pool length, bounded
+ * by RAND_POOL_MIN_LENGTH and RAND_POOL_MAX_LENGTH
+ *
+ * The choice of the RAND_POOL_FACTOR is large enough such that the
+ * RAND_POOL can store a random input which has a lousy entropy rate of
+ * 8/256 (= 0.03125) bits per byte. This input will be sent through the
+ * derivation function which 'compresses' the low quality input into a
+ * high quality output.
+ *
+ * The factor 1.5 below is the pessimistic estimate for the extra amount
+ * of entropy required when no get_nonce() callback is defined.
+ */
+# define RAND_POOL_FACTOR 256
+# define RAND_POOL_MAX_LENGTH (RAND_POOL_FACTOR * \
+ 3 * (RAND_DRBG_STRENGTH / 16))
+/*
+ * = (RAND_POOL_FACTOR * \
+ * 1.5 * (RAND_DRBG_STRENGTH / 8))
+ */
+
+/*
+ * Initial allocation minimum.
+ *
+ * There is a distinction between the secure and normal allocation minimums.
+ * Ideally, the secure allocation size should be a power of two. The normal
+ * allocation size doesn't have any such restriction.
+ *
+ * The secure value is based on 128 bits of secure material, which is 16 bytes.
+ * Typically, the DRBGs will set a minimum larger than this so optimal
+ * allocation ought to take place (for full quality seed material).
+ *
+ * The normal value has been chosen by noticing that the rand_drbg_get_nonce
+ * function is usually the largest of the built in allocation (twenty four
+ * bytes and then appending another sixteen bytes). This means the buffer ends
+ * with 40 bytes. The value of forty eight is comfortably above this which
+ * allows some slack in the platform specific values used.
+ */
+# define RAND_POOL_MIN_ALLOCATION(secure) ((secure) ? 16 : 48)
+
+/*
+ * The 'random pool' acts as a dumb container for collecting random
+ * input from various entropy sources. It is the callers duty to 1) initialize
+ * the random pool, 2) pass it to the polling callbacks, 3) seed the RNG, and
+ * 4) cleanup the random pool again.
+ *
+ * The random pool contains no locking mechanism because its scope and
+ * lifetime is intended to be restricted to a single stack frame.
+ */
+typedef struct rand_pool_st {
+ unsigned char *buffer; /* points to the beginning of the random pool */
+ size_t len; /* current number of random bytes contained in the pool */
+
+ int attached; /* true pool was attached to existing buffer */
+ int secure; /* 1: allocated on the secure heap, 0: otherwise */
+
+ size_t min_len; /* minimum number of random bytes requested */
+ size_t max_len; /* maximum number of random bytes (allocated buffer size) */
+ size_t alloc_len; /* current number of bytes allocated */
+ size_t entropy; /* current entropy count in bits */
+ size_t entropy_requested; /* requested entropy count in bits */
+} RAND_POOL;
+
+RAND_POOL *ossl_rand_pool_new(int entropy_requested, int secure,
+ size_t min_len, size_t max_len);
+RAND_POOL *ossl_rand_pool_attach(const unsigned char *buffer, size_t len,
+ size_t entropy);
+void ossl_rand_pool_free(RAND_POOL *pool);
+
+const unsigned char *ossl_rand_pool_buffer(RAND_POOL *pool);
+unsigned char *ossl_rand_pool_detach(RAND_POOL *pool);
+void ossl_rand_pool_reattach(RAND_POOL *pool, unsigned char *buffer);
+
+size_t ossl_rand_pool_entropy(RAND_POOL *pool);
+size_t ossl_rand_pool_length(RAND_POOL *pool);
+
+size_t ossl_rand_pool_entropy_available(RAND_POOL *pool);
+size_t ossl_rand_pool_entropy_needed(RAND_POOL *pool);
+/* |entropy_factor| expresses how many bits of data contain 1 bit of entropy */
+size_t ossl_rand_pool_bytes_needed(RAND_POOL *pool, unsigned int entropy_factor);
+size_t ossl_rand_pool_bytes_remaining(RAND_POOL *pool);
+
+int ossl_rand_pool_add(RAND_POOL *pool,
+ const unsigned char *buffer, size_t len, size_t entropy);
+unsigned char *ossl_rand_pool_add_begin(RAND_POOL *pool, size_t len);
+int ossl_rand_pool_add_end(RAND_POOL *pool, size_t len, size_t entropy);
+
+#endif /* OSSL_PROVIDER_RAND_POOL_H */
diff --git a/include/crypto/randerr.h b/include/crypto/randerr.h
new file mode 100644
index 00000000..832a8b7d
--- /dev/null
+++ b/include/crypto/randerr.h
@@ -0,0 +1,27 @@
+/*
+ * Generated by util/mkerr.pl DO NOT EDIT
+ * Copyright 2020-2021 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the Apache License 2.0 (the "License"). You may not use
+ * this file except in compliance with the License. You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#ifndef OSSL_CRYPTO_RANDERR_H
+# define OSSL_CRYPTO_RANDERR_H
+# pragma once
+
+# include <openssl/opensslconf.h>
+# include <openssl/symhacks.h>
+
+# ifdef __cplusplus
+extern "C" {
+# endif
+
+int ossl_err_load_RAND_strings(void);
+
+# ifdef __cplusplus
+}
+# endif
+#endif
diff --git a/include/crypto/rsa.h b/include/crypto/rsa.h
new file mode 100644
index 00000000..100e7ceb
--- /dev/null
+++ b/include/crypto/rsa.h
@@ -0,0 +1,129 @@
+/*
+ * Copyright 2019-2021 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the Apache License 2.0 (the "License"). You may not use
+ * this file except in compliance with the License. You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#ifndef OSSL_INTERNAL_RSA_H
+# define OSSL_INTERNAL_RSA_H
+# pragma once
+
+# include <openssl/core.h>
+# include <openssl/rsa.h>
+# include "crypto/types.h"
+
+#define RSA_MIN_MODULUS_BITS 512
+
+typedef struct rsa_pss_params_30_st {
+ int hash_algorithm_nid;
+ struct {
+ int algorithm_nid; /* Currently always NID_mgf1 */
+ int hash_algorithm_nid;
+ } mask_gen;
+ int salt_len;
+ int trailer_field;
+} RSA_PSS_PARAMS_30;
+
+RSA_PSS_PARAMS_30 *ossl_rsa_get0_pss_params_30(RSA *r);
+int ossl_rsa_pss_params_30_set_defaults(RSA_PSS_PARAMS_30 *rsa_pss_params);
+int ossl_rsa_pss_params_30_copy(RSA_PSS_PARAMS_30 *to,
+ const RSA_PSS_PARAMS_30 *from);
+int ossl_rsa_pss_params_30_is_unrestricted(const RSA_PSS_PARAMS_30 *rsa_pss_params);
+int ossl_rsa_pss_params_30_set_hashalg(RSA_PSS_PARAMS_30 *rsa_pss_params,
+ int hashalg_nid);
+int ossl_rsa_pss_params_30_set_maskgenalg(RSA_PSS_PARAMS_30 *rsa_pss_params,
+ int maskgenalg_nid);
+int ossl_rsa_pss_params_30_set_maskgenhashalg(RSA_PSS_PARAMS_30 *rsa_pss_params,
+ int maskgenhashalg_nid);
+int ossl_rsa_pss_params_30_set_saltlen(RSA_PSS_PARAMS_30 *rsa_pss_params,
+ int saltlen);
+int ossl_rsa_pss_params_30_set_trailerfield(RSA_PSS_PARAMS_30 *rsa_pss_params,
+ int trailerfield);
+int ossl_rsa_pss_params_30_hashalg(const RSA_PSS_PARAMS_30 *rsa_pss_params);
+int ossl_rsa_pss_params_30_maskgenalg(const RSA_PSS_PARAMS_30 *rsa_pss_params);
+int ossl_rsa_pss_params_30_maskgenhashalg(const RSA_PSS_PARAMS_30 *rsa_pss_params);
+int ossl_rsa_pss_params_30_saltlen(const RSA_PSS_PARAMS_30 *rsa_pss_params);
+int ossl_rsa_pss_params_30_trailerfield(const RSA_PSS_PARAMS_30 *rsa_pss_params);
+
+const char *ossl_rsa_mgf_nid2name(int mgf);
+int ossl_rsa_oaeppss_md2nid(const EVP_MD *md);
+const char *ossl_rsa_oaeppss_nid2name(int md);
+
+RSA *ossl_rsa_new_with_ctx(OSSL_LIB_CTX *libctx);
+OSSL_LIB_CTX *ossl_rsa_get0_libctx(RSA *r);
+void ossl_rsa_set0_libctx(RSA *r, OSSL_LIB_CTX *libctx);
+
+int ossl_rsa_set0_all_params(RSA *r, const STACK_OF(BIGNUM) *primes,
+ const STACK_OF(BIGNUM) *exps,
+ const STACK_OF(BIGNUM) *coeffs);
+int ossl_rsa_get0_all_params(RSA *r, STACK_OF(BIGNUM_const) *primes,
+ STACK_OF(BIGNUM_const) *exps,
+ STACK_OF(BIGNUM_const) *coeffs);
+int ossl_rsa_is_foreign(const RSA *rsa);
+RSA *ossl_rsa_dup(const RSA *rsa, int selection);
+
+int ossl_rsa_todata(RSA *rsa, OSSL_PARAM_BLD *bld, OSSL_PARAM params[]);
+int ossl_rsa_fromdata(RSA *rsa, const OSSL_PARAM params[]);
+int ossl_rsa_pss_params_30_todata(const RSA_PSS_PARAMS_30 *pss,
+ OSSL_PARAM_BLD *bld, OSSL_PARAM params[]);
+int ossl_rsa_pss_params_30_fromdata(RSA_PSS_PARAMS_30 *pss_params,
+ int *defaults_set,
+ const OSSL_PARAM params[],
+ OSSL_LIB_CTX *libctx);
+int ossl_rsa_set0_pss_params(RSA *r, RSA_PSS_PARAMS *pss);
+int ossl_rsa_pss_get_param_unverified(const RSA_PSS_PARAMS *pss,
+ const EVP_MD **pmd, const EVP_MD **pmgf1md,
+ int *psaltlen, int *ptrailerField);
+RSA_PSS_PARAMS *ossl_rsa_pss_decode(const X509_ALGOR *alg);
+int ossl_rsa_param_decode(RSA *rsa, const X509_ALGOR *alg);
+RSA *ossl_rsa_key_from_pkcs8(const PKCS8_PRIV_KEY_INFO *p8inf,
+ OSSL_LIB_CTX *libctx, const char *propq);
+
+int ossl_rsa_padding_check_PKCS1_type_2_TLS(OSSL_LIB_CTX *ctx, unsigned char *to,
+ size_t tlen,
+ const unsigned char *from,
+ size_t flen, int client_version,
+ int alt_version);
+int ossl_rsa_padding_add_PKCS1_OAEP_mgf1_ex(OSSL_LIB_CTX *libctx,
+ unsigned char *to, int tlen,
+ const unsigned char *from, int flen,
+ const unsigned char *param,
+ int plen, const EVP_MD *md,
+ const EVP_MD *mgf1md);
+
+int ossl_rsa_validate_public(const RSA *key);
+int ossl_rsa_validate_private(const RSA *key);
+int ossl_rsa_validate_pairwise(const RSA *key);
+
+int ossl_rsa_verify(int dtype, const unsigned char *m,
+ unsigned int m_len, unsigned char *rm,
+ size_t *prm_len, const unsigned char *sigbuf,
+ size_t siglen, RSA *rsa);
+
+const unsigned char *ossl_rsa_digestinfo_encoding(int md_nid, size_t *len);
+
+extern const char *ossl_rsa_mp_factor_names[];
+extern const char *ossl_rsa_mp_exp_names[];
+extern const char *ossl_rsa_mp_coeff_names[];
+
+ASN1_STRING *ossl_rsa_ctx_to_pss_string(EVP_PKEY_CTX *pkctx);
+int ossl_rsa_pss_to_ctx(EVP_MD_CTX *ctx, EVP_PKEY_CTX *pkctx,
+ const X509_ALGOR *sigalg, EVP_PKEY *pkey);
+
+# if defined(FIPS_MODULE) && !defined(OPENSSL_NO_ACVP_TESTS)
+int ossl_rsa_acvp_test_gen_params_new(OSSL_PARAM **dst, const OSSL_PARAM src[]);
+void ossl_rsa_acvp_test_gen_params_free(OSSL_PARAM *dst);
+
+int ossl_rsa_acvp_test_set_params(RSA *r, const OSSL_PARAM params[]);
+int ossl_rsa_acvp_test_get_params(RSA *r, OSSL_PARAM params[]);
+typedef struct rsa_acvp_test_st RSA_ACVP_TEST;
+void ossl_rsa_acvp_test_free(RSA_ACVP_TEST *t);
+# else
+# define RSA_ACVP_TEST void
+# endif
+
+RSA *evp_pkey_get1_RSA_PSS(EVP_PKEY *pkey);
+#endif
diff --git a/include/crypto/rsaerr.h b/include/crypto/rsaerr.h
new file mode 100644
index 00000000..9b23500b
--- /dev/null
+++ b/include/crypto/rsaerr.h
@@ -0,0 +1,27 @@
+/*
+ * Generated by util/mkerr.pl DO NOT EDIT
+ * Copyright 2020-2021 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the Apache License 2.0 (the "License"). You may not use
+ * this file except in compliance with the License. You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#ifndef OSSL_CRYPTO_RSAERR_H
+# define OSSL_CRYPTO_RSAERR_H
+# pragma once
+
+# include <openssl/opensslconf.h>
+# include <openssl/symhacks.h>
+
+# ifdef __cplusplus
+extern "C" {
+# endif
+
+int ossl_err_load_RSA_strings(void);
+
+# ifdef __cplusplus
+}
+# endif
+#endif
diff --git a/include/crypto/security_bits.h b/include/crypto/security_bits.h
new file mode 100644
index 00000000..58f49681
--- /dev/null
+++ b/include/crypto/security_bits.h
@@ -0,0 +1,16 @@
+/*
+ * Copyright 2019-2021 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the Apache License 2.0 (the "License"). You may not use
+ * this file except in compliance with the License. You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#ifndef OSSL_SECURITY_BITS_H
+# define OSSL_SECURITY_BITS_H
+# pragma once
+
+uint16_t ossl_ifc_ffc_compute_security_bits(int n);
+
+#endif
diff --git a/include/crypto/sha.h b/include/crypto/sha.h
new file mode 100644
index 00000000..64305d17
--- /dev/null
+++ b/include/crypto/sha.h
@@ -0,0 +1,22 @@
+/*
+ * Copyright 2018-2021 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright (c) 2018, Oracle and/or its affiliates. All rights reserved.
+ *
+ * Licensed under the Apache License 2.0 (the "License"). You may not use
+ * this file except in compliance with the License. You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#ifndef OSSL_CRYPTO_SHA_H
+# define OSSL_CRYPTO_SHA_H
+# pragma once
+
+# include <openssl/sha.h>
+
+int sha512_224_init(SHA512_CTX *);
+int sha512_256_init(SHA512_CTX *);
+int ossl_sha1_ctrl(SHA_CTX *ctx, int cmd, int mslen, void *ms);
+unsigned char *ossl_sha1(const unsigned char *d, size_t n, unsigned char *md);
+
+#endif
diff --git a/include/crypto/siphash.h b/include/crypto/siphash.h
new file mode 100644
index 00000000..0d0767fc
--- /dev/null
+++ b/include/crypto/siphash.h
@@ -0,0 +1,50 @@
+/*
+ * Copyright 2017-2021 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the Apache License 2.0 (the "License"). You may not use
+ * this file except in compliance with the License. You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#ifndef OSSL_CRYPTO_SIPHASH_H
+# define OSSL_CRYPTO_SIPHASH_H
+# pragma once
+
+# include <stddef.h>
+
+# define SIPHASH_BLOCK_SIZE 8
+# define SIPHASH_KEY_SIZE 16
+# define SIPHASH_MIN_DIGEST_SIZE 8
+# define SIPHASH_MAX_DIGEST_SIZE 16
+
+typedef struct siphash_st SIPHASH;
+
+size_t SipHash_ctx_size(void);
+size_t SipHash_hash_size(SIPHASH *ctx);
+int SipHash_set_hash_size(SIPHASH *ctx, size_t hash_size);
+int SipHash_Init(SIPHASH *ctx, const unsigned char *k,
+ int crounds, int drounds);
+void SipHash_Update(SIPHASH *ctx, const unsigned char *in, size_t inlen);
+int SipHash_Final(SIPHASH *ctx, unsigned char *out, size_t outlen);
+
+/* Based on https://131002.net/siphash C reference implementation */
+
+struct siphash_st {
+ uint64_t total_inlen;
+ uint64_t v0;
+ uint64_t v1;
+ uint64_t v2;
+ uint64_t v3;
+ unsigned int len;
+ unsigned int hash_size;
+ unsigned int crounds;
+ unsigned int drounds;
+ unsigned char leavings[SIPHASH_BLOCK_SIZE];
+};
+
+/* default: SipHash-2-4 */
+# define SIPHASH_C_ROUNDS 2
+# define SIPHASH_D_ROUNDS 4
+
+#endif
diff --git a/include/crypto/siv.h b/include/crypto/siv.h
new file mode 100644
index 00000000..8dc58bd3
--- /dev/null
+++ b/include/crypto/siv.h
@@ -0,0 +1,33 @@
+/*
+ * Copyright 2019-2021 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the Apache License 2.0 (the "License"). You may not use
+ * this file except in compliance with the License. You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#ifndef OPENSSL_NO_SIV
+
+typedef struct siv128_context SIV128_CONTEXT;
+
+SIV128_CONTEXT *ossl_siv128_new(const unsigned char *key, int klen,
+ EVP_CIPHER *cbc, EVP_CIPHER *ctr,
+ OSSL_LIB_CTX *libctx, const char *propq);
+int ossl_siv128_init(SIV128_CONTEXT *ctx, const unsigned char *key, int klen,
+ const EVP_CIPHER *cbc, const EVP_CIPHER *ctr,
+ OSSL_LIB_CTX *libctx, const char *propq);
+int ossl_siv128_copy_ctx(SIV128_CONTEXT *dest, SIV128_CONTEXT *src);
+int ossl_siv128_aad(SIV128_CONTEXT *ctx, const unsigned char *aad, size_t len);
+int ossl_siv128_encrypt(SIV128_CONTEXT *ctx,
+ const unsigned char *in, unsigned char *out, size_t len);
+int ossl_siv128_decrypt(SIV128_CONTEXT *ctx,
+ const unsigned char *in, unsigned char *out, size_t len);
+int ossl_siv128_finish(SIV128_CONTEXT *ctx);
+int ossl_siv128_set_tag(SIV128_CONTEXT *ctx, const unsigned char *tag,
+ size_t len);
+int ossl_siv128_get_tag(SIV128_CONTEXT *ctx, unsigned char *tag, size_t len);
+int ossl_siv128_cleanup(SIV128_CONTEXT *ctx);
+int ossl_siv128_speed(SIV128_CONTEXT *ctx, int arg);
+
+#endif /* OPENSSL_NO_SIV */
diff --git a/include/crypto/sm2.h b/include/crypto/sm2.h
new file mode 100644
index 00000000..9ab6c0b7
--- /dev/null
+++ b/include/crypto/sm2.h
@@ -0,0 +1,86 @@
+/*
+ * Copyright 2017-2021 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 2017 Ribose Inc. All Rights Reserved.
+ * Ported from Ribose contributions from Botan.
+ *
+ * Licensed under the Apache License 2.0 (the "License"). You may not use
+ * this file except in compliance with the License. You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#ifndef OSSL_CRYPTO_SM2_H
+# define OSSL_CRYPTO_SM2_H
+# pragma once
+
+# include <openssl/opensslconf.h>
+
+# if !defined(OPENSSL_NO_SM2) && !defined(FIPS_MODULE)
+
+# include <openssl/ec.h>
+# include "crypto/types.h"
+
+int ossl_sm2_key_private_check(const EC_KEY *eckey);
+
+/* The default user id as specified in GM/T 0009-2012 */
+# define SM2_DEFAULT_USERID "1234567812345678"
+
+int ossl_sm2_compute_z_digest(uint8_t *out,
+ const EVP_MD *digest,
+ const uint8_t *id,
+ const size_t id_len,
+ const EC_KEY *key);
+
+/*
+ * SM2 signature operation. Computes Z and then signs H(Z || msg) using SM2
+ */
+ECDSA_SIG *ossl_sm2_do_sign(const EC_KEY *key,
+ const EVP_MD *digest,
+ const uint8_t *id,
+ const size_t id_len,
+ const uint8_t *msg, size_t msg_len);
+
+int ossl_sm2_do_verify(const EC_KEY *key,
+ const EVP_MD *digest,
+ const ECDSA_SIG *signature,
+ const uint8_t *id,
+ const size_t id_len,
+ const uint8_t *msg, size_t msg_len);
+
+/*
+ * SM2 signature generation.
+ */
+int ossl_sm2_internal_sign(const unsigned char *dgst, int dgstlen,
+ unsigned char *sig, unsigned int *siglen,
+ EC_KEY *eckey);
+
+/*
+ * SM2 signature verification.
+ */
+int ossl_sm2_internal_verify(const unsigned char *dgst, int dgstlen,
+ const unsigned char *sig, int siglen,
+ EC_KEY *eckey);
+
+/*
+ * SM2 encryption
+ */
+int ossl_sm2_ciphertext_size(const EC_KEY *key, const EVP_MD *digest,
+ size_t msg_len, size_t *ct_size);
+
+int ossl_sm2_plaintext_size(const unsigned char *ct, size_t ct_size,
+ size_t *pt_size);
+
+int ossl_sm2_encrypt(const EC_KEY *key,
+ const EVP_MD *digest,
+ const uint8_t *msg, size_t msg_len,
+ uint8_t *ciphertext_buf, size_t *ciphertext_len);
+
+int ossl_sm2_decrypt(const EC_KEY *key,
+ const EVP_MD *digest,
+ const uint8_t *ciphertext, size_t ciphertext_len,
+ uint8_t *ptext_buf, size_t *ptext_len);
+
+const unsigned char *ossl_sm2_algorithmidentifier_encoding(int md_nid,
+ size_t *len);
+# endif /* OPENSSL_NO_SM2 */
+#endif
diff --git a/include/crypto/sm2err.h b/include/crypto/sm2err.h
new file mode 100644
index 00000000..706f4d69
--- /dev/null
+++ b/include/crypto/sm2err.h
@@ -0,0 +1,49 @@
+/*
+ * Generated by util/mkerr.pl DO NOT EDIT
+ * Copyright 2020-2021 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the Apache License 2.0 (the "License"). You may not use
+ * this file except in compliance with the License. You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#ifndef OSSL_CRYPTO_SM2ERR_H
+# define OSSL_CRYPTO_SM2ERR_H
+# pragma once
+
+# include <openssl/opensslconf.h>
+# include <openssl/symhacks.h>
+
+# ifdef __cplusplus
+extern "C" {
+# endif
+
+# ifndef OPENSSL_NO_SM2
+
+int ossl_err_load_SM2_strings(void);
+
+/*
+ * SM2 reason codes.
+ */
+# define SM2_R_ASN1_ERROR 100
+# define SM2_R_BAD_SIGNATURE 101
+# define SM2_R_BUFFER_TOO_SMALL 107
+# define SM2_R_DIST_ID_TOO_LARGE 110
+# define SM2_R_ID_NOT_SET 112
+# define SM2_R_ID_TOO_LARGE 111
+# define SM2_R_INVALID_CURVE 108
+# define SM2_R_INVALID_DIGEST 102
+# define SM2_R_INVALID_DIGEST_TYPE 103
+# define SM2_R_INVALID_ENCODING 104
+# define SM2_R_INVALID_FIELD 105
+# define SM2_R_INVALID_PRIVATE_KEY 113
+# define SM2_R_NO_PARAMETERS_SET 109
+# define SM2_R_USER_ID_TOO_LARGE 106
+
+# endif
+
+# ifdef __cplusplus
+}
+# endif
+#endif
diff --git a/include/crypto/sm4.h b/include/crypto/sm4.h
new file mode 100644
index 00000000..e21ec81c
--- /dev/null
+++ b/include/crypto/sm4.h
@@ -0,0 +1,38 @@
+/*
+ * Copyright 2017-2021 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 2017 Ribose Inc. All Rights Reserved.
+ *
+ * Licensed under the Apache License 2.0 (the "License"). You may not use
+ * this file except in compliance with the License. You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#ifndef OSSL_CRYPTO_SM4_H
+# define OSSL_CRYPTO_SM4_H
+# pragma once
+
+# include <openssl/opensslconf.h>
+# include <openssl/e_os2.h>
+
+# ifdef OPENSSL_NO_SM4
+# error SM4 is disabled.
+# endif
+
+# define SM4_ENCRYPT 1
+# define SM4_DECRYPT 0
+
+# define SM4_BLOCK_SIZE 16
+# define SM4_KEY_SCHEDULE 32
+
+typedef struct SM4_KEY_st {
+ uint32_t rk[SM4_KEY_SCHEDULE];
+} SM4_KEY;
+
+int ossl_sm4_set_key(const uint8_t *key, SM4_KEY *ks);
+
+void ossl_sm4_encrypt(const uint8_t *in, uint8_t *out, const SM4_KEY *ks);
+
+void ossl_sm4_decrypt(const uint8_t *in, uint8_t *out, const SM4_KEY *ks);
+
+#endif
diff --git a/include/crypto/sparc_arch.h b/include/crypto/sparc_arch.h
new file mode 100644
index 00000000..447e715b
--- /dev/null
+++ b/include/crypto/sparc_arch.h
@@ -0,0 +1,122 @@
+/*
+ * Copyright 2012-2021 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the Apache License 2.0 (the "License"). You may not use
+ * this file except in compliance with the License. You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#ifndef OSSL_CRYPTO_SPARC_ARCH_H
+# define OSSL_CRYPTO_SPARC_ARCH_H
+
+# define SPARCV9_TICK_PRIVILEGED (1<<0)
+# define SPARCV9_PREFER_FPU (1<<1)
+# define SPARCV9_VIS1 (1<<2)
+# define SPARCV9_VIS2 (1<<3)/* reserved */
+# define SPARCV9_FMADD (1<<4)
+# define SPARCV9_BLK (1<<5)/* VIS1 block copy */
+# define SPARCV9_VIS3 (1<<6)
+# define SPARCV9_RANDOM (1<<7)
+# define SPARCV9_64BIT_STACK (1<<8)
+# define SPARCV9_FJAESX (1<<9)/* Fujitsu SPARC64 X AES */
+# define SPARCV9_FJDESX (1<<10)/* Fujitsu SPARC64 X DES, reserved */
+# define SPARCV9_FJHPCACE (1<<11)/* Fujitsu HPC-ACE, reserved */
+# define SPARCV9_IMA (1<<13)/* reserved */
+# define SPARCV9_VIS4 (1<<14)/* reserved */
+
+/*
+ * OPENSSL_sparcv9cap_P[1] is copy of Compatibility Feature Register,
+ * %asr26, SPARC-T4 and later. There is no SPARCV9_CFR bit in
+ * OPENSSL_sparcv9cap_P[0], as %cfr copy is sufficient...
+ */
+# define CFR_AES 0x00000001/* Supports AES opcodes */
+# define CFR_DES 0x00000002/* Supports DES opcodes */
+# define CFR_KASUMI 0x00000004/* Supports KASUMI opcodes */
+# define CFR_CAMELLIA 0x00000008/* Supports CAMELLIA opcodes */
+# define CFR_MD5 0x00000010/* Supports MD5 opcodes */
+# define CFR_SHA1 0x00000020/* Supports SHA1 opcodes */
+# define CFR_SHA256 0x00000040/* Supports SHA256 opcodes */
+# define CFR_SHA512 0x00000080/* Supports SHA512 opcodes */
+# define CFR_MPMUL 0x00000100/* Supports MPMUL opcodes */
+# define CFR_MONTMUL 0x00000200/* Supports MONTMUL opcodes */
+# define CFR_MONTSQR 0x00000400/* Supports MONTSQR opcodes */
+# define CFR_CRC32C 0x00000800/* Supports CRC32C opcodes */
+# define CFR_XMPMUL 0x00001000/* Supports XMPMUL opcodes */
+# define CFR_XMONTMUL 0x00002000/* Supports XMONTMUL opcodes */
+# define CFR_XMONTSQR 0x00004000/* Supports XMONTSQR opcodes */
+
+# if defined(OPENSSL_PIC) && !defined(__PIC__)
+# define __PIC__
+# endif
+
+# if defined(__SUNPRO_C) && defined(__sparcv9) && !defined(__arch64__)
+# define __arch64__
+# endif
+
+# define SPARC_PIC_THUNK(reg) \
+ .align 32; \
+.Lpic_thunk: \
+ jmp %o7 + 8; \
+ add %o7, reg, reg;
+
+# define SPARC_PIC_THUNK_CALL(reg) \
+ sethi %hi(_GLOBAL_OFFSET_TABLE_-4), reg; \
+ call .Lpic_thunk; \
+ or reg, %lo(_GLOBAL_OFFSET_TABLE_+4), reg;
+
+# if 1
+# define SPARC_SETUP_GOT_REG(reg) SPARC_PIC_THUNK_CALL(reg)
+# else
+# define SPARC_SETUP_GOT_REG(reg) \
+ sethi %hi(_GLOBAL_OFFSET_TABLE_-4), reg; \
+ call .+8; \
+ or reg,%lo(_GLOBAL_OFFSET_TABLE_+4), reg; \
+ add %o7, reg, reg
+# endif
+
+# if defined(__arch64__)
+
+# define SPARC_LOAD_ADDRESS(SYM, reg) \
+ setx SYM, %o7, reg;
+# define LDPTR ldx
+# define SIZE_T_CC %xcc
+# define STACK_FRAME 192
+# define STACK_BIAS 2047
+# define STACK_7thARG (STACK_BIAS+176)
+
+# else
+
+# define SPARC_LOAD_ADDRESS(SYM, reg) \
+ set SYM, reg;
+# define LDPTR ld
+# define SIZE_T_CC %icc
+# define STACK_FRAME 112
+# define STACK_BIAS 0
+# define STACK_7thARG 92
+# define SPARC_LOAD_ADDRESS_LEAF(SYM,reg,tmp) SPARC_LOAD_ADDRESS(SYM,reg)
+
+# endif
+
+# ifdef __PIC__
+# undef SPARC_LOAD_ADDRESS
+# undef SPARC_LOAD_ADDRESS_LEAF
+# define SPARC_LOAD_ADDRESS(SYM, reg) \
+ SPARC_SETUP_GOT_REG(reg); \
+ sethi %hi(SYM), %o7; \
+ or %o7, %lo(SYM), %o7; \
+ LDPTR [reg + %o7], reg;
+# endif
+
+# ifndef SPARC_LOAD_ADDRESS_LEAF
+# define SPARC_LOAD_ADDRESS_LEAF(SYM, reg, tmp) \
+ mov %o7, tmp; \
+ SPARC_LOAD_ADDRESS(SYM, reg) \
+ mov tmp, %o7;
+# endif
+
+# ifndef __ASSEMBLER__
+extern unsigned int OPENSSL_sparcv9cap_P[2];
+# endif
+
+#endif /* OSSL_CRYPTO_SPARC_ARCH_H */
diff --git a/include/crypto/sparse_array.h b/include/crypto/sparse_array.h
new file mode 100644
index 00000000..7ef74283
--- /dev/null
+++ b/include/crypto/sparse_array.h
@@ -0,0 +1,92 @@
+/*
+ * Copyright 2019-2021 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright (c) 2019, Oracle and/or its affiliates. All rights reserved.
+ *
+ * Licensed under the Apache License 2.0 (the "License"). You may not use
+ * this file except in compliance with the License. You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#ifndef OSSL_CRYPTO_SPARSE_ARRAY_H
+# define OSSL_CRYPTO_SPARSE_ARRAY_H
+# pragma once
+
+# include <openssl/e_os2.h>
+
+# ifdef __cplusplus
+extern "C" {
+# endif
+
+# define SPARSE_ARRAY_OF(type) struct sparse_array_st_ ## type
+
+# define DEFINE_SPARSE_ARRAY_OF_INTERNAL(type, ctype) \
+ SPARSE_ARRAY_OF(type); \
+ static ossl_unused ossl_inline SPARSE_ARRAY_OF(type) * \
+ ossl_sa_##type##_new(void) \
+ { \
+ return (SPARSE_ARRAY_OF(type) *)ossl_sa_new(); \
+ } \
+ static ossl_unused ossl_inline void \
+ ossl_sa_##type##_free(SPARSE_ARRAY_OF(type) *sa) \
+ { \
+ ossl_sa_free((OPENSSL_SA *)sa); \
+ } \
+ static ossl_unused ossl_inline void \
+ ossl_sa_##type##_free_leaves(SPARSE_ARRAY_OF(type) *sa) \
+ { \
+ ossl_sa_free_leaves((OPENSSL_SA *)sa); \
+ } \
+ static ossl_unused ossl_inline size_t \
+ ossl_sa_##type##_num(const SPARSE_ARRAY_OF(type) *sa) \
+ { \
+ return ossl_sa_num((OPENSSL_SA *)sa); \
+ } \
+ static ossl_unused ossl_inline void \
+ ossl_sa_##type##_doall(const SPARSE_ARRAY_OF(type) *sa, \
+ void (*leaf)(ossl_uintmax_t, type *)) \
+ { \
+ ossl_sa_doall((OPENSSL_SA *)sa, \
+ (void (*)(ossl_uintmax_t, void *))leaf); \
+ } \
+ static ossl_unused ossl_inline void \
+ ossl_sa_##type##_doall_arg(const SPARSE_ARRAY_OF(type) *sa, \
+ void (*leaf)(ossl_uintmax_t, type *, void *), \
+ void *arg) \
+ { \
+ ossl_sa_doall_arg((OPENSSL_SA *)sa, \
+ (void (*)(ossl_uintmax_t, void *, void *))leaf, arg); \
+ } \
+ static ossl_unused ossl_inline ctype \
+ *ossl_sa_##type##_get(const SPARSE_ARRAY_OF(type) *sa, ossl_uintmax_t n) \
+ { \
+ return (type *)ossl_sa_get((OPENSSL_SA *)sa, n); \
+ } \
+ static ossl_unused ossl_inline int \
+ ossl_sa_##type##_set(SPARSE_ARRAY_OF(type) *sa, \
+ ossl_uintmax_t n, ctype *val) \
+ { \
+ return ossl_sa_set((OPENSSL_SA *)sa, n, (void *)val); \
+ } \
+ SPARSE_ARRAY_OF(type)
+
+# define DEFINE_SPARSE_ARRAY_OF(type) \
+ DEFINE_SPARSE_ARRAY_OF_INTERNAL(type, type)
+# define DEFINE_SPARSE_ARRAY_OF_CONST(type) \
+ DEFINE_SPARSE_ARRAY_OF_INTERNAL(type, const type)
+
+typedef struct sparse_array_st OPENSSL_SA;
+OPENSSL_SA *ossl_sa_new(void);
+void ossl_sa_free(OPENSSL_SA *sa);
+void ossl_sa_free_leaves(OPENSSL_SA *sa);
+size_t ossl_sa_num(const OPENSSL_SA *sa);
+void ossl_sa_doall(const OPENSSL_SA *sa, void (*leaf)(ossl_uintmax_t, void *));
+void ossl_sa_doall_arg(const OPENSSL_SA *sa,
+ void (*leaf)(ossl_uintmax_t, void *, void *), void *);
+void *ossl_sa_get(const OPENSSL_SA *sa, ossl_uintmax_t n);
+int ossl_sa_set(OPENSSL_SA *sa, ossl_uintmax_t n, void *val);
+
+# ifdef __cplusplus
+}
+# endif
+#endif
diff --git a/include/crypto/store.h b/include/crypto/store.h
new file mode 100644
index 00000000..13d2646b
--- /dev/null
+++ b/include/crypto/store.h
@@ -0,0 +1,21 @@
+/*
+ * Copyright 2016-2021 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the Apache License 2.0 (the "License"). You may not use
+ * this file except in compliance with the License. You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#ifndef OSSL_CRYPTO_STORE_H
+# define OSSL_CRYPTO_STORE_H
+# pragma once
+
+# include <openssl/bio.h>
+# include <openssl/store.h>
+# include <openssl/ui.h>
+
+void ossl_store_cleanup_int(void);
+int ossl_store_loader_get_number(const OSSL_STORE_LOADER *loader);
+
+#endif
diff --git a/include/crypto/storeerr.h b/include/crypto/storeerr.h
new file mode 100644
index 00000000..c46d845f
--- /dev/null
+++ b/include/crypto/storeerr.h
@@ -0,0 +1,27 @@
+/*
+ * Generated by util/mkerr.pl DO NOT EDIT
+ * Copyright 2020-2021 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the Apache License 2.0 (the "License"). You may not use
+ * this file except in compliance with the License. You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#ifndef OSSL_CRYPTO_STOREERR_H
+# define OSSL_CRYPTO_STOREERR_H
+# pragma once
+
+# include <openssl/opensslconf.h>
+# include <openssl/symhacks.h>
+
+# ifdef __cplusplus
+extern "C" {
+# endif
+
+int ossl_err_load_OSSL_STORE_strings(void);
+
+# ifdef __cplusplus
+}
+# endif
+#endif
diff --git a/include/crypto/tserr.h b/include/crypto/tserr.h
new file mode 100644
index 00000000..2f34ba31
--- /dev/null
+++ b/include/crypto/tserr.h
@@ -0,0 +1,30 @@
+/*
+ * Generated by util/mkerr.pl DO NOT EDIT
+ * Copyright 2020-2021 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the Apache License 2.0 (the "License"). You may not use
+ * this file except in compliance with the License. You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#ifndef OSSL_CRYPTO_TSERR_H
+# define OSSL_CRYPTO_TSERR_H
+# pragma once
+
+# include <openssl/opensslconf.h>
+# include <openssl/symhacks.h>
+
+# ifdef __cplusplus
+extern "C" {
+# endif
+
+# ifndef OPENSSL_NO_TS
+
+int ossl_err_load_TS_strings(void);
+# endif
+
+# ifdef __cplusplus
+}
+# endif
+#endif
diff --git a/include/crypto/types.h b/include/crypto/types.h
new file mode 100644
index 00000000..0d814040
--- /dev/null
+++ b/include/crypto/types.h
@@ -0,0 +1,29 @@
+/*
+ * Copyright 2020-2021 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the Apache License 2.0 (the "License"). You may not use
+ * this file except in compliance with the License. You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+/* When removal is simulated, we still need the type internally */
+
+#ifndef OSSL_CRYPTO_TYPES_H
+# define OSSL_CRYPTO_TYPES_H
+# pragma once
+
+# ifdef OPENSSL_NO_DEPRECATED_3_0
+typedef struct rsa_st RSA;
+typedef struct rsa_meth_st RSA_METHOD;
+# ifndef OPENSSL_NO_EC
+typedef struct ec_key_st EC_KEY;
+typedef struct ec_key_method_st EC_KEY_METHOD;
+# endif
+# endif
+
+# ifndef OPENSSL_NO_EC
+typedef struct ecx_key_st ECX_KEY;
+# endif
+
+#endif
diff --git a/include/crypto/uierr.h b/include/crypto/uierr.h
new file mode 100644
index 00000000..789077a8
--- /dev/null
+++ b/include/crypto/uierr.h
@@ -0,0 +1,27 @@
+/*
+ * Generated by util/mkerr.pl DO NOT EDIT
+ * Copyright 2020-2021 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the Apache License 2.0 (the "License"). You may not use
+ * this file except in compliance with the License. You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#ifndef OSSL_CRYPTO_UIERR_H
+# define OSSL_CRYPTO_UIERR_H
+# pragma once
+
+# include <openssl/opensslconf.h>
+# include <openssl/symhacks.h>
+
+# ifdef __cplusplus
+extern "C" {
+# endif
+
+int ossl_err_load_UI_strings(void);
+
+# ifdef __cplusplus
+}
+# endif
+#endif
diff --git a/include/crypto/x509.h b/include/crypto/x509.h
new file mode 100644
index 00000000..1f00178e
--- /dev/null
+++ b/include/crypto/x509.h
@@ -0,0 +1,367 @@
+/*
+ * Copyright 2015-2021 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the Apache License 2.0 (the "License"). You may not use
+ * this file except in compliance with the License. You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#ifndef OSSL_CRYPTO_X509_H
+# define OSSL_CRYPTO_X509_H
+# pragma once
+
+# include "internal/refcount.h"
+# include <openssl/asn1.h>
+# include <openssl/x509.h>
+# include <openssl/conf.h>
+# include "crypto/types.h"
+
+/* Internal X509 structures and functions: not for application use */
+
+/* Note: unless otherwise stated a field pointer is mandatory and should
+ * never be set to NULL: the ASN.1 code and accessors rely on mandatory
+ * fields never being NULL.
+ */
+
+/*
+ * name entry structure, equivalent to AttributeTypeAndValue defined
+ * in RFC5280 et al.
+ */
+struct X509_name_entry_st {
+ ASN1_OBJECT *object; /* AttributeType */
+ ASN1_STRING *value; /* AttributeValue */
+ int set; /* index of RDNSequence for this entry */
+ int size; /* temp variable */
+};
+
+/* Name from RFC 5280. */
+struct X509_name_st {
+ STACK_OF(X509_NAME_ENTRY) *entries; /* DN components */
+ int modified; /* true if 'bytes' needs to be built */
+ BUF_MEM *bytes; /* cached encoding: cannot be NULL */
+ /* canonical encoding used for rapid Name comparison */
+ unsigned char *canon_enc;
+ int canon_enclen;
+} /* X509_NAME */ ;
+
+/* Signature info structure */
+
+struct x509_sig_info_st {
+ /* NID of message digest */
+ int mdnid;
+ /* NID of public key algorithm */
+ int pknid;
+ /* Security bits */
+ int secbits;
+ /* Various flags */
+ uint32_t flags;
+};
+
+/* PKCS#10 certificate request */
+
+struct X509_req_info_st {
+ ASN1_ENCODING enc; /* cached encoding of signed part */
+ ASN1_INTEGER *version; /* version, defaults to v1(0) so can be NULL */
+ X509_NAME *subject; /* certificate request DN */
+ X509_PUBKEY *pubkey; /* public key of request */
+ /*
+ * Zero or more attributes.
+ * NB: although attributes is a mandatory field some broken
+ * encodings omit it so this may be NULL in that case.
+ */
+ STACK_OF(X509_ATTRIBUTE) *attributes;
+};
+
+struct X509_req_st {
+ X509_REQ_INFO req_info; /* signed certificate request data */
+ X509_ALGOR sig_alg; /* signature algorithm */
+ ASN1_BIT_STRING *signature; /* signature */
+ CRYPTO_REF_COUNT references;
+ CRYPTO_RWLOCK *lock;
+
+ /* Set on live certificates for authentication purposes */
+ ASN1_OCTET_STRING *distinguishing_id;
+ OSSL_LIB_CTX *libctx;
+ char *propq;
+};
+
+struct X509_crl_info_st {
+ ASN1_INTEGER *version; /* version: defaults to v1(0) so may be NULL */
+ X509_ALGOR sig_alg; /* signature algorithm */
+ X509_NAME *issuer; /* CRL issuer name */
+ ASN1_TIME *lastUpdate; /* lastUpdate field */
+ ASN1_TIME *nextUpdate; /* nextUpdate field: optional */
+ STACK_OF(X509_REVOKED) *revoked; /* revoked entries: optional */
+ STACK_OF(X509_EXTENSION) *extensions; /* extensions: optional */
+ ASN1_ENCODING enc; /* encoding of signed portion of CRL */
+};
+
+struct X509_crl_st {
+ X509_CRL_INFO crl; /* signed CRL data */
+ X509_ALGOR sig_alg; /* CRL signature algorithm */
+ ASN1_BIT_STRING signature; /* CRL signature */
+ CRYPTO_REF_COUNT references;
+ int flags;
+ /*
+ * Cached copies of decoded extension values, since extensions
+ * are optional any of these can be NULL.
+ */
+ AUTHORITY_KEYID *akid;
+ ISSUING_DIST_POINT *idp;
+ /* Convenient breakdown of IDP */
+ int idp_flags;
+ int idp_reasons;
+ /* CRL and base CRL numbers for delta processing */
+ ASN1_INTEGER *crl_number;
+ ASN1_INTEGER *base_crl_number;
+ STACK_OF(GENERAL_NAMES) *issuers;
+ /* hash of CRL */
+ unsigned char sha1_hash[SHA_DIGEST_LENGTH];
+ /* alternative method to handle this CRL */
+ const X509_CRL_METHOD *meth;
+ void *meth_data;
+ CRYPTO_RWLOCK *lock;
+
+ OSSL_LIB_CTX *libctx;
+ char *propq;
+};
+
+struct x509_revoked_st {
+ ASN1_INTEGER serialNumber; /* revoked entry serial number */
+ ASN1_TIME *revocationDate; /* revocation date */
+ STACK_OF(X509_EXTENSION) *extensions; /* CRL entry extensions: optional */
+ /* decoded value of CRLissuer extension: set if indirect CRL */
+ STACK_OF(GENERAL_NAME) *issuer;
+ /* revocation reason: set to CRL_REASON_NONE if reason extension absent */
+ int reason;
+ /*
+ * CRL entries are reordered for faster lookup of serial numbers. This
+ * field contains the original load sequence for this entry.
+ */
+ int sequence;
+};
+
+/*
+ * This stuff is certificate "auxiliary info": it contains details which are
+ * useful in certificate stores and databases. When used this is tagged onto
+ * the end of the certificate itself. OpenSSL specific structure not defined
+ * in any RFC.
+ */
+
+struct x509_cert_aux_st {
+ STACK_OF(ASN1_OBJECT) *trust; /* trusted uses */
+ STACK_OF(ASN1_OBJECT) *reject; /* rejected uses */
+ ASN1_UTF8STRING *alias; /* "friendly name" */
+ ASN1_OCTET_STRING *keyid; /* key id of private key */
+ STACK_OF(X509_ALGOR) *other; /* other unspecified info */
+};
+
+struct x509_cinf_st {
+ ASN1_INTEGER *version; /* [ 0 ] default of v1 */
+ ASN1_INTEGER serialNumber;
+ X509_ALGOR signature;
+ X509_NAME *issuer;
+ X509_VAL validity;
+ X509_NAME *subject;
+ X509_PUBKEY *key;
+ ASN1_BIT_STRING *issuerUID; /* [ 1 ] optional in v2 */
+ ASN1_BIT_STRING *subjectUID; /* [ 2 ] optional in v2 */
+ STACK_OF(X509_EXTENSION) *extensions; /* [ 3 ] optional in v3 */
+ ASN1_ENCODING enc;
+};
+
+struct x509_st {
+ X509_CINF cert_info;
+ X509_ALGOR sig_alg;
+ ASN1_BIT_STRING signature;
+ X509_SIG_INFO siginf;
+ CRYPTO_REF_COUNT references;
+ CRYPTO_EX_DATA ex_data;
+ /* These contain copies of various extension values */
+ long ex_pathlen;
+ long ex_pcpathlen;
+ uint32_t ex_flags;
+ uint32_t ex_kusage;
+ uint32_t ex_xkusage;
+ uint32_t ex_nscert;
+ ASN1_OCTET_STRING *skid;
+ AUTHORITY_KEYID *akid;
+ X509_POLICY_CACHE *policy_cache;
+ STACK_OF(DIST_POINT) *crldp;
+ STACK_OF(GENERAL_NAME) *altname;
+ NAME_CONSTRAINTS *nc;
+# ifndef OPENSSL_NO_RFC3779
+ STACK_OF(IPAddressFamily) *rfc3779_addr;
+ struct ASIdentifiers_st *rfc3779_asid;
+# endif
+ unsigned char sha1_hash[SHA_DIGEST_LENGTH];
+ X509_CERT_AUX *aux;
+ CRYPTO_RWLOCK *lock;
+ volatile int ex_cached;
+
+ /* Set on live certificates for authentication purposes */
+ ASN1_OCTET_STRING *distinguishing_id;
+
+ OSSL_LIB_CTX *libctx;
+ char *propq;
+} /* X509 */ ;
+
+/*
+ * This is a used when verifying cert chains. Since the gathering of the
+ * cert chain can take some time (and have to be 'retried', this needs to be
+ * kept and passed around.
+ */
+struct x509_store_ctx_st { /* X509_STORE_CTX */
+ X509_STORE *store;
+ /* The following are set by the caller */
+ /* The cert to check */
+ X509 *cert;
+ /* chain of X509s - untrusted - passed in */
+ STACK_OF(X509) *untrusted;
+ /* set of CRLs passed in */
+ STACK_OF(X509_CRL) *crls;
+ X509_VERIFY_PARAM *param;
+ /* Other info for use with get_issuer() */
+ void *other_ctx;
+ /* Callbacks for various operations */
+ /* called to verify a certificate */
+ int (*verify) (X509_STORE_CTX *ctx);
+ /* error callback */
+ int (*verify_cb) (int ok, X509_STORE_CTX *ctx);
+ /* get issuers cert from ctx */
+ int (*get_issuer) (X509 **issuer, X509_STORE_CTX *ctx, X509 *x);
+ /* check issued */
+ int (*check_issued) (X509_STORE_CTX *ctx, X509 *x, X509 *issuer);
+ /* Check revocation status of chain */
+ int (*check_revocation) (X509_STORE_CTX *ctx);
+ /* retrieve CRL */
+ int (*get_crl) (X509_STORE_CTX *ctx, X509_CRL **crl, X509 *x);
+ /* Check CRL validity */
+ int (*check_crl) (X509_STORE_CTX *ctx, X509_CRL *crl);
+ /* Check certificate against CRL */
+ int (*cert_crl) (X509_STORE_CTX *ctx, X509_CRL *crl, X509 *x);
+ /* Check policy status of the chain */
+ int (*check_policy) (X509_STORE_CTX *ctx);
+ STACK_OF(X509) *(*lookup_certs) (X509_STORE_CTX *ctx,
+ const X509_NAME *nm);
+ /* cannot constify 'ctx' param due to lookup_certs_sk() in x509_vfy.c */
+ STACK_OF(X509_CRL) *(*lookup_crls) (const X509_STORE_CTX *ctx,
+ const X509_NAME *nm);
+ int (*cleanup) (X509_STORE_CTX *ctx);
+ /* The following is built up */
+ /* if 0, rebuild chain */
+ int valid;
+ /* number of untrusted certs */
+ int num_untrusted;
+ /* chain of X509s - built up and trusted */
+ STACK_OF(X509) *chain;
+ /* Valid policy tree */
+ X509_POLICY_TREE *tree;
+ /* Require explicit policy value */
+ int explicit_policy;
+ /* When something goes wrong, this is why */
+ int error_depth;
+ int error;
+ X509 *current_cert;
+ /* cert currently being tested as valid issuer */
+ X509 *current_issuer;
+ /* current CRL */
+ X509_CRL *current_crl;
+ /* score of current CRL */
+ int current_crl_score;
+ /* Reason mask */
+ unsigned int current_reasons;
+ /* For CRL path validation: parent context */
+ X509_STORE_CTX *parent;
+ CRYPTO_EX_DATA ex_data;
+ SSL_DANE *dane;
+ /* signed via bare TA public key, rather than CA certificate */
+ int bare_ta_signed;
+
+ OSSL_LIB_CTX *libctx;
+ char *propq;
+};
+
+/* PKCS#8 private key info structure */
+
+struct pkcs8_priv_key_info_st {
+ ASN1_INTEGER *version;
+ X509_ALGOR *pkeyalg;
+ ASN1_OCTET_STRING *pkey;
+ STACK_OF(X509_ATTRIBUTE) *attributes;
+};
+
+struct X509_sig_st {
+ X509_ALGOR *algor;
+ ASN1_OCTET_STRING *digest;
+};
+
+struct x509_object_st {
+ /* one of the above types */
+ X509_LOOKUP_TYPE type;
+ union {
+ char *ptr;
+ X509 *x509;
+ X509_CRL *crl;
+ EVP_PKEY *pkey;
+ } data;
+};
+
+int ossl_a2i_ipadd(unsigned char *ipout, const char *ipasc);
+int ossl_x509_set1_time(ASN1_TIME **ptm, const ASN1_TIME *tm);
+int ossl_x509_print_ex_brief(BIO *bio, X509 *cert, unsigned long neg_cflags);
+int ossl_x509v3_cache_extensions(X509 *x);
+int ossl_x509_init_sig_info(X509 *x);
+
+int ossl_x509_set0_libctx(X509 *x, OSSL_LIB_CTX *libctx, const char *propq);
+int ossl_x509_crl_set0_libctx(X509_CRL *x, OSSL_LIB_CTX *libctx,
+ const char *propq);
+int ossl_x509_req_set0_libctx(X509_REQ *x, OSSL_LIB_CTX *libctx,
+ const char *propq);
+int ossl_asn1_item_digest_ex(const ASN1_ITEM *it, const EVP_MD *type,
+ void *data, unsigned char *md, unsigned int *len,
+ OSSL_LIB_CTX *libctx, const char *propq);
+int ossl_x509_add_cert_new(STACK_OF(X509) **sk, X509 *cert, int flags);
+int ossl_x509_add_certs_new(STACK_OF(X509) **p_sk, STACK_OF(X509) *certs,
+ int flags);
+
+STACK_OF(X509_ATTRIBUTE) *ossl_x509at_dup(const STACK_OF(X509_ATTRIBUTE) *x);
+
+int ossl_x509_PUBKEY_get0_libctx(OSSL_LIB_CTX **plibctx, const char **ppropq,
+ const X509_PUBKEY *key);
+/* Calculate default key identifier according to RFC 5280 section 4.2.1.2 (1) */
+ASN1_OCTET_STRING *ossl_x509_pubkey_hash(X509_PUBKEY *pubkey);
+
+X509_PUBKEY *ossl_d2i_X509_PUBKEY_INTERNAL(const unsigned char **pp,
+ long len, OSSL_LIB_CTX *libctx);
+void ossl_X509_PUBKEY_INTERNAL_free(X509_PUBKEY *xpub);
+
+RSA *ossl_d2i_RSA_PSS_PUBKEY(RSA **a, const unsigned char **pp, long length);
+int ossl_i2d_RSA_PSS_PUBKEY(const RSA *a, unsigned char **pp);
+# ifndef OPENSSL_NO_DH
+DH *ossl_d2i_DH_PUBKEY(DH **a, const unsigned char **pp, long length);
+int ossl_i2d_DH_PUBKEY(const DH *a, unsigned char **pp);
+DH *ossl_d2i_DHx_PUBKEY(DH **a, const unsigned char **pp, long length);
+int ossl_i2d_DHx_PUBKEY(const DH *a, unsigned char **pp);
+# endif /* OPENSSL_NO_DH */
+# ifndef OPENSSL_NO_EC
+ECX_KEY *ossl_d2i_ED25519_PUBKEY(ECX_KEY **a,
+ const unsigned char **pp, long length);
+int ossl_i2d_ED25519_PUBKEY(const ECX_KEY *a, unsigned char **pp);
+ECX_KEY *ossl_d2i_ED448_PUBKEY(ECX_KEY **a,
+ const unsigned char **pp, long length);
+int ossl_i2d_ED448_PUBKEY(const ECX_KEY *a, unsigned char **pp);
+ECX_KEY *ossl_d2i_X25519_PUBKEY(ECX_KEY **a,
+ const unsigned char **pp, long length);
+int ossl_i2d_X25519_PUBKEY(const ECX_KEY *a, unsigned char **pp);
+ECX_KEY *ossl_d2i_X448_PUBKEY(ECX_KEY **a,
+ const unsigned char **pp, long length);
+int ossl_i2d_X448_PUBKEY(const ECX_KEY *a, unsigned char **pp);
+# endif /* OPENSSL_NO_EC */
+EVP_PKEY *ossl_d2i_PUBKEY_legacy(EVP_PKEY **a, const unsigned char **pp,
+ long length);
+
+int x509v3_add_len_value_uchar(const char *name, const unsigned char *value,
+ size_t vallen, STACK_OF(CONF_VALUE) **extlist);
+#endif /* OSSL_CRYPTO_X509_H */
diff --git a/include/crypto/x509err.h b/include/crypto/x509err.h
new file mode 100644
index 00000000..53f567d9
--- /dev/null
+++ b/include/crypto/x509err.h
@@ -0,0 +1,27 @@
+/*
+ * Generated by util/mkerr.pl DO NOT EDIT
+ * Copyright 2020-2021 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the Apache License 2.0 (the "License"). You may not use
+ * this file except in compliance with the License. You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#ifndef OSSL_CRYPTO_X509ERR_H
+# define OSSL_CRYPTO_X509ERR_H
+# pragma once
+
+# include <openssl/opensslconf.h>
+# include <openssl/symhacks.h>
+
+# ifdef __cplusplus
+extern "C" {
+# endif
+
+int ossl_err_load_X509_strings(void);
+
+# ifdef __cplusplus
+}
+# endif
+#endif
diff --git a/include/crypto/x509v3err.h b/include/crypto/x509v3err.h
new file mode 100644
index 00000000..66d3ad92
--- /dev/null
+++ b/include/crypto/x509v3err.h
@@ -0,0 +1,27 @@
+/*
+ * Generated by util/mkerr.pl DO NOT EDIT
+ * Copyright 2020-2021 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the Apache License 2.0 (the "License"). You may not use
+ * this file except in compliance with the License. You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#ifndef OSSL_CRYPTO_X509V3ERR_H
+# define OSSL_CRYPTO_X509V3ERR_H
+# pragma once
+
+# include <openssl/opensslconf.h>
+# include <openssl/symhacks.h>
+
+# ifdef __cplusplus
+extern "C" {
+# endif
+
+int ossl_err_load_X509V3_strings(void);
+
+# ifdef __cplusplus
+}
+# endif
+#endif