Update to openssl@3.1.0 and curl@8.0.1 for Windows build.

2025-02-05 18:39:55 +00:00 · 2023-03-26 12:53:23 -07:00 · 2023-03-26 12:53:23 -07:00 · 3772e1f7e2
commit 3772e1f7e2
parent 53b2c789d0
153 changed files with 18188 additions and 7920 deletions
--- a/src/3rdparty/bin
+++ b/src/3rdparty/bin
@ -1 +1 @@
-Subproject commit dd6f64314f28f0cf5e75ae175f0b4b7c5fad0380
+Subproject commit c47f76d6bea5c092dbcbfa1e4fbedc9dd2d80f24
--- a/src/3rdparty/win32_include/curl/curl.h
+++ b/src/3rdparty/win32_include/curl/curl.h
--- a/src/3rdparty/win32_include/curl/curlver.h
+++ b/src/3rdparty/win32_include/curl/curlver.h
@ -7,11 +7,11 @@
 *                            | (__| |_| |  _ <| |___
 *                             \___|\___/|_| \_\_____|
 *
- * Copyright (C) 1998 - 2019, Daniel Stenberg, <daniel@haxx.se>, et al.
+ * Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
 *
 * This software is licensed as described in the file COPYING, which
 * you should have received as part of this distribution. The terms
- * are also available at https://curl.haxx.se/docs/copyright.html.
+ * are also available at https://curl.se/docs/copyright.html.
 *
 * You may opt to use, copy, modify, merge, publish, distribute and/or sell
 * copies of the Software, and permit persons to whom the Software is
@ -20,26 +20,28 @@
 * This software is distributed on an "AS IS" basis, WITHOUT WARRANTY OF ANY
 * KIND, either express or implied.
 *
+ * SPDX-License-Identifier: curl
+ *
 ***************************************************************************/

 /* This header file contains nothing but libcurl version info, generated by
   a script at release-time. This was made its own header file in 7.11.2 */

 /* This is the global package copyright */
-#define LIBCURL_COPYRIGHT "1996 - 2019 Daniel Stenberg, <daniel@haxx.se>."
+#define LIBCURL_COPYRIGHT "Daniel Stenberg, <daniel@haxx.se>."

 /* This is the version number of the libcurl package from which this header
   file origins: */
-#define LIBCURL_VERSION "7.66.0"
+#define LIBCURL_VERSION "8.0.1"

 /* The numeric version number is also available "in parts" by using these
   defines: */
-#define LIBCURL_VERSION_MAJOR 7
-#define LIBCURL_VERSION_MINOR 66
-#define LIBCURL_VERSION_PATCH 0
+#define LIBCURL_VERSION_MAJOR 8
+#define LIBCURL_VERSION_MINOR 0
+#define LIBCURL_VERSION_PATCH 1

 /* This is the numeric version of the libcurl version number, meant for easier
-   parsing and comparions by programs. The LIBCURL_VERSION_NUM define will
+   parsing and comparisons by programs. The LIBCURL_VERSION_NUM define will
   always follow this syntax:

         0xXXYYZZ
@ -57,7 +59,7 @@
   CURL_VERSION_BITS() macro since curl's own configure script greps for it
   and needs it to contain the full number.
 */
-#define LIBCURL_VERSION_NUM 0x074200
+#define LIBCURL_VERSION_NUM 0x080001

 /*
 * This is the date and time when the full source package was created. The
@ -68,7 +70,7 @@
 *
 * "2007-11-23"
 */
-#define LIBCURL_TIMESTAMP "2019-09-11"
+#define LIBCURL_TIMESTAMP "2023-03-20"

 #define CURL_VERSION_BITS(x,y,z) ((x)<<16|(y)<<8|(z))
 #define CURL_AT_LEAST_VERSION(x,y,z) \
--- a/src/3rdparty/win32_include/curl/easy.h
+++ b/src/3rdparty/win32_include/curl/easy.h
@ -7,11 +7,11 @@
 *                            | (__| |_| |  _ <| |___
 *                             \___|\___/|_| \_\_____|
 *
- * Copyright (C) 1998 - 2019, Daniel Stenberg, <daniel@haxx.se>, et al.
+ * Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
 *
 * This software is licensed as described in the file COPYING, which
 * you should have received as part of this distribution. The terms
- * are also available at https://curl.haxx.se/docs/copyright.html.
+ * are also available at https://curl.se/docs/copyright.html.
 *
 * You may opt to use, copy, modify, merge, publish, distribute and/or sell
 * copies of the Software, and permit persons to whom the Software is
@ -20,11 +20,24 @@
 * This software is distributed on an "AS IS" basis, WITHOUT WARRANTY OF ANY
 * KIND, either express or implied.
 *
+ * SPDX-License-Identifier: curl
+ *
 ***************************************************************************/
 #ifdef  __cplusplus
 extern "C" {
 #endif

+/* Flag bits in the curl_blob struct: */
+#define CURL_BLOB_COPY   1 /* tell libcurl to copy the data */
+#define CURL_BLOB_NOCOPY 0 /* tell libcurl to NOT copy the data */
+
+struct curl_blob {
+  void *data;
+  size_t len;
+  unsigned int flags; /* bit 0 is defined, the rest are reserved and should be
+                         left zeroes */
+};
+
 CURL_EXTERN CURL *curl_easy_init(void);
 CURL_EXTERN CURLcode curl_easy_setopt(CURL *curl, CURLoption option, ...);
 CURL_EXTERN CURLcode curl_easy_perform(CURL *curl);
@ -106,7 +119,7 @@ CURL_EXTERN CURLcode curl_easy_send(CURL *curl, const void *buffer,
 CURL_EXTERN CURLcode curl_easy_upkeep(CURL *curl);

 #ifdef  __cplusplus
-}
+} /* end of extern "C" */
 #endif

 #endif
--- a/src/3rdparty/win32_include/curl/header.h
+++ b/src/3rdparty/win32_include/curl/header.h
@ -0,0 +1,74 @@
+#ifndef CURLINC_HEADER_H
+#define CURLINC_HEADER_H
+/***************************************************************************
+ *                                  _   _ ____  _
+ *  Project                     ___| | | |  _ \| |
+ *                             / __| | | | |_) | |
+ *                            | (__| |_| |  _ <| |___
+ *                             \___|\___/|_| \_\_____|
+ *
+ * Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
+ *
+ * This software is licensed as described in the file COPYING, which
+ * you should have received as part of this distribution. The terms
+ * are also available at https://curl.se/docs/copyright.html.
+ *
+ * You may opt to use, copy, modify, merge, publish, distribute and/or sell
+ * copies of the Software, and permit persons to whom the Software is
+ * furnished to do so, under the terms of the COPYING file.
+ *
+ * This software is distributed on an "AS IS" basis, WITHOUT WARRANTY OF ANY
+ * KIND, either express or implied.
+ *
+ * SPDX-License-Identifier: curl
+ *
+ ***************************************************************************/
+
+#ifdef  __cplusplus
+extern "C" {
+#endif
+
+struct curl_header {
+  char *name;    /* this might not use the same case */
+  char *value;
+  size_t amount; /* number of headers using this name  */
+  size_t index;  /* ... of this instance, 0 or higher */
+  unsigned int origin; /* see bits below */
+  void *anchor; /* handle privately used by libcurl */
+};
+
+/* 'origin' bits */
+#define CURLH_HEADER    (1<<0) /* plain server header */
+#define CURLH_TRAILER   (1<<1) /* trailers */
+#define CURLH_CONNECT   (1<<2) /* CONNECT headers */
+#define CURLH_1XX       (1<<3) /* 1xx headers */
+#define CURLH_PSEUDO    (1<<4) /* pseudo headers */
+
+typedef enum {
+  CURLHE_OK,
+  CURLHE_BADINDEX,      /* header exists but not with this index */
+  CURLHE_MISSING,       /* no such header exists */
+  CURLHE_NOHEADERS,     /* no headers at all exist (yet) */
+  CURLHE_NOREQUEST,     /* no request with this number was used */
+  CURLHE_OUT_OF_MEMORY, /* out of memory while processing */
+  CURLHE_BAD_ARGUMENT,  /* a function argument was not okay */
+  CURLHE_NOT_BUILT_IN   /* if API was disabled in the build */
+} CURLHcode;
+
+CURL_EXTERN CURLHcode curl_easy_header(CURL *easy,
+                                       const char *name,
+                                       size_t index,
+                                       unsigned int origin,
+                                       int request,
+                                       struct curl_header **hout);
+
+CURL_EXTERN struct curl_header *curl_easy_nextheader(CURL *easy,
+                                                     unsigned int origin,
+                                                     int request,
+                                                     struct curl_header *prev);
+
+#ifdef __cplusplus
+} /* end of extern "C" */
+#endif
+
+#endif /* CURLINC_HEADER_H */
--- a/src/3rdparty/win32_include/curl/mprintf.h
+++ b/src/3rdparty/win32_include/curl/mprintf.h
@ -7,11 +7,11 @@
 *                            | (__| |_| |  _ <| |___
 *                             \___|\___/|_| \_\_____|
 *
- * Copyright (C) 1998 - 2019, Daniel Stenberg, <daniel@haxx.se>, et al.
+ * Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
 *
 * This software is licensed as described in the file COPYING, which
 * you should have received as part of this distribution. The terms
- * are also available at https://curl.haxx.se/docs/copyright.html.
+ * are also available at https://curl.se/docs/copyright.html.
 *
 * You may opt to use, copy, modify, merge, publish, distribute and/or sell
 * copies of the Software, and permit persons to whom the Software is
@ -20,6 +20,8 @@
 * This software is distributed on an "AS IS" basis, WITHOUT WARRANTY OF ANY
 * KIND, either express or implied.
 *
+ * SPDX-License-Identifier: curl
+ *
 ***************************************************************************/

 #include <stdarg.h>
@ -44,7 +46,7 @@ CURL_EXTERN char *curl_maprintf(const char *format, ...);
 CURL_EXTERN char *curl_mvaprintf(const char *format, va_list args);

 #ifdef  __cplusplus
-}
+} /* end of extern "C" */
 #endif

 #endif /* CURLINC_MPRINTF_H */
--- a/src/3rdparty/win32_include/curl/multi.h
+++ b/src/3rdparty/win32_include/curl/multi.h
@ -7,11 +7,11 @@
 *                            | (__| |_| |  _ <| |___
 *                             \___|\___/|_| \_\_____|
 *
- * Copyright (C) 1998 - 2019, Daniel Stenberg, <daniel@haxx.se>, et al.
+ * Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
 *
 * This software is licensed as described in the file COPYING, which
 * you should have received as part of this distribution. The terms
- * are also available at https://curl.haxx.se/docs/copyright.html.
+ * are also available at https://curl.se/docs/copyright.html.
 *
 * You may opt to use, copy, modify, merge, publish, distribute and/or sell
 * copies of the Software, and permit persons to whom the Software is
@ -20,6 +20,8 @@
 * This software is distributed on an "AS IS" basis, WITHOUT WARRANTY OF ANY
 * KIND, either express or implied.
 *
+ * SPDX-License-Identifier: curl
+ *
 ***************************************************************************/
 /*
  This is an "external" header file. Don't give away any internals here!
@ -72,6 +74,10 @@ typedef enum {
                            attempted to get added - again */
  CURLM_RECURSIVE_API_CALL, /* an api function was called from inside a
                               callback */
+  CURLM_WAKEUP_FAILURE,  /* wakeup is unavailable or failed */
+  CURLM_BAD_FUNCTION_ARGUMENT, /* function called with a bad parameter */
+  CURLM_ABORTED_BY_CALLBACK,
+  CURLM_UNRECOVERABLE_POLL,
  CURLM_LAST
 } CURLMcode;

@ -118,7 +124,7 @@ struct curl_waitfd {
 /*
 * Name:    curl_multi_init()
 *
- * Desc:    inititalize multi-style curl usage
+ * Desc:    initialize multi-style curl usage
 *
 * Returns: a new CURLM handle to use in all 'curl_multi' functions.
 */
@ -187,6 +193,15 @@ CURL_EXTERN CURLMcode curl_multi_poll(CURLM *multi_handle,
                                      int timeout_ms,
                                      int *ret);

+/*
+ * Name:     curl_multi_wakeup()
+ *
+ * Desc:     wakes up a sleeping curl_multi_poll call.
+ *
+ * Returns:  CURLMcode type, general multi error code.
+ */
+CURL_EXTERN CURLMcode curl_multi_wakeup(CURLM *multi_handle);
+
 /*
  * Name:    curl_multi_perform()
  *
@ -256,7 +271,7 @@ CURL_EXTERN CURLMsg *curl_multi_info_read(CURLM *multi_handle,
 *          value into the equivalent human readable error string.  This is
 *          useful for printing meaningful error messages.
 *
- * Returns: A pointer to a zero-terminated error message.
+ * Returns: A pointer to a null-terminated error message.
 */
 CURL_EXTERN const char *curl_multi_strerror(CURLMcode);

@ -303,16 +318,16 @@ typedef int (*curl_multi_timer_callback)(CURLM *multi,    /* multi handle */
                                         void *userp);    /* private callback
                                                             pointer */

-CURL_EXTERN CURLMcode curl_multi_socket(CURLM *multi_handle, curl_socket_t s,
-                                        int *running_handles);
+CURL_EXTERN CURLMcode CURL_DEPRECATED(7.19.5, "Use curl_multi_socket_action()")
+curl_multi_socket(CURLM *multi_handle, curl_socket_t s, int *running_handles);

 CURL_EXTERN CURLMcode curl_multi_socket_action(CURLM *multi_handle,
                                               curl_socket_t s,
                                               int ev_bitmask,
                                               int *running_handles);

-CURL_EXTERN CURLMcode curl_multi_socket_all(CURLM *multi_handle,
-                                            int *running_handles);
+CURL_EXTERN CURLMcode CURL_DEPRECATED(7.19.5, "Use curl_multi_socket_action()")
+curl_multi_socket_all(CURLM *multi_handle, int *running_handles);

 #ifndef CURL_ALLOW_OLD_MULTI_SOCKET
 /* This macro below was added in 7.16.3 to push users who recompile to use
@ -333,68 +348,56 @@ CURL_EXTERN CURLMcode curl_multi_socket_all(CURLM *multi_handle,
 CURL_EXTERN CURLMcode curl_multi_timeout(CURLM *multi_handle,
                                         long *milliseconds);

-#undef CINIT /* re-using the same name as in curl.h */
-
-#ifdef CURL_ISOCPP
-#define CINIT(name,type,num) CURLMOPT_ ## name = CURLOPTTYPE_ ## type + num
-#else
-/* The macro "##" is ISO C, we assume pre-ISO C doesn't support it. */
-#define LONG          CURLOPTTYPE_LONG
-#define OBJECTPOINT   CURLOPTTYPE_OBJECTPOINT
-#define FUNCTIONPOINT CURLOPTTYPE_FUNCTIONPOINT
-#define OFF_T         CURLOPTTYPE_OFF_T
-#define CINIT(name,type,number) CURLMOPT_/**/name = type + number
-#endif
-
 typedef enum {
  /* This is the socket callback function pointer */
-  CINIT(SOCKETFUNCTION, FUNCTIONPOINT, 1),
+  CURLOPT(CURLMOPT_SOCKETFUNCTION, CURLOPTTYPE_FUNCTIONPOINT, 1),

  /* This is the argument passed to the socket callback */
-  CINIT(SOCKETDATA, OBJECTPOINT, 2),
+  CURLOPT(CURLMOPT_SOCKETDATA, CURLOPTTYPE_OBJECTPOINT, 2),

    /* set to 1 to enable pipelining for this multi handle */
-  CINIT(PIPELINING, LONG, 3),
+  CURLOPT(CURLMOPT_PIPELINING, CURLOPTTYPE_LONG, 3),

   /* This is the timer callback function pointer */
-  CINIT(TIMERFUNCTION, FUNCTIONPOINT, 4),
+  CURLOPT(CURLMOPT_TIMERFUNCTION, CURLOPTTYPE_FUNCTIONPOINT, 4),

  /* This is the argument passed to the timer callback */
-  CINIT(TIMERDATA, OBJECTPOINT, 5),
+  CURLOPT(CURLMOPT_TIMERDATA, CURLOPTTYPE_OBJECTPOINT, 5),

  /* maximum number of entries in the connection cache */
-  CINIT(MAXCONNECTS, LONG, 6),
+  CURLOPT(CURLMOPT_MAXCONNECTS, CURLOPTTYPE_LONG, 6),

  /* maximum number of (pipelining) connections to one host */
-  CINIT(MAX_HOST_CONNECTIONS, LONG, 7),
+  CURLOPT(CURLMOPT_MAX_HOST_CONNECTIONS, CURLOPTTYPE_LONG, 7),

  /* maximum number of requests in a pipeline */
-  CINIT(MAX_PIPELINE_LENGTH, LONG, 8),
+  CURLOPT(CURLMOPT_MAX_PIPELINE_LENGTH, CURLOPTTYPE_LONG, 8),

  /* a connection with a content-length longer than this
     will not be considered for pipelining */
-  CINIT(CONTENT_LENGTH_PENALTY_SIZE, OFF_T, 9),
+  CURLOPT(CURLMOPT_CONTENT_LENGTH_PENALTY_SIZE, CURLOPTTYPE_OFF_T, 9),

  /* a connection with a chunk length longer than this
     will not be considered for pipelining */
-  CINIT(CHUNK_LENGTH_PENALTY_SIZE, OFF_T, 10),
+  CURLOPT(CURLMOPT_CHUNK_LENGTH_PENALTY_SIZE, CURLOPTTYPE_OFF_T, 10),

-  /* a list of site names(+port) that are blacklisted from
-     pipelining */
-  CINIT(PIPELINING_SITE_BL, OBJECTPOINT, 11),
+  /* a list of site names(+port) that are blocked from pipelining */
+  CURLOPT(CURLMOPT_PIPELINING_SITE_BL, CURLOPTTYPE_OBJECTPOINT, 11),

-  /* a list of server types that are blacklisted from
-     pipelining */
-  CINIT(PIPELINING_SERVER_BL, OBJECTPOINT, 12),
+  /* a list of server types that are blocked from pipelining */
+  CURLOPT(CURLMOPT_PIPELINING_SERVER_BL, CURLOPTTYPE_OBJECTPOINT, 12),

  /* maximum number of open connections in total */
-  CINIT(MAX_TOTAL_CONNECTIONS, LONG, 13),
+  CURLOPT(CURLMOPT_MAX_TOTAL_CONNECTIONS, CURLOPTTYPE_LONG, 13),

   /* This is the server push callback function pointer */
-  CINIT(PUSHFUNCTION, FUNCTIONPOINT, 14),
+  CURLOPT(CURLMOPT_PUSHFUNCTION, CURLOPTTYPE_FUNCTIONPOINT, 14),

  /* This is the argument passed to the server push callback */
-  CINIT(PUSHDATA, OBJECTPOINT, 15),
+  CURLOPT(CURLMOPT_PUSHDATA, CURLOPTTYPE_OBJECTPOINT, 15),
+
+  /* maximum number of concurrent streams to support on a connection */
+  CURLOPT(CURLMOPT_MAX_CONCURRENT_STREAMS, CURLOPTTYPE_LONG, 16),

  CURLMOPT_LASTENTRY /* the last unused */
 } CURLMoption;
@ -428,12 +431,14 @@ CURL_EXTERN CURLMcode curl_multi_assign(CURLM *multi_handle,
 * Name: curl_push_callback
 *
 * Desc: This callback gets called when a new stream is being pushed by the
- *       server. It approves or denies the new stream.
+ *       server. It approves or denies the new stream. It can also decide
+ *       to completely fail the connection.
 *
- * Returns: CURL_PUSH_OK or CURL_PUSH_DENY.
+ * Returns: CURL_PUSH_OK, CURL_PUSH_DENY or CURL_PUSH_ERROROUT
 */
-#define CURL_PUSH_OK   0
-#define CURL_PUSH_DENY 1
+#define CURL_PUSH_OK       0
+#define CURL_PUSH_DENY     1
+#define CURL_PUSH_ERROROUT 2 /* added in 7.72.0 */

 struct curl_pushheaders;  /* forward declaration only */

--- a/src/3rdparty/win32_include/curl/options.h
+++ b/src/3rdparty/win32_include/curl/options.h
@ -0,0 +1,70 @@
+#ifndef CURLINC_OPTIONS_H
+#define CURLINC_OPTIONS_H
+/***************************************************************************
+ *                                  _   _ ____  _
+ *  Project                     ___| | | |  _ \| |
+ *                             / __| | | | |_) | |
+ *                            | (__| |_| |  _ <| |___
+ *                             \___|\___/|_| \_\_____|
+ *
+ * Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
+ *
+ * This software is licensed as described in the file COPYING, which
+ * you should have received as part of this distribution. The terms
+ * are also available at https://curl.se/docs/copyright.html.
+ *
+ * You may opt to use, copy, modify, merge, publish, distribute and/or sell
+ * copies of the Software, and permit persons to whom the Software is
+ * furnished to do so, under the terms of the COPYING file.
+ *
+ * This software is distributed on an "AS IS" basis, WITHOUT WARRANTY OF ANY
+ * KIND, either express or implied.
+ *
+ * SPDX-License-Identifier: curl
+ *
+ ***************************************************************************/
+
+#ifdef  __cplusplus
+extern "C" {
+#endif
+
+typedef enum {
+  CURLOT_LONG,    /* long (a range of values) */
+  CURLOT_VALUES,  /*      (a defined set or bitmask) */
+  CURLOT_OFF_T,   /* curl_off_t (a range of values) */
+  CURLOT_OBJECT,  /* pointer (void *) */
+  CURLOT_STRING,  /*         (char * to null-terminated buffer) */
+  CURLOT_SLIST,   /*         (struct curl_slist *) */
+  CURLOT_CBPTR,   /*         (void * passed as-is to a callback) */
+  CURLOT_BLOB,    /* blob (struct curl_blob *) */
+  CURLOT_FUNCTION /* function pointer */
+} curl_easytype;
+
+/* Flag bits */
+
+/* "alias" means it is provided for old programs to remain functional,
+   we prefer another name */
+#define CURLOT_FLAG_ALIAS (1<<0)
+
+/* The CURLOPTTYPE_* id ranges can still be used to figure out what type/size
+   to use for curl_easy_setopt() for the given id */
+struct curl_easyoption {
+  const char *name;
+  CURLoption id;
+  curl_easytype type;
+  unsigned int flags;
+};
+
+CURL_EXTERN const struct curl_easyoption *
+curl_easy_option_by_name(const char *name);
+
+CURL_EXTERN const struct curl_easyoption *
+curl_easy_option_by_id(CURLoption id);
+
+CURL_EXTERN const struct curl_easyoption *
+curl_easy_option_next(const struct curl_easyoption *prev);
+
+#ifdef __cplusplus
+} /* end of extern "C" */
+#endif
+#endif /* CURLINC_OPTIONS_H */
--- a/src/3rdparty/win32_include/curl/stdcheaders.h
+++ b/src/3rdparty/win32_include/curl/stdcheaders.h
@ -7,11 +7,11 @@
 *                            | (__| |_| |  _ <| |___
 *                             \___|\___/|_| \_\_____|
 *
- * Copyright (C) 1998 - 2019, Daniel Stenberg, <daniel@haxx.se>, et al.
+ * Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
 *
 * This software is licensed as described in the file COPYING, which
 * you should have received as part of this distribution. The terms
- * are also available at https://curl.haxx.se/docs/copyright.html.
+ * are also available at https://curl.se/docs/copyright.html.
 *
 * You may opt to use, copy, modify, merge, publish, distribute and/or sell
 * copies of the Software, and permit persons to whom the Software is
@ -20,6 +20,8 @@
 * This software is distributed on an "AS IS" basis, WITHOUT WARRANTY OF ANY
 * KIND, either express or implied.
 *
+ * SPDX-License-Identifier: curl
+ *
 ***************************************************************************/

 #include <sys/types.h>
--- a/src/3rdparty/win32_include/curl/system.h
+++ b/src/3rdparty/win32_include/curl/system.h
@ -7,11 +7,11 @@
 *                            | (__| |_| |  _ <| |___
 *                             \___|\___/|_| \_\_____|
 *
- * Copyright (C) 1998 - 2019, Daniel Stenberg, <daniel@haxx.se>, et al.
+ * Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
 *
 * This software is licensed as described in the file COPYING, which
 * you should have received as part of this distribution. The terms
- * are also available at https://curl.haxx.se/docs/copyright.html.
+ * are also available at https://curl.se/docs/copyright.html.
 *
 * You may opt to use, copy, modify, merge, publish, distribute and/or sell
 * copies of the Software, and permit persons to whom the Software is
@ -20,6 +20,8 @@
 * This software is distributed on an "AS IS" basis, WITHOUT WARRANTY OF ANY
 * KIND, either express or implied.
 *
+ * SPDX-License-Identifier: curl
+ *
 ***************************************************************************/

 /*
@ -98,22 +100,6 @@
 #  define CURL_SUFFIX_CURL_OFF_TU    UL
 #  define CURL_TYPEOF_CURL_SOCKLEN_T int

-#elif defined(__WATCOMC__)
-#  if defined(__386__)
-#    define CURL_TYPEOF_CURL_OFF_T     __int64
-#    define CURL_FORMAT_CURL_OFF_T     "I64d"
-#    define CURL_FORMAT_CURL_OFF_TU    "I64u"
-#    define CURL_SUFFIX_CURL_OFF_T     i64
-#    define CURL_SUFFIX_CURL_OFF_TU    ui64
-#  else
-#    define CURL_TYPEOF_CURL_OFF_T     long
-#    define CURL_FORMAT_CURL_OFF_T     "ld"
-#    define CURL_FORMAT_CURL_OFF_TU    "lu"
-#    define CURL_SUFFIX_CURL_OFF_T     L
-#    define CURL_SUFFIX_CURL_OFF_TU    UL
-#  endif
-#  define CURL_TYPEOF_CURL_SOCKLEN_T int
-
 #elif defined(__POCC__)
 #  if (__POCC__ < 280)
 #    define CURL_TYPEOF_CURL_OFF_T     long
@ -137,15 +123,26 @@
 #  define CURL_TYPEOF_CURL_SOCKLEN_T int

 #elif defined(__LCC__)
-#  define CURL_TYPEOF_CURL_OFF_T     long
-#  define CURL_FORMAT_CURL_OFF_T     "ld"
-#  define CURL_FORMAT_CURL_OFF_TU    "lu"
-#  define CURL_SUFFIX_CURL_OFF_T     L
-#  define CURL_SUFFIX_CURL_OFF_TU    UL
-#  define CURL_TYPEOF_CURL_SOCKLEN_T int
+#  if defined(__MCST__) /* MCST eLbrus Compiler Collection */
+#    define CURL_TYPEOF_CURL_OFF_T     long
+#    define CURL_FORMAT_CURL_OFF_T     "ld"
+#    define CURL_FORMAT_CURL_OFF_TU    "lu"
+#    define CURL_SUFFIX_CURL_OFF_T     L
+#    define CURL_SUFFIX_CURL_OFF_TU    UL
+#    define CURL_TYPEOF_CURL_SOCKLEN_T socklen_t
+#    define CURL_PULL_SYS_TYPES_H      1
+#    define CURL_PULL_SYS_SOCKET_H     1
+#  else                /* Local (or Little) C Compiler */
+#    define CURL_TYPEOF_CURL_OFF_T     long
+#    define CURL_FORMAT_CURL_OFF_T     "ld"
+#    define CURL_FORMAT_CURL_OFF_TU    "lu"
+#    define CURL_SUFFIX_CURL_OFF_T     L
+#    define CURL_SUFFIX_CURL_OFF_TU    UL
+#    define CURL_TYPEOF_CURL_SOCKLEN_T int
+#  endif

 #elif defined(__SYMBIAN32__)
-#  if defined(__EABI__)  /* Treat all ARM compilers equally */
+#  if defined(__EABI__) /* Treat all ARM compilers equally */
 #    define CURL_TYPEOF_CURL_OFF_T     long long
 #    define CURL_FORMAT_CURL_OFF_T     "lld"
 #    define CURL_FORMAT_CURL_OFF_TU    "llu"
@ -167,13 +164,33 @@
 #  endif
 #  define CURL_TYPEOF_CURL_SOCKLEN_T unsigned int

-#elif defined(__MWERKS__)
+#elif defined(macintosh)
+#  include <ConditionalMacros.h>
+#  if TYPE_LONGLONG
+#    define CURL_TYPEOF_CURL_OFF_T     long long
+#    define CURL_FORMAT_CURL_OFF_T     "lld"
+#    define CURL_FORMAT_CURL_OFF_TU    "llu"
+#    define CURL_SUFFIX_CURL_OFF_T     LL
+#    define CURL_SUFFIX_CURL_OFF_TU    ULL
+#  else
+#    define CURL_TYPEOF_CURL_OFF_T     long
+#    define CURL_FORMAT_CURL_OFF_T     "ld"
+#    define CURL_FORMAT_CURL_OFF_TU    "lu"
+#    define CURL_SUFFIX_CURL_OFF_T     L
+#    define CURL_SUFFIX_CURL_OFF_TU    UL
+#  endif
+#  define CURL_TYPEOF_CURL_SOCKLEN_T unsigned int
+
+#elif defined(__TANDEM)
+# if ! defined(__LP64)
+   /* Required for 32-bit NonStop builds only. */
 #  define CURL_TYPEOF_CURL_OFF_T     long long
 #  define CURL_FORMAT_CURL_OFF_T     "lld"
 #  define CURL_FORMAT_CURL_OFF_TU    "llu"
 #  define CURL_SUFFIX_CURL_OFF_T     LL
 #  define CURL_SUFFIX_CURL_OFF_TU    ULL
 #  define CURL_TYPEOF_CURL_SOCKLEN_T int
+# endif

 #elif defined(_WIN32_WCE)
 #  define CURL_TYPEOF_CURL_OFF_T     __int64
@ -210,16 +227,14 @@
 #  define CURL_TYPEOF_CURL_SOCKLEN_T unsigned int

 #elif defined(__OS400__)
-#  if defined(__ILEC400__)
-#    define CURL_TYPEOF_CURL_OFF_T     long long
-#    define CURL_FORMAT_CURL_OFF_T     "lld"
-#    define CURL_FORMAT_CURL_OFF_TU    "llu"
-#    define CURL_SUFFIX_CURL_OFF_T     LL
-#    define CURL_SUFFIX_CURL_OFF_TU    ULL
-#    define CURL_TYPEOF_CURL_SOCKLEN_T socklen_t
-#    define CURL_PULL_SYS_TYPES_H      1
-#    define CURL_PULL_SYS_SOCKET_H     1
-#  endif
+#  define CURL_TYPEOF_CURL_OFF_T     long long
+#  define CURL_FORMAT_CURL_OFF_T     "lld"
+#  define CURL_FORMAT_CURL_OFF_TU    "llu"
+#  define CURL_SUFFIX_CURL_OFF_T     LL
+#  define CURL_SUFFIX_CURL_OFF_TU    ULL
+#  define CURL_TYPEOF_CURL_SOCKLEN_T socklen_t
+#  define CURL_PULL_SYS_TYPES_H      1
+#  define CURL_PULL_SYS_SOCKET_H     1

 #elif defined(__MVS__)
 #  if defined(__IBMC__) || defined(__IBMCPP__)
@ -288,7 +303,6 @@
 #  define CURL_TYPEOF_CURL_SOCKLEN_T int

 #elif defined(__TINYC__) /* also known as tcc */
-
 #  define CURL_TYPEOF_CURL_OFF_T     long long
 #  define CURL_FORMAT_CURL_OFF_T     "lld"
 #  define CURL_FORMAT_CURL_OFF_TU    "llu"
@ -377,6 +391,7 @@
 #    define CURL_SUFFIX_CURL_OFF_TU    ULL
 #  elif defined(__LP64__) || \
        defined(__x86_64__) || defined(__ppc64__) || defined(__sparc64__) || \
+        defined(__e2k__) || \
        (defined(__SIZEOF_LONG__) && __SIZEOF_LONG__ == 8) || \
        (defined(__LONG_MAX__) && __LONG_MAX__ == 9223372036854775807L)
 #    define CURL_TYPEOF_CURL_OFF_T     long
--- a/src/3rdparty/win32_include/curl/typecheck-gcc.h
+++ b/src/3rdparty/win32_include/curl/typecheck-gcc.h
@ -7,11 +7,11 @@
 *                            | (__| |_| |  _ <| |___
 *                             \___|\___/|_| \_\_____|
 *
- * Copyright (C) 1998 - 2019, Daniel Stenberg, <daniel@haxx.se>, et al.
+ * Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
 *
 * This software is licensed as described in the file COPYING, which
 * you should have received as part of this distribution. The terms
- * are also available at https://curl.haxx.se/docs/copyright.html.
+ * are also available at https://curl.se/docs/copyright.html.
 *
 * You may opt to use, copy, modify, merge, publish, distribute and/or sell
 * copies of the Software, and permit persons to whom the Software is
@ -20,6 +20,8 @@
 * This software is distributed on an "AS IS" basis, WITHOUT WARRANTY OF ANY
 * KIND, either express or implied.
 *
+ * SPDX-License-Identifier: curl
+ *
 ***************************************************************************/

 /* wraps curl_easy_setopt() with typechecking */
@ -40,107 +42,111 @@
 */
 #define curl_easy_setopt(handle, option, value)                         \
  __extension__({                                                       \
-      __typeof__(option) _curl_opt = option;                            \
+      CURLoption _curl_opt = (option);                                  \
      if(__builtin_constant_p(_curl_opt)) {                             \
-        if(curlcheck_long_option(_curl_opt))                            \
-          if(!curlcheck_long(value))                                    \
-            _curl_easy_setopt_err_long();                               \
-        if(curlcheck_off_t_option(_curl_opt))                           \
-          if(!curlcheck_off_t(value))                                   \
-            _curl_easy_setopt_err_curl_off_t();                         \
-        if(curlcheck_string_option(_curl_opt))                          \
-          if(!curlcheck_string(value))                                  \
-            _curl_easy_setopt_err_string();                             \
-        if(curlcheck_write_cb_option(_curl_opt))                        \
-          if(!curlcheck_write_cb(value))                                \
-            _curl_easy_setopt_err_write_callback();                     \
-        if((_curl_opt) == CURLOPT_RESOLVER_START_FUNCTION)              \
-          if(!curlcheck_resolver_start_callback(value))                 \
-            _curl_easy_setopt_err_resolver_start_callback();            \
-        if((_curl_opt) == CURLOPT_READFUNCTION)                         \
-          if(!curlcheck_read_cb(value))                                 \
-            _curl_easy_setopt_err_read_cb();                            \
-        if((_curl_opt) == CURLOPT_IOCTLFUNCTION)                        \
-          if(!curlcheck_ioctl_cb(value))                                \
-            _curl_easy_setopt_err_ioctl_cb();                           \
-        if((_curl_opt) == CURLOPT_SOCKOPTFUNCTION)                      \
-          if(!curlcheck_sockopt_cb(value))                              \
-            _curl_easy_setopt_err_sockopt_cb();                         \
-        if((_curl_opt) == CURLOPT_OPENSOCKETFUNCTION)                   \
-          if(!curlcheck_opensocket_cb(value))                           \
-            _curl_easy_setopt_err_opensocket_cb();                      \
-        if((_curl_opt) == CURLOPT_PROGRESSFUNCTION)                     \
-          if(!curlcheck_progress_cb(value))                             \
-            _curl_easy_setopt_err_progress_cb();                        \
-        if((_curl_opt) == CURLOPT_DEBUGFUNCTION)                        \
-          if(!curlcheck_debug_cb(value))                                \
-            _curl_easy_setopt_err_debug_cb();                           \
-        if((_curl_opt) == CURLOPT_SSL_CTX_FUNCTION)                     \
-          if(!curlcheck_ssl_ctx_cb(value))                              \
-            _curl_easy_setopt_err_ssl_ctx_cb();                         \
-        if(curlcheck_conv_cb_option(_curl_opt))                         \
-          if(!curlcheck_conv_cb(value))                                 \
-            _curl_easy_setopt_err_conv_cb();                            \
-        if((_curl_opt) == CURLOPT_SEEKFUNCTION)                         \
-          if(!curlcheck_seek_cb(value))                                 \
-            _curl_easy_setopt_err_seek_cb();                            \
-        if(curlcheck_cb_data_option(_curl_opt))                         \
-          if(!curlcheck_cb_data(value))                                 \
-            _curl_easy_setopt_err_cb_data();                            \
-        if((_curl_opt) == CURLOPT_ERRORBUFFER)                          \
-          if(!curlcheck_error_buffer(value))                            \
-            _curl_easy_setopt_err_error_buffer();                       \
-        if((_curl_opt) == CURLOPT_STDERR)                               \
-          if(!curlcheck_FILE(value))                                    \
-            _curl_easy_setopt_err_FILE();                               \
-        if(curlcheck_postfields_option(_curl_opt))                      \
-          if(!curlcheck_postfields(value))                              \
-            _curl_easy_setopt_err_postfields();                         \
-        if((_curl_opt) == CURLOPT_HTTPPOST)                             \
-          if(!curlcheck_arr((value), struct curl_httppost))             \
-            _curl_easy_setopt_err_curl_httpost();                       \
-        if((_curl_opt) == CURLOPT_MIMEPOST)                             \
-          if(!curlcheck_ptr((value), curl_mime))                        \
-            _curl_easy_setopt_err_curl_mimepost();                      \
-        if(curlcheck_slist_option(_curl_opt))                           \
-          if(!curlcheck_arr((value), struct curl_slist))                \
-            _curl_easy_setopt_err_curl_slist();                         \
-        if((_curl_opt) == CURLOPT_SHARE)                                \
-          if(!curlcheck_ptr((value), CURLSH))                           \
-            _curl_easy_setopt_err_CURLSH();                             \
+        CURL_IGNORE_DEPRECATION(                                        \
+          if(curlcheck_long_option(_curl_opt))                          \
+            if(!curlcheck_long(value))                                  \
+              _curl_easy_setopt_err_long();                             \
+          if(curlcheck_off_t_option(_curl_opt))                         \
+            if(!curlcheck_off_t(value))                                 \
+              _curl_easy_setopt_err_curl_off_t();                       \
+          if(curlcheck_string_option(_curl_opt))                        \
+            if(!curlcheck_string(value))                                \
+              _curl_easy_setopt_err_string();                           \
+          if(curlcheck_write_cb_option(_curl_opt))                      \
+            if(!curlcheck_write_cb(value))                              \
+              _curl_easy_setopt_err_write_callback();                   \
+          if((_curl_opt) == CURLOPT_RESOLVER_START_FUNCTION)            \
+            if(!curlcheck_resolver_start_callback(value))               \
+              _curl_easy_setopt_err_resolver_start_callback();          \
+          if((_curl_opt) == CURLOPT_READFUNCTION)                       \
+            if(!curlcheck_read_cb(value))                               \
+              _curl_easy_setopt_err_read_cb();                          \
+          if((_curl_opt) == CURLOPT_IOCTLFUNCTION)                      \
+            if(!curlcheck_ioctl_cb(value))                              \
+              _curl_easy_setopt_err_ioctl_cb();                         \
+          if((_curl_opt) == CURLOPT_SOCKOPTFUNCTION)                    \
+            if(!curlcheck_sockopt_cb(value))                            \
+              _curl_easy_setopt_err_sockopt_cb();                       \
+          if((_curl_opt) == CURLOPT_OPENSOCKETFUNCTION)                 \
+            if(!curlcheck_opensocket_cb(value))                         \
+              _curl_easy_setopt_err_opensocket_cb();                    \
+          if((_curl_opt) == CURLOPT_PROGRESSFUNCTION)                   \
+            if(!curlcheck_progress_cb(value))                           \
+              _curl_easy_setopt_err_progress_cb();                      \
+          if((_curl_opt) == CURLOPT_DEBUGFUNCTION)                      \
+            if(!curlcheck_debug_cb(value))                              \
+              _curl_easy_setopt_err_debug_cb();                         \
+          if((_curl_opt) == CURLOPT_SSL_CTX_FUNCTION)                   \
+            if(!curlcheck_ssl_ctx_cb(value))                            \
+              _curl_easy_setopt_err_ssl_ctx_cb();                       \
+          if(curlcheck_conv_cb_option(_curl_opt))                       \
+            if(!curlcheck_conv_cb(value))                               \
+              _curl_easy_setopt_err_conv_cb();                          \
+          if((_curl_opt) == CURLOPT_SEEKFUNCTION)                       \
+            if(!curlcheck_seek_cb(value))                               \
+              _curl_easy_setopt_err_seek_cb();                          \
+          if(curlcheck_cb_data_option(_curl_opt))                       \
+            if(!curlcheck_cb_data(value))                               \
+              _curl_easy_setopt_err_cb_data();                          \
+          if((_curl_opt) == CURLOPT_ERRORBUFFER)                        \
+            if(!curlcheck_error_buffer(value))                          \
+              _curl_easy_setopt_err_error_buffer();                     \
+          if((_curl_opt) == CURLOPT_STDERR)                             \
+            if(!curlcheck_FILE(value))                                  \
+              _curl_easy_setopt_err_FILE();                             \
+          if(curlcheck_postfields_option(_curl_opt))                    \
+            if(!curlcheck_postfields(value))                            \
+              _curl_easy_setopt_err_postfields();                       \
+          if((_curl_opt) == CURLOPT_HTTPPOST)                           \
+            if(!curlcheck_arr((value), struct curl_httppost))           \
+              _curl_easy_setopt_err_curl_httpost();                     \
+          if((_curl_opt) == CURLOPT_MIMEPOST)                           \
+            if(!curlcheck_ptr((value), curl_mime))                      \
+              _curl_easy_setopt_err_curl_mimepost();                    \
+          if(curlcheck_slist_option(_curl_opt))                         \
+            if(!curlcheck_arr((value), struct curl_slist))              \
+              _curl_easy_setopt_err_curl_slist();                       \
+          if((_curl_opt) == CURLOPT_SHARE)                              \
+            if(!curlcheck_ptr((value), CURLSH))                         \
+              _curl_easy_setopt_err_CURLSH();                           \
+        )                                                               \
      }                                                                 \
      curl_easy_setopt(handle, _curl_opt, value);                       \
    })

 /* wraps curl_easy_getinfo() with typechecking */
 #define curl_easy_getinfo(handle, info, arg)                            \
-  __extension__({                                                      \
-      __typeof__(info) _curl_info = info;                               \
+  __extension__({                                                       \
+      CURLINFO _curl_info = (info);                                     \
      if(__builtin_constant_p(_curl_info)) {                            \
-        if(curlcheck_string_info(_curl_info))                           \
-          if(!curlcheck_arr((arg), char *))                             \
-            _curl_easy_getinfo_err_string();                            \
-        if(curlcheck_long_info(_curl_info))                             \
-          if(!curlcheck_arr((arg), long))                               \
-            _curl_easy_getinfo_err_long();                              \
-        if(curlcheck_double_info(_curl_info))                           \
-          if(!curlcheck_arr((arg), double))                             \
-            _curl_easy_getinfo_err_double();                            \
-        if(curlcheck_slist_info(_curl_info))                            \
-          if(!curlcheck_arr((arg), struct curl_slist *))                \
-            _curl_easy_getinfo_err_curl_slist();                        \
-        if(curlcheck_tlssessioninfo_info(_curl_info))                   \
-          if(!curlcheck_arr((arg), struct curl_tlssessioninfo *))       \
-            _curl_easy_getinfo_err_curl_tlssesssioninfo();              \
-        if(curlcheck_certinfo_info(_curl_info))                         \
-          if(!curlcheck_arr((arg), struct curl_certinfo *))             \
-            _curl_easy_getinfo_err_curl_certinfo();                     \
-        if(curlcheck_socket_info(_curl_info))                           \
-          if(!curlcheck_arr((arg), curl_socket_t))                      \
-            _curl_easy_getinfo_err_curl_socket();                       \
-        if(curlcheck_off_t_info(_curl_info))                            \
-          if(!curlcheck_arr((arg), curl_off_t))                         \
-            _curl_easy_getinfo_err_curl_off_t();                        \
+        CURL_IGNORE_DEPRECATION(                                        \
+          if(curlcheck_string_info(_curl_info))                         \
+            if(!curlcheck_arr((arg), char *))                           \
+              _curl_easy_getinfo_err_string();                          \
+          if(curlcheck_long_info(_curl_info))                           \
+            if(!curlcheck_arr((arg), long))                             \
+              _curl_easy_getinfo_err_long();                            \
+          if(curlcheck_double_info(_curl_info))                         \
+            if(!curlcheck_arr((arg), double))                           \
+              _curl_easy_getinfo_err_double();                          \
+          if(curlcheck_slist_info(_curl_info))                          \
+            if(!curlcheck_arr((arg), struct curl_slist *))              \
+              _curl_easy_getinfo_err_curl_slist();                      \
+          if(curlcheck_tlssessioninfo_info(_curl_info))                 \
+            if(!curlcheck_arr((arg), struct curl_tlssessioninfo *))     \
+              _curl_easy_getinfo_err_curl_tlssesssioninfo();            \
+          if(curlcheck_certinfo_info(_curl_info))                       \
+            if(!curlcheck_arr((arg), struct curl_certinfo *))           \
+              _curl_easy_getinfo_err_curl_certinfo();                   \
+          if(curlcheck_socket_info(_curl_info))                         \
+            if(!curlcheck_arr((arg), curl_socket_t))                    \
+              _curl_easy_getinfo_err_curl_socket();                     \
+          if(curlcheck_off_t_info(_curl_info))                          \
+            if(!curlcheck_arr((arg), curl_off_t))                       \
+              _curl_easy_getinfo_err_curl_off_t();                      \
+        )                                                               \
      }                                                                 \
      curl_easy_getinfo(handle, _curl_info, arg);                       \
    })
@ -248,7 +254,7 @@ CURLWARNING(_curl_easy_getinfo_err_curl_off_t,
  (0 < (option) && (option) < CURLOPTTYPE_OBJECTPOINT)

 #define curlcheck_off_t_option(option)          \
-  ((option) > CURLOPTTYPE_OFF_T)
+  (((option) > CURLOPTTYPE_OFF_T) && ((option) < CURLOPTTYPE_BLOB))

 /* evaluates to true if option takes a char* argument */
 #define curlcheck_string_option(option)                                       \
@ -270,9 +276,10 @@ CURLWARNING(_curl_easy_getinfo_err_curl_off_t,
   (option) == CURLOPT_DNS_SERVERS ||                                         \
   (option) == CURLOPT_DOH_URL ||                                             \
   (option) == CURLOPT_EGDSOCKET ||                                           \
-   (option) == CURLOPT_FTPPORT ||                                             \
   (option) == CURLOPT_FTP_ACCOUNT ||                                         \
   (option) == CURLOPT_FTP_ALTERNATIVE_TO_USER ||                             \
+   (option) == CURLOPT_FTPPORT ||                                             \
+   (option) == CURLOPT_HSTS ||                                                \
   (option) == CURLOPT_INTERFACE ||                                           \
   (option) == CURLOPT_ISSUERCERT ||                                          \
   (option) == CURLOPT_KEYPASSWD ||                                           \
@ -285,27 +292,30 @@ CURLWARNING(_curl_easy_getinfo_err_curl_off_t,
   (option) == CURLOPT_PASSWORD ||                                            \
   (option) == CURLOPT_PINNEDPUBLICKEY ||                                     \
   (option) == CURLOPT_PRE_PROXY ||                                           \
+   (option) == CURLOPT_PROTOCOLS_STR ||                                       \
   (option) == CURLOPT_PROXY ||                                               \
-   (option) == CURLOPT_PROXYPASSWORD ||                                       \
-   (option) == CURLOPT_PROXYUSERNAME ||                                       \
-   (option) == CURLOPT_PROXYUSERPWD ||                                        \
   (option) == CURLOPT_PROXY_CAINFO ||                                        \
   (option) == CURLOPT_PROXY_CAPATH ||                                        \
   (option) == CURLOPT_PROXY_CRLFILE ||                                       \
+   (option) == CURLOPT_PROXY_ISSUERCERT ||                                    \
   (option) == CURLOPT_PROXY_KEYPASSWD ||                                     \
   (option) == CURLOPT_PROXY_PINNEDPUBLICKEY ||                               \
   (option) == CURLOPT_PROXY_SERVICE_NAME ||                                  \
+   (option) == CURLOPT_PROXY_SSL_CIPHER_LIST ||                               \
   (option) == CURLOPT_PROXY_SSLCERT ||                                       \
   (option) == CURLOPT_PROXY_SSLCERTTYPE ||                                   \
   (option) == CURLOPT_PROXY_SSLKEY ||                                        \
   (option) == CURLOPT_PROXY_SSLKEYTYPE ||                                    \
-   (option) == CURLOPT_PROXY_SSL_CIPHER_LIST ||                               \
   (option) == CURLOPT_PROXY_TLS13_CIPHERS ||                                 \
   (option) == CURLOPT_PROXY_TLSAUTH_PASSWORD ||                              \
   (option) == CURLOPT_PROXY_TLSAUTH_TYPE ||                                  \
   (option) == CURLOPT_PROXY_TLSAUTH_USERNAME ||                              \
+   (option) == CURLOPT_PROXYPASSWORD ||                                       \
+   (option) == CURLOPT_PROXYUSERNAME ||                                       \
+   (option) == CURLOPT_PROXYUSERPWD ||                                        \
   (option) == CURLOPT_RANDOM_FILE ||                                         \
   (option) == CURLOPT_RANGE ||                                               \
+   (option) == CURLOPT_REDIR_PROTOCOLS_STR ||                                 \
   (option) == CURLOPT_REFERER ||                                             \
   (option) == CURLOPT_REQUEST_TARGET ||                                      \
   (option) == CURLOPT_RTSP_SESSION_ID ||                                     \
@ -315,6 +325,7 @@ CURLWARNING(_curl_easy_getinfo_err_curl_off_t,
   (option) == CURLOPT_SERVICE_NAME ||                                        \
   (option) == CURLOPT_SOCKS5_GSSAPI_SERVICE ||                               \
   (option) == CURLOPT_SSH_HOST_PUBLIC_KEY_MD5 ||                             \
+   (option) == CURLOPT_SSH_HOST_PUBLIC_KEY_SHA256 ||                          \
   (option) == CURLOPT_SSH_KNOWNHOSTS ||                                      \
   (option) == CURLOPT_SSH_PRIVATE_KEYFILE ||                                 \
   (option) == CURLOPT_SSH_PUBLIC_KEYFILE ||                                  \
@ -332,8 +343,10 @@ CURLWARNING(_curl_easy_getinfo_err_curl_off_t,
   (option) == CURLOPT_URL ||                                                 \
   (option) == CURLOPT_USERAGENT ||                                           \
   (option) == CURLOPT_USERNAME ||                                            \
+   (option) == CURLOPT_AWS_SIGV4 ||                                           \
   (option) == CURLOPT_USERPWD ||                                             \
   (option) == CURLOPT_XOAUTH2_BEARER ||                                      \
+   (option) == CURLOPT_SSL_EC_CURVES ||                                       \
   0)

 /* evaluates to true if option takes a curl_write_callback argument */
@ -354,10 +367,12 @@ CURLWARNING(_curl_easy_getinfo_err_curl_off_t,
   (option) == CURLOPT_DEBUGDATA ||                                           \
   (option) == CURLOPT_FNMATCH_DATA ||                                        \
   (option) == CURLOPT_HEADERDATA ||                                          \
+   (option) == CURLOPT_HSTSREADDATA ||                                        \
+   (option) == CURLOPT_HSTSWRITEDATA ||                                       \
   (option) == CURLOPT_INTERLEAVEDATA ||                                      \
   (option) == CURLOPT_IOCTLDATA ||                                           \
   (option) == CURLOPT_OPENSOCKETDATA ||                                      \
-   (option) == CURLOPT_PRIVATE ||                                             \
+   (option) == CURLOPT_PREREQDATA ||                                          \
   (option) == CURLOPT_PROGRESSDATA ||                                        \
   (option) == CURLOPT_READDATA ||                                            \
   (option) == CURLOPT_SEEKDATA ||                                            \
@ -367,6 +382,7 @@ CURLWARNING(_curl_easy_getinfo_err_curl_off_t,
   (option) == CURLOPT_WRITEDATA ||                                           \
   (option) == CURLOPT_RESOLVER_START_DATA ||                                 \
   (option) == CURLOPT_TRAILERDATA ||                                         \
+   (option) == CURLOPT_SSH_HOSTKEYDATA ||                                     \
   0)

 /* evaluates to true if option takes a POST data argument (void* or char*) */
@ -392,8 +408,9 @@ CURLWARNING(_curl_easy_getinfo_err_curl_off_t,
 /* groups of curl_easy_getinfo infos that take the same type of argument */

 /* evaluates to true if info expects a pointer to char * argument */
-#define curlcheck_string_info(info)                     \
-  (CURLINFO_STRING < (info) && (info) < CURLINFO_LONG)
+#define curlcheck_string_info(info)                             \
+  (CURLINFO_STRING < (info) && (info) < CURLINFO_LONG &&        \
+   (info) != CURLINFO_PRIVATE)

 /* evaluates to true if info expects a pointer to long argument */
 #define curlcheck_long_info(info)                       \
@ -423,7 +440,7 @@ CURLWARNING(_curl_easy_getinfo_err_curl_off_t,
  (CURLINFO_OFF_T < (info))


-/* typecheck helpers -- check whether given expression has requested type*/
+/* typecheck helpers -- check whether given expression has requested type */

 /* For pointers, you can use the curlcheck_ptr/curlcheck_arr macros,
 * otherwise define a new macro. Search for __builtin_types_compatible_p
@ -661,11 +678,11 @@ typedef CURLcode (*_curl_ssl_ctx_callback4)(CURL *, const void *,
 /* hack: if we included OpenSSL's ssl.h, we know about SSL_CTX
 * this will of course break if we're included before OpenSSL headers...
 */
-typedef CURLcode (*_curl_ssl_ctx_callback5)(CURL *, SSL_CTX, void *);
-typedef CURLcode (*_curl_ssl_ctx_callback6)(CURL *, SSL_CTX, const void *);
-typedef CURLcode (*_curl_ssl_ctx_callback7)(CURL *, const SSL_CTX, void *);
-typedef CURLcode (*_curl_ssl_ctx_callback8)(CURL *, const SSL_CTX,
-                                           const void *);
+typedef CURLcode (*_curl_ssl_ctx_callback5)(CURL *, SSL_CTX *, void *);
+typedef CURLcode (*_curl_ssl_ctx_callback6)(CURL *, SSL_CTX *, const void *);
+typedef CURLcode (*_curl_ssl_ctx_callback7)(CURL *, const SSL_CTX *, void *);
+typedef CURLcode (*_curl_ssl_ctx_callback8)(CURL *, const SSL_CTX *,
+                                            const void *);
 #else
 typedef _curl_ssl_ctx_callback1 _curl_ssl_ctx_callback5;
 typedef _curl_ssl_ctx_callback1 _curl_ssl_ctx_callback6;
--- a/src/3rdparty/win32_include/curl/urlapi.h
+++ b/src/3rdparty/win32_include/curl/urlapi.h
@ -7,11 +7,11 @@
 *                            | (__| |_| |  _ <| |___
 *                             \___|\___/|_| \_\_____|
 *
- * Copyright (C) 2018 - 2019, Daniel Stenberg, <daniel@haxx.se>, et al.
+ * Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
 *
 * This software is licensed as described in the file COPYING, which
 * you should have received as part of this distribution. The terms
- * are also available at https://curl.haxx.se/docs/copyright.html.
+ * are also available at https://curl.se/docs/copyright.html.
 *
 * You may opt to use, copy, modify, merge, publish, distribute and/or sell
 * copies of the Software, and permit persons to whom the Software is
@ -20,6 +20,8 @@
 * This software is distributed on an "AS IS" basis, WITHOUT WARRANTY OF ANY
 * KIND, either express or implied.
 *
+ * SPDX-License-Identifier: curl
+ *
 ***************************************************************************/

 #include "curl.h"
@ -47,7 +49,21 @@ typedef enum {
  CURLUE_NO_HOST,             /* 14 */
  CURLUE_NO_PORT,             /* 15 */
  CURLUE_NO_QUERY,            /* 16 */
-  CURLUE_NO_FRAGMENT          /* 17 */
+  CURLUE_NO_FRAGMENT,         /* 17 */
+  CURLUE_NO_ZONEID,           /* 18 */
+  CURLUE_BAD_FILE_URL,        /* 19 */
+  CURLUE_BAD_FRAGMENT,        /* 20 */
+  CURLUE_BAD_HOSTNAME,        /* 21 */
+  CURLUE_BAD_IPV6,            /* 22 */
+  CURLUE_BAD_LOGIN,           /* 23 */
+  CURLUE_BAD_PASSWORD,        /* 24 */
+  CURLUE_BAD_PATH,            /* 25 */
+  CURLUE_BAD_QUERY,           /* 26 */
+  CURLUE_BAD_SCHEME,          /* 27 */
+  CURLUE_BAD_SLASHES,         /* 28 */
+  CURLUE_BAD_USER,            /* 29 */
+  CURLUE_LACKS_IDN,           /* 30 */
+  CURLUE_LAST
 } CURLUcode;

 typedef enum {
@ -77,6 +93,10 @@ typedef enum {
 #define CURLU_URLENCODE (1<<7)          /* URL encode on set */
 #define CURLU_APPENDQUERY (1<<8)        /* append a form style part */
 #define CURLU_GUESS_SCHEME (1<<9)       /* legacy curl-style guessing */
+#define CURLU_NO_AUTHORITY (1<<10)      /* Allow empty authority when the
+                                           scheme is unknown. */
+#define CURLU_ALLOW_SPACE (1<<11)       /* Allow spaces in the URL */
+#define CURLU_PUNYCODE (1<<12)          /* get the host name in pynycode */

 typedef struct Curl_URL CURLU;

@ -97,14 +117,14 @@ CURL_EXTERN void curl_url_cleanup(CURLU *handle);
 * curl_url_dup() duplicates a CURLU handle and returns a new copy. The new
 * handle must also be freed with curl_url_cleanup().
 */
-CURL_EXTERN CURLU *curl_url_dup(CURLU *in);
+CURL_EXTERN CURLU *curl_url_dup(const CURLU *in);

 /*
 * curl_url_get() extracts a specific part of the URL from a CURLU
 * handle. Returns error code. The returned pointer MUST be freed with
 * curl_free() afterwards.
 */
-CURL_EXTERN CURLUcode curl_url_get(CURLU *handle, CURLUPart what,
+CURL_EXTERN CURLUcode curl_url_get(const CURLU *handle, CURLUPart what,
                                   char **part, unsigned int flags);

 /*
@ -115,6 +135,12 @@ CURL_EXTERN CURLUcode curl_url_get(CURLU *handle, CURLUPart what,
 CURL_EXTERN CURLUcode curl_url_set(CURLU *handle, CURLUPart what,
                                   const char *part, unsigned int flags);

+/*
+ * curl_url_strerror() turns a CURLUcode value into the equivalent human
+ * readable error string.  This is useful for printing meaningful error
+ * messages.
+ */
+CURL_EXTERN const char *curl_url_strerror(CURLUcode);

 #ifdef __cplusplus
 } /* end of extern "C" */
--- a/src/3rdparty/win32_include/curl/websockets.h
+++ b/src/3rdparty/win32_include/curl/websockets.h
@ -0,0 +1,84 @@
+#ifndef CURLINC_WEBSOCKETS_H
+#define CURLINC_WEBSOCKETS_H
+/***************************************************************************
+ *                                  _   _ ____  _
+ *  Project                     ___| | | |  _ \| |
+ *                             / __| | | | |_) | |
+ *                            | (__| |_| |  _ <| |___
+ *                             \___|\___/|_| \_\_____|
+ *
+ * Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
+ *
+ * This software is licensed as described in the file COPYING, which
+ * you should have received as part of this distribution. The terms
+ * are also available at https://curl.se/docs/copyright.html.
+ *
+ * You may opt to use, copy, modify, merge, publish, distribute and/or sell
+ * copies of the Software, and permit persons to whom the Software is
+ * furnished to do so, under the terms of the COPYING file.
+ *
+ * This software is distributed on an "AS IS" basis, WITHOUT WARRANTY OF ANY
+ * KIND, either express or implied.
+ *
+ * SPDX-License-Identifier: curl
+ *
+ ***************************************************************************/
+
+#ifdef  __cplusplus
+extern "C" {
+#endif
+
+struct curl_ws_frame {
+  int age;              /* zero */
+  int flags;            /* See the CURLWS_* defines */
+  curl_off_t offset;    /* the offset of this data into the frame */
+  curl_off_t bytesleft; /* number of pending bytes left of the payload */
+  size_t len;           /* size of the current data chunk */
+};
+
+/* flag bits */
+#define CURLWS_TEXT       (1<<0)
+#define CURLWS_BINARY     (1<<1)
+#define CURLWS_CONT       (1<<2)
+#define CURLWS_CLOSE      (1<<3)
+#define CURLWS_PING       (1<<4)
+#define CURLWS_OFFSET     (1<<5)
+
+/*
+ * NAME curl_ws_recv()
+ *
+ * DESCRIPTION
+ *
+ * Receives data from the websocket connection. Use after successful
+ * curl_easy_perform() with CURLOPT_CONNECT_ONLY option.
+ */
+CURL_EXTERN CURLcode curl_ws_recv(CURL *curl, void *buffer, size_t buflen,
+                                  size_t *recv,
+                                  struct curl_ws_frame **metap);
+
+/* sendflags for curl_ws_send() */
+#define CURLWS_PONG       (1<<6)
+
+/*
+ * NAME curl_easy_send()
+ *
+ * DESCRIPTION
+ *
+ * Sends data over the websocket connection. Use after successful
+ * curl_easy_perform() with CURLOPT_CONNECT_ONLY option.
+ */
+CURL_EXTERN CURLcode curl_ws_send(CURL *curl, const void *buffer,
+                                  size_t buflen, size_t *sent,
+                                  curl_off_t framesize,
+                                  unsigned int sendflags);
+
+/* bits for the CURLOPT_WS_OPTIONS bitmask: */
+#define CURLWS_RAW_MODE (1<<0)
+
+CURL_EXTERN struct curl_ws_frame *curl_ws_meta(CURL *curl);
+
+#ifdef  __cplusplus
+}
+#endif
+
+#endif /* CURLINC_WEBSOCKETS_H */
--- a/src/3rdparty/win32_include/openssl/__DECC_INCLUDE_EPILOGUE.H
+++ b/src/3rdparty/win32_include/openssl/__DECC_INCLUDE_EPILOGUE.H
@ -0,0 +1,22 @@
+/*
+ * Copyright 2016-2020 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the Apache License 2.0 (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+/*
+ * This file is only used by HP C/C++ on VMS, and is included automatically
+ * after each header file from this directory
+ */
+
+/*
+ * The C++ compiler doesn't understand these pragmas, even though it
+ * understands the corresponding command line qualifier.
+ */
+#ifndef __cplusplus
+/* restore state.  Must correspond to the save in __decc_include_prologue.h */
+# pragma names restore
+#endif
--- a/src/3rdparty/win32_include/openssl/__DECC_INCLUDE_PROLOGUE.H
+++ b/src/3rdparty/win32_include/openssl/__DECC_INCLUDE_PROLOGUE.H
@ -0,0 +1,26 @@
+/*
+ * Copyright 2016-2020 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the Apache License 2.0 (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+/*
+ * This file is only used by HP C/C++ on VMS, and is included automatically
+ * after each header file from this directory
+ */
+
+/*
+ * The C++ compiler doesn't understand these pragmas, even though it
+ * understands the corresponding command line qualifier.
+ */
+#ifndef __cplusplus
+/* save state */
+# pragma names save
+/* have the compiler shorten symbols larger than 31 chars to 23 chars
+ * followed by a 8 hex char CRC
+ */
+# pragma names as_is,shortened
+#endif
--- a/src/3rdparty/win32_include/openssl/aes.h
+++ b/src/3rdparty/win32_include/openssl/aes.h
@ -1,14 +1,20 @@
 /*
- * Copyright 2002-2016 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 2002-2020 The OpenSSL Project Authors. All Rights Reserved.
 *
- * Licensed under the OpenSSL license (the "License").  You may not use
+ * Licensed under the Apache License 2.0 (the "License").  You may not use
 * this file except in compliance with the License.  You can obtain a copy
 * in the file LICENSE in the source distribution or at
 * https://www.openssl.org/source/license.html
 */

-#ifndef HEADER_AES_H
-# define HEADER_AES_H
+#ifndef OPENSSL_AES_H
+# define OPENSSL_AES_H
+# pragma once
+
+# include <openssl/macros.h>
+# ifndef OPENSSL_NO_DEPRECATED_3_0
+#  define HEADER_AES_H
+# endif

 # include <openssl/opensslconf.h>

@ -17,72 +23,85 @@
 extern "C" {
 # endif

-# define AES_ENCRYPT     1
-# define AES_DECRYPT     0
-
-/*
- * Because array size can't be a const in C, the following two are macros.
- * Both sizes are in bytes.
- */
-# define AES_MAXNR 14
 # define AES_BLOCK_SIZE 16

+# ifndef OPENSSL_NO_DEPRECATED_3_0
+
+#  define AES_ENCRYPT     1
+#  define AES_DECRYPT     0
+
+#  define AES_MAXNR 14
+
+
 /* This should be a hidden type, but EVP requires that the size be known */
 struct aes_key_st {
-# ifdef AES_LONG
+#  ifdef AES_LONG
    unsigned long rd_key[4 * (AES_MAXNR + 1)];
-# else
+#  else
    unsigned int rd_key[4 * (AES_MAXNR + 1)];
-# endif
+#  endif
    int rounds;
 };
 typedef struct aes_key_st AES_KEY;

-const char *AES_options(void);
-
+# endif
+# ifndef OPENSSL_NO_DEPRECATED_3_0
+OSSL_DEPRECATEDIN_3_0 const char *AES_options(void);
+OSSL_DEPRECATEDIN_3_0
 int AES_set_encrypt_key(const unsigned char *userKey, const int bits,
                        AES_KEY *key);
+OSSL_DEPRECATEDIN_3_0
 int AES_set_decrypt_key(const unsigned char *userKey, const int bits,
                        AES_KEY *key);
-
+OSSL_DEPRECATEDIN_3_0
 void AES_encrypt(const unsigned char *in, unsigned char *out,
                 const AES_KEY *key);
+OSSL_DEPRECATEDIN_3_0
 void AES_decrypt(const unsigned char *in, unsigned char *out,
                 const AES_KEY *key);
-
+OSSL_DEPRECATEDIN_3_0
 void AES_ecb_encrypt(const unsigned char *in, unsigned char *out,
                     const AES_KEY *key, const int enc);
+OSSL_DEPRECATEDIN_3_0
 void AES_cbc_encrypt(const unsigned char *in, unsigned char *out,
                     size_t length, const AES_KEY *key,
                     unsigned char *ivec, const int enc);
+OSSL_DEPRECATEDIN_3_0
 void AES_cfb128_encrypt(const unsigned char *in, unsigned char *out,
                        size_t length, const AES_KEY *key,
                        unsigned char *ivec, int *num, const int enc);
+OSSL_DEPRECATEDIN_3_0
 void AES_cfb1_encrypt(const unsigned char *in, unsigned char *out,
                      size_t length, const AES_KEY *key,
                      unsigned char *ivec, int *num, const int enc);
+OSSL_DEPRECATEDIN_3_0
 void AES_cfb8_encrypt(const unsigned char *in, unsigned char *out,
                      size_t length, const AES_KEY *key,
                      unsigned char *ivec, int *num, const int enc);
+OSSL_DEPRECATEDIN_3_0
 void AES_ofb128_encrypt(const unsigned char *in, unsigned char *out,
                        size_t length, const AES_KEY *key,
                        unsigned char *ivec, int *num);
+
 /* NB: the IV is _two_ blocks long */
+OSSL_DEPRECATEDIN_3_0
 void AES_ige_encrypt(const unsigned char *in, unsigned char *out,
                     size_t length, const AES_KEY *key,
                     unsigned char *ivec, const int enc);
 /* NB: the IV is _four_ blocks long */
+OSSL_DEPRECATEDIN_3_0
 void AES_bi_ige_encrypt(const unsigned char *in, unsigned char *out,
-                        size_t length, const AES_KEY *key,
-                        const AES_KEY *key2, const unsigned char *ivec,
-                        const int enc);
-
+                        size_t length, const AES_KEY *key, const AES_KEY *key2,
+                        const unsigned char *ivec, const int enc);
+OSSL_DEPRECATEDIN_3_0
 int AES_wrap_key(AES_KEY *key, const unsigned char *iv,
-                 unsigned char *out,
-                 const unsigned char *in, unsigned int inlen);
+                 unsigned char *out, const unsigned char *in,
+                 unsigned int inlen);
+OSSL_DEPRECATEDIN_3_0
 int AES_unwrap_key(AES_KEY *key, const unsigned char *iv,
-                   unsigned char *out,
-                   const unsigned char *in, unsigned int inlen);
+                   unsigned char *out, const unsigned char *in,
+                   unsigned int inlen);
+# endif


 # ifdef  __cplusplus
--- a/src/3rdparty/win32_include/openssl/applink.c
+++ b/src/3rdparty/win32_include/openssl/applink.c
@ -1,7 +1,7 @@
 /*
- * Copyright 2004-2016 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 2004-2021 The OpenSSL Project Authors. All Rights Reserved.
 *
- * Licensed under the OpenSSL license (the "License").  You may not use
+ * Licensed under the Apache License 2.0 (the "License").  You may not use
 * this file except in compliance with the License.  You can obtain a copy
 * in the file LICENSE in the source distribution or at
 * https://www.openssl.org/source/license.html
@ -38,6 +38,12 @@
 # include <io.h>
 # include <fcntl.h>

+# ifdef __BORLANDC__
+   /* _lseek in <io.h> is a function-like macro so we can't take its address */
+#  undef _lseek
+#  define _lseek lseek
+# endif
+
 static void *app_stdin(void)
 {
    return stdin;
--- a/src/3rdparty/win32_include/openssl/asn1.h
+++ b/src/3rdparty/win32_include/openssl/asn1.h
@ -1,15 +1,29 @@
 /*
- * Copyright 1995-2017 The OpenSSL Project Authors. All Rights Reserved.
+ * WARNING: do not edit!
+ * Generated by makefile from include\openssl\asn1.h.in
 *
- * Licensed under the OpenSSL license (the "License").  You may not use
+ * Copyright 1995-2022 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the Apache License 2.0 (the "License").  You may not use
 * this file except in compliance with the License.  You can obtain a copy
 * in the file LICENSE in the source distribution or at
 * https://www.openssl.org/source/license.html
 */

-#ifndef HEADER_ASN1_H
-# define HEADER_ASN1_H

+
+#ifndef OPENSSL_ASN1_H
+# define OPENSSL_ASN1_H
+# pragma once
+
+# include <openssl/macros.h>
+# ifndef OPENSSL_NO_DEPRECATED_3_0
+#  define HEADER_ASN1_H
+# endif
+
+# ifndef OPENSSL_NO_STDIO
+#  include <stdio.h>
+# endif
 # include <time.h>
 # include <openssl/e_os2.h>
 # include <openssl/opensslconf.h>
@ -18,10 +32,8 @@
 # include <openssl/asn1err.h>
 # include <openssl/symhacks.h>

-# include <openssl/ossl_typ.h>
-# if OPENSSL_API_COMPAT < 0x10100000L
-#  include <openssl/bn.h>
-# endif
+# include <openssl/types.h>
+# include <openssl/bn.h>

 # ifdef OPENSSL_BUILD_SHLIBCRYPTO
 #  undef OPENSSL_EXTERN
@ -115,8 +127,36 @@ extern "C" {
 # define SMIME_OLDMIME           0x400
 # define SMIME_CRLFEOL           0x800
 # define SMIME_STREAM            0x1000
-    struct X509_algor_st;
-DEFINE_STACK_OF(X509_ALGOR)
+
+/* Stacks for types not otherwise defined in this header */
+SKM_DEFINE_STACK_OF_INTERNAL(X509_ALGOR, X509_ALGOR, X509_ALGOR)
+#define sk_X509_ALGOR_num(sk) OPENSSL_sk_num(ossl_check_const_X509_ALGOR_sk_type(sk))
+#define sk_X509_ALGOR_value(sk, idx) ((X509_ALGOR *)OPENSSL_sk_value(ossl_check_const_X509_ALGOR_sk_type(sk), (idx)))
+#define sk_X509_ALGOR_new(cmp) ((STACK_OF(X509_ALGOR) *)OPENSSL_sk_new(ossl_check_X509_ALGOR_compfunc_type(cmp)))
+#define sk_X509_ALGOR_new_null() ((STACK_OF(X509_ALGOR) *)OPENSSL_sk_new_null())
+#define sk_X509_ALGOR_new_reserve(cmp, n) ((STACK_OF(X509_ALGOR) *)OPENSSL_sk_new_reserve(ossl_check_X509_ALGOR_compfunc_type(cmp), (n)))
+#define sk_X509_ALGOR_reserve(sk, n) OPENSSL_sk_reserve(ossl_check_X509_ALGOR_sk_type(sk), (n))
+#define sk_X509_ALGOR_free(sk) OPENSSL_sk_free(ossl_check_X509_ALGOR_sk_type(sk))
+#define sk_X509_ALGOR_zero(sk) OPENSSL_sk_zero(ossl_check_X509_ALGOR_sk_type(sk))
+#define sk_X509_ALGOR_delete(sk, i) ((X509_ALGOR *)OPENSSL_sk_delete(ossl_check_X509_ALGOR_sk_type(sk), (i)))
+#define sk_X509_ALGOR_delete_ptr(sk, ptr) ((X509_ALGOR *)OPENSSL_sk_delete_ptr(ossl_check_X509_ALGOR_sk_type(sk), ossl_check_X509_ALGOR_type(ptr)))
+#define sk_X509_ALGOR_push(sk, ptr) OPENSSL_sk_push(ossl_check_X509_ALGOR_sk_type(sk), ossl_check_X509_ALGOR_type(ptr))
+#define sk_X509_ALGOR_unshift(sk, ptr) OPENSSL_sk_unshift(ossl_check_X509_ALGOR_sk_type(sk), ossl_check_X509_ALGOR_type(ptr))
+#define sk_X509_ALGOR_pop(sk) ((X509_ALGOR *)OPENSSL_sk_pop(ossl_check_X509_ALGOR_sk_type(sk)))
+#define sk_X509_ALGOR_shift(sk) ((X509_ALGOR *)OPENSSL_sk_shift(ossl_check_X509_ALGOR_sk_type(sk)))
+#define sk_X509_ALGOR_pop_free(sk, freefunc) OPENSSL_sk_pop_free(ossl_check_X509_ALGOR_sk_type(sk),ossl_check_X509_ALGOR_freefunc_type(freefunc))
+#define sk_X509_ALGOR_insert(sk, ptr, idx) OPENSSL_sk_insert(ossl_check_X509_ALGOR_sk_type(sk), ossl_check_X509_ALGOR_type(ptr), (idx))
+#define sk_X509_ALGOR_set(sk, idx, ptr) ((X509_ALGOR *)OPENSSL_sk_set(ossl_check_X509_ALGOR_sk_type(sk), (idx), ossl_check_X509_ALGOR_type(ptr)))
+#define sk_X509_ALGOR_find(sk, ptr) OPENSSL_sk_find(ossl_check_X509_ALGOR_sk_type(sk), ossl_check_X509_ALGOR_type(ptr))
+#define sk_X509_ALGOR_find_ex(sk, ptr) OPENSSL_sk_find_ex(ossl_check_X509_ALGOR_sk_type(sk), ossl_check_X509_ALGOR_type(ptr))
+#define sk_X509_ALGOR_find_all(sk, ptr, pnum) OPENSSL_sk_find_all(ossl_check_X509_ALGOR_sk_type(sk), ossl_check_X509_ALGOR_type(ptr), pnum)
+#define sk_X509_ALGOR_sort(sk) OPENSSL_sk_sort(ossl_check_X509_ALGOR_sk_type(sk))
+#define sk_X509_ALGOR_is_sorted(sk) OPENSSL_sk_is_sorted(ossl_check_const_X509_ALGOR_sk_type(sk))
+#define sk_X509_ALGOR_dup(sk) ((STACK_OF(X509_ALGOR) *)OPENSSL_sk_dup(ossl_check_const_X509_ALGOR_sk_type(sk)))
+#define sk_X509_ALGOR_deep_copy(sk, copyfunc, freefunc) ((STACK_OF(X509_ALGOR) *)OPENSSL_sk_deep_copy(ossl_check_const_X509_ALGOR_sk_type(sk), ossl_check_X509_ALGOR_copyfunc_type(copyfunc), ossl_check_X509_ALGOR_freefunc_type(freefunc)))
+#define sk_X509_ALGOR_set_cmp_func(sk, cmp) ((sk_X509_ALGOR_compfunc)OPENSSL_sk_set_cmp_func(ossl_check_X509_ALGOR_sk_type(sk), ossl_check_X509_ALGOR_compfunc_type(cmp)))
+
+

 # define ASN1_STRING_FLAG_BITS_LEFT 0x08/* Set if 0x07 has bits left value */
 /*
@ -183,15 +223,41 @@ typedef struct ASN1_ENCODING_st {
 (B_ASN1_PRINTABLESTRING|B_ASN1_T61STRING|B_ASN1_BMPSTRING|B_ASN1_UTF8STRING)
 # define PKCS9STRING_TYPE (DIRSTRING_TYPE|B_ASN1_IA5STRING)

-typedef struct asn1_string_table_st {
+struct asn1_string_table_st {
    int nid;
    long minsize;
    long maxsize;
    unsigned long mask;
    unsigned long flags;
-} ASN1_STRING_TABLE;
+};
+
+SKM_DEFINE_STACK_OF_INTERNAL(ASN1_STRING_TABLE, ASN1_STRING_TABLE, ASN1_STRING_TABLE)
+#define sk_ASN1_STRING_TABLE_num(sk) OPENSSL_sk_num(ossl_check_const_ASN1_STRING_TABLE_sk_type(sk))
+#define sk_ASN1_STRING_TABLE_value(sk, idx) ((ASN1_STRING_TABLE *)OPENSSL_sk_value(ossl_check_const_ASN1_STRING_TABLE_sk_type(sk), (idx)))
+#define sk_ASN1_STRING_TABLE_new(cmp) ((STACK_OF(ASN1_STRING_TABLE) *)OPENSSL_sk_new(ossl_check_ASN1_STRING_TABLE_compfunc_type(cmp)))
+#define sk_ASN1_STRING_TABLE_new_null() ((STACK_OF(ASN1_STRING_TABLE) *)OPENSSL_sk_new_null())
+#define sk_ASN1_STRING_TABLE_new_reserve(cmp, n) ((STACK_OF(ASN1_STRING_TABLE) *)OPENSSL_sk_new_reserve(ossl_check_ASN1_STRING_TABLE_compfunc_type(cmp), (n)))
+#define sk_ASN1_STRING_TABLE_reserve(sk, n) OPENSSL_sk_reserve(ossl_check_ASN1_STRING_TABLE_sk_type(sk), (n))
+#define sk_ASN1_STRING_TABLE_free(sk) OPENSSL_sk_free(ossl_check_ASN1_STRING_TABLE_sk_type(sk))
+#define sk_ASN1_STRING_TABLE_zero(sk) OPENSSL_sk_zero(ossl_check_ASN1_STRING_TABLE_sk_type(sk))
+#define sk_ASN1_STRING_TABLE_delete(sk, i) ((ASN1_STRING_TABLE *)OPENSSL_sk_delete(ossl_check_ASN1_STRING_TABLE_sk_type(sk), (i)))
+#define sk_ASN1_STRING_TABLE_delete_ptr(sk, ptr) ((ASN1_STRING_TABLE *)OPENSSL_sk_delete_ptr(ossl_check_ASN1_STRING_TABLE_sk_type(sk), ossl_check_ASN1_STRING_TABLE_type(ptr)))
+#define sk_ASN1_STRING_TABLE_push(sk, ptr) OPENSSL_sk_push(ossl_check_ASN1_STRING_TABLE_sk_type(sk), ossl_check_ASN1_STRING_TABLE_type(ptr))
+#define sk_ASN1_STRING_TABLE_unshift(sk, ptr) OPENSSL_sk_unshift(ossl_check_ASN1_STRING_TABLE_sk_type(sk), ossl_check_ASN1_STRING_TABLE_type(ptr))
+#define sk_ASN1_STRING_TABLE_pop(sk) ((ASN1_STRING_TABLE *)OPENSSL_sk_pop(ossl_check_ASN1_STRING_TABLE_sk_type(sk)))
+#define sk_ASN1_STRING_TABLE_shift(sk) ((ASN1_STRING_TABLE *)OPENSSL_sk_shift(ossl_check_ASN1_STRING_TABLE_sk_type(sk)))
+#define sk_ASN1_STRING_TABLE_pop_free(sk, freefunc) OPENSSL_sk_pop_free(ossl_check_ASN1_STRING_TABLE_sk_type(sk),ossl_check_ASN1_STRING_TABLE_freefunc_type(freefunc))
+#define sk_ASN1_STRING_TABLE_insert(sk, ptr, idx) OPENSSL_sk_insert(ossl_check_ASN1_STRING_TABLE_sk_type(sk), ossl_check_ASN1_STRING_TABLE_type(ptr), (idx))
+#define sk_ASN1_STRING_TABLE_set(sk, idx, ptr) ((ASN1_STRING_TABLE *)OPENSSL_sk_set(ossl_check_ASN1_STRING_TABLE_sk_type(sk), (idx), ossl_check_ASN1_STRING_TABLE_type(ptr)))
+#define sk_ASN1_STRING_TABLE_find(sk, ptr) OPENSSL_sk_find(ossl_check_ASN1_STRING_TABLE_sk_type(sk), ossl_check_ASN1_STRING_TABLE_type(ptr))
+#define sk_ASN1_STRING_TABLE_find_ex(sk, ptr) OPENSSL_sk_find_ex(ossl_check_ASN1_STRING_TABLE_sk_type(sk), ossl_check_ASN1_STRING_TABLE_type(ptr))
+#define sk_ASN1_STRING_TABLE_find_all(sk, ptr, pnum) OPENSSL_sk_find_all(ossl_check_ASN1_STRING_TABLE_sk_type(sk), ossl_check_ASN1_STRING_TABLE_type(ptr), pnum)
+#define sk_ASN1_STRING_TABLE_sort(sk) OPENSSL_sk_sort(ossl_check_ASN1_STRING_TABLE_sk_type(sk))
+#define sk_ASN1_STRING_TABLE_is_sorted(sk) OPENSSL_sk_is_sorted(ossl_check_const_ASN1_STRING_TABLE_sk_type(sk))
+#define sk_ASN1_STRING_TABLE_dup(sk) ((STACK_OF(ASN1_STRING_TABLE) *)OPENSSL_sk_dup(ossl_check_const_ASN1_STRING_TABLE_sk_type(sk)))
+#define sk_ASN1_STRING_TABLE_deep_copy(sk, copyfunc, freefunc) ((STACK_OF(ASN1_STRING_TABLE) *)OPENSSL_sk_deep_copy(ossl_check_const_ASN1_STRING_TABLE_sk_type(sk), ossl_check_ASN1_STRING_TABLE_copyfunc_type(copyfunc), ossl_check_ASN1_STRING_TABLE_freefunc_type(freefunc)))
+#define sk_ASN1_STRING_TABLE_set_cmp_func(sk, cmp) ((sk_ASN1_STRING_TABLE_compfunc)OPENSSL_sk_set_cmp_func(ossl_check_ASN1_STRING_TABLE_sk_type(sk), ossl_check_ASN1_STRING_TABLE_compfunc_type(cmp)))

-DEFINE_STACK_OF(ASN1_STRING_TABLE)

 /* size limits: this stuff is taken straight from RFC2459 */

@ -214,50 +280,79 @@ typedef struct ASN1_VALUE_st ASN1_VALUE;

 /* Declare ASN1 functions: the implement macro in in asn1t.h */

-# define DECLARE_ASN1_FUNCTIONS(type) DECLARE_ASN1_FUNCTIONS_name(type, type)
+/*
+ * The mysterious 'extern' that's passed to some macros is innocuous,
+ * and is there to quiet pre-C99 compilers that may complain about empty
+ * arguments in macro calls.
+ */

-# define DECLARE_ASN1_ALLOC_FUNCTIONS(type) \
-        DECLARE_ASN1_ALLOC_FUNCTIONS_name(type, type)
+# define DECLARE_ASN1_FUNCTIONS_attr(attr, type)                            \
+    DECLARE_ASN1_FUNCTIONS_name_attr(attr, type, type)
+# define DECLARE_ASN1_FUNCTIONS(type)                                       \
+    DECLARE_ASN1_FUNCTIONS_attr(extern, type)

-# define DECLARE_ASN1_FUNCTIONS_name(type, name) \
-        DECLARE_ASN1_ALLOC_FUNCTIONS_name(type, name) \
-        DECLARE_ASN1_ENCODE_FUNCTIONS(type, name, name)
+# define DECLARE_ASN1_ALLOC_FUNCTIONS_attr(attr, type)                      \
+    DECLARE_ASN1_ALLOC_FUNCTIONS_name_attr(attr, type, type)
+# define DECLARE_ASN1_ALLOC_FUNCTIONS(type)                                 \
+    DECLARE_ASN1_ALLOC_FUNCTIONS_attr(extern, type)

-# define DECLARE_ASN1_FUNCTIONS_fname(type, itname, name) \
-        DECLARE_ASN1_ALLOC_FUNCTIONS_name(type, name) \
-        DECLARE_ASN1_ENCODE_FUNCTIONS(type, itname, name)
+# define DECLARE_ASN1_FUNCTIONS_name_attr(attr, type, name)                 \
+    DECLARE_ASN1_ALLOC_FUNCTIONS_name_attr(attr, type, name)                \
+    DECLARE_ASN1_ENCODE_FUNCTIONS_name_attr(attr, type, name)
+# define DECLARE_ASN1_FUNCTIONS_name(type, name)                            \
+    DECLARE_ASN1_FUNCTIONS_name_attr(extern, type, name)

-# define DECLARE_ASN1_ENCODE_FUNCTIONS(type, itname, name) \
-        type *d2i_##name(type **a, const unsigned char **in, long len); \
-        int i2d_##name(type *a, unsigned char **out); \
-        DECLARE_ASN1_ITEM(itname)
+# define DECLARE_ASN1_ENCODE_FUNCTIONS_attr(attr, type, itname, name)       \
+    DECLARE_ASN1_ENCODE_FUNCTIONS_only_attr(attr, type, name)               \
+    DECLARE_ASN1_ITEM_attr(attr, itname)
+# define DECLARE_ASN1_ENCODE_FUNCTIONS(type, itname, name)                  \
+    DECLARE_ASN1_ENCODE_FUNCTIONS_attr(extern, type, itname, name)

-# define DECLARE_ASN1_ENCODE_FUNCTIONS_const(type, name) \
-        type *d2i_##name(type **a, const unsigned char **in, long len); \
-        int i2d_##name(const type *a, unsigned char **out); \
-        DECLARE_ASN1_ITEM(name)
+# define DECLARE_ASN1_ENCODE_FUNCTIONS_name_attr(attr, type, name)          \
+    DECLARE_ASN1_ENCODE_FUNCTIONS_attr(attr, type, name, name)
+# define DECLARE_ASN1_ENCODE_FUNCTIONS_name(type, name) \
+    DECLARE_ASN1_ENCODE_FUNCTIONS_name_attr(extern, type, name)

-# define DECLARE_ASN1_NDEF_FUNCTION(name) \
-        int i2d_##name##_NDEF(name *a, unsigned char **out);
+# define DECLARE_ASN1_ENCODE_FUNCTIONS_only_attr(attr, type, name)          \
+    attr type *d2i_##name(type **a, const unsigned char **in, long len);    \
+    attr int i2d_##name(const type *a, unsigned char **out);
+# define DECLARE_ASN1_ENCODE_FUNCTIONS_only(type, name)                     \
+    DECLARE_ASN1_ENCODE_FUNCTIONS_only_attr(extern, type, name)

-# define DECLARE_ASN1_FUNCTIONS_const(name) \
-        DECLARE_ASN1_ALLOC_FUNCTIONS(name) \
-        DECLARE_ASN1_ENCODE_FUNCTIONS_const(name, name)
+# define DECLARE_ASN1_NDEF_FUNCTION_attr(attr, name)                        \
+    attr int i2d_##name##_NDEF(const name *a, unsigned char **out);
+# define DECLARE_ASN1_NDEF_FUNCTION(name)                                   \
+    DECLARE_ASN1_NDEF_FUNCTION_attr(extern, name)

-# define DECLARE_ASN1_ALLOC_FUNCTIONS_name(type, name) \
-        type *name##_new(void); \
-        void name##_free(type *a);
+# define DECLARE_ASN1_ALLOC_FUNCTIONS_name_attr(attr, type, name)           \
+    attr type *name##_new(void);                                            \
+    attr void name##_free(type *a);
+# define DECLARE_ASN1_ALLOC_FUNCTIONS_name(type, name)                      \
+    DECLARE_ASN1_ALLOC_FUNCTIONS_name_attr(extern, type, name)

-# define DECLARE_ASN1_PRINT_FUNCTION(stname) \
-        DECLARE_ASN1_PRINT_FUNCTION_fname(stname, stname)
+# define DECLARE_ASN1_DUP_FUNCTION_attr(attr, type)                         \
+    DECLARE_ASN1_DUP_FUNCTION_name_attr(attr, type, type)
+# define DECLARE_ASN1_DUP_FUNCTION(type)                                    \
+    DECLARE_ASN1_DUP_FUNCTION_attr(extern, type)

-# define DECLARE_ASN1_PRINT_FUNCTION_fname(stname, fname) \
-        int fname##_print_ctx(BIO *out, stname *x, int indent, \
-                                         const ASN1_PCTX *pctx);
+# define DECLARE_ASN1_DUP_FUNCTION_name_attr(attr, type, name)              \
+    attr type *name##_dup(const type *a);
+# define DECLARE_ASN1_DUP_FUNCTION_name(type, name)                         \
+    DECLARE_ASN1_DUP_FUNCTION_name_attr(extern, type, name)
+
+# define DECLARE_ASN1_PRINT_FUNCTION_attr(attr, stname)                     \
+    DECLARE_ASN1_PRINT_FUNCTION_fname_attr(attr, stname, stname)
+# define DECLARE_ASN1_PRINT_FUNCTION(stname)                                \
+    DECLARE_ASN1_PRINT_FUNCTION_attr(extern, stname)
+
+# define DECLARE_ASN1_PRINT_FUNCTION_fname_attr(attr, stname, fname)        \
+    attr int fname##_print_ctx(BIO *out, const stname *x, int indent,       \
+                               const ASN1_PCTX *pctx);
+# define DECLARE_ASN1_PRINT_FUNCTION_fname(stname, fname)                   \
+    DECLARE_ASN1_PRINT_FUNCTION_fname_attr(extern, stname, fname)

 # define D2I_OF(type) type *(*)(type **,const unsigned char **,long)
-# define I2D_OF(type) int (*)(type *,unsigned char **)
-# define I2D_OF_const(type) int (*)(const type *,unsigned char **)
+# define I2D_OF(type) int (*)(const type *,unsigned char **)

 # define CHECKED_D2I_OF(type, d2i) \
    ((d2i_of_void*) (1 ? d2i : ((D2I_OF(type))0)))
@ -271,10 +366,11 @@ typedef struct ASN1_VALUE_st ASN1_VALUE;
    ((void**) (1 ? p : (type**)0))

 # define TYPEDEF_D2I_OF(type) typedef type *d2i_of_##type(type **,const unsigned char **,long)
-# define TYPEDEF_I2D_OF(type) typedef int i2d_of_##type(type *,unsigned char **)
+# define TYPEDEF_I2D_OF(type) typedef int i2d_of_##type(const type *,unsigned char **)
 # define TYPEDEF_D2I2D_OF(type) TYPEDEF_D2I_OF(type); TYPEDEF_I2D_OF(type)

-TYPEDEF_D2I2D_OF(void);
+typedef void *d2i_of_void(void **, const unsigned char **, long);
+typedef int i2d_of_void(const void *, unsigned char **);

 /*-
 * The following macros and typedefs allow an ASN1_ITEM
@ -312,23 +408,6 @@ TYPEDEF_D2I2D_OF(void);
 *
 */

-# ifndef OPENSSL_EXPORT_VAR_AS_FUNCTION
-
-/* ASN1_ITEM pointer exported type */
-typedef const ASN1_ITEM ASN1_ITEM_EXP;
-
-/* Macro to obtain ASN1_ITEM pointer from exported type */
-#  define ASN1_ITEM_ptr(iptr) (iptr)
-
-/* Macro to include ASN1_ITEM pointer from base type */
-#  define ASN1_ITEM_ref(iptr) (&(iptr##_it))
-
-#  define ASN1_ITEM_rptr(ref) (&(ref##_it))
-
-#  define DECLARE_ASN1_ITEM(name) \
-        OPENSSL_EXTERN const ASN1_ITEM name##_it;
-
-# else

 /*
 * Platforms that can't easily handle shared global variables are declared as
@ -339,17 +418,17 @@ typedef const ASN1_ITEM ASN1_ITEM_EXP;
 typedef const ASN1_ITEM *ASN1_ITEM_EXP (void);

 /* Macro to obtain ASN1_ITEM pointer from exported type */
-#  define ASN1_ITEM_ptr(iptr) (iptr())
+# define ASN1_ITEM_ptr(iptr) (iptr())

 /* Macro to include ASN1_ITEM pointer from base type */
-#  define ASN1_ITEM_ref(iptr) (iptr##_it)
+# define ASN1_ITEM_ref(iptr) (iptr##_it)

-#  define ASN1_ITEM_rptr(ref) (ref##_it())
+# define ASN1_ITEM_rptr(ref) (ref##_it())

-#  define DECLARE_ASN1_ITEM(name) \
-        const ASN1_ITEM * name##_it(void);
-
-# endif
+# define DECLARE_ASN1_ITEM_attr(attr, name)                                 \
+    attr const ASN1_ITEM * name##_it(void);
+# define DECLARE_ASN1_ITEM(name)                                            \
+    DECLARE_ASN1_ITEM_attr(extern, name)

 /* Parameters used by ASN1_STRING_print_ex() */

@ -362,6 +441,11 @@ typedef const ASN1_ITEM *ASN1_ITEM_EXP (void);
 # define ASN1_STRFLGS_ESC_CTRL           2
 # define ASN1_STRFLGS_ESC_MSB            4

+/* Lower 8 bits are reserved as an output type specifier */
+# define ASN1_DTFLGS_TYPE_MASK    0x0FUL
+# define ASN1_DTFLGS_RFC822       0x00UL
+# define ASN1_DTFLGS_ISO8601      0x01UL
+
 /*
 * This flag determines how we do escaping: normally RC2253 backslash only,
 * set this to use backslash and quote.
@ -435,13 +519,8 @@ typedef const ASN1_ITEM *ASN1_ITEM_EXP (void);
                                ASN1_STRFLGS_DUMP_UNKNOWN | \
                                ASN1_STRFLGS_DUMP_DER)

-DEFINE_STACK_OF(ASN1_INTEGER)

-DEFINE_STACK_OF(ASN1_GENERALSTRING)
-
-DEFINE_STACK_OF(ASN1_UTF8STRING)
-
-typedef struct asn1_type_st {
+struct asn1_type_st {
    int type;
    union {
        char *ptr;
@ -470,14 +549,40 @@ typedef struct asn1_type_st {
        ASN1_STRING *sequence;
        ASN1_VALUE *asn1_value;
    } value;
-} ASN1_TYPE;
+};
+
+SKM_DEFINE_STACK_OF_INTERNAL(ASN1_TYPE, ASN1_TYPE, ASN1_TYPE)
+#define sk_ASN1_TYPE_num(sk) OPENSSL_sk_num(ossl_check_const_ASN1_TYPE_sk_type(sk))
+#define sk_ASN1_TYPE_value(sk, idx) ((ASN1_TYPE *)OPENSSL_sk_value(ossl_check_const_ASN1_TYPE_sk_type(sk), (idx)))
+#define sk_ASN1_TYPE_new(cmp) ((STACK_OF(ASN1_TYPE) *)OPENSSL_sk_new(ossl_check_ASN1_TYPE_compfunc_type(cmp)))
+#define sk_ASN1_TYPE_new_null() ((STACK_OF(ASN1_TYPE) *)OPENSSL_sk_new_null())
+#define sk_ASN1_TYPE_new_reserve(cmp, n) ((STACK_OF(ASN1_TYPE) *)OPENSSL_sk_new_reserve(ossl_check_ASN1_TYPE_compfunc_type(cmp), (n)))
+#define sk_ASN1_TYPE_reserve(sk, n) OPENSSL_sk_reserve(ossl_check_ASN1_TYPE_sk_type(sk), (n))
+#define sk_ASN1_TYPE_free(sk) OPENSSL_sk_free(ossl_check_ASN1_TYPE_sk_type(sk))
+#define sk_ASN1_TYPE_zero(sk) OPENSSL_sk_zero(ossl_check_ASN1_TYPE_sk_type(sk))
+#define sk_ASN1_TYPE_delete(sk, i) ((ASN1_TYPE *)OPENSSL_sk_delete(ossl_check_ASN1_TYPE_sk_type(sk), (i)))
+#define sk_ASN1_TYPE_delete_ptr(sk, ptr) ((ASN1_TYPE *)OPENSSL_sk_delete_ptr(ossl_check_ASN1_TYPE_sk_type(sk), ossl_check_ASN1_TYPE_type(ptr)))
+#define sk_ASN1_TYPE_push(sk, ptr) OPENSSL_sk_push(ossl_check_ASN1_TYPE_sk_type(sk), ossl_check_ASN1_TYPE_type(ptr))
+#define sk_ASN1_TYPE_unshift(sk, ptr) OPENSSL_sk_unshift(ossl_check_ASN1_TYPE_sk_type(sk), ossl_check_ASN1_TYPE_type(ptr))
+#define sk_ASN1_TYPE_pop(sk) ((ASN1_TYPE *)OPENSSL_sk_pop(ossl_check_ASN1_TYPE_sk_type(sk)))
+#define sk_ASN1_TYPE_shift(sk) ((ASN1_TYPE *)OPENSSL_sk_shift(ossl_check_ASN1_TYPE_sk_type(sk)))
+#define sk_ASN1_TYPE_pop_free(sk, freefunc) OPENSSL_sk_pop_free(ossl_check_ASN1_TYPE_sk_type(sk),ossl_check_ASN1_TYPE_freefunc_type(freefunc))
+#define sk_ASN1_TYPE_insert(sk, ptr, idx) OPENSSL_sk_insert(ossl_check_ASN1_TYPE_sk_type(sk), ossl_check_ASN1_TYPE_type(ptr), (idx))
+#define sk_ASN1_TYPE_set(sk, idx, ptr) ((ASN1_TYPE *)OPENSSL_sk_set(ossl_check_ASN1_TYPE_sk_type(sk), (idx), ossl_check_ASN1_TYPE_type(ptr)))
+#define sk_ASN1_TYPE_find(sk, ptr) OPENSSL_sk_find(ossl_check_ASN1_TYPE_sk_type(sk), ossl_check_ASN1_TYPE_type(ptr))
+#define sk_ASN1_TYPE_find_ex(sk, ptr) OPENSSL_sk_find_ex(ossl_check_ASN1_TYPE_sk_type(sk), ossl_check_ASN1_TYPE_type(ptr))
+#define sk_ASN1_TYPE_find_all(sk, ptr, pnum) OPENSSL_sk_find_all(ossl_check_ASN1_TYPE_sk_type(sk), ossl_check_ASN1_TYPE_type(ptr), pnum)
+#define sk_ASN1_TYPE_sort(sk) OPENSSL_sk_sort(ossl_check_ASN1_TYPE_sk_type(sk))
+#define sk_ASN1_TYPE_is_sorted(sk) OPENSSL_sk_is_sorted(ossl_check_const_ASN1_TYPE_sk_type(sk))
+#define sk_ASN1_TYPE_dup(sk) ((STACK_OF(ASN1_TYPE) *)OPENSSL_sk_dup(ossl_check_const_ASN1_TYPE_sk_type(sk)))
+#define sk_ASN1_TYPE_deep_copy(sk, copyfunc, freefunc) ((STACK_OF(ASN1_TYPE) *)OPENSSL_sk_deep_copy(ossl_check_const_ASN1_TYPE_sk_type(sk), ossl_check_ASN1_TYPE_copyfunc_type(copyfunc), ossl_check_ASN1_TYPE_freefunc_type(freefunc)))
+#define sk_ASN1_TYPE_set_cmp_func(sk, cmp) ((sk_ASN1_TYPE_compfunc)OPENSSL_sk_set_cmp_func(ossl_check_ASN1_TYPE_sk_type(sk), ossl_check_ASN1_TYPE_compfunc_type(cmp)))

-DEFINE_STACK_OF(ASN1_TYPE)

 typedef STACK_OF(ASN1_TYPE) ASN1_SEQUENCE_ANY;

-DECLARE_ASN1_ENCODE_FUNCTIONS_const(ASN1_SEQUENCE_ANY, ASN1_SEQUENCE_ANY)
-DECLARE_ASN1_ENCODE_FUNCTIONS_const(ASN1_SEQUENCE_ANY, ASN1_SET_ANY)
+DECLARE_ASN1_ENCODE_FUNCTIONS_name(ASN1_SEQUENCE_ANY, ASN1_SEQUENCE_ANY)
+DECLARE_ASN1_ENCODE_FUNCTIONS_name(ASN1_SEQUENCE_ANY, ASN1_SET_ANY)

 /* This is used to contain a list of bit names */
 typedef struct BIT_STRING_BITNAME_st {
@ -515,7 +620,8 @@ typedef struct BIT_STRING_BITNAME_st {
                        B_ASN1_BMPSTRING|\
                        B_ASN1_UTF8STRING

-DECLARE_ASN1_FUNCTIONS_fname(ASN1_TYPE, ASN1_ANY, ASN1_TYPE)
+DECLARE_ASN1_ALLOC_FUNCTIONS_name(ASN1_TYPE, ASN1_TYPE)
+DECLARE_ASN1_ENCODE_FUNCTIONS(ASN1_TYPE, ASN1_ANY, ASN1_TYPE)

 int ASN1_TYPE_get(const ASN1_TYPE *a);
 void ASN1_TYPE_set(ASN1_TYPE *a, int type, void *value);
@ -525,21 +631,41 @@ int ASN1_TYPE_cmp(const ASN1_TYPE *a, const ASN1_TYPE *b);
 ASN1_TYPE *ASN1_TYPE_pack_sequence(const ASN1_ITEM *it, void *s, ASN1_TYPE **t);
 void *ASN1_TYPE_unpack_sequence(const ASN1_ITEM *it, const ASN1_TYPE *t);

-ASN1_OBJECT *ASN1_OBJECT_new(void);
-void ASN1_OBJECT_free(ASN1_OBJECT *a);
-int i2d_ASN1_OBJECT(const ASN1_OBJECT *a, unsigned char **pp);
-ASN1_OBJECT *d2i_ASN1_OBJECT(ASN1_OBJECT **a, const unsigned char **pp,
-                             long length);
+SKM_DEFINE_STACK_OF_INTERNAL(ASN1_OBJECT, ASN1_OBJECT, ASN1_OBJECT)
+#define sk_ASN1_OBJECT_num(sk) OPENSSL_sk_num(ossl_check_const_ASN1_OBJECT_sk_type(sk))
+#define sk_ASN1_OBJECT_value(sk, idx) ((ASN1_OBJECT *)OPENSSL_sk_value(ossl_check_const_ASN1_OBJECT_sk_type(sk), (idx)))
+#define sk_ASN1_OBJECT_new(cmp) ((STACK_OF(ASN1_OBJECT) *)OPENSSL_sk_new(ossl_check_ASN1_OBJECT_compfunc_type(cmp)))
+#define sk_ASN1_OBJECT_new_null() ((STACK_OF(ASN1_OBJECT) *)OPENSSL_sk_new_null())
+#define sk_ASN1_OBJECT_new_reserve(cmp, n) ((STACK_OF(ASN1_OBJECT) *)OPENSSL_sk_new_reserve(ossl_check_ASN1_OBJECT_compfunc_type(cmp), (n)))
+#define sk_ASN1_OBJECT_reserve(sk, n) OPENSSL_sk_reserve(ossl_check_ASN1_OBJECT_sk_type(sk), (n))
+#define sk_ASN1_OBJECT_free(sk) OPENSSL_sk_free(ossl_check_ASN1_OBJECT_sk_type(sk))
+#define sk_ASN1_OBJECT_zero(sk) OPENSSL_sk_zero(ossl_check_ASN1_OBJECT_sk_type(sk))
+#define sk_ASN1_OBJECT_delete(sk, i) ((ASN1_OBJECT *)OPENSSL_sk_delete(ossl_check_ASN1_OBJECT_sk_type(sk), (i)))
+#define sk_ASN1_OBJECT_delete_ptr(sk, ptr) ((ASN1_OBJECT *)OPENSSL_sk_delete_ptr(ossl_check_ASN1_OBJECT_sk_type(sk), ossl_check_ASN1_OBJECT_type(ptr)))
+#define sk_ASN1_OBJECT_push(sk, ptr) OPENSSL_sk_push(ossl_check_ASN1_OBJECT_sk_type(sk), ossl_check_ASN1_OBJECT_type(ptr))
+#define sk_ASN1_OBJECT_unshift(sk, ptr) OPENSSL_sk_unshift(ossl_check_ASN1_OBJECT_sk_type(sk), ossl_check_ASN1_OBJECT_type(ptr))
+#define sk_ASN1_OBJECT_pop(sk) ((ASN1_OBJECT *)OPENSSL_sk_pop(ossl_check_ASN1_OBJECT_sk_type(sk)))
+#define sk_ASN1_OBJECT_shift(sk) ((ASN1_OBJECT *)OPENSSL_sk_shift(ossl_check_ASN1_OBJECT_sk_type(sk)))
+#define sk_ASN1_OBJECT_pop_free(sk, freefunc) OPENSSL_sk_pop_free(ossl_check_ASN1_OBJECT_sk_type(sk),ossl_check_ASN1_OBJECT_freefunc_type(freefunc))
+#define sk_ASN1_OBJECT_insert(sk, ptr, idx) OPENSSL_sk_insert(ossl_check_ASN1_OBJECT_sk_type(sk), ossl_check_ASN1_OBJECT_type(ptr), (idx))
+#define sk_ASN1_OBJECT_set(sk, idx, ptr) ((ASN1_OBJECT *)OPENSSL_sk_set(ossl_check_ASN1_OBJECT_sk_type(sk), (idx), ossl_check_ASN1_OBJECT_type(ptr)))
+#define sk_ASN1_OBJECT_find(sk, ptr) OPENSSL_sk_find(ossl_check_ASN1_OBJECT_sk_type(sk), ossl_check_ASN1_OBJECT_type(ptr))
+#define sk_ASN1_OBJECT_find_ex(sk, ptr) OPENSSL_sk_find_ex(ossl_check_ASN1_OBJECT_sk_type(sk), ossl_check_ASN1_OBJECT_type(ptr))
+#define sk_ASN1_OBJECT_find_all(sk, ptr, pnum) OPENSSL_sk_find_all(ossl_check_ASN1_OBJECT_sk_type(sk), ossl_check_ASN1_OBJECT_type(ptr), pnum)
+#define sk_ASN1_OBJECT_sort(sk) OPENSSL_sk_sort(ossl_check_ASN1_OBJECT_sk_type(sk))
+#define sk_ASN1_OBJECT_is_sorted(sk) OPENSSL_sk_is_sorted(ossl_check_const_ASN1_OBJECT_sk_type(sk))
+#define sk_ASN1_OBJECT_dup(sk) ((STACK_OF(ASN1_OBJECT) *)OPENSSL_sk_dup(ossl_check_const_ASN1_OBJECT_sk_type(sk)))
+#define sk_ASN1_OBJECT_deep_copy(sk, copyfunc, freefunc) ((STACK_OF(ASN1_OBJECT) *)OPENSSL_sk_deep_copy(ossl_check_const_ASN1_OBJECT_sk_type(sk), ossl_check_ASN1_OBJECT_copyfunc_type(copyfunc), ossl_check_ASN1_OBJECT_freefunc_type(freefunc)))
+#define sk_ASN1_OBJECT_set_cmp_func(sk, cmp) ((sk_ASN1_OBJECT_compfunc)OPENSSL_sk_set_cmp_func(ossl_check_ASN1_OBJECT_sk_type(sk), ossl_check_ASN1_OBJECT_compfunc_type(cmp)))

-DECLARE_ASN1_ITEM(ASN1_OBJECT)

-DEFINE_STACK_OF(ASN1_OBJECT)
+DECLARE_ASN1_FUNCTIONS(ASN1_OBJECT)

 ASN1_STRING *ASN1_STRING_new(void);
 void ASN1_STRING_free(ASN1_STRING *a);
 void ASN1_STRING_clear_free(ASN1_STRING *a);
 int ASN1_STRING_copy(ASN1_STRING *dst, const ASN1_STRING *str);
-ASN1_STRING *ASN1_STRING_dup(const ASN1_STRING *a);
+DECLARE_ASN1_DUP_FUNCTION(ASN1_STRING)
 ASN1_STRING *ASN1_STRING_type_new(int type);
 int ASN1_STRING_cmp(const ASN1_STRING *a, const ASN1_STRING *b);
  /*
@ -549,9 +675,13 @@ int ASN1_STRING_cmp(const ASN1_STRING *a, const ASN1_STRING *b);
 int ASN1_STRING_set(ASN1_STRING *str, const void *data, int len);
 void ASN1_STRING_set0(ASN1_STRING *str, void *data, int len);
 int ASN1_STRING_length(const ASN1_STRING *x);
-void ASN1_STRING_length_set(ASN1_STRING *x, int n);
+# ifndef OPENSSL_NO_DEPRECATED_3_0
+OSSL_DEPRECATEDIN_3_0 void ASN1_STRING_length_set(ASN1_STRING *x, int n);
+# endif
 int ASN1_STRING_type(const ASN1_STRING *x);
-DEPRECATEDIN_1_1_0(unsigned char *ASN1_STRING_data(ASN1_STRING *x))
+# ifndef OPENSSL_NO_DEPRECATED_1_1_0
+OSSL_DEPRECATEDIN_1_1_0 unsigned char *ASN1_STRING_data(ASN1_STRING *x);
+# endif
 const unsigned char *ASN1_STRING_get0_data(const ASN1_STRING *x);

 DECLARE_ASN1_FUNCTIONS(ASN1_BIT_STRING)
@ -567,10 +697,39 @@ int ASN1_BIT_STRING_num_asc(const char *name, BIT_STRING_BITNAME *tbl);
 int ASN1_BIT_STRING_set_asc(ASN1_BIT_STRING *bs, const char *name, int value,
                            BIT_STRING_BITNAME *tbl);

+SKM_DEFINE_STACK_OF_INTERNAL(ASN1_INTEGER, ASN1_INTEGER, ASN1_INTEGER)
+#define sk_ASN1_INTEGER_num(sk) OPENSSL_sk_num(ossl_check_const_ASN1_INTEGER_sk_type(sk))
+#define sk_ASN1_INTEGER_value(sk, idx) ((ASN1_INTEGER *)OPENSSL_sk_value(ossl_check_const_ASN1_INTEGER_sk_type(sk), (idx)))
+#define sk_ASN1_INTEGER_new(cmp) ((STACK_OF(ASN1_INTEGER) *)OPENSSL_sk_new(ossl_check_ASN1_INTEGER_compfunc_type(cmp)))
+#define sk_ASN1_INTEGER_new_null() ((STACK_OF(ASN1_INTEGER) *)OPENSSL_sk_new_null())
+#define sk_ASN1_INTEGER_new_reserve(cmp, n) ((STACK_OF(ASN1_INTEGER) *)OPENSSL_sk_new_reserve(ossl_check_ASN1_INTEGER_compfunc_type(cmp), (n)))
+#define sk_ASN1_INTEGER_reserve(sk, n) OPENSSL_sk_reserve(ossl_check_ASN1_INTEGER_sk_type(sk), (n))
+#define sk_ASN1_INTEGER_free(sk) OPENSSL_sk_free(ossl_check_ASN1_INTEGER_sk_type(sk))
+#define sk_ASN1_INTEGER_zero(sk) OPENSSL_sk_zero(ossl_check_ASN1_INTEGER_sk_type(sk))
+#define sk_ASN1_INTEGER_delete(sk, i) ((ASN1_INTEGER *)OPENSSL_sk_delete(ossl_check_ASN1_INTEGER_sk_type(sk), (i)))
+#define sk_ASN1_INTEGER_delete_ptr(sk, ptr) ((ASN1_INTEGER *)OPENSSL_sk_delete_ptr(ossl_check_ASN1_INTEGER_sk_type(sk), ossl_check_ASN1_INTEGER_type(ptr)))
+#define sk_ASN1_INTEGER_push(sk, ptr) OPENSSL_sk_push(ossl_check_ASN1_INTEGER_sk_type(sk), ossl_check_ASN1_INTEGER_type(ptr))
+#define sk_ASN1_INTEGER_unshift(sk, ptr) OPENSSL_sk_unshift(ossl_check_ASN1_INTEGER_sk_type(sk), ossl_check_ASN1_INTEGER_type(ptr))
+#define sk_ASN1_INTEGER_pop(sk) ((ASN1_INTEGER *)OPENSSL_sk_pop(ossl_check_ASN1_INTEGER_sk_type(sk)))
+#define sk_ASN1_INTEGER_shift(sk) ((ASN1_INTEGER *)OPENSSL_sk_shift(ossl_check_ASN1_INTEGER_sk_type(sk)))
+#define sk_ASN1_INTEGER_pop_free(sk, freefunc) OPENSSL_sk_pop_free(ossl_check_ASN1_INTEGER_sk_type(sk),ossl_check_ASN1_INTEGER_freefunc_type(freefunc))
+#define sk_ASN1_INTEGER_insert(sk, ptr, idx) OPENSSL_sk_insert(ossl_check_ASN1_INTEGER_sk_type(sk), ossl_check_ASN1_INTEGER_type(ptr), (idx))
+#define sk_ASN1_INTEGER_set(sk, idx, ptr) ((ASN1_INTEGER *)OPENSSL_sk_set(ossl_check_ASN1_INTEGER_sk_type(sk), (idx), ossl_check_ASN1_INTEGER_type(ptr)))
+#define sk_ASN1_INTEGER_find(sk, ptr) OPENSSL_sk_find(ossl_check_ASN1_INTEGER_sk_type(sk), ossl_check_ASN1_INTEGER_type(ptr))
+#define sk_ASN1_INTEGER_find_ex(sk, ptr) OPENSSL_sk_find_ex(ossl_check_ASN1_INTEGER_sk_type(sk), ossl_check_ASN1_INTEGER_type(ptr))
+#define sk_ASN1_INTEGER_find_all(sk, ptr, pnum) OPENSSL_sk_find_all(ossl_check_ASN1_INTEGER_sk_type(sk), ossl_check_ASN1_INTEGER_type(ptr), pnum)
+#define sk_ASN1_INTEGER_sort(sk) OPENSSL_sk_sort(ossl_check_ASN1_INTEGER_sk_type(sk))
+#define sk_ASN1_INTEGER_is_sorted(sk) OPENSSL_sk_is_sorted(ossl_check_const_ASN1_INTEGER_sk_type(sk))
+#define sk_ASN1_INTEGER_dup(sk) ((STACK_OF(ASN1_INTEGER) *)OPENSSL_sk_dup(ossl_check_const_ASN1_INTEGER_sk_type(sk)))
+#define sk_ASN1_INTEGER_deep_copy(sk, copyfunc, freefunc) ((STACK_OF(ASN1_INTEGER) *)OPENSSL_sk_deep_copy(ossl_check_const_ASN1_INTEGER_sk_type(sk), ossl_check_ASN1_INTEGER_copyfunc_type(copyfunc), ossl_check_ASN1_INTEGER_freefunc_type(freefunc)))
+#define sk_ASN1_INTEGER_set_cmp_func(sk, cmp) ((sk_ASN1_INTEGER_compfunc)OPENSSL_sk_set_cmp_func(ossl_check_ASN1_INTEGER_sk_type(sk), ossl_check_ASN1_INTEGER_compfunc_type(cmp)))
+
+
+
 DECLARE_ASN1_FUNCTIONS(ASN1_INTEGER)
 ASN1_INTEGER *d2i_ASN1_UINTEGER(ASN1_INTEGER **a, const unsigned char **pp,
                                long length);
-ASN1_INTEGER *ASN1_INTEGER_dup(const ASN1_INTEGER *x);
+DECLARE_ASN1_DUP_FUNCTION(ASN1_INTEGER)
 int ASN1_INTEGER_cmp(const ASN1_INTEGER *x, const ASN1_INTEGER *y);

 DECLARE_ASN1_FUNCTIONS(ASN1_ENUMERATED)
@ -594,12 +753,40 @@ int ASN1_TIME_diff(int *pday, int *psec,
                   const ASN1_TIME *from, const ASN1_TIME *to);

 DECLARE_ASN1_FUNCTIONS(ASN1_OCTET_STRING)
-ASN1_OCTET_STRING *ASN1_OCTET_STRING_dup(const ASN1_OCTET_STRING *a);
+DECLARE_ASN1_DUP_FUNCTION(ASN1_OCTET_STRING)
 int ASN1_OCTET_STRING_cmp(const ASN1_OCTET_STRING *a,
                          const ASN1_OCTET_STRING *b);
 int ASN1_OCTET_STRING_set(ASN1_OCTET_STRING *str, const unsigned char *data,
                          int len);

+SKM_DEFINE_STACK_OF_INTERNAL(ASN1_UTF8STRING, ASN1_UTF8STRING, ASN1_UTF8STRING)
+#define sk_ASN1_UTF8STRING_num(sk) OPENSSL_sk_num(ossl_check_const_ASN1_UTF8STRING_sk_type(sk))
+#define sk_ASN1_UTF8STRING_value(sk, idx) ((ASN1_UTF8STRING *)OPENSSL_sk_value(ossl_check_const_ASN1_UTF8STRING_sk_type(sk), (idx)))
+#define sk_ASN1_UTF8STRING_new(cmp) ((STACK_OF(ASN1_UTF8STRING) *)OPENSSL_sk_new(ossl_check_ASN1_UTF8STRING_compfunc_type(cmp)))
+#define sk_ASN1_UTF8STRING_new_null() ((STACK_OF(ASN1_UTF8STRING) *)OPENSSL_sk_new_null())
+#define sk_ASN1_UTF8STRING_new_reserve(cmp, n) ((STACK_OF(ASN1_UTF8STRING) *)OPENSSL_sk_new_reserve(ossl_check_ASN1_UTF8STRING_compfunc_type(cmp), (n)))
+#define sk_ASN1_UTF8STRING_reserve(sk, n) OPENSSL_sk_reserve(ossl_check_ASN1_UTF8STRING_sk_type(sk), (n))
+#define sk_ASN1_UTF8STRING_free(sk) OPENSSL_sk_free(ossl_check_ASN1_UTF8STRING_sk_type(sk))
+#define sk_ASN1_UTF8STRING_zero(sk) OPENSSL_sk_zero(ossl_check_ASN1_UTF8STRING_sk_type(sk))
+#define sk_ASN1_UTF8STRING_delete(sk, i) ((ASN1_UTF8STRING *)OPENSSL_sk_delete(ossl_check_ASN1_UTF8STRING_sk_type(sk), (i)))
+#define sk_ASN1_UTF8STRING_delete_ptr(sk, ptr) ((ASN1_UTF8STRING *)OPENSSL_sk_delete_ptr(ossl_check_ASN1_UTF8STRING_sk_type(sk), ossl_check_ASN1_UTF8STRING_type(ptr)))
+#define sk_ASN1_UTF8STRING_push(sk, ptr) OPENSSL_sk_push(ossl_check_ASN1_UTF8STRING_sk_type(sk), ossl_check_ASN1_UTF8STRING_type(ptr))
+#define sk_ASN1_UTF8STRING_unshift(sk, ptr) OPENSSL_sk_unshift(ossl_check_ASN1_UTF8STRING_sk_type(sk), ossl_check_ASN1_UTF8STRING_type(ptr))
+#define sk_ASN1_UTF8STRING_pop(sk) ((ASN1_UTF8STRING *)OPENSSL_sk_pop(ossl_check_ASN1_UTF8STRING_sk_type(sk)))
+#define sk_ASN1_UTF8STRING_shift(sk) ((ASN1_UTF8STRING *)OPENSSL_sk_shift(ossl_check_ASN1_UTF8STRING_sk_type(sk)))
+#define sk_ASN1_UTF8STRING_pop_free(sk, freefunc) OPENSSL_sk_pop_free(ossl_check_ASN1_UTF8STRING_sk_type(sk),ossl_check_ASN1_UTF8STRING_freefunc_type(freefunc))
+#define sk_ASN1_UTF8STRING_insert(sk, ptr, idx) OPENSSL_sk_insert(ossl_check_ASN1_UTF8STRING_sk_type(sk), ossl_check_ASN1_UTF8STRING_type(ptr), (idx))
+#define sk_ASN1_UTF8STRING_set(sk, idx, ptr) ((ASN1_UTF8STRING *)OPENSSL_sk_set(ossl_check_ASN1_UTF8STRING_sk_type(sk), (idx), ossl_check_ASN1_UTF8STRING_type(ptr)))
+#define sk_ASN1_UTF8STRING_find(sk, ptr) OPENSSL_sk_find(ossl_check_ASN1_UTF8STRING_sk_type(sk), ossl_check_ASN1_UTF8STRING_type(ptr))
+#define sk_ASN1_UTF8STRING_find_ex(sk, ptr) OPENSSL_sk_find_ex(ossl_check_ASN1_UTF8STRING_sk_type(sk), ossl_check_ASN1_UTF8STRING_type(ptr))
+#define sk_ASN1_UTF8STRING_find_all(sk, ptr, pnum) OPENSSL_sk_find_all(ossl_check_ASN1_UTF8STRING_sk_type(sk), ossl_check_ASN1_UTF8STRING_type(ptr), pnum)
+#define sk_ASN1_UTF8STRING_sort(sk) OPENSSL_sk_sort(ossl_check_ASN1_UTF8STRING_sk_type(sk))
+#define sk_ASN1_UTF8STRING_is_sorted(sk) OPENSSL_sk_is_sorted(ossl_check_const_ASN1_UTF8STRING_sk_type(sk))
+#define sk_ASN1_UTF8STRING_dup(sk) ((STACK_OF(ASN1_UTF8STRING) *)OPENSSL_sk_dup(ossl_check_const_ASN1_UTF8STRING_sk_type(sk)))
+#define sk_ASN1_UTF8STRING_deep_copy(sk, copyfunc, freefunc) ((STACK_OF(ASN1_UTF8STRING) *)OPENSSL_sk_deep_copy(ossl_check_const_ASN1_UTF8STRING_sk_type(sk), ossl_check_ASN1_UTF8STRING_copyfunc_type(copyfunc), ossl_check_ASN1_UTF8STRING_freefunc_type(freefunc)))
+#define sk_ASN1_UTF8STRING_set_cmp_func(sk, cmp) ((sk_ASN1_UTF8STRING_compfunc)OPENSSL_sk_set_cmp_func(ossl_check_ASN1_UTF8STRING_sk_type(sk), ossl_check_ASN1_UTF8STRING_compfunc_type(cmp)))
+
+
 DECLARE_ASN1_FUNCTIONS(ASN1_VISIBLESTRING)
 DECLARE_ASN1_FUNCTIONS(ASN1_UNIVERSALSTRING)
 DECLARE_ASN1_FUNCTIONS(ASN1_UTF8STRING)
@ -609,6 +796,34 @@ DECLARE_ASN1_FUNCTIONS(ASN1_BMPSTRING)
 int UTF8_getc(const unsigned char *str, int len, unsigned long *val);
 int UTF8_putc(unsigned char *str, int len, unsigned long value);

+SKM_DEFINE_STACK_OF_INTERNAL(ASN1_GENERALSTRING, ASN1_GENERALSTRING, ASN1_GENERALSTRING)
+#define sk_ASN1_GENERALSTRING_num(sk) OPENSSL_sk_num(ossl_check_const_ASN1_GENERALSTRING_sk_type(sk))
+#define sk_ASN1_GENERALSTRING_value(sk, idx) ((ASN1_GENERALSTRING *)OPENSSL_sk_value(ossl_check_const_ASN1_GENERALSTRING_sk_type(sk), (idx)))
+#define sk_ASN1_GENERALSTRING_new(cmp) ((STACK_OF(ASN1_GENERALSTRING) *)OPENSSL_sk_new(ossl_check_ASN1_GENERALSTRING_compfunc_type(cmp)))
+#define sk_ASN1_GENERALSTRING_new_null() ((STACK_OF(ASN1_GENERALSTRING) *)OPENSSL_sk_new_null())
+#define sk_ASN1_GENERALSTRING_new_reserve(cmp, n) ((STACK_OF(ASN1_GENERALSTRING) *)OPENSSL_sk_new_reserve(ossl_check_ASN1_GENERALSTRING_compfunc_type(cmp), (n)))
+#define sk_ASN1_GENERALSTRING_reserve(sk, n) OPENSSL_sk_reserve(ossl_check_ASN1_GENERALSTRING_sk_type(sk), (n))
+#define sk_ASN1_GENERALSTRING_free(sk) OPENSSL_sk_free(ossl_check_ASN1_GENERALSTRING_sk_type(sk))
+#define sk_ASN1_GENERALSTRING_zero(sk) OPENSSL_sk_zero(ossl_check_ASN1_GENERALSTRING_sk_type(sk))
+#define sk_ASN1_GENERALSTRING_delete(sk, i) ((ASN1_GENERALSTRING *)OPENSSL_sk_delete(ossl_check_ASN1_GENERALSTRING_sk_type(sk), (i)))
+#define sk_ASN1_GENERALSTRING_delete_ptr(sk, ptr) ((ASN1_GENERALSTRING *)OPENSSL_sk_delete_ptr(ossl_check_ASN1_GENERALSTRING_sk_type(sk), ossl_check_ASN1_GENERALSTRING_type(ptr)))
+#define sk_ASN1_GENERALSTRING_push(sk, ptr) OPENSSL_sk_push(ossl_check_ASN1_GENERALSTRING_sk_type(sk), ossl_check_ASN1_GENERALSTRING_type(ptr))
+#define sk_ASN1_GENERALSTRING_unshift(sk, ptr) OPENSSL_sk_unshift(ossl_check_ASN1_GENERALSTRING_sk_type(sk), ossl_check_ASN1_GENERALSTRING_type(ptr))
+#define sk_ASN1_GENERALSTRING_pop(sk) ((ASN1_GENERALSTRING *)OPENSSL_sk_pop(ossl_check_ASN1_GENERALSTRING_sk_type(sk)))
+#define sk_ASN1_GENERALSTRING_shift(sk) ((ASN1_GENERALSTRING *)OPENSSL_sk_shift(ossl_check_ASN1_GENERALSTRING_sk_type(sk)))
+#define sk_ASN1_GENERALSTRING_pop_free(sk, freefunc) OPENSSL_sk_pop_free(ossl_check_ASN1_GENERALSTRING_sk_type(sk),ossl_check_ASN1_GENERALSTRING_freefunc_type(freefunc))
+#define sk_ASN1_GENERALSTRING_insert(sk, ptr, idx) OPENSSL_sk_insert(ossl_check_ASN1_GENERALSTRING_sk_type(sk), ossl_check_ASN1_GENERALSTRING_type(ptr), (idx))
+#define sk_ASN1_GENERALSTRING_set(sk, idx, ptr) ((ASN1_GENERALSTRING *)OPENSSL_sk_set(ossl_check_ASN1_GENERALSTRING_sk_type(sk), (idx), ossl_check_ASN1_GENERALSTRING_type(ptr)))
+#define sk_ASN1_GENERALSTRING_find(sk, ptr) OPENSSL_sk_find(ossl_check_ASN1_GENERALSTRING_sk_type(sk), ossl_check_ASN1_GENERALSTRING_type(ptr))
+#define sk_ASN1_GENERALSTRING_find_ex(sk, ptr) OPENSSL_sk_find_ex(ossl_check_ASN1_GENERALSTRING_sk_type(sk), ossl_check_ASN1_GENERALSTRING_type(ptr))
+#define sk_ASN1_GENERALSTRING_find_all(sk, ptr, pnum) OPENSSL_sk_find_all(ossl_check_ASN1_GENERALSTRING_sk_type(sk), ossl_check_ASN1_GENERALSTRING_type(ptr), pnum)
+#define sk_ASN1_GENERALSTRING_sort(sk) OPENSSL_sk_sort(ossl_check_ASN1_GENERALSTRING_sk_type(sk))
+#define sk_ASN1_GENERALSTRING_is_sorted(sk) OPENSSL_sk_is_sorted(ossl_check_const_ASN1_GENERALSTRING_sk_type(sk))
+#define sk_ASN1_GENERALSTRING_dup(sk) ((STACK_OF(ASN1_GENERALSTRING) *)OPENSSL_sk_dup(ossl_check_const_ASN1_GENERALSTRING_sk_type(sk)))
+#define sk_ASN1_GENERALSTRING_deep_copy(sk, copyfunc, freefunc) ((STACK_OF(ASN1_GENERALSTRING) *)OPENSSL_sk_deep_copy(ossl_check_const_ASN1_GENERALSTRING_sk_type(sk), ossl_check_ASN1_GENERALSTRING_copyfunc_type(copyfunc), ossl_check_ASN1_GENERALSTRING_freefunc_type(freefunc)))
+#define sk_ASN1_GENERALSTRING_set_cmp_func(sk, cmp) ((sk_ASN1_GENERALSTRING_compfunc)OPENSSL_sk_set_cmp_func(ossl_check_ASN1_GENERALSTRING_sk_type(sk), ossl_check_ASN1_GENERALSTRING_compfunc_type(cmp)))
+
+
 DECLARE_ASN1_FUNCTIONS_name(ASN1_STRING, ASN1_PRINTABLE)

 DECLARE_ASN1_FUNCTIONS_name(ASN1_STRING, DIRECTORYSTRING)
@ -621,6 +836,10 @@ DECLARE_ASN1_FUNCTIONS(ASN1_UTCTIME)
 DECLARE_ASN1_FUNCTIONS(ASN1_GENERALIZEDTIME)
 DECLARE_ASN1_FUNCTIONS(ASN1_TIME)

+DECLARE_ASN1_DUP_FUNCTION(ASN1_TIME)
+DECLARE_ASN1_DUP_FUNCTION(ASN1_UTCTIME)
+DECLARE_ASN1_DUP_FUNCTION(ASN1_GENERALIZEDTIME)
+
 DECLARE_ASN1_ITEM(ASN1_OCTET_STRING_NDEF)

 ASN1_TIME *ASN1_TIME_set(ASN1_TIME *s, time_t t);
@ -685,19 +904,23 @@ int ASN1_put_eoc(unsigned char **pp);
 int ASN1_object_size(int constructed, int length, int tag);

 /* Used to implement other functions */
-void *ASN1_dup(i2d_of_void *i2d, d2i_of_void *d2i, void *x);
+void *ASN1_dup(i2d_of_void *i2d, d2i_of_void *d2i, const void *x);

 # define ASN1_dup_of(type,i2d,d2i,x) \
    ((type*)ASN1_dup(CHECKED_I2D_OF(type, i2d), \
-                     CHECKED_D2I_OF(type, d2i), \
-                     CHECKED_PTR_OF(type, x)))
-
-# define ASN1_dup_of_const(type,i2d,d2i,x) \
-    ((type*)ASN1_dup(CHECKED_I2D_OF(const type, i2d), \
                     CHECKED_D2I_OF(type, d2i), \
                     CHECKED_PTR_OF(const type, x)))

-void *ASN1_item_dup(const ASN1_ITEM *it, void *x);
+void *ASN1_item_dup(const ASN1_ITEM *it, const void *x);
+int ASN1_item_sign_ex(const ASN1_ITEM *it, X509_ALGOR *algor1,
+                      X509_ALGOR *algor2, ASN1_BIT_STRING *signature,
+                      const void *data, const ASN1_OCTET_STRING *id,
+                      EVP_PKEY *pkey, const EVP_MD *md, OSSL_LIB_CTX *libctx,
+                      const char *propq);
+int ASN1_item_verify_ex(const ASN1_ITEM *it, const X509_ALGOR *alg,
+                        const ASN1_BIT_STRING *signature, const void *data,
+                        const ASN1_OCTET_STRING *id, EVP_PKEY *pkey,
+                        OSSL_LIB_CTX *libctx, const char *propq);

 /* ASN1 alloc/free macros for when a type is only used internally */

@ -714,20 +937,17 @@ void *ASN1_d2i_fp(void *(*xnew) (void), d2i_of_void *d2i, FILE *in, void **x);
                        in, \
                        CHECKED_PPTR_OF(type, x)))

+void *ASN1_item_d2i_fp_ex(const ASN1_ITEM *it, FILE *in, void *x,
+                          OSSL_LIB_CTX *libctx, const char *propq);
 void *ASN1_item_d2i_fp(const ASN1_ITEM *it, FILE *in, void *x);
-int ASN1_i2d_fp(i2d_of_void *i2d, FILE *out, void *x);
+int ASN1_i2d_fp(i2d_of_void *i2d, FILE *out, const void *x);

 #  define ASN1_i2d_fp_of(type,i2d,out,x) \
    (ASN1_i2d_fp(CHECKED_I2D_OF(type, i2d), \
-                 out, \
-                 CHECKED_PTR_OF(type, x)))
-
-#  define ASN1_i2d_fp_of_const(type,i2d,out,x) \
-    (ASN1_i2d_fp(CHECKED_I2D_OF(const type, i2d), \
                 out, \
                 CHECKED_PTR_OF(const type, x)))

-int ASN1_item_i2d_fp(const ASN1_ITEM *it, FILE *out, void *x);
+int ASN1_item_i2d_fp(const ASN1_ITEM *it, FILE *out, const void *x);
 int ASN1_STRING_print_ex_fp(FILE *fp, const ASN1_STRING *str, unsigned long flags);
 # endif

@ -741,23 +961,22 @@ void *ASN1_d2i_bio(void *(*xnew) (void), d2i_of_void *d2i, BIO *in, void **x);
                          in, \
                          CHECKED_PPTR_OF(type, x)))

-void *ASN1_item_d2i_bio(const ASN1_ITEM *it, BIO *in, void *x);
-int ASN1_i2d_bio(i2d_of_void *i2d, BIO *out, unsigned char *x);
+void *ASN1_item_d2i_bio_ex(const ASN1_ITEM *it, BIO *in, void *pval,
+                           OSSL_LIB_CTX *libctx, const char *propq);
+void *ASN1_item_d2i_bio(const ASN1_ITEM *it, BIO *in, void *pval);
+int ASN1_i2d_bio(i2d_of_void *i2d, BIO *out, const void *x);

 #  define ASN1_i2d_bio_of(type,i2d,out,x) \
    (ASN1_i2d_bio(CHECKED_I2D_OF(type, i2d), \
-                  out, \
-                  CHECKED_PTR_OF(type, x)))
-
-#  define ASN1_i2d_bio_of_const(type,i2d,out,x) \
-    (ASN1_i2d_bio(CHECKED_I2D_OF(const type, i2d), \
                  out, \
                  CHECKED_PTR_OF(const type, x)))

-int ASN1_item_i2d_bio(const ASN1_ITEM *it, BIO *out, void *x);
+int ASN1_item_i2d_bio(const ASN1_ITEM *it, BIO *out, const void *x);
+BIO *ASN1_item_i2d_mem_bio(const ASN1_ITEM *it, const ASN1_VALUE *val);
 int ASN1_UTCTIME_print(BIO *fp, const ASN1_UTCTIME *a);
 int ASN1_GENERALIZEDTIME_print(BIO *fp, const ASN1_GENERALIZEDTIME *a);
-int ASN1_TIME_print(BIO *fp, const ASN1_TIME *a);
+int ASN1_TIME_print(BIO *bp, const ASN1_TIME *tm);
+int ASN1_TIME_print_ex(BIO *bp, const ASN1_TIME *tm, unsigned long flags);
 int ASN1_STRING_print(BIO *bp, const ASN1_STRING *v);
 int ASN1_STRING_print_ex(BIO *out, const ASN1_STRING *str, unsigned long flags);
 int ASN1_buf_print(BIO *bp, const unsigned char *buf, size_t buflen, int off);
@ -804,11 +1023,16 @@ void ASN1_STRING_TABLE_cleanup(void);

 /* Old API compatible functions */
 ASN1_VALUE *ASN1_item_new(const ASN1_ITEM *it);
+ASN1_VALUE *ASN1_item_new_ex(const ASN1_ITEM *it, OSSL_LIB_CTX *libctx,
+                             const char *propq);
 void ASN1_item_free(ASN1_VALUE *val, const ASN1_ITEM *it);
+ASN1_VALUE *ASN1_item_d2i_ex(ASN1_VALUE **val, const unsigned char **in,
+                             long len, const ASN1_ITEM *it,
+                             OSSL_LIB_CTX *libctx, const char *propq);
 ASN1_VALUE *ASN1_item_d2i(ASN1_VALUE **val, const unsigned char **in,
                          long len, const ASN1_ITEM *it);
-int ASN1_item_i2d(ASN1_VALUE *val, unsigned char **out, const ASN1_ITEM *it);
-int ASN1_item_ndef_i2d(ASN1_VALUE *val, unsigned char **out,
+int ASN1_item_i2d(const ASN1_VALUE *val, unsigned char **out, const ASN1_ITEM *it);
+int ASN1_item_ndef_i2d(const ASN1_VALUE *val, unsigned char **out,
                       const ASN1_ITEM *it);

 void ASN1_add_oid_module(void);
@ -839,7 +1063,7 @@ int ASN1_str2mask(const char *str, unsigned long *pmask);
 /* Don't show structure name even at top level */
 # define ASN1_PCTX_FLAGS_NO_STRUCT_NAME          0x100

-int ASN1_item_print(BIO *out, ASN1_VALUE *ifld, int indent,
+int ASN1_item_print(BIO *out, const ASN1_VALUE *ifld, int indent,
                    const ASN1_ITEM *it, const ASN1_PCTX *pctx);
 ASN1_PCTX *ASN1_PCTX_new(void);
 void ASN1_PCTX_free(ASN1_PCTX *p);
@ -864,22 +1088,43 @@ void *ASN1_SCTX_get_app_data(ASN1_SCTX *p);

 const BIO_METHOD *BIO_f_asn1(void);

+/* cannot constify val because of CMS_stream() */
 BIO *BIO_new_NDEF(BIO *out, ASN1_VALUE *val, const ASN1_ITEM *it);

 int i2d_ASN1_bio_stream(BIO *out, ASN1_VALUE *val, BIO *in, int flags,
                        const ASN1_ITEM *it);
 int PEM_write_bio_ASN1_stream(BIO *out, ASN1_VALUE *val, BIO *in, int flags,
                              const char *hdr, const ASN1_ITEM *it);
+/* cannot constify val because of CMS_dataFinal() */
 int SMIME_write_ASN1(BIO *bio, ASN1_VALUE *val, BIO *data, int flags,
                     int ctype_nid, int econt_nid,
                     STACK_OF(X509_ALGOR) *mdalgs, const ASN1_ITEM *it);
+int SMIME_write_ASN1_ex(BIO *bio, ASN1_VALUE *val, BIO *data, int flags,
+                        int ctype_nid, int econt_nid,
+                        STACK_OF(X509_ALGOR) *mdalgs, const ASN1_ITEM *it,
+                        OSSL_LIB_CTX *libctx, const char *propq);
 ASN1_VALUE *SMIME_read_ASN1(BIO *bio, BIO **bcont, const ASN1_ITEM *it);
+ASN1_VALUE *SMIME_read_ASN1_ex(BIO *bio, int flags, BIO **bcont,
+                               const ASN1_ITEM *it, ASN1_VALUE **x,
+                               OSSL_LIB_CTX *libctx, const char *propq);
 int SMIME_crlf_copy(BIO *in, BIO *out, int flags);
 int SMIME_text(BIO *in, BIO *out);

 const ASN1_ITEM *ASN1_ITEM_lookup(const char *name);
 const ASN1_ITEM *ASN1_ITEM_get(size_t i);

+/* Legacy compatibility */
+# define DECLARE_ASN1_FUNCTIONS_fname(type, itname, name) \
+         DECLARE_ASN1_ALLOC_FUNCTIONS_name(type, name) \
+         DECLARE_ASN1_ENCODE_FUNCTIONS(type, itname, name)
+# define DECLARE_ASN1_FUNCTIONS_const(type) DECLARE_ASN1_FUNCTIONS(type)
+# define DECLARE_ASN1_ENCODE_FUNCTIONS_const(type, name) \
+         DECLARE_ASN1_ENCODE_FUNCTIONS(type, name)
+# define I2D_OF_const(type) I2D_OF(type)
+# define ASN1_dup_of_const(type,i2d,d2i,x) ASN1_dup_of(type,i2d,d2i,x)
+# define ASN1_i2d_fp_of_const(type,i2d,out,x) ASN1_i2d_fp_of(type,i2d,out,x)
+# define ASN1_i2d_bio_of_const(type,i2d,out,x) ASN1_i2d_bio_of(type,i2d,out,x)
+
 # ifdef  __cplusplus
 }
 # endif
--- a/src/3rdparty/win32_include/openssl/asn1_mac.h
+++ b/src/3rdparty/win32_include/openssl/asn1_mac.h
@ -1,7 +1,7 @@
 /*
 * Copyright 2015-2016 The OpenSSL Project Authors. All Rights Reserved.
 *
- * Licensed under the OpenSSL license (the "License").  You may not use
+ * Licensed under the Apache License 2.0 (the "License").  You may not use
 * this file except in compliance with the License.  You can obtain a copy
 * in the file LICENSE in the source distribution or at
 * https://www.openssl.org/source/license.html
--- a/src/3rdparty/win32_include/openssl/asn1err.h
+++ b/src/3rdparty/win32_include/openssl/asn1err.h
@ -1,141 +1,22 @@
 /*
 * Generated by util/mkerr.pl DO NOT EDIT
- * Copyright 1995-2019 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 1995-2021 The OpenSSL Project Authors. All Rights Reserved.
 *
- * Licensed under the OpenSSL license (the "License").  You may not use
+ * Licensed under the Apache License 2.0 (the "License").  You may not use
 * this file except in compliance with the License.  You can obtain a copy
 * in the file LICENSE in the source distribution or at
 * https://www.openssl.org/source/license.html
 */

-#ifndef HEADER_ASN1ERR_H
-# define HEADER_ASN1ERR_H
+#ifndef OPENSSL_ASN1ERR_H
+# define OPENSSL_ASN1ERR_H
+# pragma once

-# ifndef HEADER_SYMHACKS_H
-#  include <openssl/symhacks.h>
-# endif
+# include <openssl/opensslconf.h>
+# include <openssl/symhacks.h>
+# include <openssl/cryptoerr_legacy.h>

-# ifdef  __cplusplus
-extern "C"
-# endif
-int ERR_load_ASN1_strings(void);

-/*
- * ASN1 function codes.
- */
-# define ASN1_F_A2D_ASN1_OBJECT                           100
-# define ASN1_F_A2I_ASN1_INTEGER                          102
-# define ASN1_F_A2I_ASN1_STRING                           103
-# define ASN1_F_APPEND_EXP                                176
-# define ASN1_F_ASN1_BIO_INIT                             113
-# define ASN1_F_ASN1_BIT_STRING_SET_BIT                   183
-# define ASN1_F_ASN1_CB                                   177
-# define ASN1_F_ASN1_CHECK_TLEN                           104
-# define ASN1_F_ASN1_COLLECT                              106
-# define ASN1_F_ASN1_D2I_EX_PRIMITIVE                     108
-# define ASN1_F_ASN1_D2I_FP                               109
-# define ASN1_F_ASN1_D2I_READ_BIO                         107
-# define ASN1_F_ASN1_DIGEST                               184
-# define ASN1_F_ASN1_DO_ADB                               110
-# define ASN1_F_ASN1_DO_LOCK                              233
-# define ASN1_F_ASN1_DUP                                  111
-# define ASN1_F_ASN1_ENC_SAVE                             115
-# define ASN1_F_ASN1_EX_C2I                               204
-# define ASN1_F_ASN1_FIND_END                             190
-# define ASN1_F_ASN1_GENERALIZEDTIME_ADJ                  216
-# define ASN1_F_ASN1_GENERATE_V3                          178
-# define ASN1_F_ASN1_GET_INT64                            224
-# define ASN1_F_ASN1_GET_OBJECT                           114
-# define ASN1_F_ASN1_GET_UINT64                           225
-# define ASN1_F_ASN1_I2D_BIO                              116
-# define ASN1_F_ASN1_I2D_FP                               117
-# define ASN1_F_ASN1_ITEM_D2I_FP                          206
-# define ASN1_F_ASN1_ITEM_DUP                             191
-# define ASN1_F_ASN1_ITEM_EMBED_D2I                       120
-# define ASN1_F_ASN1_ITEM_EMBED_NEW                       121
-# define ASN1_F_ASN1_ITEM_FLAGS_I2D                       118
-# define ASN1_F_ASN1_ITEM_I2D_BIO                         192
-# define ASN1_F_ASN1_ITEM_I2D_FP                          193
-# define ASN1_F_ASN1_ITEM_PACK                            198
-# define ASN1_F_ASN1_ITEM_SIGN                            195
-# define ASN1_F_ASN1_ITEM_SIGN_CTX                        220
-# define ASN1_F_ASN1_ITEM_UNPACK                          199
-# define ASN1_F_ASN1_ITEM_VERIFY                          197
-# define ASN1_F_ASN1_MBSTRING_NCOPY                       122
-# define ASN1_F_ASN1_OBJECT_NEW                           123
-# define ASN1_F_ASN1_OUTPUT_DATA                          214
-# define ASN1_F_ASN1_PCTX_NEW                             205
-# define ASN1_F_ASN1_PRIMITIVE_NEW                        119
-# define ASN1_F_ASN1_SCTX_NEW                             221
-# define ASN1_F_ASN1_SIGN                                 128
-# define ASN1_F_ASN1_STR2TYPE                             179
-# define ASN1_F_ASN1_STRING_GET_INT64                     227
-# define ASN1_F_ASN1_STRING_GET_UINT64                    230
-# define ASN1_F_ASN1_STRING_SET                           186
-# define ASN1_F_ASN1_STRING_TABLE_ADD                     129
-# define ASN1_F_ASN1_STRING_TO_BN                         228
-# define ASN1_F_ASN1_STRING_TYPE_NEW                      130
-# define ASN1_F_ASN1_TEMPLATE_EX_D2I                      132
-# define ASN1_F_ASN1_TEMPLATE_NEW                         133
-# define ASN1_F_ASN1_TEMPLATE_NOEXP_D2I                   131
-# define ASN1_F_ASN1_TIME_ADJ                             217
-# define ASN1_F_ASN1_TYPE_GET_INT_OCTETSTRING             134
-# define ASN1_F_ASN1_TYPE_GET_OCTETSTRING                 135
-# define ASN1_F_ASN1_UTCTIME_ADJ                          218
-# define ASN1_F_ASN1_VERIFY                               137
-# define ASN1_F_B64_READ_ASN1                             209
-# define ASN1_F_B64_WRITE_ASN1                            210
-# define ASN1_F_BIO_NEW_NDEF                              208
-# define ASN1_F_BITSTR_CB                                 180
-# define ASN1_F_BN_TO_ASN1_STRING                         229
-# define ASN1_F_C2I_ASN1_BIT_STRING                       189
-# define ASN1_F_C2I_ASN1_INTEGER                          194
-# define ASN1_F_C2I_ASN1_OBJECT                           196
-# define ASN1_F_C2I_IBUF                                  226
-# define ASN1_F_C2I_UINT64_INT                            101
-# define ASN1_F_COLLECT_DATA                              140
-# define ASN1_F_D2I_ASN1_OBJECT                           147
-# define ASN1_F_D2I_ASN1_UINTEGER                         150
-# define ASN1_F_D2I_AUTOPRIVATEKEY                        207
-# define ASN1_F_D2I_PRIVATEKEY                            154
-# define ASN1_F_D2I_PUBLICKEY                             155
-# define ASN1_F_DO_BUF                                    142
-# define ASN1_F_DO_CREATE                                 124
-# define ASN1_F_DO_DUMP                                   125
-# define ASN1_F_DO_TCREATE                                222
-# define ASN1_F_I2A_ASN1_OBJECT                           126
-# define ASN1_F_I2D_ASN1_BIO_STREAM                       211
-# define ASN1_F_I2D_ASN1_OBJECT                           143
-# define ASN1_F_I2D_DSA_PUBKEY                            161
-# define ASN1_F_I2D_EC_PUBKEY                             181
-# define ASN1_F_I2D_PRIVATEKEY                            163
-# define ASN1_F_I2D_PUBLICKEY                             164
-# define ASN1_F_I2D_RSA_PUBKEY                            165
-# define ASN1_F_LONG_C2I                                  166
-# define ASN1_F_NDEF_PREFIX                               127
-# define ASN1_F_NDEF_SUFFIX                               136
-# define ASN1_F_OID_MODULE_INIT                           174
-# define ASN1_F_PARSE_TAGGING                             182
-# define ASN1_F_PKCS5_PBE2_SET_IV                         167
-# define ASN1_F_PKCS5_PBE2_SET_SCRYPT                     231
-# define ASN1_F_PKCS5_PBE_SET                             202
-# define ASN1_F_PKCS5_PBE_SET0_ALGOR                      215
-# define ASN1_F_PKCS5_PBKDF2_SET                          219
-# define ASN1_F_PKCS5_SCRYPT_SET                          232
-# define ASN1_F_SMIME_READ_ASN1                           212
-# define ASN1_F_SMIME_TEXT                                213
-# define ASN1_F_STABLE_GET                                138
-# define ASN1_F_STBL_MODULE_INIT                          223
-# define ASN1_F_UINT32_C2I                                105
-# define ASN1_F_UINT32_NEW                                139
-# define ASN1_F_UINT64_C2I                                112
-# define ASN1_F_UINT64_NEW                                141
-# define ASN1_F_X509_CRL_ADD0_REVOKED                     169
-# define ASN1_F_X509_INFO_NEW                             170
-# define ASN1_F_X509_NAME_ENCODE                          203
-# define ASN1_F_X509_NAME_EX_D2I                          158
-# define ASN1_F_X509_NAME_EX_NEW                          171
-# define ASN1_F_X509_PKEY_NEW                             173

 /*
 * ASN1 reason codes.
@ -145,6 +26,7 @@ int ERR_load_ASN1_strings(void);
 # define ASN1_R_ASN1_SIG_PARSE_ERROR                      204
 # define ASN1_R_AUX_ERROR                                 100
 # define ASN1_R_BAD_OBJECT_HEADER                         102
+# define ASN1_R_BAD_TEMPLATE                              230
 # define ASN1_R_BMPSTRING_IS_WRONG_LENGTH                 214
 # define ASN1_R_BN_LIB                                    105
 # define ASN1_R_BOOLEAN_IS_WRONG_LENGTH                   106
@ -199,6 +81,7 @@ int ERR_load_ASN1_strings(void);
 # define ASN1_R_INVALID_UNIVERSALSTRING_LENGTH            133
 # define ASN1_R_INVALID_UTF8STRING                        134
 # define ASN1_R_INVALID_VALUE                             219
+# define ASN1_R_LENGTH_TOO_LONG                           231
 # define ASN1_R_LIST_ERROR                                188
 # define ASN1_R_MIME_NO_CONTENT_TYPE                      206
 # define ASN1_R_MIME_PARSE_ERROR                          207
@ -239,6 +122,7 @@ int ERR_load_ASN1_strings(void);
 # define ASN1_R_TYPE_NOT_PRIMITIVE                        195
 # define ASN1_R_UNEXPECTED_EOC                            159
 # define ASN1_R_UNIVERSALSTRING_IS_WRONG_LENGTH           215
+# define ASN1_R_UNKNOWN_DIGEST                            229
 # define ASN1_R_UNKNOWN_FORMAT                            160
 # define ASN1_R_UNKNOWN_MESSAGE_DIGEST_ALGORITHM          161
 # define ASN1_R_UNKNOWN_OBJECT_TYPE                       162
--- a/src/3rdparty/win32_include/openssl/asn1t.h
+++ b/src/3rdparty/win32_include/openssl/asn1t.h
@ -1,14 +1,25 @@
 /*
- * Copyright 2000-2016 The OpenSSL Project Authors. All Rights Reserved.
+ * WARNING: do not edit!
+ * Generated by makefile from include\openssl\asn1t.h.in
 *
- * Licensed under the OpenSSL license (the "License").  You may not use
+ * Copyright 2000-2021 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the Apache License 2.0 (the "License").  You may not use
 * this file except in compliance with the License.  You can obtain a copy
 * in the file LICENSE in the source distribution or at
 * https://www.openssl.org/source/license.html
 */

-#ifndef HEADER_ASN1T_H
-# define HEADER_ASN1T_H
+
+
+#ifndef OPENSSL_ASN1T_H
+# define OPENSSL_ASN1T_H
+# pragma once
+
+# include <openssl/macros.h>
+# ifndef OPENSSL_NO_DEPRECATED_3_0
+#  define HEADER_ASN1T_H
+# endif

 # include <stddef.h>
 # include <openssl/e_os2.h>
@ -25,44 +36,73 @@
 extern "C" {
 #endif

-# ifndef OPENSSL_EXPORT_VAR_AS_FUNCTION
+/*-
+ * These are the possible values for the itype field of the
+ * ASN1_ITEM structure and determine how it is interpreted.
+ *
+ * For PRIMITIVE types the underlying type
+ * determines the behaviour if items is NULL.
+ *
+ * Otherwise templates must contain a single
+ * template and the type is treated in the
+ * same way as the type specified in the template.
+ *
+ * For SEQUENCE types the templates field points
+ * to the members, the size field is the
+ * structure size.
+ *
+ * For CHOICE types the templates field points
+ * to each possible member (typically a union)
+ * and the 'size' field is the offset of the
+ * selector.
+ *
+ * The 'funcs' field is used for application-specific
+ * data and functions.
+ *
+ * The EXTERN type uses a new style d2i/i2d.
+ * The new style should be used where possible
+ * because it avoids things like the d2i IMPLICIT
+ * hack.
+ *
+ * MSTRING is a multiple string type, it is used
+ * for a CHOICE of character strings where the
+ * actual strings all occupy an ASN1_STRING
+ * structure. In this case the 'utype' field
+ * has a special meaning, it is used as a mask
+ * of acceptable types using the B_ASN1 constants.
+ *
+ * NDEF_SEQUENCE is the same as SEQUENCE except
+ * that it will use indefinite length constructed
+ * encoding if requested.
+ *
+ */
+
+# define ASN1_ITYPE_PRIMITIVE            0x0
+# define ASN1_ITYPE_SEQUENCE             0x1
+# define ASN1_ITYPE_CHOICE               0x2
+/* unused value                          0x3 */
+# define ASN1_ITYPE_EXTERN               0x4
+# define ASN1_ITYPE_MSTRING              0x5
+# define ASN1_ITYPE_NDEF_SEQUENCE        0x6

 /* Macro to obtain ASN1_ADB pointer from a type (only used internally) */
-#  define ASN1_ADB_ptr(iptr) ((const ASN1_ADB *)(iptr))
+# define ASN1_ADB_ptr(iptr) ((const ASN1_ADB *)((iptr)()))

 /* Macros for start and end of ASN1_ITEM definition */

-#  define ASN1_ITEM_start(itname) \
-        const ASN1_ITEM itname##_it = {
-
-#  define static_ASN1_ITEM_start(itname) \
-        static const ASN1_ITEM itname##_it = {
-
-#  define ASN1_ITEM_end(itname)                 \
-                };
-
-# else
-
-/* Macro to obtain ASN1_ADB pointer from a type (only used internally) */
-#  define ASN1_ADB_ptr(iptr) ((const ASN1_ADB *)((iptr)()))
-
-/* Macros for start and end of ASN1_ITEM definition */
-
-#  define ASN1_ITEM_start(itname) \
+# define ASN1_ITEM_start(itname) \
        const ASN1_ITEM * itname##_it(void) \
        { \
                static const ASN1_ITEM local_it = {

-#  define static_ASN1_ITEM_start(itname) \
+# define static_ASN1_ITEM_start(itname) \
        static ASN1_ITEM_start(itname)

-#  define ASN1_ITEM_end(itname) \
+# define ASN1_ITEM_end(itname) \
                }; \
        return &local_it; \
        }

-# endif
-
 /* Macros to aid ASN1 template writing */

 # define ASN1_ITEM_TEMPLATE(tname) \
@ -152,19 +192,25 @@ extern "C" {
        ASN1_SEQUENCE_cb(tname, cb)

 # define ASN1_SEQUENCE_cb(tname, cb) \
-        static const ASN1_AUX tname##_aux = {NULL, 0, 0, 0, cb, 0}; \
+        static const ASN1_AUX tname##_aux = {NULL, 0, 0, 0, cb, 0, NULL}; \
        ASN1_SEQUENCE(tname)

-# define ASN1_BROKEN_SEQUENCE(tname) \
-        static const ASN1_AUX tname##_aux = {NULL, ASN1_AFLG_BROKEN, 0, 0, 0, 0}; \
+# define ASN1_SEQUENCE_const_cb(tname, const_cb) \
+        static const ASN1_AUX tname##_aux = \
+            {NULL, ASN1_AFLG_CONST_CB, 0, 0, NULL, 0, const_cb}; \
+        ASN1_SEQUENCE(tname)
+
+# define ASN1_SEQUENCE_cb_const_cb(tname, cb, const_cb) \
+        static const ASN1_AUX tname##_aux = \
+            {NULL, ASN1_AFLG_CONST_CB, 0, 0, cb, 0, const_cb}; \
        ASN1_SEQUENCE(tname)

 # define ASN1_SEQUENCE_ref(tname, cb) \
-        static const ASN1_AUX tname##_aux = {NULL, ASN1_AFLG_REFCOUNT, offsetof(tname, references), offsetof(tname, lock), cb, 0}; \
+        static const ASN1_AUX tname##_aux = {NULL, ASN1_AFLG_REFCOUNT, offsetof(tname, references), offsetof(tname, lock), cb, 0, NULL}; \
        ASN1_SEQUENCE(tname)

 # define ASN1_SEQUENCE_enc(tname, enc, cb) \
-        static const ASN1_AUX tname##_aux = {NULL, ASN1_AFLG_ENCODING, 0, 0, cb, offsetof(tname, enc)}; \
+        static const ASN1_AUX tname##_aux = {NULL, ASN1_AFLG_ENCODING, 0, 0, cb, offsetof(tname, enc), NULL}; \
        ASN1_SEQUENCE(tname)

 # define ASN1_NDEF_SEQUENCE_END(tname) \
@ -190,9 +236,6 @@ extern "C" {
                #tname \
        ASN1_ITEM_end(tname)

-# define ASN1_BROKEN_SEQUENCE_END(stname) ASN1_SEQUENCE_END_ref(stname, stname)
-# define static_ASN1_BROKEN_SEQUENCE_END(stname) \
-        static_ASN1_SEQUENCE_END_ref(stname, stname)

 # define ASN1_SEQUENCE_END_enc(stname, tname) ASN1_SEQUENCE_END_ref(stname, tname)

@ -261,7 +304,7 @@ extern "C" {
        static const ASN1_TEMPLATE tname##_ch_tt[]

 # define ASN1_CHOICE_cb(tname, cb) \
-        static const ASN1_AUX tname##_aux = {NULL, 0, 0, 0, cb, 0}; \
+        static const ASN1_AUX tname##_aux = {NULL, 0, 0, 0, cb, 0, NULL}; \
        ASN1_CHOICE(tname)

 # define ASN1_CHOICE_END(stname) ASN1_CHOICE_END_name(stname, stname)
@ -332,13 +375,9 @@ extern "C" {

 /* Any defined by macros: the field used is in the table itself */

-# ifndef OPENSSL_EXPORT_VAR_AS_FUNCTION
-#  define ASN1_ADB_OBJECT(tblname) { ASN1_TFLG_ADB_OID, -1, 0, #tblname, (const ASN1_ITEM *)&(tblname##_adb) }
-#  define ASN1_ADB_INTEGER(tblname) { ASN1_TFLG_ADB_INT, -1, 0, #tblname, (const ASN1_ITEM *)&(tblname##_adb) }
-# else
-#  define ASN1_ADB_OBJECT(tblname) { ASN1_TFLG_ADB_OID, -1, 0, #tblname, tblname##_adb }
-#  define ASN1_ADB_INTEGER(tblname) { ASN1_TFLG_ADB_INT, -1, 0, #tblname, tblname##_adb }
-# endif
+# define ASN1_ADB_OBJECT(tblname) { ASN1_TFLG_ADB_OID, -1, 0, #tblname, tblname##_adb }
+# define ASN1_ADB_INTEGER(tblname) { ASN1_TFLG_ADB_INT, -1, 0, #tblname, tblname##_adb }
+
 /* Plain simple type */
 # define ASN1_SIMPLE(stname, field, type) ASN1_EX_TYPE(0,0, stname, field, type)
 /* Embedded simple type */
@ -418,23 +457,7 @@ extern "C" {
 # define ASN1_ADB(name) \
        static const ASN1_ADB_TABLE name##_adbtbl[]

-# ifndef OPENSSL_EXPORT_VAR_AS_FUNCTION
-
-#  define ASN1_ADB_END(name, flags, field, adb_cb, def, none) \
-        ;\
-        static const ASN1_ADB name##_adb = {\
-                flags,\
-                offsetof(name, field),\
-                adb_cb,\
-                name##_adbtbl,\
-                sizeof(name##_adbtbl) / sizeof(ASN1_ADB_TABLE),\
-                def,\
-                none\
-        }
-
-# else
-
-#  define ASN1_ADB_END(name, flags, field, adb_cb, def, none) \
+# define ASN1_ADB_END(name, flags, field, adb_cb, def, none) \
        ;\
        static const ASN1_ITEM *name##_adb(void) \
        { \
@ -452,8 +475,6 @@ extern "C" {
        } \
        void dummy_function(void)

-# endif
-
 # define ADB_ENTRY(val, template) {val, template}

 # define ASN1_ADB_TEMPLATE(name) \
@ -584,64 +605,12 @@ struct ASN1_ITEM_st {
    const ASN1_TEMPLATE *templates; /* If SEQUENCE or CHOICE this contains
                                     * the contents */
    long tcount;                /* Number of templates if SEQUENCE or CHOICE */
-    const void *funcs;          /* functions that handle this type */
+    const void *funcs;          /* further data and type-specific functions */
+    /* funcs can be ASN1_PRIMITIVE_FUNCS*, ASN1_EXTERN_FUNCS*, or ASN1_AUX* */
    long size;                  /* Structure size (usually) */
    const char *sname;          /* Structure name */
 };

-/*-
- * These are values for the itype field and
- * determine how the type is interpreted.
- *
- * For PRIMITIVE types the underlying type
- * determines the behaviour if items is NULL.
- *
- * Otherwise templates must contain a single
- * template and the type is treated in the
- * same way as the type specified in the template.
- *
- * For SEQUENCE types the templates field points
- * to the members, the size field is the
- * structure size.
- *
- * For CHOICE types the templates field points
- * to each possible member (typically a union)
- * and the 'size' field is the offset of the
- * selector.
- *
- * The 'funcs' field is used for application
- * specific functions.
- *
- * The EXTERN type uses a new style d2i/i2d.
- * The new style should be used where possible
- * because it avoids things like the d2i IMPLICIT
- * hack.
- *
- * MSTRING is a multiple string type, it is used
- * for a CHOICE of character strings where the
- * actual strings all occupy an ASN1_STRING
- * structure. In this case the 'utype' field
- * has a special meaning, it is used as a mask
- * of acceptable types using the B_ASN1 constants.
- *
- * NDEF_SEQUENCE is the same as SEQUENCE except
- * that it will use indefinite length constructed
- * encoding if requested.
- *
- */
-
-# define ASN1_ITYPE_PRIMITIVE            0x0
-
-# define ASN1_ITYPE_SEQUENCE             0x1
-
-# define ASN1_ITYPE_CHOICE               0x2
-
-# define ASN1_ITYPE_EXTERN               0x4
-
-# define ASN1_ITYPE_MSTRING              0x5
-
-# define ASN1_ITYPE_NDEF_SEQUENCE        0x6
-
 /*
 * Cache for ASN1 tag and length, so we don't keep re-reading it for things
 * like CHOICE
@ -661,21 +630,27 @@ typedef int ASN1_ex_d2i(ASN1_VALUE **pval, const unsigned char **in, long len,
                        const ASN1_ITEM *it, int tag, int aclass, char opt,
                        ASN1_TLC *ctx);

-typedef int ASN1_ex_i2d(ASN1_VALUE **pval, unsigned char **out,
+typedef int ASN1_ex_d2i_ex(ASN1_VALUE **pval, const unsigned char **in, long len,
+                           const ASN1_ITEM *it, int tag, int aclass, char opt,
+                           ASN1_TLC *ctx, OSSL_LIB_CTX *libctx,
+                           const char *propq);
+typedef int ASN1_ex_i2d(const ASN1_VALUE **pval, unsigned char **out,
                        const ASN1_ITEM *it, int tag, int aclass);
 typedef int ASN1_ex_new_func(ASN1_VALUE **pval, const ASN1_ITEM *it);
+typedef int ASN1_ex_new_ex_func(ASN1_VALUE **pval, const ASN1_ITEM *it,
+                                OSSL_LIB_CTX *libctx, const char *propq);
 typedef void ASN1_ex_free_func(ASN1_VALUE **pval, const ASN1_ITEM *it);

-typedef int ASN1_ex_print_func(BIO *out, ASN1_VALUE **pval,
+typedef int ASN1_ex_print_func(BIO *out, const ASN1_VALUE **pval,
                               int indent, const char *fname,
                               const ASN1_PCTX *pctx);

-typedef int ASN1_primitive_i2c(ASN1_VALUE **pval, unsigned char *cont,
+typedef int ASN1_primitive_i2c(const ASN1_VALUE **pval, unsigned char *cont,
                               int *putype, const ASN1_ITEM *it);
 typedef int ASN1_primitive_c2i(ASN1_VALUE **pval, const unsigned char *cont,
                               int len, int utype, char *free_cont,
                               const ASN1_ITEM *it);
-typedef int ASN1_primitive_print(BIO *out, ASN1_VALUE **pval,
+typedef int ASN1_primitive_print(BIO *out, const ASN1_VALUE **pval,
                                 const ASN1_ITEM *it, int indent,
                                 const ASN1_PCTX *pctx);

@ -687,6 +662,8 @@ typedef struct ASN1_EXTERN_FUNCS_st {
    ASN1_ex_d2i *asn1_ex_d2i;
    ASN1_ex_i2d *asn1_ex_i2d;
    ASN1_ex_print_func *asn1_ex_print;
+    ASN1_ex_new_ex_func *asn1_ex_new_ex;
+    ASN1_ex_d2i_ex *asn1_ex_d2i_ex;
 } ASN1_EXTERN_FUNCS;

 typedef struct ASN1_PRIMITIVE_FUNCS_st {
@ -711,18 +688,25 @@ typedef struct ASN1_PRIMITIVE_FUNCS_st {
 * error has occurred and the main operation should be abandoned. If major
 * changes in the default behaviour are required then an external type is
 * more appropriate.
+ * For the operations ASN1_OP_I2D_PRE, ASN1_OP_I2D_POST, ASN1_OP_PRINT_PRE, and
+ * ASN1_OP_PRINT_POST, meanwhile a variant of the callback with const parameter
+ * 'in' is provided to make clear statically that its input is not modified. If
+ * and only if this variant is in use the flag ASN1_AFLG_CONST_CB must be set.
 */

 typedef int ASN1_aux_cb(int operation, ASN1_VALUE **in, const ASN1_ITEM *it,
                        void *exarg);
+typedef int ASN1_aux_const_cb(int operation, const ASN1_VALUE **in,
+                              const ASN1_ITEM *it, void *exarg);

 typedef struct ASN1_AUX_st {
    void *app_data;
    int flags;
    int ref_offset;             /* Offset of reference value */
-    int ref_lock;               /* Lock type to use */
+    int ref_lock;               /* Offset of lock value */
    ASN1_aux_cb *asn1_cb;
    int enc_offset;             /* Offset of ASN1_ENCODING structure */
+    ASN1_aux_const_cb *asn1_const_cb; /* for ASN1_OP_I2D_ and ASN1_OP_PRINT_ */
 } ASN1_AUX;

 /* For print related callbacks exarg points to this structure */
@ -750,6 +734,8 @@ typedef struct ASN1_STREAM_ARG_st {
 # define ASN1_AFLG_ENCODING      2
 /* The Sequence length is invalid */
 # define ASN1_AFLG_BROKEN        4
+/* Use the new asn1_const_cb */
+# define ASN1_AFLG_CONST_CB      8

 /* operation values for asn1_cb */

@ -767,6 +753,10 @@ typedef struct ASN1_STREAM_ARG_st {
 # define ASN1_OP_STREAM_POST     11
 # define ASN1_OP_DETACHED_PRE    12
 # define ASN1_OP_DETACHED_POST   13
+# define ASN1_OP_DUP_PRE         14
+# define ASN1_OP_DUP_POST        15
+# define ASN1_OP_GET0_LIBCTX     16
+# define ASN1_OP_GET0_PROPQ      17

 /* Macro to implement a primitive type */
 # define IMPLEMENT_ASN1_TYPE(stname) IMPLEMENT_ASN1_TYPE_ex(stname, stname, 0)
@ -836,15 +826,15 @@ typedef struct ASN1_STREAM_ARG_st {
        { \
                return (stname *)ASN1_item_d2i((ASN1_VALUE **)a, in, len, ASN1_ITEM_rptr(itname));\
        } \
-        int i2d_##fname(stname *a, unsigned char **out) \
+        int i2d_##fname(const stname *a, unsigned char **out) \
        { \
-                return ASN1_item_i2d((ASN1_VALUE *)a, out, ASN1_ITEM_rptr(itname));\
+                return ASN1_item_i2d((const ASN1_VALUE *)a, out, ASN1_ITEM_rptr(itname));\
        }

 # define IMPLEMENT_ASN1_NDEF_FUNCTION(stname) \
-        int i2d_##stname##_NDEF(stname *a, unsigned char **out) \
+        int i2d_##stname##_NDEF(const stname *a, unsigned char **out) \
        { \
-                return ASN1_item_ndef_i2d((ASN1_VALUE *)a, out, ASN1_ITEM_rptr(stname));\
+                return ASN1_item_ndef_i2d((const ASN1_VALUE *)a, out, ASN1_ITEM_rptr(stname));\
        }

 # define IMPLEMENT_STATIC_ASN1_ENCODE_FUNCTIONS(stname) \
@ -854,28 +844,14 @@ typedef struct ASN1_STREAM_ARG_st {
                return (stname *)ASN1_item_d2i((ASN1_VALUE **)a, in, len, \
                                               ASN1_ITEM_rptr(stname)); \
        } \
-        static int i2d_##stname(stname *a, unsigned char **out) \
+        static int i2d_##stname(const stname *a, unsigned char **out) \
        { \
-                return ASN1_item_i2d((ASN1_VALUE *)a, out, \
+                return ASN1_item_i2d((const ASN1_VALUE *)a, out, \
                                     ASN1_ITEM_rptr(stname)); \
        }

-/*
- * This includes evil casts to remove const: they will go away when full ASN1
- * constification is done.
- */
-# define IMPLEMENT_ASN1_ENCODE_FUNCTIONS_const_fname(stname, itname, fname) \
-        stname *d2i_##fname(stname **a, const unsigned char **in, long len) \
-        { \
-                return (stname *)ASN1_item_d2i((ASN1_VALUE **)a, in, len, ASN1_ITEM_rptr(itname));\
-        } \
-        int i2d_##fname(const stname *a, unsigned char **out) \
-        { \
-                return ASN1_item_i2d((ASN1_VALUE *)a, out, ASN1_ITEM_rptr(itname));\
-        }
-
 # define IMPLEMENT_ASN1_DUP_FUNCTION(stname) \
-        stname * stname##_dup(stname *x) \
+        stname * stname##_dup(const stname *x) \
        { \
        return ASN1_item_dup(ASN1_ITEM_rptr(stname), x); \
        }
@ -884,20 +860,13 @@ typedef struct ASN1_STREAM_ARG_st {
        IMPLEMENT_ASN1_PRINT_FUNCTION_fname(stname, stname, stname)

 # define IMPLEMENT_ASN1_PRINT_FUNCTION_fname(stname, itname, fname) \
-        int fname##_print_ctx(BIO *out, stname *x, int indent, \
+        int fname##_print_ctx(BIO *out, const stname *x, int indent, \
                                                const ASN1_PCTX *pctx) \
        { \
-                return ASN1_item_print(out, (ASN1_VALUE *)x, indent, \
+                return ASN1_item_print(out, (const ASN1_VALUE *)x, indent, \
                        ASN1_ITEM_rptr(itname), pctx); \
        }

-# define IMPLEMENT_ASN1_FUNCTIONS_const(name) \
-                IMPLEMENT_ASN1_FUNCTIONS_const_fname(name, name, name)
-
-# define IMPLEMENT_ASN1_FUNCTIONS_const_fname(stname, itname, fname) \
-        IMPLEMENT_ASN1_ENCODE_FUNCTIONS_const_fname(stname, itname, fname) \
-        IMPLEMENT_ASN1_ALLOC_FUNCTIONS_fname(stname, itname, fname)
-
 /* external definitions for primitive types */

 DECLARE_ASN1_ITEM(ASN1_BOOLEAN)
@ -915,7 +884,7 @@ DECLARE_ASN1_ITEM(ZINT64)
 DECLARE_ASN1_ITEM(UINT64)
 DECLARE_ASN1_ITEM(ZUINT64)

-# if OPENSSL_API_COMPAT < 0x10200000L
+# ifndef OPENSSL_NO_DEPRECATED_3_0
 /*
 * LONG and ZLONG are strongly discouraged for use as stored data, as the
 * underlying C type (long) differs in size depending on the architecture.
@ -925,7 +894,34 @@ DECLARE_ASN1_ITEM(LONG)
 DECLARE_ASN1_ITEM(ZLONG)
 # endif

-DEFINE_STACK_OF(ASN1_VALUE)
+SKM_DEFINE_STACK_OF_INTERNAL(ASN1_VALUE, ASN1_VALUE, ASN1_VALUE)
+#define sk_ASN1_VALUE_num(sk) OPENSSL_sk_num(ossl_check_const_ASN1_VALUE_sk_type(sk))
+#define sk_ASN1_VALUE_value(sk, idx) ((ASN1_VALUE *)OPENSSL_sk_value(ossl_check_const_ASN1_VALUE_sk_type(sk), (idx)))
+#define sk_ASN1_VALUE_new(cmp) ((STACK_OF(ASN1_VALUE) *)OPENSSL_sk_new(ossl_check_ASN1_VALUE_compfunc_type(cmp)))
+#define sk_ASN1_VALUE_new_null() ((STACK_OF(ASN1_VALUE) *)OPENSSL_sk_new_null())
+#define sk_ASN1_VALUE_new_reserve(cmp, n) ((STACK_OF(ASN1_VALUE) *)OPENSSL_sk_new_reserve(ossl_check_ASN1_VALUE_compfunc_type(cmp), (n)))
+#define sk_ASN1_VALUE_reserve(sk, n) OPENSSL_sk_reserve(ossl_check_ASN1_VALUE_sk_type(sk), (n))
+#define sk_ASN1_VALUE_free(sk) OPENSSL_sk_free(ossl_check_ASN1_VALUE_sk_type(sk))
+#define sk_ASN1_VALUE_zero(sk) OPENSSL_sk_zero(ossl_check_ASN1_VALUE_sk_type(sk))
+#define sk_ASN1_VALUE_delete(sk, i) ((ASN1_VALUE *)OPENSSL_sk_delete(ossl_check_ASN1_VALUE_sk_type(sk), (i)))
+#define sk_ASN1_VALUE_delete_ptr(sk, ptr) ((ASN1_VALUE *)OPENSSL_sk_delete_ptr(ossl_check_ASN1_VALUE_sk_type(sk), ossl_check_ASN1_VALUE_type(ptr)))
+#define sk_ASN1_VALUE_push(sk, ptr) OPENSSL_sk_push(ossl_check_ASN1_VALUE_sk_type(sk), ossl_check_ASN1_VALUE_type(ptr))
+#define sk_ASN1_VALUE_unshift(sk, ptr) OPENSSL_sk_unshift(ossl_check_ASN1_VALUE_sk_type(sk), ossl_check_ASN1_VALUE_type(ptr))
+#define sk_ASN1_VALUE_pop(sk) ((ASN1_VALUE *)OPENSSL_sk_pop(ossl_check_ASN1_VALUE_sk_type(sk)))
+#define sk_ASN1_VALUE_shift(sk) ((ASN1_VALUE *)OPENSSL_sk_shift(ossl_check_ASN1_VALUE_sk_type(sk)))
+#define sk_ASN1_VALUE_pop_free(sk, freefunc) OPENSSL_sk_pop_free(ossl_check_ASN1_VALUE_sk_type(sk),ossl_check_ASN1_VALUE_freefunc_type(freefunc))
+#define sk_ASN1_VALUE_insert(sk, ptr, idx) OPENSSL_sk_insert(ossl_check_ASN1_VALUE_sk_type(sk), ossl_check_ASN1_VALUE_type(ptr), (idx))
+#define sk_ASN1_VALUE_set(sk, idx, ptr) ((ASN1_VALUE *)OPENSSL_sk_set(ossl_check_ASN1_VALUE_sk_type(sk), (idx), ossl_check_ASN1_VALUE_type(ptr)))
+#define sk_ASN1_VALUE_find(sk, ptr) OPENSSL_sk_find(ossl_check_ASN1_VALUE_sk_type(sk), ossl_check_ASN1_VALUE_type(ptr))
+#define sk_ASN1_VALUE_find_ex(sk, ptr) OPENSSL_sk_find_ex(ossl_check_ASN1_VALUE_sk_type(sk), ossl_check_ASN1_VALUE_type(ptr))
+#define sk_ASN1_VALUE_find_all(sk, ptr, pnum) OPENSSL_sk_find_all(ossl_check_ASN1_VALUE_sk_type(sk), ossl_check_ASN1_VALUE_type(ptr), pnum)
+#define sk_ASN1_VALUE_sort(sk) OPENSSL_sk_sort(ossl_check_ASN1_VALUE_sk_type(sk))
+#define sk_ASN1_VALUE_is_sorted(sk) OPENSSL_sk_is_sorted(ossl_check_const_ASN1_VALUE_sk_type(sk))
+#define sk_ASN1_VALUE_dup(sk) ((STACK_OF(ASN1_VALUE) *)OPENSSL_sk_dup(ossl_check_const_ASN1_VALUE_sk_type(sk)))
+#define sk_ASN1_VALUE_deep_copy(sk, copyfunc, freefunc) ((STACK_OF(ASN1_VALUE) *)OPENSSL_sk_deep_copy(ossl_check_const_ASN1_VALUE_sk_type(sk), ossl_check_ASN1_VALUE_copyfunc_type(copyfunc), ossl_check_ASN1_VALUE_freefunc_type(freefunc)))
+#define sk_ASN1_VALUE_set_cmp_func(sk, cmp) ((sk_ASN1_VALUE_compfunc)OPENSSL_sk_set_cmp_func(ossl_check_ASN1_VALUE_sk_type(sk), ossl_check_ASN1_VALUE_compfunc_type(cmp)))
+
+

 /* Functions used internally by the ASN1 code */

@ -936,9 +932,14 @@ int ASN1_item_ex_d2i(ASN1_VALUE **pval, const unsigned char **in, long len,
                     const ASN1_ITEM *it, int tag, int aclass, char opt,
                     ASN1_TLC *ctx);

-int ASN1_item_ex_i2d(ASN1_VALUE **pval, unsigned char **out,
+int ASN1_item_ex_i2d(const ASN1_VALUE **pval, unsigned char **out,
                     const ASN1_ITEM *it, int tag, int aclass);

+/* Legacy compatibility */
+# define IMPLEMENT_ASN1_FUNCTIONS_const(name) IMPLEMENT_ASN1_FUNCTIONS(name)
+# define IMPLEMENT_ASN1_ENCODE_FUNCTIONS_const_fname(stname, itname, fname) \
+         IMPLEMENT_ASN1_ENCODE_FUNCTIONS_fname(stname, itname, fname)
+
 #ifdef  __cplusplus
 }
 #endif
--- a/src/3rdparty/win32_include/openssl/async.h
+++ b/src/3rdparty/win32_include/openssl/async.h
@ -1,7 +1,7 @@
 /*
 * Copyright 2015-2018 The OpenSSL Project Authors. All Rights Reserved.
 *
- * Licensed under the OpenSSL license (the "License").  You may not use
+ * Licensed under the Apache License 2.0 (the "License").  You may not use
 * this file except in compliance with the License.  You can obtain a copy
 * in the file LICENSE in the source distribution or at
 * https://www.openssl.org/source/license.html
@ -9,8 +9,14 @@

 #include <stdlib.h>

-#ifndef HEADER_ASYNC_H
-# define HEADER_ASYNC_H
+#ifndef OPENSSL_ASYNC_H
+# define OPENSSL_ASYNC_H
+# pragma once
+
+# include <openssl/macros.h>
+# ifndef OPENSSL_NO_DEPRECATED_3_0
+#  define HEADER_ASYNC_H
+# endif

 #if defined(_WIN32)
 # if defined(BASETYPES) || defined(_WINDEF_H)
@ -31,12 +37,18 @@ extern "C" {

 typedef struct async_job_st ASYNC_JOB;
 typedef struct async_wait_ctx_st ASYNC_WAIT_CTX;
+typedef int (*ASYNC_callback_fn)(void *arg);

 #define ASYNC_ERR      0
 #define ASYNC_NO_JOBS  1
 #define ASYNC_PAUSE    2
 #define ASYNC_FINISH   3

+#define ASYNC_STATUS_UNSUPPORTED    0
+#define ASYNC_STATUS_ERR            1
+#define ASYNC_STATUS_OK             2
+#define ASYNC_STATUS_EAGAIN         3
+
 int ASYNC_init_thread(size_t max_size, size_t init_size);
 void ASYNC_cleanup_thread(void);

@ -52,6 +64,14 @@ int ASYNC_WAIT_CTX_get_fd(ASYNC_WAIT_CTX *ctx, const void *key,
                        OSSL_ASYNC_FD *fd, void **custom_data);
 int ASYNC_WAIT_CTX_get_all_fds(ASYNC_WAIT_CTX *ctx, OSSL_ASYNC_FD *fd,
                               size_t *numfds);
+int ASYNC_WAIT_CTX_get_callback(ASYNC_WAIT_CTX *ctx,
+                                ASYNC_callback_fn *callback,
+                                void **callback_arg);
+int ASYNC_WAIT_CTX_set_callback(ASYNC_WAIT_CTX *ctx,
+                                ASYNC_callback_fn callback,
+                                void *callback_arg);
+int ASYNC_WAIT_CTX_set_status(ASYNC_WAIT_CTX *ctx, int status);
+int ASYNC_WAIT_CTX_get_status(ASYNC_WAIT_CTX *ctx);
 int ASYNC_WAIT_CTX_get_changed_fds(ASYNC_WAIT_CTX *ctx, OSSL_ASYNC_FD *addfd,
                                   size_t *numaddfds, OSSL_ASYNC_FD *delfd,
                                   size_t *numdelfds);
--- a/src/3rdparty/win32_include/openssl/asyncerr.h
+++ b/src/3rdparty/win32_include/openssl/asyncerr.h
@ -1,35 +1,22 @@
 /*
 * Generated by util/mkerr.pl DO NOT EDIT
- * Copyright 1995-2019 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 1995-2021 The OpenSSL Project Authors. All Rights Reserved.
 *
- * Licensed under the OpenSSL license (the "License").  You may not use
+ * Licensed under the Apache License 2.0 (the "License").  You may not use
 * this file except in compliance with the License.  You can obtain a copy
 * in the file LICENSE in the source distribution or at
 * https://www.openssl.org/source/license.html
 */

-#ifndef HEADER_ASYNCERR_H
-# define HEADER_ASYNCERR_H
+#ifndef OPENSSL_ASYNCERR_H
+# define OPENSSL_ASYNCERR_H
+# pragma once

-# ifndef HEADER_SYMHACKS_H
-#  include <openssl/symhacks.h>
-# endif
+# include <openssl/opensslconf.h>
+# include <openssl/symhacks.h>
+# include <openssl/cryptoerr_legacy.h>

-# ifdef  __cplusplus
-extern "C"
-# endif
-int ERR_load_ASYNC_strings(void);

-/*
- * ASYNC function codes.
- */
-# define ASYNC_F_ASYNC_CTX_NEW                            100
-# define ASYNC_F_ASYNC_INIT_THREAD                        101
-# define ASYNC_F_ASYNC_JOB_NEW                            102
-# define ASYNC_F_ASYNC_PAUSE_JOB                          103
-# define ASYNC_F_ASYNC_START_FUNC                         104
-# define ASYNC_F_ASYNC_START_JOB                          105
-# define ASYNC_F_ASYNC_WAIT_CTX_SET_WAIT_FD               106

 /*
 * ASYNC reason codes.
--- a/src/3rdparty/win32_include/openssl/bio.h
+++ b/src/3rdparty/win32_include/openssl/bio.h
@ -1,14 +1,24 @@
 /*
- * Copyright 1995-2020 The OpenSSL Project Authors. All Rights Reserved.
+ * WARNING: do not edit!
+ * Generated by makefile from include\openssl\bio.h.in
 *
- * Licensed under the OpenSSL license (the "License").  You may not use
+ * Copyright 1995-2022 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the Apache License 2.0 (the "License").  You may not use
 * this file except in compliance with the License.  You can obtain a copy
 * in the file LICENSE in the source distribution or at
 * https://www.openssl.org/source/license.html
 */

-#ifndef HEADER_BIO_H
-# define HEADER_BIO_H
+
+#ifndef OPENSSL_BIO_H
+# define OPENSSL_BIO_H
+# pragma once
+
+# include <openssl/macros.h>
+# ifndef OPENSSL_NO_DEPRECATED_3_0
+#  define HEADER_BIO_H
+# endif

 # include <openssl/e_os2.h>

@ -19,6 +29,7 @@

 # include <openssl/crypto.h>
 # include <openssl/bioerr.h>
+# include <openssl/core.h>

 #ifdef  __cplusplus
 extern "C" {
@ -55,6 +66,7 @@ extern "C" {
 # ifndef OPENSSL_NO_SCTP
 #  define BIO_TYPE_DGRAM_SCTP    (24|BIO_TYPE_SOURCE_SINK|BIO_TYPE_DESCRIPTOR)
 # endif
+# define BIO_TYPE_CORE_TO_PROV   (25|BIO_TYPE_SOURCE_SINK)

 #define BIO_TYPE_START           128

@ -97,7 +109,7 @@ extern "C" {
 # define BIO_CTRL_DGRAM_GET_SEND_TIMEOUT 36/* getsockopt, essentially */

 # define BIO_CTRL_DGRAM_GET_RECV_TIMER_EXP 37/* flag whether the last */
-# define BIO_CTRL_DGRAM_GET_SEND_TIMER_EXP 38/* I/O operation tiemd out */
+# define BIO_CTRL_DGRAM_GET_SEND_TIMER_EXP 38/* I/O operation timed out */

 /* #ifdef IP_MTU_DISCOVER */
 # define BIO_CTRL_DGRAM_MTU_DISCOVER       39/* set DF bit on egress packets */
@ -141,6 +153,34 @@ extern "C" {

 # define BIO_CTRL_DGRAM_SET_PEEK_MODE      71

+/*
+ * internal BIO:
+ * # define BIO_CTRL_SET_KTLS_SEND                 72
+ * # define BIO_CTRL_SET_KTLS_SEND_CTRL_MSG        74
+ * # define BIO_CTRL_CLEAR_KTLS_CTRL_MSG           75
+ */
+
+# define BIO_CTRL_GET_KTLS_SEND                 73
+# define BIO_CTRL_GET_KTLS_RECV                 76
+
+# define BIO_CTRL_DGRAM_SCTP_WAIT_FOR_DRY       77
+# define BIO_CTRL_DGRAM_SCTP_MSG_WAITING        78
+
+/* BIO_f_prefix controls */
+# define BIO_CTRL_SET_PREFIX                    79
+# define BIO_CTRL_SET_INDENT                    80
+# define BIO_CTRL_GET_INDENT                    81
+
+# ifndef OPENSSL_NO_KTLS
+#  define BIO_get_ktls_send(b)         \
+     (BIO_ctrl(b, BIO_CTRL_GET_KTLS_SEND, 0, NULL) > 0)
+#  define BIO_get_ktls_recv(b)         \
+     (BIO_ctrl(b, BIO_CTRL_GET_KTLS_RECV, 0, NULL) > 0)
+# else
+#  define BIO_get_ktls_send(b)  (0)
+#  define BIO_get_ktls_recv(b)  (0)
+# endif
+
 /* modifiers */
 # define BIO_FP_READ             0x02
 # define BIO_FP_WRITE            0x04
@ -152,12 +192,9 @@ extern "C" {
 # define BIO_FLAGS_IO_SPECIAL    0x04
 # define BIO_FLAGS_RWS (BIO_FLAGS_READ|BIO_FLAGS_WRITE|BIO_FLAGS_IO_SPECIAL)
 # define BIO_FLAGS_SHOULD_RETRY  0x08
-# ifndef BIO_FLAGS_UPLINK
-/*
- * "UPLINK" flag denotes file descriptors provided by application. It
- * defaults to 0, as most platforms don't require UPLINK interface.
- */
-#  define BIO_FLAGS_UPLINK        0
+# ifndef OPENSSL_NO_DEPRECATED_3_0
+/* This #define was replaced by an internal constant and should not be used. */
+#  define BIO_FLAGS_UPLINK       0
 # endif

 # define BIO_FLAGS_BASE64_NO_NL  0x100
@ -171,6 +208,8 @@ extern "C" {
 # define BIO_FLAGS_NONCLEAR_RST  0x400
 # define BIO_FLAGS_IN_EOF        0x800

+/* the BIO FLAGS values 0x1000 to 0x4000 are reserved for internal KTLS flags */
+
 typedef union bio_addr_st BIO_ADDR;
 typedef struct bio_addrinfo_st BIO_ADDRINFO;

@ -233,16 +272,23 @@ void BIO_clear_flags(BIO *b, int flags);
 # define BIO_cb_pre(a)   (!((a)&BIO_CB_RETURN))
 # define BIO_cb_post(a)  ((a)&BIO_CB_RETURN)

+# ifndef OPENSSL_NO_DEPRECATED_3_0
 typedef long (*BIO_callback_fn)(BIO *b, int oper, const char *argp, int argi,
                                long argl, long ret);
+OSSL_DEPRECATEDIN_3_0 BIO_callback_fn BIO_get_callback(const BIO *b);
+OSSL_DEPRECATEDIN_3_0 void BIO_set_callback(BIO *b, BIO_callback_fn callback);
+OSSL_DEPRECATEDIN_3_0 long BIO_debug_callback(BIO *bio, int cmd,
+                                               const char *argp, int argi,
+                                               long argl, long ret);
+# endif
+
 typedef long (*BIO_callback_fn_ex)(BIO *b, int oper, const char *argp,
                                   size_t len, int argi,
                                   long argl, int ret, size_t *processed);
-BIO_callback_fn BIO_get_callback(const BIO *b);
-void BIO_set_callback(BIO *b, BIO_callback_fn callback);
-
 BIO_callback_fn_ex BIO_get_callback_ex(const BIO *b);
 void BIO_set_callback_ex(BIO *b, BIO_callback_fn_ex callback);
+long BIO_debug_callback_ex(BIO *bio, int oper, const char *argp, size_t len,
+                           int argi, long argl, int ret, size_t *processed);

 char *BIO_get_callback_arg(const BIO *b);
 void BIO_set_callback_arg(BIO *b, char *arg);
@ -255,12 +301,42 @@ int BIO_method_type(const BIO *b);
 typedef int BIO_info_cb(BIO *, int, int);
 typedef BIO_info_cb bio_info_cb;  /* backward compatibility */

-DEFINE_STACK_OF(BIO)
+SKM_DEFINE_STACK_OF_INTERNAL(BIO, BIO, BIO)
+#define sk_BIO_num(sk) OPENSSL_sk_num(ossl_check_const_BIO_sk_type(sk))
+#define sk_BIO_value(sk, idx) ((BIO *)OPENSSL_sk_value(ossl_check_const_BIO_sk_type(sk), (idx)))
+#define sk_BIO_new(cmp) ((STACK_OF(BIO) *)OPENSSL_sk_new(ossl_check_BIO_compfunc_type(cmp)))
+#define sk_BIO_new_null() ((STACK_OF(BIO) *)OPENSSL_sk_new_null())
+#define sk_BIO_new_reserve(cmp, n) ((STACK_OF(BIO) *)OPENSSL_sk_new_reserve(ossl_check_BIO_compfunc_type(cmp), (n)))
+#define sk_BIO_reserve(sk, n) OPENSSL_sk_reserve(ossl_check_BIO_sk_type(sk), (n))
+#define sk_BIO_free(sk) OPENSSL_sk_free(ossl_check_BIO_sk_type(sk))
+#define sk_BIO_zero(sk) OPENSSL_sk_zero(ossl_check_BIO_sk_type(sk))
+#define sk_BIO_delete(sk, i) ((BIO *)OPENSSL_sk_delete(ossl_check_BIO_sk_type(sk), (i)))
+#define sk_BIO_delete_ptr(sk, ptr) ((BIO *)OPENSSL_sk_delete_ptr(ossl_check_BIO_sk_type(sk), ossl_check_BIO_type(ptr)))
+#define sk_BIO_push(sk, ptr) OPENSSL_sk_push(ossl_check_BIO_sk_type(sk), ossl_check_BIO_type(ptr))
+#define sk_BIO_unshift(sk, ptr) OPENSSL_sk_unshift(ossl_check_BIO_sk_type(sk), ossl_check_BIO_type(ptr))
+#define sk_BIO_pop(sk) ((BIO *)OPENSSL_sk_pop(ossl_check_BIO_sk_type(sk)))
+#define sk_BIO_shift(sk) ((BIO *)OPENSSL_sk_shift(ossl_check_BIO_sk_type(sk)))
+#define sk_BIO_pop_free(sk, freefunc) OPENSSL_sk_pop_free(ossl_check_BIO_sk_type(sk),ossl_check_BIO_freefunc_type(freefunc))
+#define sk_BIO_insert(sk, ptr, idx) OPENSSL_sk_insert(ossl_check_BIO_sk_type(sk), ossl_check_BIO_type(ptr), (idx))
+#define sk_BIO_set(sk, idx, ptr) ((BIO *)OPENSSL_sk_set(ossl_check_BIO_sk_type(sk), (idx), ossl_check_BIO_type(ptr)))
+#define sk_BIO_find(sk, ptr) OPENSSL_sk_find(ossl_check_BIO_sk_type(sk), ossl_check_BIO_type(ptr))
+#define sk_BIO_find_ex(sk, ptr) OPENSSL_sk_find_ex(ossl_check_BIO_sk_type(sk), ossl_check_BIO_type(ptr))
+#define sk_BIO_find_all(sk, ptr, pnum) OPENSSL_sk_find_all(ossl_check_BIO_sk_type(sk), ossl_check_BIO_type(ptr), pnum)
+#define sk_BIO_sort(sk) OPENSSL_sk_sort(ossl_check_BIO_sk_type(sk))
+#define sk_BIO_is_sorted(sk) OPENSSL_sk_is_sorted(ossl_check_const_BIO_sk_type(sk))
+#define sk_BIO_dup(sk) ((STACK_OF(BIO) *)OPENSSL_sk_dup(ossl_check_const_BIO_sk_type(sk)))
+#define sk_BIO_deep_copy(sk, copyfunc, freefunc) ((STACK_OF(BIO) *)OPENSSL_sk_deep_copy(ossl_check_const_BIO_sk_type(sk), ossl_check_BIO_copyfunc_type(copyfunc), ossl_check_BIO_freefunc_type(freefunc)))
+#define sk_BIO_set_cmp_func(sk, cmp) ((sk_BIO_compfunc)OPENSSL_sk_set_cmp_func(ossl_check_BIO_sk_type(sk), ossl_check_BIO_compfunc_type(cmp)))
+
+

 /* Prefix and suffix callback in ASN1 BIO */
 typedef int asn1_ps_func (BIO *b, unsigned char **pbuf, int *plen,
                          void *parg);

+typedef void (*BIO_dgram_sctp_notification_handler_fn) (BIO *b,
+                                                        void *context,
+                                                        void *buf);
 # ifndef OPENSSL_NO_SCTP
 /* SCTP parameter structs */
 struct bio_dgram_sctp_sndinfo {
@ -400,12 +476,11 @@ struct bio_dgram_sctp_prinfo {
 #  define BIO_BIND_REUSEADDR_IF_UNUSED    BIO_SOCK_REUSEADDR
 #  define BIO_set_bind_mode(b,mode) BIO_ctrl(b,BIO_C_SET_BIND_MODE,mode,NULL)
 #  define BIO_get_bind_mode(b)    BIO_ctrl(b,BIO_C_GET_BIND_MODE,0,NULL)
-
-/* BIO_s_accept() and BIO_s_connect() */
-#  define BIO_do_connect(b)       BIO_do_handshake(b)
-#  define BIO_do_accept(b)        BIO_do_handshake(b)
 # endif /* OPENSSL_NO_SOCK */

+# define BIO_do_connect(b)       BIO_do_handshake(b)
+# define BIO_do_accept(b)        BIO_do_handshake(b)
+
 # define BIO_do_handshake(b)     BIO_ctrl(b,BIO_C_DO_STATE_MACHINE,0,NULL)

 /* BIO_s_datagram(), BIO_s_fd(), BIO_s_socket(), BIO_s_accept() and BIO_s_connect() */
@ -524,10 +599,15 @@ int BIO_ctrl_reset_read_request(BIO *b);
 # define BIO_dgram_get_mtu_overhead(b) \
         (unsigned int)BIO_ctrl((b), BIO_CTRL_DGRAM_GET_MTU_OVERHEAD, 0, NULL)

+/* ctrl macros for BIO_f_prefix */
+# define BIO_set_prefix(b,p) BIO_ctrl((b), BIO_CTRL_SET_PREFIX, 0, (void *)(p))
+# define BIO_set_indent(b,i) BIO_ctrl((b), BIO_CTRL_SET_INDENT, (i), NULL)
+# define BIO_get_indent(b) BIO_ctrl((b), BIO_CTRL_GET_INDENT, 0, NULL)
+
 #define BIO_get_ex_new_index(l, p, newf, dupf, freef) \
    CRYPTO_get_ex_new_index(CRYPTO_EX_INDEX_BIO, l, p, newf, dupf, freef)
 int BIO_set_ex_data(BIO *bio, int idx, void *data);
-void *BIO_get_ex_data(BIO *bio, int idx);
+void *BIO_get_ex_data(const BIO *bio, int idx);
 uint64_t BIO_number_read(BIO *bio);
 uint64_t BIO_number_written(BIO *bio);

@ -543,9 +623,11 @@ int BIO_asn1_get_suffix(BIO *b, asn1_ps_func **psuffix,

 const BIO_METHOD *BIO_s_file(void);
 BIO *BIO_new_file(const char *filename, const char *mode);
+BIO *BIO_new_from_core_bio(OSSL_LIB_CTX *libctx, OSSL_CORE_BIO *corebio);
 # ifndef OPENSSL_NO_STDIO
 BIO *BIO_new_fp(FILE *stream, int close_flag);
 # endif
+BIO *BIO_new_ex(OSSL_LIB_CTX *libctx, const BIO_METHOD *method);
 BIO *BIO_new(const BIO_METHOD *type);
 int BIO_free(BIO *a);
 void BIO_set_data(BIO *a, void *ptr);
@ -559,6 +641,7 @@ int BIO_up_ref(BIO *a);
 int BIO_read(BIO *b, void *data, int dlen);
 int BIO_read_ex(BIO *b, void *data, size_t dlen, size_t *readbytes);
 int BIO_gets(BIO *bp, char *buf, int size);
+int BIO_get_line(BIO *bio, char *buf, int size);
 int BIO_write(BIO *b, const void *data, int dlen);
 int BIO_write_ex(BIO *b, const void *data, size_t dlen, size_t *written);
 int BIO_puts(BIO *bp, const char *buf);
@ -583,9 +666,6 @@ int BIO_nread(BIO *bio, char **buf, int num);
 int BIO_nwrite0(BIO *bio, char **buf);
 int BIO_nwrite(BIO *bio, char **buf, int num);

-long BIO_debug_callback(BIO *bio, int cmd, const char *argp, int argi,
-                        long argl, long ret);
-
 const BIO_METHOD *BIO_s_mem(void);
 const BIO_METHOD *BIO_s_secmem(void);
 BIO *BIO_new_mem_buf(const void *buf, int len);
@ -600,8 +680,11 @@ const BIO_METHOD *BIO_s_bio(void);
 const BIO_METHOD *BIO_s_null(void);
 const BIO_METHOD *BIO_f_null(void);
 const BIO_METHOD *BIO_f_buffer(void);
+const BIO_METHOD *BIO_f_readbuffer(void);
 const BIO_METHOD *BIO_f_linebuffer(void);
 const BIO_METHOD *BIO_f_nbio_test(void);
+const BIO_METHOD *BIO_f_prefix(void);
+const BIO_METHOD *BIO_s_core(void);
 # ifndef OPENSSL_NO_DGRAM
 const BIO_METHOD *BIO_s_datagram(void);
 int BIO_dgram_non_fatal_error(int error);
@ -611,10 +694,8 @@ const BIO_METHOD *BIO_s_datagram_sctp(void);
 BIO *BIO_new_dgram_sctp(int fd, int close_flag);
 int BIO_dgram_is_sctp(BIO *bio);
 int BIO_dgram_sctp_notification_cb(BIO *b,
-                                   void (*handle_notifications) (BIO *bio,
-                                                                 void *context,
-                                                                 void *buf),
-                                   void *context);
+                BIO_dgram_sctp_notification_handler_fn handle_notifications,
+                void *context);
 int BIO_dgram_sctp_wait_for_dry(BIO *b);
 int BIO_dgram_sctp_msg_waiting(BIO *b);
 #  endif
@ -623,21 +704,24 @@ int BIO_dgram_sctp_msg_waiting(BIO *b);
 # ifndef OPENSSL_NO_SOCK
 int BIO_sock_should_retry(int i);
 int BIO_sock_non_fatal_error(int error);
+int BIO_socket_wait(int fd, int for_read, time_t max_time);
 # endif
+int BIO_wait(BIO *bio, time_t max_time, unsigned int nap_milliseconds);
+int BIO_do_connect_retry(BIO *bio, int timeout, int nap_milliseconds);

 int BIO_fd_should_retry(int i);
 int BIO_fd_non_fatal_error(int error);
 int BIO_dump_cb(int (*cb) (const void *data, size_t len, void *u),
-                void *u, const char *s, int len);
+                void *u, const void *s, int len);
 int BIO_dump_indent_cb(int (*cb) (const void *data, size_t len, void *u),
-                       void *u, const char *s, int len, int indent);
-int BIO_dump(BIO *b, const char *bytes, int len);
-int BIO_dump_indent(BIO *b, const char *bytes, int len, int indent);
+                       void *u, const void *s, int len, int indent);
+int BIO_dump(BIO *b, const void *bytes, int len);
+int BIO_dump_indent(BIO *b, const void *bytes, int len, int indent);
 # ifndef OPENSSL_NO_STDIO
-int BIO_dump_fp(FILE *fp, const char *s, int len);
-int BIO_dump_indent_fp(FILE *fp, const char *s, int len, int indent);
+int BIO_dump_fp(FILE *fp, const void *s, int len);
+int BIO_dump_indent_fp(FILE *fp, const void *s, int len, int indent);
 # endif
-int BIO_hex_string(BIO *out, int indent, int width, unsigned char *data,
+int BIO_hex_string(BIO *out, int indent, int width, const void *data,
                   int datalen);

 # ifndef OPENSSL_NO_SOCK
@ -678,16 +762,17 @@ int BIO_sock_error(int sock);
 int BIO_socket_ioctl(int fd, long type, void *arg);
 int BIO_socket_nbio(int fd, int mode);
 int BIO_sock_init(void);
-# if OPENSSL_API_COMPAT < 0x10100000L
+# ifndef OPENSSL_NO_DEPRECATED_1_1_0
 #  define BIO_sock_cleanup() while(0) continue
 # endif
 int BIO_set_tcp_ndelay(int sock, int turn_on);
-
-DEPRECATEDIN_1_1_0(struct hostent *BIO_gethostbyname(const char *name))
-DEPRECATEDIN_1_1_0(int BIO_get_port(const char *str, unsigned short *port_ptr))
-DEPRECATEDIN_1_1_0(int BIO_get_host_ip(const char *str, unsigned char *ip))
-DEPRECATEDIN_1_1_0(int BIO_get_accept_socket(char *host_port, int mode))
-DEPRECATEDIN_1_1_0(int BIO_accept(int sock, char **ip_port))
+# ifndef OPENSSL_NO_DEPRECATED_1_1_0
+OSSL_DEPRECATEDIN_1_1_0 struct hostent *BIO_gethostbyname(const char *name);
+OSSL_DEPRECATEDIN_1_1_0 int BIO_get_port(const char *str, unsigned short *port_ptr);
+OSSL_DEPRECATEDIN_1_1_0 int BIO_get_host_ip(const char *str, unsigned char *ip);
+OSSL_DEPRECATEDIN_1_1_0 int BIO_get_accept_socket(char *host_port, int mode);
+OSSL_DEPRECATEDIN_1_1_0 int BIO_accept(int sock, char **ip_port);
+# endif

 union BIO_sock_info_u {
    BIO_ADDR *addr;
@ -734,6 +819,7 @@ void BIO_copy_next_retry(BIO *b);

 # define ossl_bio__attr__(x)
 # if defined(__GNUC__) && defined(__STDC_VERSION__) \
+    && !defined(__MINGW32__) && !defined(__MINGW64__) \
    && !defined(__APPLE__)
    /*
     * Because we support the 'z' modifier, which made its appearance in C99,
--- a/src/3rdparty/win32_include/openssl/bioerr.h
+++ b/src/3rdparty/win32_include/openssl/bioerr.h
@ -1,84 +1,22 @@
 /*
 * Generated by util/mkerr.pl DO NOT EDIT
- * Copyright 1995-2019 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 1995-2021 The OpenSSL Project Authors. All Rights Reserved.
 *
- * Licensed under the OpenSSL license (the "License").  You may not use
+ * Licensed under the Apache License 2.0 (the "License").  You may not use
 * this file except in compliance with the License.  You can obtain a copy
 * in the file LICENSE in the source distribution or at
 * https://www.openssl.org/source/license.html
 */

-#ifndef HEADER_BIOERR_H
-# define HEADER_BIOERR_H
+#ifndef OPENSSL_BIOERR_H
+# define OPENSSL_BIOERR_H
+# pragma once

-# ifndef HEADER_SYMHACKS_H
-#  include <openssl/symhacks.h>
-# endif
+# include <openssl/opensslconf.h>
+# include <openssl/symhacks.h>
+# include <openssl/cryptoerr_legacy.h>

-# ifdef  __cplusplus
-extern "C"
-# endif
-int ERR_load_BIO_strings(void);

-/*
- * BIO function codes.
- */
-# define BIO_F_ACPT_STATE                                 100
-# define BIO_F_ADDRINFO_WRAP                              148
-# define BIO_F_ADDR_STRINGS                               134
-# define BIO_F_BIO_ACCEPT                                 101
-# define BIO_F_BIO_ACCEPT_EX                              137
-# define BIO_F_BIO_ACCEPT_NEW                             152
-# define BIO_F_BIO_ADDR_NEW                               144
-# define BIO_F_BIO_BIND                                   147
-# define BIO_F_BIO_CALLBACK_CTRL                          131
-# define BIO_F_BIO_CONNECT                                138
-# define BIO_F_BIO_CONNECT_NEW                            153
-# define BIO_F_BIO_CTRL                                   103
-# define BIO_F_BIO_GETS                                   104
-# define BIO_F_BIO_GET_HOST_IP                            106
-# define BIO_F_BIO_GET_NEW_INDEX                          102
-# define BIO_F_BIO_GET_PORT                               107
-# define BIO_F_BIO_LISTEN                                 139
-# define BIO_F_BIO_LOOKUP                                 135
-# define BIO_F_BIO_LOOKUP_EX                              143
-# define BIO_F_BIO_MAKE_PAIR                              121
-# define BIO_F_BIO_METH_NEW                               146
-# define BIO_F_BIO_NEW                                    108
-# define BIO_F_BIO_NEW_DGRAM_SCTP                         145
-# define BIO_F_BIO_NEW_FILE                               109
-# define BIO_F_BIO_NEW_MEM_BUF                            126
-# define BIO_F_BIO_NREAD                                  123
-# define BIO_F_BIO_NREAD0                                 124
-# define BIO_F_BIO_NWRITE                                 125
-# define BIO_F_BIO_NWRITE0                                122
-# define BIO_F_BIO_PARSE_HOSTSERV                         136
-# define BIO_F_BIO_PUTS                                   110
-# define BIO_F_BIO_READ                                   111
-# define BIO_F_BIO_READ_EX                                105
-# define BIO_F_BIO_READ_INTERN                            120
-# define BIO_F_BIO_SOCKET                                 140
-# define BIO_F_BIO_SOCKET_NBIO                            142
-# define BIO_F_BIO_SOCK_INFO                              141
-# define BIO_F_BIO_SOCK_INIT                              112
-# define BIO_F_BIO_WRITE                                  113
-# define BIO_F_BIO_WRITE_EX                               119
-# define BIO_F_BIO_WRITE_INTERN                           128
-# define BIO_F_BUFFER_CTRL                                114
-# define BIO_F_CONN_CTRL                                  127
-# define BIO_F_CONN_STATE                                 115
-# define BIO_F_DGRAM_SCTP_NEW                             149
-# define BIO_F_DGRAM_SCTP_READ                            132
-# define BIO_F_DGRAM_SCTP_WRITE                           133
-# define BIO_F_DOAPR_OUTCH                                150
-# define BIO_F_FILE_CTRL                                  116
-# define BIO_F_FILE_READ                                  130
-# define BIO_F_LINEBUFFER_CTRL                            129
-# define BIO_F_LINEBUFFER_NEW                             151
-# define BIO_F_MEM_WRITE                                  117
-# define BIO_F_NBIOF_NEW                                  154
-# define BIO_F_SLG_WRITE                                  155
-# define BIO_F_SSL_NEW                                    118

 /*
 * BIO reason codes.
@ -89,6 +27,7 @@ int ERR_load_BIO_strings(void);
 # define BIO_R_BAD_FOPEN_MODE                             101
 # define BIO_R_BROKEN_PIPE                                124
 # define BIO_R_CONNECT_ERROR                              103
+# define BIO_R_CONNECT_TIMEOUT                            147
 # define BIO_R_GETHOSTBYNAME_ADDR_IS_NOT_AF_INET          107
 # define BIO_R_GETSOCKNAME_ERROR                          132
 # define BIO_R_GETSOCKNAME_TRUNCATED_ADDRESS              133
@ -105,7 +44,9 @@ int ERR_load_BIO_strings(void);
 # define BIO_R_NO_HOSTNAME_OR_SERVICE_SPECIFIED           144
 # define BIO_R_NO_PORT_DEFINED                            113
 # define BIO_R_NO_SUCH_FILE                               128
-# define BIO_R_NULL_PARAMETER                             115
+# define BIO_R_NULL_PARAMETER                             115 /* unused */
+# define BIO_R_TRANSFER_ERROR                             104
+# define BIO_R_TRANSFER_TIMEOUT                           105
 # define BIO_R_UNABLE_TO_BIND_SOCKET                      117
 # define BIO_R_UNABLE_TO_CREATE_SOCKET                    118
 # define BIO_R_UNABLE_TO_KEEPALIVE                        137
--- a/src/3rdparty/win32_include/openssl/blowfish.h
+++ b/src/3rdparty/win32_include/openssl/blowfish.h
@ -1,14 +1,20 @@
 /*
- * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 1995-2020 The OpenSSL Project Authors. All Rights Reserved.
 *
- * Licensed under the OpenSSL license (the "License").  You may not use
+ * Licensed under the Apache License 2.0 (the "License").  You may not use
 * this file except in compliance with the License.  You can obtain a copy
 * in the file LICENSE in the source distribution or at
 * https://www.openssl.org/source/license.html
 */

-#ifndef HEADER_BLOWFISH_H
-# define HEADER_BLOWFISH_H
+#ifndef OPENSSL_BLOWFISH_H
+# define OPENSSL_BLOWFISH_H
+# pragma once
+
+# include <openssl/macros.h>
+# ifndef OPENSSL_NO_DEPRECATED_3_0
+#  define HEADER_BLOWFISH_H
+# endif

 # include <openssl/opensslconf.h>

@ -18,40 +24,51 @@
 extern "C" {
 # endif

-# define BF_ENCRYPT      1
-# define BF_DECRYPT      0
+# define BF_BLOCK        8
+
+# ifndef OPENSSL_NO_DEPRECATED_3_0
+
+#  define BF_ENCRYPT      1
+#  define BF_DECRYPT      0

 /*-
 * !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
 * ! BF_LONG has to be at least 32 bits wide.                     !
 * !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
 */
-# define BF_LONG unsigned int
+#  define BF_LONG unsigned int

-# define BF_ROUNDS       16
-# define BF_BLOCK        8
+#  define BF_ROUNDS       16

 typedef struct bf_key_st {
    BF_LONG P[BF_ROUNDS + 2];
    BF_LONG S[4 * 256];
 } BF_KEY;

-void BF_set_key(BF_KEY *key, int len, const unsigned char *data);
-
-void BF_encrypt(BF_LONG *data, const BF_KEY *key);
-void BF_decrypt(BF_LONG *data, const BF_KEY *key);
-
-void BF_ecb_encrypt(const unsigned char *in, unsigned char *out,
-                    const BF_KEY *key, int enc);
-void BF_cbc_encrypt(const unsigned char *in, unsigned char *out, long length,
-                    const BF_KEY *schedule, unsigned char *ivec, int enc);
-void BF_cfb64_encrypt(const unsigned char *in, unsigned char *out,
-                      long length, const BF_KEY *schedule,
-                      unsigned char *ivec, int *num, int enc);
-void BF_ofb64_encrypt(const unsigned char *in, unsigned char *out,
-                      long length, const BF_KEY *schedule,
-                      unsigned char *ivec, int *num);
-const char *BF_options(void);
+# endif /* OPENSSL_NO_DEPRECATED_3_0 */
+# ifndef OPENSSL_NO_DEPRECATED_3_0
+OSSL_DEPRECATEDIN_3_0 void BF_set_key(BF_KEY *key, int len,
+                                      const unsigned char *data);
+OSSL_DEPRECATEDIN_3_0 void BF_encrypt(BF_LONG *data, const BF_KEY *key);
+OSSL_DEPRECATEDIN_3_0 void BF_decrypt(BF_LONG *data, const BF_KEY *key);
+OSSL_DEPRECATEDIN_3_0 void BF_ecb_encrypt(const unsigned char *in,
+                                          unsigned char *out, const BF_KEY *key,
+                                          int enc);
+OSSL_DEPRECATEDIN_3_0 void BF_cbc_encrypt(const unsigned char *in,
+                                          unsigned char *out, long length,
+                                          const BF_KEY *schedule,
+                                          unsigned char *ivec, int enc);
+OSSL_DEPRECATEDIN_3_0 void BF_cfb64_encrypt(const unsigned char *in,
+                                            unsigned char *out,
+                                            long length, const BF_KEY *schedule,
+                                            unsigned char *ivec, int *num,
+                                            int enc);
+OSSL_DEPRECATEDIN_3_0 void BF_ofb64_encrypt(const unsigned char *in,
+                                            unsigned char *out,
+                                            long length, const BF_KEY *schedule,
+                                            unsigned char *ivec, int *num);
+OSSL_DEPRECATEDIN_3_0 const char *BF_options(void);
+# endif

 # ifdef  __cplusplus
 }
--- a/src/3rdparty/win32_include/openssl/bn.h
+++ b/src/3rdparty/win32_include/openssl/bn.h
@ -1,22 +1,28 @@
 /*
- * Copyright 1995-2020 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 1995-2022 The OpenSSL Project Authors. All Rights Reserved.
 * Copyright (c) 2002, Oracle and/or its affiliates. All rights reserved
 *
- * Licensed under the OpenSSL license (the "License").  You may not use
+ * Licensed under the Apache License 2.0 (the "License").  You may not use
 * this file except in compliance with the License.  You can obtain a copy
 * in the file LICENSE in the source distribution or at
 * https://www.openssl.org/source/license.html
 */

-#ifndef HEADER_BN_H
-# define HEADER_BN_H
+#ifndef OPENSSL_BN_H
+# define OPENSSL_BN_H
+# pragma once
+
+# include <openssl/macros.h>
+# ifndef OPENSSL_NO_DEPRECATED_3_0
+#  define HEADER_BN_H
+# endif

 # include <openssl/e_os2.h>
 # ifndef OPENSSL_NO_STDIO
 #  include <stdio.h>
 # endif
 # include <openssl/opensslconf.h>
-# include <openssl/ossl_typ.h>
+# include <openssl/types.h>
 # include <openssl/crypto.h>
 # include <openssl/bnerr.h>

@ -61,7 +67,7 @@ extern "C" {
 # define BN_FLG_CONSTTIME        0x04
 # define BN_FLG_SECURE           0x08

-# if OPENSSL_API_COMPAT < 0x00908000L
+# ifndef OPENSSL_NO_DEPRECATED_0_9_8
 /* deprecated name for the flag */
 #  define BN_FLG_EXP_CONSTTIME BN_FLG_CONSTTIME
 #  define BN_FLG_FREE            0x8000 /* used for debugging */
@ -103,8 +109,9 @@ void BN_GENCB_set(BN_GENCB *gencb, int (*callback) (int, int, BN_GENCB *),

 void *BN_GENCB_get_arg(BN_GENCB *cb);

-# define BN_prime_checks 0      /* default: select number of iterations based
-                                 * on the size of the number */
+# ifndef OPENSSL_NO_DEPRECATED_3_0
+#  define BN_prime_checks 0      /* default: select number of iterations based
+                                  * on the size of the number */

 /*
 * BN_prime_checks_for_size() returns the number of Miller-Rabin iterations
@ -169,14 +176,15 @@ void *BN_GENCB_get_arg(BN_GENCB *cb);
 *  (b) >=    6 |     >=    12 |         34 |         64 bit
 */

-# define BN_prime_checks_for_size(b) ((b) >= 3747 ?  3 : \
-                                (b) >=  1345 ?  4 : \
-                                (b) >=  476 ?  5 : \
-                                (b) >=  400 ?  6 : \
-                                (b) >=  347 ?  7 : \
-                                (b) >=  308 ?  8 : \
-                                (b) >=  55  ? 27 : \
-                                /* b >= 6 */ 34)
+#  define BN_prime_checks_for_size(b) ((b) >= 3747 ?  3 : \
+                                      (b) >=  1345 ?  4 : \
+                                      (b) >=  476 ?  5 : \
+                                      (b) >=  400 ?  6 : \
+                                      (b) >=  347 ?  7 : \
+                                      (b) >=  308 ?  8 : \
+                                      (b) >=  55  ? 27 : \
+                                      /* b >= 6 */ 34)
+# endif

 # define BN_num_bytes(a) ((BN_num_bits(a)+7)/8)

@ -190,7 +198,7 @@ int BN_is_odd(const BIGNUM *a);

 void BN_zero_ex(BIGNUM *a);

-# if OPENSSL_API_COMPAT >= 0x00908000L
+# if OPENSSL_API_LEVEL > 908
 #  define BN_zero(a)      BN_zero_ex(a)
 # else
 #  define BN_zero(a)      (BN_set_word((a),0))
@ -198,18 +206,32 @@ void BN_zero_ex(BIGNUM *a);

 const BIGNUM *BN_value_one(void);
 char *BN_options(void);
+BN_CTX *BN_CTX_new_ex(OSSL_LIB_CTX *ctx);
 BN_CTX *BN_CTX_new(void);
+BN_CTX *BN_CTX_secure_new_ex(OSSL_LIB_CTX *ctx);
 BN_CTX *BN_CTX_secure_new(void);
 void BN_CTX_free(BN_CTX *c);
 void BN_CTX_start(BN_CTX *ctx);
 BIGNUM *BN_CTX_get(BN_CTX *ctx);
 void BN_CTX_end(BN_CTX *ctx);
+int BN_rand_ex(BIGNUM *rnd, int bits, int top, int bottom,
+               unsigned int strength, BN_CTX *ctx);
 int BN_rand(BIGNUM *rnd, int bits, int top, int bottom);
+int BN_priv_rand_ex(BIGNUM *rnd, int bits, int top, int bottom,
+                    unsigned int strength, BN_CTX *ctx);
 int BN_priv_rand(BIGNUM *rnd, int bits, int top, int bottom);
+int BN_rand_range_ex(BIGNUM *r, const BIGNUM *range, unsigned int strength,
+                     BN_CTX *ctx);
 int BN_rand_range(BIGNUM *rnd, const BIGNUM *range);
+int BN_priv_rand_range_ex(BIGNUM *r, const BIGNUM *range,
+                          unsigned int strength, BN_CTX *ctx);
 int BN_priv_rand_range(BIGNUM *rnd, const BIGNUM *range);
+# ifndef OPENSSL_NO_DEPRECATED_3_0
+OSSL_DEPRECATEDIN_3_0
 int BN_pseudo_rand(BIGNUM *rnd, int bits, int top, int bottom);
+OSSL_DEPRECATEDIN_3_0
 int BN_pseudo_rand_range(BIGNUM *rnd, const BIGNUM *range);
+# endif
 int BN_num_bits(const BIGNUM *a);
 int BN_num_bits_word(BN_ULONG l);
 int BN_security_bits(int L, int N);
@ -223,6 +245,8 @@ int BN_bn2bin(const BIGNUM *a, unsigned char *to);
 int BN_bn2binpad(const BIGNUM *a, unsigned char *to, int tolen);
 BIGNUM *BN_lebin2bn(const unsigned char *s, int len, BIGNUM *ret);
 int BN_bn2lebinpad(const BIGNUM *a, unsigned char *to, int tolen);
+BIGNUM *BN_native2bn(const unsigned char *s, int len, BIGNUM *ret);
+int BN_bn2nativepad(const BIGNUM *a, unsigned char *to, int tolen);
 BIGNUM *BN_mpi2bn(const unsigned char *s, int len, BIGNUM *ret);
 int BN_bn2mpi(const BIGNUM *a, unsigned char *to);
 int BN_sub(BIGNUM *r, const BIGNUM *a, const BIGNUM *b);
@ -292,6 +316,11 @@ int BN_mod_exp2_mont(BIGNUM *r, const BIGNUM *a1, const BIGNUM *p1,
                     BN_CTX *ctx, BN_MONT_CTX *m_ctx);
 int BN_mod_exp_simple(BIGNUM *r, const BIGNUM *a, const BIGNUM *p,
                      const BIGNUM *m, BN_CTX *ctx);
+int BN_mod_exp_mont_consttime_x2(BIGNUM *rr1, const BIGNUM *a1, const BIGNUM *p1,
+                                 const BIGNUM *m1, BN_MONT_CTX *in_mont1,
+                                 BIGNUM *rr2, const BIGNUM *a2, const BIGNUM *p2,
+                                 const BIGNUM *m2, BN_MONT_CTX *in_mont2,
+                                 BN_CTX *ctx);

 int BN_mask_bits(BIGNUM *a, int n);
 # ifndef OPENSSL_NO_STDIO
@ -315,6 +344,7 @@ int BN_gcd(BIGNUM *r, const BIGNUM *a, const BIGNUM *b, BN_CTX *ctx);
 int BN_kronecker(const BIGNUM *a, const BIGNUM *b, BN_CTX *ctx); /* returns
                                                                  * -2 for
                                                                  * error */
+int BN_are_coprime(BIGNUM *a, const BIGNUM *b, BN_CTX *ctx);
 BIGNUM *BN_mod_inverse(BIGNUM *ret,
                       const BIGNUM *a, const BIGNUM *n, BN_CTX *ctx);
 BIGNUM *BN_mod_sqrt(BIGNUM *ret,
@ -323,38 +353,51 @@ BIGNUM *BN_mod_sqrt(BIGNUM *ret,
 void BN_consttime_swap(BN_ULONG swap, BIGNUM *a, BIGNUM *b, int nwords);

 /* Deprecated versions */
-DEPRECATEDIN_0_9_8(BIGNUM *BN_generate_prime(BIGNUM *ret, int bits, int safe,
-                                             const BIGNUM *add,
-                                             const BIGNUM *rem,
-                                             void (*callback) (int, int,
-                                                               void *),
-                                             void *cb_arg))
-DEPRECATEDIN_0_9_8(int
-                   BN_is_prime(const BIGNUM *p, int nchecks,
-                               void (*callback) (int, int, void *),
-                               BN_CTX *ctx, void *cb_arg))
-DEPRECATEDIN_0_9_8(int
-                   BN_is_prime_fasttest(const BIGNUM *p, int nchecks,
-                                        void (*callback) (int, int, void *),
-                                        BN_CTX *ctx, void *cb_arg,
-                                        int do_trial_division))
-
-/* Newer versions */
-int BN_generate_prime_ex(BIGNUM *ret, int bits, int safe, const BIGNUM *add,
-                         const BIGNUM *rem, BN_GENCB *cb);
+# ifndef OPENSSL_NO_DEPRECATED_0_9_8
+OSSL_DEPRECATEDIN_0_9_8
+BIGNUM *BN_generate_prime(BIGNUM *ret, int bits, int safe,
+                          const BIGNUM *add, const BIGNUM *rem,
+                          void (*callback) (int, int, void *),
+                          void *cb_arg);
+OSSL_DEPRECATEDIN_0_9_8
+int BN_is_prime(const BIGNUM *p, int nchecks,
+                void (*callback) (int, int, void *),
+                BN_CTX *ctx, void *cb_arg);
+OSSL_DEPRECATEDIN_0_9_8
+int BN_is_prime_fasttest(const BIGNUM *p, int nchecks,
+                         void (*callback) (int, int, void *),
+                         BN_CTX *ctx, void *cb_arg,
+                         int do_trial_division);
+# endif
+# ifndef OPENSSL_NO_DEPRECATED_3_0
+OSSL_DEPRECATEDIN_3_0
 int BN_is_prime_ex(const BIGNUM *p, int nchecks, BN_CTX *ctx, BN_GENCB *cb);
+OSSL_DEPRECATEDIN_3_0
 int BN_is_prime_fasttest_ex(const BIGNUM *p, int nchecks, BN_CTX *ctx,
                            int do_trial_division, BN_GENCB *cb);
+# endif
+/* Newer versions */
+int BN_generate_prime_ex2(BIGNUM *ret, int bits, int safe,
+                          const BIGNUM *add, const BIGNUM *rem, BN_GENCB *cb,
+                          BN_CTX *ctx);
+int BN_generate_prime_ex(BIGNUM *ret, int bits, int safe, const BIGNUM *add,
+                         const BIGNUM *rem, BN_GENCB *cb);
+int BN_check_prime(const BIGNUM *p, BN_CTX *ctx, BN_GENCB *cb);

+# ifndef OPENSSL_NO_DEPRECATED_3_0
+OSSL_DEPRECATEDIN_3_0
 int BN_X931_generate_Xpq(BIGNUM *Xp, BIGNUM *Xq, int nbits, BN_CTX *ctx);

+OSSL_DEPRECATEDIN_3_0
 int BN_X931_derive_prime_ex(BIGNUM *p, BIGNUM *p1, BIGNUM *p2,
                            const BIGNUM *Xp, const BIGNUM *Xp1,
                            const BIGNUM *Xp2, const BIGNUM *e, BN_CTX *ctx,
                            BN_GENCB *cb);
+OSSL_DEPRECATEDIN_3_0
 int BN_X931_generate_prime_ex(BIGNUM *p, BIGNUM *p1, BIGNUM *p2, BIGNUM *Xp1,
                              BIGNUM *Xp2, const BIGNUM *Xp, const BIGNUM *e,
                              BN_CTX *ctx, BN_GENCB *cb);
+# endif

 BN_MONT_CTX *BN_MONT_CTX_new(void);
 int BN_mod_mul_montgomery(BIGNUM *r, const BIGNUM *a, const BIGNUM *b,
@ -398,10 +441,12 @@ BN_BLINDING *BN_BLINDING_create_param(BN_BLINDING *b,
                                                         BN_CTX *ctx,
                                                         BN_MONT_CTX *m_ctx),
                                      BN_MONT_CTX *m_ctx);
-
-DEPRECATEDIN_0_9_8(void BN_set_params(int mul, int high, int low, int mont))
-DEPRECATEDIN_0_9_8(int BN_get_params(int which)) /* 0, mul, 1 high, 2 low, 3
-                                                  * mont */
+# ifndef OPENSSL_NO_DEPRECATED_0_9_8
+OSSL_DEPRECATEDIN_0_9_8
+void BN_set_params(int mul, int high, int low, int mont);
+OSSL_DEPRECATEDIN_0_9_8
+int BN_get_params(int which); /* 0, mul, 1 high, 2 low, 3 mont */
+# endif

 BN_RECP_CTX *BN_RECP_CTX_new(void);
 void BN_RECP_CTX_free(BN_RECP_CTX *recp);
@ -519,16 +564,16 @@ BIGNUM *BN_get_rfc3526_prime_4096(BIGNUM *bn);
 BIGNUM *BN_get_rfc3526_prime_6144(BIGNUM *bn);
 BIGNUM *BN_get_rfc3526_prime_8192(BIGNUM *bn);

-# if OPENSSL_API_COMPAT < 0x10100000L
-#  define get_rfc2409_prime_768 BN_get_rfc2409_prime_768
-#  define get_rfc2409_prime_1024 BN_get_rfc2409_prime_1024
-#  define get_rfc3526_prime_1536 BN_get_rfc3526_prime_1536
-#  define get_rfc3526_prime_2048 BN_get_rfc3526_prime_2048
-#  define get_rfc3526_prime_3072 BN_get_rfc3526_prime_3072
-#  define get_rfc3526_prime_4096 BN_get_rfc3526_prime_4096
-#  define get_rfc3526_prime_6144 BN_get_rfc3526_prime_6144
-#  define get_rfc3526_prime_8192 BN_get_rfc3526_prime_8192
-# endif
+#  ifndef OPENSSL_NO_DEPRECATED_1_1_0
+#   define get_rfc2409_prime_768 BN_get_rfc2409_prime_768
+#   define get_rfc2409_prime_1024 BN_get_rfc2409_prime_1024
+#   define get_rfc3526_prime_1536 BN_get_rfc3526_prime_1536
+#   define get_rfc3526_prime_2048 BN_get_rfc3526_prime_2048
+#   define get_rfc3526_prime_3072 BN_get_rfc3526_prime_3072
+#   define get_rfc3526_prime_4096 BN_get_rfc3526_prime_4096
+#   define get_rfc3526_prime_6144 BN_get_rfc3526_prime_6144
+#   define get_rfc3526_prime_8192 BN_get_rfc3526_prime_8192
+#  endif

 int BN_bntest_rand(BIGNUM *rnd, int bits, int top, int bottom);

--- a/src/3rdparty/win32_include/openssl/bnerr.h
+++ b/src/3rdparty/win32_include/openssl/bnerr.h
@ -1,77 +1,22 @@
 /*
 * Generated by util/mkerr.pl DO NOT EDIT
- * Copyright 1995-2019 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 1995-2022 The OpenSSL Project Authors. All Rights Reserved.
 *
- * Licensed under the OpenSSL license (the "License").  You may not use
+ * Licensed under the Apache License 2.0 (the "License").  You may not use
 * this file except in compliance with the License.  You can obtain a copy
 * in the file LICENSE in the source distribution or at
 * https://www.openssl.org/source/license.html
 */

-#ifndef HEADER_BNERR_H
-# define HEADER_BNERR_H
+#ifndef OPENSSL_BNERR_H
+# define OPENSSL_BNERR_H
+# pragma once

-# ifndef HEADER_SYMHACKS_H
-#  include <openssl/symhacks.h>
-# endif
+# include <openssl/opensslconf.h>
+# include <openssl/symhacks.h>
+# include <openssl/cryptoerr_legacy.h>

-# ifdef  __cplusplus
-extern "C"
-# endif
-int ERR_load_BN_strings(void);

-/*
- * BN function codes.
- */
-# define BN_F_BNRAND                                      127
-# define BN_F_BNRAND_RANGE                                138
-# define BN_F_BN_BLINDING_CONVERT_EX                      100
-# define BN_F_BN_BLINDING_CREATE_PARAM                    128
-# define BN_F_BN_BLINDING_INVERT_EX                       101
-# define BN_F_BN_BLINDING_NEW                             102
-# define BN_F_BN_BLINDING_UPDATE                          103
-# define BN_F_BN_BN2DEC                                   104
-# define BN_F_BN_BN2HEX                                   105
-# define BN_F_BN_COMPUTE_WNAF                             142
-# define BN_F_BN_CTX_GET                                  116
-# define BN_F_BN_CTX_NEW                                  106
-# define BN_F_BN_CTX_START                                129
-# define BN_F_BN_DIV                                      107
-# define BN_F_BN_DIV_RECP                                 130
-# define BN_F_BN_EXP                                      123
-# define BN_F_BN_EXPAND_INTERNAL                          120
-# define BN_F_BN_GENCB_NEW                                143
-# define BN_F_BN_GENERATE_DSA_NONCE                       140
-# define BN_F_BN_GENERATE_PRIME_EX                        141
-# define BN_F_BN_GF2M_MOD                                 131
-# define BN_F_BN_GF2M_MOD_EXP                             132
-# define BN_F_BN_GF2M_MOD_MUL                             133
-# define BN_F_BN_GF2M_MOD_SOLVE_QUAD                      134
-# define BN_F_BN_GF2M_MOD_SOLVE_QUAD_ARR                  135
-# define BN_F_BN_GF2M_MOD_SQR                             136
-# define BN_F_BN_GF2M_MOD_SQRT                            137
-# define BN_F_BN_LSHIFT                                   145
-# define BN_F_BN_MOD_EXP2_MONT                            118
-# define BN_F_BN_MOD_EXP_MONT                             109
-# define BN_F_BN_MOD_EXP_MONT_CONSTTIME                   124
-# define BN_F_BN_MOD_EXP_MONT_WORD                        117
-# define BN_F_BN_MOD_EXP_RECP                             125
-# define BN_F_BN_MOD_EXP_SIMPLE                           126
-# define BN_F_BN_MOD_INVERSE                              110
-# define BN_F_BN_MOD_INVERSE_NO_BRANCH                    139
-# define BN_F_BN_MOD_LSHIFT_QUICK                         119
-# define BN_F_BN_MOD_SQRT                                 121
-# define BN_F_BN_MONT_CTX_NEW                             149
-# define BN_F_BN_MPI2BN                                   112
-# define BN_F_BN_NEW                                      113
-# define BN_F_BN_POOL_GET                                 147
-# define BN_F_BN_RAND                                     114
-# define BN_F_BN_RAND_RANGE                               122
-# define BN_F_BN_RECP_CTX_NEW                             150
-# define BN_F_BN_RSHIFT                                   146
-# define BN_F_BN_SET_WORDS                                144
-# define BN_F_BN_STACK_PUSH                               148
-# define BN_F_BN_USUB                                     115

 /*
 * BN reason codes.
@ -91,7 +36,9 @@ int ERR_load_BN_strings(void);
 # define BN_R_NOT_A_SQUARE                                111
 # define BN_R_NOT_INITIALIZED                             107
 # define BN_R_NO_INVERSE                                  108
+# define BN_R_NO_PRIME_CANDIDATE                          121
 # define BN_R_NO_SOLUTION                                 116
+# define BN_R_NO_SUITABLE_DIGEST                          120
 # define BN_R_PRIVATE_KEY_TOO_LARGE                       117
 # define BN_R_P_IS_NOT_PRIME                              112
 # define BN_R_TOO_MANY_ITERATIONS                         113
--- a/src/3rdparty/win32_include/openssl/buffer.h
+++ b/src/3rdparty/win32_include/openssl/buffer.h
@ -1,17 +1,23 @@
 /*
 * Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved.
 *
- * Licensed under the OpenSSL license (the "License").  You may not use
+ * Licensed under the Apache License 2.0 (the "License").  You may not use
 * this file except in compliance with the License.  You can obtain a copy
 * in the file LICENSE in the source distribution or at
 * https://www.openssl.org/source/license.html
 */

-#ifndef HEADER_BUFFER_H
-# define HEADER_BUFFER_H
+#ifndef OPENSSL_BUFFER_H
+# define OPENSSL_BUFFER_H
+# pragma once

-# include <openssl/ossl_typ.h>
-# ifndef HEADER_CRYPTO_H
+# include <openssl/macros.h>
+# ifndef OPENSSL_NO_DEPRECATED_3_0
+#  define HEADER_BUFFER_H
+# endif
+
+# include <openssl/types.h>
+# ifndef OPENSSL_CRYPTO_H
 #  include <openssl/crypto.h>
 # endif
 # include <openssl/buffererr.h>
@ -24,16 +30,14 @@ extern "C" {
 # include <stddef.h>
 # include <sys/types.h>

-/*
- * These names are outdated as of OpenSSL 1.1; a future release
- * will move them to be deprecated.
- */
-# define BUF_strdup(s) OPENSSL_strdup(s)
-# define BUF_strndup(s, size) OPENSSL_strndup(s, size)
-# define BUF_memdup(data, size) OPENSSL_memdup(data, size)
-# define BUF_strlcpy(dst, src, size)  OPENSSL_strlcpy(dst, src, size)
-# define BUF_strlcat(dst, src, size) OPENSSL_strlcat(dst, src, size)
-# define BUF_strnlen(str, maxlen) OPENSSL_strnlen(str, maxlen)
+# ifndef OPENSSL_NO_DEPRECATED_3_0
+#  define BUF_strdup(s) OPENSSL_strdup(s)
+#  define BUF_strndup(s, size) OPENSSL_strndup(s, size)
+#  define BUF_memdup(data, size) OPENSSL_memdup(data, size)
+#  define BUF_strlcpy(dst, src, size)  OPENSSL_strlcpy(dst, src, size)
+#  define BUF_strlcat(dst, src, size) OPENSSL_strlcat(dst, src, size)
+#  define BUF_strnlen(str, maxlen) OPENSSL_strnlen(str, maxlen)
+# endif

 struct buf_mem_st {
    size_t length;              /* current number of bytes */
--- a/src/3rdparty/win32_include/openssl/buffererr.h
+++ b/src/3rdparty/win32_include/openssl/buffererr.h
@ -1,31 +1,22 @@
 /*
 * Generated by util/mkerr.pl DO NOT EDIT
- * Copyright 1995-2019 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 1995-2021 The OpenSSL Project Authors. All Rights Reserved.
 *
- * Licensed under the OpenSSL license (the "License").  You may not use
+ * Licensed under the Apache License 2.0 (the "License").  You may not use
 * this file except in compliance with the License.  You can obtain a copy
 * in the file LICENSE in the source distribution or at
 * https://www.openssl.org/source/license.html
 */

-#ifndef HEADER_BUFERR_H
-# define HEADER_BUFERR_H
+#ifndef OPENSSL_BUFFERERR_H
+# define OPENSSL_BUFFERERR_H
+# pragma once

-# ifndef HEADER_SYMHACKS_H
-#  include <openssl/symhacks.h>
-# endif
+# include <openssl/opensslconf.h>
+# include <openssl/symhacks.h>
+# include <openssl/cryptoerr_legacy.h>

-# ifdef  __cplusplus
-extern "C"
-# endif
-int ERR_load_BUF_strings(void);

-/*
- * BUF function codes.
- */
-# define BUF_F_BUF_MEM_GROW                               100
-# define BUF_F_BUF_MEM_GROW_CLEAN                         105
-# define BUF_F_BUF_MEM_NEW                                101

 /*
 * BUF reason codes.
--- a/src/3rdparty/win32_include/openssl/camellia.h
+++ b/src/3rdparty/win32_include/openssl/camellia.h
@ -1,14 +1,20 @@
 /*
- * Copyright 2006-2016 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 2006-2020 The OpenSSL Project Authors. All Rights Reserved.
 *
- * Licensed under the OpenSSL license (the "License").  You may not use
+ * Licensed under the Apache License 2.0 (the "License").  You may not use
 * this file except in compliance with the License.  You can obtain a copy
 * in the file LICENSE in the source distribution or at
 * https://www.openssl.org/source/license.html
 */

-#ifndef HEADER_CAMELLIA_H
-# define HEADER_CAMELLIA_H
+#ifndef OPENSSL_CAMELLIA_H
+# define OPENSSL_CAMELLIA_H
+# pragma once
+
+# include <openssl/macros.h>
+# ifndef OPENSSL_NO_DEPRECATED_3_0
+#  define HEADER_CAMELLIA_H
+# endif

 # include <openssl/opensslconf.h>

@ -18,8 +24,12 @@
 extern "C" {
 #endif

-# define CAMELLIA_ENCRYPT        1
-# define CAMELLIA_DECRYPT        0
+# define CAMELLIA_BLOCK_SIZE 16
+
+# ifndef OPENSSL_NO_DEPRECATED_3_0
+
+#  define CAMELLIA_ENCRYPT        1
+#  define CAMELLIA_DECRYPT        0

 /*
 * Because array size can't be a const in C, the following two are macros.
@ -28,9 +38,8 @@ extern "C" {

 /* This should be a hidden type, but EVP requires that the size be known */

-# define CAMELLIA_BLOCK_SIZE 16
-# define CAMELLIA_TABLE_BYTE_LEN 272
-# define CAMELLIA_TABLE_WORD_LEN (CAMELLIA_TABLE_BYTE_LEN / 4)
+#  define CAMELLIA_TABLE_BYTE_LEN 272
+#  define CAMELLIA_TABLE_WORD_LEN (CAMELLIA_TABLE_BYTE_LEN / 4)

 typedef unsigned int KEY_TABLE_TYPE[CAMELLIA_TABLE_WORD_LEN]; /* to match
                                                               * with WORD */
@ -44,36 +53,61 @@ struct camellia_key_st {
 };
 typedef struct camellia_key_st CAMELLIA_KEY;

-int Camellia_set_key(const unsigned char *userKey, const int bits,
-                     CAMELLIA_KEY *key);
-
-void Camellia_encrypt(const unsigned char *in, unsigned char *out,
-                      const CAMELLIA_KEY *key);
-void Camellia_decrypt(const unsigned char *in, unsigned char *out,
-                      const CAMELLIA_KEY *key);
-
-void Camellia_ecb_encrypt(const unsigned char *in, unsigned char *out,
-                          const CAMELLIA_KEY *key, const int enc);
-void Camellia_cbc_encrypt(const unsigned char *in, unsigned char *out,
-                          size_t length, const CAMELLIA_KEY *key,
-                          unsigned char *ivec, const int enc);
-void Camellia_cfb128_encrypt(const unsigned char *in, unsigned char *out,
-                             size_t length, const CAMELLIA_KEY *key,
-                             unsigned char *ivec, int *num, const int enc);
-void Camellia_cfb1_encrypt(const unsigned char *in, unsigned char *out,
-                           size_t length, const CAMELLIA_KEY *key,
-                           unsigned char *ivec, int *num, const int enc);
-void Camellia_cfb8_encrypt(const unsigned char *in, unsigned char *out,
-                           size_t length, const CAMELLIA_KEY *key,
-                           unsigned char *ivec, int *num, const int enc);
-void Camellia_ofb128_encrypt(const unsigned char *in, unsigned char *out,
-                             size_t length, const CAMELLIA_KEY *key,
-                             unsigned char *ivec, int *num);
+# endif /* OPENSSL_NO_DEPRECATED_3_0 */
+# ifndef OPENSSL_NO_DEPRECATED_3_0
+OSSL_DEPRECATEDIN_3_0 int Camellia_set_key(const unsigned char *userKey,
+                                           const int bits,
+                                           CAMELLIA_KEY *key);
+OSSL_DEPRECATEDIN_3_0 void Camellia_encrypt(const unsigned char *in,
+                                            unsigned char *out,
+                                            const CAMELLIA_KEY *key);
+OSSL_DEPRECATEDIN_3_0 void Camellia_decrypt(const unsigned char *in,
+                                            unsigned char *out,
+                                            const CAMELLIA_KEY *key);
+OSSL_DEPRECATEDIN_3_0 void Camellia_ecb_encrypt(const unsigned char *in,
+                                                unsigned char *out,
+                                                const CAMELLIA_KEY *key,
+                                                const int enc);
+OSSL_DEPRECATEDIN_3_0 void Camellia_cbc_encrypt(const unsigned char *in,
+                                                unsigned char *out,
+                                                size_t length,
+                                                const CAMELLIA_KEY *key,
+                                                unsigned char *ivec,
+                                                const int enc);
+OSSL_DEPRECATEDIN_3_0 void Camellia_cfb128_encrypt(const unsigned char *in,
+                                                   unsigned char *out,
+                                                   size_t length,
+                                                   const CAMELLIA_KEY *key,
+                                                   unsigned char *ivec,
+                                                   int *num,
+                                                   const int enc);
+OSSL_DEPRECATEDIN_3_0 void Camellia_cfb1_encrypt(const unsigned char *in,
+                                                 unsigned char *out,
+                                                 size_t length,
+                                                 const CAMELLIA_KEY *key,
+                                                 unsigned char *ivec,
+                                                 int *num,
+                                                 const int enc);
+OSSL_DEPRECATEDIN_3_0 void Camellia_cfb8_encrypt(const unsigned char *in,
+                                                 unsigned char *out,
+                                                 size_t length,
+                                                 const CAMELLIA_KEY *key,
+                                                 unsigned char *ivec,
+                                                 int *num,
+                                                 const int enc);
+OSSL_DEPRECATEDIN_3_0 void Camellia_ofb128_encrypt(const unsigned char *in,
+                                                   unsigned char *out,
+                                                   size_t length,
+                                                   const CAMELLIA_KEY *key,
+                                                   unsigned char *ivec,
+                                                   int *num);
+OSSL_DEPRECATEDIN_3_0
 void Camellia_ctr128_encrypt(const unsigned char *in, unsigned char *out,
                             size_t length, const CAMELLIA_KEY *key,
                             unsigned char ivec[CAMELLIA_BLOCK_SIZE],
                             unsigned char ecount_buf[CAMELLIA_BLOCK_SIZE],
                             unsigned int *num);
+# endif

 # ifdef  __cplusplus
 }
--- a/src/3rdparty/win32_include/openssl/cast.h
+++ b/src/3rdparty/win32_include/openssl/cast.h
@ -1,14 +1,20 @@
 /*
- * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 1995-2020 The OpenSSL Project Authors. All Rights Reserved.
 *
- * Licensed under the OpenSSL license (the "License").  You may not use
+ * Licensed under the Apache License 2.0 (the "License").  You may not use
 * this file except in compliance with the License.  You can obtain a copy
 * in the file LICENSE in the source distribution or at
 * https://www.openssl.org/source/license.html
 */

-#ifndef HEADER_CAST_H
-# define HEADER_CAST_H
+#ifndef OPENSSL_CAST_H
+# define OPENSSL_CAST_H
+# pragma once
+
+# include <openssl/macros.h>
+# ifndef OPENSSL_NO_DEPRECATED_3_0
+#  define HEADER_CAST_H
+# endif

 # include <openssl/opensslconf.h>

@ -17,33 +23,45 @@
 extern "C" {
 # endif

-# define CAST_ENCRYPT    1
-# define CAST_DECRYPT    0
-
-# define CAST_LONG unsigned int
-
 # define CAST_BLOCK      8
 # define CAST_KEY_LENGTH 16

+# ifndef OPENSSL_NO_DEPRECATED_3_0
+
+#  define CAST_ENCRYPT    1
+#  define CAST_DECRYPT    0
+
+#  define CAST_LONG unsigned int
+
 typedef struct cast_key_st {
    CAST_LONG data[32];
    int short_key;              /* Use reduced rounds for short key */
 } CAST_KEY;

+# endif /* OPENSSL_NO_DEPRECATED_3_0 */
+# ifndef OPENSSL_NO_DEPRECATED_3_0
+OSSL_DEPRECATEDIN_3_0
 void CAST_set_key(CAST_KEY *key, int len, const unsigned char *data);
+OSSL_DEPRECATEDIN_3_0
 void CAST_ecb_encrypt(const unsigned char *in, unsigned char *out,
                      const CAST_KEY *key, int enc);
+OSSL_DEPRECATEDIN_3_0
 void CAST_encrypt(CAST_LONG *data, const CAST_KEY *key);
+OSSL_DEPRECATEDIN_3_0
 void CAST_decrypt(CAST_LONG *data, const CAST_KEY *key);
+OSSL_DEPRECATEDIN_3_0
 void CAST_cbc_encrypt(const unsigned char *in, unsigned char *out,
                      long length, const CAST_KEY *ks, unsigned char *iv,
                      int enc);
+OSSL_DEPRECATEDIN_3_0
 void CAST_cfb64_encrypt(const unsigned char *in, unsigned char *out,
                        long length, const CAST_KEY *schedule,
                        unsigned char *ivec, int *num, int enc);
+OSSL_DEPRECATEDIN_3_0
 void CAST_ofb64_encrypt(const unsigned char *in, unsigned char *out,
                        long length, const CAST_KEY *schedule,
                        unsigned char *ivec, int *num);
+# endif

 # ifdef  __cplusplus
 }
--- a/src/3rdparty/win32_include/openssl/cmac.h
+++ b/src/3rdparty/win32_include/openssl/cmac.h
@ -1,41 +1,52 @@
 /*
- * Copyright 2010-2016 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 2010-2020 The OpenSSL Project Authors. All Rights Reserved.
 *
- * Licensed under the OpenSSL license (the "License").  You may not use
+ * Licensed under the Apache License 2.0 (the "License").  You may not use
 * this file except in compliance with the License.  You can obtain a copy
 * in the file LICENSE in the source distribution or at
 * https://www.openssl.org/source/license.html
 */

-#ifndef HEADER_CMAC_H
-# define HEADER_CMAC_H
+#ifndef OPENSSL_CMAC_H
+# define OPENSSL_CMAC_H
+# pragma once
+
+# include <openssl/macros.h>
+# ifndef OPENSSL_NO_DEPRECATED_3_0
+#  define HEADER_CMAC_H
+# endif

 # ifndef OPENSSL_NO_CMAC

-#ifdef __cplusplus
+#  ifdef __cplusplus
 extern "C" {
-#endif
+#  endif

-# include <openssl/evp.h>
+#  include <openssl/evp.h>

+#  ifndef OPENSSL_NO_DEPRECATED_3_0
 /* Opaque */
 typedef struct CMAC_CTX_st CMAC_CTX;
+#  endif
+#  ifndef OPENSSL_NO_DEPRECATED_3_0
+OSSL_DEPRECATEDIN_3_0 CMAC_CTX *CMAC_CTX_new(void);
+OSSL_DEPRECATEDIN_3_0 void CMAC_CTX_cleanup(CMAC_CTX *ctx);
+OSSL_DEPRECATEDIN_3_0 void CMAC_CTX_free(CMAC_CTX *ctx);
+OSSL_DEPRECATEDIN_3_0 EVP_CIPHER_CTX *CMAC_CTX_get0_cipher_ctx(CMAC_CTX *ctx);
+OSSL_DEPRECATEDIN_3_0 int CMAC_CTX_copy(CMAC_CTX *out, const CMAC_CTX *in);
+OSSL_DEPRECATEDIN_3_0 int CMAC_Init(CMAC_CTX *ctx,
+                                    const void *key, size_t keylen,
+                                    const EVP_CIPHER *cipher, ENGINE *impl);
+OSSL_DEPRECATEDIN_3_0 int CMAC_Update(CMAC_CTX *ctx,
+                                      const void *data, size_t dlen);
+OSSL_DEPRECATEDIN_3_0 int CMAC_Final(CMAC_CTX *ctx,
+                                     unsigned char *out, size_t *poutlen);
+OSSL_DEPRECATEDIN_3_0 int CMAC_resume(CMAC_CTX *ctx);
+#  endif

-CMAC_CTX *CMAC_CTX_new(void);
-void CMAC_CTX_cleanup(CMAC_CTX *ctx);
-void CMAC_CTX_free(CMAC_CTX *ctx);
-EVP_CIPHER_CTX *CMAC_CTX_get0_cipher_ctx(CMAC_CTX *ctx);
-int CMAC_CTX_copy(CMAC_CTX *out, const CMAC_CTX *in);
-
-int CMAC_Init(CMAC_CTX *ctx, const void *key, size_t keylen,
-              const EVP_CIPHER *cipher, ENGINE *impl);
-int CMAC_Update(CMAC_CTX *ctx, const void *data, size_t dlen);
-int CMAC_Final(CMAC_CTX *ctx, unsigned char *out, size_t *poutlen);
-int CMAC_resume(CMAC_CTX *ctx);
-
-#ifdef  __cplusplus
+#  ifdef  __cplusplus
 }
-#endif
+#  endif

 # endif
 #endif
--- a/src/3rdparty/win32_include/openssl/cmp.h
+++ b/src/3rdparty/win32_include/openssl/cmp.h
@ -0,0 +1,596 @@
+/*
+ * WARNING: do not edit!
+ * Generated by makefile from include\openssl\cmp.h.in
+ *
+ * Copyright 2007-2022 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright Nokia 2007-2019
+ * Copyright Siemens AG 2015-2019
+ *
+ * Licensed under the Apache License 2.0 (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+
+
+#ifndef OPENSSL_CMP_H
+# define OPENSSL_CMP_H
+
+# include <openssl/opensslconf.h>
+# ifndef OPENSSL_NO_CMP
+
+#  include <openssl/crmf.h>
+#  include <openssl/cmperr.h>
+#  include <openssl/cmp_util.h>
+#  include <openssl/http.h>
+
+/* explicit #includes not strictly needed since implied by the above: */
+#  include <openssl/types.h>
+#  include <openssl/safestack.h>
+#  include <openssl/x509.h>
+#  include <openssl/x509v3.h>
+
+#  ifdef __cplusplus
+extern "C" {
+#  endif
+
+#  define OSSL_CMP_PVNO 2
+
+/*-
+ *   PKIFailureInfo ::= BIT STRING {
+ *   -- since we can fail in more than one way!
+ *   -- More codes may be added in the future if/when required.
+ *       badAlg              (0),
+ *       -- unrecognized or unsupported Algorithm Identifier
+ *       badMessageCheck     (1),
+ *       -- integrity check failed (e.g., signature did not verify)
+ *       badRequest          (2),
+ *       -- transaction not permitted or supported
+ *       badTime             (3),
+ *       -- messageTime was not sufficiently close to the system time,
+ *       -- as defined by local policy
+ *       badCertId           (4),
+ *       -- no certificate could be found matching the provided criteria
+ *       badDataFormat       (5),
+ *       -- the data submitted has the wrong format
+ *       wrongAuthority      (6),
+ *       -- the authority indicated in the request is different from the
+ *       -- one creating the response token
+ *       incorrectData       (7),
+ *       -- the requester's data is incorrect (for notary services)
+ *       missingTimeStamp    (8),
+ *       -- when the timestamp is missing but should be there
+ *       -- (by policy)
+ *       badPOP              (9),
+ *       -- the proof-of-possession failed
+ *       certRevoked         (10),
+ *          -- the certificate has already been revoked
+ *       certConfirmed       (11),
+ *          -- the certificate has already been confirmed
+ *       wrongIntegrity      (12),
+ *          -- invalid integrity, password based instead of signature or
+ *          -- vice versa
+ *       badRecipientNonce   (13),
+ *          -- invalid recipient nonce, either missing or wrong value
+ *       timeNotAvailable    (14),
+ *          -- the TSA's time source is not available
+ *       unacceptedPolicy    (15),
+ *          -- the requested TSA policy is not supported by the TSA.
+ *       unacceptedExtension (16),
+ *          -- the requested extension is not supported by the TSA.
+ *       addInfoNotAvailable (17),
+ *          -- the additional information requested could not be
+ *          -- understood or is not available
+ *       badSenderNonce      (18),
+ *          -- invalid sender nonce, either missing or wrong size
+ *       badCertTemplate     (19),
+ *          -- invalid cert. template or missing mandatory information
+ *       signerNotTrusted    (20),
+ *          -- signer of the message unknown or not trusted
+ *       transactionIdInUse  (21),
+ *          -- the transaction identifier is already in use
+ *       unsupportedVersion  (22),
+ *          -- the version of the message is not supported
+ *       notAuthorized       (23),
+ *          -- the sender was not authorized to make the preceding
+ *          -- request or perform the preceding action
+ *       systemUnavail       (24),
+ *       -- the request cannot be handled due to system unavailability
+ *       systemFailure       (25),
+ *       -- the request cannot be handled due to system failure
+ *       duplicateCertReq    (26)
+ *       -- certificate cannot be issued because a duplicate
+ *       -- certificate already exists
+ *   }
+ */
+#  define OSSL_CMP_PKIFAILUREINFO_badAlg 0
+#  define OSSL_CMP_PKIFAILUREINFO_badMessageCheck 1
+#  define OSSL_CMP_PKIFAILUREINFO_badRequest 2
+#  define OSSL_CMP_PKIFAILUREINFO_badTime 3
+#  define OSSL_CMP_PKIFAILUREINFO_badCertId 4
+#  define OSSL_CMP_PKIFAILUREINFO_badDataFormat 5
+#  define OSSL_CMP_PKIFAILUREINFO_wrongAuthority 6
+#  define OSSL_CMP_PKIFAILUREINFO_incorrectData 7
+#  define OSSL_CMP_PKIFAILUREINFO_missingTimeStamp 8
+#  define OSSL_CMP_PKIFAILUREINFO_badPOP 9
+#  define OSSL_CMP_PKIFAILUREINFO_certRevoked 10
+#  define OSSL_CMP_PKIFAILUREINFO_certConfirmed 11
+#  define OSSL_CMP_PKIFAILUREINFO_wrongIntegrity 12
+#  define OSSL_CMP_PKIFAILUREINFO_badRecipientNonce 13
+#  define OSSL_CMP_PKIFAILUREINFO_timeNotAvailable 14
+#  define OSSL_CMP_PKIFAILUREINFO_unacceptedPolicy 15
+#  define OSSL_CMP_PKIFAILUREINFO_unacceptedExtension 16
+#  define OSSL_CMP_PKIFAILUREINFO_addInfoNotAvailable 17
+#  define OSSL_CMP_PKIFAILUREINFO_badSenderNonce 18
+#  define OSSL_CMP_PKIFAILUREINFO_badCertTemplate 19
+#  define OSSL_CMP_PKIFAILUREINFO_signerNotTrusted 20
+#  define OSSL_CMP_PKIFAILUREINFO_transactionIdInUse 21
+#  define OSSL_CMP_PKIFAILUREINFO_unsupportedVersion 22
+#  define OSSL_CMP_PKIFAILUREINFO_notAuthorized 23
+#  define OSSL_CMP_PKIFAILUREINFO_systemUnavail 24
+#  define OSSL_CMP_PKIFAILUREINFO_systemFailure 25
+#  define OSSL_CMP_PKIFAILUREINFO_duplicateCertReq 26
+#  define OSSL_CMP_PKIFAILUREINFO_MAX 26
+#  define OSSL_CMP_PKIFAILUREINFO_MAX_BIT_PATTERN \
+    ((1 << (OSSL_CMP_PKIFAILUREINFO_MAX + 1)) - 1)
+#  if OSSL_CMP_PKIFAILUREINFO_MAX_BIT_PATTERN > INT_MAX
+#   error CMP_PKIFAILUREINFO_MAX bit pattern does not fit in type int
+#  endif
+
+typedef ASN1_BIT_STRING OSSL_CMP_PKIFAILUREINFO;
+
+#  define OSSL_CMP_CTX_FAILINFO_badAlg (1 << 0)
+#  define OSSL_CMP_CTX_FAILINFO_badMessageCheck (1 << 1)
+#  define OSSL_CMP_CTX_FAILINFO_badRequest (1 << 2)
+#  define OSSL_CMP_CTX_FAILINFO_badTime (1 << 3)
+#  define OSSL_CMP_CTX_FAILINFO_badCertId (1 << 4)
+#  define OSSL_CMP_CTX_FAILINFO_badDataFormat (1 << 5)
+#  define OSSL_CMP_CTX_FAILINFO_wrongAuthority (1 << 6)
+#  define OSSL_CMP_CTX_FAILINFO_incorrectData (1 << 7)
+#  define OSSL_CMP_CTX_FAILINFO_missingTimeStamp (1 << 8)
+#  define OSSL_CMP_CTX_FAILINFO_badPOP (1 << 9)
+#  define OSSL_CMP_CTX_FAILINFO_certRevoked (1 << 10)
+#  define OSSL_CMP_CTX_FAILINFO_certConfirmed (1 << 11)
+#  define OSSL_CMP_CTX_FAILINFO_wrongIntegrity (1 << 12)
+#  define OSSL_CMP_CTX_FAILINFO_badRecipientNonce (1 << 13)
+#  define OSSL_CMP_CTX_FAILINFO_timeNotAvailable (1 << 14)
+#  define OSSL_CMP_CTX_FAILINFO_unacceptedPolicy (1 << 15)
+#  define OSSL_CMP_CTX_FAILINFO_unacceptedExtension (1 << 16)
+#  define OSSL_CMP_CTX_FAILINFO_addInfoNotAvailable (1 << 17)
+#  define OSSL_CMP_CTX_FAILINFO_badSenderNonce (1 << 18)
+#  define OSSL_CMP_CTX_FAILINFO_badCertTemplate (1 << 19)
+#  define OSSL_CMP_CTX_FAILINFO_signerNotTrusted (1 << 20)
+#  define OSSL_CMP_CTX_FAILINFO_transactionIdInUse (1 << 21)
+#  define OSSL_CMP_CTX_FAILINFO_unsupportedVersion (1 << 22)
+#  define OSSL_CMP_CTX_FAILINFO_notAuthorized (1 << 23)
+#  define OSSL_CMP_CTX_FAILINFO_systemUnavail (1 << 24)
+#  define OSSL_CMP_CTX_FAILINFO_systemFailure (1 << 25)
+#  define OSSL_CMP_CTX_FAILINFO_duplicateCertReq (1 << 26)
+
+/*-
+ *   PKIStatus ::= INTEGER {
+ *       accepted                (0),
+ *       -- you got exactly what you asked for
+ *       grantedWithMods        (1),
+ *       -- you got something like what you asked for; the
+ *       -- requester is responsible for ascertaining the differences
+ *       rejection              (2),
+ *       -- you don't get it, more information elsewhere in the message
+ *       waiting                (3),
+ *       -- the request body part has not yet been processed; expect to
+ *       -- hear more later (note: proper handling of this status
+ *       -- response MAY use the polling req/rep PKIMessages specified
+ *       -- in Section 5.3.22; alternatively, polling in the underlying
+ *       -- transport layer MAY have some utility in this regard)
+ *       revocationWarning      (4),
+ *       -- this message contains a warning that a revocation is
+ *       -- imminent
+ *       revocationNotification (5),
+ *       -- notification that a revocation has occurred
+ *       keyUpdateWarning       (6)
+ *       -- update already done for the oldCertId specified in
+ *       -- CertReqMsg
+ *   }
+ */
+#  define OSSL_CMP_PKISTATUS_request                -3
+#  define OSSL_CMP_PKISTATUS_trans                  -2
+#  define OSSL_CMP_PKISTATUS_unspecified            -1
+#  define OSSL_CMP_PKISTATUS_accepted               0
+#  define OSSL_CMP_PKISTATUS_grantedWithMods        1
+#  define OSSL_CMP_PKISTATUS_rejection              2
+#  define OSSL_CMP_PKISTATUS_waiting                3
+#  define OSSL_CMP_PKISTATUS_revocationWarning      4
+#  define OSSL_CMP_PKISTATUS_revocationNotification 5
+#  define OSSL_CMP_PKISTATUS_keyUpdateWarning       6
+
+typedef ASN1_INTEGER OSSL_CMP_PKISTATUS;
+DECLARE_ASN1_ITEM(OSSL_CMP_PKISTATUS)
+
+#  define OSSL_CMP_CERTORENCCERT_CERTIFICATE 0
+#  define OSSL_CMP_CERTORENCCERT_ENCRYPTEDCERT 1
+
+/* data type declarations */
+typedef struct ossl_cmp_ctx_st OSSL_CMP_CTX;
+typedef struct ossl_cmp_pkiheader_st OSSL_CMP_PKIHEADER;
+DECLARE_ASN1_FUNCTIONS(OSSL_CMP_PKIHEADER)
+typedef struct ossl_cmp_msg_st OSSL_CMP_MSG;
+DECLARE_ASN1_DUP_FUNCTION(OSSL_CMP_MSG)
+DECLARE_ASN1_ENCODE_FUNCTIONS(OSSL_CMP_MSG, OSSL_CMP_MSG, OSSL_CMP_MSG)
+typedef struct ossl_cmp_certstatus_st OSSL_CMP_CERTSTATUS;
+SKM_DEFINE_STACK_OF_INTERNAL(OSSL_CMP_CERTSTATUS, OSSL_CMP_CERTSTATUS, OSSL_CMP_CERTSTATUS)
+#define sk_OSSL_CMP_CERTSTATUS_num(sk) OPENSSL_sk_num(ossl_check_const_OSSL_CMP_CERTSTATUS_sk_type(sk))
+#define sk_OSSL_CMP_CERTSTATUS_value(sk, idx) ((OSSL_CMP_CERTSTATUS *)OPENSSL_sk_value(ossl_check_const_OSSL_CMP_CERTSTATUS_sk_type(sk), (idx)))
+#define sk_OSSL_CMP_CERTSTATUS_new(cmp) ((STACK_OF(OSSL_CMP_CERTSTATUS) *)OPENSSL_sk_new(ossl_check_OSSL_CMP_CERTSTATUS_compfunc_type(cmp)))
+#define sk_OSSL_CMP_CERTSTATUS_new_null() ((STACK_OF(OSSL_CMP_CERTSTATUS) *)OPENSSL_sk_new_null())
+#define sk_OSSL_CMP_CERTSTATUS_new_reserve(cmp, n) ((STACK_OF(OSSL_CMP_CERTSTATUS) *)OPENSSL_sk_new_reserve(ossl_check_OSSL_CMP_CERTSTATUS_compfunc_type(cmp), (n)))
+#define sk_OSSL_CMP_CERTSTATUS_reserve(sk, n) OPENSSL_sk_reserve(ossl_check_OSSL_CMP_CERTSTATUS_sk_type(sk), (n))
+#define sk_OSSL_CMP_CERTSTATUS_free(sk) OPENSSL_sk_free(ossl_check_OSSL_CMP_CERTSTATUS_sk_type(sk))
+#define sk_OSSL_CMP_CERTSTATUS_zero(sk) OPENSSL_sk_zero(ossl_check_OSSL_CMP_CERTSTATUS_sk_type(sk))
+#define sk_OSSL_CMP_CERTSTATUS_delete(sk, i) ((OSSL_CMP_CERTSTATUS *)OPENSSL_sk_delete(ossl_check_OSSL_CMP_CERTSTATUS_sk_type(sk), (i)))
+#define sk_OSSL_CMP_CERTSTATUS_delete_ptr(sk, ptr) ((OSSL_CMP_CERTSTATUS *)OPENSSL_sk_delete_ptr(ossl_check_OSSL_CMP_CERTSTATUS_sk_type(sk), ossl_check_OSSL_CMP_CERTSTATUS_type(ptr)))
+#define sk_OSSL_CMP_CERTSTATUS_push(sk, ptr) OPENSSL_sk_push(ossl_check_OSSL_CMP_CERTSTATUS_sk_type(sk), ossl_check_OSSL_CMP_CERTSTATUS_type(ptr))
+#define sk_OSSL_CMP_CERTSTATUS_unshift(sk, ptr) OPENSSL_sk_unshift(ossl_check_OSSL_CMP_CERTSTATUS_sk_type(sk), ossl_check_OSSL_CMP_CERTSTATUS_type(ptr))
+#define sk_OSSL_CMP_CERTSTATUS_pop(sk) ((OSSL_CMP_CERTSTATUS *)OPENSSL_sk_pop(ossl_check_OSSL_CMP_CERTSTATUS_sk_type(sk)))
+#define sk_OSSL_CMP_CERTSTATUS_shift(sk) ((OSSL_CMP_CERTSTATUS *)OPENSSL_sk_shift(ossl_check_OSSL_CMP_CERTSTATUS_sk_type(sk)))
+#define sk_OSSL_CMP_CERTSTATUS_pop_free(sk, freefunc) OPENSSL_sk_pop_free(ossl_check_OSSL_CMP_CERTSTATUS_sk_type(sk),ossl_check_OSSL_CMP_CERTSTATUS_freefunc_type(freefunc))
+#define sk_OSSL_CMP_CERTSTATUS_insert(sk, ptr, idx) OPENSSL_sk_insert(ossl_check_OSSL_CMP_CERTSTATUS_sk_type(sk), ossl_check_OSSL_CMP_CERTSTATUS_type(ptr), (idx))
+#define sk_OSSL_CMP_CERTSTATUS_set(sk, idx, ptr) ((OSSL_CMP_CERTSTATUS *)OPENSSL_sk_set(ossl_check_OSSL_CMP_CERTSTATUS_sk_type(sk), (idx), ossl_check_OSSL_CMP_CERTSTATUS_type(ptr)))
+#define sk_OSSL_CMP_CERTSTATUS_find(sk, ptr) OPENSSL_sk_find(ossl_check_OSSL_CMP_CERTSTATUS_sk_type(sk), ossl_check_OSSL_CMP_CERTSTATUS_type(ptr))
+#define sk_OSSL_CMP_CERTSTATUS_find_ex(sk, ptr) OPENSSL_sk_find_ex(ossl_check_OSSL_CMP_CERTSTATUS_sk_type(sk), ossl_check_OSSL_CMP_CERTSTATUS_type(ptr))
+#define sk_OSSL_CMP_CERTSTATUS_find_all(sk, ptr, pnum) OPENSSL_sk_find_all(ossl_check_OSSL_CMP_CERTSTATUS_sk_type(sk), ossl_check_OSSL_CMP_CERTSTATUS_type(ptr), pnum)
+#define sk_OSSL_CMP_CERTSTATUS_sort(sk) OPENSSL_sk_sort(ossl_check_OSSL_CMP_CERTSTATUS_sk_type(sk))
+#define sk_OSSL_CMP_CERTSTATUS_is_sorted(sk) OPENSSL_sk_is_sorted(ossl_check_const_OSSL_CMP_CERTSTATUS_sk_type(sk))
+#define sk_OSSL_CMP_CERTSTATUS_dup(sk) ((STACK_OF(OSSL_CMP_CERTSTATUS) *)OPENSSL_sk_dup(ossl_check_const_OSSL_CMP_CERTSTATUS_sk_type(sk)))
+#define sk_OSSL_CMP_CERTSTATUS_deep_copy(sk, copyfunc, freefunc) ((STACK_OF(OSSL_CMP_CERTSTATUS) *)OPENSSL_sk_deep_copy(ossl_check_const_OSSL_CMP_CERTSTATUS_sk_type(sk), ossl_check_OSSL_CMP_CERTSTATUS_copyfunc_type(copyfunc), ossl_check_OSSL_CMP_CERTSTATUS_freefunc_type(freefunc)))
+#define sk_OSSL_CMP_CERTSTATUS_set_cmp_func(sk, cmp) ((sk_OSSL_CMP_CERTSTATUS_compfunc)OPENSSL_sk_set_cmp_func(ossl_check_OSSL_CMP_CERTSTATUS_sk_type(sk), ossl_check_OSSL_CMP_CERTSTATUS_compfunc_type(cmp)))
+
+typedef struct ossl_cmp_itav_st OSSL_CMP_ITAV;
+DECLARE_ASN1_DUP_FUNCTION(OSSL_CMP_ITAV)
+SKM_DEFINE_STACK_OF_INTERNAL(OSSL_CMP_ITAV, OSSL_CMP_ITAV, OSSL_CMP_ITAV)
+#define sk_OSSL_CMP_ITAV_num(sk) OPENSSL_sk_num(ossl_check_const_OSSL_CMP_ITAV_sk_type(sk))
+#define sk_OSSL_CMP_ITAV_value(sk, idx) ((OSSL_CMP_ITAV *)OPENSSL_sk_value(ossl_check_const_OSSL_CMP_ITAV_sk_type(sk), (idx)))
+#define sk_OSSL_CMP_ITAV_new(cmp) ((STACK_OF(OSSL_CMP_ITAV) *)OPENSSL_sk_new(ossl_check_OSSL_CMP_ITAV_compfunc_type(cmp)))
+#define sk_OSSL_CMP_ITAV_new_null() ((STACK_OF(OSSL_CMP_ITAV) *)OPENSSL_sk_new_null())
+#define sk_OSSL_CMP_ITAV_new_reserve(cmp, n) ((STACK_OF(OSSL_CMP_ITAV) *)OPENSSL_sk_new_reserve(ossl_check_OSSL_CMP_ITAV_compfunc_type(cmp), (n)))
+#define sk_OSSL_CMP_ITAV_reserve(sk, n) OPENSSL_sk_reserve(ossl_check_OSSL_CMP_ITAV_sk_type(sk), (n))
+#define sk_OSSL_CMP_ITAV_free(sk) OPENSSL_sk_free(ossl_check_OSSL_CMP_ITAV_sk_type(sk))
+#define sk_OSSL_CMP_ITAV_zero(sk) OPENSSL_sk_zero(ossl_check_OSSL_CMP_ITAV_sk_type(sk))
+#define sk_OSSL_CMP_ITAV_delete(sk, i) ((OSSL_CMP_ITAV *)OPENSSL_sk_delete(ossl_check_OSSL_CMP_ITAV_sk_type(sk), (i)))
+#define sk_OSSL_CMP_ITAV_delete_ptr(sk, ptr) ((OSSL_CMP_ITAV *)OPENSSL_sk_delete_ptr(ossl_check_OSSL_CMP_ITAV_sk_type(sk), ossl_check_OSSL_CMP_ITAV_type(ptr)))
+#define sk_OSSL_CMP_ITAV_push(sk, ptr) OPENSSL_sk_push(ossl_check_OSSL_CMP_ITAV_sk_type(sk), ossl_check_OSSL_CMP_ITAV_type(ptr))
+#define sk_OSSL_CMP_ITAV_unshift(sk, ptr) OPENSSL_sk_unshift(ossl_check_OSSL_CMP_ITAV_sk_type(sk), ossl_check_OSSL_CMP_ITAV_type(ptr))
+#define sk_OSSL_CMP_ITAV_pop(sk) ((OSSL_CMP_ITAV *)OPENSSL_sk_pop(ossl_check_OSSL_CMP_ITAV_sk_type(sk)))
+#define sk_OSSL_CMP_ITAV_shift(sk) ((OSSL_CMP_ITAV *)OPENSSL_sk_shift(ossl_check_OSSL_CMP_ITAV_sk_type(sk)))
+#define sk_OSSL_CMP_ITAV_pop_free(sk, freefunc) OPENSSL_sk_pop_free(ossl_check_OSSL_CMP_ITAV_sk_type(sk),ossl_check_OSSL_CMP_ITAV_freefunc_type(freefunc))
+#define sk_OSSL_CMP_ITAV_insert(sk, ptr, idx) OPENSSL_sk_insert(ossl_check_OSSL_CMP_ITAV_sk_type(sk), ossl_check_OSSL_CMP_ITAV_type(ptr), (idx))
+#define sk_OSSL_CMP_ITAV_set(sk, idx, ptr) ((OSSL_CMP_ITAV *)OPENSSL_sk_set(ossl_check_OSSL_CMP_ITAV_sk_type(sk), (idx), ossl_check_OSSL_CMP_ITAV_type(ptr)))
+#define sk_OSSL_CMP_ITAV_find(sk, ptr) OPENSSL_sk_find(ossl_check_OSSL_CMP_ITAV_sk_type(sk), ossl_check_OSSL_CMP_ITAV_type(ptr))
+#define sk_OSSL_CMP_ITAV_find_ex(sk, ptr) OPENSSL_sk_find_ex(ossl_check_OSSL_CMP_ITAV_sk_type(sk), ossl_check_OSSL_CMP_ITAV_type(ptr))
+#define sk_OSSL_CMP_ITAV_find_all(sk, ptr, pnum) OPENSSL_sk_find_all(ossl_check_OSSL_CMP_ITAV_sk_type(sk), ossl_check_OSSL_CMP_ITAV_type(ptr), pnum)
+#define sk_OSSL_CMP_ITAV_sort(sk) OPENSSL_sk_sort(ossl_check_OSSL_CMP_ITAV_sk_type(sk))
+#define sk_OSSL_CMP_ITAV_is_sorted(sk) OPENSSL_sk_is_sorted(ossl_check_const_OSSL_CMP_ITAV_sk_type(sk))
+#define sk_OSSL_CMP_ITAV_dup(sk) ((STACK_OF(OSSL_CMP_ITAV) *)OPENSSL_sk_dup(ossl_check_const_OSSL_CMP_ITAV_sk_type(sk)))
+#define sk_OSSL_CMP_ITAV_deep_copy(sk, copyfunc, freefunc) ((STACK_OF(OSSL_CMP_ITAV) *)OPENSSL_sk_deep_copy(ossl_check_const_OSSL_CMP_ITAV_sk_type(sk), ossl_check_OSSL_CMP_ITAV_copyfunc_type(copyfunc), ossl_check_OSSL_CMP_ITAV_freefunc_type(freefunc)))
+#define sk_OSSL_CMP_ITAV_set_cmp_func(sk, cmp) ((sk_OSSL_CMP_ITAV_compfunc)OPENSSL_sk_set_cmp_func(ossl_check_OSSL_CMP_ITAV_sk_type(sk), ossl_check_OSSL_CMP_ITAV_compfunc_type(cmp)))
+
+typedef struct ossl_cmp_revrepcontent_st OSSL_CMP_REVREPCONTENT;
+typedef struct ossl_cmp_pkisi_st OSSL_CMP_PKISI;
+DECLARE_ASN1_FUNCTIONS(OSSL_CMP_PKISI)
+DECLARE_ASN1_DUP_FUNCTION(OSSL_CMP_PKISI)
+SKM_DEFINE_STACK_OF_INTERNAL(OSSL_CMP_PKISI, OSSL_CMP_PKISI, OSSL_CMP_PKISI)
+#define sk_OSSL_CMP_PKISI_num(sk) OPENSSL_sk_num(ossl_check_const_OSSL_CMP_PKISI_sk_type(sk))
+#define sk_OSSL_CMP_PKISI_value(sk, idx) ((OSSL_CMP_PKISI *)OPENSSL_sk_value(ossl_check_const_OSSL_CMP_PKISI_sk_type(sk), (idx)))
+#define sk_OSSL_CMP_PKISI_new(cmp) ((STACK_OF(OSSL_CMP_PKISI) *)OPENSSL_sk_new(ossl_check_OSSL_CMP_PKISI_compfunc_type(cmp)))
+#define sk_OSSL_CMP_PKISI_new_null() ((STACK_OF(OSSL_CMP_PKISI) *)OPENSSL_sk_new_null())
+#define sk_OSSL_CMP_PKISI_new_reserve(cmp, n) ((STACK_OF(OSSL_CMP_PKISI) *)OPENSSL_sk_new_reserve(ossl_check_OSSL_CMP_PKISI_compfunc_type(cmp), (n)))
+#define sk_OSSL_CMP_PKISI_reserve(sk, n) OPENSSL_sk_reserve(ossl_check_OSSL_CMP_PKISI_sk_type(sk), (n))
+#define sk_OSSL_CMP_PKISI_free(sk) OPENSSL_sk_free(ossl_check_OSSL_CMP_PKISI_sk_type(sk))
+#define sk_OSSL_CMP_PKISI_zero(sk) OPENSSL_sk_zero(ossl_check_OSSL_CMP_PKISI_sk_type(sk))
+#define sk_OSSL_CMP_PKISI_delete(sk, i) ((OSSL_CMP_PKISI *)OPENSSL_sk_delete(ossl_check_OSSL_CMP_PKISI_sk_type(sk), (i)))
+#define sk_OSSL_CMP_PKISI_delete_ptr(sk, ptr) ((OSSL_CMP_PKISI *)OPENSSL_sk_delete_ptr(ossl_check_OSSL_CMP_PKISI_sk_type(sk), ossl_check_OSSL_CMP_PKISI_type(ptr)))
+#define sk_OSSL_CMP_PKISI_push(sk, ptr) OPENSSL_sk_push(ossl_check_OSSL_CMP_PKISI_sk_type(sk), ossl_check_OSSL_CMP_PKISI_type(ptr))
+#define sk_OSSL_CMP_PKISI_unshift(sk, ptr) OPENSSL_sk_unshift(ossl_check_OSSL_CMP_PKISI_sk_type(sk), ossl_check_OSSL_CMP_PKISI_type(ptr))
+#define sk_OSSL_CMP_PKISI_pop(sk) ((OSSL_CMP_PKISI *)OPENSSL_sk_pop(ossl_check_OSSL_CMP_PKISI_sk_type(sk)))
+#define sk_OSSL_CMP_PKISI_shift(sk) ((OSSL_CMP_PKISI *)OPENSSL_sk_shift(ossl_check_OSSL_CMP_PKISI_sk_type(sk)))
+#define sk_OSSL_CMP_PKISI_pop_free(sk, freefunc) OPENSSL_sk_pop_free(ossl_check_OSSL_CMP_PKISI_sk_type(sk),ossl_check_OSSL_CMP_PKISI_freefunc_type(freefunc))
+#define sk_OSSL_CMP_PKISI_insert(sk, ptr, idx) OPENSSL_sk_insert(ossl_check_OSSL_CMP_PKISI_sk_type(sk), ossl_check_OSSL_CMP_PKISI_type(ptr), (idx))
+#define sk_OSSL_CMP_PKISI_set(sk, idx, ptr) ((OSSL_CMP_PKISI *)OPENSSL_sk_set(ossl_check_OSSL_CMP_PKISI_sk_type(sk), (idx), ossl_check_OSSL_CMP_PKISI_type(ptr)))
+#define sk_OSSL_CMP_PKISI_find(sk, ptr) OPENSSL_sk_find(ossl_check_OSSL_CMP_PKISI_sk_type(sk), ossl_check_OSSL_CMP_PKISI_type(ptr))
+#define sk_OSSL_CMP_PKISI_find_ex(sk, ptr) OPENSSL_sk_find_ex(ossl_check_OSSL_CMP_PKISI_sk_type(sk), ossl_check_OSSL_CMP_PKISI_type(ptr))
+#define sk_OSSL_CMP_PKISI_find_all(sk, ptr, pnum) OPENSSL_sk_find_all(ossl_check_OSSL_CMP_PKISI_sk_type(sk), ossl_check_OSSL_CMP_PKISI_type(ptr), pnum)
+#define sk_OSSL_CMP_PKISI_sort(sk) OPENSSL_sk_sort(ossl_check_OSSL_CMP_PKISI_sk_type(sk))
+#define sk_OSSL_CMP_PKISI_is_sorted(sk) OPENSSL_sk_is_sorted(ossl_check_const_OSSL_CMP_PKISI_sk_type(sk))
+#define sk_OSSL_CMP_PKISI_dup(sk) ((STACK_OF(OSSL_CMP_PKISI) *)OPENSSL_sk_dup(ossl_check_const_OSSL_CMP_PKISI_sk_type(sk)))
+#define sk_OSSL_CMP_PKISI_deep_copy(sk, copyfunc, freefunc) ((STACK_OF(OSSL_CMP_PKISI) *)OPENSSL_sk_deep_copy(ossl_check_const_OSSL_CMP_PKISI_sk_type(sk), ossl_check_OSSL_CMP_PKISI_copyfunc_type(copyfunc), ossl_check_OSSL_CMP_PKISI_freefunc_type(freefunc)))
+#define sk_OSSL_CMP_PKISI_set_cmp_func(sk, cmp) ((sk_OSSL_CMP_PKISI_compfunc)OPENSSL_sk_set_cmp_func(ossl_check_OSSL_CMP_PKISI_sk_type(sk), ossl_check_OSSL_CMP_PKISI_compfunc_type(cmp)))
+
+typedef struct ossl_cmp_certrepmessage_st OSSL_CMP_CERTREPMESSAGE;
+SKM_DEFINE_STACK_OF_INTERNAL(OSSL_CMP_CERTREPMESSAGE, OSSL_CMP_CERTREPMESSAGE, OSSL_CMP_CERTREPMESSAGE)
+#define sk_OSSL_CMP_CERTREPMESSAGE_num(sk) OPENSSL_sk_num(ossl_check_const_OSSL_CMP_CERTREPMESSAGE_sk_type(sk))
+#define sk_OSSL_CMP_CERTREPMESSAGE_value(sk, idx) ((OSSL_CMP_CERTREPMESSAGE *)OPENSSL_sk_value(ossl_check_const_OSSL_CMP_CERTREPMESSAGE_sk_type(sk), (idx)))
+#define sk_OSSL_CMP_CERTREPMESSAGE_new(cmp) ((STACK_OF(OSSL_CMP_CERTREPMESSAGE) *)OPENSSL_sk_new(ossl_check_OSSL_CMP_CERTREPMESSAGE_compfunc_type(cmp)))
+#define sk_OSSL_CMP_CERTREPMESSAGE_new_null() ((STACK_OF(OSSL_CMP_CERTREPMESSAGE) *)OPENSSL_sk_new_null())
+#define sk_OSSL_CMP_CERTREPMESSAGE_new_reserve(cmp, n) ((STACK_OF(OSSL_CMP_CERTREPMESSAGE) *)OPENSSL_sk_new_reserve(ossl_check_OSSL_CMP_CERTREPMESSAGE_compfunc_type(cmp), (n)))
+#define sk_OSSL_CMP_CERTREPMESSAGE_reserve(sk, n) OPENSSL_sk_reserve(ossl_check_OSSL_CMP_CERTREPMESSAGE_sk_type(sk), (n))
+#define sk_OSSL_CMP_CERTREPMESSAGE_free(sk) OPENSSL_sk_free(ossl_check_OSSL_CMP_CERTREPMESSAGE_sk_type(sk))
+#define sk_OSSL_CMP_CERTREPMESSAGE_zero(sk) OPENSSL_sk_zero(ossl_check_OSSL_CMP_CERTREPMESSAGE_sk_type(sk))
+#define sk_OSSL_CMP_CERTREPMESSAGE_delete(sk, i) ((OSSL_CMP_CERTREPMESSAGE *)OPENSSL_sk_delete(ossl_check_OSSL_CMP_CERTREPMESSAGE_sk_type(sk), (i)))
+#define sk_OSSL_CMP_CERTREPMESSAGE_delete_ptr(sk, ptr) ((OSSL_CMP_CERTREPMESSAGE *)OPENSSL_sk_delete_ptr(ossl_check_OSSL_CMP_CERTREPMESSAGE_sk_type(sk), ossl_check_OSSL_CMP_CERTREPMESSAGE_type(ptr)))
+#define sk_OSSL_CMP_CERTREPMESSAGE_push(sk, ptr) OPENSSL_sk_push(ossl_check_OSSL_CMP_CERTREPMESSAGE_sk_type(sk), ossl_check_OSSL_CMP_CERTREPMESSAGE_type(ptr))
+#define sk_OSSL_CMP_CERTREPMESSAGE_unshift(sk, ptr) OPENSSL_sk_unshift(ossl_check_OSSL_CMP_CERTREPMESSAGE_sk_type(sk), ossl_check_OSSL_CMP_CERTREPMESSAGE_type(ptr))
+#define sk_OSSL_CMP_CERTREPMESSAGE_pop(sk) ((OSSL_CMP_CERTREPMESSAGE *)OPENSSL_sk_pop(ossl_check_OSSL_CMP_CERTREPMESSAGE_sk_type(sk)))
+#define sk_OSSL_CMP_CERTREPMESSAGE_shift(sk) ((OSSL_CMP_CERTREPMESSAGE *)OPENSSL_sk_shift(ossl_check_OSSL_CMP_CERTREPMESSAGE_sk_type(sk)))
+#define sk_OSSL_CMP_CERTREPMESSAGE_pop_free(sk, freefunc) OPENSSL_sk_pop_free(ossl_check_OSSL_CMP_CERTREPMESSAGE_sk_type(sk),ossl_check_OSSL_CMP_CERTREPMESSAGE_freefunc_type(freefunc))
+#define sk_OSSL_CMP_CERTREPMESSAGE_insert(sk, ptr, idx) OPENSSL_sk_insert(ossl_check_OSSL_CMP_CERTREPMESSAGE_sk_type(sk), ossl_check_OSSL_CMP_CERTREPMESSAGE_type(ptr), (idx))
+#define sk_OSSL_CMP_CERTREPMESSAGE_set(sk, idx, ptr) ((OSSL_CMP_CERTREPMESSAGE *)OPENSSL_sk_set(ossl_check_OSSL_CMP_CERTREPMESSAGE_sk_type(sk), (idx), ossl_check_OSSL_CMP_CERTREPMESSAGE_type(ptr)))
+#define sk_OSSL_CMP_CERTREPMESSAGE_find(sk, ptr) OPENSSL_sk_find(ossl_check_OSSL_CMP_CERTREPMESSAGE_sk_type(sk), ossl_check_OSSL_CMP_CERTREPMESSAGE_type(ptr))
+#define sk_OSSL_CMP_CERTREPMESSAGE_find_ex(sk, ptr) OPENSSL_sk_find_ex(ossl_check_OSSL_CMP_CERTREPMESSAGE_sk_type(sk), ossl_check_OSSL_CMP_CERTREPMESSAGE_type(ptr))
+#define sk_OSSL_CMP_CERTREPMESSAGE_find_all(sk, ptr, pnum) OPENSSL_sk_find_all(ossl_check_OSSL_CMP_CERTREPMESSAGE_sk_type(sk), ossl_check_OSSL_CMP_CERTREPMESSAGE_type(ptr), pnum)
+#define sk_OSSL_CMP_CERTREPMESSAGE_sort(sk) OPENSSL_sk_sort(ossl_check_OSSL_CMP_CERTREPMESSAGE_sk_type(sk))
+#define sk_OSSL_CMP_CERTREPMESSAGE_is_sorted(sk) OPENSSL_sk_is_sorted(ossl_check_const_OSSL_CMP_CERTREPMESSAGE_sk_type(sk))
+#define sk_OSSL_CMP_CERTREPMESSAGE_dup(sk) ((STACK_OF(OSSL_CMP_CERTREPMESSAGE) *)OPENSSL_sk_dup(ossl_check_const_OSSL_CMP_CERTREPMESSAGE_sk_type(sk)))
+#define sk_OSSL_CMP_CERTREPMESSAGE_deep_copy(sk, copyfunc, freefunc) ((STACK_OF(OSSL_CMP_CERTREPMESSAGE) *)OPENSSL_sk_deep_copy(ossl_check_const_OSSL_CMP_CERTREPMESSAGE_sk_type(sk), ossl_check_OSSL_CMP_CERTREPMESSAGE_copyfunc_type(copyfunc), ossl_check_OSSL_CMP_CERTREPMESSAGE_freefunc_type(freefunc)))
+#define sk_OSSL_CMP_CERTREPMESSAGE_set_cmp_func(sk, cmp) ((sk_OSSL_CMP_CERTREPMESSAGE_compfunc)OPENSSL_sk_set_cmp_func(ossl_check_OSSL_CMP_CERTREPMESSAGE_sk_type(sk), ossl_check_OSSL_CMP_CERTREPMESSAGE_compfunc_type(cmp)))
+
+typedef struct ossl_cmp_pollrep_st OSSL_CMP_POLLREP;
+typedef STACK_OF(OSSL_CMP_POLLREP) OSSL_CMP_POLLREPCONTENT;
+typedef struct ossl_cmp_certresponse_st OSSL_CMP_CERTRESPONSE;
+SKM_DEFINE_STACK_OF_INTERNAL(OSSL_CMP_CERTRESPONSE, OSSL_CMP_CERTRESPONSE, OSSL_CMP_CERTRESPONSE)
+#define sk_OSSL_CMP_CERTRESPONSE_num(sk) OPENSSL_sk_num(ossl_check_const_OSSL_CMP_CERTRESPONSE_sk_type(sk))
+#define sk_OSSL_CMP_CERTRESPONSE_value(sk, idx) ((OSSL_CMP_CERTRESPONSE *)OPENSSL_sk_value(ossl_check_const_OSSL_CMP_CERTRESPONSE_sk_type(sk), (idx)))
+#define sk_OSSL_CMP_CERTRESPONSE_new(cmp) ((STACK_OF(OSSL_CMP_CERTRESPONSE) *)OPENSSL_sk_new(ossl_check_OSSL_CMP_CERTRESPONSE_compfunc_type(cmp)))
+#define sk_OSSL_CMP_CERTRESPONSE_new_null() ((STACK_OF(OSSL_CMP_CERTRESPONSE) *)OPENSSL_sk_new_null())
+#define sk_OSSL_CMP_CERTRESPONSE_new_reserve(cmp, n) ((STACK_OF(OSSL_CMP_CERTRESPONSE) *)OPENSSL_sk_new_reserve(ossl_check_OSSL_CMP_CERTRESPONSE_compfunc_type(cmp), (n)))
+#define sk_OSSL_CMP_CERTRESPONSE_reserve(sk, n) OPENSSL_sk_reserve(ossl_check_OSSL_CMP_CERTRESPONSE_sk_type(sk), (n))
+#define sk_OSSL_CMP_CERTRESPONSE_free(sk) OPENSSL_sk_free(ossl_check_OSSL_CMP_CERTRESPONSE_sk_type(sk))
+#define sk_OSSL_CMP_CERTRESPONSE_zero(sk) OPENSSL_sk_zero(ossl_check_OSSL_CMP_CERTRESPONSE_sk_type(sk))
+#define sk_OSSL_CMP_CERTRESPONSE_delete(sk, i) ((OSSL_CMP_CERTRESPONSE *)OPENSSL_sk_delete(ossl_check_OSSL_CMP_CERTRESPONSE_sk_type(sk), (i)))
+#define sk_OSSL_CMP_CERTRESPONSE_delete_ptr(sk, ptr) ((OSSL_CMP_CERTRESPONSE *)OPENSSL_sk_delete_ptr(ossl_check_OSSL_CMP_CERTRESPONSE_sk_type(sk), ossl_check_OSSL_CMP_CERTRESPONSE_type(ptr)))
+#define sk_OSSL_CMP_CERTRESPONSE_push(sk, ptr) OPENSSL_sk_push(ossl_check_OSSL_CMP_CERTRESPONSE_sk_type(sk), ossl_check_OSSL_CMP_CERTRESPONSE_type(ptr))
+#define sk_OSSL_CMP_CERTRESPONSE_unshift(sk, ptr) OPENSSL_sk_unshift(ossl_check_OSSL_CMP_CERTRESPONSE_sk_type(sk), ossl_check_OSSL_CMP_CERTRESPONSE_type(ptr))
+#define sk_OSSL_CMP_CERTRESPONSE_pop(sk) ((OSSL_CMP_CERTRESPONSE *)OPENSSL_sk_pop(ossl_check_OSSL_CMP_CERTRESPONSE_sk_type(sk)))
+#define sk_OSSL_CMP_CERTRESPONSE_shift(sk) ((OSSL_CMP_CERTRESPONSE *)OPENSSL_sk_shift(ossl_check_OSSL_CMP_CERTRESPONSE_sk_type(sk)))
+#define sk_OSSL_CMP_CERTRESPONSE_pop_free(sk, freefunc) OPENSSL_sk_pop_free(ossl_check_OSSL_CMP_CERTRESPONSE_sk_type(sk),ossl_check_OSSL_CMP_CERTRESPONSE_freefunc_type(freefunc))
+#define sk_OSSL_CMP_CERTRESPONSE_insert(sk, ptr, idx) OPENSSL_sk_insert(ossl_check_OSSL_CMP_CERTRESPONSE_sk_type(sk), ossl_check_OSSL_CMP_CERTRESPONSE_type(ptr), (idx))
+#define sk_OSSL_CMP_CERTRESPONSE_set(sk, idx, ptr) ((OSSL_CMP_CERTRESPONSE *)OPENSSL_sk_set(ossl_check_OSSL_CMP_CERTRESPONSE_sk_type(sk), (idx), ossl_check_OSSL_CMP_CERTRESPONSE_type(ptr)))
+#define sk_OSSL_CMP_CERTRESPONSE_find(sk, ptr) OPENSSL_sk_find(ossl_check_OSSL_CMP_CERTRESPONSE_sk_type(sk), ossl_check_OSSL_CMP_CERTRESPONSE_type(ptr))
+#define sk_OSSL_CMP_CERTRESPONSE_find_ex(sk, ptr) OPENSSL_sk_find_ex(ossl_check_OSSL_CMP_CERTRESPONSE_sk_type(sk), ossl_check_OSSL_CMP_CERTRESPONSE_type(ptr))
+#define sk_OSSL_CMP_CERTRESPONSE_find_all(sk, ptr, pnum) OPENSSL_sk_find_all(ossl_check_OSSL_CMP_CERTRESPONSE_sk_type(sk), ossl_check_OSSL_CMP_CERTRESPONSE_type(ptr), pnum)
+#define sk_OSSL_CMP_CERTRESPONSE_sort(sk) OPENSSL_sk_sort(ossl_check_OSSL_CMP_CERTRESPONSE_sk_type(sk))
+#define sk_OSSL_CMP_CERTRESPONSE_is_sorted(sk) OPENSSL_sk_is_sorted(ossl_check_const_OSSL_CMP_CERTRESPONSE_sk_type(sk))
+#define sk_OSSL_CMP_CERTRESPONSE_dup(sk) ((STACK_OF(OSSL_CMP_CERTRESPONSE) *)OPENSSL_sk_dup(ossl_check_const_OSSL_CMP_CERTRESPONSE_sk_type(sk)))
+#define sk_OSSL_CMP_CERTRESPONSE_deep_copy(sk, copyfunc, freefunc) ((STACK_OF(OSSL_CMP_CERTRESPONSE) *)OPENSSL_sk_deep_copy(ossl_check_const_OSSL_CMP_CERTRESPONSE_sk_type(sk), ossl_check_OSSL_CMP_CERTRESPONSE_copyfunc_type(copyfunc), ossl_check_OSSL_CMP_CERTRESPONSE_freefunc_type(freefunc)))
+#define sk_OSSL_CMP_CERTRESPONSE_set_cmp_func(sk, cmp) ((sk_OSSL_CMP_CERTRESPONSE_compfunc)OPENSSL_sk_set_cmp_func(ossl_check_OSSL_CMP_CERTRESPONSE_sk_type(sk), ossl_check_OSSL_CMP_CERTRESPONSE_compfunc_type(cmp)))
+
+typedef STACK_OF(ASN1_UTF8STRING) OSSL_CMP_PKIFREETEXT;
+
+/*
+ * function DECLARATIONS
+ */
+
+/* from cmp_asn.c */
+OSSL_CMP_ITAV *OSSL_CMP_ITAV_create(ASN1_OBJECT *type, ASN1_TYPE *value);
+void OSSL_CMP_ITAV_set0(OSSL_CMP_ITAV *itav, ASN1_OBJECT *type,
+                        ASN1_TYPE *value);
+ASN1_OBJECT *OSSL_CMP_ITAV_get0_type(const OSSL_CMP_ITAV *itav);
+ASN1_TYPE *OSSL_CMP_ITAV_get0_value(const OSSL_CMP_ITAV *itav);
+int OSSL_CMP_ITAV_push0_stack_item(STACK_OF(OSSL_CMP_ITAV) **itav_sk_p,
+                                   OSSL_CMP_ITAV *itav);
+void OSSL_CMP_ITAV_free(OSSL_CMP_ITAV *itav);
+void OSSL_CMP_MSG_free(OSSL_CMP_MSG *msg);
+
+/* from cmp_ctx.c */
+OSSL_CMP_CTX *OSSL_CMP_CTX_new(OSSL_LIB_CTX *libctx, const char *propq);
+void OSSL_CMP_CTX_free(OSSL_CMP_CTX *ctx);
+int OSSL_CMP_CTX_reinit(OSSL_CMP_CTX *ctx);
+/* CMP general options: */
+#  define OSSL_CMP_OPT_LOG_VERBOSITY 0
+/* CMP transfer options: */
+#  define OSSL_CMP_OPT_KEEP_ALIVE 10
+#  define OSSL_CMP_OPT_MSG_TIMEOUT 11
+#  define OSSL_CMP_OPT_TOTAL_TIMEOUT 12
+/* CMP request options: */
+#  define OSSL_CMP_OPT_VALIDITY_DAYS 20
+#  define OSSL_CMP_OPT_SUBJECTALTNAME_NODEFAULT 21
+#  define OSSL_CMP_OPT_SUBJECTALTNAME_CRITICAL 22
+#  define OSSL_CMP_OPT_POLICIES_CRITICAL 23
+#  define OSSL_CMP_OPT_POPO_METHOD 24
+#  define OSSL_CMP_OPT_IMPLICIT_CONFIRM 25
+#  define OSSL_CMP_OPT_DISABLE_CONFIRM 26
+#  define OSSL_CMP_OPT_REVOCATION_REASON 27
+/* CMP protection options: */
+#  define OSSL_CMP_OPT_UNPROTECTED_SEND 30
+#  define OSSL_CMP_OPT_UNPROTECTED_ERRORS 31
+#  define OSSL_CMP_OPT_OWF_ALGNID 32
+#  define OSSL_CMP_OPT_MAC_ALGNID 33
+#  define OSSL_CMP_OPT_DIGEST_ALGNID 34
+#  define OSSL_CMP_OPT_IGNORE_KEYUSAGE 35
+#  define OSSL_CMP_OPT_PERMIT_TA_IN_EXTRACERTS_FOR_IR 36
+int OSSL_CMP_CTX_set_option(OSSL_CMP_CTX *ctx, int opt, int val);
+int OSSL_CMP_CTX_get_option(const OSSL_CMP_CTX *ctx, int opt);
+/* CMP-specific callback for logging and outputting the error queue: */
+int OSSL_CMP_CTX_set_log_cb(OSSL_CMP_CTX *ctx, OSSL_CMP_log_cb_t cb);
+#  define OSSL_CMP_CTX_set_log_verbosity(ctx, level) \
+    OSSL_CMP_CTX_set_option(ctx, OSSL_CMP_OPT_LOG_VERBOSITY, level)
+void OSSL_CMP_CTX_print_errors(const OSSL_CMP_CTX *ctx);
+/* message transfer: */
+int OSSL_CMP_CTX_set1_serverPath(OSSL_CMP_CTX *ctx, const char *path);
+int OSSL_CMP_CTX_set1_server(OSSL_CMP_CTX *ctx, const char *address);
+int OSSL_CMP_CTX_set_serverPort(OSSL_CMP_CTX *ctx, int port);
+int OSSL_CMP_CTX_set1_proxy(OSSL_CMP_CTX *ctx, const char *name);
+int OSSL_CMP_CTX_set1_no_proxy(OSSL_CMP_CTX *ctx, const char *names);
+int OSSL_CMP_CTX_set_http_cb(OSSL_CMP_CTX *ctx, OSSL_HTTP_bio_cb_t cb);
+int OSSL_CMP_CTX_set_http_cb_arg(OSSL_CMP_CTX *ctx, void *arg);
+void *OSSL_CMP_CTX_get_http_cb_arg(const OSSL_CMP_CTX *ctx);
+typedef OSSL_CMP_MSG *(*OSSL_CMP_transfer_cb_t) (OSSL_CMP_CTX *ctx,
+                                                 const OSSL_CMP_MSG *req);
+int OSSL_CMP_CTX_set_transfer_cb(OSSL_CMP_CTX *ctx, OSSL_CMP_transfer_cb_t cb);
+int OSSL_CMP_CTX_set_transfer_cb_arg(OSSL_CMP_CTX *ctx, void *arg);
+void *OSSL_CMP_CTX_get_transfer_cb_arg(const OSSL_CMP_CTX *ctx);
+/* server authentication: */
+int OSSL_CMP_CTX_set1_srvCert(OSSL_CMP_CTX *ctx, X509 *cert);
+int OSSL_CMP_CTX_set1_expected_sender(OSSL_CMP_CTX *ctx, const X509_NAME *name);
+int OSSL_CMP_CTX_set0_trustedStore(OSSL_CMP_CTX *ctx, X509_STORE *store);
+X509_STORE *OSSL_CMP_CTX_get0_trustedStore(const OSSL_CMP_CTX *ctx);
+int OSSL_CMP_CTX_set1_untrusted(OSSL_CMP_CTX *ctx, STACK_OF(X509) *certs);
+STACK_OF(X509) *OSSL_CMP_CTX_get0_untrusted(const OSSL_CMP_CTX *ctx);
+/* client authentication: */
+int OSSL_CMP_CTX_set1_cert(OSSL_CMP_CTX *ctx, X509 *cert);
+int OSSL_CMP_CTX_build_cert_chain(OSSL_CMP_CTX *ctx, X509_STORE *own_trusted,
+                                  STACK_OF(X509) *candidates);
+int OSSL_CMP_CTX_set1_pkey(OSSL_CMP_CTX *ctx, EVP_PKEY *pkey);
+int OSSL_CMP_CTX_set1_referenceValue(OSSL_CMP_CTX *ctx,
+                                     const unsigned char *ref, int len);
+int OSSL_CMP_CTX_set1_secretValue(OSSL_CMP_CTX *ctx, const unsigned char *sec,
+                                  const int len);
+/* CMP message header and extra certificates: */
+int OSSL_CMP_CTX_set1_recipient(OSSL_CMP_CTX *ctx, const X509_NAME *name);
+int OSSL_CMP_CTX_push0_geninfo_ITAV(OSSL_CMP_CTX *ctx, OSSL_CMP_ITAV *itav);
+int OSSL_CMP_CTX_reset_geninfo_ITAVs(OSSL_CMP_CTX *ctx);
+int OSSL_CMP_CTX_set1_extraCertsOut(OSSL_CMP_CTX *ctx,
+                                    STACK_OF(X509) *extraCertsOut);
+/* certificate template: */
+int OSSL_CMP_CTX_set0_newPkey(OSSL_CMP_CTX *ctx, int priv, EVP_PKEY *pkey);
+EVP_PKEY *OSSL_CMP_CTX_get0_newPkey(const OSSL_CMP_CTX *ctx, int priv);
+int OSSL_CMP_CTX_set1_issuer(OSSL_CMP_CTX *ctx, const X509_NAME *name);
+int OSSL_CMP_CTX_set1_subjectName(OSSL_CMP_CTX *ctx, const X509_NAME *name);
+int OSSL_CMP_CTX_push1_subjectAltName(OSSL_CMP_CTX *ctx,
+                                      const GENERAL_NAME *name);
+int OSSL_CMP_CTX_set0_reqExtensions(OSSL_CMP_CTX *ctx, X509_EXTENSIONS *exts);
+int OSSL_CMP_CTX_reqExtensions_have_SAN(OSSL_CMP_CTX *ctx);
+int OSSL_CMP_CTX_push0_policy(OSSL_CMP_CTX *ctx, POLICYINFO *pinfo);
+int OSSL_CMP_CTX_set1_oldCert(OSSL_CMP_CTX *ctx, X509 *cert);
+int OSSL_CMP_CTX_set1_p10CSR(OSSL_CMP_CTX *ctx, const X509_REQ *csr);
+/* misc body contents: */
+int OSSL_CMP_CTX_push0_genm_ITAV(OSSL_CMP_CTX *ctx, OSSL_CMP_ITAV *itav);
+/* certificate confirmation: */
+typedef int (*OSSL_CMP_certConf_cb_t) (OSSL_CMP_CTX *ctx, X509 *cert,
+                                       int fail_info, const char **txt);
+int OSSL_CMP_certConf_cb(OSSL_CMP_CTX *ctx, X509 *cert, int fail_info,
+                         const char **text);
+int OSSL_CMP_CTX_set_certConf_cb(OSSL_CMP_CTX *ctx, OSSL_CMP_certConf_cb_t cb);
+int OSSL_CMP_CTX_set_certConf_cb_arg(OSSL_CMP_CTX *ctx, void *arg);
+void *OSSL_CMP_CTX_get_certConf_cb_arg(const OSSL_CMP_CTX *ctx);
+/* result fetching: */
+int OSSL_CMP_CTX_get_status(const OSSL_CMP_CTX *ctx);
+OSSL_CMP_PKIFREETEXT *OSSL_CMP_CTX_get0_statusString(const OSSL_CMP_CTX *ctx);
+int OSSL_CMP_CTX_get_failInfoCode(const OSSL_CMP_CTX *ctx);
+#  define OSSL_CMP_PKISI_BUFLEN 1024
+X509 *OSSL_CMP_CTX_get0_newCert(const OSSL_CMP_CTX *ctx);
+STACK_OF(X509) *OSSL_CMP_CTX_get1_newChain(const OSSL_CMP_CTX *ctx);
+STACK_OF(X509) *OSSL_CMP_CTX_get1_caPubs(const OSSL_CMP_CTX *ctx);
+STACK_OF(X509) *OSSL_CMP_CTX_get1_extraCertsIn(const OSSL_CMP_CTX *ctx);
+int OSSL_CMP_CTX_set1_transactionID(OSSL_CMP_CTX *ctx,
+                                    const ASN1_OCTET_STRING *id);
+int OSSL_CMP_CTX_set1_senderNonce(OSSL_CMP_CTX *ctx,
+                                  const ASN1_OCTET_STRING *nonce);
+
+/* from cmp_status.c */
+char *OSSL_CMP_CTX_snprint_PKIStatus(const OSSL_CMP_CTX *ctx, char *buf,
+                                     size_t bufsize);
+char *OSSL_CMP_snprint_PKIStatusInfo(const OSSL_CMP_PKISI *statusInfo,
+                                     char *buf, size_t bufsize);
+OSSL_CMP_PKISI *
+OSSL_CMP_STATUSINFO_new(int status, int fail_info, const char *text);
+
+/* from cmp_hdr.c */
+ASN1_OCTET_STRING *OSSL_CMP_HDR_get0_transactionID(const
+                                                   OSSL_CMP_PKIHEADER *hdr);
+ASN1_OCTET_STRING *OSSL_CMP_HDR_get0_recipNonce(const OSSL_CMP_PKIHEADER *hdr);
+
+/* from cmp_msg.c */
+OSSL_CMP_PKIHEADER *OSSL_CMP_MSG_get0_header(const OSSL_CMP_MSG *msg);
+int OSSL_CMP_MSG_get_bodytype(const OSSL_CMP_MSG *msg);
+int OSSL_CMP_MSG_update_transactionID(OSSL_CMP_CTX *ctx, OSSL_CMP_MSG *msg);
+OSSL_CRMF_MSG *OSSL_CMP_CTX_setup_CRM(OSSL_CMP_CTX *ctx, int for_KUR, int rid);
+OSSL_CMP_MSG *OSSL_CMP_MSG_read(const char *file, OSSL_LIB_CTX *libctx,
+                                const char *propq);
+int OSSL_CMP_MSG_write(const char *file, const OSSL_CMP_MSG *msg);
+OSSL_CMP_MSG *d2i_OSSL_CMP_MSG_bio(BIO *bio, OSSL_CMP_MSG **msg);
+int i2d_OSSL_CMP_MSG_bio(BIO *bio, const OSSL_CMP_MSG *msg);
+
+/* from cmp_vfy.c */
+int OSSL_CMP_validate_msg(OSSL_CMP_CTX *ctx, const OSSL_CMP_MSG *msg);
+int OSSL_CMP_validate_cert_path(const OSSL_CMP_CTX *ctx,
+                                X509_STORE *trusted_store, X509 *cert);
+
+/* from cmp_http.c */
+OSSL_CMP_MSG *OSSL_CMP_MSG_http_perform(OSSL_CMP_CTX *ctx,
+                                        const OSSL_CMP_MSG *req);
+
+/* from cmp_server.c */
+typedef struct ossl_cmp_srv_ctx_st OSSL_CMP_SRV_CTX;
+OSSL_CMP_MSG *OSSL_CMP_SRV_process_request(OSSL_CMP_SRV_CTX *srv_ctx,
+                                           const OSSL_CMP_MSG *req);
+OSSL_CMP_MSG * OSSL_CMP_CTX_server_perform(OSSL_CMP_CTX *client_ctx,
+                                           const OSSL_CMP_MSG *req);
+OSSL_CMP_SRV_CTX *OSSL_CMP_SRV_CTX_new(OSSL_LIB_CTX *libctx, const char *propq);
+void OSSL_CMP_SRV_CTX_free(OSSL_CMP_SRV_CTX *srv_ctx);
+typedef OSSL_CMP_PKISI *(*OSSL_CMP_SRV_cert_request_cb_t)
+    (OSSL_CMP_SRV_CTX *srv_ctx, const OSSL_CMP_MSG *req, int certReqId,
+     const OSSL_CRMF_MSG *crm, const X509_REQ *p10cr,
+     X509 **certOut, STACK_OF(X509) **chainOut, STACK_OF(X509) **caPubs);
+typedef OSSL_CMP_PKISI *(*OSSL_CMP_SRV_rr_cb_t)(OSSL_CMP_SRV_CTX *srv_ctx,
+                                                const OSSL_CMP_MSG *req,
+                                                const X509_NAME *issuer,
+                                                const ASN1_INTEGER *serial);
+typedef int (*OSSL_CMP_SRV_genm_cb_t)(OSSL_CMP_SRV_CTX *srv_ctx,
+                                      const OSSL_CMP_MSG *req,
+                                      const STACK_OF(OSSL_CMP_ITAV) *in,
+                                      STACK_OF(OSSL_CMP_ITAV) **out);
+typedef void (*OSSL_CMP_SRV_error_cb_t)(OSSL_CMP_SRV_CTX *srv_ctx,
+                                        const OSSL_CMP_MSG *req,
+                                        const OSSL_CMP_PKISI *statusInfo,
+                                        const ASN1_INTEGER *errorCode,
+                                        const OSSL_CMP_PKIFREETEXT *errDetails);
+typedef int (*OSSL_CMP_SRV_certConf_cb_t)(OSSL_CMP_SRV_CTX *srv_ctx,
+                                          const OSSL_CMP_MSG *req,
+                                          int certReqId,
+                                          const ASN1_OCTET_STRING *certHash,
+                                          const OSSL_CMP_PKISI *si);
+typedef int (*OSSL_CMP_SRV_pollReq_cb_t)(OSSL_CMP_SRV_CTX *srv_ctx,
+                                         const OSSL_CMP_MSG *req, int certReqId,
+                                         OSSL_CMP_MSG **certReq,
+                                         int64_t *check_after);
+int OSSL_CMP_SRV_CTX_init(OSSL_CMP_SRV_CTX *srv_ctx, void *custom_ctx,
+                          OSSL_CMP_SRV_cert_request_cb_t process_cert_request,
+                          OSSL_CMP_SRV_rr_cb_t process_rr,
+                          OSSL_CMP_SRV_genm_cb_t process_genm,
+                          OSSL_CMP_SRV_error_cb_t process_error,
+                          OSSL_CMP_SRV_certConf_cb_t process_certConf,
+                          OSSL_CMP_SRV_pollReq_cb_t process_pollReq);
+OSSL_CMP_CTX *OSSL_CMP_SRV_CTX_get0_cmp_ctx(const OSSL_CMP_SRV_CTX *srv_ctx);
+void *OSSL_CMP_SRV_CTX_get0_custom_ctx(const OSSL_CMP_SRV_CTX *srv_ctx);
+int OSSL_CMP_SRV_CTX_set_send_unprotected_errors(OSSL_CMP_SRV_CTX *srv_ctx,
+                                                 int val);
+int OSSL_CMP_SRV_CTX_set_accept_unprotected(OSSL_CMP_SRV_CTX *srv_ctx, int val);
+int OSSL_CMP_SRV_CTX_set_accept_raverified(OSSL_CMP_SRV_CTX *srv_ctx, int val);
+int OSSL_CMP_SRV_CTX_set_grant_implicit_confirm(OSSL_CMP_SRV_CTX *srv_ctx,
+                                                int val);
+
+/* from cmp_client.c */
+X509 *OSSL_CMP_exec_certreq(OSSL_CMP_CTX *ctx, int req_type,
+                            const OSSL_CRMF_MSG *crm);
+#  define OSSL_CMP_IR    0
+#  define OSSL_CMP_CR    2
+#  define OSSL_CMP_P10CR 4
+#  define OSSL_CMP_KUR   7
+#  define OSSL_CMP_exec_IR_ses(ctx) \
+    OSSL_CMP_exec_certreq(ctx, OSSL_CMP_IR, NULL)
+#  define OSSL_CMP_exec_CR_ses(ctx) \
+    OSSL_CMP_exec_certreq(ctx, OSSL_CMP_CR, NULL)
+#  define OSSL_CMP_exec_P10CR_ses(ctx) \
+    OSSL_CMP_exec_certreq(ctx, OSSL_CMP_P10CR, NULL)
+#  define OSSL_CMP_exec_KUR_ses(ctx) \
+    OSSL_CMP_exec_certreq(ctx, OSSL_CMP_KUR, NULL)
+int OSSL_CMP_try_certreq(OSSL_CMP_CTX *ctx, int req_type,
+                         const OSSL_CRMF_MSG *crm, int *checkAfter);
+int OSSL_CMP_exec_RR_ses(OSSL_CMP_CTX *ctx);
+STACK_OF(OSSL_CMP_ITAV) *OSSL_CMP_exec_GENM_ses(OSSL_CMP_CTX *ctx);
+
+#  ifdef  __cplusplus
+}
+#  endif
+# endif /* !defined(OPENSSL_NO_CMP) */
+#endif /* !defined(OPENSSL_CMP_H) */
--- a/src/3rdparty/win32_include/openssl/cmp_util.h
+++ b/src/3rdparty/win32_include/openssl/cmp_util.h
@ -0,0 +1,56 @@
+/*
+ * Copyright 2007-2021 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright Nokia 2007-2019
+ * Copyright Siemens AG 2015-2019
+ *
+ * Licensed under the Apache License 2.0 (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#ifndef OPENSSL_CMP_UTIL_H
+# define OPENSSL_CMP_UTIL_H
+# pragma once
+
+# include <openssl/opensslconf.h>
+# ifndef OPENSSL_NO_CMP
+
+#  include <openssl/macros.h>
+#  include <openssl/trace.h>
+
+#  ifdef __cplusplus
+extern "C" {
+#  endif
+
+int  OSSL_CMP_log_open(void);
+void OSSL_CMP_log_close(void);
+#  define OSSL_CMP_LOG_PREFIX "CMP "
+
+/*
+ * generalized logging/error callback mirroring the severity levels of syslog.h
+ */
+typedef int OSSL_CMP_severity;
+#  define OSSL_CMP_LOG_EMERG   0
+#  define OSSL_CMP_LOG_ALERT   1
+#  define OSSL_CMP_LOG_CRIT    2
+#  define OSSL_CMP_LOG_ERR     3
+#  define OSSL_CMP_LOG_WARNING 4
+#  define OSSL_CMP_LOG_NOTICE  5
+#  define OSSL_CMP_LOG_INFO    6
+#  define OSSL_CMP_LOG_DEBUG   7
+#  define OSSL_CMP_LOG_TRACE   8
+#  define OSSL_CMP_LOG_MAX     OSSL_CMP_LOG_TRACE
+typedef int (*OSSL_CMP_log_cb_t)(const char *func, const char *file, int line,
+                                 OSSL_CMP_severity level, const char *msg);
+
+int OSSL_CMP_print_to_bio(BIO *bio, const char *component, const char *file,
+                          int line, OSSL_CMP_severity level, const char *msg);
+/* use of the logging callback for outputting error queue */
+void OSSL_CMP_print_errors_cb(OSSL_CMP_log_cb_t log_fn);
+
+#  ifdef  __cplusplus
+}
+#  endif
+# endif /* !defined(OPENSSL_NO_CMP) */
+#endif /* !defined(OPENSSL_CMP_UTIL_H) */
--- a/src/3rdparty/win32_include/openssl/cmperr.h
+++ b/src/3rdparty/win32_include/openssl/cmperr.h
@ -0,0 +1,114 @@
+/*
+ * Generated by util/mkerr.pl DO NOT EDIT
+ * Copyright 1995-2022 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the Apache License 2.0 (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#ifndef OPENSSL_CMPERR_H
+# define OPENSSL_CMPERR_H
+# pragma once
+
+# include <openssl/opensslconf.h>
+# include <openssl/symhacks.h>
+# include <openssl/cryptoerr_legacy.h>
+
+
+# ifndef OPENSSL_NO_CMP
+
+
+/*
+ * CMP reason codes.
+ */
+#  define CMP_R_ALGORITHM_NOT_SUPPORTED                    139
+#  define CMP_R_BAD_CHECKAFTER_IN_POLLREP                  167
+#  define CMP_R_BAD_REQUEST_ID                             108
+#  define CMP_R_CERTHASH_UNMATCHED                         156
+#  define CMP_R_CERTID_NOT_FOUND                           109
+#  define CMP_R_CERTIFICATE_NOT_ACCEPTED                   169
+#  define CMP_R_CERTIFICATE_NOT_FOUND                      112
+#  define CMP_R_CERTREQMSG_NOT_FOUND                       157
+#  define CMP_R_CERTRESPONSE_NOT_FOUND                     113
+#  define CMP_R_CERT_AND_KEY_DO_NOT_MATCH                  114
+#  define CMP_R_CHECKAFTER_OUT_OF_RANGE                    181
+#  define CMP_R_ENCOUNTERED_KEYUPDATEWARNING               176
+#  define CMP_R_ENCOUNTERED_WAITING                        162
+#  define CMP_R_ERROR_CALCULATING_PROTECTION               115
+#  define CMP_R_ERROR_CREATING_CERTCONF                    116
+#  define CMP_R_ERROR_CREATING_CERTREP                     117
+#  define CMP_R_ERROR_CREATING_CERTREQ                     163
+#  define CMP_R_ERROR_CREATING_ERROR                       118
+#  define CMP_R_ERROR_CREATING_GENM                        119
+#  define CMP_R_ERROR_CREATING_GENP                        120
+#  define CMP_R_ERROR_CREATING_PKICONF                     122
+#  define CMP_R_ERROR_CREATING_POLLREP                     123
+#  define CMP_R_ERROR_CREATING_POLLREQ                     124
+#  define CMP_R_ERROR_CREATING_RP                          125
+#  define CMP_R_ERROR_CREATING_RR                          126
+#  define CMP_R_ERROR_PARSING_PKISTATUS                    107
+#  define CMP_R_ERROR_PROCESSING_MESSAGE                   158
+#  define CMP_R_ERROR_PROTECTING_MESSAGE                   127
+#  define CMP_R_ERROR_SETTING_CERTHASH                     128
+#  define CMP_R_ERROR_UNEXPECTED_CERTCONF                  160
+#  define CMP_R_ERROR_VALIDATING_PROTECTION                140
+#  define CMP_R_ERROR_VALIDATING_SIGNATURE                 171
+#  define CMP_R_FAILED_BUILDING_OWN_CHAIN                  164
+#  define CMP_R_FAILED_EXTRACTING_PUBKEY                   141
+#  define CMP_R_FAILURE_OBTAINING_RANDOM                   110
+#  define CMP_R_FAIL_INFO_OUT_OF_RANGE                     129
+#  define CMP_R_INVALID_ARGS                               100
+#  define CMP_R_INVALID_OPTION                             174
+#  define CMP_R_MISSING_CERTID                             165
+#  define CMP_R_MISSING_KEY_INPUT_FOR_CREATING_PROTECTION  130
+#  define CMP_R_MISSING_KEY_USAGE_DIGITALSIGNATURE         142
+#  define CMP_R_MISSING_P10CSR                             121
+#  define CMP_R_MISSING_PBM_SECRET                         166
+#  define CMP_R_MISSING_PRIVATE_KEY                        131
+#  define CMP_R_MISSING_PROTECTION                         143
+#  define CMP_R_MISSING_REFERENCE_CERT                     168
+#  define CMP_R_MISSING_SECRET                             178
+#  define CMP_R_MISSING_SENDER_IDENTIFICATION              111
+#  define CMP_R_MISSING_TRUST_ANCHOR                       179
+#  define CMP_R_MISSING_TRUST_STORE                        144
+#  define CMP_R_MULTIPLE_REQUESTS_NOT_SUPPORTED            161
+#  define CMP_R_MULTIPLE_RESPONSES_NOT_SUPPORTED           170
+#  define CMP_R_MULTIPLE_SAN_SOURCES                       102
+#  define CMP_R_NO_STDIO                                   194
+#  define CMP_R_NO_SUITABLE_SENDER_CERT                    145
+#  define CMP_R_NULL_ARGUMENT                              103
+#  define CMP_R_PKIBODY_ERROR                              146
+#  define CMP_R_PKISTATUSINFO_NOT_FOUND                    132
+#  define CMP_R_POLLING_FAILED                             172
+#  define CMP_R_POTENTIALLY_INVALID_CERTIFICATE            147
+#  define CMP_R_RECEIVED_ERROR                             180
+#  define CMP_R_RECIPNONCE_UNMATCHED                       148
+#  define CMP_R_REQUEST_NOT_ACCEPTED                       149
+#  define CMP_R_REQUEST_REJECTED_BY_SERVER                 182
+#  define CMP_R_SENDER_GENERALNAME_TYPE_NOT_SUPPORTED      150
+#  define CMP_R_SRVCERT_DOES_NOT_VALIDATE_MSG              151
+#  define CMP_R_TOTAL_TIMEOUT                              184
+#  define CMP_R_TRANSACTIONID_UNMATCHED                    152
+#  define CMP_R_TRANSFER_ERROR                             159
+#  define CMP_R_UNEXPECTED_PKIBODY                         133
+#  define CMP_R_UNEXPECTED_PKISTATUS                       185
+#  define CMP_R_UNEXPECTED_PVNO                            153
+#  define CMP_R_UNKNOWN_ALGORITHM_ID                       134
+#  define CMP_R_UNKNOWN_CERT_TYPE                          135
+#  define CMP_R_UNKNOWN_PKISTATUS                          186
+#  define CMP_R_UNSUPPORTED_ALGORITHM                      136
+#  define CMP_R_UNSUPPORTED_KEY_TYPE                       137
+#  define CMP_R_UNSUPPORTED_PROTECTION_ALG_DHBASEDMAC      154
+#  define CMP_R_VALUE_TOO_LARGE                            175
+#  define CMP_R_VALUE_TOO_SMALL                            177
+#  define CMP_R_WRONG_ALGORITHM_OID                        138
+#  define CMP_R_WRONG_CERTID                               189
+#  define CMP_R_WRONG_CERTID_IN_RP                         187
+#  define CMP_R_WRONG_PBM_VALUE                            155
+#  define CMP_R_WRONG_RP_COMPONENT_COUNT                   188
+#  define CMP_R_WRONG_SERIAL_IN_RP                         173
+
+# endif
+#endif
--- a/src/3rdparty/win32_include/openssl/cms.h
+++ b/src/3rdparty/win32_include/openssl/cms.h
@ -1,14 +1,25 @@
 /*
- * Copyright 2008-2019 The OpenSSL Project Authors. All Rights Reserved.
+ * WARNING: do not edit!
+ * Generated by makefile from include\openssl\cms.h.in
 *
- * Licensed under the OpenSSL license (the "License").  You may not use
+ * Copyright 2008-2021 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the Apache License 2.0 (the "License").  You may not use
 * this file except in compliance with the License.  You can obtain a copy
 * in the file LICENSE in the source distribution or at
 * https://www.openssl.org/source/license.html
 */

-#ifndef HEADER_CMS_H
-# define HEADER_CMS_H
+
+
+#ifndef OPENSSL_CMS_H
+# define OPENSSL_CMS_H
+# pragma once
+
+# include <openssl/macros.h>
+# ifndef OPENSSL_NO_DEPRECATED_3_0
+#  define HEADER_CMS_H
+# endif

 # include <openssl/opensslconf.h>

@ -30,14 +41,118 @@ typedef struct CMS_Receipt_st CMS_Receipt;
 typedef struct CMS_RecipientEncryptedKey_st CMS_RecipientEncryptedKey;
 typedef struct CMS_OtherKeyAttribute_st CMS_OtherKeyAttribute;

-DEFINE_STACK_OF(CMS_SignerInfo)
-DEFINE_STACK_OF(CMS_RecipientEncryptedKey)
-DEFINE_STACK_OF(CMS_RecipientInfo)
-DEFINE_STACK_OF(CMS_RevocationInfoChoice)
+SKM_DEFINE_STACK_OF_INTERNAL(CMS_SignerInfo, CMS_SignerInfo, CMS_SignerInfo)
+#define sk_CMS_SignerInfo_num(sk) OPENSSL_sk_num(ossl_check_const_CMS_SignerInfo_sk_type(sk))
+#define sk_CMS_SignerInfo_value(sk, idx) ((CMS_SignerInfo *)OPENSSL_sk_value(ossl_check_const_CMS_SignerInfo_sk_type(sk), (idx)))
+#define sk_CMS_SignerInfo_new(cmp) ((STACK_OF(CMS_SignerInfo) *)OPENSSL_sk_new(ossl_check_CMS_SignerInfo_compfunc_type(cmp)))
+#define sk_CMS_SignerInfo_new_null() ((STACK_OF(CMS_SignerInfo) *)OPENSSL_sk_new_null())
+#define sk_CMS_SignerInfo_new_reserve(cmp, n) ((STACK_OF(CMS_SignerInfo) *)OPENSSL_sk_new_reserve(ossl_check_CMS_SignerInfo_compfunc_type(cmp), (n)))
+#define sk_CMS_SignerInfo_reserve(sk, n) OPENSSL_sk_reserve(ossl_check_CMS_SignerInfo_sk_type(sk), (n))
+#define sk_CMS_SignerInfo_free(sk) OPENSSL_sk_free(ossl_check_CMS_SignerInfo_sk_type(sk))
+#define sk_CMS_SignerInfo_zero(sk) OPENSSL_sk_zero(ossl_check_CMS_SignerInfo_sk_type(sk))
+#define sk_CMS_SignerInfo_delete(sk, i) ((CMS_SignerInfo *)OPENSSL_sk_delete(ossl_check_CMS_SignerInfo_sk_type(sk), (i)))
+#define sk_CMS_SignerInfo_delete_ptr(sk, ptr) ((CMS_SignerInfo *)OPENSSL_sk_delete_ptr(ossl_check_CMS_SignerInfo_sk_type(sk), ossl_check_CMS_SignerInfo_type(ptr)))
+#define sk_CMS_SignerInfo_push(sk, ptr) OPENSSL_sk_push(ossl_check_CMS_SignerInfo_sk_type(sk), ossl_check_CMS_SignerInfo_type(ptr))
+#define sk_CMS_SignerInfo_unshift(sk, ptr) OPENSSL_sk_unshift(ossl_check_CMS_SignerInfo_sk_type(sk), ossl_check_CMS_SignerInfo_type(ptr))
+#define sk_CMS_SignerInfo_pop(sk) ((CMS_SignerInfo *)OPENSSL_sk_pop(ossl_check_CMS_SignerInfo_sk_type(sk)))
+#define sk_CMS_SignerInfo_shift(sk) ((CMS_SignerInfo *)OPENSSL_sk_shift(ossl_check_CMS_SignerInfo_sk_type(sk)))
+#define sk_CMS_SignerInfo_pop_free(sk, freefunc) OPENSSL_sk_pop_free(ossl_check_CMS_SignerInfo_sk_type(sk),ossl_check_CMS_SignerInfo_freefunc_type(freefunc))
+#define sk_CMS_SignerInfo_insert(sk, ptr, idx) OPENSSL_sk_insert(ossl_check_CMS_SignerInfo_sk_type(sk), ossl_check_CMS_SignerInfo_type(ptr), (idx))
+#define sk_CMS_SignerInfo_set(sk, idx, ptr) ((CMS_SignerInfo *)OPENSSL_sk_set(ossl_check_CMS_SignerInfo_sk_type(sk), (idx), ossl_check_CMS_SignerInfo_type(ptr)))
+#define sk_CMS_SignerInfo_find(sk, ptr) OPENSSL_sk_find(ossl_check_CMS_SignerInfo_sk_type(sk), ossl_check_CMS_SignerInfo_type(ptr))
+#define sk_CMS_SignerInfo_find_ex(sk, ptr) OPENSSL_sk_find_ex(ossl_check_CMS_SignerInfo_sk_type(sk), ossl_check_CMS_SignerInfo_type(ptr))
+#define sk_CMS_SignerInfo_find_all(sk, ptr, pnum) OPENSSL_sk_find_all(ossl_check_CMS_SignerInfo_sk_type(sk), ossl_check_CMS_SignerInfo_type(ptr), pnum)
+#define sk_CMS_SignerInfo_sort(sk) OPENSSL_sk_sort(ossl_check_CMS_SignerInfo_sk_type(sk))
+#define sk_CMS_SignerInfo_is_sorted(sk) OPENSSL_sk_is_sorted(ossl_check_const_CMS_SignerInfo_sk_type(sk))
+#define sk_CMS_SignerInfo_dup(sk) ((STACK_OF(CMS_SignerInfo) *)OPENSSL_sk_dup(ossl_check_const_CMS_SignerInfo_sk_type(sk)))
+#define sk_CMS_SignerInfo_deep_copy(sk, copyfunc, freefunc) ((STACK_OF(CMS_SignerInfo) *)OPENSSL_sk_deep_copy(ossl_check_const_CMS_SignerInfo_sk_type(sk), ossl_check_CMS_SignerInfo_copyfunc_type(copyfunc), ossl_check_CMS_SignerInfo_freefunc_type(freefunc)))
+#define sk_CMS_SignerInfo_set_cmp_func(sk, cmp) ((sk_CMS_SignerInfo_compfunc)OPENSSL_sk_set_cmp_func(ossl_check_CMS_SignerInfo_sk_type(sk), ossl_check_CMS_SignerInfo_compfunc_type(cmp)))
+SKM_DEFINE_STACK_OF_INTERNAL(CMS_RecipientEncryptedKey, CMS_RecipientEncryptedKey, CMS_RecipientEncryptedKey)
+#define sk_CMS_RecipientEncryptedKey_num(sk) OPENSSL_sk_num(ossl_check_const_CMS_RecipientEncryptedKey_sk_type(sk))
+#define sk_CMS_RecipientEncryptedKey_value(sk, idx) ((CMS_RecipientEncryptedKey *)OPENSSL_sk_value(ossl_check_const_CMS_RecipientEncryptedKey_sk_type(sk), (idx)))
+#define sk_CMS_RecipientEncryptedKey_new(cmp) ((STACK_OF(CMS_RecipientEncryptedKey) *)OPENSSL_sk_new(ossl_check_CMS_RecipientEncryptedKey_compfunc_type(cmp)))
+#define sk_CMS_RecipientEncryptedKey_new_null() ((STACK_OF(CMS_RecipientEncryptedKey) *)OPENSSL_sk_new_null())
+#define sk_CMS_RecipientEncryptedKey_new_reserve(cmp, n) ((STACK_OF(CMS_RecipientEncryptedKey) *)OPENSSL_sk_new_reserve(ossl_check_CMS_RecipientEncryptedKey_compfunc_type(cmp), (n)))
+#define sk_CMS_RecipientEncryptedKey_reserve(sk, n) OPENSSL_sk_reserve(ossl_check_CMS_RecipientEncryptedKey_sk_type(sk), (n))
+#define sk_CMS_RecipientEncryptedKey_free(sk) OPENSSL_sk_free(ossl_check_CMS_RecipientEncryptedKey_sk_type(sk))
+#define sk_CMS_RecipientEncryptedKey_zero(sk) OPENSSL_sk_zero(ossl_check_CMS_RecipientEncryptedKey_sk_type(sk))
+#define sk_CMS_RecipientEncryptedKey_delete(sk, i) ((CMS_RecipientEncryptedKey *)OPENSSL_sk_delete(ossl_check_CMS_RecipientEncryptedKey_sk_type(sk), (i)))
+#define sk_CMS_RecipientEncryptedKey_delete_ptr(sk, ptr) ((CMS_RecipientEncryptedKey *)OPENSSL_sk_delete_ptr(ossl_check_CMS_RecipientEncryptedKey_sk_type(sk), ossl_check_CMS_RecipientEncryptedKey_type(ptr)))
+#define sk_CMS_RecipientEncryptedKey_push(sk, ptr) OPENSSL_sk_push(ossl_check_CMS_RecipientEncryptedKey_sk_type(sk), ossl_check_CMS_RecipientEncryptedKey_type(ptr))
+#define sk_CMS_RecipientEncryptedKey_unshift(sk, ptr) OPENSSL_sk_unshift(ossl_check_CMS_RecipientEncryptedKey_sk_type(sk), ossl_check_CMS_RecipientEncryptedKey_type(ptr))
+#define sk_CMS_RecipientEncryptedKey_pop(sk) ((CMS_RecipientEncryptedKey *)OPENSSL_sk_pop(ossl_check_CMS_RecipientEncryptedKey_sk_type(sk)))
+#define sk_CMS_RecipientEncryptedKey_shift(sk) ((CMS_RecipientEncryptedKey *)OPENSSL_sk_shift(ossl_check_CMS_RecipientEncryptedKey_sk_type(sk)))
+#define sk_CMS_RecipientEncryptedKey_pop_free(sk, freefunc) OPENSSL_sk_pop_free(ossl_check_CMS_RecipientEncryptedKey_sk_type(sk),ossl_check_CMS_RecipientEncryptedKey_freefunc_type(freefunc))
+#define sk_CMS_RecipientEncryptedKey_insert(sk, ptr, idx) OPENSSL_sk_insert(ossl_check_CMS_RecipientEncryptedKey_sk_type(sk), ossl_check_CMS_RecipientEncryptedKey_type(ptr), (idx))
+#define sk_CMS_RecipientEncryptedKey_set(sk, idx, ptr) ((CMS_RecipientEncryptedKey *)OPENSSL_sk_set(ossl_check_CMS_RecipientEncryptedKey_sk_type(sk), (idx), ossl_check_CMS_RecipientEncryptedKey_type(ptr)))
+#define sk_CMS_RecipientEncryptedKey_find(sk, ptr) OPENSSL_sk_find(ossl_check_CMS_RecipientEncryptedKey_sk_type(sk), ossl_check_CMS_RecipientEncryptedKey_type(ptr))
+#define sk_CMS_RecipientEncryptedKey_find_ex(sk, ptr) OPENSSL_sk_find_ex(ossl_check_CMS_RecipientEncryptedKey_sk_type(sk), ossl_check_CMS_RecipientEncryptedKey_type(ptr))
+#define sk_CMS_RecipientEncryptedKey_find_all(sk, ptr, pnum) OPENSSL_sk_find_all(ossl_check_CMS_RecipientEncryptedKey_sk_type(sk), ossl_check_CMS_RecipientEncryptedKey_type(ptr), pnum)
+#define sk_CMS_RecipientEncryptedKey_sort(sk) OPENSSL_sk_sort(ossl_check_CMS_RecipientEncryptedKey_sk_type(sk))
+#define sk_CMS_RecipientEncryptedKey_is_sorted(sk) OPENSSL_sk_is_sorted(ossl_check_const_CMS_RecipientEncryptedKey_sk_type(sk))
+#define sk_CMS_RecipientEncryptedKey_dup(sk) ((STACK_OF(CMS_RecipientEncryptedKey) *)OPENSSL_sk_dup(ossl_check_const_CMS_RecipientEncryptedKey_sk_type(sk)))
+#define sk_CMS_RecipientEncryptedKey_deep_copy(sk, copyfunc, freefunc) ((STACK_OF(CMS_RecipientEncryptedKey) *)OPENSSL_sk_deep_copy(ossl_check_const_CMS_RecipientEncryptedKey_sk_type(sk), ossl_check_CMS_RecipientEncryptedKey_copyfunc_type(copyfunc), ossl_check_CMS_RecipientEncryptedKey_freefunc_type(freefunc)))
+#define sk_CMS_RecipientEncryptedKey_set_cmp_func(sk, cmp) ((sk_CMS_RecipientEncryptedKey_compfunc)OPENSSL_sk_set_cmp_func(ossl_check_CMS_RecipientEncryptedKey_sk_type(sk), ossl_check_CMS_RecipientEncryptedKey_compfunc_type(cmp)))
+SKM_DEFINE_STACK_OF_INTERNAL(CMS_RecipientInfo, CMS_RecipientInfo, CMS_RecipientInfo)
+#define sk_CMS_RecipientInfo_num(sk) OPENSSL_sk_num(ossl_check_const_CMS_RecipientInfo_sk_type(sk))
+#define sk_CMS_RecipientInfo_value(sk, idx) ((CMS_RecipientInfo *)OPENSSL_sk_value(ossl_check_const_CMS_RecipientInfo_sk_type(sk), (idx)))
+#define sk_CMS_RecipientInfo_new(cmp) ((STACK_OF(CMS_RecipientInfo) *)OPENSSL_sk_new(ossl_check_CMS_RecipientInfo_compfunc_type(cmp)))
+#define sk_CMS_RecipientInfo_new_null() ((STACK_OF(CMS_RecipientInfo) *)OPENSSL_sk_new_null())
+#define sk_CMS_RecipientInfo_new_reserve(cmp, n) ((STACK_OF(CMS_RecipientInfo) *)OPENSSL_sk_new_reserve(ossl_check_CMS_RecipientInfo_compfunc_type(cmp), (n)))
+#define sk_CMS_RecipientInfo_reserve(sk, n) OPENSSL_sk_reserve(ossl_check_CMS_RecipientInfo_sk_type(sk), (n))
+#define sk_CMS_RecipientInfo_free(sk) OPENSSL_sk_free(ossl_check_CMS_RecipientInfo_sk_type(sk))
+#define sk_CMS_RecipientInfo_zero(sk) OPENSSL_sk_zero(ossl_check_CMS_RecipientInfo_sk_type(sk))
+#define sk_CMS_RecipientInfo_delete(sk, i) ((CMS_RecipientInfo *)OPENSSL_sk_delete(ossl_check_CMS_RecipientInfo_sk_type(sk), (i)))
+#define sk_CMS_RecipientInfo_delete_ptr(sk, ptr) ((CMS_RecipientInfo *)OPENSSL_sk_delete_ptr(ossl_check_CMS_RecipientInfo_sk_type(sk), ossl_check_CMS_RecipientInfo_type(ptr)))
+#define sk_CMS_RecipientInfo_push(sk, ptr) OPENSSL_sk_push(ossl_check_CMS_RecipientInfo_sk_type(sk), ossl_check_CMS_RecipientInfo_type(ptr))
+#define sk_CMS_RecipientInfo_unshift(sk, ptr) OPENSSL_sk_unshift(ossl_check_CMS_RecipientInfo_sk_type(sk), ossl_check_CMS_RecipientInfo_type(ptr))
+#define sk_CMS_RecipientInfo_pop(sk) ((CMS_RecipientInfo *)OPENSSL_sk_pop(ossl_check_CMS_RecipientInfo_sk_type(sk)))
+#define sk_CMS_RecipientInfo_shift(sk) ((CMS_RecipientInfo *)OPENSSL_sk_shift(ossl_check_CMS_RecipientInfo_sk_type(sk)))
+#define sk_CMS_RecipientInfo_pop_free(sk, freefunc) OPENSSL_sk_pop_free(ossl_check_CMS_RecipientInfo_sk_type(sk),ossl_check_CMS_RecipientInfo_freefunc_type(freefunc))
+#define sk_CMS_RecipientInfo_insert(sk, ptr, idx) OPENSSL_sk_insert(ossl_check_CMS_RecipientInfo_sk_type(sk), ossl_check_CMS_RecipientInfo_type(ptr), (idx))
+#define sk_CMS_RecipientInfo_set(sk, idx, ptr) ((CMS_RecipientInfo *)OPENSSL_sk_set(ossl_check_CMS_RecipientInfo_sk_type(sk), (idx), ossl_check_CMS_RecipientInfo_type(ptr)))
+#define sk_CMS_RecipientInfo_find(sk, ptr) OPENSSL_sk_find(ossl_check_CMS_RecipientInfo_sk_type(sk), ossl_check_CMS_RecipientInfo_type(ptr))
+#define sk_CMS_RecipientInfo_find_ex(sk, ptr) OPENSSL_sk_find_ex(ossl_check_CMS_RecipientInfo_sk_type(sk), ossl_check_CMS_RecipientInfo_type(ptr))
+#define sk_CMS_RecipientInfo_find_all(sk, ptr, pnum) OPENSSL_sk_find_all(ossl_check_CMS_RecipientInfo_sk_type(sk), ossl_check_CMS_RecipientInfo_type(ptr), pnum)
+#define sk_CMS_RecipientInfo_sort(sk) OPENSSL_sk_sort(ossl_check_CMS_RecipientInfo_sk_type(sk))
+#define sk_CMS_RecipientInfo_is_sorted(sk) OPENSSL_sk_is_sorted(ossl_check_const_CMS_RecipientInfo_sk_type(sk))
+#define sk_CMS_RecipientInfo_dup(sk) ((STACK_OF(CMS_RecipientInfo) *)OPENSSL_sk_dup(ossl_check_const_CMS_RecipientInfo_sk_type(sk)))
+#define sk_CMS_RecipientInfo_deep_copy(sk, copyfunc, freefunc) ((STACK_OF(CMS_RecipientInfo) *)OPENSSL_sk_deep_copy(ossl_check_const_CMS_RecipientInfo_sk_type(sk), ossl_check_CMS_RecipientInfo_copyfunc_type(copyfunc), ossl_check_CMS_RecipientInfo_freefunc_type(freefunc)))
+#define sk_CMS_RecipientInfo_set_cmp_func(sk, cmp) ((sk_CMS_RecipientInfo_compfunc)OPENSSL_sk_set_cmp_func(ossl_check_CMS_RecipientInfo_sk_type(sk), ossl_check_CMS_RecipientInfo_compfunc_type(cmp)))
+SKM_DEFINE_STACK_OF_INTERNAL(CMS_RevocationInfoChoice, CMS_RevocationInfoChoice, CMS_RevocationInfoChoice)
+#define sk_CMS_RevocationInfoChoice_num(sk) OPENSSL_sk_num(ossl_check_const_CMS_RevocationInfoChoice_sk_type(sk))
+#define sk_CMS_RevocationInfoChoice_value(sk, idx) ((CMS_RevocationInfoChoice *)OPENSSL_sk_value(ossl_check_const_CMS_RevocationInfoChoice_sk_type(sk), (idx)))
+#define sk_CMS_RevocationInfoChoice_new(cmp) ((STACK_OF(CMS_RevocationInfoChoice) *)OPENSSL_sk_new(ossl_check_CMS_RevocationInfoChoice_compfunc_type(cmp)))
+#define sk_CMS_RevocationInfoChoice_new_null() ((STACK_OF(CMS_RevocationInfoChoice) *)OPENSSL_sk_new_null())
+#define sk_CMS_RevocationInfoChoice_new_reserve(cmp, n) ((STACK_OF(CMS_RevocationInfoChoice) *)OPENSSL_sk_new_reserve(ossl_check_CMS_RevocationInfoChoice_compfunc_type(cmp), (n)))
+#define sk_CMS_RevocationInfoChoice_reserve(sk, n) OPENSSL_sk_reserve(ossl_check_CMS_RevocationInfoChoice_sk_type(sk), (n))
+#define sk_CMS_RevocationInfoChoice_free(sk) OPENSSL_sk_free(ossl_check_CMS_RevocationInfoChoice_sk_type(sk))
+#define sk_CMS_RevocationInfoChoice_zero(sk) OPENSSL_sk_zero(ossl_check_CMS_RevocationInfoChoice_sk_type(sk))
+#define sk_CMS_RevocationInfoChoice_delete(sk, i) ((CMS_RevocationInfoChoice *)OPENSSL_sk_delete(ossl_check_CMS_RevocationInfoChoice_sk_type(sk), (i)))
+#define sk_CMS_RevocationInfoChoice_delete_ptr(sk, ptr) ((CMS_RevocationInfoChoice *)OPENSSL_sk_delete_ptr(ossl_check_CMS_RevocationInfoChoice_sk_type(sk), ossl_check_CMS_RevocationInfoChoice_type(ptr)))
+#define sk_CMS_RevocationInfoChoice_push(sk, ptr) OPENSSL_sk_push(ossl_check_CMS_RevocationInfoChoice_sk_type(sk), ossl_check_CMS_RevocationInfoChoice_type(ptr))
+#define sk_CMS_RevocationInfoChoice_unshift(sk, ptr) OPENSSL_sk_unshift(ossl_check_CMS_RevocationInfoChoice_sk_type(sk), ossl_check_CMS_RevocationInfoChoice_type(ptr))
+#define sk_CMS_RevocationInfoChoice_pop(sk) ((CMS_RevocationInfoChoice *)OPENSSL_sk_pop(ossl_check_CMS_RevocationInfoChoice_sk_type(sk)))
+#define sk_CMS_RevocationInfoChoice_shift(sk) ((CMS_RevocationInfoChoice *)OPENSSL_sk_shift(ossl_check_CMS_RevocationInfoChoice_sk_type(sk)))
+#define sk_CMS_RevocationInfoChoice_pop_free(sk, freefunc) OPENSSL_sk_pop_free(ossl_check_CMS_RevocationInfoChoice_sk_type(sk),ossl_check_CMS_RevocationInfoChoice_freefunc_type(freefunc))
+#define sk_CMS_RevocationInfoChoice_insert(sk, ptr, idx) OPENSSL_sk_insert(ossl_check_CMS_RevocationInfoChoice_sk_type(sk), ossl_check_CMS_RevocationInfoChoice_type(ptr), (idx))
+#define sk_CMS_RevocationInfoChoice_set(sk, idx, ptr) ((CMS_RevocationInfoChoice *)OPENSSL_sk_set(ossl_check_CMS_RevocationInfoChoice_sk_type(sk), (idx), ossl_check_CMS_RevocationInfoChoice_type(ptr)))
+#define sk_CMS_RevocationInfoChoice_find(sk, ptr) OPENSSL_sk_find(ossl_check_CMS_RevocationInfoChoice_sk_type(sk), ossl_check_CMS_RevocationInfoChoice_type(ptr))
+#define sk_CMS_RevocationInfoChoice_find_ex(sk, ptr) OPENSSL_sk_find_ex(ossl_check_CMS_RevocationInfoChoice_sk_type(sk), ossl_check_CMS_RevocationInfoChoice_type(ptr))
+#define sk_CMS_RevocationInfoChoice_find_all(sk, ptr, pnum) OPENSSL_sk_find_all(ossl_check_CMS_RevocationInfoChoice_sk_type(sk), ossl_check_CMS_RevocationInfoChoice_type(ptr), pnum)
+#define sk_CMS_RevocationInfoChoice_sort(sk) OPENSSL_sk_sort(ossl_check_CMS_RevocationInfoChoice_sk_type(sk))
+#define sk_CMS_RevocationInfoChoice_is_sorted(sk) OPENSSL_sk_is_sorted(ossl_check_const_CMS_RevocationInfoChoice_sk_type(sk))
+#define sk_CMS_RevocationInfoChoice_dup(sk) ((STACK_OF(CMS_RevocationInfoChoice) *)OPENSSL_sk_dup(ossl_check_const_CMS_RevocationInfoChoice_sk_type(sk)))
+#define sk_CMS_RevocationInfoChoice_deep_copy(sk, copyfunc, freefunc) ((STACK_OF(CMS_RevocationInfoChoice) *)OPENSSL_sk_deep_copy(ossl_check_const_CMS_RevocationInfoChoice_sk_type(sk), ossl_check_CMS_RevocationInfoChoice_copyfunc_type(copyfunc), ossl_check_CMS_RevocationInfoChoice_freefunc_type(freefunc)))
+#define sk_CMS_RevocationInfoChoice_set_cmp_func(sk, cmp) ((sk_CMS_RevocationInfoChoice_compfunc)OPENSSL_sk_set_cmp_func(ossl_check_CMS_RevocationInfoChoice_sk_type(sk), ossl_check_CMS_RevocationInfoChoice_compfunc_type(cmp)))
+
+
 DECLARE_ASN1_FUNCTIONS(CMS_ContentInfo)
 DECLARE_ASN1_FUNCTIONS(CMS_ReceiptRequest)
 DECLARE_ASN1_PRINT_FUNCTION(CMS_ContentInfo)

+CMS_ContentInfo *CMS_ContentInfo_new_ex(OSSL_LIB_CTX *libctx, const char *propq);
+
 # define CMS_SIGNERINFO_ISSUER_SERIAL    0
 # define CMS_SIGNERINFO_KEYIDENTIFIER    1

@ -73,6 +188,8 @@ DECLARE_ASN1_PRINT_FUNCTION(CMS_ContentInfo)
 # define CMS_DEBUG_DECRYPT               0x20000
 # define CMS_KEY_PARAM                   0x40000
 # define CMS_ASCIICRLF                   0x80000
+# define CMS_CADES                       0x100000
+# define CMS_USE_ORIGINATOR_KEYID        0x200000

 const ASN1_OBJECT *CMS_get0_type(const CMS_ContentInfo *cms);

@ -83,8 +200,8 @@ ASN1_OCTET_STRING **CMS_get0_content(CMS_ContentInfo *cms);
 int CMS_is_detached(CMS_ContentInfo *cms);
 int CMS_set_detached(CMS_ContentInfo *cms, int detached);

-# ifdef HEADER_PEM_H
-DECLARE_PEM_rw_const(CMS, CMS_ContentInfo)
+# ifdef OPENSSL_PEM_H
+DECLARE_PEM_rw(CMS, CMS_ContentInfo)
 # endif
 int CMS_stream(unsigned char ***boundary, CMS_ContentInfo *cms);
 CMS_ContentInfo *d2i_CMS_bio(BIO *bp, CMS_ContentInfo **cms);
@ -95,6 +212,7 @@ int i2d_CMS_bio_stream(BIO *out, CMS_ContentInfo *cms, BIO *in, int flags);
 int PEM_write_bio_CMS_stream(BIO *out, CMS_ContentInfo *cms, BIO *in,
                             int flags);
 CMS_ContentInfo *SMIME_read_CMS(BIO *bio, BIO **bcont);
+CMS_ContentInfo *SMIME_read_CMS_ex(BIO *bio, int flags, BIO **bcont, CMS_ContentInfo **ci);
 int SMIME_write_CMS(BIO *bio, CMS_ContentInfo *cms, BIO *data, int flags);

 int CMS_final(CMS_ContentInfo *cms, BIO *data, BIO *dcont,
@ -103,6 +221,10 @@ int CMS_final(CMS_ContentInfo *cms, BIO *data, BIO *dcont,
 CMS_ContentInfo *CMS_sign(X509 *signcert, EVP_PKEY *pkey,
                          STACK_OF(X509) *certs, BIO *data,
                          unsigned int flags);
+CMS_ContentInfo *CMS_sign_ex(X509 *signcert, EVP_PKEY *pkey,
+                             STACK_OF(X509) *certs, BIO *data,
+                             unsigned int flags, OSSL_LIB_CTX *ctx,
+                             const char *propq);

 CMS_ContentInfo *CMS_sign_receipt(CMS_SignerInfo *si,
                                  X509 *signcert, EVP_PKEY *pkey,
@ -110,11 +232,16 @@ CMS_ContentInfo *CMS_sign_receipt(CMS_SignerInfo *si,

 int CMS_data(CMS_ContentInfo *cms, BIO *out, unsigned int flags);
 CMS_ContentInfo *CMS_data_create(BIO *in, unsigned int flags);
+CMS_ContentInfo *CMS_data_create_ex(BIO *in, unsigned int flags,
+                                    OSSL_LIB_CTX *ctx, const char *propq);

 int CMS_digest_verify(CMS_ContentInfo *cms, BIO *dcont, BIO *out,
                      unsigned int flags);
 CMS_ContentInfo *CMS_digest_create(BIO *in, const EVP_MD *md,
                                   unsigned int flags);
+CMS_ContentInfo *CMS_digest_create_ex(BIO *in, const EVP_MD *md,
+                                      unsigned int flags, OSSL_LIB_CTX *ctx,
+                                      const char *propq);

 int CMS_EncryptedData_decrypt(CMS_ContentInfo *cms,
                              const unsigned char *key, size_t keylen,
@ -123,6 +250,11 @@ int CMS_EncryptedData_decrypt(CMS_ContentInfo *cms,
 CMS_ContentInfo *CMS_EncryptedData_encrypt(BIO *in, const EVP_CIPHER *cipher,
                                           const unsigned char *key,
                                           size_t keylen, unsigned int flags);
+CMS_ContentInfo *CMS_EncryptedData_encrypt_ex(BIO *in, const EVP_CIPHER *cipher,
+                                              const unsigned char *key,
+                                              size_t keylen, unsigned int flags,
+                                              OSSL_LIB_CTX *ctx,
+                                              const char *propq);

 int CMS_EncryptedData_set1_key(CMS_ContentInfo *cms, const EVP_CIPHER *ciph,
                               const unsigned char *key, size_t keylen);
@ -138,11 +270,16 @@ STACK_OF(X509) *CMS_get0_signers(CMS_ContentInfo *cms);

 CMS_ContentInfo *CMS_encrypt(STACK_OF(X509) *certs, BIO *in,
                             const EVP_CIPHER *cipher, unsigned int flags);
+CMS_ContentInfo *CMS_encrypt_ex(STACK_OF(X509) *certs, BIO *in,
+                                const EVP_CIPHER *cipher, unsigned int flags,
+                                OSSL_LIB_CTX *ctx, const char *propq);

 int CMS_decrypt(CMS_ContentInfo *cms, EVP_PKEY *pkey, X509 *cert,
                BIO *dcont, BIO *out, unsigned int flags);

 int CMS_decrypt_set1_pkey(CMS_ContentInfo *cms, EVP_PKEY *pk, X509 *cert);
+int CMS_decrypt_set1_pkey_and_peer(CMS_ContentInfo *cms, EVP_PKEY *pk,
+                                   X509 *cert, X509 *peer);
 int CMS_decrypt_set1_key(CMS_ContentInfo *cms,
                         unsigned char *key, size_t keylen,
                         const unsigned char *id, size_t idlen);
@ -152,9 +289,19 @@ int CMS_decrypt_set1_password(CMS_ContentInfo *cms,
 STACK_OF(CMS_RecipientInfo) *CMS_get0_RecipientInfos(CMS_ContentInfo *cms);
 int CMS_RecipientInfo_type(CMS_RecipientInfo *ri);
 EVP_PKEY_CTX *CMS_RecipientInfo_get0_pkey_ctx(CMS_RecipientInfo *ri);
+CMS_ContentInfo *CMS_AuthEnvelopedData_create(const EVP_CIPHER *cipher);
+CMS_ContentInfo *
+CMS_AuthEnvelopedData_create_ex(const EVP_CIPHER *cipher, OSSL_LIB_CTX *ctx,
+                                const char *propq);
 CMS_ContentInfo *CMS_EnvelopedData_create(const EVP_CIPHER *cipher);
+CMS_ContentInfo *CMS_EnvelopedData_create_ex(const EVP_CIPHER *cipher,
+                                             OSSL_LIB_CTX *ctx,
+                                             const char *propq);
+
 CMS_RecipientInfo *CMS_add1_recipient_cert(CMS_ContentInfo *cms,
                                           X509 *recip, unsigned int flags);
+CMS_RecipientInfo *CMS_add1_recipient(CMS_ContentInfo *cms, X509 *recip,
+     EVP_PKEY *originatorPrivKey, X509 * originator, unsigned int flags);
 int CMS_RecipientInfo_set0_pkey(CMS_RecipientInfo *ri, EVP_PKEY *pkey);
 int CMS_RecipientInfo_ktri_cert_cmp(CMS_RecipientInfo *ri, X509 *cert);
 int CMS_RecipientInfo_ktri_get0_algs(CMS_RecipientInfo *ri,
@ -197,7 +344,7 @@ CMS_RecipientInfo *CMS_add0_recipient_password(CMS_ContentInfo *cms,
                                               const EVP_CIPHER *kekciph);

 int CMS_RecipientInfo_decrypt(CMS_ContentInfo *cms, CMS_RecipientInfo *ri);
-int CMS_RecipientInfo_encrypt(CMS_ContentInfo *cms, CMS_RecipientInfo *ri);
+int CMS_RecipientInfo_encrypt(const CMS_ContentInfo *cms, CMS_RecipientInfo *ri);

 int CMS_uncompress(CMS_ContentInfo *cms, BIO *dcont, BIO *out,
                   unsigned int flags);
@ -261,7 +408,8 @@ int CMS_signed_add1_attr_by_NID(CMS_SignerInfo *si,
 int CMS_signed_add1_attr_by_txt(CMS_SignerInfo *si,
                                const char *attrname, int type,
                                const void *bytes, int len);
-void *CMS_signed_get0_data_by_OBJ(CMS_SignerInfo *si, const ASN1_OBJECT *oid,
+void *CMS_signed_get0_data_by_OBJ(const CMS_SignerInfo *si,
+                                  const ASN1_OBJECT *oid,
                                  int lastpos, int type);

 int CMS_unsigned_get_attr_count(const CMS_SignerInfo *si);
@ -285,11 +433,16 @@ void *CMS_unsigned_get0_data_by_OBJ(CMS_SignerInfo *si, ASN1_OBJECT *oid,
                                    int lastpos, int type);

 int CMS_get1_ReceiptRequest(CMS_SignerInfo *si, CMS_ReceiptRequest **prr);
-CMS_ReceiptRequest *CMS_ReceiptRequest_create0(unsigned char *id, int idlen,
-                                               int allorfirst,
-                                               STACK_OF(GENERAL_NAMES)
-                                               *receiptList, STACK_OF(GENERAL_NAMES)
-                                               *receiptsTo);
+CMS_ReceiptRequest *CMS_ReceiptRequest_create0(
+    unsigned char *id, int idlen, int allorfirst,
+    STACK_OF(GENERAL_NAMES) *receiptList,
+    STACK_OF(GENERAL_NAMES) *receiptsTo);
+CMS_ReceiptRequest *CMS_ReceiptRequest_create0_ex(
+    unsigned char *id, int idlen, int allorfirst,
+    STACK_OF(GENERAL_NAMES) *receiptList,
+    STACK_OF(GENERAL_NAMES) *receiptsTo,
+    OSSL_LIB_CTX *ctx);
+
 int CMS_add1_ReceiptRequest(CMS_SignerInfo *si, CMS_ReceiptRequest *rr);
 void CMS_ReceiptRequest_get0_values(CMS_ReceiptRequest *rr,
                                    ASN1_STRING **pcid,
@ -319,6 +472,7 @@ int CMS_RecipientEncryptedKey_get0_id(CMS_RecipientEncryptedKey *rek,
 int CMS_RecipientEncryptedKey_cert_cmp(CMS_RecipientEncryptedKey *rek,
                                       X509 *cert);
 int CMS_RecipientInfo_kari_set0_pkey(CMS_RecipientInfo *ri, EVP_PKEY *pk);
+int CMS_RecipientInfo_kari_set0_pkey_and_peer(CMS_RecipientInfo *ri, EVP_PKEY *pk, X509 *peer);
 EVP_CIPHER_CTX *CMS_RecipientInfo_kari_get0_ctx(CMS_RecipientInfo *ri);
 int CMS_RecipientInfo_kari_decrypt(CMS_ContentInfo *cms,
                                   CMS_RecipientInfo *ri,
--- a/src/3rdparty/win32_include/openssl/cmserr.h
+++ b/src/3rdparty/win32_include/openssl/cmserr.h
@ -1,115 +1,24 @@
 /*
 * Generated by util/mkerr.pl DO NOT EDIT
- * Copyright 1995-2019 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 1995-2021 The OpenSSL Project Authors. All Rights Reserved.
 *
- * Licensed under the OpenSSL license (the "License").  You may not use
+ * Licensed under the Apache License 2.0 (the "License").  You may not use
 * this file except in compliance with the License.  You can obtain a copy
 * in the file LICENSE in the source distribution or at
 * https://www.openssl.org/source/license.html
 */

-#ifndef HEADER_CMSERR_H
-# define HEADER_CMSERR_H
-
-# ifndef HEADER_SYMHACKS_H
-#  include <openssl/symhacks.h>
-# endif
+#ifndef OPENSSL_CMSERR_H
+# define OPENSSL_CMSERR_H
+# pragma once

 # include <openssl/opensslconf.h>
+# include <openssl/symhacks.h>
+# include <openssl/cryptoerr_legacy.h>
+

 # ifndef OPENSSL_NO_CMS

-#  ifdef  __cplusplus
-extern "C"
-#  endif
-int ERR_load_CMS_strings(void);
-
-/*
- * CMS function codes.
- */
-#  define CMS_F_CHECK_CONTENT                              99
-#  define CMS_F_CMS_ADD0_CERT                              164
-#  define CMS_F_CMS_ADD0_RECIPIENT_KEY                     100
-#  define CMS_F_CMS_ADD0_RECIPIENT_PASSWORD                165
-#  define CMS_F_CMS_ADD1_RECEIPTREQUEST                    158
-#  define CMS_F_CMS_ADD1_RECIPIENT_CERT                    101
-#  define CMS_F_CMS_ADD1_SIGNER                            102
-#  define CMS_F_CMS_ADD1_SIGNINGTIME                       103
-#  define CMS_F_CMS_COMPRESS                               104
-#  define CMS_F_CMS_COMPRESSEDDATA_CREATE                  105
-#  define CMS_F_CMS_COMPRESSEDDATA_INIT_BIO                106
-#  define CMS_F_CMS_COPY_CONTENT                           107
-#  define CMS_F_CMS_COPY_MESSAGEDIGEST                     108
-#  define CMS_F_CMS_DATA                                   109
-#  define CMS_F_CMS_DATAFINAL                              110
-#  define CMS_F_CMS_DATAINIT                               111
-#  define CMS_F_CMS_DECRYPT                                112
-#  define CMS_F_CMS_DECRYPT_SET1_KEY                       113
-#  define CMS_F_CMS_DECRYPT_SET1_PASSWORD                  166
-#  define CMS_F_CMS_DECRYPT_SET1_PKEY                      114
-#  define CMS_F_CMS_DIGESTALGORITHM_FIND_CTX               115
-#  define CMS_F_CMS_DIGESTALGORITHM_INIT_BIO               116
-#  define CMS_F_CMS_DIGESTEDDATA_DO_FINAL                  117
-#  define CMS_F_CMS_DIGEST_VERIFY                          118
-#  define CMS_F_CMS_ENCODE_RECEIPT                         161
-#  define CMS_F_CMS_ENCRYPT                                119
-#  define CMS_F_CMS_ENCRYPTEDCONTENT_INIT                  179
-#  define CMS_F_CMS_ENCRYPTEDCONTENT_INIT_BIO              120
-#  define CMS_F_CMS_ENCRYPTEDDATA_DECRYPT                  121
-#  define CMS_F_CMS_ENCRYPTEDDATA_ENCRYPT                  122
-#  define CMS_F_CMS_ENCRYPTEDDATA_SET1_KEY                 123
-#  define CMS_F_CMS_ENVELOPEDDATA_CREATE                   124
-#  define CMS_F_CMS_ENVELOPEDDATA_INIT_BIO                 125
-#  define CMS_F_CMS_ENVELOPED_DATA_INIT                    126
-#  define CMS_F_CMS_ENV_ASN1_CTRL                          171
-#  define CMS_F_CMS_FINAL                                  127
-#  define CMS_F_CMS_GET0_CERTIFICATE_CHOICES               128
-#  define CMS_F_CMS_GET0_CONTENT                           129
-#  define CMS_F_CMS_GET0_ECONTENT_TYPE                     130
-#  define CMS_F_CMS_GET0_ENVELOPED                         131
-#  define CMS_F_CMS_GET0_REVOCATION_CHOICES                132
-#  define CMS_F_CMS_GET0_SIGNED                            133
-#  define CMS_F_CMS_MSGSIGDIGEST_ADD1                      162
-#  define CMS_F_CMS_RECEIPTREQUEST_CREATE0                 159
-#  define CMS_F_CMS_RECEIPT_VERIFY                         160
-#  define CMS_F_CMS_RECIPIENTINFO_DECRYPT                  134
-#  define CMS_F_CMS_RECIPIENTINFO_ENCRYPT                  169
-#  define CMS_F_CMS_RECIPIENTINFO_KARI_ENCRYPT             178
-#  define CMS_F_CMS_RECIPIENTINFO_KARI_GET0_ALG            175
-#  define CMS_F_CMS_RECIPIENTINFO_KARI_GET0_ORIG_ID        173
-#  define CMS_F_CMS_RECIPIENTINFO_KARI_GET0_REKS           172
-#  define CMS_F_CMS_RECIPIENTINFO_KARI_ORIG_ID_CMP         174
-#  define CMS_F_CMS_RECIPIENTINFO_KEKRI_DECRYPT            135
-#  define CMS_F_CMS_RECIPIENTINFO_KEKRI_ENCRYPT            136
-#  define CMS_F_CMS_RECIPIENTINFO_KEKRI_GET0_ID            137
-#  define CMS_F_CMS_RECIPIENTINFO_KEKRI_ID_CMP             138
-#  define CMS_F_CMS_RECIPIENTINFO_KTRI_CERT_CMP            139
-#  define CMS_F_CMS_RECIPIENTINFO_KTRI_DECRYPT             140
-#  define CMS_F_CMS_RECIPIENTINFO_KTRI_ENCRYPT             141
-#  define CMS_F_CMS_RECIPIENTINFO_KTRI_GET0_ALGS           142
-#  define CMS_F_CMS_RECIPIENTINFO_KTRI_GET0_SIGNER_ID      143
-#  define CMS_F_CMS_RECIPIENTINFO_PWRI_CRYPT               167
-#  define CMS_F_CMS_RECIPIENTINFO_SET0_KEY                 144
-#  define CMS_F_CMS_RECIPIENTINFO_SET0_PASSWORD            168
-#  define CMS_F_CMS_RECIPIENTINFO_SET0_PKEY                145
-#  define CMS_F_CMS_SD_ASN1_CTRL                           170
-#  define CMS_F_CMS_SET1_IAS                               176
-#  define CMS_F_CMS_SET1_KEYID                             177
-#  define CMS_F_CMS_SET1_SIGNERIDENTIFIER                  146
-#  define CMS_F_CMS_SET_DETACHED                           147
-#  define CMS_F_CMS_SIGN                                   148
-#  define CMS_F_CMS_SIGNED_DATA_INIT                       149
-#  define CMS_F_CMS_SIGNERINFO_CONTENT_SIGN                150
-#  define CMS_F_CMS_SIGNERINFO_SIGN                        151
-#  define CMS_F_CMS_SIGNERINFO_VERIFY                      152
-#  define CMS_F_CMS_SIGNERINFO_VERIFY_CERT                 153
-#  define CMS_F_CMS_SIGNERINFO_VERIFY_CONTENT              154
-#  define CMS_F_CMS_SIGN_RECEIPT                           163
-#  define CMS_F_CMS_SI_CHECK_ATTRIBUTES                    183
-#  define CMS_F_CMS_STREAM                                 155
-#  define CMS_F_CMS_UNCOMPRESS                             156
-#  define CMS_F_CMS_VERIFY                                 157
-#  define CMS_F_KEK_UNWRAP_KEY                             180

 /*
 * CMS reason codes.
@ -119,6 +28,8 @@ int ERR_load_CMS_strings(void);
 #  define CMS_R_CERTIFICATE_ALREADY_PRESENT                175
 #  define CMS_R_CERTIFICATE_HAS_NO_KEYID                   160
 #  define CMS_R_CERTIFICATE_VERIFY_ERROR                   100
+#  define CMS_R_CIPHER_AEAD_SET_TAG_ERROR                  184
+#  define CMS_R_CIPHER_GET_TAG                             185
 #  define CMS_R_CIPHER_INITIALISATION_ERROR                101
 #  define CMS_R_CIPHER_PARAMETER_INITIALISATION_ERROR      102
 #  define CMS_R_CMS_DATAFINAL_ERROR                        103
@ -132,14 +43,19 @@ int ERR_load_CMS_strings(void);
 #  define CMS_R_CONTENT_VERIFY_ERROR                       109
 #  define CMS_R_CTRL_ERROR                                 110
 #  define CMS_R_CTRL_FAILURE                               111
+#  define CMS_R_DECODE_ERROR                               187
 #  define CMS_R_DECRYPT_ERROR                              112
 #  define CMS_R_ERROR_GETTING_PUBLIC_KEY                   113
 #  define CMS_R_ERROR_READING_MESSAGEDIGEST_ATTRIBUTE      114
 #  define CMS_R_ERROR_SETTING_KEY                          115
 #  define CMS_R_ERROR_SETTING_RECIPIENTINFO                116
+#  define CMS_R_ESS_SIGNING_CERTID_MISMATCH_ERROR          183
 #  define CMS_R_INVALID_ENCRYPTED_KEY_LENGTH               117
 #  define CMS_R_INVALID_KEY_ENCRYPTION_PARAMETER           176
 #  define CMS_R_INVALID_KEY_LENGTH                         118
+#  define CMS_R_INVALID_LABEL                              190
+#  define CMS_R_INVALID_OAEP_PARAMETERS                    191
+#  define CMS_R_KDF_PARAMETER_ERROR                        186
 #  define CMS_R_MD_BIO_INIT_ERROR                          119
 #  define CMS_R_MESSAGEDIGEST_ATTRIBUTE_WRONG_LENGTH       120
 #  define CMS_R_MESSAGEDIGEST_WRONG_LENGTH                 121
@ -170,9 +86,11 @@ int ERR_load_CMS_strings(void);
 #  define CMS_R_NO_PUBLIC_KEY                              134
 #  define CMS_R_NO_RECEIPT_REQUEST                         168
 #  define CMS_R_NO_SIGNERS                                 135
+#  define CMS_R_PEER_KEY_ERROR                             188
 #  define CMS_R_PRIVATE_KEY_DOES_NOT_MATCH_CERTIFICATE     136
 #  define CMS_R_RECEIPT_DECODE_ERROR                       169
 #  define CMS_R_RECIPIENT_ERROR                            137
+#  define CMS_R_SHARED_INFO_ERROR                          189
 #  define CMS_R_SIGNER_CERTIFICATE_NOT_FOUND               138
 #  define CMS_R_SIGNFINAL_ERROR                            139
 #  define CMS_R_SMIME_TEXT_ERROR                           140
@ -187,9 +105,12 @@ int ERR_load_CMS_strings(void);
 #  define CMS_R_UNKNOWN_DIGEST_ALGORITHM                   149
 #  define CMS_R_UNKNOWN_ID                                 150
 #  define CMS_R_UNSUPPORTED_COMPRESSION_ALGORITHM          151
+#  define CMS_R_UNSUPPORTED_CONTENT_ENCRYPTION_ALGORITHM   194
 #  define CMS_R_UNSUPPORTED_CONTENT_TYPE                   152
+#  define CMS_R_UNSUPPORTED_ENCRYPTION_TYPE                192
 #  define CMS_R_UNSUPPORTED_KEK_ALGORITHM                  153
 #  define CMS_R_UNSUPPORTED_KEY_ENCRYPTION_ALGORITHM       179
+#  define CMS_R_UNSUPPORTED_LABEL_SOURCE                   193
 #  define CMS_R_UNSUPPORTED_RECIPIENTINFO_TYPE             155
 #  define CMS_R_UNSUPPORTED_RECIPIENT_TYPE                 154
 #  define CMS_R_UNSUPPORTED_TYPE                           156
--- a/src/3rdparty/win32_include/openssl/comp.h
+++ b/src/3rdparty/win32_include/openssl/comp.h
@ -1,14 +1,20 @@
 /*
 * Copyright 2015-2018 The OpenSSL Project Authors. All Rights Reserved.
 *
- * Licensed under the OpenSSL license (the "License").  You may not use
+ * Licensed under the Apache License 2.0 (the "License").  You may not use
 * this file except in compliance with the License.  You can obtain a copy
 * in the file LICENSE in the source distribution or at
 * https://www.openssl.org/source/license.html
 */

-#ifndef HEADER_COMP_H
-# define HEADER_COMP_H
+#ifndef OPENSSL_COMP_H
+# define OPENSSL_COMP_H
+# pragma once
+
+# include <openssl/macros.h>
+# ifndef OPENSSL_NO_DEPRECATED_3_0
+#  define HEADER_COMP_H
+# endif

 # include <openssl/opensslconf.h>

@ -35,11 +41,11 @@ int COMP_expand_block(COMP_CTX *ctx, unsigned char *out, int olen,

 COMP_METHOD *COMP_zlib(void);

-#if OPENSSL_API_COMPAT < 0x10100000L
-#define COMP_zlib_cleanup() while(0) continue
+#ifndef OPENSSL_NO_DEPRECATED_1_1_0
+# define COMP_zlib_cleanup() while(0) continue
 #endif

-# ifdef HEADER_BIO_H
+# ifdef OPENSSL_BIO_H
 #  ifdef ZLIB
 const BIO_METHOD *BIO_f_zlib(void);
 #  endif
--- a/src/3rdparty/win32_include/openssl/comperr.h
+++ b/src/3rdparty/win32_include/openssl/comperr.h
@ -1,37 +1,24 @@
 /*
 * Generated by util/mkerr.pl DO NOT EDIT
- * Copyright 1995-2019 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 1995-2021 The OpenSSL Project Authors. All Rights Reserved.
 *
- * Licensed under the OpenSSL license (the "License").  You may not use
+ * Licensed under the Apache License 2.0 (the "License").  You may not use
 * this file except in compliance with the License.  You can obtain a copy
 * in the file LICENSE in the source distribution or at
 * https://www.openssl.org/source/license.html
 */

-#ifndef HEADER_COMPERR_H
-# define HEADER_COMPERR_H
-
-# ifndef HEADER_SYMHACKS_H
-#  include <openssl/symhacks.h>
-# endif
+#ifndef OPENSSL_COMPERR_H
+# define OPENSSL_COMPERR_H
+# pragma once

 # include <openssl/opensslconf.h>
+# include <openssl/symhacks.h>
+# include <openssl/cryptoerr_legacy.h>
+

 # ifndef OPENSSL_NO_COMP

-#  ifdef  __cplusplus
-extern "C"
-#  endif
-int ERR_load_COMP_strings(void);
-
-/*
- * COMP function codes.
- */
-#  define COMP_F_BIO_ZLIB_FLUSH                            99
-#  define COMP_F_BIO_ZLIB_NEW                              100
-#  define COMP_F_BIO_ZLIB_READ                             101
-#  define COMP_F_BIO_ZLIB_WRITE                            102
-#  define COMP_F_COMP_CTX_NEW                              103

 /*
 * COMP reason codes.
--- a/src/3rdparty/win32_include/openssl/conf.h
+++ b/src/3rdparty/win32_include/openssl/conf.h
@ -1,21 +1,35 @@
 /*
- * Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved.
+ * WARNING: do not edit!
+ * Generated by makefile from include\openssl\conf.h.in
 *
- * Licensed under the OpenSSL license (the "License").  You may not use
+ * Copyright 1995-2022 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the Apache License 2.0 (the "License").  You may not use
 * this file except in compliance with the License.  You can obtain a copy
 * in the file LICENSE in the source distribution or at
 * https://www.openssl.org/source/license.html
 */

-#ifndef  HEADER_CONF_H
-# define HEADER_CONF_H
+
+
+#ifndef  OPENSSL_CONF_H
+# define OPENSSL_CONF_H
+# pragma once
+
+# include <openssl/macros.h>
+# ifndef OPENSSL_NO_DEPRECATED_3_0
+#  define HEADER_CONF_H
+# endif

 # include <openssl/bio.h>
 # include <openssl/lhash.h>
 # include <openssl/safestack.h>
 # include <openssl/e_os2.h>
-# include <openssl/ossl_typ.h>
+# include <openssl/types.h>
 # include <openssl/conferr.h>
+# ifndef OPENSSL_NO_STDIO
+#  include <stdio.h>
+# endif

 #ifdef  __cplusplus
 extern "C" {
@ -27,33 +41,63 @@ typedef struct {
    char *value;
 } CONF_VALUE;

-DEFINE_STACK_OF(CONF_VALUE)
-DEFINE_LHASH_OF(CONF_VALUE);
+SKM_DEFINE_STACK_OF_INTERNAL(CONF_VALUE, CONF_VALUE, CONF_VALUE)
+#define sk_CONF_VALUE_num(sk) OPENSSL_sk_num(ossl_check_const_CONF_VALUE_sk_type(sk))
+#define sk_CONF_VALUE_value(sk, idx) ((CONF_VALUE *)OPENSSL_sk_value(ossl_check_const_CONF_VALUE_sk_type(sk), (idx)))
+#define sk_CONF_VALUE_new(cmp) ((STACK_OF(CONF_VALUE) *)OPENSSL_sk_new(ossl_check_CONF_VALUE_compfunc_type(cmp)))
+#define sk_CONF_VALUE_new_null() ((STACK_OF(CONF_VALUE) *)OPENSSL_sk_new_null())
+#define sk_CONF_VALUE_new_reserve(cmp, n) ((STACK_OF(CONF_VALUE) *)OPENSSL_sk_new_reserve(ossl_check_CONF_VALUE_compfunc_type(cmp), (n)))
+#define sk_CONF_VALUE_reserve(sk, n) OPENSSL_sk_reserve(ossl_check_CONF_VALUE_sk_type(sk), (n))
+#define sk_CONF_VALUE_free(sk) OPENSSL_sk_free(ossl_check_CONF_VALUE_sk_type(sk))
+#define sk_CONF_VALUE_zero(sk) OPENSSL_sk_zero(ossl_check_CONF_VALUE_sk_type(sk))
+#define sk_CONF_VALUE_delete(sk, i) ((CONF_VALUE *)OPENSSL_sk_delete(ossl_check_CONF_VALUE_sk_type(sk), (i)))
+#define sk_CONF_VALUE_delete_ptr(sk, ptr) ((CONF_VALUE *)OPENSSL_sk_delete_ptr(ossl_check_CONF_VALUE_sk_type(sk), ossl_check_CONF_VALUE_type(ptr)))
+#define sk_CONF_VALUE_push(sk, ptr) OPENSSL_sk_push(ossl_check_CONF_VALUE_sk_type(sk), ossl_check_CONF_VALUE_type(ptr))
+#define sk_CONF_VALUE_unshift(sk, ptr) OPENSSL_sk_unshift(ossl_check_CONF_VALUE_sk_type(sk), ossl_check_CONF_VALUE_type(ptr))
+#define sk_CONF_VALUE_pop(sk) ((CONF_VALUE *)OPENSSL_sk_pop(ossl_check_CONF_VALUE_sk_type(sk)))
+#define sk_CONF_VALUE_shift(sk) ((CONF_VALUE *)OPENSSL_sk_shift(ossl_check_CONF_VALUE_sk_type(sk)))
+#define sk_CONF_VALUE_pop_free(sk, freefunc) OPENSSL_sk_pop_free(ossl_check_CONF_VALUE_sk_type(sk),ossl_check_CONF_VALUE_freefunc_type(freefunc))
+#define sk_CONF_VALUE_insert(sk, ptr, idx) OPENSSL_sk_insert(ossl_check_CONF_VALUE_sk_type(sk), ossl_check_CONF_VALUE_type(ptr), (idx))
+#define sk_CONF_VALUE_set(sk, idx, ptr) ((CONF_VALUE *)OPENSSL_sk_set(ossl_check_CONF_VALUE_sk_type(sk), (idx), ossl_check_CONF_VALUE_type(ptr)))
+#define sk_CONF_VALUE_find(sk, ptr) OPENSSL_sk_find(ossl_check_CONF_VALUE_sk_type(sk), ossl_check_CONF_VALUE_type(ptr))
+#define sk_CONF_VALUE_find_ex(sk, ptr) OPENSSL_sk_find_ex(ossl_check_CONF_VALUE_sk_type(sk), ossl_check_CONF_VALUE_type(ptr))
+#define sk_CONF_VALUE_find_all(sk, ptr, pnum) OPENSSL_sk_find_all(ossl_check_CONF_VALUE_sk_type(sk), ossl_check_CONF_VALUE_type(ptr), pnum)
+#define sk_CONF_VALUE_sort(sk) OPENSSL_sk_sort(ossl_check_CONF_VALUE_sk_type(sk))
+#define sk_CONF_VALUE_is_sorted(sk) OPENSSL_sk_is_sorted(ossl_check_const_CONF_VALUE_sk_type(sk))
+#define sk_CONF_VALUE_dup(sk) ((STACK_OF(CONF_VALUE) *)OPENSSL_sk_dup(ossl_check_const_CONF_VALUE_sk_type(sk)))
+#define sk_CONF_VALUE_deep_copy(sk, copyfunc, freefunc) ((STACK_OF(CONF_VALUE) *)OPENSSL_sk_deep_copy(ossl_check_const_CONF_VALUE_sk_type(sk), ossl_check_CONF_VALUE_copyfunc_type(copyfunc), ossl_check_CONF_VALUE_freefunc_type(freefunc)))
+#define sk_CONF_VALUE_set_cmp_func(sk, cmp) ((sk_CONF_VALUE_compfunc)OPENSSL_sk_set_cmp_func(ossl_check_CONF_VALUE_sk_type(sk), ossl_check_CONF_VALUE_compfunc_type(cmp)))
+DEFINE_LHASH_OF_INTERNAL(CONF_VALUE);
+#define lh_CONF_VALUE_new(hfn, cmp) ((LHASH_OF(CONF_VALUE) *)OPENSSL_LH_new(ossl_check_CONF_VALUE_lh_hashfunc_type(hfn), ossl_check_CONF_VALUE_lh_compfunc_type(cmp)))
+#define lh_CONF_VALUE_free(lh) OPENSSL_LH_free(ossl_check_CONF_VALUE_lh_type(lh))
+#define lh_CONF_VALUE_flush(lh) OPENSSL_LH_flush(ossl_check_CONF_VALUE_lh_type(lh))
+#define lh_CONF_VALUE_insert(lh, ptr) ((CONF_VALUE *)OPENSSL_LH_insert(ossl_check_CONF_VALUE_lh_type(lh), ossl_check_CONF_VALUE_lh_plain_type(ptr)))
+#define lh_CONF_VALUE_delete(lh, ptr) ((CONF_VALUE *)OPENSSL_LH_delete(ossl_check_CONF_VALUE_lh_type(lh), ossl_check_const_CONF_VALUE_lh_plain_type(ptr)))
+#define lh_CONF_VALUE_retrieve(lh, ptr) ((CONF_VALUE *)OPENSSL_LH_retrieve(ossl_check_CONF_VALUE_lh_type(lh), ossl_check_const_CONF_VALUE_lh_plain_type(ptr)))
+#define lh_CONF_VALUE_error(lh) OPENSSL_LH_error(ossl_check_CONF_VALUE_lh_type(lh))
+#define lh_CONF_VALUE_num_items(lh) OPENSSL_LH_num_items(ossl_check_CONF_VALUE_lh_type(lh))
+#define lh_CONF_VALUE_node_stats_bio(lh, out) OPENSSL_LH_node_stats_bio(ossl_check_const_CONF_VALUE_lh_type(lh), out)
+#define lh_CONF_VALUE_node_usage_stats_bio(lh, out) OPENSSL_LH_node_usage_stats_bio(ossl_check_const_CONF_VALUE_lh_type(lh), out)
+#define lh_CONF_VALUE_stats_bio(lh, out) OPENSSL_LH_stats_bio(ossl_check_const_CONF_VALUE_lh_type(lh), out)
+#define lh_CONF_VALUE_get_down_load(lh) OPENSSL_LH_get_down_load(ossl_check_CONF_VALUE_lh_type(lh))
+#define lh_CONF_VALUE_set_down_load(lh, dl) OPENSSL_LH_set_down_load(ossl_check_CONF_VALUE_lh_type(lh), dl)
+#define lh_CONF_VALUE_doall(lh, dfn) OPENSSL_LH_doall(ossl_check_CONF_VALUE_lh_type(lh), ossl_check_CONF_VALUE_lh_doallfunc_type(dfn))
+

 struct conf_st;
 struct conf_method_st;
 typedef struct conf_method_st CONF_METHOD;

-struct conf_method_st {
-    const char *name;
-    CONF *(*create) (CONF_METHOD *meth);
-    int (*init) (CONF *conf);
-    int (*destroy) (CONF *conf);
-    int (*destroy_data) (CONF *conf);
-    int (*load_bio) (CONF *conf, BIO *bp, long *eline);
-    int (*dump) (const CONF *conf, BIO *bp);
-    int (*is_number) (const CONF *conf, char c);
-    int (*to_int) (const CONF *conf, char c);
-    int (*load) (CONF *conf, const char *name, long *eline);
-};
+# ifndef OPENSSL_NO_DEPRECATED_3_0
+#  include <openssl/conftypes.h>
+# endif

 /* Module definitions */
-
 typedef struct conf_imodule_st CONF_IMODULE;
 typedef struct conf_module_st CONF_MODULE;

-DEFINE_STACK_OF(CONF_MODULE)
-DEFINE_STACK_OF(CONF_IMODULE)
+STACK_OF(CONF_MODULE);
+STACK_OF(CONF_IMODULE);

 /* DSO module function typedefs */
 typedef int conf_init_func (CONF_IMODULE *md, const CONF *cnf);
@ -87,10 +131,11 @@ void CONF_free(LHASH_OF(CONF_VALUE) *conf);
 int CONF_dump_fp(LHASH_OF(CONF_VALUE) *conf, FILE *out);
 #endif
 int CONF_dump_bio(LHASH_OF(CONF_VALUE) *conf, BIO *out);
+#ifndef OPENSSL_NO_DEPRECATED_1_1_0
+OSSL_DEPRECATEDIN_1_1_0 void OPENSSL_config(const char *config_name);
+#endif

-DEPRECATEDIN_1_1_0(void OPENSSL_config(const char *config_name))
-
-#if OPENSSL_API_COMPAT < 0x10100000L
+#ifndef OPENSSL_NO_DEPRECATED_1_1_0
 # define OPENSSL_no_config() \
    OPENSSL_init_crypto(OPENSSL_INIT_NO_LOAD_CONFIG, NULL)
 #endif
@ -100,15 +145,13 @@ DEPRECATEDIN_1_1_0(void OPENSSL_config(const char *config_name))
 * that wasn't the case, the above functions would have been replaced
 */

-struct conf_st {
-    CONF_METHOD *meth;
-    void *meth_data;
-    LHASH_OF(CONF_VALUE) *data;
-};
-
+CONF *NCONF_new_ex(OSSL_LIB_CTX *libctx, CONF_METHOD *meth);
+OSSL_LIB_CTX *NCONF_get0_libctx(const CONF *conf);
 CONF *NCONF_new(CONF_METHOD *meth);
 CONF_METHOD *NCONF_default(void);
-CONF_METHOD *NCONF_WIN32(void);
+#ifndef OPENSSL_NO_DEPRECATED_3_0
+OSSL_DEPRECATEDIN_3_0 CONF_METHOD *NCONF_WIN32(void);
+#endif
 void NCONF_free(CONF *conf);
 void NCONF_free_data(CONF *conf);

@ -117,6 +160,7 @@ int NCONF_load(CONF *conf, const char *file, long *eline);
 int NCONF_load_fp(CONF *conf, FILE *fp, long *eline);
 # endif
 int NCONF_load_bio(CONF *conf, BIO *bp, long *eline);
+STACK_OF(OPENSSL_CSTRING) *NCONF_get_section_names(const CONF *conf);
 STACK_OF(CONF_VALUE) *NCONF_get_section(const CONF *conf,
                                        const char *section);
 char *NCONF_get_string(const CONF *conf, const char *group, const char *name);
@ -133,11 +177,13 @@ int NCONF_dump_bio(const CONF *conf, BIO *out);

 int CONF_modules_load(const CONF *cnf, const char *appname,
                      unsigned long flags);
+int CONF_modules_load_file_ex(OSSL_LIB_CTX *libctx, const char *filename,
+                              const char *appname, unsigned long flags);
 int CONF_modules_load_file(const char *filename, const char *appname,
                           unsigned long flags);
 void CONF_modules_unload(int all);
 void CONF_modules_finish(void);
-#if OPENSSL_API_COMPAT < 0x10100000L
+#ifndef OPENSSL_NO_DEPRECATED_1_1_0
 # define CONF_modules_free() while(0) continue
 #endif
 int CONF_module_add(const char *name, conf_init_func *ifunc,
--- a/src/3rdparty/win32_include/openssl/conf_api.h
+++ b/src/3rdparty/win32_include/openssl/conf_api.h
@ -1,14 +1,20 @@
 /*
 * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
 *
- * Licensed under the OpenSSL license (the "License").  You may not use
+ * Licensed under the Apache License 2.0 (the "License").  You may not use
 * this file except in compliance with the License.  You can obtain a copy
 * in the file LICENSE in the source distribution or at
 * https://www.openssl.org/source/license.html
 */

-#ifndef  HEADER_CONF_API_H
-# define HEADER_CONF_API_H
+#ifndef  OPENSSL_CONF_API_H
+# define OPENSSL_CONF_API_H
+# pragma once
+
+# include <openssl/macros.h>
+# ifndef OPENSSL_NO_DEPRECATED_3_0
+#  define HEADER_CONF_API_H
+# endif

 # include <openssl/lhash.h>
 # include <openssl/conf.h>
--- a/src/3rdparty/win32_include/openssl/conferr.h
+++ b/src/3rdparty/win32_include/openssl/conferr.h
@ -1,57 +1,30 @@
 /*
 * Generated by util/mkerr.pl DO NOT EDIT
- * Copyright 1995-2019 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 1995-2021 The OpenSSL Project Authors. All Rights Reserved.
 *
- * Licensed under the OpenSSL license (the "License").  You may not use
+ * Licensed under the Apache License 2.0 (the "License").  You may not use
 * this file except in compliance with the License.  You can obtain a copy
 * in the file LICENSE in the source distribution or at
 * https://www.openssl.org/source/license.html
 */

-#ifndef HEADER_CONFERR_H
-# define HEADER_CONFERR_H
+#ifndef OPENSSL_CONFERR_H
+# define OPENSSL_CONFERR_H
+# pragma once

-# ifndef HEADER_SYMHACKS_H
-#  include <openssl/symhacks.h>
-# endif
+# include <openssl/opensslconf.h>
+# include <openssl/symhacks.h>
+# include <openssl/cryptoerr_legacy.h>

-# ifdef  __cplusplus
-extern "C"
-# endif
-int ERR_load_CONF_strings(void);

-/*
- * CONF function codes.
- */
-# define CONF_F_CONF_DUMP_FP                              104
-# define CONF_F_CONF_LOAD                                 100
-# define CONF_F_CONF_LOAD_FP                              103
-# define CONF_F_CONF_PARSE_LIST                           119
-# define CONF_F_DEF_LOAD                                  120
-# define CONF_F_DEF_LOAD_BIO                              121
-# define CONF_F_GET_NEXT_FILE                             107
-# define CONF_F_MODULE_ADD                                122
-# define CONF_F_MODULE_INIT                               115
-# define CONF_F_MODULE_LOAD_DSO                           117
-# define CONF_F_MODULE_RUN                                118
-# define CONF_F_NCONF_DUMP_BIO                            105
-# define CONF_F_NCONF_DUMP_FP                             106
-# define CONF_F_NCONF_GET_NUMBER_E                        112
-# define CONF_F_NCONF_GET_SECTION                         108
-# define CONF_F_NCONF_GET_STRING                          109
-# define CONF_F_NCONF_LOAD                                113
-# define CONF_F_NCONF_LOAD_BIO                            110
-# define CONF_F_NCONF_LOAD_FP                             114
-# define CONF_F_NCONF_NEW                                 111
-# define CONF_F_PROCESS_INCLUDE                           116
-# define CONF_F_SSL_MODULE_INIT                           123
-# define CONF_F_STR_COPY                                  101

 /*
 * CONF reason codes.
 */
 # define CONF_R_ERROR_LOADING_DSO                         110
+# define CONF_R_INVALID_PRAGMA                            122
 # define CONF_R_LIST_CANNOT_BE_NULL                       115
+# define CONF_R_MANDATORY_BRACES_IN_VARIABLE_EXPANSION    123
 # define CONF_R_MISSING_CLOSE_SQUARE_BRACKET              100
 # define CONF_R_MISSING_EQUAL_SIGN                        101
 # define CONF_R_MISSING_INIT_FUNCTION                     112
@ -63,7 +36,9 @@ int ERR_load_CONF_strings(void);
 # define CONF_R_NO_SUCH_FILE                              114
 # define CONF_R_NO_VALUE                                  108
 # define CONF_R_NUMBER_TOO_LARGE                          121
+# define CONF_R_OPENSSL_CONF_REFERENCES_MISSING_SECTION   124
 # define CONF_R_RECURSIVE_DIRECTORY_INCLUDE               111
+# define CONF_R_RELATIVE_PATH                             125
 # define CONF_R_SSL_COMMAND_SECTION_EMPTY                 117
 # define CONF_R_SSL_COMMAND_SECTION_NOT_FOUND             118
 # define CONF_R_SSL_SECTION_EMPTY                         119
--- a/src/3rdparty/win32_include/openssl/configuration.h
+++ b/src/3rdparty/win32_include/openssl/configuration.h
@ -0,0 +1,134 @@
+/*
+ * WARNING: do not edit!
+ * Generated by configdata.pm from Configurations\common0.tmpl, Configurations\windows-makefile.tmpl
+ * via makefile.in
+ *
+ * Copyright 2016-2021 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the Apache License 2.0 (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#ifndef OPENSSL_CONFIGURATION_H
+# define OPENSSL_CONFIGURATION_H
+# pragma once
+
+# ifdef  __cplusplus
+extern "C" {
+# endif
+
+# ifdef OPENSSL_ALGORITHM_DEFINES
+#  error OPENSSL_ALGORITHM_DEFINES no longer supported
+# endif
+
+/*
+ * OpenSSL was configured with the following options:
+ */
+
+# ifndef OPENSSL_SYS_WIN64A
+#  define OPENSSL_SYS_WIN64A 1
+# endif
+# define OPENSSL_CONFIGURED_API 30100
+# ifndef OPENSSL_RAND_SEED_OS
+#  define OPENSSL_RAND_SEED_OS
+# endif
+# ifndef OPENSSL_THREADS
+#  define OPENSSL_THREADS
+# endif
+# ifndef OPENSSL_NO_ACVP_TESTS
+#  define OPENSSL_NO_ACVP_TESTS
+# endif
+# ifndef OPENSSL_NO_AFALGENG
+#  define OPENSSL_NO_AFALGENG
+# endif
+# ifndef OPENSSL_NO_ASAN
+#  define OPENSSL_NO_ASAN
+# endif
+# ifndef OPENSSL_NO_CRYPTO_MDEBUG
+#  define OPENSSL_NO_CRYPTO_MDEBUG
+# endif
+# ifndef OPENSSL_NO_CRYPTO_MDEBUG_BACKTRACE
+#  define OPENSSL_NO_CRYPTO_MDEBUG_BACKTRACE
+# endif
+# ifndef OPENSSL_NO_DEVCRYPTOENG
+#  define OPENSSL_NO_DEVCRYPTOENG
+# endif
+# ifndef OPENSSL_NO_EC_NISTP_64_GCC_128
+#  define OPENSSL_NO_EC_NISTP_64_GCC_128
+# endif
+# ifndef OPENSSL_NO_EGD
+#  define OPENSSL_NO_EGD
+# endif
+# ifndef OPENSSL_NO_EXTERNAL_TESTS
+#  define OPENSSL_NO_EXTERNAL_TESTS
+# endif
+# ifndef OPENSSL_NO_FIPS_SECURITYCHECKS
+#  define OPENSSL_NO_FIPS_SECURITYCHECKS
+# endif
+# ifndef OPENSSL_NO_FUZZ_AFL
+#  define OPENSSL_NO_FUZZ_AFL
+# endif
+# ifndef OPENSSL_NO_FUZZ_LIBFUZZER
+#  define OPENSSL_NO_FUZZ_LIBFUZZER
+# endif
+# ifndef OPENSSL_NO_KTLS
+#  define OPENSSL_NO_KTLS
+# endif
+# ifndef OPENSSL_NO_MD2
+#  define OPENSSL_NO_MD2
+# endif
+# ifndef OPENSSL_NO_MSAN
+#  define OPENSSL_NO_MSAN
+# endif
+# ifndef OPENSSL_NO_RC5
+#  define OPENSSL_NO_RC5
+# endif
+# ifndef OPENSSL_NO_SCTP
+#  define OPENSSL_NO_SCTP
+# endif
+# ifndef OPENSSL_NO_SSL3
+#  define OPENSSL_NO_SSL3
+# endif
+# ifndef OPENSSL_NO_SSL3_METHOD
+#  define OPENSSL_NO_SSL3_METHOD
+# endif
+# ifndef OPENSSL_NO_TRACE
+#  define OPENSSL_NO_TRACE
+# endif
+# ifndef OPENSSL_NO_UBSAN
+#  define OPENSSL_NO_UBSAN
+# endif
+# ifndef OPENSSL_NO_UNIT_TEST
+#  define OPENSSL_NO_UNIT_TEST
+# endif
+# ifndef OPENSSL_NO_WEAK_SSL_CIPHERS
+#  define OPENSSL_NO_WEAK_SSL_CIPHERS
+# endif
+# ifndef OPENSSL_NO_STATIC_ENGINE
+#  define OPENSSL_NO_STATIC_ENGINE
+# endif
+
+
+/* Generate 80386 code? */
+# undef I386_ONLY
+
+/*
+ * The following are cipher-specific, but are part of the public API.
+ */
+# if !defined(OPENSSL_SYS_UEFI)
+#  undef BN_LLONG
+/* Only one for the following should be defined */
+#  undef SIXTY_FOUR_BIT_LONG
+#  define SIXTY_FOUR_BIT
+#  undef THIRTY_TWO_BIT
+# endif
+
+# define RC4_INT unsigned int
+
+# ifdef  __cplusplus
+}
+# endif
+
+#endif                          /* OPENSSL_CONFIGURATION_H */
--- a/src/3rdparty/win32_include/openssl/conftypes.h
+++ b/src/3rdparty/win32_include/openssl/conftypes.h
@ -0,0 +1,44 @@
+/*
+ * Copyright 1995-2021 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the Apache License 2.0 (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#ifndef  OPENSSL_CONFTYPES_H
+# define OPENSSL_CONFTYPES_H
+# pragma once
+
+#ifndef  OPENSSL_CONF_H
+# include <openssl/conf.h>
+#endif
+
+/*
+ * The contents of this file are deprecated and will be made opaque
+ */
+struct conf_method_st {
+    const char *name;
+    CONF *(*create) (CONF_METHOD *meth);
+    int (*init) (CONF *conf);
+    int (*destroy) (CONF *conf);
+    int (*destroy_data) (CONF *conf);
+    int (*load_bio) (CONF *conf, BIO *bp, long *eline);
+    int (*dump) (const CONF *conf, BIO *bp);
+    int (*is_number) (const CONF *conf, char c);
+    int (*to_int) (const CONF *conf, char c);
+    int (*load) (CONF *conf, const char *name, long *eline);
+};
+
+struct conf_st {
+    CONF_METHOD *meth;
+    void *meth_data;
+    LHASH_OF(CONF_VALUE) *data;
+    int flag_dollarid;
+    int flag_abspath;
+    char *includedir;
+    OSSL_LIB_CTX *libctx;
+};
+
+#endif
--- a/src/3rdparty/win32_include/openssl/core.h
+++ b/src/3rdparty/win32_include/openssl/core.h
@ -0,0 +1,233 @@
+/*
+ * Copyright 2019-2021 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the Apache License 2.0 (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#ifndef OPENSSL_CORE_H
+# define OPENSSL_CORE_H
+# pragma once
+
+# include <stddef.h>
+# include <openssl/types.h>
+
+# ifdef __cplusplus
+extern "C" {
+# endif
+
+/*-
+ * Base types
+ * ----------
+ *
+ * These are the types that the OpenSSL core and providers have in common
+ * to communicate data between them.
+ */
+
+/* Opaque handles to be used with core upcall functions from providers */
+typedef struct ossl_core_handle_st OSSL_CORE_HANDLE;
+typedef struct openssl_core_ctx_st OPENSSL_CORE_CTX;
+typedef struct ossl_core_bio_st OSSL_CORE_BIO;
+
+/*
+ * Dispatch table element.  function_id numbers and the functions are defined
+ * in core_dispatch.h, see macros with 'OSSL_CORE_MAKE_FUNC' in their names.
+ *
+ * An array of these is always terminated by function_id == 0
+ */
+struct ossl_dispatch_st {
+    int function_id;
+    void (*function)(void);
+};
+
+/*
+ * Other items, essentially an int<->pointer map element.
+ *
+ * We make this type distinct from OSSL_DISPATCH to ensure that dispatch
+ * tables remain tables with function pointers only.
+ *
+ * This is used whenever we need to pass things like a table of error reason
+ * codes <-> reason string maps, ...
+ *
+ * Usage determines which field works as key if any, rather than field order.
+ *
+ * An array of these is always terminated by id == 0 && ptr == NULL
+ */
+struct ossl_item_st {
+    unsigned int id;
+    void *ptr;
+};
+
+/*
+ * Type to tie together algorithm names, property definition string and
+ * the algorithm implementation in the form of a dispatch table.
+ *
+ * An array of these is always terminated by algorithm_names == NULL
+ */
+struct ossl_algorithm_st {
+    const char *algorithm_names;     /* key */
+    const char *property_definition; /* key */
+    const OSSL_DISPATCH *implementation;
+    const char *algorithm_description;
+};
+
+/*
+ * Type to pass object data in a uniform way, without exposing the object
+ * structure.
+ *
+ * An array of these is always terminated by key == NULL
+ */
+struct ossl_param_st {
+    const char *key;             /* the name of the parameter */
+    unsigned int data_type;      /* declare what kind of content is in buffer */
+    void *data;                  /* value being passed in or out */
+    size_t data_size;            /* data size */
+    size_t return_size;          /* returned content size */
+};
+
+/* Currently supported OSSL_PARAM data types */
+/*
+ * OSSL_PARAM_INTEGER and OSSL_PARAM_UNSIGNED_INTEGER
+ * are arbitrary length and therefore require an arbitrarily sized buffer,
+ * since they may be used to pass numbers larger than what is natively
+ * available.
+ *
+ * The number must be buffered in native form, i.e. MSB first on B_ENDIAN
+ * systems and LSB first on L_ENDIAN systems.  This means that arbitrary
+ * native integers can be stored in the buffer, just make sure that the
+ * buffer size is correct and the buffer itself is properly aligned (for
+ * example by having the buffer field point at a C integer).
+ */
+# define OSSL_PARAM_INTEGER              1
+# define OSSL_PARAM_UNSIGNED_INTEGER     2
+/*-
+ * OSSL_PARAM_REAL
+ * is a C binary floating point values in native form and alignment.
+ */
+# define OSSL_PARAM_REAL                 3
+/*-
+ * OSSL_PARAM_UTF8_STRING
+ * is a printable string.  It is expected to be printed as it is.
+ */
+# define OSSL_PARAM_UTF8_STRING          4
+/*-
+ * OSSL_PARAM_OCTET_STRING
+ * is a string of bytes with no further specification.  It is expected to be
+ * printed as a hexdump.
+ */
+# define OSSL_PARAM_OCTET_STRING         5
+/*-
+ * OSSL_PARAM_UTF8_PTR
+ * is a pointer to a printable string.  It is expected to be printed as it is.
+ *
+ * The difference between this and OSSL_PARAM_UTF8_STRING is that only pointers
+ * are manipulated for this type.
+ *
+ * This is more relevant for parameter requests, where the responding
+ * function doesn't need to copy the data to the provided buffer, but
+ * sets the provided buffer to point at the actual data instead.
+ *
+ * WARNING!  Using these is FRAGILE, as it assumes that the actual
+ * data and its location are constant.
+ *
+ * EXTRA WARNING!  If you are not completely sure you most likely want
+ * to use the OSSL_PARAM_UTF8_STRING type.
+ */
+# define OSSL_PARAM_UTF8_PTR             6
+/*-
+ * OSSL_PARAM_OCTET_PTR
+ * is a pointer to a string of bytes with no further specification.  It is
+ * expected to be printed as a hexdump.
+ *
+ * The difference between this and OSSL_PARAM_OCTET_STRING is that only pointers
+ * are manipulated for this type.
+ *
+ * This is more relevant for parameter requests, where the responding
+ * function doesn't need to copy the data to the provided buffer, but
+ * sets the provided buffer to point at the actual data instead.
+ *
+ * WARNING!  Using these is FRAGILE, as it assumes that the actual
+ * data and its location are constant.
+ *
+ * EXTRA WARNING!  If you are not completely sure you most likely want
+ * to use the OSSL_PARAM_OCTET_STRING type.
+ */
+# define OSSL_PARAM_OCTET_PTR            7
+
+/*
+ * Typedef for the thread stop handling callback. Used both internally and by
+ * providers.
+ *
+ * Providers may register for notifications about threads stopping by
+ * registering a callback to hear about such events. Providers register the
+ * callback using the OSSL_FUNC_CORE_THREAD_START function in the |in| dispatch
+ * table passed to OSSL_provider_init(). The arg passed back to a provider will
+ * be the provider side context object.
+ */
+typedef void (*OSSL_thread_stop_handler_fn)(void *arg);
+
+
+/*-
+ * Provider entry point
+ * --------------------
+ *
+ * This function is expected to be present in any dynamically loadable
+ * provider module.  By definition, if this function doesn't exist in a
+ * module, that module is not an OpenSSL provider module.
+ */
+/*-
+ * |handle|     pointer to opaque type OSSL_CORE_HANDLE.  This can be used
+ *              together with some functions passed via |in| to query data.
+ * |in|         is the array of functions that the Core passes to the provider.
+ * |out|        will be the array of base functions that the provider passes
+ *              back to the Core.
+ * |provctx|    a provider side context object, optionally created if the
+ *              provider needs it.  This value is passed to other provider
+ *              functions, notably other context constructors.
+ */
+typedef int (OSSL_provider_init_fn)(const OSSL_CORE_HANDLE *handle,
+                                    const OSSL_DISPATCH *in,
+                                    const OSSL_DISPATCH **out,
+                                    void **provctx);
+# ifdef __VMS
+#  pragma names save
+#  pragma names uppercase,truncated
+# endif
+OPENSSL_EXPORT OSSL_provider_init_fn OSSL_provider_init;
+# ifdef __VMS
+#  pragma names restore
+# endif
+
+/*
+ * Generic callback function signature.
+ *
+ * The expectation is that any provider function that wants to offer
+ * a callback / hook can do so by taking an argument with this type,
+ * as well as a pointer to caller-specific data.  When calling the
+ * callback, the provider function can populate an OSSL_PARAM array
+ * with data of its choice and pass that in the callback call, along
+ * with the caller data argument.
+ *
+ * libcrypto may use the OSSL_PARAM array to create arguments for an
+ * application callback it knows about.
+ */
+typedef int (OSSL_CALLBACK)(const OSSL_PARAM params[], void *arg);
+typedef int (OSSL_INOUT_CALLBACK)(const OSSL_PARAM in_params[],
+                                  OSSL_PARAM out_params[], void *arg);
+/*
+ * Passphrase callback function signature
+ *
+ * This is similar to the generic callback function above, but adds a
+ * result parameter.
+ */
+typedef int (OSSL_PASSPHRASE_CALLBACK)(char *pass, size_t pass_size,
+                                       size_t *pass_len,
+                                       const OSSL_PARAM params[], void *arg);
+
+# ifdef __cplusplus
+}
+# endif
+
+#endif
--- a/src/3rdparty/win32_include/openssl/core_dispatch.h
+++ b/src/3rdparty/win32_include/openssl/core_dispatch.h
@ -0,0 +1,943 @@
+/*
+ * Copyright 2019-2022 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the Apache License 2.0 (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#ifndef OPENSSL_CORE_NUMBERS_H
+# define OPENSSL_CORE_NUMBERS_H
+# pragma once
+
+# include <stdarg.h>
+# include <openssl/core.h>
+
+# ifdef __cplusplus
+extern "C" {
+# endif
+
+/*-
+ * Identities
+ * ----------
+ *
+ * All series start with 1, to allow 0 to be an array terminator.
+ * For any FUNC identity, we also provide a function signature typedef
+ * and a static inline function to extract a function pointer from a
+ * OSSL_DISPATCH element in a type safe manner.
+ *
+ * Names:
+ * for any function base name 'foo' (uppercase form 'FOO'), we will have
+ * the following:
+ * - a macro for the identity with the name OSSL_FUNC_'FOO' or derivatives
+ *   thereof (to be specified further down)
+ * - a function signature typedef with the name OSSL_FUNC_'foo'_fn
+ * - a function pointer extractor function with the name OSSL_FUNC_'foo'
+ */
+
+/*
+ * Helper macro to create the function signature typedef and the extractor
+ * |type| is the return-type of the function, |name| is the name of the
+ * function to fetch, and |args| is a parenthesized list of parameters
+ * for the function (that is, it is |name|'s function signature).
+ * Note: This is considered a "reserved" internal macro. Applications should
+ * not use this or assume its existence.
+ */
+#define OSSL_CORE_MAKE_FUNC(type,name,args)                             \
+    typedef type (OSSL_FUNC_##name##_fn)args;                           \
+    static ossl_unused ossl_inline \
+    OSSL_FUNC_##name##_fn *OSSL_FUNC_##name(const OSSL_DISPATCH *opf)   \
+    {                                                                   \
+        return (OSSL_FUNC_##name##_fn *)opf->function;                  \
+    }
+
+/*
+ * Core function identities, for the two OSSL_DISPATCH tables being passed
+ * in the OSSL_provider_init call.
+ *
+ * 0 serves as a marker for the end of the OSSL_DISPATCH array, and must
+ * therefore NEVER be used as a function identity.
+ */
+/* Functions provided by the Core to the provider, reserved numbers 1-1023 */
+# define OSSL_FUNC_CORE_GETTABLE_PARAMS        1
+OSSL_CORE_MAKE_FUNC(const OSSL_PARAM *,
+                    core_gettable_params,(const OSSL_CORE_HANDLE *prov))
+# define OSSL_FUNC_CORE_GET_PARAMS             2
+OSSL_CORE_MAKE_FUNC(int,core_get_params,(const OSSL_CORE_HANDLE *prov,
+                                         OSSL_PARAM params[]))
+# define OSSL_FUNC_CORE_THREAD_START           3
+OSSL_CORE_MAKE_FUNC(int,core_thread_start,(const OSSL_CORE_HANDLE *prov,
+                                           OSSL_thread_stop_handler_fn handfn,
+                                           void *arg))
+# define OSSL_FUNC_CORE_GET_LIBCTX             4
+OSSL_CORE_MAKE_FUNC(OPENSSL_CORE_CTX *,core_get_libctx,
+                    (const OSSL_CORE_HANDLE *prov))
+# define OSSL_FUNC_CORE_NEW_ERROR              5
+OSSL_CORE_MAKE_FUNC(void,core_new_error,(const OSSL_CORE_HANDLE *prov))
+# define OSSL_FUNC_CORE_SET_ERROR_DEBUG        6
+OSSL_CORE_MAKE_FUNC(void,core_set_error_debug,
+                    (const OSSL_CORE_HANDLE *prov,
+                     const char *file, int line, const char *func))
+# define OSSL_FUNC_CORE_VSET_ERROR             7
+OSSL_CORE_MAKE_FUNC(void,core_vset_error,
+                    (const OSSL_CORE_HANDLE *prov,
+                     uint32_t reason, const char *fmt, va_list args))
+# define OSSL_FUNC_CORE_SET_ERROR_MARK         8
+OSSL_CORE_MAKE_FUNC(int, core_set_error_mark, (const OSSL_CORE_HANDLE *prov))
+# define OSSL_FUNC_CORE_CLEAR_LAST_ERROR_MARK  9
+OSSL_CORE_MAKE_FUNC(int, core_clear_last_error_mark,
+                    (const OSSL_CORE_HANDLE *prov))
+# define OSSL_FUNC_CORE_POP_ERROR_TO_MARK     10
+OSSL_CORE_MAKE_FUNC(int, core_pop_error_to_mark, (const OSSL_CORE_HANDLE *prov))
+
+
+/* Functions to access the OBJ database */
+
+#define OSSL_FUNC_CORE_OBJ_ADD_SIGID          11
+#define OSSL_FUNC_CORE_OBJ_CREATE             12
+
+OSSL_CORE_MAKE_FUNC(int, core_obj_add_sigid,
+                    (const OSSL_CORE_HANDLE *prov, const char  *sign_name,
+                     const char *digest_name, const char *pkey_name))
+OSSL_CORE_MAKE_FUNC(int, core_obj_create,
+                    (const OSSL_CORE_HANDLE *prov, const char *oid,
+                     const char *sn, const char *ln))
+
+/* Memory allocation, freeing, clearing. */
+#define OSSL_FUNC_CRYPTO_MALLOC               20
+OSSL_CORE_MAKE_FUNC(void *,
+        CRYPTO_malloc, (size_t num, const char *file, int line))
+#define OSSL_FUNC_CRYPTO_ZALLOC               21
+OSSL_CORE_MAKE_FUNC(void *,
+        CRYPTO_zalloc, (size_t num, const char *file, int line))
+#define OSSL_FUNC_CRYPTO_FREE                 22
+OSSL_CORE_MAKE_FUNC(void,
+        CRYPTO_free, (void *ptr, const char *file, int line))
+#define OSSL_FUNC_CRYPTO_CLEAR_FREE           23
+OSSL_CORE_MAKE_FUNC(void,
+        CRYPTO_clear_free, (void *ptr, size_t num, const char *file, int line))
+#define OSSL_FUNC_CRYPTO_REALLOC              24
+OSSL_CORE_MAKE_FUNC(void *,
+        CRYPTO_realloc, (void *addr, size_t num, const char *file, int line))
+#define OSSL_FUNC_CRYPTO_CLEAR_REALLOC        25
+OSSL_CORE_MAKE_FUNC(void *,
+        CRYPTO_clear_realloc, (void *addr, size_t old_num, size_t num,
+                               const char *file, int line))
+#define OSSL_FUNC_CRYPTO_SECURE_MALLOC        26
+OSSL_CORE_MAKE_FUNC(void *,
+        CRYPTO_secure_malloc, (size_t num, const char *file, int line))
+#define OSSL_FUNC_CRYPTO_SECURE_ZALLOC        27
+OSSL_CORE_MAKE_FUNC(void *,
+        CRYPTO_secure_zalloc, (size_t num, const char *file, int line))
+#define OSSL_FUNC_CRYPTO_SECURE_FREE          28
+OSSL_CORE_MAKE_FUNC(void,
+        CRYPTO_secure_free, (void *ptr, const char *file, int line))
+#define OSSL_FUNC_CRYPTO_SECURE_CLEAR_FREE    29
+OSSL_CORE_MAKE_FUNC(void,
+        CRYPTO_secure_clear_free, (void *ptr, size_t num, const char *file,
+                                   int line))
+#define OSSL_FUNC_CRYPTO_SECURE_ALLOCATED     30
+OSSL_CORE_MAKE_FUNC(int,
+        CRYPTO_secure_allocated, (const void *ptr))
+#define OSSL_FUNC_OPENSSL_CLEANSE             31
+OSSL_CORE_MAKE_FUNC(void,
+        OPENSSL_cleanse, (void *ptr, size_t len))
+
+/* Bio functions provided by the core */
+#define OSSL_FUNC_BIO_NEW_FILE                40
+#define OSSL_FUNC_BIO_NEW_MEMBUF              41
+#define OSSL_FUNC_BIO_READ_EX                 42
+#define OSSL_FUNC_BIO_WRITE_EX                43
+#define OSSL_FUNC_BIO_UP_REF                  44
+#define OSSL_FUNC_BIO_FREE                    45
+#define OSSL_FUNC_BIO_VPRINTF                 46
+#define OSSL_FUNC_BIO_VSNPRINTF               47
+#define OSSL_FUNC_BIO_PUTS                    48
+#define OSSL_FUNC_BIO_GETS                    49
+#define OSSL_FUNC_BIO_CTRL                    50
+
+
+OSSL_CORE_MAKE_FUNC(OSSL_CORE_BIO *, BIO_new_file, (const char *filename,
+                                                    const char *mode))
+OSSL_CORE_MAKE_FUNC(OSSL_CORE_BIO *, BIO_new_membuf, (const void *buf, int len))
+OSSL_CORE_MAKE_FUNC(int, BIO_read_ex, (OSSL_CORE_BIO *bio, void *data,
+                                       size_t data_len, size_t *bytes_read))
+OSSL_CORE_MAKE_FUNC(int, BIO_write_ex, (OSSL_CORE_BIO *bio, const void *data,
+                                        size_t data_len, size_t *written))
+OSSL_CORE_MAKE_FUNC(int, BIO_gets, (OSSL_CORE_BIO *bio, char *buf, int size))
+OSSL_CORE_MAKE_FUNC(int, BIO_puts, (OSSL_CORE_BIO *bio, const char *str))
+OSSL_CORE_MAKE_FUNC(int, BIO_up_ref, (OSSL_CORE_BIO *bio))
+OSSL_CORE_MAKE_FUNC(int, BIO_free, (OSSL_CORE_BIO *bio))
+OSSL_CORE_MAKE_FUNC(int, BIO_vprintf, (OSSL_CORE_BIO *bio, const char *format,
+                                       va_list args))
+OSSL_CORE_MAKE_FUNC(int, BIO_vsnprintf,
+                   (char *buf, size_t n, const char *fmt, va_list args))
+OSSL_CORE_MAKE_FUNC(int, BIO_ctrl, (OSSL_CORE_BIO *bio,
+                                    int cmd, long num, void *ptr))
+
+#define OSSL_FUNC_SELF_TEST_CB               100
+OSSL_CORE_MAKE_FUNC(void, self_test_cb, (OPENSSL_CORE_CTX *ctx, OSSL_CALLBACK **cb,
+                                         void **cbarg))
+
+/* Functions to get seed material from the operating system */
+#define OSSL_FUNC_GET_ENTROPY                101
+#define OSSL_FUNC_CLEANUP_ENTROPY            102
+#define OSSL_FUNC_GET_NONCE                  103
+#define OSSL_FUNC_CLEANUP_NONCE              104
+OSSL_CORE_MAKE_FUNC(size_t, get_entropy, (const OSSL_CORE_HANDLE *handle,
+                                          unsigned char **pout, int entropy,
+                                          size_t min_len, size_t max_len))
+OSSL_CORE_MAKE_FUNC(void, cleanup_entropy, (const OSSL_CORE_HANDLE *handle,
+                                            unsigned char *buf, size_t len))
+OSSL_CORE_MAKE_FUNC(size_t, get_nonce, (const OSSL_CORE_HANDLE *handle,
+                                        unsigned char **pout, size_t min_len,
+                                        size_t max_len, const void *salt,
+                                        size_t salt_len))
+OSSL_CORE_MAKE_FUNC(void, cleanup_nonce, (const OSSL_CORE_HANDLE *handle,
+                                          unsigned char *buf, size_t len))
+
+/* Functions to access the core's providers */
+#define OSSL_FUNC_PROVIDER_REGISTER_CHILD_CB   105
+#define OSSL_FUNC_PROVIDER_DEREGISTER_CHILD_CB 106
+#define OSSL_FUNC_PROVIDER_NAME                107
+#define OSSL_FUNC_PROVIDER_GET0_PROVIDER_CTX   108
+#define OSSL_FUNC_PROVIDER_GET0_DISPATCH       109
+#define OSSL_FUNC_PROVIDER_UP_REF              110
+#define OSSL_FUNC_PROVIDER_FREE                111
+
+OSSL_CORE_MAKE_FUNC(int, provider_register_child_cb,
+                    (const OSSL_CORE_HANDLE *handle,
+                     int (*create_cb)(const OSSL_CORE_HANDLE *provider, void *cbdata),
+                     int (*remove_cb)(const OSSL_CORE_HANDLE *provider, void *cbdata),
+                     int (*global_props_cb)(const char *props, void *cbdata),
+                     void *cbdata))
+OSSL_CORE_MAKE_FUNC(void, provider_deregister_child_cb,
+                    (const OSSL_CORE_HANDLE *handle))
+OSSL_CORE_MAKE_FUNC(const char *, provider_name,
+                    (const OSSL_CORE_HANDLE *prov))
+OSSL_CORE_MAKE_FUNC(void *, provider_get0_provider_ctx,
+                    (const OSSL_CORE_HANDLE *prov))
+OSSL_CORE_MAKE_FUNC(const OSSL_DISPATCH *, provider_get0_dispatch,
+                    (const OSSL_CORE_HANDLE *prov))
+OSSL_CORE_MAKE_FUNC(int, provider_up_ref,
+                    (const OSSL_CORE_HANDLE *prov, int activate))
+OSSL_CORE_MAKE_FUNC(int, provider_free,
+                    (const OSSL_CORE_HANDLE *prov, int deactivate))
+
+/* Functions provided by the provider to the Core, reserved numbers 1024-1535 */
+# define OSSL_FUNC_PROVIDER_TEARDOWN           1024
+OSSL_CORE_MAKE_FUNC(void,provider_teardown,(void *provctx))
+# define OSSL_FUNC_PROVIDER_GETTABLE_PARAMS    1025
+OSSL_CORE_MAKE_FUNC(const OSSL_PARAM *,
+                    provider_gettable_params,(void *provctx))
+# define OSSL_FUNC_PROVIDER_GET_PARAMS         1026
+OSSL_CORE_MAKE_FUNC(int,provider_get_params,(void *provctx,
+                                             OSSL_PARAM params[]))
+# define OSSL_FUNC_PROVIDER_QUERY_OPERATION    1027
+OSSL_CORE_MAKE_FUNC(const OSSL_ALGORITHM *,provider_query_operation,
+                    (void *provctx, int operation_id, int *no_store))
+# define OSSL_FUNC_PROVIDER_UNQUERY_OPERATION  1028
+OSSL_CORE_MAKE_FUNC(void, provider_unquery_operation,
+                    (void *provctx, int operation_id, const OSSL_ALGORITHM *))
+# define OSSL_FUNC_PROVIDER_GET_REASON_STRINGS 1029
+OSSL_CORE_MAKE_FUNC(const OSSL_ITEM *,provider_get_reason_strings,
+                    (void *provctx))
+# define OSSL_FUNC_PROVIDER_GET_CAPABILITIES   1030
+OSSL_CORE_MAKE_FUNC(int, provider_get_capabilities, (void *provctx,
+                    const char *capability, OSSL_CALLBACK *cb, void *arg))
+# define OSSL_FUNC_PROVIDER_SELF_TEST          1031
+OSSL_CORE_MAKE_FUNC(int, provider_self_test, (void *provctx))
+
+/* Operations */
+
+# define OSSL_OP_DIGEST                              1
+# define OSSL_OP_CIPHER                              2   /* Symmetric Ciphers */
+# define OSSL_OP_MAC                                 3
+# define OSSL_OP_KDF                                 4
+# define OSSL_OP_RAND                                5
+# define OSSL_OP_KEYMGMT                            10
+# define OSSL_OP_KEYEXCH                            11
+# define OSSL_OP_SIGNATURE                          12
+# define OSSL_OP_ASYM_CIPHER                        13
+# define OSSL_OP_KEM                                14
+/* New section for non-EVP operations */
+# define OSSL_OP_ENCODER                            20
+# define OSSL_OP_DECODER                            21
+# define OSSL_OP_STORE                              22
+/* Highest known operation number */
+# define OSSL_OP__HIGHEST                           22
+
+/* Digests */
+
+# define OSSL_FUNC_DIGEST_NEWCTX                     1
+# define OSSL_FUNC_DIGEST_INIT                       2
+# define OSSL_FUNC_DIGEST_UPDATE                     3
+# define OSSL_FUNC_DIGEST_FINAL                      4
+# define OSSL_FUNC_DIGEST_DIGEST                     5
+# define OSSL_FUNC_DIGEST_FREECTX                    6
+# define OSSL_FUNC_DIGEST_DUPCTX                     7
+# define OSSL_FUNC_DIGEST_GET_PARAMS                 8
+# define OSSL_FUNC_DIGEST_SET_CTX_PARAMS             9
+# define OSSL_FUNC_DIGEST_GET_CTX_PARAMS            10
+# define OSSL_FUNC_DIGEST_GETTABLE_PARAMS           11
+# define OSSL_FUNC_DIGEST_SETTABLE_CTX_PARAMS       12
+# define OSSL_FUNC_DIGEST_GETTABLE_CTX_PARAMS       13
+
+OSSL_CORE_MAKE_FUNC(void *, digest_newctx, (void *provctx))
+OSSL_CORE_MAKE_FUNC(int, digest_init, (void *dctx, const OSSL_PARAM params[]))
+OSSL_CORE_MAKE_FUNC(int, digest_update,
+                    (void *dctx, const unsigned char *in, size_t inl))
+OSSL_CORE_MAKE_FUNC(int, digest_final,
+                    (void *dctx,
+                     unsigned char *out, size_t *outl, size_t outsz))
+OSSL_CORE_MAKE_FUNC(int, digest_digest,
+                    (void *provctx, const unsigned char *in, size_t inl,
+                     unsigned char *out, size_t *outl, size_t outsz))
+
+OSSL_CORE_MAKE_FUNC(void, digest_freectx, (void *dctx))
+OSSL_CORE_MAKE_FUNC(void *, digest_dupctx, (void *dctx))
+
+OSSL_CORE_MAKE_FUNC(int, digest_get_params, (OSSL_PARAM params[]))
+OSSL_CORE_MAKE_FUNC(int, digest_set_ctx_params,
+                    (void *vctx, const OSSL_PARAM params[]))
+OSSL_CORE_MAKE_FUNC(int, digest_get_ctx_params,
+                    (void *vctx, OSSL_PARAM params[]))
+OSSL_CORE_MAKE_FUNC(const OSSL_PARAM *, digest_gettable_params,
+                    (void *provctx))
+OSSL_CORE_MAKE_FUNC(const OSSL_PARAM *, digest_settable_ctx_params,
+                    (void *dctx, void *provctx))
+OSSL_CORE_MAKE_FUNC(const OSSL_PARAM *, digest_gettable_ctx_params,
+                    (void *dctx, void *provctx))
+
+/* Symmetric Ciphers */
+
+# define OSSL_FUNC_CIPHER_NEWCTX                     1
+# define OSSL_FUNC_CIPHER_ENCRYPT_INIT               2
+# define OSSL_FUNC_CIPHER_DECRYPT_INIT               3
+# define OSSL_FUNC_CIPHER_UPDATE                     4
+# define OSSL_FUNC_CIPHER_FINAL                      5
+# define OSSL_FUNC_CIPHER_CIPHER                     6
+# define OSSL_FUNC_CIPHER_FREECTX                    7
+# define OSSL_FUNC_CIPHER_DUPCTX                     8
+# define OSSL_FUNC_CIPHER_GET_PARAMS                 9
+# define OSSL_FUNC_CIPHER_GET_CTX_PARAMS            10
+# define OSSL_FUNC_CIPHER_SET_CTX_PARAMS            11
+# define OSSL_FUNC_CIPHER_GETTABLE_PARAMS           12
+# define OSSL_FUNC_CIPHER_GETTABLE_CTX_PARAMS       13
+# define OSSL_FUNC_CIPHER_SETTABLE_CTX_PARAMS       14
+
+OSSL_CORE_MAKE_FUNC(void *, cipher_newctx, (void *provctx))
+OSSL_CORE_MAKE_FUNC(int, cipher_encrypt_init, (void *cctx,
+                                                  const unsigned char *key,
+                                                  size_t keylen,
+                                                  const unsigned char *iv,
+                                                  size_t ivlen,
+                                                  const OSSL_PARAM params[]))
+OSSL_CORE_MAKE_FUNC(int, cipher_decrypt_init, (void *cctx,
+                                                  const unsigned char *key,
+                                                  size_t keylen,
+                                                  const unsigned char *iv,
+                                                  size_t ivlen,
+                                                  const OSSL_PARAM params[]))
+OSSL_CORE_MAKE_FUNC(int, cipher_update,
+                    (void *cctx,
+                     unsigned char *out, size_t *outl, size_t outsize,
+                     const unsigned char *in, size_t inl))
+OSSL_CORE_MAKE_FUNC(int, cipher_final,
+                    (void *cctx,
+                     unsigned char *out, size_t *outl, size_t outsize))
+OSSL_CORE_MAKE_FUNC(int, cipher_cipher,
+                    (void *cctx,
+                     unsigned char *out, size_t *outl, size_t outsize,
+                     const unsigned char *in, size_t inl))
+OSSL_CORE_MAKE_FUNC(void, cipher_freectx, (void *cctx))
+OSSL_CORE_MAKE_FUNC(void *, cipher_dupctx, (void *cctx))
+OSSL_CORE_MAKE_FUNC(int, cipher_get_params, (OSSL_PARAM params[]))
+OSSL_CORE_MAKE_FUNC(int, cipher_get_ctx_params, (void *cctx,
+                                                    OSSL_PARAM params[]))
+OSSL_CORE_MAKE_FUNC(int, cipher_set_ctx_params, (void *cctx,
+                                                    const OSSL_PARAM params[]))
+OSSL_CORE_MAKE_FUNC(const OSSL_PARAM *, cipher_gettable_params,
+                    (void *provctx))
+OSSL_CORE_MAKE_FUNC(const OSSL_PARAM *, cipher_settable_ctx_params,
+                    (void *cctx, void *provctx))
+OSSL_CORE_MAKE_FUNC(const OSSL_PARAM *, cipher_gettable_ctx_params,
+                    (void *cctx, void *provctx))
+
+/* MACs */
+
+# define OSSL_FUNC_MAC_NEWCTX                        1
+# define OSSL_FUNC_MAC_DUPCTX                        2
+# define OSSL_FUNC_MAC_FREECTX                       3
+# define OSSL_FUNC_MAC_INIT                          4
+# define OSSL_FUNC_MAC_UPDATE                        5
+# define OSSL_FUNC_MAC_FINAL                         6
+# define OSSL_FUNC_MAC_GET_PARAMS                    7
+# define OSSL_FUNC_MAC_GET_CTX_PARAMS                8
+# define OSSL_FUNC_MAC_SET_CTX_PARAMS                9
+# define OSSL_FUNC_MAC_GETTABLE_PARAMS              10
+# define OSSL_FUNC_MAC_GETTABLE_CTX_PARAMS          11
+# define OSSL_FUNC_MAC_SETTABLE_CTX_PARAMS          12
+
+OSSL_CORE_MAKE_FUNC(void *, mac_newctx, (void *provctx))
+OSSL_CORE_MAKE_FUNC(void *, mac_dupctx, (void *src))
+OSSL_CORE_MAKE_FUNC(void, mac_freectx, (void *mctx))
+OSSL_CORE_MAKE_FUNC(int, mac_init, (void *mctx, const unsigned char *key,
+                                    size_t keylen, const OSSL_PARAM params[]))
+OSSL_CORE_MAKE_FUNC(int, mac_update,
+                    (void *mctx, const unsigned char *in, size_t inl))
+OSSL_CORE_MAKE_FUNC(int, mac_final,
+                    (void *mctx,
+                     unsigned char *out, size_t *outl, size_t outsize))
+OSSL_CORE_MAKE_FUNC(const OSSL_PARAM *, mac_gettable_params, (void *provctx))
+OSSL_CORE_MAKE_FUNC(const OSSL_PARAM *, mac_gettable_ctx_params,
+                    (void *mctx, void *provctx))
+OSSL_CORE_MAKE_FUNC(const OSSL_PARAM *, mac_settable_ctx_params,
+                    (void *mctx, void *provctx))
+OSSL_CORE_MAKE_FUNC(int, mac_get_params, (OSSL_PARAM params[]))
+OSSL_CORE_MAKE_FUNC(int, mac_get_ctx_params,
+                    (void *mctx, OSSL_PARAM params[]))
+OSSL_CORE_MAKE_FUNC(int, mac_set_ctx_params,
+                    (void *mctx, const OSSL_PARAM params[]))
+
+/* KDFs and PRFs */
+
+# define OSSL_FUNC_KDF_NEWCTX                        1
+# define OSSL_FUNC_KDF_DUPCTX                        2
+# define OSSL_FUNC_KDF_FREECTX                       3
+# define OSSL_FUNC_KDF_RESET                         4
+# define OSSL_FUNC_KDF_DERIVE                        5
+# define OSSL_FUNC_KDF_GETTABLE_PARAMS               6
+# define OSSL_FUNC_KDF_GETTABLE_CTX_PARAMS           7
+# define OSSL_FUNC_KDF_SETTABLE_CTX_PARAMS           8
+# define OSSL_FUNC_KDF_GET_PARAMS                    9
+# define OSSL_FUNC_KDF_GET_CTX_PARAMS               10
+# define OSSL_FUNC_KDF_SET_CTX_PARAMS               11
+
+OSSL_CORE_MAKE_FUNC(void *, kdf_newctx, (void *provctx))
+OSSL_CORE_MAKE_FUNC(void *, kdf_dupctx, (void *src))
+OSSL_CORE_MAKE_FUNC(void, kdf_freectx, (void *kctx))
+OSSL_CORE_MAKE_FUNC(void, kdf_reset, (void *kctx))
+OSSL_CORE_MAKE_FUNC(int, kdf_derive, (void *kctx, unsigned char *key,
+                                      size_t keylen, const OSSL_PARAM params[]))
+OSSL_CORE_MAKE_FUNC(const OSSL_PARAM *, kdf_gettable_params, (void *provctx))
+OSSL_CORE_MAKE_FUNC(const OSSL_PARAM *, kdf_gettable_ctx_params,
+                    (void *kctx, void *provctx))
+OSSL_CORE_MAKE_FUNC(const OSSL_PARAM *, kdf_settable_ctx_params,
+                    (void *kctx, void *provctx))
+OSSL_CORE_MAKE_FUNC(int, kdf_get_params, (OSSL_PARAM params[]))
+OSSL_CORE_MAKE_FUNC(int, kdf_get_ctx_params,
+                    (void *kctx, OSSL_PARAM params[]))
+OSSL_CORE_MAKE_FUNC(int, kdf_set_ctx_params,
+                    (void *kctx, const OSSL_PARAM params[]))
+
+/* RAND */
+
+# define OSSL_FUNC_RAND_NEWCTX                        1
+# define OSSL_FUNC_RAND_FREECTX                       2
+# define OSSL_FUNC_RAND_INSTANTIATE                   3
+# define OSSL_FUNC_RAND_UNINSTANTIATE                 4
+# define OSSL_FUNC_RAND_GENERATE                      5
+# define OSSL_FUNC_RAND_RESEED                        6
+# define OSSL_FUNC_RAND_NONCE                         7
+# define OSSL_FUNC_RAND_ENABLE_LOCKING                8
+# define OSSL_FUNC_RAND_LOCK                          9
+# define OSSL_FUNC_RAND_UNLOCK                       10
+# define OSSL_FUNC_RAND_GETTABLE_PARAMS              11
+# define OSSL_FUNC_RAND_GETTABLE_CTX_PARAMS          12
+# define OSSL_FUNC_RAND_SETTABLE_CTX_PARAMS          13
+# define OSSL_FUNC_RAND_GET_PARAMS                   14
+# define OSSL_FUNC_RAND_GET_CTX_PARAMS               15
+# define OSSL_FUNC_RAND_SET_CTX_PARAMS               16
+# define OSSL_FUNC_RAND_VERIFY_ZEROIZATION           17
+# define OSSL_FUNC_RAND_GET_SEED                     18
+# define OSSL_FUNC_RAND_CLEAR_SEED                   19
+
+OSSL_CORE_MAKE_FUNC(void *,rand_newctx,
+                    (void *provctx, void *parent,
+                    const OSSL_DISPATCH *parent_calls))
+OSSL_CORE_MAKE_FUNC(void,rand_freectx, (void *vctx))
+OSSL_CORE_MAKE_FUNC(int,rand_instantiate,
+                    (void *vdrbg, unsigned int strength,
+                     int prediction_resistance,
+                     const unsigned char *pstr, size_t pstr_len,
+                     const OSSL_PARAM params[]))
+OSSL_CORE_MAKE_FUNC(int,rand_uninstantiate, (void *vdrbg))
+OSSL_CORE_MAKE_FUNC(int,rand_generate,
+                    (void *vctx, unsigned char *out, size_t outlen,
+                     unsigned int strength, int prediction_resistance,
+                     const unsigned char *addin, size_t addin_len))
+OSSL_CORE_MAKE_FUNC(int,rand_reseed,
+                    (void *vctx, int prediction_resistance,
+                     const unsigned char *ent, size_t ent_len,
+                     const unsigned char *addin, size_t addin_len))
+OSSL_CORE_MAKE_FUNC(size_t,rand_nonce,
+                    (void *vctx, unsigned char *out, unsigned int strength,
+                     size_t min_noncelen, size_t max_noncelen))
+OSSL_CORE_MAKE_FUNC(int,rand_enable_locking, (void *vctx))
+OSSL_CORE_MAKE_FUNC(int,rand_lock, (void *vctx))
+OSSL_CORE_MAKE_FUNC(void,rand_unlock, (void *vctx))
+OSSL_CORE_MAKE_FUNC(const OSSL_PARAM *,rand_gettable_params, (void *provctx))
+OSSL_CORE_MAKE_FUNC(const OSSL_PARAM *,rand_gettable_ctx_params,
+                    (void *vctx, void *provctx))
+OSSL_CORE_MAKE_FUNC(const OSSL_PARAM *,rand_settable_ctx_params,
+                    (void *vctx, void *provctx))
+OSSL_CORE_MAKE_FUNC(int,rand_get_params, (OSSL_PARAM params[]))
+OSSL_CORE_MAKE_FUNC(int,rand_get_ctx_params,
+                    (void *vctx, OSSL_PARAM params[]))
+OSSL_CORE_MAKE_FUNC(int,rand_set_ctx_params,
+                    (void *vctx, const OSSL_PARAM params[]))
+OSSL_CORE_MAKE_FUNC(void,rand_set_callbacks,
+                    (void *vctx, OSSL_INOUT_CALLBACK *get_entropy,
+                     OSSL_CALLBACK *cleanup_entropy,
+                     OSSL_INOUT_CALLBACK *get_nonce,
+                     OSSL_CALLBACK *cleanup_nonce, void *arg))
+OSSL_CORE_MAKE_FUNC(int,rand_verify_zeroization,
+                    (void *vctx))
+OSSL_CORE_MAKE_FUNC(size_t,rand_get_seed,
+                    (void *vctx, unsigned char **buffer,
+                     int entropy, size_t min_len, size_t max_len,
+                     int prediction_resistance,
+                     const unsigned char *adin, size_t adin_len))
+OSSL_CORE_MAKE_FUNC(void,rand_clear_seed,
+                    (void *vctx, unsigned char *buffer, size_t b_len))
+
+/*-
+ * Key management
+ *
+ * The Key Management takes care of provider side key objects, and includes
+ * all current functionality to create them, destroy them, set parameters
+ * and key material, etc, essentially everything that manipulates the keys
+ * themselves and their parameters.
+ *
+ * The key objects are commonly referred to as |keydata|, and it MUST be able
+ * to contain parameters if the key has any, the public key and the private
+ * key.  All parts are optional, but their presence determines what can be
+ * done with the key object in terms of encryption, signature, and so on.
+ * The assumption from libcrypto is that the key object contains any of the
+ * following data combinations:
+ *
+ * - parameters only
+ * - public key only
+ * - public key + private key
+ * - parameters + public key
+ * - parameters + public key + private key
+ *
+ * What "parameters", "public key" and "private key" means in detail is left
+ * to the implementation.  In the case of DH and DSA, they would typically
+ * include domain parameters, while for certain variants of RSA, they would
+ * typically include PSS or OAEP parameters.
+ *
+ * Key objects are created with OSSL_FUNC_keymgmt_new() and destroyed with
+ * OSSL_FUNC_keymgmt_free().  Key objects can have data filled in with
+ * OSSL_FUNC_keymgmt_import().
+ *
+ * Three functions are made available to check what selection of data is
+ * present in a key object: OSSL_FUNC_keymgmt_has_parameters(),
+ * OSSL_FUNC_keymgmt_has_public_key(), and OSSL_FUNC_keymgmt_has_private_key(),
+ */
+
+/* Key data subset selection - individual bits */
+# define OSSL_KEYMGMT_SELECT_PRIVATE_KEY            0x01
+# define OSSL_KEYMGMT_SELECT_PUBLIC_KEY             0x02
+# define OSSL_KEYMGMT_SELECT_DOMAIN_PARAMETERS      0x04
+# define OSSL_KEYMGMT_SELECT_OTHER_PARAMETERS       0x80
+
+/* Key data subset selection - combinations */
+# define OSSL_KEYMGMT_SELECT_ALL_PARAMETERS     \
+    ( OSSL_KEYMGMT_SELECT_DOMAIN_PARAMETERS     \
+      | OSSL_KEYMGMT_SELECT_OTHER_PARAMETERS)
+# define OSSL_KEYMGMT_SELECT_KEYPAIR            \
+    ( OSSL_KEYMGMT_SELECT_PRIVATE_KEY | OSSL_KEYMGMT_SELECT_PUBLIC_KEY )
+# define OSSL_KEYMGMT_SELECT_ALL                \
+    ( OSSL_KEYMGMT_SELECT_KEYPAIR | OSSL_KEYMGMT_SELECT_ALL_PARAMETERS )
+
+# define OSSL_KEYMGMT_VALIDATE_FULL_CHECK              0
+# define OSSL_KEYMGMT_VALIDATE_QUICK_CHECK             1
+
+/* Basic key object creation */
+# define OSSL_FUNC_KEYMGMT_NEW                         1
+OSSL_CORE_MAKE_FUNC(void *, keymgmt_new, (void *provctx))
+
+/* Generation, a more complex constructor */
+# define OSSL_FUNC_KEYMGMT_GEN_INIT                    2
+# define OSSL_FUNC_KEYMGMT_GEN_SET_TEMPLATE            3
+# define OSSL_FUNC_KEYMGMT_GEN_SET_PARAMS              4
+# define OSSL_FUNC_KEYMGMT_GEN_SETTABLE_PARAMS         5
+# define OSSL_FUNC_KEYMGMT_GEN                         6
+# define OSSL_FUNC_KEYMGMT_GEN_CLEANUP                 7
+OSSL_CORE_MAKE_FUNC(void *, keymgmt_gen_init,
+                    (void *provctx, int selection, const OSSL_PARAM params[]))
+OSSL_CORE_MAKE_FUNC(int, keymgmt_gen_set_template,
+                    (void *genctx, void *templ))
+OSSL_CORE_MAKE_FUNC(int, keymgmt_gen_set_params,
+                    (void *genctx, const OSSL_PARAM params[]))
+OSSL_CORE_MAKE_FUNC(const OSSL_PARAM *,
+                    keymgmt_gen_settable_params,
+                    (void *genctx, void *provctx))
+OSSL_CORE_MAKE_FUNC(void *, keymgmt_gen,
+                    (void *genctx, OSSL_CALLBACK *cb, void *cbarg))
+OSSL_CORE_MAKE_FUNC(void, keymgmt_gen_cleanup, (void *genctx))
+
+/* Key loading by object reference */
+# define OSSL_FUNC_KEYMGMT_LOAD                        8
+OSSL_CORE_MAKE_FUNC(void *, keymgmt_load,
+                    (const void *reference, size_t reference_sz))
+
+/* Basic key object destruction */
+# define OSSL_FUNC_KEYMGMT_FREE                       10
+OSSL_CORE_MAKE_FUNC(void, keymgmt_free, (void *keydata))
+
+/* Key object information, with discovery */
+#define OSSL_FUNC_KEYMGMT_GET_PARAMS                  11
+#define OSSL_FUNC_KEYMGMT_GETTABLE_PARAMS             12
+OSSL_CORE_MAKE_FUNC(int, keymgmt_get_params,
+                    (void *keydata, OSSL_PARAM params[]))
+OSSL_CORE_MAKE_FUNC(const OSSL_PARAM *, keymgmt_gettable_params,
+                    (void *provctx))
+
+#define OSSL_FUNC_KEYMGMT_SET_PARAMS                  13
+#define OSSL_FUNC_KEYMGMT_SETTABLE_PARAMS             14
+OSSL_CORE_MAKE_FUNC(int, keymgmt_set_params,
+                    (void *keydata, const OSSL_PARAM params[]))
+OSSL_CORE_MAKE_FUNC(const OSSL_PARAM *, keymgmt_settable_params,
+                    (void *provctx))
+
+/* Key checks - discovery of supported operations */
+# define OSSL_FUNC_KEYMGMT_QUERY_OPERATION_NAME       20
+OSSL_CORE_MAKE_FUNC(const char *, keymgmt_query_operation_name,
+                    (int operation_id))
+
+/* Key checks - key data content checks */
+# define OSSL_FUNC_KEYMGMT_HAS                        21
+OSSL_CORE_MAKE_FUNC(int, keymgmt_has, (const void *keydata, int selection))
+
+/* Key checks - validation */
+# define OSSL_FUNC_KEYMGMT_VALIDATE                   22
+OSSL_CORE_MAKE_FUNC(int, keymgmt_validate, (const void *keydata, int selection,
+                                            int checktype))
+
+/* Key checks - matching */
+# define OSSL_FUNC_KEYMGMT_MATCH                      23
+OSSL_CORE_MAKE_FUNC(int, keymgmt_match,
+                    (const void *keydata1, const void *keydata2,
+                     int selection))
+
+/* Import and export functions, with discovery */
+# define OSSL_FUNC_KEYMGMT_IMPORT                     40
+# define OSSL_FUNC_KEYMGMT_IMPORT_TYPES               41
+# define OSSL_FUNC_KEYMGMT_EXPORT                     42
+# define OSSL_FUNC_KEYMGMT_EXPORT_TYPES               43
+OSSL_CORE_MAKE_FUNC(int, keymgmt_import,
+                    (void *keydata, int selection, const OSSL_PARAM params[]))
+OSSL_CORE_MAKE_FUNC(const OSSL_PARAM *, keymgmt_import_types,
+                    (int selection))
+OSSL_CORE_MAKE_FUNC(int, keymgmt_export,
+                    (void *keydata, int selection,
+                     OSSL_CALLBACK *param_cb, void *cbarg))
+OSSL_CORE_MAKE_FUNC(const OSSL_PARAM *, keymgmt_export_types,
+                    (int selection))
+
+/* Dup function, constructor */
+# define OSSL_FUNC_KEYMGMT_DUP                        44
+OSSL_CORE_MAKE_FUNC(void *, keymgmt_dup,
+                    (const void *keydata_from, int selection))
+
+/* Key Exchange */
+
+# define OSSL_FUNC_KEYEXCH_NEWCTX                      1
+# define OSSL_FUNC_KEYEXCH_INIT                        2
+# define OSSL_FUNC_KEYEXCH_DERIVE                      3
+# define OSSL_FUNC_KEYEXCH_SET_PEER                    4
+# define OSSL_FUNC_KEYEXCH_FREECTX                     5
+# define OSSL_FUNC_KEYEXCH_DUPCTX                      6
+# define OSSL_FUNC_KEYEXCH_SET_CTX_PARAMS              7
+# define OSSL_FUNC_KEYEXCH_SETTABLE_CTX_PARAMS         8
+# define OSSL_FUNC_KEYEXCH_GET_CTX_PARAMS              9
+# define OSSL_FUNC_KEYEXCH_GETTABLE_CTX_PARAMS        10
+
+OSSL_CORE_MAKE_FUNC(void *, keyexch_newctx, (void *provctx))
+OSSL_CORE_MAKE_FUNC(int, keyexch_init, (void *ctx, void *provkey,
+                                        const OSSL_PARAM params[]))
+OSSL_CORE_MAKE_FUNC(int, keyexch_derive, (void *ctx,  unsigned char *secret,
+                                             size_t *secretlen, size_t outlen))
+OSSL_CORE_MAKE_FUNC(int, keyexch_set_peer, (void *ctx, void *provkey))
+OSSL_CORE_MAKE_FUNC(void, keyexch_freectx, (void *ctx))
+OSSL_CORE_MAKE_FUNC(void *, keyexch_dupctx, (void *ctx))
+OSSL_CORE_MAKE_FUNC(int, keyexch_set_ctx_params, (void *ctx,
+                                                     const OSSL_PARAM params[]))
+OSSL_CORE_MAKE_FUNC(const OSSL_PARAM *, keyexch_settable_ctx_params,
+                    (void *ctx, void *provctx))
+OSSL_CORE_MAKE_FUNC(int, keyexch_get_ctx_params, (void *ctx,
+                                                     OSSL_PARAM params[]))
+OSSL_CORE_MAKE_FUNC(const OSSL_PARAM *, keyexch_gettable_ctx_params,
+                    (void *ctx, void *provctx))
+
+/* Signature */
+
+# define OSSL_FUNC_SIGNATURE_NEWCTX                  1
+# define OSSL_FUNC_SIGNATURE_SIGN_INIT               2
+# define OSSL_FUNC_SIGNATURE_SIGN                    3
+# define OSSL_FUNC_SIGNATURE_VERIFY_INIT             4
+# define OSSL_FUNC_SIGNATURE_VERIFY                  5
+# define OSSL_FUNC_SIGNATURE_VERIFY_RECOVER_INIT     6
+# define OSSL_FUNC_SIGNATURE_VERIFY_RECOVER          7
+# define OSSL_FUNC_SIGNATURE_DIGEST_SIGN_INIT        8
+# define OSSL_FUNC_SIGNATURE_DIGEST_SIGN_UPDATE      9
+# define OSSL_FUNC_SIGNATURE_DIGEST_SIGN_FINAL      10
+# define OSSL_FUNC_SIGNATURE_DIGEST_SIGN            11
+# define OSSL_FUNC_SIGNATURE_DIGEST_VERIFY_INIT     12
+# define OSSL_FUNC_SIGNATURE_DIGEST_VERIFY_UPDATE   13
+# define OSSL_FUNC_SIGNATURE_DIGEST_VERIFY_FINAL    14
+# define OSSL_FUNC_SIGNATURE_DIGEST_VERIFY          15
+# define OSSL_FUNC_SIGNATURE_FREECTX                16
+# define OSSL_FUNC_SIGNATURE_DUPCTX                 17
+# define OSSL_FUNC_SIGNATURE_GET_CTX_PARAMS         18
+# define OSSL_FUNC_SIGNATURE_GETTABLE_CTX_PARAMS    19
+# define OSSL_FUNC_SIGNATURE_SET_CTX_PARAMS         20
+# define OSSL_FUNC_SIGNATURE_SETTABLE_CTX_PARAMS    21
+# define OSSL_FUNC_SIGNATURE_GET_CTX_MD_PARAMS      22
+# define OSSL_FUNC_SIGNATURE_GETTABLE_CTX_MD_PARAMS 23
+# define OSSL_FUNC_SIGNATURE_SET_CTX_MD_PARAMS      24
+# define OSSL_FUNC_SIGNATURE_SETTABLE_CTX_MD_PARAMS 25
+
+OSSL_CORE_MAKE_FUNC(void *, signature_newctx, (void *provctx,
+                                                  const char *propq))
+OSSL_CORE_MAKE_FUNC(int, signature_sign_init, (void *ctx, void *provkey,
+                                               const OSSL_PARAM params[]))
+OSSL_CORE_MAKE_FUNC(int, signature_sign, (void *ctx,  unsigned char *sig,
+                                             size_t *siglen, size_t sigsize,
+                                             const unsigned char *tbs,
+                                             size_t tbslen))
+OSSL_CORE_MAKE_FUNC(int, signature_verify_init, (void *ctx, void *provkey,
+                                                 const OSSL_PARAM params[]))
+OSSL_CORE_MAKE_FUNC(int, signature_verify, (void *ctx,
+                                               const unsigned char *sig,
+                                               size_t siglen,
+                                               const unsigned char *tbs,
+                                               size_t tbslen))
+OSSL_CORE_MAKE_FUNC(int, signature_verify_recover_init,
+                    (void *ctx, void *provkey, const OSSL_PARAM params[]))
+OSSL_CORE_MAKE_FUNC(int, signature_verify_recover,
+                    (void *ctx, unsigned char *rout, size_t *routlen,
+                     size_t routsize, const unsigned char *sig, size_t siglen))
+OSSL_CORE_MAKE_FUNC(int, signature_digest_sign_init,
+                    (void *ctx, const char *mdname, void *provkey,
+                     const OSSL_PARAM params[]))
+OSSL_CORE_MAKE_FUNC(int, signature_digest_sign_update,
+                    (void *ctx, const unsigned char *data, size_t datalen))
+OSSL_CORE_MAKE_FUNC(int, signature_digest_sign_final,
+                    (void *ctx, unsigned char *sig, size_t *siglen,
+                     size_t sigsize))
+OSSL_CORE_MAKE_FUNC(int, signature_digest_sign,
+                    (void *ctx, unsigned char *sigret, size_t *siglen,
+                     size_t sigsize, const unsigned char *tbs, size_t tbslen))
+OSSL_CORE_MAKE_FUNC(int, signature_digest_verify_init,
+                    (void *ctx, const char *mdname, void *provkey,
+                     const OSSL_PARAM params[]))
+OSSL_CORE_MAKE_FUNC(int, signature_digest_verify_update,
+                    (void *ctx, const unsigned char *data, size_t datalen))
+OSSL_CORE_MAKE_FUNC(int, signature_digest_verify_final,
+                    (void *ctx, const unsigned char *sig, size_t siglen))
+OSSL_CORE_MAKE_FUNC(int, signature_digest_verify,
+                    (void *ctx, const unsigned char *sig, size_t siglen,
+                     const unsigned char *tbs, size_t tbslen))
+OSSL_CORE_MAKE_FUNC(void, signature_freectx, (void *ctx))
+OSSL_CORE_MAKE_FUNC(void *, signature_dupctx, (void *ctx))
+OSSL_CORE_MAKE_FUNC(int, signature_get_ctx_params,
+                    (void *ctx, OSSL_PARAM params[]))
+OSSL_CORE_MAKE_FUNC(const OSSL_PARAM *, signature_gettable_ctx_params,
+                    (void *ctx, void *provctx))
+OSSL_CORE_MAKE_FUNC(int, signature_set_ctx_params,
+                    (void *ctx, const OSSL_PARAM params[]))
+OSSL_CORE_MAKE_FUNC(const OSSL_PARAM *, signature_settable_ctx_params,
+                    (void *ctx, void *provctx))
+OSSL_CORE_MAKE_FUNC(int, signature_get_ctx_md_params,
+                    (void *ctx, OSSL_PARAM params[]))
+OSSL_CORE_MAKE_FUNC(const OSSL_PARAM *, signature_gettable_ctx_md_params,
+                    (void *ctx))
+OSSL_CORE_MAKE_FUNC(int, signature_set_ctx_md_params,
+                    (void *ctx, const OSSL_PARAM params[]))
+OSSL_CORE_MAKE_FUNC(const OSSL_PARAM *, signature_settable_ctx_md_params,
+                    (void *ctx))
+
+
+/* Asymmetric Ciphers */
+
+# define OSSL_FUNC_ASYM_CIPHER_NEWCTX                  1
+# define OSSL_FUNC_ASYM_CIPHER_ENCRYPT_INIT            2
+# define OSSL_FUNC_ASYM_CIPHER_ENCRYPT                 3
+# define OSSL_FUNC_ASYM_CIPHER_DECRYPT_INIT            4
+# define OSSL_FUNC_ASYM_CIPHER_DECRYPT                 5
+# define OSSL_FUNC_ASYM_CIPHER_FREECTX                 6
+# define OSSL_FUNC_ASYM_CIPHER_DUPCTX                  7
+# define OSSL_FUNC_ASYM_CIPHER_GET_CTX_PARAMS          8
+# define OSSL_FUNC_ASYM_CIPHER_GETTABLE_CTX_PARAMS     9
+# define OSSL_FUNC_ASYM_CIPHER_SET_CTX_PARAMS         10
+# define OSSL_FUNC_ASYM_CIPHER_SETTABLE_CTX_PARAMS    11
+
+OSSL_CORE_MAKE_FUNC(void *, asym_cipher_newctx, (void *provctx))
+OSSL_CORE_MAKE_FUNC(int, asym_cipher_encrypt_init, (void *ctx, void *provkey,
+                                                    const OSSL_PARAM params[]))
+OSSL_CORE_MAKE_FUNC(int, asym_cipher_encrypt, (void *ctx, unsigned char *out,
+                                                  size_t *outlen,
+                                                  size_t outsize,
+                                                  const unsigned char *in,
+                                                  size_t inlen))
+OSSL_CORE_MAKE_FUNC(int, asym_cipher_decrypt_init, (void *ctx, void *provkey,
+                                                    const OSSL_PARAM params[]))
+OSSL_CORE_MAKE_FUNC(int, asym_cipher_decrypt, (void *ctx, unsigned char *out,
+                                                  size_t *outlen,
+                                                  size_t outsize,
+                                                  const unsigned char *in,
+                                                  size_t inlen))
+OSSL_CORE_MAKE_FUNC(void, asym_cipher_freectx, (void *ctx))
+OSSL_CORE_MAKE_FUNC(void *, asym_cipher_dupctx, (void *ctx))
+OSSL_CORE_MAKE_FUNC(int, asym_cipher_get_ctx_params,
+                    (void *ctx, OSSL_PARAM params[]))
+OSSL_CORE_MAKE_FUNC(const OSSL_PARAM *, asym_cipher_gettable_ctx_params,
+                    (void *ctx, void *provctx))
+OSSL_CORE_MAKE_FUNC(int, asym_cipher_set_ctx_params,
+                    (void *ctx, const OSSL_PARAM params[]))
+OSSL_CORE_MAKE_FUNC(const OSSL_PARAM *, asym_cipher_settable_ctx_params,
+                    (void *ctx, void *provctx))
+
+/* Asymmetric Key encapsulation */
+# define OSSL_FUNC_KEM_NEWCTX                  1
+# define OSSL_FUNC_KEM_ENCAPSULATE_INIT        2
+# define OSSL_FUNC_KEM_ENCAPSULATE             3
+# define OSSL_FUNC_KEM_DECAPSULATE_INIT        4
+# define OSSL_FUNC_KEM_DECAPSULATE             5
+# define OSSL_FUNC_KEM_FREECTX                 6
+# define OSSL_FUNC_KEM_DUPCTX                  7
+# define OSSL_FUNC_KEM_GET_CTX_PARAMS          8
+# define OSSL_FUNC_KEM_GETTABLE_CTX_PARAMS     9
+# define OSSL_FUNC_KEM_SET_CTX_PARAMS         10
+# define OSSL_FUNC_KEM_SETTABLE_CTX_PARAMS    11
+
+OSSL_CORE_MAKE_FUNC(void *, kem_newctx, (void *provctx))
+OSSL_CORE_MAKE_FUNC(int, kem_encapsulate_init, (void *ctx, void *provkey,
+                                                const OSSL_PARAM params[]))
+OSSL_CORE_MAKE_FUNC(int, kem_encapsulate, (void *ctx,
+                                           unsigned char *out, size_t *outlen,
+                                           unsigned char *secret,
+                                           size_t *secretlen))
+OSSL_CORE_MAKE_FUNC(int, kem_decapsulate_init, (void *ctx, void *provkey,
+                                                const OSSL_PARAM params[]))
+OSSL_CORE_MAKE_FUNC(int, kem_decapsulate, (void *ctx,
+                                           unsigned char *out, size_t *outlen,
+                                           const unsigned char *in, size_t inlen))
+OSSL_CORE_MAKE_FUNC(void, kem_freectx, (void *ctx))
+OSSL_CORE_MAKE_FUNC(void *, kem_dupctx, (void *ctx))
+OSSL_CORE_MAKE_FUNC(int, kem_get_ctx_params, (void *ctx, OSSL_PARAM params[]))
+OSSL_CORE_MAKE_FUNC(const OSSL_PARAM *, kem_gettable_ctx_params,
+                    (void *ctx, void *provctx))
+OSSL_CORE_MAKE_FUNC(int, kem_set_ctx_params,
+                    (void *ctx, const OSSL_PARAM params[]))
+OSSL_CORE_MAKE_FUNC(const OSSL_PARAM *, kem_settable_ctx_params,
+                    (void *ctx, void *provctx))
+
+/* Encoders and decoders */
+# define OSSL_FUNC_ENCODER_NEWCTX                      1
+# define OSSL_FUNC_ENCODER_FREECTX                     2
+# define OSSL_FUNC_ENCODER_GET_PARAMS                  3
+# define OSSL_FUNC_ENCODER_GETTABLE_PARAMS             4
+# define OSSL_FUNC_ENCODER_SET_CTX_PARAMS              5
+# define OSSL_FUNC_ENCODER_SETTABLE_CTX_PARAMS         6
+# define OSSL_FUNC_ENCODER_DOES_SELECTION             10
+# define OSSL_FUNC_ENCODER_ENCODE                     11
+# define OSSL_FUNC_ENCODER_IMPORT_OBJECT              20
+# define OSSL_FUNC_ENCODER_FREE_OBJECT                21
+OSSL_CORE_MAKE_FUNC(void *, encoder_newctx, (void *provctx))
+OSSL_CORE_MAKE_FUNC(void, encoder_freectx, (void *ctx))
+OSSL_CORE_MAKE_FUNC(int, encoder_get_params, (OSSL_PARAM params[]))
+OSSL_CORE_MAKE_FUNC(const OSSL_PARAM *, encoder_gettable_params,
+                    (void *provctx))
+OSSL_CORE_MAKE_FUNC(int, encoder_set_ctx_params,
+                    (void *ctx, const OSSL_PARAM params[]))
+OSSL_CORE_MAKE_FUNC(const OSSL_PARAM *, encoder_settable_ctx_params,
+                    (void *provctx))
+
+OSSL_CORE_MAKE_FUNC(int, encoder_does_selection,
+                    (void *provctx, int selection))
+OSSL_CORE_MAKE_FUNC(int, encoder_encode,
+                    (void *ctx, OSSL_CORE_BIO *out,
+                     const void *obj_raw, const OSSL_PARAM obj_abstract[],
+                     int selection,
+                     OSSL_PASSPHRASE_CALLBACK *cb, void *cbarg))
+
+OSSL_CORE_MAKE_FUNC(void *, encoder_import_object,
+                    (void *ctx, int selection, const OSSL_PARAM params[]))
+OSSL_CORE_MAKE_FUNC(void, encoder_free_object, (void *obj))
+
+# define OSSL_FUNC_DECODER_NEWCTX                      1
+# define OSSL_FUNC_DECODER_FREECTX                     2
+# define OSSL_FUNC_DECODER_GET_PARAMS                  3
+# define OSSL_FUNC_DECODER_GETTABLE_PARAMS             4
+# define OSSL_FUNC_DECODER_SET_CTX_PARAMS              5
+# define OSSL_FUNC_DECODER_SETTABLE_CTX_PARAMS         6
+# define OSSL_FUNC_DECODER_DOES_SELECTION             10
+# define OSSL_FUNC_DECODER_DECODE                     11
+# define OSSL_FUNC_DECODER_EXPORT_OBJECT              20
+OSSL_CORE_MAKE_FUNC(void *, decoder_newctx, (void *provctx))
+OSSL_CORE_MAKE_FUNC(void, decoder_freectx, (void *ctx))
+OSSL_CORE_MAKE_FUNC(int, decoder_get_params, (OSSL_PARAM params[]))
+OSSL_CORE_MAKE_FUNC(const OSSL_PARAM *, decoder_gettable_params,
+                    (void *provctx))
+OSSL_CORE_MAKE_FUNC(int, decoder_set_ctx_params,
+                    (void *ctx, const OSSL_PARAM params[]))
+OSSL_CORE_MAKE_FUNC(const OSSL_PARAM *, decoder_settable_ctx_params,
+                    (void *provctx))
+
+OSSL_CORE_MAKE_FUNC(int, decoder_does_selection,
+                    (void *provctx, int selection))
+OSSL_CORE_MAKE_FUNC(int, decoder_decode,
+                    (void *ctx, OSSL_CORE_BIO *in, int selection,
+                     OSSL_CALLBACK *data_cb, void *data_cbarg,
+                     OSSL_PASSPHRASE_CALLBACK *pw_cb, void *pw_cbarg))
+OSSL_CORE_MAKE_FUNC(int, decoder_export_object,
+                    (void *ctx, const void *objref, size_t objref_sz,
+                     OSSL_CALLBACK *export_cb, void *export_cbarg))
+
+/*-
+ * Store
+ *
+ * Objects are scanned by using the 'open', 'load', 'eof' and 'close'
+ * functions, which implement an OSSL_STORE loader.
+ *
+ * store_load() works in a way that's very similar to the decoders, in
+ * that they pass an abstract object through a callback, either as a DER
+ * octet string or as an object reference, which libcrypto will have to
+ * deal with.
+ */
+
+#define OSSL_FUNC_STORE_OPEN                        1
+#define OSSL_FUNC_STORE_ATTACH                      2
+#define OSSL_FUNC_STORE_SETTABLE_CTX_PARAMS         3
+#define OSSL_FUNC_STORE_SET_CTX_PARAMS              4
+#define OSSL_FUNC_STORE_LOAD                        5
+#define OSSL_FUNC_STORE_EOF                         6
+#define OSSL_FUNC_STORE_CLOSE                       7
+#define OSSL_FUNC_STORE_EXPORT_OBJECT               8
+OSSL_CORE_MAKE_FUNC(void *, store_open, (void *provctx, const char *uri))
+OSSL_CORE_MAKE_FUNC(void *, store_attach, (void *provctx, OSSL_CORE_BIO *in))
+OSSL_CORE_MAKE_FUNC(const OSSL_PARAM *, store_settable_ctx_params,
+                    (void *provctx))
+OSSL_CORE_MAKE_FUNC(int, store_set_ctx_params,
+                    (void *loaderctx, const OSSL_PARAM params[]))
+OSSL_CORE_MAKE_FUNC(int, store_load,
+                    (void *loaderctx,
+                     OSSL_CALLBACK *object_cb, void *object_cbarg,
+                     OSSL_PASSPHRASE_CALLBACK *pw_cb, void *pw_cbarg))
+OSSL_CORE_MAKE_FUNC(int, store_eof, (void *loaderctx))
+OSSL_CORE_MAKE_FUNC(int, store_close, (void *loaderctx))
+OSSL_CORE_MAKE_FUNC(int, store_export_object,
+                    (void *loaderctx, const void *objref, size_t objref_sz,
+                     OSSL_CALLBACK *export_cb, void *export_cbarg))
+
+# ifdef __cplusplus
+}
+# endif
+
+#endif
--- a/src/3rdparty/win32_include/openssl/core_names.h
+++ b/src/3rdparty/win32_include/openssl/core_names.h
@ -0,0 +1,559 @@
+/*
+ * Copyright 2019-2023 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the Apache License 2.0 (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#ifndef OPENSSL_CORE_NAMES_H
+# define OPENSSL_CORE_NAMES_H
+# pragma once
+
+# ifdef __cplusplus
+extern "C" {
+# endif
+
+/* Well known parameter names that core passes to providers */
+#define OSSL_PROV_PARAM_CORE_VERSION         "openssl-version" /* utf8_ptr */
+#define OSSL_PROV_PARAM_CORE_PROV_NAME       "provider-name"   /* utf8_ptr */
+#define OSSL_PROV_PARAM_CORE_MODULE_FILENAME "module-filename" /* utf8_ptr */
+
+/* Well known parameter names that Providers can define */
+#define OSSL_PROV_PARAM_NAME               "name"                /* utf8_ptr */
+#define OSSL_PROV_PARAM_VERSION            "version"             /* utf8_ptr */
+#define OSSL_PROV_PARAM_BUILDINFO          "buildinfo"           /* utf8_ptr */
+#define OSSL_PROV_PARAM_STATUS             "status"              /* uint */
+#define OSSL_PROV_PARAM_SECURITY_CHECKS    "security-checks"     /* uint */
+#define OSSL_PROV_PARAM_TLS1_PRF_EMS_CHECK "tls1-prf-ems-check"  /* uint */
+
+/* Self test callback parameters */
+#define OSSL_PROV_PARAM_SELF_TEST_PHASE  "st-phase" /* utf8_string */
+#define OSSL_PROV_PARAM_SELF_TEST_TYPE   "st-type"  /* utf8_string */
+#define OSSL_PROV_PARAM_SELF_TEST_DESC   "st-desc"  /* utf8_string */
+
+/*-
+ * Provider-native object abstractions
+ *
+ * These are used when a provider wants to pass object data or an object
+ * reference back to libcrypto.  This is only useful for provider functions
+ * that take a callback to which an OSSL_PARAM array with these parameters
+ * can be passed.
+ *
+ * This set of parameter names is explained in detail in provider-object(7)
+ * (doc/man7/provider-object.pod)
+ */
+#define OSSL_OBJECT_PARAM_TYPE              "type"      /* INTEGER */
+#define OSSL_OBJECT_PARAM_DATA_TYPE         "data-type" /* UTF8_STRING */
+#define OSSL_OBJECT_PARAM_DATA_STRUCTURE    "data-structure" /* UTF8_STRING */
+#define OSSL_OBJECT_PARAM_REFERENCE         "reference" /* OCTET_STRING */
+#define OSSL_OBJECT_PARAM_DATA              "data" /* OCTET_STRING or UTF8_STRING */
+#define OSSL_OBJECT_PARAM_DESC              "desc"      /* UTF8_STRING */
+
+/*
+ * Algorithm parameters
+ * If "engine" or "properties" are specified, they should always be paired
+ * with the algorithm type.
+ * Note these are common names that are shared by many types (such as kdf, mac,
+ * and pkey) e.g: see OSSL_MAC_PARAM_DIGEST below.
+ */
+#define OSSL_ALG_PARAM_DIGEST       "digest"    /* utf8_string */
+#define OSSL_ALG_PARAM_CIPHER       "cipher"    /* utf8_string */
+#define OSSL_ALG_PARAM_ENGINE       "engine"    /* utf8_string */
+#define OSSL_ALG_PARAM_MAC          "mac"       /* utf8_string */
+#define OSSL_ALG_PARAM_PROPERTIES   "properties"/* utf8_string */
+
+/* cipher parameters */
+#define OSSL_CIPHER_PARAM_PADDING              "padding"      /* uint */
+#define OSSL_CIPHER_PARAM_USE_BITS             "use-bits"     /* uint */
+#define OSSL_CIPHER_PARAM_TLS_VERSION          "tls-version"  /* uint */
+#define OSSL_CIPHER_PARAM_TLS_MAC              "tls-mac"      /* octet_ptr */
+#define OSSL_CIPHER_PARAM_TLS_MAC_SIZE         "tls-mac-size" /* size_t */
+#define OSSL_CIPHER_PARAM_MODE                 "mode"         /* uint */
+#define OSSL_CIPHER_PARAM_BLOCK_SIZE           "blocksize"    /* size_t */
+#define OSSL_CIPHER_PARAM_AEAD                 "aead"         /* int, 0 or 1 */
+#define OSSL_CIPHER_PARAM_CUSTOM_IV            "custom-iv"    /* int, 0 or 1 */
+#define OSSL_CIPHER_PARAM_CTS                  "cts"          /* int, 0 or 1 */
+#define OSSL_CIPHER_PARAM_TLS1_MULTIBLOCK      "tls-multi"    /* int, 0 or 1 */
+#define OSSL_CIPHER_PARAM_HAS_RAND_KEY         "has-randkey"  /* int, 0 or 1 */
+#define OSSL_CIPHER_PARAM_KEYLEN               "keylen"       /* size_t */
+#define OSSL_CIPHER_PARAM_IVLEN                "ivlen"        /* size_t */
+#define OSSL_CIPHER_PARAM_IV                   "iv"           /* octet_string OR octet_ptr */
+#define OSSL_CIPHER_PARAM_UPDATED_IV           "updated-iv"   /* octet_string OR octet_ptr */
+#define OSSL_CIPHER_PARAM_NUM                  "num"          /* uint */
+#define OSSL_CIPHER_PARAM_ROUNDS               "rounds"       /* uint */
+#define OSSL_CIPHER_PARAM_AEAD_TAG             "tag"          /* octet_string */
+#define OSSL_CIPHER_PARAM_AEAD_TLS1_AAD        "tlsaad"       /* octet_string */
+#define OSSL_CIPHER_PARAM_AEAD_TLS1_AAD_PAD    "tlsaadpad"    /* size_t */
+#define OSSL_CIPHER_PARAM_AEAD_TLS1_IV_FIXED   "tlsivfixed"   /* octet_string */
+#define OSSL_CIPHER_PARAM_AEAD_TLS1_GET_IV_GEN "tlsivgen"     /* octet_string */
+#define OSSL_CIPHER_PARAM_AEAD_TLS1_SET_IV_INV "tlsivinv"     /* octet_string */
+#define OSSL_CIPHER_PARAM_AEAD_IVLEN           OSSL_CIPHER_PARAM_IVLEN
+#define OSSL_CIPHER_PARAM_AEAD_TAGLEN          "taglen"       /* size_t */
+#define OSSL_CIPHER_PARAM_AEAD_MAC_KEY         "mackey"       /* octet_string */
+#define OSSL_CIPHER_PARAM_RANDOM_KEY           "randkey"      /* octet_string */
+#define OSSL_CIPHER_PARAM_RC2_KEYBITS          "keybits"      /* size_t */
+#define OSSL_CIPHER_PARAM_SPEED                "speed"        /* uint */
+#define OSSL_CIPHER_PARAM_CTS_MODE             "cts_mode"     /* utf8_string */
+/* For passing the AlgorithmIdentifier parameter in DER form */
+#define OSSL_CIPHER_PARAM_ALGORITHM_ID_PARAMS  "alg_id_param" /* octet_string */
+
+#define OSSL_CIPHER_PARAM_TLS1_MULTIBLOCK_MAX_SEND_FRAGMENT                    \
+    "tls1multi_maxsndfrag" /* uint */
+#define OSSL_CIPHER_PARAM_TLS1_MULTIBLOCK_MAX_BUFSIZE                          \
+    "tls1multi_maxbufsz"   /* size_t */
+#define OSSL_CIPHER_PARAM_TLS1_MULTIBLOCK_INTERLEAVE                           \
+    "tls1multi_interleave" /* uint */
+#define OSSL_CIPHER_PARAM_TLS1_MULTIBLOCK_AAD                                  \
+    "tls1multi_aad"        /* octet_string */
+#define OSSL_CIPHER_PARAM_TLS1_MULTIBLOCK_AAD_PACKLEN                          \
+    "tls1multi_aadpacklen" /* uint */
+#define OSSL_CIPHER_PARAM_TLS1_MULTIBLOCK_ENC                                  \
+    "tls1multi_enc"        /* octet_string */
+#define OSSL_CIPHER_PARAM_TLS1_MULTIBLOCK_ENC_IN                               \
+    "tls1multi_encin"      /* octet_string */
+#define OSSL_CIPHER_PARAM_TLS1_MULTIBLOCK_ENC_LEN                              \
+    "tls1multi_enclen"     /* size_t */
+
+/* OSSL_CIPHER_PARAM_CTS_MODE Values */
+#define OSSL_CIPHER_CTS_MODE_CS1 "CS1"
+#define OSSL_CIPHER_CTS_MODE_CS2 "CS2"
+#define OSSL_CIPHER_CTS_MODE_CS3 "CS3"
+
+/* digest parameters */
+#define OSSL_DIGEST_PARAM_XOFLEN       "xoflen"        /* size_t */
+#define OSSL_DIGEST_PARAM_SSL3_MS      "ssl3-ms"       /* octet string */
+#define OSSL_DIGEST_PARAM_PAD_TYPE     "pad-type"      /* uint */
+#define OSSL_DIGEST_PARAM_MICALG       "micalg"        /* utf8 string */
+#define OSSL_DIGEST_PARAM_BLOCK_SIZE   "blocksize"     /* size_t */
+#define OSSL_DIGEST_PARAM_SIZE         "size"          /* size_t */
+#define OSSL_DIGEST_PARAM_XOF          "xof"           /* int, 0 or 1 */
+#define OSSL_DIGEST_PARAM_ALGID_ABSENT "algid-absent"  /* int, 0 or 1 */
+
+/* Known DIGEST names (not a complete list) */
+#define OSSL_DIGEST_NAME_MD5            "MD5"
+#define OSSL_DIGEST_NAME_MD5_SHA1       "MD5-SHA1"
+#define OSSL_DIGEST_NAME_SHA1           "SHA1"
+#define OSSL_DIGEST_NAME_SHA2_224       "SHA2-224"
+#define OSSL_DIGEST_NAME_SHA2_256       "SHA2-256"
+#define OSSL_DIGEST_NAME_SHA2_384       "SHA2-384"
+#define OSSL_DIGEST_NAME_SHA2_512       "SHA2-512"
+#define OSSL_DIGEST_NAME_SHA2_512_224   "SHA2-512/224"
+#define OSSL_DIGEST_NAME_SHA2_512_256   "SHA2-512/256"
+#define OSSL_DIGEST_NAME_MD2            "MD2"
+#define OSSL_DIGEST_NAME_MD4            "MD4"
+#define OSSL_DIGEST_NAME_MDC2           "MDC2"
+#define OSSL_DIGEST_NAME_RIPEMD160      "RIPEMD160"
+#define OSSL_DIGEST_NAME_SHA3_224       "SHA3-224"
+#define OSSL_DIGEST_NAME_SHA3_256       "SHA3-256"
+#define OSSL_DIGEST_NAME_SHA3_384       "SHA3-384"
+#define OSSL_DIGEST_NAME_SHA3_512       "SHA3-512"
+#define OSSL_DIGEST_NAME_KECCAK_KMAC128 "KECCAK-KMAC-128"
+#define OSSL_DIGEST_NAME_KECCAK_KMAC256 "KECCAK-KMAC-256"
+#define OSSL_DIGEST_NAME_SM3            "SM3"
+
+/* MAC parameters */
+#define OSSL_MAC_PARAM_KEY            "key"            /* octet string */
+#define OSSL_MAC_PARAM_IV             "iv"             /* octet string */
+#define OSSL_MAC_PARAM_CUSTOM         "custom"         /* utf8 string */
+#define OSSL_MAC_PARAM_SALT           "salt"           /* octet string */
+#define OSSL_MAC_PARAM_XOF            "xof"            /* int, 0 or 1 */
+#define OSSL_MAC_PARAM_DIGEST_NOINIT  "digest-noinit"  /* int, 0 or 1 */
+#define OSSL_MAC_PARAM_DIGEST_ONESHOT "digest-oneshot" /* int, 0 or 1 */
+#define OSSL_MAC_PARAM_C_ROUNDS       "c-rounds"       /* unsigned int */
+#define OSSL_MAC_PARAM_D_ROUNDS       "d-rounds"       /* unsigned int */
+
+/*
+ * If "engine" or "properties" are specified, they should always be paired
+ * with "cipher" or "digest".
+ */
+#define OSSL_MAC_PARAM_CIPHER           OSSL_ALG_PARAM_CIPHER     /* utf8 string */
+#define OSSL_MAC_PARAM_DIGEST           OSSL_ALG_PARAM_DIGEST     /* utf8 string */
+#define OSSL_MAC_PARAM_PROPERTIES       OSSL_ALG_PARAM_PROPERTIES /* utf8 string */
+#define OSSL_MAC_PARAM_SIZE             "size"                    /* size_t */
+#define OSSL_MAC_PARAM_BLOCK_SIZE       "block-size"              /* size_t */
+#define OSSL_MAC_PARAM_TLS_DATA_SIZE    "tls-data-size"           /* size_t */
+
+/* Known MAC names */
+#define OSSL_MAC_NAME_BLAKE2BMAC    "BLAKE2BMAC"
+#define OSSL_MAC_NAME_BLAKE2SMAC    "BLAKE2SMAC"
+#define OSSL_MAC_NAME_CMAC          "CMAC"
+#define OSSL_MAC_NAME_GMAC          "GMAC"
+#define OSSL_MAC_NAME_HMAC          "HMAC"
+#define OSSL_MAC_NAME_KMAC128       "KMAC128"
+#define OSSL_MAC_NAME_KMAC256       "KMAC256"
+#define OSSL_MAC_NAME_POLY1305      "POLY1305"
+#define OSSL_MAC_NAME_SIPHASH       "SIPHASH"
+
+/* KDF / PRF parameters */
+#define OSSL_KDF_PARAM_SECRET       "secret"    /* octet string */
+#define OSSL_KDF_PARAM_KEY          "key"       /* octet string */
+#define OSSL_KDF_PARAM_SALT         "salt"      /* octet string */
+#define OSSL_KDF_PARAM_PASSWORD     "pass"      /* octet string */
+#define OSSL_KDF_PARAM_PREFIX       "prefix"    /* octet string */
+#define OSSL_KDF_PARAM_LABEL        "label"     /* octet string */
+#define OSSL_KDF_PARAM_DATA         "data"      /* octet string */
+#define OSSL_KDF_PARAM_DIGEST       OSSL_ALG_PARAM_DIGEST     /* utf8 string */
+#define OSSL_KDF_PARAM_CIPHER       OSSL_ALG_PARAM_CIPHER     /* utf8 string */
+#define OSSL_KDF_PARAM_MAC          OSSL_ALG_PARAM_MAC        /* utf8 string */
+#define OSSL_KDF_PARAM_MAC_SIZE     "maclen"    /* size_t */
+#define OSSL_KDF_PARAM_PROPERTIES   OSSL_ALG_PARAM_PROPERTIES /* utf8 string */
+#define OSSL_KDF_PARAM_ITER         "iter"      /* unsigned int */
+#define OSSL_KDF_PARAM_MODE         "mode"      /* utf8 string or int */
+#define OSSL_KDF_PARAM_PKCS5        "pkcs5"     /* int */
+#define OSSL_KDF_PARAM_UKM          "ukm"       /* octet string */
+#define OSSL_KDF_PARAM_CEK_ALG      "cekalg"    /* utf8 string */
+#define OSSL_KDF_PARAM_SCRYPT_N     "n"         /* uint64_t */
+#define OSSL_KDF_PARAM_SCRYPT_R     "r"         /* uint32_t */
+#define OSSL_KDF_PARAM_SCRYPT_P     "p"         /* uint32_t */
+#define OSSL_KDF_PARAM_SCRYPT_MAXMEM "maxmem_bytes" /* uint64_t */
+#define OSSL_KDF_PARAM_INFO         "info"      /* octet string */
+#define OSSL_KDF_PARAM_SEED         "seed"      /* octet string */
+#define OSSL_KDF_PARAM_SSHKDF_XCGHASH "xcghash" /* octet string */
+#define OSSL_KDF_PARAM_SSHKDF_SESSION_ID "session_id" /* octet string */
+#define OSSL_KDF_PARAM_SSHKDF_TYPE  "type"      /* int */
+#define OSSL_KDF_PARAM_SIZE         "size"      /* size_t */
+#define OSSL_KDF_PARAM_CONSTANT     "constant"  /* octet string */
+#define OSSL_KDF_PARAM_PKCS12_ID    "id"        /* int */
+#define OSSL_KDF_PARAM_KBKDF_USE_L  "use-l"             /* int */
+#define OSSL_KDF_PARAM_KBKDF_USE_SEPARATOR  "use-separator"     /* int */
+#define OSSL_KDF_PARAM_KBKDF_R      "r"         /* int */
+#define OSSL_KDF_PARAM_X942_ACVPINFO        "acvp-info"
+#define OSSL_KDF_PARAM_X942_PARTYUINFO      "partyu-info"
+#define OSSL_KDF_PARAM_X942_PARTYVINFO      "partyv-info"
+#define OSSL_KDF_PARAM_X942_SUPP_PUBINFO    "supp-pubinfo"
+#define OSSL_KDF_PARAM_X942_SUPP_PRIVINFO   "supp-privinfo"
+#define OSSL_KDF_PARAM_X942_USE_KEYBITS     "use-keybits"
+
+/* Known KDF names */
+#define OSSL_KDF_NAME_HKDF           "HKDF"
+#define OSSL_KDF_NAME_TLS1_3_KDF     "TLS13-KDF"
+#define OSSL_KDF_NAME_PBKDF1         "PBKDF1"
+#define OSSL_KDF_NAME_PBKDF2         "PBKDF2"
+#define OSSL_KDF_NAME_SCRYPT         "SCRYPT"
+#define OSSL_KDF_NAME_SSHKDF         "SSHKDF"
+#define OSSL_KDF_NAME_SSKDF          "SSKDF"
+#define OSSL_KDF_NAME_TLS1_PRF       "TLS1-PRF"
+#define OSSL_KDF_NAME_X942KDF_ASN1   "X942KDF-ASN1"
+#define OSSL_KDF_NAME_X942KDF_CONCAT "X942KDF-CONCAT"
+#define OSSL_KDF_NAME_X963KDF        "X963KDF"
+#define OSSL_KDF_NAME_KBKDF          "KBKDF"
+#define OSSL_KDF_NAME_KRB5KDF        "KRB5KDF"
+
+/* Known RAND names */
+#define OSSL_RAND_PARAM_STATE                   "state"
+#define OSSL_RAND_PARAM_STRENGTH                "strength"
+#define OSSL_RAND_PARAM_MAX_REQUEST             "max_request"
+#define OSSL_RAND_PARAM_TEST_ENTROPY            "test_entropy"
+#define OSSL_RAND_PARAM_TEST_NONCE              "test_nonce"
+
+/* RAND/DRBG names */
+#define OSSL_DRBG_PARAM_RESEED_REQUESTS         "reseed_requests"
+#define OSSL_DRBG_PARAM_RESEED_TIME_INTERVAL    "reseed_time_interval"
+#define OSSL_DRBG_PARAM_MIN_ENTROPYLEN          "min_entropylen"
+#define OSSL_DRBG_PARAM_MAX_ENTROPYLEN          "max_entropylen"
+#define OSSL_DRBG_PARAM_MIN_NONCELEN            "min_noncelen"
+#define OSSL_DRBG_PARAM_MAX_NONCELEN            "max_noncelen"
+#define OSSL_DRBG_PARAM_MAX_PERSLEN             "max_perslen"
+#define OSSL_DRBG_PARAM_MAX_ADINLEN             "max_adinlen"
+#define OSSL_DRBG_PARAM_RESEED_COUNTER          "reseed_counter"
+#define OSSL_DRBG_PARAM_RESEED_TIME             "reseed_time"
+#define OSSL_DRBG_PARAM_PROPERTIES              OSSL_ALG_PARAM_PROPERTIES
+#define OSSL_DRBG_PARAM_DIGEST                  OSSL_ALG_PARAM_DIGEST
+#define OSSL_DRBG_PARAM_CIPHER                  OSSL_ALG_PARAM_CIPHER
+#define OSSL_DRBG_PARAM_MAC                     OSSL_ALG_PARAM_MAC
+#define OSSL_DRBG_PARAM_USE_DF                  "use_derivation_function"
+
+/* DRBG call back parameters */
+#define OSSL_DRBG_PARAM_ENTROPY_REQUIRED        "entropy_required"
+#define OSSL_DRBG_PARAM_PREDICTION_RESISTANCE   "prediction_resistance"
+#define OSSL_DRBG_PARAM_MIN_LENGTH              "minium_length"
+#define OSSL_DRBG_PARAM_MAX_LENGTH              "maxium_length"
+#define OSSL_DRBG_PARAM_RANDOM_DATA             "random_data"
+#define OSSL_DRBG_PARAM_SIZE                    "size"
+
+/* PKEY parameters */
+/* Common PKEY parameters */
+#define OSSL_PKEY_PARAM_BITS                "bits" /* integer */
+#define OSSL_PKEY_PARAM_MAX_SIZE            "max-size" /* integer */
+#define OSSL_PKEY_PARAM_SECURITY_BITS       "security-bits" /* integer */
+#define OSSL_PKEY_PARAM_DIGEST              OSSL_ALG_PARAM_DIGEST
+#define OSSL_PKEY_PARAM_CIPHER              OSSL_ALG_PARAM_CIPHER /* utf8 string */
+#define OSSL_PKEY_PARAM_ENGINE              OSSL_ALG_PARAM_ENGINE /* utf8 string */
+#define OSSL_PKEY_PARAM_PROPERTIES          OSSL_ALG_PARAM_PROPERTIES
+#define OSSL_PKEY_PARAM_DEFAULT_DIGEST      "default-digest" /* utf8 string */
+#define OSSL_PKEY_PARAM_MANDATORY_DIGEST    "mandatory-digest" /* utf8 string */
+#define OSSL_PKEY_PARAM_PAD_MODE            "pad-mode"
+#define OSSL_PKEY_PARAM_DIGEST_SIZE         "digest-size"
+#define OSSL_PKEY_PARAM_MASKGENFUNC         "mgf"
+#define OSSL_PKEY_PARAM_MGF1_DIGEST         "mgf1-digest"
+#define OSSL_PKEY_PARAM_MGF1_PROPERTIES     "mgf1-properties"
+#define OSSL_PKEY_PARAM_ENCODED_PUBLIC_KEY  "encoded-pub-key"
+#define OSSL_PKEY_PARAM_GROUP_NAME          "group"
+#define OSSL_PKEY_PARAM_DIST_ID             "distid"
+#define OSSL_PKEY_PARAM_PUB_KEY             "pub"
+#define OSSL_PKEY_PARAM_PRIV_KEY            "priv"
+
+/* Diffie-Hellman/DSA Parameters */
+#define OSSL_PKEY_PARAM_FFC_P               "p"
+#define OSSL_PKEY_PARAM_FFC_G               "g"
+#define OSSL_PKEY_PARAM_FFC_Q               "q"
+#define OSSL_PKEY_PARAM_FFC_GINDEX          "gindex"
+#define OSSL_PKEY_PARAM_FFC_PCOUNTER        "pcounter"
+#define OSSL_PKEY_PARAM_FFC_SEED            "seed"
+#define OSSL_PKEY_PARAM_FFC_COFACTOR        "j"
+#define OSSL_PKEY_PARAM_FFC_H               "hindex"
+#define OSSL_PKEY_PARAM_FFC_VALIDATE_PQ     "validate-pq"
+#define OSSL_PKEY_PARAM_FFC_VALIDATE_G      "validate-g"
+#define OSSL_PKEY_PARAM_FFC_VALIDATE_LEGACY "validate-legacy"
+
+/* Diffie-Hellman params */
+#define OSSL_PKEY_PARAM_DH_GENERATOR        "safeprime-generator"
+#define OSSL_PKEY_PARAM_DH_PRIV_LEN         "priv_len"
+
+/* Elliptic Curve Domain Parameters */
+#define OSSL_PKEY_PARAM_EC_PUB_X     "qx"
+#define OSSL_PKEY_PARAM_EC_PUB_Y     "qy"
+
+/* Elliptic Curve Explicit Domain Parameters */
+#define OSSL_PKEY_PARAM_EC_FIELD_TYPE                   "field-type"
+#define OSSL_PKEY_PARAM_EC_P                            "p"
+#define OSSL_PKEY_PARAM_EC_A                            "a"
+#define OSSL_PKEY_PARAM_EC_B                            "b"
+#define OSSL_PKEY_PARAM_EC_GENERATOR                    "generator"
+#define OSSL_PKEY_PARAM_EC_ORDER                        "order"
+#define OSSL_PKEY_PARAM_EC_COFACTOR                     "cofactor"
+#define OSSL_PKEY_PARAM_EC_SEED                         "seed"
+#define OSSL_PKEY_PARAM_EC_CHAR2_M                      "m"
+#define OSSL_PKEY_PARAM_EC_CHAR2_TYPE                   "basis-type"
+#define OSSL_PKEY_PARAM_EC_CHAR2_TP_BASIS               "tp"
+#define OSSL_PKEY_PARAM_EC_CHAR2_PP_K1                  "k1"
+#define OSSL_PKEY_PARAM_EC_CHAR2_PP_K2                  "k2"
+#define OSSL_PKEY_PARAM_EC_CHAR2_PP_K3                  "k3"
+#define OSSL_PKEY_PARAM_EC_DECODED_FROM_EXPLICIT_PARAMS "decoded-from-explicit"
+
+/* Elliptic Curve Key Parameters */
+#define OSSL_PKEY_PARAM_USE_COFACTOR_FLAG "use-cofactor-flag"
+#define OSSL_PKEY_PARAM_USE_COFACTOR_ECDH \
+    OSSL_PKEY_PARAM_USE_COFACTOR_FLAG
+
+/* RSA Keys */
+/*
+ * n, e, d are the usual public and private key components
+ *
+ * rsa-num is the number of factors, including p and q
+ * rsa-factor is used for each factor: p, q, r_i (i = 3, ...)
+ * rsa-exponent is used for each exponent: dP, dQ, d_i (i = 3, ...)
+ * rsa-coefficient is used for each coefficient: qInv, t_i (i = 3, ...)
+ *
+ * The number of rsa-factor items must be equal to the number of rsa-exponent
+ * items, and the number of rsa-coefficients must be one less.
+ * (the base i for the coefficients is 2, not 1, at least as implied by
+ * RFC 8017)
+ */
+#define OSSL_PKEY_PARAM_RSA_N           "n"
+#define OSSL_PKEY_PARAM_RSA_E           "e"
+#define OSSL_PKEY_PARAM_RSA_D           "d"
+#define OSSL_PKEY_PARAM_RSA_FACTOR      "rsa-factor"
+#define OSSL_PKEY_PARAM_RSA_EXPONENT    "rsa-exponent"
+#define OSSL_PKEY_PARAM_RSA_COEFFICIENT "rsa-coefficient"
+#define OSSL_PKEY_PARAM_RSA_FACTOR1      OSSL_PKEY_PARAM_RSA_FACTOR"1"
+#define OSSL_PKEY_PARAM_RSA_FACTOR2      OSSL_PKEY_PARAM_RSA_FACTOR"2"
+#define OSSL_PKEY_PARAM_RSA_FACTOR3      OSSL_PKEY_PARAM_RSA_FACTOR"3"
+#define OSSL_PKEY_PARAM_RSA_FACTOR4      OSSL_PKEY_PARAM_RSA_FACTOR"4"
+#define OSSL_PKEY_PARAM_RSA_FACTOR5      OSSL_PKEY_PARAM_RSA_FACTOR"5"
+#define OSSL_PKEY_PARAM_RSA_FACTOR6      OSSL_PKEY_PARAM_RSA_FACTOR"6"
+#define OSSL_PKEY_PARAM_RSA_FACTOR7      OSSL_PKEY_PARAM_RSA_FACTOR"7"
+#define OSSL_PKEY_PARAM_RSA_FACTOR8      OSSL_PKEY_PARAM_RSA_FACTOR"8"
+#define OSSL_PKEY_PARAM_RSA_FACTOR9      OSSL_PKEY_PARAM_RSA_FACTOR"9"
+#define OSSL_PKEY_PARAM_RSA_FACTOR10     OSSL_PKEY_PARAM_RSA_FACTOR"10"
+#define OSSL_PKEY_PARAM_RSA_EXPONENT1    OSSL_PKEY_PARAM_RSA_EXPONENT"1"
+#define OSSL_PKEY_PARAM_RSA_EXPONENT2    OSSL_PKEY_PARAM_RSA_EXPONENT"2"
+#define OSSL_PKEY_PARAM_RSA_EXPONENT3    OSSL_PKEY_PARAM_RSA_EXPONENT"3"
+#define OSSL_PKEY_PARAM_RSA_EXPONENT4    OSSL_PKEY_PARAM_RSA_EXPONENT"4"
+#define OSSL_PKEY_PARAM_RSA_EXPONENT5    OSSL_PKEY_PARAM_RSA_EXPONENT"5"
+#define OSSL_PKEY_PARAM_RSA_EXPONENT6    OSSL_PKEY_PARAM_RSA_EXPONENT"6"
+#define OSSL_PKEY_PARAM_RSA_EXPONENT7    OSSL_PKEY_PARAM_RSA_EXPONENT"7"
+#define OSSL_PKEY_PARAM_RSA_EXPONENT8    OSSL_PKEY_PARAM_RSA_EXPONENT"8"
+#define OSSL_PKEY_PARAM_RSA_EXPONENT9    OSSL_PKEY_PARAM_RSA_EXPONENT"9"
+#define OSSL_PKEY_PARAM_RSA_EXPONENT10   OSSL_PKEY_PARAM_RSA_EXPONENT"10"
+#define OSSL_PKEY_PARAM_RSA_COEFFICIENT1 OSSL_PKEY_PARAM_RSA_COEFFICIENT"1"
+#define OSSL_PKEY_PARAM_RSA_COEFFICIENT2 OSSL_PKEY_PARAM_RSA_COEFFICIENT"2"
+#define OSSL_PKEY_PARAM_RSA_COEFFICIENT3 OSSL_PKEY_PARAM_RSA_COEFFICIENT"3"
+#define OSSL_PKEY_PARAM_RSA_COEFFICIENT4 OSSL_PKEY_PARAM_RSA_COEFFICIENT"4"
+#define OSSL_PKEY_PARAM_RSA_COEFFICIENT5 OSSL_PKEY_PARAM_RSA_COEFFICIENT"5"
+#define OSSL_PKEY_PARAM_RSA_COEFFICIENT6 OSSL_PKEY_PARAM_RSA_COEFFICIENT"6"
+#define OSSL_PKEY_PARAM_RSA_COEFFICIENT7 OSSL_PKEY_PARAM_RSA_COEFFICIENT"7"
+#define OSSL_PKEY_PARAM_RSA_COEFFICIENT8 OSSL_PKEY_PARAM_RSA_COEFFICIENT"8"
+#define OSSL_PKEY_PARAM_RSA_COEFFICIENT9 OSSL_PKEY_PARAM_RSA_COEFFICIENT"9"
+
+/* RSA padding modes */
+#define OSSL_PKEY_RSA_PAD_MODE_NONE    "none"
+#define OSSL_PKEY_RSA_PAD_MODE_PKCSV15 "pkcs1"
+#define OSSL_PKEY_RSA_PAD_MODE_OAEP    "oaep"
+#define OSSL_PKEY_RSA_PAD_MODE_X931    "x931"
+#define OSSL_PKEY_RSA_PAD_MODE_PSS     "pss"
+
+/* RSA pss padding salt length */
+#define OSSL_PKEY_RSA_PSS_SALT_LEN_DIGEST "digest"
+#define OSSL_PKEY_RSA_PSS_SALT_LEN_MAX    "max"
+#define OSSL_PKEY_RSA_PSS_SALT_LEN_AUTO   "auto"
+#define OSSL_PKEY_RSA_PSS_SALT_LEN_AUTO_DIGEST_MAX "auto-digestmax"
+
+/* Key generation parameters */
+#define OSSL_PKEY_PARAM_RSA_BITS             OSSL_PKEY_PARAM_BITS
+#define OSSL_PKEY_PARAM_RSA_PRIMES           "primes"
+#define OSSL_PKEY_PARAM_RSA_DIGEST           OSSL_PKEY_PARAM_DIGEST
+#define OSSL_PKEY_PARAM_RSA_DIGEST_PROPS     OSSL_PKEY_PARAM_PROPERTIES
+#define OSSL_PKEY_PARAM_RSA_MASKGENFUNC      OSSL_PKEY_PARAM_MASKGENFUNC
+#define OSSL_PKEY_PARAM_RSA_MGF1_DIGEST      OSSL_PKEY_PARAM_MGF1_DIGEST
+#define OSSL_PKEY_PARAM_RSA_PSS_SALTLEN      "saltlen"
+
+/* Key generation parameters */
+#define OSSL_PKEY_PARAM_FFC_TYPE         "type"
+#define OSSL_PKEY_PARAM_FFC_PBITS        "pbits"
+#define OSSL_PKEY_PARAM_FFC_QBITS        "qbits"
+#define OSSL_PKEY_PARAM_FFC_DIGEST       OSSL_PKEY_PARAM_DIGEST
+#define OSSL_PKEY_PARAM_FFC_DIGEST_PROPS OSSL_PKEY_PARAM_PROPERTIES
+
+#define OSSL_PKEY_PARAM_EC_ENCODING                "encoding" /* utf8_string */
+#define OSSL_PKEY_PARAM_EC_POINT_CONVERSION_FORMAT "point-format"
+#define OSSL_PKEY_PARAM_EC_GROUP_CHECK_TYPE        "group-check"
+#define OSSL_PKEY_PARAM_EC_INCLUDE_PUBLIC          "include-public"
+
+/* OSSL_PKEY_PARAM_EC_ENCODING values */
+#define OSSL_PKEY_EC_ENCODING_EXPLICIT  "explicit"
+#define OSSL_PKEY_EC_ENCODING_GROUP     "named_curve"
+
+#define OSSL_PKEY_EC_POINT_CONVERSION_FORMAT_UNCOMPRESSED "uncompressed"
+#define OSSL_PKEY_EC_POINT_CONVERSION_FORMAT_COMPRESSED   "compressed"
+#define OSSL_PKEY_EC_POINT_CONVERSION_FORMAT_HYBRID       "hybrid"
+
+#define OSSL_PKEY_EC_GROUP_CHECK_DEFAULT     "default"
+#define OSSL_PKEY_EC_GROUP_CHECK_NAMED       "named"
+#define OSSL_PKEY_EC_GROUP_CHECK_NAMED_NIST  "named-nist"
+
+/* Key Exchange parameters */
+#define OSSL_EXCHANGE_PARAM_PAD                   "pad" /* uint */
+#define OSSL_EXCHANGE_PARAM_EC_ECDH_COFACTOR_MODE "ecdh-cofactor-mode" /* int */
+#define OSSL_EXCHANGE_PARAM_KDF_TYPE              "kdf-type" /* utf8_string */
+#define OSSL_EXCHANGE_PARAM_KDF_DIGEST            "kdf-digest" /* utf8_string */
+#define OSSL_EXCHANGE_PARAM_KDF_DIGEST_PROPS      "kdf-digest-props" /* utf8_string */
+#define OSSL_EXCHANGE_PARAM_KDF_OUTLEN            "kdf-outlen" /* size_t */
+/* The following parameter is an octet_string on set and an octet_ptr on get */
+#define OSSL_EXCHANGE_PARAM_KDF_UKM               "kdf-ukm"
+
+/* Signature parameters */
+#define OSSL_SIGNATURE_PARAM_ALGORITHM_ID       "algorithm-id"
+#define OSSL_SIGNATURE_PARAM_PAD_MODE           OSSL_PKEY_PARAM_PAD_MODE
+#define OSSL_SIGNATURE_PARAM_DIGEST             OSSL_PKEY_PARAM_DIGEST
+#define OSSL_SIGNATURE_PARAM_PROPERTIES         OSSL_PKEY_PARAM_PROPERTIES
+#define OSSL_SIGNATURE_PARAM_PSS_SALTLEN        "saltlen"
+#define OSSL_SIGNATURE_PARAM_MGF1_DIGEST        OSSL_PKEY_PARAM_MGF1_DIGEST
+#define OSSL_SIGNATURE_PARAM_MGF1_PROPERTIES    \
+    OSSL_PKEY_PARAM_MGF1_PROPERTIES
+#define OSSL_SIGNATURE_PARAM_DIGEST_SIZE        OSSL_PKEY_PARAM_DIGEST_SIZE
+
+/* Asym cipher parameters */
+#define OSSL_ASYM_CIPHER_PARAM_DIGEST                   OSSL_PKEY_PARAM_DIGEST
+#define OSSL_ASYM_CIPHER_PARAM_PROPERTIES               OSSL_PKEY_PARAM_PROPERTIES
+#define OSSL_ASYM_CIPHER_PARAM_ENGINE                   OSSL_PKEY_PARAM_ENGINE
+#define OSSL_ASYM_CIPHER_PARAM_PAD_MODE                 OSSL_PKEY_PARAM_PAD_MODE
+#define OSSL_ASYM_CIPHER_PARAM_MGF1_DIGEST              \
+    OSSL_PKEY_PARAM_MGF1_DIGEST
+#define OSSL_ASYM_CIPHER_PARAM_MGF1_DIGEST_PROPS        \
+    OSSL_PKEY_PARAM_MGF1_PROPERTIES
+#define OSSL_ASYM_CIPHER_PARAM_OAEP_DIGEST              OSSL_ALG_PARAM_DIGEST
+#define OSSL_ASYM_CIPHER_PARAM_OAEP_DIGEST_PROPS        "digest-props"
+/* The following parameter is an octet_string on set and an octet_ptr on get */
+#define OSSL_ASYM_CIPHER_PARAM_OAEP_LABEL               "oaep-label"
+#define OSSL_ASYM_CIPHER_PARAM_TLS_CLIENT_VERSION       "tls-client-version"
+#define OSSL_ASYM_CIPHER_PARAM_TLS_NEGOTIATED_VERSION   "tls-negotiated-version"
+
+/*
+ * Encoder / decoder parameters
+ */
+#define OSSL_ENCODER_PARAM_CIPHER           OSSL_ALG_PARAM_CIPHER
+#define OSSL_ENCODER_PARAM_PROPERTIES       OSSL_ALG_PARAM_PROPERTIES
+/* Currently PVK only, but reusable for others as needed */
+#define OSSL_ENCODER_PARAM_ENCRYPT_LEVEL    "encrypt-level"
+#define OSSL_ENCODER_PARAM_SAVE_PARAMETERS  "save-parameters" /* integer */
+
+#define OSSL_DECODER_PARAM_PROPERTIES       OSSL_ALG_PARAM_PROPERTIES
+
+/* Passphrase callback parameters */
+#define OSSL_PASSPHRASE_PARAM_INFO      "info"
+
+/* Keygen callback parameters, from provider to libcrypto */
+#define OSSL_GEN_PARAM_POTENTIAL            "potential" /* integer */
+#define OSSL_GEN_PARAM_ITERATION            "iteration" /* integer */
+
+/* ACVP Test parameters : These should not be used normally */
+#define OSSL_PKEY_PARAM_RSA_TEST_XP1 "xp1"
+#define OSSL_PKEY_PARAM_RSA_TEST_XP2 "xp2"
+#define OSSL_PKEY_PARAM_RSA_TEST_XP  "xp"
+#define OSSL_PKEY_PARAM_RSA_TEST_XQ1 "xq1"
+#define OSSL_PKEY_PARAM_RSA_TEST_XQ2 "xq2"
+#define OSSL_PKEY_PARAM_RSA_TEST_XQ  "xq"
+#define OSSL_PKEY_PARAM_RSA_TEST_P1  "p1"
+#define OSSL_PKEY_PARAM_RSA_TEST_P2  "p2"
+#define OSSL_PKEY_PARAM_RSA_TEST_Q1  "q1"
+#define OSSL_PKEY_PARAM_RSA_TEST_Q2  "q2"
+#define OSSL_SIGNATURE_PARAM_KAT "kat"
+
+/* KEM parameters */
+#define OSSL_KEM_PARAM_OPERATION            "operation"
+
+/* OSSL_KEM_PARAM_OPERATION values */
+#define OSSL_KEM_PARAM_OPERATION_RSASVE     "RSASVE"
+
+/* Capabilities */
+
+/* TLS-GROUP Capability */
+#define OSSL_CAPABILITY_TLS_GROUP_NAME              "tls-group-name"
+#define OSSL_CAPABILITY_TLS_GROUP_NAME_INTERNAL     "tls-group-name-internal"
+#define OSSL_CAPABILITY_TLS_GROUP_ID                "tls-group-id"
+#define OSSL_CAPABILITY_TLS_GROUP_ALG               "tls-group-alg"
+#define OSSL_CAPABILITY_TLS_GROUP_SECURITY_BITS     "tls-group-sec-bits"
+#define OSSL_CAPABILITY_TLS_GROUP_IS_KEM            "tls-group-is-kem"
+#define OSSL_CAPABILITY_TLS_GROUP_MIN_TLS           "tls-min-tls"
+#define OSSL_CAPABILITY_TLS_GROUP_MAX_TLS           "tls-max-tls"
+#define OSSL_CAPABILITY_TLS_GROUP_MIN_DTLS          "tls-min-dtls"
+#define OSSL_CAPABILITY_TLS_GROUP_MAX_DTLS          "tls-max-dtls"
+
+/*-
+ * storemgmt parameters
+ */
+
+/*
+ * Used by storemgmt_ctx_set_params():
+ *
+ * - OSSL_STORE_PARAM_EXPECT is an INTEGER, and the value is any of the
+ *   OSSL_STORE_INFO numbers.  This is used to set the expected type of
+ *   object loaded.
+ *
+ * - OSSL_STORE_PARAM_SUBJECT, OSSL_STORE_PARAM_ISSUER,
+ *   OSSL_STORE_PARAM_SERIAL, OSSL_STORE_PARAM_FINGERPRINT,
+ *   OSSL_STORE_PARAM_DIGEST, OSSL_STORE_PARAM_ALIAS
+ *   are used as search criteria.
+ *   (OSSL_STORE_PARAM_DIGEST is used with OSSL_STORE_PARAM_FINGERPRINT)
+ */
+#define OSSL_STORE_PARAM_EXPECT     "expect"       /* INTEGER */
+#define OSSL_STORE_PARAM_SUBJECT    "subject" /* DER blob => OCTET_STRING */
+#define OSSL_STORE_PARAM_ISSUER     "name" /* DER blob => OCTET_STRING */
+#define OSSL_STORE_PARAM_SERIAL     "serial"       /* INTEGER */
+#define OSSL_STORE_PARAM_DIGEST     "digest"       /* UTF8_STRING */
+#define OSSL_STORE_PARAM_FINGERPRINT "fingerprint" /* OCTET_STRING */
+#define OSSL_STORE_PARAM_ALIAS      "alias"        /* UTF8_STRING */
+
+/* You may want to pass properties for the provider implementation to use */
+#define OSSL_STORE_PARAM_PROPERTIES "properties"   /* utf8_string */
+/* OSSL_DECODER input type if a decoder is used by the store */
+#define OSSL_STORE_PARAM_INPUT_TYPE "input-type"   /* UTF8_STRING */
+
+# ifdef __cplusplus
+}
+# endif
+
+#endif
--- a/src/3rdparty/win32_include/openssl/core_object.h
+++ b/src/3rdparty/win32_include/openssl/core_object.h
@ -0,0 +1,41 @@
+/*
+ * Copyright 2020-2021 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the Apache License 2.0 (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#ifndef OPENSSL_CORE_OBJECT_H
+# define OPENSSL_CORE_OBJECT_H
+# pragma once
+
+# ifdef __cplusplus
+extern "C" {
+# endif
+
+/*-
+ * Known object types
+ *
+ * These numbers are used as values for the OSSL_PARAM parameter
+ * OSSL_OBJECT_PARAM_TYPE.
+ *
+ * For most of these types, there's a corresponding libcrypto object type.
+ * The corresponding type is indicated with a comment after the number.
+ */
+# define OSSL_OBJECT_UNKNOWN            0
+# define OSSL_OBJECT_NAME               1 /* char * */
+# define OSSL_OBJECT_PKEY               2 /* EVP_PKEY * */
+# define OSSL_OBJECT_CERT               3 /* X509 * */
+# define OSSL_OBJECT_CRL                4 /* X509_CRL * */
+
+/*
+ * The rest of the associated OSSL_PARAM elements is described in core_names.h
+ */
+
+# ifdef __cplusplus
+}
+# endif
+
+#endif
--- a/src/3rdparty/win32_include/openssl/crmf.h
+++ b/src/3rdparty/win32_include/openssl/crmf.h
@ -0,0 +1,227 @@
+/*-
+ * WARNING: do not edit!
+ * Generated by makefile from include\openssl\crmf.h.in
+ *
+ * Copyright 2007-2021 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright Nokia 2007-2019
+ * Copyright Siemens AG 2015-2019
+ *
+ * Licensed under the Apache License 2.0 (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ *
+ * CRMF (RFC 4211) implementation by M. Peylo, M. Viljanen, and D. von Oheimb.
+ */
+
+
+
+#ifndef OPENSSL_CRMF_H
+# define OPENSSL_CRMF_H
+
+# include <openssl/opensslconf.h>
+
+# ifndef OPENSSL_NO_CRMF
+#  include <openssl/opensslv.h>
+#  include <openssl/safestack.h>
+#  include <openssl/crmferr.h>
+#  include <openssl/x509v3.h> /* for GENERAL_NAME etc. */
+
+/* explicit #includes not strictly needed since implied by the above: */
+#  include <openssl/types.h>
+#  include <openssl/x509.h>
+
+#  ifdef __cplusplus
+extern "C" {
+#  endif
+
+#  define OSSL_CRMF_POPOPRIVKEY_THISMESSAGE          0
+#  define OSSL_CRMF_POPOPRIVKEY_SUBSEQUENTMESSAGE    1
+#  define OSSL_CRMF_POPOPRIVKEY_DHMAC                2
+#  define OSSL_CRMF_POPOPRIVKEY_AGREEMAC             3
+#  define OSSL_CRMF_POPOPRIVKEY_ENCRYPTEDKEY         4
+
+#  define OSSL_CRMF_SUBSEQUENTMESSAGE_ENCRCERT       0
+#  define OSSL_CRMF_SUBSEQUENTMESSAGE_CHALLENGERESP  1
+
+typedef struct ossl_crmf_encryptedvalue_st OSSL_CRMF_ENCRYPTEDVALUE;
+DECLARE_ASN1_FUNCTIONS(OSSL_CRMF_ENCRYPTEDVALUE)
+typedef struct ossl_crmf_msg_st OSSL_CRMF_MSG;
+DECLARE_ASN1_FUNCTIONS(OSSL_CRMF_MSG)
+DECLARE_ASN1_DUP_FUNCTION(OSSL_CRMF_MSG)
+SKM_DEFINE_STACK_OF_INTERNAL(OSSL_CRMF_MSG, OSSL_CRMF_MSG, OSSL_CRMF_MSG)
+#define sk_OSSL_CRMF_MSG_num(sk) OPENSSL_sk_num(ossl_check_const_OSSL_CRMF_MSG_sk_type(sk))
+#define sk_OSSL_CRMF_MSG_value(sk, idx) ((OSSL_CRMF_MSG *)OPENSSL_sk_value(ossl_check_const_OSSL_CRMF_MSG_sk_type(sk), (idx)))
+#define sk_OSSL_CRMF_MSG_new(cmp) ((STACK_OF(OSSL_CRMF_MSG) *)OPENSSL_sk_new(ossl_check_OSSL_CRMF_MSG_compfunc_type(cmp)))
+#define sk_OSSL_CRMF_MSG_new_null() ((STACK_OF(OSSL_CRMF_MSG) *)OPENSSL_sk_new_null())
+#define sk_OSSL_CRMF_MSG_new_reserve(cmp, n) ((STACK_OF(OSSL_CRMF_MSG) *)OPENSSL_sk_new_reserve(ossl_check_OSSL_CRMF_MSG_compfunc_type(cmp), (n)))
+#define sk_OSSL_CRMF_MSG_reserve(sk, n) OPENSSL_sk_reserve(ossl_check_OSSL_CRMF_MSG_sk_type(sk), (n))
+#define sk_OSSL_CRMF_MSG_free(sk) OPENSSL_sk_free(ossl_check_OSSL_CRMF_MSG_sk_type(sk))
+#define sk_OSSL_CRMF_MSG_zero(sk) OPENSSL_sk_zero(ossl_check_OSSL_CRMF_MSG_sk_type(sk))
+#define sk_OSSL_CRMF_MSG_delete(sk, i) ((OSSL_CRMF_MSG *)OPENSSL_sk_delete(ossl_check_OSSL_CRMF_MSG_sk_type(sk), (i)))
+#define sk_OSSL_CRMF_MSG_delete_ptr(sk, ptr) ((OSSL_CRMF_MSG *)OPENSSL_sk_delete_ptr(ossl_check_OSSL_CRMF_MSG_sk_type(sk), ossl_check_OSSL_CRMF_MSG_type(ptr)))
+#define sk_OSSL_CRMF_MSG_push(sk, ptr) OPENSSL_sk_push(ossl_check_OSSL_CRMF_MSG_sk_type(sk), ossl_check_OSSL_CRMF_MSG_type(ptr))
+#define sk_OSSL_CRMF_MSG_unshift(sk, ptr) OPENSSL_sk_unshift(ossl_check_OSSL_CRMF_MSG_sk_type(sk), ossl_check_OSSL_CRMF_MSG_type(ptr))
+#define sk_OSSL_CRMF_MSG_pop(sk) ((OSSL_CRMF_MSG *)OPENSSL_sk_pop(ossl_check_OSSL_CRMF_MSG_sk_type(sk)))
+#define sk_OSSL_CRMF_MSG_shift(sk) ((OSSL_CRMF_MSG *)OPENSSL_sk_shift(ossl_check_OSSL_CRMF_MSG_sk_type(sk)))
+#define sk_OSSL_CRMF_MSG_pop_free(sk, freefunc) OPENSSL_sk_pop_free(ossl_check_OSSL_CRMF_MSG_sk_type(sk),ossl_check_OSSL_CRMF_MSG_freefunc_type(freefunc))
+#define sk_OSSL_CRMF_MSG_insert(sk, ptr, idx) OPENSSL_sk_insert(ossl_check_OSSL_CRMF_MSG_sk_type(sk), ossl_check_OSSL_CRMF_MSG_type(ptr), (idx))
+#define sk_OSSL_CRMF_MSG_set(sk, idx, ptr) ((OSSL_CRMF_MSG *)OPENSSL_sk_set(ossl_check_OSSL_CRMF_MSG_sk_type(sk), (idx), ossl_check_OSSL_CRMF_MSG_type(ptr)))
+#define sk_OSSL_CRMF_MSG_find(sk, ptr) OPENSSL_sk_find(ossl_check_OSSL_CRMF_MSG_sk_type(sk), ossl_check_OSSL_CRMF_MSG_type(ptr))
+#define sk_OSSL_CRMF_MSG_find_ex(sk, ptr) OPENSSL_sk_find_ex(ossl_check_OSSL_CRMF_MSG_sk_type(sk), ossl_check_OSSL_CRMF_MSG_type(ptr))
+#define sk_OSSL_CRMF_MSG_find_all(sk, ptr, pnum) OPENSSL_sk_find_all(ossl_check_OSSL_CRMF_MSG_sk_type(sk), ossl_check_OSSL_CRMF_MSG_type(ptr), pnum)
+#define sk_OSSL_CRMF_MSG_sort(sk) OPENSSL_sk_sort(ossl_check_OSSL_CRMF_MSG_sk_type(sk))
+#define sk_OSSL_CRMF_MSG_is_sorted(sk) OPENSSL_sk_is_sorted(ossl_check_const_OSSL_CRMF_MSG_sk_type(sk))
+#define sk_OSSL_CRMF_MSG_dup(sk) ((STACK_OF(OSSL_CRMF_MSG) *)OPENSSL_sk_dup(ossl_check_const_OSSL_CRMF_MSG_sk_type(sk)))
+#define sk_OSSL_CRMF_MSG_deep_copy(sk, copyfunc, freefunc) ((STACK_OF(OSSL_CRMF_MSG) *)OPENSSL_sk_deep_copy(ossl_check_const_OSSL_CRMF_MSG_sk_type(sk), ossl_check_OSSL_CRMF_MSG_copyfunc_type(copyfunc), ossl_check_OSSL_CRMF_MSG_freefunc_type(freefunc)))
+#define sk_OSSL_CRMF_MSG_set_cmp_func(sk, cmp) ((sk_OSSL_CRMF_MSG_compfunc)OPENSSL_sk_set_cmp_func(ossl_check_OSSL_CRMF_MSG_sk_type(sk), ossl_check_OSSL_CRMF_MSG_compfunc_type(cmp)))
+
+typedef struct ossl_crmf_attributetypeandvalue_st OSSL_CRMF_ATTRIBUTETYPEANDVALUE;
+typedef struct ossl_crmf_pbmparameter_st OSSL_CRMF_PBMPARAMETER;
+DECLARE_ASN1_FUNCTIONS(OSSL_CRMF_PBMPARAMETER)
+typedef struct ossl_crmf_poposigningkey_st OSSL_CRMF_POPOSIGNINGKEY;
+typedef struct ossl_crmf_certrequest_st OSSL_CRMF_CERTREQUEST;
+typedef struct ossl_crmf_certid_st OSSL_CRMF_CERTID;
+DECLARE_ASN1_FUNCTIONS(OSSL_CRMF_CERTID)
+DECLARE_ASN1_DUP_FUNCTION(OSSL_CRMF_CERTID)
+SKM_DEFINE_STACK_OF_INTERNAL(OSSL_CRMF_CERTID, OSSL_CRMF_CERTID, OSSL_CRMF_CERTID)
+#define sk_OSSL_CRMF_CERTID_num(sk) OPENSSL_sk_num(ossl_check_const_OSSL_CRMF_CERTID_sk_type(sk))
+#define sk_OSSL_CRMF_CERTID_value(sk, idx) ((OSSL_CRMF_CERTID *)OPENSSL_sk_value(ossl_check_const_OSSL_CRMF_CERTID_sk_type(sk), (idx)))
+#define sk_OSSL_CRMF_CERTID_new(cmp) ((STACK_OF(OSSL_CRMF_CERTID) *)OPENSSL_sk_new(ossl_check_OSSL_CRMF_CERTID_compfunc_type(cmp)))
+#define sk_OSSL_CRMF_CERTID_new_null() ((STACK_OF(OSSL_CRMF_CERTID) *)OPENSSL_sk_new_null())
+#define sk_OSSL_CRMF_CERTID_new_reserve(cmp, n) ((STACK_OF(OSSL_CRMF_CERTID) *)OPENSSL_sk_new_reserve(ossl_check_OSSL_CRMF_CERTID_compfunc_type(cmp), (n)))
+#define sk_OSSL_CRMF_CERTID_reserve(sk, n) OPENSSL_sk_reserve(ossl_check_OSSL_CRMF_CERTID_sk_type(sk), (n))
+#define sk_OSSL_CRMF_CERTID_free(sk) OPENSSL_sk_free(ossl_check_OSSL_CRMF_CERTID_sk_type(sk))
+#define sk_OSSL_CRMF_CERTID_zero(sk) OPENSSL_sk_zero(ossl_check_OSSL_CRMF_CERTID_sk_type(sk))
+#define sk_OSSL_CRMF_CERTID_delete(sk, i) ((OSSL_CRMF_CERTID *)OPENSSL_sk_delete(ossl_check_OSSL_CRMF_CERTID_sk_type(sk), (i)))
+#define sk_OSSL_CRMF_CERTID_delete_ptr(sk, ptr) ((OSSL_CRMF_CERTID *)OPENSSL_sk_delete_ptr(ossl_check_OSSL_CRMF_CERTID_sk_type(sk), ossl_check_OSSL_CRMF_CERTID_type(ptr)))
+#define sk_OSSL_CRMF_CERTID_push(sk, ptr) OPENSSL_sk_push(ossl_check_OSSL_CRMF_CERTID_sk_type(sk), ossl_check_OSSL_CRMF_CERTID_type(ptr))
+#define sk_OSSL_CRMF_CERTID_unshift(sk, ptr) OPENSSL_sk_unshift(ossl_check_OSSL_CRMF_CERTID_sk_type(sk), ossl_check_OSSL_CRMF_CERTID_type(ptr))
+#define sk_OSSL_CRMF_CERTID_pop(sk) ((OSSL_CRMF_CERTID *)OPENSSL_sk_pop(ossl_check_OSSL_CRMF_CERTID_sk_type(sk)))
+#define sk_OSSL_CRMF_CERTID_shift(sk) ((OSSL_CRMF_CERTID *)OPENSSL_sk_shift(ossl_check_OSSL_CRMF_CERTID_sk_type(sk)))
+#define sk_OSSL_CRMF_CERTID_pop_free(sk, freefunc) OPENSSL_sk_pop_free(ossl_check_OSSL_CRMF_CERTID_sk_type(sk),ossl_check_OSSL_CRMF_CERTID_freefunc_type(freefunc))
+#define sk_OSSL_CRMF_CERTID_insert(sk, ptr, idx) OPENSSL_sk_insert(ossl_check_OSSL_CRMF_CERTID_sk_type(sk), ossl_check_OSSL_CRMF_CERTID_type(ptr), (idx))
+#define sk_OSSL_CRMF_CERTID_set(sk, idx, ptr) ((OSSL_CRMF_CERTID *)OPENSSL_sk_set(ossl_check_OSSL_CRMF_CERTID_sk_type(sk), (idx), ossl_check_OSSL_CRMF_CERTID_type(ptr)))
+#define sk_OSSL_CRMF_CERTID_find(sk, ptr) OPENSSL_sk_find(ossl_check_OSSL_CRMF_CERTID_sk_type(sk), ossl_check_OSSL_CRMF_CERTID_type(ptr))
+#define sk_OSSL_CRMF_CERTID_find_ex(sk, ptr) OPENSSL_sk_find_ex(ossl_check_OSSL_CRMF_CERTID_sk_type(sk), ossl_check_OSSL_CRMF_CERTID_type(ptr))
+#define sk_OSSL_CRMF_CERTID_find_all(sk, ptr, pnum) OPENSSL_sk_find_all(ossl_check_OSSL_CRMF_CERTID_sk_type(sk), ossl_check_OSSL_CRMF_CERTID_type(ptr), pnum)
+#define sk_OSSL_CRMF_CERTID_sort(sk) OPENSSL_sk_sort(ossl_check_OSSL_CRMF_CERTID_sk_type(sk))
+#define sk_OSSL_CRMF_CERTID_is_sorted(sk) OPENSSL_sk_is_sorted(ossl_check_const_OSSL_CRMF_CERTID_sk_type(sk))
+#define sk_OSSL_CRMF_CERTID_dup(sk) ((STACK_OF(OSSL_CRMF_CERTID) *)OPENSSL_sk_dup(ossl_check_const_OSSL_CRMF_CERTID_sk_type(sk)))
+#define sk_OSSL_CRMF_CERTID_deep_copy(sk, copyfunc, freefunc) ((STACK_OF(OSSL_CRMF_CERTID) *)OPENSSL_sk_deep_copy(ossl_check_const_OSSL_CRMF_CERTID_sk_type(sk), ossl_check_OSSL_CRMF_CERTID_copyfunc_type(copyfunc), ossl_check_OSSL_CRMF_CERTID_freefunc_type(freefunc)))
+#define sk_OSSL_CRMF_CERTID_set_cmp_func(sk, cmp) ((sk_OSSL_CRMF_CERTID_compfunc)OPENSSL_sk_set_cmp_func(ossl_check_OSSL_CRMF_CERTID_sk_type(sk), ossl_check_OSSL_CRMF_CERTID_compfunc_type(cmp)))
+
+
+typedef struct ossl_crmf_pkipublicationinfo_st OSSL_CRMF_PKIPUBLICATIONINFO;
+DECLARE_ASN1_FUNCTIONS(OSSL_CRMF_PKIPUBLICATIONINFO)
+typedef struct ossl_crmf_singlepubinfo_st OSSL_CRMF_SINGLEPUBINFO;
+DECLARE_ASN1_FUNCTIONS(OSSL_CRMF_SINGLEPUBINFO)
+typedef struct ossl_crmf_certtemplate_st OSSL_CRMF_CERTTEMPLATE;
+DECLARE_ASN1_FUNCTIONS(OSSL_CRMF_CERTTEMPLATE)
+typedef STACK_OF(OSSL_CRMF_MSG) OSSL_CRMF_MSGS;
+DECLARE_ASN1_FUNCTIONS(OSSL_CRMF_MSGS)
+
+typedef struct ossl_crmf_optionalvalidity_st OSSL_CRMF_OPTIONALVALIDITY;
+
+/* crmf_pbm.c */
+OSSL_CRMF_PBMPARAMETER *OSSL_CRMF_pbmp_new(OSSL_LIB_CTX *libctx, size_t slen,
+                                           int owfnid, size_t itercnt,
+                                           int macnid);
+int OSSL_CRMF_pbm_new(OSSL_LIB_CTX *libctx, const char *propq,
+                      const OSSL_CRMF_PBMPARAMETER *pbmp,
+                      const unsigned char *msg, size_t msglen,
+                      const unsigned char *sec, size_t seclen,
+                      unsigned char **mac, size_t *maclen);
+
+/* crmf_lib.c */
+int OSSL_CRMF_MSG_set1_regCtrl_regToken(OSSL_CRMF_MSG *msg,
+                                        const ASN1_UTF8STRING *tok);
+ASN1_UTF8STRING
+*OSSL_CRMF_MSG_get0_regCtrl_regToken(const OSSL_CRMF_MSG *msg);
+int OSSL_CRMF_MSG_set1_regCtrl_authenticator(OSSL_CRMF_MSG *msg,
+                                             const ASN1_UTF8STRING *auth);
+ASN1_UTF8STRING
+*OSSL_CRMF_MSG_get0_regCtrl_authenticator(const OSSL_CRMF_MSG *msg);
+int
+OSSL_CRMF_MSG_PKIPublicationInfo_push0_SinglePubInfo(OSSL_CRMF_PKIPUBLICATIONINFO *pi,
+                                                     OSSL_CRMF_SINGLEPUBINFO *spi);
+#  define OSSL_CRMF_PUB_METHOD_DONTCARE 0
+#  define OSSL_CRMF_PUB_METHOD_X500     1
+#  define OSSL_CRMF_PUB_METHOD_WEB      2
+#  define OSSL_CRMF_PUB_METHOD_LDAP     3
+int OSSL_CRMF_MSG_set0_SinglePubInfo(OSSL_CRMF_SINGLEPUBINFO *spi,
+                                     int method, GENERAL_NAME *nm);
+#  define OSSL_CRMF_PUB_ACTION_DONTPUBLISH   0
+#  define OSSL_CRMF_PUB_ACTION_PLEASEPUBLISH 1
+int OSSL_CRMF_MSG_set_PKIPublicationInfo_action(OSSL_CRMF_PKIPUBLICATIONINFO *pi,
+                                                int action);
+int OSSL_CRMF_MSG_set1_regCtrl_pkiPublicationInfo(OSSL_CRMF_MSG *msg,
+                                                  const OSSL_CRMF_PKIPUBLICATIONINFO *pi);
+OSSL_CRMF_PKIPUBLICATIONINFO
+*OSSL_CRMF_MSG_get0_regCtrl_pkiPublicationInfo(const OSSL_CRMF_MSG *msg);
+int OSSL_CRMF_MSG_set1_regCtrl_protocolEncrKey(OSSL_CRMF_MSG *msg,
+                                               const X509_PUBKEY *pubkey);
+X509_PUBKEY
+*OSSL_CRMF_MSG_get0_regCtrl_protocolEncrKey(const OSSL_CRMF_MSG *msg);
+int OSSL_CRMF_MSG_set1_regCtrl_oldCertID(OSSL_CRMF_MSG *msg,
+                                         const OSSL_CRMF_CERTID *cid);
+OSSL_CRMF_CERTID
+*OSSL_CRMF_MSG_get0_regCtrl_oldCertID(const OSSL_CRMF_MSG *msg);
+OSSL_CRMF_CERTID *OSSL_CRMF_CERTID_gen(const X509_NAME *issuer,
+                                       const ASN1_INTEGER *serial);
+
+int OSSL_CRMF_MSG_set1_regInfo_utf8Pairs(OSSL_CRMF_MSG *msg,
+                                         const ASN1_UTF8STRING *utf8pairs);
+ASN1_UTF8STRING
+*OSSL_CRMF_MSG_get0_regInfo_utf8Pairs(const OSSL_CRMF_MSG *msg);
+int OSSL_CRMF_MSG_set1_regInfo_certReq(OSSL_CRMF_MSG *msg,
+                                       const OSSL_CRMF_CERTREQUEST *cr);
+OSSL_CRMF_CERTREQUEST
+*OSSL_CRMF_MSG_get0_regInfo_certReq(const OSSL_CRMF_MSG *msg);
+
+int OSSL_CRMF_MSG_set0_validity(OSSL_CRMF_MSG *crm,
+                                ASN1_TIME *notBefore, ASN1_TIME *notAfter);
+int OSSL_CRMF_MSG_set_certReqId(OSSL_CRMF_MSG *crm, int rid);
+int OSSL_CRMF_MSG_get_certReqId(const OSSL_CRMF_MSG *crm);
+int OSSL_CRMF_MSG_set0_extensions(OSSL_CRMF_MSG *crm, X509_EXTENSIONS *exts);
+
+int OSSL_CRMF_MSG_push0_extension(OSSL_CRMF_MSG *crm, X509_EXTENSION *ext);
+#  define OSSL_CRMF_POPO_NONE       -1
+#  define OSSL_CRMF_POPO_RAVERIFIED 0
+#  define OSSL_CRMF_POPO_SIGNATURE  1
+#  define OSSL_CRMF_POPO_KEYENC     2
+#  define OSSL_CRMF_POPO_KEYAGREE   3
+int OSSL_CRMF_MSG_create_popo(int meth, OSSL_CRMF_MSG *crm,
+                              EVP_PKEY *pkey, const EVP_MD *digest,
+                              OSSL_LIB_CTX *libctx, const char *propq);
+int OSSL_CRMF_MSGS_verify_popo(const OSSL_CRMF_MSGS *reqs,
+                               int rid, int acceptRAVerified,
+                               OSSL_LIB_CTX *libctx, const char *propq);
+OSSL_CRMF_CERTTEMPLATE *OSSL_CRMF_MSG_get0_tmpl(const OSSL_CRMF_MSG *crm);
+const ASN1_INTEGER
+*OSSL_CRMF_CERTTEMPLATE_get0_serialNumber(const OSSL_CRMF_CERTTEMPLATE *tmpl);
+const X509_NAME
+*OSSL_CRMF_CERTTEMPLATE_get0_subject(const OSSL_CRMF_CERTTEMPLATE *tmpl);
+const X509_NAME
+*OSSL_CRMF_CERTTEMPLATE_get0_issuer(const OSSL_CRMF_CERTTEMPLATE *tmpl);
+X509_EXTENSIONS
+*OSSL_CRMF_CERTTEMPLATE_get0_extensions(const OSSL_CRMF_CERTTEMPLATE *tmpl);
+const X509_NAME
+*OSSL_CRMF_CERTID_get0_issuer(const OSSL_CRMF_CERTID *cid);
+const ASN1_INTEGER
+*OSSL_CRMF_CERTID_get0_serialNumber(const OSSL_CRMF_CERTID *cid);
+int OSSL_CRMF_CERTTEMPLATE_fill(OSSL_CRMF_CERTTEMPLATE *tmpl,
+                                EVP_PKEY *pubkey,
+                                const X509_NAME *subject,
+                                const X509_NAME *issuer,
+                                const ASN1_INTEGER *serial);
+X509
+*OSSL_CRMF_ENCRYPTEDVALUE_get1_encCert(const OSSL_CRMF_ENCRYPTEDVALUE *ecert,
+                                       OSSL_LIB_CTX *libctx, const char *propq,
+                                       EVP_PKEY *pkey);
+
+#  ifdef __cplusplus
+}
+#  endif
+# endif /* !defined(OPENSSL_NO_CRMF) */
+#endif /* !defined(OPENSSL_CRMF_H) */
--- a/src/3rdparty/win32_include/openssl/crmferr.h
+++ b/src/3rdparty/win32_include/openssl/crmferr.h
@ -0,0 +1,50 @@
+/*
+ * Generated by util/mkerr.pl DO NOT EDIT
+ * Copyright 1995-2021 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the Apache License 2.0 (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#ifndef OPENSSL_CRMFERR_H
+# define OPENSSL_CRMFERR_H
+# pragma once
+
+# include <openssl/opensslconf.h>
+# include <openssl/symhacks.h>
+# include <openssl/cryptoerr_legacy.h>
+
+
+# ifndef OPENSSL_NO_CRMF
+
+
+/*
+ * CRMF reason codes.
+ */
+#  define CRMF_R_BAD_PBM_ITERATIONCOUNT                    100
+#  define CRMF_R_CRMFERROR                                 102
+#  define CRMF_R_ERROR                                     103
+#  define CRMF_R_ERROR_DECODING_CERTIFICATE                104
+#  define CRMF_R_ERROR_DECRYPTING_CERTIFICATE              105
+#  define CRMF_R_ERROR_DECRYPTING_SYMMETRIC_KEY            106
+#  define CRMF_R_FAILURE_OBTAINING_RANDOM                  107
+#  define CRMF_R_ITERATIONCOUNT_BELOW_100                  108
+#  define CRMF_R_MALFORMED_IV                              101
+#  define CRMF_R_NULL_ARGUMENT                             109
+#  define CRMF_R_POPOSKINPUT_NOT_SUPPORTED                 113
+#  define CRMF_R_POPO_INCONSISTENT_PUBLIC_KEY              117
+#  define CRMF_R_POPO_MISSING                              121
+#  define CRMF_R_POPO_MISSING_PUBLIC_KEY                   118
+#  define CRMF_R_POPO_MISSING_SUBJECT                      119
+#  define CRMF_R_POPO_RAVERIFIED_NOT_ACCEPTED              120
+#  define CRMF_R_SETTING_MAC_ALGOR_FAILURE                 110
+#  define CRMF_R_SETTING_OWF_ALGOR_FAILURE                 111
+#  define CRMF_R_UNSUPPORTED_ALGORITHM                     112
+#  define CRMF_R_UNSUPPORTED_CIPHER                        114
+#  define CRMF_R_UNSUPPORTED_METHOD_FOR_CREATING_POPO      115
+#  define CRMF_R_UNSUPPORTED_POPO_METHOD                   116
+
+# endif
+#endif
--- a/src/3rdparty/win32_include/openssl/crypto.h
+++ b/src/3rdparty/win32_include/openssl/crypto.h
@ -1,15 +1,26 @@
 /*
- * Copyright 1995-2019 The OpenSSL Project Authors. All Rights Reserved.
+ * WARNING: do not edit!
+ * Generated by makefile from include\openssl\crypto.h.in
+ *
+ * Copyright 1995-2022 The OpenSSL Project Authors. All Rights Reserved.
 * Copyright (c) 2002, Oracle and/or its affiliates. All rights reserved
 *
- * Licensed under the OpenSSL license (the "License").  You may not use
+ * Licensed under the Apache License 2.0 (the "License").  You may not use
 * this file except in compliance with the License.  You can obtain a copy
 * in the file LICENSE in the source distribution or at
 * https://www.openssl.org/source/license.html
 */

-#ifndef HEADER_CRYPTO_H
-# define HEADER_CRYPTO_H
+
+
+#ifndef OPENSSL_CRYPTO_H
+# define OPENSSL_CRYPTO_H
+# pragma once
+
+# include <openssl/macros.h>
+# ifndef OPENSSL_NO_DEPRECATED_3_0
+#  define HEADER_CRYPTO_H
+# endif

 # include <stdlib.h>
 # include <time.h>
@ -22,9 +33,10 @@

 # include <openssl/safestack.h>
 # include <openssl/opensslv.h>
-# include <openssl/ossl_typ.h>
+# include <openssl/types.h>
 # include <openssl/opensslconf.h>
 # include <openssl/cryptoerr.h>
+# include <openssl/core.h>

 # ifdef CHARSET_EBCDIC
 #  include <openssl/ebcdic.h>
@ -36,7 +48,7 @@
 */
 # include <openssl/symhacks.h>

-# if OPENSSL_API_COMPAT < 0x10100000L
+# ifndef OPENSSL_NO_DEPRECATED_1_1_0
 #  include <openssl/opensslv.h>
 # endif

@ -44,7 +56,7 @@
 extern "C" {
 #endif

-# if OPENSSL_API_COMPAT < 0x10100000L
+# ifndef OPENSSL_NO_DEPRECATED_1_1_0
 #  define SSLeay                  OpenSSL_version_num
 #  define SSLeay_version          OpenSSL_version
 #  define SSLEAY_VERSION_NUMBER   OPENSSL_VERSION_NUMBER
@ -62,58 +74,24 @@ typedef struct {
    int dummy;
 } CRYPTO_dynlock;

-# endif /* OPENSSL_API_COMPAT */
+# endif /* OPENSSL_NO_DEPRECATED_1_1_0 */

 typedef void CRYPTO_RWLOCK;

 CRYPTO_RWLOCK *CRYPTO_THREAD_lock_new(void);
-int CRYPTO_THREAD_read_lock(CRYPTO_RWLOCK *lock);
-int CRYPTO_THREAD_write_lock(CRYPTO_RWLOCK *lock);
+__owur int CRYPTO_THREAD_read_lock(CRYPTO_RWLOCK *lock);
+__owur int CRYPTO_THREAD_write_lock(CRYPTO_RWLOCK *lock);
 int CRYPTO_THREAD_unlock(CRYPTO_RWLOCK *lock);
 void CRYPTO_THREAD_lock_free(CRYPTO_RWLOCK *lock);

 int CRYPTO_atomic_add(int *val, int amount, int *ret, CRYPTO_RWLOCK *lock);
-
-/*
- * The following can be used to detect memory leaks in the library. If
- * used, it turns on malloc checking
- */
-# define CRYPTO_MEM_CHECK_OFF     0x0   /* Control only */
-# define CRYPTO_MEM_CHECK_ON      0x1   /* Control and mode bit */
-# define CRYPTO_MEM_CHECK_ENABLE  0x2   /* Control and mode bit */
-# define CRYPTO_MEM_CHECK_DISABLE 0x3   /* Control only */
-
-struct crypto_ex_data_st {
-    STACK_OF(void) *sk;
-};
-DEFINE_STACK_OF(void)
-
-/*
- * Per class, we have a STACK of function pointers.
- */
-# define CRYPTO_EX_INDEX_SSL              0
-# define CRYPTO_EX_INDEX_SSL_CTX          1
-# define CRYPTO_EX_INDEX_SSL_SESSION      2
-# define CRYPTO_EX_INDEX_X509             3
-# define CRYPTO_EX_INDEX_X509_STORE       4
-# define CRYPTO_EX_INDEX_X509_STORE_CTX   5
-# define CRYPTO_EX_INDEX_DH               6
-# define CRYPTO_EX_INDEX_DSA              7
-# define CRYPTO_EX_INDEX_EC_KEY           8
-# define CRYPTO_EX_INDEX_RSA              9
-# define CRYPTO_EX_INDEX_ENGINE          10
-# define CRYPTO_EX_INDEX_UI              11
-# define CRYPTO_EX_INDEX_BIO             12
-# define CRYPTO_EX_INDEX_APP             13
-# define CRYPTO_EX_INDEX_UI_METHOD       14
-# define CRYPTO_EX_INDEX_DRBG            15
-# define CRYPTO_EX_INDEX__COUNT          16
+int CRYPTO_atomic_or(uint64_t *val, uint64_t op, uint64_t *ret,
+                     CRYPTO_RWLOCK *lock);
+int CRYPTO_atomic_load(uint64_t *val, uint64_t *ret, CRYPTO_RWLOCK *lock);

 /* No longer needed, so this is a no-op */
 #define OPENSSL_malloc_init() while(0) continue

-int CRYPTO_mem_ctrl(int mode);
-
 # define OPENSSL_malloc(num) \
        CRYPTO_malloc(num, OPENSSL_FILE, OPENSSL_LINE)
 # define OPENSSL_zalloc(num) \
@ -146,32 +124,127 @@ int CRYPTO_mem_ctrl(int mode);
 size_t OPENSSL_strlcpy(char *dst, const char *src, size_t siz);
 size_t OPENSSL_strlcat(char *dst, const char *src, size_t siz);
 size_t OPENSSL_strnlen(const char *str, size_t maxlen);
-char *OPENSSL_buf2hexstr(const unsigned char *buffer, long len);
-unsigned char *OPENSSL_hexstr2buf(const char *str, long *len);
+int OPENSSL_buf2hexstr_ex(char *str, size_t str_n, size_t *strlength,
+                          const unsigned char *buf, size_t buflen,
+                          const char sep);
+char *OPENSSL_buf2hexstr(const unsigned char *buf, long buflen);
+int OPENSSL_hexstr2buf_ex(unsigned char *buf, size_t buf_n, size_t *buflen,
+                          const char *str, const char sep);
+unsigned char *OPENSSL_hexstr2buf(const char *str, long *buflen);
 int OPENSSL_hexchar2int(unsigned char c);
+int OPENSSL_strcasecmp(const char *s1, const char *s2);
+int OPENSSL_strncasecmp(const char *s1, const char *s2, size_t n);

 # define OPENSSL_MALLOC_MAX_NELEMS(type)  (((1U<<(sizeof(int)*8-1))-1)/sizeof(type))

+/*
+ * These functions return the values of OPENSSL_VERSION_MAJOR,
+ * OPENSSL_VERSION_MINOR, OPENSSL_VERSION_PATCH, OPENSSL_VERSION_PRE_RELEASE
+ * and OPENSSL_VERSION_BUILD_METADATA, respectively.
+ */
+unsigned int OPENSSL_version_major(void);
+unsigned int OPENSSL_version_minor(void);
+unsigned int OPENSSL_version_patch(void);
+const char *OPENSSL_version_pre_release(void);
+const char *OPENSSL_version_build_metadata(void);
+
 unsigned long OpenSSL_version_num(void);
 const char *OpenSSL_version(int type);
-# define OPENSSL_VERSION          0
-# define OPENSSL_CFLAGS           1
-# define OPENSSL_BUILT_ON         2
-# define OPENSSL_PLATFORM         3
-# define OPENSSL_DIR              4
-# define OPENSSL_ENGINES_DIR      5
+# define OPENSSL_VERSION                0
+# define OPENSSL_CFLAGS                 1
+# define OPENSSL_BUILT_ON               2
+# define OPENSSL_PLATFORM               3
+# define OPENSSL_DIR                    4
+# define OPENSSL_ENGINES_DIR            5
+# define OPENSSL_VERSION_STRING         6
+# define OPENSSL_FULL_VERSION_STRING    7
+# define OPENSSL_MODULES_DIR            8
+# define OPENSSL_CPU_INFO               9
+
+const char *OPENSSL_info(int type);
+/*
+ * The series starts at 1001 to avoid confusion with the OpenSSL_version
+ * types.
+ */
+# define OPENSSL_INFO_CONFIG_DIR                1001
+# define OPENSSL_INFO_ENGINES_DIR               1002
+# define OPENSSL_INFO_MODULES_DIR               1003
+# define OPENSSL_INFO_DSO_EXTENSION             1004
+# define OPENSSL_INFO_DIR_FILENAME_SEPARATOR    1005
+# define OPENSSL_INFO_LIST_SEPARATOR            1006
+# define OPENSSL_INFO_SEED_SOURCE               1007
+# define OPENSSL_INFO_CPU_SETTINGS              1008

 int OPENSSL_issetugid(void);

+struct crypto_ex_data_st {
+    OSSL_LIB_CTX *ctx;
+    STACK_OF(void) *sk;
+};
+
+SKM_DEFINE_STACK_OF_INTERNAL(void, void, void)
+#define sk_void_num(sk) OPENSSL_sk_num(ossl_check_const_void_sk_type(sk))
+#define sk_void_value(sk, idx) ((void *)OPENSSL_sk_value(ossl_check_const_void_sk_type(sk), (idx)))
+#define sk_void_new(cmp) ((STACK_OF(void) *)OPENSSL_sk_new(ossl_check_void_compfunc_type(cmp)))
+#define sk_void_new_null() ((STACK_OF(void) *)OPENSSL_sk_new_null())
+#define sk_void_new_reserve(cmp, n) ((STACK_OF(void) *)OPENSSL_sk_new_reserve(ossl_check_void_compfunc_type(cmp), (n)))
+#define sk_void_reserve(sk, n) OPENSSL_sk_reserve(ossl_check_void_sk_type(sk), (n))
+#define sk_void_free(sk) OPENSSL_sk_free(ossl_check_void_sk_type(sk))
+#define sk_void_zero(sk) OPENSSL_sk_zero(ossl_check_void_sk_type(sk))
+#define sk_void_delete(sk, i) ((void *)OPENSSL_sk_delete(ossl_check_void_sk_type(sk), (i)))
+#define sk_void_delete_ptr(sk, ptr) ((void *)OPENSSL_sk_delete_ptr(ossl_check_void_sk_type(sk), ossl_check_void_type(ptr)))
+#define sk_void_push(sk, ptr) OPENSSL_sk_push(ossl_check_void_sk_type(sk), ossl_check_void_type(ptr))
+#define sk_void_unshift(sk, ptr) OPENSSL_sk_unshift(ossl_check_void_sk_type(sk), ossl_check_void_type(ptr))
+#define sk_void_pop(sk) ((void *)OPENSSL_sk_pop(ossl_check_void_sk_type(sk)))
+#define sk_void_shift(sk) ((void *)OPENSSL_sk_shift(ossl_check_void_sk_type(sk)))
+#define sk_void_pop_free(sk, freefunc) OPENSSL_sk_pop_free(ossl_check_void_sk_type(sk),ossl_check_void_freefunc_type(freefunc))
+#define sk_void_insert(sk, ptr, idx) OPENSSL_sk_insert(ossl_check_void_sk_type(sk), ossl_check_void_type(ptr), (idx))
+#define sk_void_set(sk, idx, ptr) ((void *)OPENSSL_sk_set(ossl_check_void_sk_type(sk), (idx), ossl_check_void_type(ptr)))
+#define sk_void_find(sk, ptr) OPENSSL_sk_find(ossl_check_void_sk_type(sk), ossl_check_void_type(ptr))
+#define sk_void_find_ex(sk, ptr) OPENSSL_sk_find_ex(ossl_check_void_sk_type(sk), ossl_check_void_type(ptr))
+#define sk_void_find_all(sk, ptr, pnum) OPENSSL_sk_find_all(ossl_check_void_sk_type(sk), ossl_check_void_type(ptr), pnum)
+#define sk_void_sort(sk) OPENSSL_sk_sort(ossl_check_void_sk_type(sk))
+#define sk_void_is_sorted(sk) OPENSSL_sk_is_sorted(ossl_check_const_void_sk_type(sk))
+#define sk_void_dup(sk) ((STACK_OF(void) *)OPENSSL_sk_dup(ossl_check_const_void_sk_type(sk)))
+#define sk_void_deep_copy(sk, copyfunc, freefunc) ((STACK_OF(void) *)OPENSSL_sk_deep_copy(ossl_check_const_void_sk_type(sk), ossl_check_void_copyfunc_type(copyfunc), ossl_check_void_freefunc_type(freefunc)))
+#define sk_void_set_cmp_func(sk, cmp) ((sk_void_compfunc)OPENSSL_sk_set_cmp_func(ossl_check_void_sk_type(sk), ossl_check_void_compfunc_type(cmp)))
+
+
+
+/*
+ * Per class, we have a STACK of function pointers.
+ */
+# define CRYPTO_EX_INDEX_SSL              0
+# define CRYPTO_EX_INDEX_SSL_CTX          1
+# define CRYPTO_EX_INDEX_SSL_SESSION      2
+# define CRYPTO_EX_INDEX_X509             3
+# define CRYPTO_EX_INDEX_X509_STORE       4
+# define CRYPTO_EX_INDEX_X509_STORE_CTX   5
+# define CRYPTO_EX_INDEX_DH               6
+# define CRYPTO_EX_INDEX_DSA              7
+# define CRYPTO_EX_INDEX_EC_KEY           8
+# define CRYPTO_EX_INDEX_RSA              9
+# define CRYPTO_EX_INDEX_ENGINE          10
+# define CRYPTO_EX_INDEX_UI              11
+# define CRYPTO_EX_INDEX_BIO             12
+# define CRYPTO_EX_INDEX_APP             13
+# define CRYPTO_EX_INDEX_UI_METHOD       14
+# define CRYPTO_EX_INDEX_RAND_DRBG       15
+# define CRYPTO_EX_INDEX_DRBG            CRYPTO_EX_INDEX_RAND_DRBG
+# define CRYPTO_EX_INDEX_OSSL_LIB_CTX    16
+# define CRYPTO_EX_INDEX_EVP_PKEY        17
+# define CRYPTO_EX_INDEX__COUNT          18
+
 typedef void CRYPTO_EX_new (void *parent, void *ptr, CRYPTO_EX_DATA *ad,
                           int idx, long argl, void *argp);
 typedef void CRYPTO_EX_free (void *parent, void *ptr, CRYPTO_EX_DATA *ad,
                             int idx, long argl, void *argp);
 typedef int CRYPTO_EX_dup (CRYPTO_EX_DATA *to, const CRYPTO_EX_DATA *from,
-                           void *from_d, int idx, long argl, void *argp);
+                           void **from_d, int idx, long argl, void *argp);
 __owur int CRYPTO_get_ex_new_index(int class_index, long argl, void *argp,
-                            CRYPTO_EX_new *new_func, CRYPTO_EX_dup *dup_func,
-                            CRYPTO_EX_free *free_func);
+                                   CRYPTO_EX_new *new_func,
+                                   CRYPTO_EX_dup *dup_func,
+                                   CRYPTO_EX_free *free_func);
 /* No longer use an index. */
 int CRYPTO_free_ex_index(int class_index, int idx);

@ -185,6 +258,10 @@ int CRYPTO_dup_ex_data(int class_index, CRYPTO_EX_DATA *to,

 void CRYPTO_free_ex_data(int class_index, void *obj, CRYPTO_EX_DATA *ad);

+/* Allocate a single item in the CRYPTO_EX_DATA variable */
+int CRYPTO_alloc_ex_data(int class_index, void *obj, CRYPTO_EX_DATA *ad,
+                         int idx);
+
 /*
 * Get/set data in a CRYPTO_EX_DATA variable corresponding to a particular
 * index (relative to the class type involved)
@ -192,7 +269,7 @@ void CRYPTO_free_ex_data(int class_index, void *obj, CRYPTO_EX_DATA *ad);
 int CRYPTO_set_ex_data(CRYPTO_EX_DATA *ad, int idx, void *val);
 void *CRYPTO_get_ex_data(const CRYPTO_EX_DATA *ad, int idx);

-# if OPENSSL_API_COMPAT < 0x10100000L
+# ifndef OPENSSL_NO_DEPRECATED_1_1_0
 /*
 * This function cleans up all "ex_data" state. It mustn't be called under
 * potential race-conditions.
@ -239,11 +316,11 @@ typedef struct crypto_threadid_st {
 #  define CRYPTO_THREADID_cpy(dest, src)
 #  define CRYPTO_THREADID_hash(id)                      (0UL)

-#  if OPENSSL_API_COMPAT < 0x10000000L
+#  ifndef OPENSSL_NO_DEPRECATED_1_0_0
 #   define CRYPTO_set_id_callback(func)
 #   define CRYPTO_get_id_callback()                     (NULL)
 #   define CRYPTO_thread_id()                           (0UL)
-#  endif /* OPENSSL_API_COMPAT < 0x10000000L */
+#  endif /* OPENSSL_NO_DEPRECATED_1_0_0 */

 #  define CRYPTO_set_dynlock_create_callback(dyn_create_function)
 #  define CRYPTO_set_dynlock_lock_callback(dyn_lock_function)
@ -251,33 +328,34 @@ typedef struct crypto_threadid_st {
 #  define CRYPTO_get_dynlock_create_callback()          (NULL)
 #  define CRYPTO_get_dynlock_lock_callback()            (NULL)
 #  define CRYPTO_get_dynlock_destroy_callback()         (NULL)
-# endif /* OPENSSL_API_COMPAT < 0x10100000L */
+# endif /* OPENSSL_NO_DEPRECATED_1_1_0 */

-int CRYPTO_set_mem_functions(
-        void *(*m) (size_t, const char *, int),
-        void *(*r) (void *, size_t, const char *, int),
-        void (*f) (void *, const char *, int));
-int CRYPTO_set_mem_debug(int flag);
-void CRYPTO_get_mem_functions(
-        void *(**m) (size_t, const char *, int),
-        void *(**r) (void *, size_t, const char *, int),
-        void (**f) (void *, const char *, int));
+typedef void *(*CRYPTO_malloc_fn)(size_t num, const char *file, int line);
+typedef void *(*CRYPTO_realloc_fn)(void *addr, size_t num, const char *file,
+                                   int line);
+typedef void (*CRYPTO_free_fn)(void *addr, const char *file, int line);
+int CRYPTO_set_mem_functions(CRYPTO_malloc_fn malloc_fn,
+                             CRYPTO_realloc_fn realloc_fn,
+                             CRYPTO_free_fn free_fn);
+void CRYPTO_get_mem_functions(CRYPTO_malloc_fn *malloc_fn,
+                              CRYPTO_realloc_fn *realloc_fn,
+                              CRYPTO_free_fn *free_fn);

-void *CRYPTO_malloc(size_t num, const char *file, int line);
-void *CRYPTO_zalloc(size_t num, const char *file, int line);
-void *CRYPTO_memdup(const void *str, size_t siz, const char *file, int line);
-char *CRYPTO_strdup(const char *str, const char *file, int line);
-char *CRYPTO_strndup(const char *str, size_t s, const char *file, int line);
+OSSL_CRYPTO_ALLOC void *CRYPTO_malloc(size_t num, const char *file, int line);
+OSSL_CRYPTO_ALLOC void *CRYPTO_zalloc(size_t num, const char *file, int line);
+OSSL_CRYPTO_ALLOC void *CRYPTO_memdup(const void *str, size_t siz, const char *file, int line);
+OSSL_CRYPTO_ALLOC char *CRYPTO_strdup(const char *str, const char *file, int line);
+OSSL_CRYPTO_ALLOC char *CRYPTO_strndup(const char *str, size_t s, const char *file, int line);
 void CRYPTO_free(void *ptr, const char *file, int line);
 void CRYPTO_clear_free(void *ptr, size_t num, const char *file, int line);
 void *CRYPTO_realloc(void *addr, size_t num, const char *file, int line);
 void *CRYPTO_clear_realloc(void *addr, size_t old_num, size_t num,
                           const char *file, int line);

-int CRYPTO_secure_malloc_init(size_t sz, int minsize);
+int CRYPTO_secure_malloc_init(size_t sz, size_t minsize);
 int CRYPTO_secure_malloc_done(void);
-void *CRYPTO_secure_malloc(size_t num, const char *file, int line);
-void *CRYPTO_secure_zalloc(size_t num, const char *file, int line);
+OSSL_CRYPTO_ALLOC void *CRYPTO_secure_malloc(size_t num, const char *file, int line);
+OSSL_CRYPTO_ALLOC void *CRYPTO_secure_zalloc(size_t num, const char *file, int line);
 void CRYPTO_secure_free(void *ptr, const char *file, int line);
 void CRYPTO_secure_clear_free(void *ptr, size_t num,
                              const char *file, int line);
@ -289,38 +367,53 @@ size_t CRYPTO_secure_used(void);
 void OPENSSL_cleanse(void *ptr, size_t len);

 # ifndef OPENSSL_NO_CRYPTO_MDEBUG
-#  define OPENSSL_mem_debug_push(info) \
-        CRYPTO_mem_debug_push(info, OPENSSL_FILE, OPENSSL_LINE)
-#  define OPENSSL_mem_debug_pop() \
-        CRYPTO_mem_debug_pop()
-int CRYPTO_mem_debug_push(const char *info, const char *file, int line);
-int CRYPTO_mem_debug_pop(void);
-void CRYPTO_get_alloc_counts(int *mcount, int *rcount, int *fcount);
-
-/*-
- * Debugging functions (enabled by CRYPTO_set_mem_debug(1))
- * The flag argument has the following significance:
- *   0:   called before the actual memory allocation has taken place
- *   1:   called after the actual memory allocation has taken place
+/*
+ * The following can be used to detect memory leaks in the library. If
+ * used, it turns on malloc checking
 */
-void CRYPTO_mem_debug_malloc(void *addr, size_t num, int flag,
-        const char *file, int line);
-void CRYPTO_mem_debug_realloc(void *addr1, void *addr2, size_t num, int flag,
-        const char *file, int line);
-void CRYPTO_mem_debug_free(void *addr, int flag,
-        const char *file, int line);
+# define CRYPTO_MEM_CHECK_OFF     0x0   /* Control only */
+# define CRYPTO_MEM_CHECK_ON      0x1   /* Control and mode bit */
+# define CRYPTO_MEM_CHECK_ENABLE  0x2   /* Control and mode bit */
+# define CRYPTO_MEM_CHECK_DISABLE 0x3   /* Control only */

-int CRYPTO_mem_leaks_cb(int (*cb) (const char *str, size_t len, void *u),
-                        void *u);
-#  ifndef OPENSSL_NO_STDIO
-int CRYPTO_mem_leaks_fp(FILE *);
+void CRYPTO_get_alloc_counts(int *mcount, int *rcount, int *fcount);
+#  ifndef OPENSSL_NO_DEPRECATED_3_0
+#    define OPENSSL_mem_debug_push(info) \
+         CRYPTO_mem_debug_push(info, OPENSSL_FILE, OPENSSL_LINE)
+#    define OPENSSL_mem_debug_pop() \
+         CRYPTO_mem_debug_pop()
 #  endif
-int CRYPTO_mem_leaks(BIO *bio);
+#  ifndef OPENSSL_NO_DEPRECATED_3_0
+OSSL_DEPRECATEDIN_3_0 int CRYPTO_set_mem_debug(int flag);
+OSSL_DEPRECATEDIN_3_0 int CRYPTO_mem_ctrl(int mode);
+OSSL_DEPRECATEDIN_3_0 int CRYPTO_mem_debug_push(const char *info,
+                                                const char *file, int line);
+OSSL_DEPRECATEDIN_3_0 int CRYPTO_mem_debug_pop(void);
+OSSL_DEPRECATEDIN_3_0 void CRYPTO_mem_debug_malloc(void *addr, size_t num,
+                                                   int flag,
+                                                   const char *file, int line);
+OSSL_DEPRECATEDIN_3_0 void CRYPTO_mem_debug_realloc(void *addr1, void *addr2,
+                                                    size_t num, int flag,
+                                                    const char *file, int line);
+OSSL_DEPRECATEDIN_3_0 void CRYPTO_mem_debug_free(void *addr, int flag,
+                                                 const char *file, int line);
+OSSL_DEPRECATEDIN_3_0
+int CRYPTO_mem_leaks_cb(int (*cb)(const char *str, size_t len, void *u),
+                        void *u);
+#  endif
+#  ifndef OPENSSL_NO_STDIO
+#  ifndef OPENSSL_NO_DEPRECATED_3_0
+OSSL_DEPRECATEDIN_3_0 int CRYPTO_mem_leaks_fp(FILE *);
+#  endif
+#  endif
+# ifndef OPENSSL_NO_DEPRECATED_3_0
+OSSL_DEPRECATEDIN_3_0 int CRYPTO_mem_leaks(BIO *bio);
 # endif
+# endif /* OPENSSL_NO_CRYPTO_MDEBUG */

 /* die if we have to */
 ossl_noreturn void OPENSSL_die(const char *assertion, const char *file, int line);
-# if OPENSSL_API_COMPAT < 0x10100000L
+# ifndef OPENSSL_NO_DEPRECATED_1_1_0
 #  define OpenSSLDie(f,l,a) OPENSSL_die((a),(f),(l))
 # endif
 # define OPENSSL_assert(e) \
@ -328,14 +421,13 @@ ossl_noreturn void OPENSSL_die(const char *assertion, const char *file, int line

 int OPENSSL_isservice(void);

-int FIPS_mode(void);
-int FIPS_mode_set(int r);
-
 void OPENSSL_init(void);
 # ifdef OPENSSL_SYS_UNIX
-void OPENSSL_fork_prepare(void);
-void OPENSSL_fork_parent(void);
-void OPENSSL_fork_child(void);
+#  ifndef OPENSSL_NO_DEPRECATED_3_0
+OSSL_DEPRECATEDIN_3_0 void OPENSSL_fork_prepare(void);
+OSSL_DEPRECATEDIN_3_0 void OPENSSL_fork_parent(void);
+OSSL_DEPRECATEDIN_3_0 void OPENSSL_fork_child(void);
+#  endif
 # endif

 struct tm *OPENSSL_gmtime(const time_t *timer, struct tm *result);
@ -369,11 +461,17 @@ int CRYPTO_memcmp(const void * in_a, const void * in_b, size_t len);
 # define OPENSSL_INIT_ENGINE_CAPI            0x00002000L
 # define OPENSSL_INIT_ENGINE_PADLOCK         0x00004000L
 # define OPENSSL_INIT_ENGINE_AFALG           0x00008000L
-/* OPENSSL_INIT_ZLIB                         0x00010000L */
+/* FREE:                                     0x00010000L */
 # define OPENSSL_INIT_ATFORK                 0x00020000L
 /* OPENSSL_INIT_BASE_ONLY                    0x00040000L */
 # define OPENSSL_INIT_NO_ATEXIT              0x00080000L
-/* OPENSSL_INIT flag range 0xfff00000 reserved for OPENSSL_init_ssl() */
+/* OPENSSL_INIT flag range 0x03f00000 reserved for OPENSSL_init_ssl() */
+/* FREE: 0x04000000L */
+/* FREE: 0x08000000L */
+/* FREE: 0x10000000L */
+/* FREE: 0x20000000L */
+/* FREE: 0x40000000L */
+/* FREE: 0x80000000L */
 /* Max OPENSSL_INIT flag value is 0x80000000 */

 /* openssl and dasync not counted as builtin */
@ -382,12 +480,12 @@ int CRYPTO_memcmp(const void * in_a, const void * in_b, size_t len);
    | OPENSSL_INIT_ENGINE_CRYPTODEV | OPENSSL_INIT_ENGINE_CAPI | \
    OPENSSL_INIT_ENGINE_PADLOCK)

-
 /* Library initialisation functions */
 void OPENSSL_cleanup(void);
 int OPENSSL_init_crypto(uint64_t opts, const OPENSSL_INIT_SETTINGS *settings);
 int OPENSSL_atexit(void (*handler)(void));
 void OPENSSL_thread_stop(void);
+void OPENSSL_thread_stop_ex(OSSL_LIB_CTX *ctx);

 /* Low-level control of initialization */
 OPENSSL_INIT_SETTINGS *OPENSSL_INIT_new(void);
@ -412,7 +510,13 @@ typedef LONG CRYPTO_ONCE;
 #    define CRYPTO_ONCE_STATIC_INIT 0
 #   endif
 #  else
-#   include <pthread.h>
+#   if defined(__TANDEM) && defined(_SPT_MODEL_)
+#    define  SPT_THREAD_SIGNAL 1
+#    define  SPT_THREAD_AWARE 1
+#    include <spthread.h>
+#   else
+#    include <pthread.h>
+#   endif
 typedef pthread_once_t CRYPTO_ONCE;
 typedef pthread_key_t CRYPTO_THREAD_LOCAL;
 typedef pthread_t CRYPTO_THREAD_ID;
@ -438,6 +542,15 @@ int CRYPTO_THREAD_cleanup_local(CRYPTO_THREAD_LOCAL *key);
 CRYPTO_THREAD_ID CRYPTO_THREAD_get_current_id(void);
 int CRYPTO_THREAD_compare_id(CRYPTO_THREAD_ID a, CRYPTO_THREAD_ID b);

+OSSL_LIB_CTX *OSSL_LIB_CTX_new(void);
+OSSL_LIB_CTX *OSSL_LIB_CTX_new_from_dispatch(const OSSL_CORE_HANDLE *handle,
+                                             const OSSL_DISPATCH *in);
+OSSL_LIB_CTX *OSSL_LIB_CTX_new_child(const OSSL_CORE_HANDLE *handle,
+                                     const OSSL_DISPATCH *in);
+int OSSL_LIB_CTX_load_config(OSSL_LIB_CTX *ctx, const char *config_file);
+void OSSL_LIB_CTX_free(OSSL_LIB_CTX *);
+OSSL_LIB_CTX *OSSL_LIB_CTX_get0_global_default(void);
+OSSL_LIB_CTX *OSSL_LIB_CTX_set0_default(OSSL_LIB_CTX *libctx);

 # ifdef  __cplusplus
 }
--- a/src/3rdparty/win32_include/openssl/cryptoerr.h
+++ b/src/3rdparty/win32_include/openssl/cryptoerr.h
@ -1,57 +1,55 @@
 /*
 * Generated by util/mkerr.pl DO NOT EDIT
- * Copyright 1995-2019 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 1995-2022 The OpenSSL Project Authors. All Rights Reserved.
 *
- * Licensed under the OpenSSL license (the "License").  You may not use
+ * Licensed under the Apache License 2.0 (the "License").  You may not use
 * this file except in compliance with the License.  You can obtain a copy
 * in the file LICENSE in the source distribution or at
 * https://www.openssl.org/source/license.html
 */

-#ifndef HEADER_CRYPTOERR_H
-# define HEADER_CRYPTOERR_H
+#ifndef OPENSSL_CRYPTOERR_H
+# define OPENSSL_CRYPTOERR_H
+# pragma once

-# ifndef HEADER_SYMHACKS_H
-#  include <openssl/symhacks.h>
-# endif
+# include <openssl/opensslconf.h>
+# include <openssl/symhacks.h>
+# include <openssl/cryptoerr_legacy.h>

-# ifdef  __cplusplus
-extern "C"
-# endif
-int ERR_load_CRYPTO_strings(void);

-/*
- * CRYPTO function codes.
- */
-# define CRYPTO_F_CMAC_CTX_NEW                            120
-# define CRYPTO_F_CRYPTO_DUP_EX_DATA                      110
-# define CRYPTO_F_CRYPTO_FREE_EX_DATA                     111
-# define CRYPTO_F_CRYPTO_GET_EX_NEW_INDEX                 100
-# define CRYPTO_F_CRYPTO_MEMDUP                           115
-# define CRYPTO_F_CRYPTO_NEW_EX_DATA                      112
-# define CRYPTO_F_CRYPTO_OCB128_COPY_CTX                  121
-# define CRYPTO_F_CRYPTO_OCB128_INIT                      122
-# define CRYPTO_F_CRYPTO_SET_EX_DATA                      102
-# define CRYPTO_F_FIPS_MODE_SET                           109
-# define CRYPTO_F_GET_AND_LOCK                            113
-# define CRYPTO_F_OPENSSL_ATEXIT                          114
-# define CRYPTO_F_OPENSSL_BUF2HEXSTR                      117
-# define CRYPTO_F_OPENSSL_FOPEN                           119
-# define CRYPTO_F_OPENSSL_HEXSTR2BUF                      118
-# define CRYPTO_F_OPENSSL_INIT_CRYPTO                     116
-# define CRYPTO_F_OPENSSL_LH_NEW                          126
-# define CRYPTO_F_OPENSSL_SK_DEEP_COPY                    127
-# define CRYPTO_F_OPENSSL_SK_DUP                          128
-# define CRYPTO_F_PKEY_HMAC_INIT                          123
-# define CRYPTO_F_PKEY_POLY1305_INIT                      124
-# define CRYPTO_F_PKEY_SIPHASH_INIT                       125
-# define CRYPTO_F_SK_RESERVE                              129

 /*
 * CRYPTO reason codes.
 */
-# define CRYPTO_R_FIPS_MODE_NOT_SUPPORTED                 101
+# define CRYPTO_R_BAD_ALGORITHM_NAME                      117
+# define CRYPTO_R_CONFLICTING_NAMES                       118
+# define CRYPTO_R_HEX_STRING_TOO_SHORT                    121
 # define CRYPTO_R_ILLEGAL_HEX_DIGIT                       102
+# define CRYPTO_R_INSUFFICIENT_DATA_SPACE                 106
+# define CRYPTO_R_INSUFFICIENT_PARAM_SIZE                 107
+# define CRYPTO_R_INSUFFICIENT_SECURE_DATA_SPACE          108
+# define CRYPTO_R_INTEGER_OVERFLOW                        127
+# define CRYPTO_R_INVALID_NEGATIVE_VALUE                  122
+# define CRYPTO_R_INVALID_NULL_ARGUMENT                   109
+# define CRYPTO_R_INVALID_OSSL_PARAM_TYPE                 110
+# define CRYPTO_R_NO_PARAMS_TO_MERGE                      131
+# define CRYPTO_R_NO_SPACE_FOR_TERMINATING_NULL           128
 # define CRYPTO_R_ODD_NUMBER_OF_DIGITS                    103
+# define CRYPTO_R_PARAM_CANNOT_BE_REPRESENTED_EXACTLY     123
+# define CRYPTO_R_PARAM_NOT_INTEGER_TYPE                  124
+# define CRYPTO_R_PARAM_OF_INCOMPATIBLE_TYPE              129
+# define CRYPTO_R_PARAM_UNSIGNED_INTEGER_NEGATIVE_VALUE_UNSUPPORTED 125
+# define CRYPTO_R_PARAM_UNSUPPORTED_FLOATING_POINT_FORMAT 130
+# define CRYPTO_R_PARAM_VALUE_TOO_LARGE_FOR_DESTINATION   126
+# define CRYPTO_R_PROVIDER_ALREADY_EXISTS                 104
+# define CRYPTO_R_PROVIDER_SECTION_ERROR                  105
+# define CRYPTO_R_RANDOM_SECTION_ERROR                    119
+# define CRYPTO_R_SECURE_MALLOC_FAILURE                   111
+# define CRYPTO_R_STRING_TOO_LONG                         112
+# define CRYPTO_R_TOO_MANY_BYTES                          113
+# define CRYPTO_R_TOO_MANY_RECORDS                        114
+# define CRYPTO_R_TOO_SMALL_BUFFER                        116
+# define CRYPTO_R_UNKNOWN_NAME_IN_RANDOM_SECTION          120
+# define CRYPTO_R_ZERO_LENGTH_NUMBER                      115

 #endif
--- a/src/3rdparty/win32_include/openssl/cryptoerr_legacy.h
+++ b/src/3rdparty/win32_include/openssl/cryptoerr_legacy.h
--- a/src/3rdparty/win32_include/openssl/ct.h
+++ b/src/3rdparty/win32_include/openssl/ct.h
@ -1,19 +1,30 @@
 /*
- * Copyright 2016-2018 The OpenSSL Project Authors. All Rights Reserved.
+ * WARNING: do not edit!
+ * Generated by makefile from include\openssl\ct.h.in
 *
- * Licensed under the OpenSSL license (the "License").  You may not use
+ * Copyright 2016-2020 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the Apache License 2.0 (the "License").  You may not use
 * this file except in compliance with the License.  You can obtain a copy
 * in the file LICENSE in the source distribution or at
 * https://www.openssl.org/source/license.html
 */

-#ifndef HEADER_CT_H
-# define HEADER_CT_H
+
+
+#ifndef OPENSSL_CT_H
+# define OPENSSL_CT_H
+# pragma once
+
+# include <openssl/macros.h>
+# ifndef OPENSSL_NO_DEPRECATED_3_0
+#  define HEADER_CT_H
+# endif

 # include <openssl/opensslconf.h>

 # ifndef OPENSSL_NO_CT
-# include <openssl/ossl_typ.h>
+# include <openssl/types.h>
 # include <openssl/safestack.h>
 # include <openssl/x509.h>
 # include <openssl/cterr.h>
@ -28,6 +39,61 @@ extern "C" {
 /* All hashes are SHA256 in v1 of Certificate Transparency */
 # define CT_V1_HASHLEN SHA256_DIGEST_LENGTH

+SKM_DEFINE_STACK_OF_INTERNAL(SCT, SCT, SCT)
+#define sk_SCT_num(sk) OPENSSL_sk_num(ossl_check_const_SCT_sk_type(sk))
+#define sk_SCT_value(sk, idx) ((SCT *)OPENSSL_sk_value(ossl_check_const_SCT_sk_type(sk), (idx)))
+#define sk_SCT_new(cmp) ((STACK_OF(SCT) *)OPENSSL_sk_new(ossl_check_SCT_compfunc_type(cmp)))
+#define sk_SCT_new_null() ((STACK_OF(SCT) *)OPENSSL_sk_new_null())
+#define sk_SCT_new_reserve(cmp, n) ((STACK_OF(SCT) *)OPENSSL_sk_new_reserve(ossl_check_SCT_compfunc_type(cmp), (n)))
+#define sk_SCT_reserve(sk, n) OPENSSL_sk_reserve(ossl_check_SCT_sk_type(sk), (n))
+#define sk_SCT_free(sk) OPENSSL_sk_free(ossl_check_SCT_sk_type(sk))
+#define sk_SCT_zero(sk) OPENSSL_sk_zero(ossl_check_SCT_sk_type(sk))
+#define sk_SCT_delete(sk, i) ((SCT *)OPENSSL_sk_delete(ossl_check_SCT_sk_type(sk), (i)))
+#define sk_SCT_delete_ptr(sk, ptr) ((SCT *)OPENSSL_sk_delete_ptr(ossl_check_SCT_sk_type(sk), ossl_check_SCT_type(ptr)))
+#define sk_SCT_push(sk, ptr) OPENSSL_sk_push(ossl_check_SCT_sk_type(sk), ossl_check_SCT_type(ptr))
+#define sk_SCT_unshift(sk, ptr) OPENSSL_sk_unshift(ossl_check_SCT_sk_type(sk), ossl_check_SCT_type(ptr))
+#define sk_SCT_pop(sk) ((SCT *)OPENSSL_sk_pop(ossl_check_SCT_sk_type(sk)))
+#define sk_SCT_shift(sk) ((SCT *)OPENSSL_sk_shift(ossl_check_SCT_sk_type(sk)))
+#define sk_SCT_pop_free(sk, freefunc) OPENSSL_sk_pop_free(ossl_check_SCT_sk_type(sk),ossl_check_SCT_freefunc_type(freefunc))
+#define sk_SCT_insert(sk, ptr, idx) OPENSSL_sk_insert(ossl_check_SCT_sk_type(sk), ossl_check_SCT_type(ptr), (idx))
+#define sk_SCT_set(sk, idx, ptr) ((SCT *)OPENSSL_sk_set(ossl_check_SCT_sk_type(sk), (idx), ossl_check_SCT_type(ptr)))
+#define sk_SCT_find(sk, ptr) OPENSSL_sk_find(ossl_check_SCT_sk_type(sk), ossl_check_SCT_type(ptr))
+#define sk_SCT_find_ex(sk, ptr) OPENSSL_sk_find_ex(ossl_check_SCT_sk_type(sk), ossl_check_SCT_type(ptr))
+#define sk_SCT_find_all(sk, ptr, pnum) OPENSSL_sk_find_all(ossl_check_SCT_sk_type(sk), ossl_check_SCT_type(ptr), pnum)
+#define sk_SCT_sort(sk) OPENSSL_sk_sort(ossl_check_SCT_sk_type(sk))
+#define sk_SCT_is_sorted(sk) OPENSSL_sk_is_sorted(ossl_check_const_SCT_sk_type(sk))
+#define sk_SCT_dup(sk) ((STACK_OF(SCT) *)OPENSSL_sk_dup(ossl_check_const_SCT_sk_type(sk)))
+#define sk_SCT_deep_copy(sk, copyfunc, freefunc) ((STACK_OF(SCT) *)OPENSSL_sk_deep_copy(ossl_check_const_SCT_sk_type(sk), ossl_check_SCT_copyfunc_type(copyfunc), ossl_check_SCT_freefunc_type(freefunc)))
+#define sk_SCT_set_cmp_func(sk, cmp) ((sk_SCT_compfunc)OPENSSL_sk_set_cmp_func(ossl_check_SCT_sk_type(sk), ossl_check_SCT_compfunc_type(cmp)))
+SKM_DEFINE_STACK_OF_INTERNAL(CTLOG, CTLOG, CTLOG)
+#define sk_CTLOG_num(sk) OPENSSL_sk_num(ossl_check_const_CTLOG_sk_type(sk))
+#define sk_CTLOG_value(sk, idx) ((CTLOG *)OPENSSL_sk_value(ossl_check_const_CTLOG_sk_type(sk), (idx)))
+#define sk_CTLOG_new(cmp) ((STACK_OF(CTLOG) *)OPENSSL_sk_new(ossl_check_CTLOG_compfunc_type(cmp)))
+#define sk_CTLOG_new_null() ((STACK_OF(CTLOG) *)OPENSSL_sk_new_null())
+#define sk_CTLOG_new_reserve(cmp, n) ((STACK_OF(CTLOG) *)OPENSSL_sk_new_reserve(ossl_check_CTLOG_compfunc_type(cmp), (n)))
+#define sk_CTLOG_reserve(sk, n) OPENSSL_sk_reserve(ossl_check_CTLOG_sk_type(sk), (n))
+#define sk_CTLOG_free(sk) OPENSSL_sk_free(ossl_check_CTLOG_sk_type(sk))
+#define sk_CTLOG_zero(sk) OPENSSL_sk_zero(ossl_check_CTLOG_sk_type(sk))
+#define sk_CTLOG_delete(sk, i) ((CTLOG *)OPENSSL_sk_delete(ossl_check_CTLOG_sk_type(sk), (i)))
+#define sk_CTLOG_delete_ptr(sk, ptr) ((CTLOG *)OPENSSL_sk_delete_ptr(ossl_check_CTLOG_sk_type(sk), ossl_check_CTLOG_type(ptr)))
+#define sk_CTLOG_push(sk, ptr) OPENSSL_sk_push(ossl_check_CTLOG_sk_type(sk), ossl_check_CTLOG_type(ptr))
+#define sk_CTLOG_unshift(sk, ptr) OPENSSL_sk_unshift(ossl_check_CTLOG_sk_type(sk), ossl_check_CTLOG_type(ptr))
+#define sk_CTLOG_pop(sk) ((CTLOG *)OPENSSL_sk_pop(ossl_check_CTLOG_sk_type(sk)))
+#define sk_CTLOG_shift(sk) ((CTLOG *)OPENSSL_sk_shift(ossl_check_CTLOG_sk_type(sk)))
+#define sk_CTLOG_pop_free(sk, freefunc) OPENSSL_sk_pop_free(ossl_check_CTLOG_sk_type(sk),ossl_check_CTLOG_freefunc_type(freefunc))
+#define sk_CTLOG_insert(sk, ptr, idx) OPENSSL_sk_insert(ossl_check_CTLOG_sk_type(sk), ossl_check_CTLOG_type(ptr), (idx))
+#define sk_CTLOG_set(sk, idx, ptr) ((CTLOG *)OPENSSL_sk_set(ossl_check_CTLOG_sk_type(sk), (idx), ossl_check_CTLOG_type(ptr)))
+#define sk_CTLOG_find(sk, ptr) OPENSSL_sk_find(ossl_check_CTLOG_sk_type(sk), ossl_check_CTLOG_type(ptr))
+#define sk_CTLOG_find_ex(sk, ptr) OPENSSL_sk_find_ex(ossl_check_CTLOG_sk_type(sk), ossl_check_CTLOG_type(ptr))
+#define sk_CTLOG_find_all(sk, ptr, pnum) OPENSSL_sk_find_all(ossl_check_CTLOG_sk_type(sk), ossl_check_CTLOG_type(ptr), pnum)
+#define sk_CTLOG_sort(sk) OPENSSL_sk_sort(ossl_check_CTLOG_sk_type(sk))
+#define sk_CTLOG_is_sorted(sk) OPENSSL_sk_is_sorted(ossl_check_const_CTLOG_sk_type(sk))
+#define sk_CTLOG_dup(sk) ((STACK_OF(CTLOG) *)OPENSSL_sk_dup(ossl_check_const_CTLOG_sk_type(sk)))
+#define sk_CTLOG_deep_copy(sk, copyfunc, freefunc) ((STACK_OF(CTLOG) *)OPENSSL_sk_deep_copy(ossl_check_const_CTLOG_sk_type(sk), ossl_check_CTLOG_copyfunc_type(copyfunc), ossl_check_CTLOG_freefunc_type(freefunc)))
+#define sk_CTLOG_set_cmp_func(sk, cmp) ((sk_CTLOG_compfunc)OPENSSL_sk_set_cmp_func(ossl_check_CTLOG_sk_type(sk), ossl_check_CTLOG_compfunc_type(cmp)))
+
+
+
 typedef enum {
    CT_LOG_ENTRY_TYPE_NOT_SET = -1,
    CT_LOG_ENTRY_TYPE_X509 = 0,
@ -55,18 +121,23 @@ typedef enum {
    SCT_VALIDATION_STATUS_UNKNOWN_VERSION
 } sct_validation_status_t;

-DEFINE_STACK_OF(SCT)
-DEFINE_STACK_OF(CTLOG)
-
 /******************************************
 * CT policy evaluation context functions *
 ******************************************/

 /*
- * Creates a new, empty policy evaluation context.
+ * Creates a new, empty policy evaluation context associated with the given
+ * library context and property query string.
 * The caller is responsible for calling CT_POLICY_EVAL_CTX_free when finished
 * with the CT_POLICY_EVAL_CTX.
 */
+CT_POLICY_EVAL_CTX *CT_POLICY_EVAL_CTX_new_ex(OSSL_LIB_CTX *libctx,
+                                              const char *propq);
+                                                       
+/*
+ * The same as CT_POLICY_EVAL_CTX_new_ex() but the default library
+ * context and property query string is used.
+ */
 CT_POLICY_EVAL_CTX *CT_POLICY_EVAL_CTX_new(void);

 /* Deletes a policy evaluation context and anything it owns. */
@ -317,7 +388,7 @@ __owur int SCT_LIST_validate(const STACK_OF(SCT) *scts,


 /*********************************
- * SCT parsing and serialisation *
+ * SCT parsing and serialization *
 *********************************/

 /*
@ -403,19 +474,39 @@ SCT *o2i_SCT(SCT **psct, const unsigned char **in, size_t len);
 ********************/

 /*
- * Creates a new CT log instance with the given |public_key| and |name|.
+ * Creates a new CT log instance with the given |public_key| and |name| and
+ * associates it with the give library context |libctx| and property query
+ * string |propq|.
 * Takes ownership of |public_key| but copies |name|.
 * Returns NULL if malloc fails or if |public_key| cannot be converted to DER.
 * Should be deleted by the caller using CTLOG_free when no longer needed.
 */
+CTLOG *CTLOG_new_ex(EVP_PKEY *public_key, const char *name, OSSL_LIB_CTX *libctx,
+                    const char *propq);
+
+/*
+ * The same as CTLOG_new_ex except that the default library context and
+ * property query string are used.
+ */
 CTLOG *CTLOG_new(EVP_PKEY *public_key, const char *name);

 /*
 * Creates a new CTLOG instance with the base64-encoded SubjectPublicKeyInfo DER
- * in |pkey_base64|. The |name| is a string to help users identify this log.
+ * in |pkey_base64| and associated with the given library context |libctx| and
+ * property query string |propq|. The |name| is a string to help users identify
+ * this log.
 * Returns 1 on success, 0 on failure.
 * Should be deleted by the caller using CTLOG_free when no longer needed.
 */
+int CTLOG_new_from_base64_ex(CTLOG **ct_log, const char *pkey_base64,
+                             const char *name, OSSL_LIB_CTX *libctx,
+                             const char *propq);
+
+/*
+ * The same as CTLOG_new_from_base64_ex() except that the default
+ * library context and property query string are used.
+ * Returns 1 on success, 0 on failure.
+ */
 int CTLOG_new_from_base64(CTLOG ** ct_log,
                          const char *pkey_base64, const char *name);

@ -437,7 +528,15 @@ EVP_PKEY *CTLOG_get0_public_key(const CTLOG *log);
 **************************/

 /*
- * Creates a new CT log store.
+ * Creates a new CT log store and associates it with the given libctx and
+ * property query string.
+ * Should be deleted by the caller using CTLOG_STORE_free when no longer needed.
+ */
+CTLOG_STORE *CTLOG_STORE_new_ex(OSSL_LIB_CTX *libctx, const char *propq);
+
+/*
+ * Same as CTLOG_STORE_new_ex except that the default libctx and
+ * property query string are used.
 * Should be deleted by the caller using CTLOG_STORE_free when no longer needed.
 */
 CTLOG_STORE *CTLOG_STORE_new(void);
--- a/src/3rdparty/win32_include/openssl/cterr.h
+++ b/src/3rdparty/win32_include/openssl/cterr.h
@ -1,59 +1,24 @@
 /*
 * Generated by util/mkerr.pl DO NOT EDIT
- * Copyright 1995-2019 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 1995-2021 The OpenSSL Project Authors. All Rights Reserved.
 *
- * Licensed under the OpenSSL license (the "License").  You may not use
+ * Licensed under the Apache License 2.0 (the "License").  You may not use
 * this file except in compliance with the License.  You can obtain a copy
 * in the file LICENSE in the source distribution or at
 * https://www.openssl.org/source/license.html
 */

-#ifndef HEADER_CTERR_H
-# define HEADER_CTERR_H
-
-# ifndef HEADER_SYMHACKS_H
-#  include <openssl/symhacks.h>
-# endif
+#ifndef OPENSSL_CTERR_H
+# define OPENSSL_CTERR_H
+# pragma once

 # include <openssl/opensslconf.h>
+# include <openssl/symhacks.h>
+# include <openssl/cryptoerr_legacy.h>
+

 # ifndef OPENSSL_NO_CT

-#  ifdef  __cplusplus
-extern "C"
-#  endif
-int ERR_load_CT_strings(void);
-
-/*
- * CT function codes.
- */
-#  define CT_F_CTLOG_NEW                                   117
-#  define CT_F_CTLOG_NEW_FROM_BASE64                       118
-#  define CT_F_CTLOG_NEW_FROM_CONF                         119
-#  define CT_F_CTLOG_STORE_LOAD_CTX_NEW                    122
-#  define CT_F_CTLOG_STORE_LOAD_FILE                       123
-#  define CT_F_CTLOG_STORE_LOAD_LOG                        130
-#  define CT_F_CTLOG_STORE_NEW                             131
-#  define CT_F_CT_BASE64_DECODE                            124
-#  define CT_F_CT_POLICY_EVAL_CTX_NEW                      133
-#  define CT_F_CT_V1_LOG_ID_FROM_PKEY                      125
-#  define CT_F_I2O_SCT                                     107
-#  define CT_F_I2O_SCT_LIST                                108
-#  define CT_F_I2O_SCT_SIGNATURE                           109
-#  define CT_F_O2I_SCT                                     110
-#  define CT_F_O2I_SCT_LIST                                111
-#  define CT_F_O2I_SCT_SIGNATURE                           112
-#  define CT_F_SCT_CTX_NEW                                 126
-#  define CT_F_SCT_CTX_VERIFY                              128
-#  define CT_F_SCT_NEW                                     100
-#  define CT_F_SCT_NEW_FROM_BASE64                         127
-#  define CT_F_SCT_SET0_LOG_ID                             101
-#  define CT_F_SCT_SET1_EXTENSIONS                         114
-#  define CT_F_SCT_SET1_LOG_ID                             115
-#  define CT_F_SCT_SET1_SIGNATURE                          116
-#  define CT_F_SCT_SET_LOG_ENTRY_TYPE                      102
-#  define CT_F_SCT_SET_SIGNATURE_NID                       103
-#  define CT_F_SCT_SET_VERSION                             104

 /*
 * CT reason codes.
--- a/src/3rdparty/win32_include/openssl/decoder.h
+++ b/src/3rdparty/win32_include/openssl/decoder.h
@ -0,0 +1,133 @@
+/*
+ * Copyright 2020-2021 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the Apache License 2.0 (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#ifndef OPENSSL_DECODER_H
+# define OPENSSL_DECODER_H
+# pragma once
+
+# include <openssl/opensslconf.h>
+
+# ifndef OPENSSL_NO_STDIO
+#  include <stdio.h>
+# endif
+# include <stdarg.h>
+# include <stddef.h>
+# include <openssl/decodererr.h>
+# include <openssl/types.h>
+# include <openssl/core.h>
+
+# ifdef __cplusplus
+extern "C" {
+# endif
+
+OSSL_DECODER *OSSL_DECODER_fetch(OSSL_LIB_CTX *libctx, const char *name,
+                                 const char *properties);
+int OSSL_DECODER_up_ref(OSSL_DECODER *encoder);
+void OSSL_DECODER_free(OSSL_DECODER *encoder);
+
+const OSSL_PROVIDER *OSSL_DECODER_get0_provider(const OSSL_DECODER *encoder);
+const char *OSSL_DECODER_get0_properties(const OSSL_DECODER *encoder);
+const char *OSSL_DECODER_get0_name(const OSSL_DECODER *decoder);
+const char *OSSL_DECODER_get0_description(const OSSL_DECODER *decoder);
+int OSSL_DECODER_is_a(const OSSL_DECODER *encoder, const char *name);
+
+void OSSL_DECODER_do_all_provided(OSSL_LIB_CTX *libctx,
+                                  void (*fn)(OSSL_DECODER *encoder, void *arg),
+                                  void *arg);
+int OSSL_DECODER_names_do_all(const OSSL_DECODER *encoder,
+                              void (*fn)(const char *name, void *data),
+                              void *data);
+const OSSL_PARAM *OSSL_DECODER_gettable_params(OSSL_DECODER *decoder);
+int OSSL_DECODER_get_params(OSSL_DECODER *decoder, OSSL_PARAM params[]);
+
+const OSSL_PARAM *OSSL_DECODER_settable_ctx_params(OSSL_DECODER *encoder);
+OSSL_DECODER_CTX *OSSL_DECODER_CTX_new(void);
+int OSSL_DECODER_CTX_set_params(OSSL_DECODER_CTX *ctx,
+                                const OSSL_PARAM params[]);
+void OSSL_DECODER_CTX_free(OSSL_DECODER_CTX *ctx);
+
+/* Utilities that help set specific parameters */
+int OSSL_DECODER_CTX_set_passphrase(OSSL_DECODER_CTX *ctx,
+                                    const unsigned char *kstr, size_t klen);
+int OSSL_DECODER_CTX_set_pem_password_cb(OSSL_DECODER_CTX *ctx,
+                                         pem_password_cb *cb, void *cbarg);
+int OSSL_DECODER_CTX_set_passphrase_cb(OSSL_DECODER_CTX *ctx,
+                                       OSSL_PASSPHRASE_CALLBACK *cb,
+                                       void *cbarg);
+int OSSL_DECODER_CTX_set_passphrase_ui(OSSL_DECODER_CTX *ctx,
+                                       const UI_METHOD *ui_method,
+                                       void *ui_data);
+
+/*
+ * Utilities to read the object to decode, with the result sent to cb.
+ * These will discover all provided methods
+ */
+
+int OSSL_DECODER_CTX_set_selection(OSSL_DECODER_CTX *ctx, int selection);
+int OSSL_DECODER_CTX_set_input_type(OSSL_DECODER_CTX *ctx,
+                                    const char *input_type);
+int OSSL_DECODER_CTX_set_input_structure(OSSL_DECODER_CTX *ctx,
+                                         const char *input_structure);
+int OSSL_DECODER_CTX_add_decoder(OSSL_DECODER_CTX *ctx, OSSL_DECODER *decoder);
+int OSSL_DECODER_CTX_add_extra(OSSL_DECODER_CTX *ctx,
+                               OSSL_LIB_CTX *libctx, const char *propq);
+int OSSL_DECODER_CTX_get_num_decoders(OSSL_DECODER_CTX *ctx);
+
+typedef struct ossl_decoder_instance_st OSSL_DECODER_INSTANCE;
+OSSL_DECODER *
+OSSL_DECODER_INSTANCE_get_decoder(OSSL_DECODER_INSTANCE *decoder_inst);
+void *
+OSSL_DECODER_INSTANCE_get_decoder_ctx(OSSL_DECODER_INSTANCE *decoder_inst);
+const char *
+OSSL_DECODER_INSTANCE_get_input_type(OSSL_DECODER_INSTANCE *decoder_inst);
+const char *
+OSSL_DECODER_INSTANCE_get_input_structure(OSSL_DECODER_INSTANCE *decoder_inst,
+                                          int *was_set);
+
+typedef int OSSL_DECODER_CONSTRUCT(OSSL_DECODER_INSTANCE *decoder_inst,
+                                   const OSSL_PARAM *params,
+                                   void *construct_data);
+typedef void OSSL_DECODER_CLEANUP(void *construct_data);
+
+int OSSL_DECODER_CTX_set_construct(OSSL_DECODER_CTX *ctx,
+                                   OSSL_DECODER_CONSTRUCT *construct);
+int OSSL_DECODER_CTX_set_construct_data(OSSL_DECODER_CTX *ctx,
+                                        void *construct_data);
+int OSSL_DECODER_CTX_set_cleanup(OSSL_DECODER_CTX *ctx,
+                                 OSSL_DECODER_CLEANUP *cleanup);
+OSSL_DECODER_CONSTRUCT *OSSL_DECODER_CTX_get_construct(OSSL_DECODER_CTX *ctx);
+void *OSSL_DECODER_CTX_get_construct_data(OSSL_DECODER_CTX *ctx);
+OSSL_DECODER_CLEANUP *OSSL_DECODER_CTX_get_cleanup(OSSL_DECODER_CTX *ctx);
+
+int OSSL_DECODER_export(OSSL_DECODER_INSTANCE *decoder_inst,
+                        void *reference, size_t reference_sz,
+                        OSSL_CALLBACK *export_cb, void *export_cbarg);
+
+int OSSL_DECODER_from_bio(OSSL_DECODER_CTX *ctx, BIO *in);
+#ifndef OPENSSL_NO_STDIO
+int OSSL_DECODER_from_fp(OSSL_DECODER_CTX *ctx, FILE *in);
+#endif
+int OSSL_DECODER_from_data(OSSL_DECODER_CTX *ctx, const unsigned char **pdata,
+                           size_t *pdata_len);
+
+/*
+ * Create the OSSL_DECODER_CTX with an associated type.  This will perform
+ * an implicit OSSL_DECODER_fetch(), suitable for the object of that type.
+ */
+OSSL_DECODER_CTX *
+OSSL_DECODER_CTX_new_for_pkey(EVP_PKEY **pkey,
+                              const char *input_type,
+                              const char *input_struct,
+                              const char *keytype, int selection,
+                              OSSL_LIB_CTX *libctx, const char *propquery);
+
+# ifdef __cplusplus
+}
+# endif
+#endif
--- a/src/3rdparty/win32_include/openssl/decodererr.h
+++ b/src/3rdparty/win32_include/openssl/decodererr.h
@ -0,0 +1,28 @@
+/*
+ * Generated by util/mkerr.pl DO NOT EDIT
+ * Copyright 1995-2021 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the Apache License 2.0 (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#ifndef OPENSSL_DECODERERR_H
+# define OPENSSL_DECODERERR_H
+# pragma once
+
+# include <openssl/opensslconf.h>
+# include <openssl/symhacks.h>
+# include <openssl/cryptoerr_legacy.h>
+
+
+
+/*
+ * OSSL_DECODER reason codes.
+ */
+# define OSSL_DECODER_R_COULD_NOT_DECODE_OBJECT           101
+# define OSSL_DECODER_R_DECODER_NOT_FOUND                 102
+# define OSSL_DECODER_R_MISSING_GET_PARAMS                100
+
+#endif
--- a/src/3rdparty/win32_include/openssl/des.h
+++ b/src/3rdparty/win32_include/openssl/des.h
@ -1,29 +1,36 @@
 /*
- * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 1995-2020 The OpenSSL Project Authors. All Rights Reserved.
 *
- * Licensed under the OpenSSL license (the "License").  You may not use
+ * Licensed under the Apache License 2.0 (the "License").  You may not use
 * this file except in compliance with the License.  You can obtain a copy
 * in the file LICENSE in the source distribution or at
 * https://www.openssl.org/source/license.html
 */

-#ifndef HEADER_DES_H
-# define HEADER_DES_H
+#ifndef OPENSSL_DES_H
+# define OPENSSL_DES_H
+# pragma once
+
+# include <openssl/macros.h>
+# ifndef OPENSSL_NO_DEPRECATED_3_0
+#  define HEADER_DES_H
+# endif

 # include <openssl/opensslconf.h>

 # ifndef OPENSSL_NO_DES
-# ifdef  __cplusplus
+#  ifdef  __cplusplus
 extern "C" {
-# endif
-# include <openssl/e_os2.h>
+#  endif
+#  include <openssl/e_os2.h>

+#  ifndef OPENSSL_NO_DEPRECATED_3_0
 typedef unsigned int DES_LONG;

-# ifdef OPENSSL_BUILD_SHLIBCRYPTO
-#  undef OPENSSL_EXTERN
-#  define OPENSSL_EXTERN OPENSSL_EXPORT
-# endif
+#   ifdef OPENSSL_BUILD_SHLIBCRYPTO
+#    undef OPENSSL_EXTERN
+#    define OPENSSL_EXTERN OPENSSL_EXPORT
+#   endif

 typedef unsigned char DES_cblock[8];
 typedef /* const */ unsigned char const_DES_cblock[8];
@ -42,53 +49,62 @@ typedef struct DES_ks {
    } ks[16];
 } DES_key_schedule;

-# define DES_KEY_SZ      (sizeof(DES_cblock))
-# define DES_SCHEDULE_SZ (sizeof(DES_key_schedule))
+#   define DES_KEY_SZ      (sizeof(DES_cblock))
+#   define DES_SCHEDULE_SZ (sizeof(DES_key_schedule))

-# define DES_ENCRYPT     1
-# define DES_DECRYPT     0
+#   define DES_ENCRYPT     1
+#   define DES_DECRYPT     0

-# define DES_CBC_MODE    0
-# define DES_PCBC_MODE   1
+#   define DES_CBC_MODE    0
+#   define DES_PCBC_MODE   1

-# define DES_ecb2_encrypt(i,o,k1,k2,e) \
+#   define DES_ecb2_encrypt(i,o,k1,k2,e) \
        DES_ecb3_encrypt((i),(o),(k1),(k2),(k1),(e))

-# define DES_ede2_cbc_encrypt(i,o,l,k1,k2,iv,e) \
+#   define DES_ede2_cbc_encrypt(i,o,l,k1,k2,iv,e) \
        DES_ede3_cbc_encrypt((i),(o),(l),(k1),(k2),(k1),(iv),(e))

-# define DES_ede2_cfb64_encrypt(i,o,l,k1,k2,iv,n,e) \
+#   define DES_ede2_cfb64_encrypt(i,o,l,k1,k2,iv,n,e) \
        DES_ede3_cfb64_encrypt((i),(o),(l),(k1),(k2),(k1),(iv),(n),(e))

-# define DES_ede2_ofb64_encrypt(i,o,l,k1,k2,iv,n) \
+#   define DES_ede2_ofb64_encrypt(i,o,l,k1,k2,iv,n) \
        DES_ede3_ofb64_encrypt((i),(o),(l),(k1),(k2),(k1),(iv),(n))

-OPENSSL_DECLARE_GLOBAL(int, DES_check_key); /* defaults to false */
-# define DES_check_key OPENSSL_GLOBAL_REF(DES_check_key)
-
-const char *DES_options(void);
+#   define DES_fixup_key_parity DES_set_odd_parity
+#  endif
+#  ifndef OPENSSL_NO_DEPRECATED_3_0
+OSSL_DEPRECATEDIN_3_0 const char *DES_options(void);
+OSSL_DEPRECATEDIN_3_0
 void DES_ecb3_encrypt(const_DES_cblock *input, DES_cblock *output,
                      DES_key_schedule *ks1, DES_key_schedule *ks2,
                      DES_key_schedule *ks3, int enc);
+OSSL_DEPRECATEDIN_3_0
 DES_LONG DES_cbc_cksum(const unsigned char *input, DES_cblock *output,
                       long length, DES_key_schedule *schedule,
                       const_DES_cblock *ivec);
+#  endif
 /* DES_cbc_encrypt does not update the IV!  Use DES_ncbc_encrypt instead. */
+#  ifndef OPENSSL_NO_DEPRECATED_3_0
+OSSL_DEPRECATEDIN_3_0
 void DES_cbc_encrypt(const unsigned char *input, unsigned char *output,
-                     long length, DES_key_schedule *schedule,
-                     DES_cblock *ivec, int enc);
+                     long length, DES_key_schedule *schedule, DES_cblock *ivec,
+                     int enc);
+OSSL_DEPRECATEDIN_3_0
 void DES_ncbc_encrypt(const unsigned char *input, unsigned char *output,
-                      long length, DES_key_schedule *schedule,
-                      DES_cblock *ivec, int enc);
+                      long length, DES_key_schedule *schedule, DES_cblock *ivec,
+                      int enc);
+OSSL_DEPRECATEDIN_3_0
 void DES_xcbc_encrypt(const unsigned char *input, unsigned char *output,
-                      long length, DES_key_schedule *schedule,
-                      DES_cblock *ivec, const_DES_cblock *inw,
-                      const_DES_cblock *outw, int enc);
+                      long length, DES_key_schedule *schedule, DES_cblock *ivec,
+                      const_DES_cblock *inw, const_DES_cblock *outw, int enc);
+OSSL_DEPRECATEDIN_3_0
 void DES_cfb_encrypt(const unsigned char *in, unsigned char *out, int numbits,
-                     long length, DES_key_schedule *schedule,
-                     DES_cblock *ivec, int enc);
+                     long length, DES_key_schedule *schedule, DES_cblock *ivec,
+                     int enc);
+OSSL_DEPRECATEDIN_3_0
 void DES_ecb_encrypt(const_DES_cblock *input, DES_cblock *output,
                     DES_key_schedule *ks, int enc);
+#  endif

 /*
 * This is the DES encryption function that gets called by just about every
@ -100,7 +116,10 @@ void DES_ecb_encrypt(const_DES_cblock *input, DES_cblock *output,
 * long's and ks is the DES_key_schedule to use.  enc, is non zero specifies
 * encryption, zero if decryption.
 */
+#  ifndef OPENSSL_NO_DEPRECATED_3_0
+OSSL_DEPRECATEDIN_3_0
 void DES_encrypt1(DES_LONG *data, DES_key_schedule *ks, int enc);
+#  endif

 /*
 * This functions is the same as DES_encrypt1() except that the DES initial
@ -110,65 +129,83 @@ void DES_encrypt1(DES_LONG *data, DES_key_schedule *ks, int enc);
 * DES_encrypt2() DES_encrypt2() FP() is the same as DES_encrypt1()
 * DES_encrypt1() DES_encrypt1() except faster :-).
 */
+#  ifndef OPENSSL_NO_DEPRECATED_3_0
+OSSL_DEPRECATEDIN_3_0
 void DES_encrypt2(DES_LONG *data, DES_key_schedule *ks, int enc);
-
-void DES_encrypt3(DES_LONG *data, DES_key_schedule *ks1,
-                  DES_key_schedule *ks2, DES_key_schedule *ks3);
-void DES_decrypt3(DES_LONG *data, DES_key_schedule *ks1,
-                  DES_key_schedule *ks2, DES_key_schedule *ks3);
+OSSL_DEPRECATEDIN_3_0
+void DES_encrypt3(DES_LONG *data, DES_key_schedule *ks1, DES_key_schedule *ks2,
+                  DES_key_schedule *ks3);
+OSSL_DEPRECATEDIN_3_0
+void DES_decrypt3(DES_LONG *data, DES_key_schedule *ks1, DES_key_schedule *ks2,
+                  DES_key_schedule *ks3);
+OSSL_DEPRECATEDIN_3_0
 void DES_ede3_cbc_encrypt(const unsigned char *input, unsigned char *output,
-                          long length,
-                          DES_key_schedule *ks1, DES_key_schedule *ks2,
-                          DES_key_schedule *ks3, DES_cblock *ivec, int enc);
+                          long length, DES_key_schedule *ks1,
+                          DES_key_schedule *ks2, DES_key_schedule *ks3,
+                          DES_cblock *ivec, int enc);
+OSSL_DEPRECATEDIN_3_0
 void DES_ede3_cfb64_encrypt(const unsigned char *in, unsigned char *out,
                            long length, DES_key_schedule *ks1,
                            DES_key_schedule *ks2, DES_key_schedule *ks3,
                            DES_cblock *ivec, int *num, int enc);
+OSSL_DEPRECATEDIN_3_0
 void DES_ede3_cfb_encrypt(const unsigned char *in, unsigned char *out,
                          int numbits, long length, DES_key_schedule *ks1,
                          DES_key_schedule *ks2, DES_key_schedule *ks3,
                          DES_cblock *ivec, int enc);
+OSSL_DEPRECATEDIN_3_0
 void DES_ede3_ofb64_encrypt(const unsigned char *in, unsigned char *out,
                            long length, DES_key_schedule *ks1,
                            DES_key_schedule *ks2, DES_key_schedule *ks3,
                            DES_cblock *ivec, int *num);
+OSSL_DEPRECATEDIN_3_0
 char *DES_fcrypt(const char *buf, const char *salt, char *ret);
+OSSL_DEPRECATEDIN_3_0
 char *DES_crypt(const char *buf, const char *salt);
+OSSL_DEPRECATEDIN_3_0
 void DES_ofb_encrypt(const unsigned char *in, unsigned char *out, int numbits,
-                     long length, DES_key_schedule *schedule,
-                     DES_cblock *ivec);
+                     long length, DES_key_schedule *schedule, DES_cblock *ivec);
+OSSL_DEPRECATEDIN_3_0
 void DES_pcbc_encrypt(const unsigned char *input, unsigned char *output,
                      long length, DES_key_schedule *schedule,
                      DES_cblock *ivec, int enc);
+OSSL_DEPRECATEDIN_3_0
 DES_LONG DES_quad_cksum(const unsigned char *input, DES_cblock output[],
                        long length, int out_count, DES_cblock *seed);
-int DES_random_key(DES_cblock *ret);
-void DES_set_odd_parity(DES_cblock *key);
-int DES_check_key_parity(const_DES_cblock *key);
-int DES_is_weak_key(const_DES_cblock *key);
+OSSL_DEPRECATEDIN_3_0 int DES_random_key(DES_cblock *ret);
+OSSL_DEPRECATEDIN_3_0 void DES_set_odd_parity(DES_cblock *key);
+OSSL_DEPRECATEDIN_3_0 int DES_check_key_parity(const_DES_cblock *key);
+OSSL_DEPRECATEDIN_3_0 int DES_is_weak_key(const_DES_cblock *key);
+#  endif
 /*
 * DES_set_key (= set_key = DES_key_sched = key_sched) calls
- * DES_set_key_checked if global variable DES_check_key is set,
- * DES_set_key_unchecked otherwise.
+ * DES_set_key_checked
 */
+#  ifndef OPENSSL_NO_DEPRECATED_3_0
+OSSL_DEPRECATEDIN_3_0
 int DES_set_key(const_DES_cblock *key, DES_key_schedule *schedule);
+OSSL_DEPRECATEDIN_3_0
 int DES_key_sched(const_DES_cblock *key, DES_key_schedule *schedule);
+OSSL_DEPRECATEDIN_3_0
 int DES_set_key_checked(const_DES_cblock *key, DES_key_schedule *schedule);
+OSSL_DEPRECATEDIN_3_0
 void DES_set_key_unchecked(const_DES_cblock *key, DES_key_schedule *schedule);
-void DES_string_to_key(const char *str, DES_cblock *key);
+OSSL_DEPRECATEDIN_3_0 void DES_string_to_key(const char *str, DES_cblock *key);
+OSSL_DEPRECATEDIN_3_0
 void DES_string_to_2keys(const char *str, DES_cblock *key1, DES_cblock *key2);
+OSSL_DEPRECATEDIN_3_0
 void DES_cfb64_encrypt(const unsigned char *in, unsigned char *out,
                       long length, DES_key_schedule *schedule,
                       DES_cblock *ivec, int *num, int enc);
+OSSL_DEPRECATEDIN_3_0
 void DES_ofb64_encrypt(const unsigned char *in, unsigned char *out,
                       long length, DES_key_schedule *schedule,
                       DES_cblock *ivec, int *num);
+#  endif

-# define DES_fixup_key_parity DES_set_odd_parity
-
-# ifdef  __cplusplus
+#  ifdef  __cplusplus
 }
-# endif
+#  endif
 # endif

 #endif
--- a/src/3rdparty/win32_include/openssl/dh.h
+++ b/src/3rdparty/win32_include/openssl/dh.h
@ -1,313 +1,62 @@
 /*
- * Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 1995-2022 The OpenSSL Project Authors. All Rights Reserved.
 *
- * Licensed under the OpenSSL license (the "License").  You may not use
+ * Licensed under the Apache License 2.0 (the "License").  You may not use
 * this file except in compliance with the License.  You can obtain a copy
 * in the file LICENSE in the source distribution or at
 * https://www.openssl.org/source/license.html
 */

-#ifndef HEADER_DH_H
-# define HEADER_DH_H
+#ifndef OPENSSL_DH_H
+# define OPENSSL_DH_H
+# pragma once
+
+# include <openssl/macros.h>
+# ifndef OPENSSL_NO_DEPRECATED_3_0
+#  define HEADER_DH_H
+# endif

 # include <openssl/opensslconf.h>
-
-# ifndef OPENSSL_NO_DH
-# include <openssl/e_os2.h>
-# include <openssl/bio.h>
-# include <openssl/asn1.h>
-# include <openssl/ossl_typ.h>
-# if OPENSSL_API_COMPAT < 0x10100000L
-#  include <openssl/bn.h>
-# endif
-# include <openssl/dherr.h>
+# include <openssl/types.h>

 # ifdef  __cplusplus
 extern "C" {
 # endif

-# ifndef OPENSSL_DH_MAX_MODULUS_BITS
-#  define OPENSSL_DH_MAX_MODULUS_BITS    10000
-# endif
+#include <stdlib.h>

-# define OPENSSL_DH_FIPS_MIN_MODULUS_BITS 1024
+/* DH parameter generation types used by EVP_PKEY_CTX_set_dh_paramgen_type() */
+# define DH_PARAMGEN_TYPE_GENERATOR     0   /* Use a safe prime generator */
+# define DH_PARAMGEN_TYPE_FIPS_186_2    1   /* Use FIPS186-2 standard */
+# define DH_PARAMGEN_TYPE_FIPS_186_4    2   /* Use FIPS186-4 standard */
+# define DH_PARAMGEN_TYPE_GROUP         3   /* Use a named safe prime group */

-# define DH_FLAG_CACHE_MONT_P     0x01
+int EVP_PKEY_CTX_set_dh_paramgen_type(EVP_PKEY_CTX *ctx, int typ);
+int EVP_PKEY_CTX_set_dh_paramgen_gindex(EVP_PKEY_CTX *ctx, int gindex);
+int EVP_PKEY_CTX_set_dh_paramgen_seed(EVP_PKEY_CTX *ctx,
+                                      const unsigned char *seed,
+                                      size_t seedlen);
+int EVP_PKEY_CTX_set_dh_paramgen_prime_len(EVP_PKEY_CTX *ctx, int pbits);
+int EVP_PKEY_CTX_set_dh_paramgen_subprime_len(EVP_PKEY_CTX *ctx, int qlen);
+int EVP_PKEY_CTX_set_dh_paramgen_generator(EVP_PKEY_CTX *ctx, int gen);
+int EVP_PKEY_CTX_set_dh_nid(EVP_PKEY_CTX *ctx, int nid);
+int EVP_PKEY_CTX_set_dh_rfc5114(EVP_PKEY_CTX *ctx, int gen);
+int EVP_PKEY_CTX_set_dhx_rfc5114(EVP_PKEY_CTX *ctx, int gen);
+int EVP_PKEY_CTX_set_dh_pad(EVP_PKEY_CTX *ctx, int pad);

-# if OPENSSL_API_COMPAT < 0x10100000L
-/*
- * Does nothing. Previously this switched off constant time behaviour.
- */
-#  define DH_FLAG_NO_EXP_CONSTTIME 0x00
-# endif
-
-/*
- * If this flag is set the DH method is FIPS compliant and can be used in
- * FIPS mode. This is set in the validated module method. If an application
- * sets this flag in its own methods it is its responsibility to ensure the
- * result is compliant.
- */
-
-# define DH_FLAG_FIPS_METHOD                     0x0400
-
-/*
- * If this flag is set the operations normally disabled in FIPS mode are
- * permitted it is then the applications responsibility to ensure that the
- * usage is compliant.
- */
-
-# define DH_FLAG_NON_FIPS_ALLOW                  0x0400
-
-/* Already defined in ossl_typ.h */
-/* typedef struct dh_st DH; */
-/* typedef struct dh_method DH_METHOD; */
-
-DECLARE_ASN1_ITEM(DHparams)
-
-# define DH_GENERATOR_2          2
-/* #define DH_GENERATOR_3       3 */
-# define DH_GENERATOR_5          5
-
-/* DH_check error codes */
-# define DH_CHECK_P_NOT_PRIME            0x01
-# define DH_CHECK_P_NOT_SAFE_PRIME       0x02
-# define DH_UNABLE_TO_CHECK_GENERATOR    0x04
-# define DH_NOT_SUITABLE_GENERATOR       0x08
-# define DH_CHECK_Q_NOT_PRIME            0x10
-# define DH_CHECK_INVALID_Q_VALUE        0x20
-# define DH_CHECK_INVALID_J_VALUE        0x40
-
-/* DH_check_pub_key error codes */
-# define DH_CHECK_PUBKEY_TOO_SMALL       0x01
-# define DH_CHECK_PUBKEY_TOO_LARGE       0x02
-# define DH_CHECK_PUBKEY_INVALID         0x04
-
-/*
- * primes p where (p-1)/2 is prime too are called "safe"; we define this for
- * backward compatibility:
- */
-# define DH_CHECK_P_NOT_STRONG_PRIME     DH_CHECK_P_NOT_SAFE_PRIME
-
-# define d2i_DHparams_fp(fp,x) \
-    (DH *)ASN1_d2i_fp((char *(*)())DH_new, \
-                      (char *(*)())d2i_DHparams, \
-                      (fp), \
-                      (unsigned char **)(x))
-# define i2d_DHparams_fp(fp,x) \
-    ASN1_i2d_fp(i2d_DHparams,(fp), (unsigned char *)(x))
-# define d2i_DHparams_bio(bp,x) \
-    ASN1_d2i_bio_of(DH, DH_new, d2i_DHparams, bp, x)
-# define i2d_DHparams_bio(bp,x) \
-    ASN1_i2d_bio_of_const(DH,i2d_DHparams,bp,x)
-
-# define d2i_DHxparams_fp(fp,x) \
-    (DH *)ASN1_d2i_fp((char *(*)())DH_new, \
-                      (char *(*)())d2i_DHxparams, \
-                      (fp), \
-                      (unsigned char **)(x))
-# define i2d_DHxparams_fp(fp,x) \
-    ASN1_i2d_fp(i2d_DHxparams,(fp), (unsigned char *)(x))
-# define d2i_DHxparams_bio(bp,x) \
-    ASN1_d2i_bio_of(DH, DH_new, d2i_DHxparams, bp, x)
-# define i2d_DHxparams_bio(bp,x) \
-    ASN1_i2d_bio_of_const(DH, i2d_DHxparams, bp, x)
-
-DH *DHparams_dup(DH *);
-
-const DH_METHOD *DH_OpenSSL(void);
-
-void DH_set_default_method(const DH_METHOD *meth);
-const DH_METHOD *DH_get_default_method(void);
-int DH_set_method(DH *dh, const DH_METHOD *meth);
-DH *DH_new_method(ENGINE *engine);
-
-DH *DH_new(void);
-void DH_free(DH *dh);
-int DH_up_ref(DH *dh);
-int DH_bits(const DH *dh);
-int DH_size(const DH *dh);
-int DH_security_bits(const DH *dh);
-#define DH_get_ex_new_index(l, p, newf, dupf, freef) \
-    CRYPTO_get_ex_new_index(CRYPTO_EX_INDEX_DH, l, p, newf, dupf, freef)
-int DH_set_ex_data(DH *d, int idx, void *arg);
-void *DH_get_ex_data(DH *d, int idx);
-
-/* Deprecated version */
-DEPRECATEDIN_0_9_8(DH *DH_generate_parameters(int prime_len, int generator,
-                                              void (*callback) (int, int,
-                                                                void *),
-                                              void *cb_arg))
-
-/* New version */
-int DH_generate_parameters_ex(DH *dh, int prime_len, int generator,
-                              BN_GENCB *cb);
-
-int DH_check_params_ex(const DH *dh);
-int DH_check_ex(const DH *dh);
-int DH_check_pub_key_ex(const DH *dh, const BIGNUM *pub_key);
-int DH_check_params(const DH *dh, int *ret);
-int DH_check(const DH *dh, int *codes);
-int DH_check_pub_key(const DH *dh, const BIGNUM *pub_key, int *codes);
-int DH_generate_key(DH *dh);
-int DH_compute_key(unsigned char *key, const BIGNUM *pub_key, DH *dh);
-int DH_compute_key_padded(unsigned char *key, const BIGNUM *pub_key, DH *dh);
-DH *d2i_DHparams(DH **a, const unsigned char **pp, long length);
-int i2d_DHparams(const DH *a, unsigned char **pp);
-DH *d2i_DHxparams(DH **a, const unsigned char **pp, long length);
-int i2d_DHxparams(const DH *a, unsigned char **pp);
-# ifndef OPENSSL_NO_STDIO
-int DHparams_print_fp(FILE *fp, const DH *x);
-# endif
-int DHparams_print(BIO *bp, const DH *x);
-
-/* RFC 5114 parameters */
-DH *DH_get_1024_160(void);
-DH *DH_get_2048_224(void);
-DH *DH_get_2048_256(void);
-
-/* Named parameters, currently RFC7919 */
-DH *DH_new_by_nid(int nid);
-int DH_get_nid(const DH *dh);
-
-# ifndef OPENSSL_NO_CMS
-/* RFC2631 KDF */
-int DH_KDF_X9_42(unsigned char *out, size_t outlen,
-                 const unsigned char *Z, size_t Zlen,
-                 ASN1_OBJECT *key_oid,
-                 const unsigned char *ukm, size_t ukmlen, const EVP_MD *md);
-# endif
-
-void DH_get0_pqg(const DH *dh,
-                 const BIGNUM **p, const BIGNUM **q, const BIGNUM **g);
-int DH_set0_pqg(DH *dh, BIGNUM *p, BIGNUM *q, BIGNUM *g);
-void DH_get0_key(const DH *dh,
-                 const BIGNUM **pub_key, const BIGNUM **priv_key);
-int DH_set0_key(DH *dh, BIGNUM *pub_key, BIGNUM *priv_key);
-const BIGNUM *DH_get0_p(const DH *dh);
-const BIGNUM *DH_get0_q(const DH *dh);
-const BIGNUM *DH_get0_g(const DH *dh);
-const BIGNUM *DH_get0_priv_key(const DH *dh);
-const BIGNUM *DH_get0_pub_key(const DH *dh);
-void DH_clear_flags(DH *dh, int flags);
-int DH_test_flags(const DH *dh, int flags);
-void DH_set_flags(DH *dh, int flags);
-ENGINE *DH_get0_engine(DH *d);
-long DH_get_length(const DH *dh);
-int DH_set_length(DH *dh, long length);
-
-DH_METHOD *DH_meth_new(const char *name, int flags);
-void DH_meth_free(DH_METHOD *dhm);
-DH_METHOD *DH_meth_dup(const DH_METHOD *dhm);
-const char *DH_meth_get0_name(const DH_METHOD *dhm);
-int DH_meth_set1_name(DH_METHOD *dhm, const char *name);
-int DH_meth_get_flags(const DH_METHOD *dhm);
-int DH_meth_set_flags(DH_METHOD *dhm, int flags);
-void *DH_meth_get0_app_data(const DH_METHOD *dhm);
-int DH_meth_set0_app_data(DH_METHOD *dhm, void *app_data);
-int (*DH_meth_get_generate_key(const DH_METHOD *dhm)) (DH *);
-int DH_meth_set_generate_key(DH_METHOD *dhm, int (*generate_key) (DH *));
-int (*DH_meth_get_compute_key(const DH_METHOD *dhm))
-        (unsigned char *key, const BIGNUM *pub_key, DH *dh);
-int DH_meth_set_compute_key(DH_METHOD *dhm,
-        int (*compute_key) (unsigned char *key, const BIGNUM *pub_key, DH *dh));
-int (*DH_meth_get_bn_mod_exp(const DH_METHOD *dhm))
-    (const DH *, BIGNUM *, const BIGNUM *, const BIGNUM *, const BIGNUM *,
-     BN_CTX *, BN_MONT_CTX *);
-int DH_meth_set_bn_mod_exp(DH_METHOD *dhm,
-    int (*bn_mod_exp) (const DH *, BIGNUM *, const BIGNUM *, const BIGNUM *,
-                       const BIGNUM *, BN_CTX *, BN_MONT_CTX *));
-int (*DH_meth_get_init(const DH_METHOD *dhm))(DH *);
-int DH_meth_set_init(DH_METHOD *dhm, int (*init)(DH *));
-int (*DH_meth_get_finish(const DH_METHOD *dhm)) (DH *);
-int DH_meth_set_finish(DH_METHOD *dhm, int (*finish) (DH *));
-int (*DH_meth_get_generate_params(const DH_METHOD *dhm))
-        (DH *, int, int, BN_GENCB *);
-int DH_meth_set_generate_params(DH_METHOD *dhm,
-        int (*generate_params) (DH *, int, int, BN_GENCB *));
-
-
-# define EVP_PKEY_CTX_set_dh_paramgen_prime_len(ctx, len) \
-        EVP_PKEY_CTX_ctrl(ctx, EVP_PKEY_DH, EVP_PKEY_OP_PARAMGEN, \
-                        EVP_PKEY_CTRL_DH_PARAMGEN_PRIME_LEN, len, NULL)
-
-# define EVP_PKEY_CTX_set_dh_paramgen_subprime_len(ctx, len) \
-        EVP_PKEY_CTX_ctrl(ctx, EVP_PKEY_DH, EVP_PKEY_OP_PARAMGEN, \
-                        EVP_PKEY_CTRL_DH_PARAMGEN_SUBPRIME_LEN, len, NULL)
-
-# define EVP_PKEY_CTX_set_dh_paramgen_type(ctx, typ) \
-        EVP_PKEY_CTX_ctrl(ctx, EVP_PKEY_DH, EVP_PKEY_OP_PARAMGEN, \
-                        EVP_PKEY_CTRL_DH_PARAMGEN_TYPE, typ, NULL)
-
-# define EVP_PKEY_CTX_set_dh_paramgen_generator(ctx, gen) \
-        EVP_PKEY_CTX_ctrl(ctx, EVP_PKEY_DH, EVP_PKEY_OP_PARAMGEN, \
-                        EVP_PKEY_CTRL_DH_PARAMGEN_GENERATOR, gen, NULL)
-
-# define EVP_PKEY_CTX_set_dh_rfc5114(ctx, gen) \
-        EVP_PKEY_CTX_ctrl(ctx, EVP_PKEY_DHX, EVP_PKEY_OP_PARAMGEN, \
-                        EVP_PKEY_CTRL_DH_RFC5114, gen, NULL)
-
-# define EVP_PKEY_CTX_set_dhx_rfc5114(ctx, gen) \
-        EVP_PKEY_CTX_ctrl(ctx, EVP_PKEY_DHX, EVP_PKEY_OP_PARAMGEN, \
-                        EVP_PKEY_CTRL_DH_RFC5114, gen, NULL)
-
-# define EVP_PKEY_CTX_set_dh_nid(ctx, nid) \
-        EVP_PKEY_CTX_ctrl(ctx, EVP_PKEY_DH, \
-                        EVP_PKEY_OP_PARAMGEN | EVP_PKEY_OP_KEYGEN, \
-                        EVP_PKEY_CTRL_DH_NID, nid, NULL)
-
-# define EVP_PKEY_CTX_set_dh_pad(ctx, pad) \
-        EVP_PKEY_CTX_ctrl(ctx, EVP_PKEY_DH, EVP_PKEY_OP_DERIVE, \
-                          EVP_PKEY_CTRL_DH_PAD, pad, NULL)
-
-# define EVP_PKEY_CTX_set_dh_kdf_type(ctx, kdf) \
-        EVP_PKEY_CTX_ctrl(ctx, EVP_PKEY_DHX, \
-                                EVP_PKEY_OP_DERIVE, \
-                                EVP_PKEY_CTRL_DH_KDF_TYPE, kdf, NULL)
-
-# define EVP_PKEY_CTX_get_dh_kdf_type(ctx) \
-        EVP_PKEY_CTX_ctrl(ctx, EVP_PKEY_DHX, \
-                                EVP_PKEY_OP_DERIVE, \
-                                EVP_PKEY_CTRL_DH_KDF_TYPE, -2, NULL)
-
-# define EVP_PKEY_CTX_set0_dh_kdf_oid(ctx, oid) \
-        EVP_PKEY_CTX_ctrl(ctx, EVP_PKEY_DHX, \
-                                EVP_PKEY_OP_DERIVE, \
-                                EVP_PKEY_CTRL_DH_KDF_OID, 0, (void *)(oid))
-
-# define EVP_PKEY_CTX_get0_dh_kdf_oid(ctx, poid) \
-        EVP_PKEY_CTX_ctrl(ctx, EVP_PKEY_DHX, \
-                                EVP_PKEY_OP_DERIVE, \
-                                EVP_PKEY_CTRL_GET_DH_KDF_OID, 0, (void *)(poid))
-
-# define EVP_PKEY_CTX_set_dh_kdf_md(ctx, md) \
-        EVP_PKEY_CTX_ctrl(ctx, EVP_PKEY_DHX, \
-                                EVP_PKEY_OP_DERIVE, \
-                                EVP_PKEY_CTRL_DH_KDF_MD, 0, (void *)(md))
-
-# define EVP_PKEY_CTX_get_dh_kdf_md(ctx, pmd) \
-        EVP_PKEY_CTX_ctrl(ctx, EVP_PKEY_DHX, \
-                                EVP_PKEY_OP_DERIVE, \
-                                EVP_PKEY_CTRL_GET_DH_KDF_MD, 0, (void *)(pmd))
-
-# define EVP_PKEY_CTX_set_dh_kdf_outlen(ctx, len) \
-        EVP_PKEY_CTX_ctrl(ctx, EVP_PKEY_DHX, \
-                                EVP_PKEY_OP_DERIVE, \
-                                EVP_PKEY_CTRL_DH_KDF_OUTLEN, len, NULL)
-
-# define EVP_PKEY_CTX_get_dh_kdf_outlen(ctx, plen) \
-        EVP_PKEY_CTX_ctrl(ctx, EVP_PKEY_DHX, \
-                                EVP_PKEY_OP_DERIVE, \
-                        EVP_PKEY_CTRL_GET_DH_KDF_OUTLEN, 0, (void *)(plen))
-
-# define EVP_PKEY_CTX_set0_dh_kdf_ukm(ctx, p, plen) \
-        EVP_PKEY_CTX_ctrl(ctx, EVP_PKEY_DHX, \
-                                EVP_PKEY_OP_DERIVE, \
-                                EVP_PKEY_CTRL_DH_KDF_UKM, plen, (void *)(p))
-
-# define EVP_PKEY_CTX_get0_dh_kdf_ukm(ctx, p) \
-        EVP_PKEY_CTX_ctrl(ctx, EVP_PKEY_DHX, \
-                                EVP_PKEY_OP_DERIVE, \
-                                EVP_PKEY_CTRL_GET_DH_KDF_UKM, 0, (void *)(p))
+int EVP_PKEY_CTX_set_dh_kdf_type(EVP_PKEY_CTX *ctx, int kdf);
+int EVP_PKEY_CTX_get_dh_kdf_type(EVP_PKEY_CTX *ctx);
+int EVP_PKEY_CTX_set0_dh_kdf_oid(EVP_PKEY_CTX *ctx, ASN1_OBJECT *oid);
+int EVP_PKEY_CTX_get0_dh_kdf_oid(EVP_PKEY_CTX *ctx, ASN1_OBJECT **oid);
+int EVP_PKEY_CTX_set_dh_kdf_md(EVP_PKEY_CTX *ctx, const EVP_MD *md);
+int EVP_PKEY_CTX_get_dh_kdf_md(EVP_PKEY_CTX *ctx, const EVP_MD **md);
+int EVP_PKEY_CTX_set_dh_kdf_outlen(EVP_PKEY_CTX *ctx, int len);
+int EVP_PKEY_CTX_get_dh_kdf_outlen(EVP_PKEY_CTX *ctx, int *len);
+int EVP_PKEY_CTX_set0_dh_kdf_ukm(EVP_PKEY_CTX *ctx, unsigned char *ukm, int len);
+# ifndef OPENSSL_NO_DEPRECATED_3_0
+OSSL_DEPRECATEDIN_3_0
+int EVP_PKEY_CTX_get0_dh_kdf_ukm(EVP_PKEY_CTX *ctx, unsigned char **ukm);
+#endif

 # define EVP_PKEY_CTRL_DH_PARAMGEN_PRIME_LEN     (EVP_PKEY_ALG_CTRL + 1)
 # define EVP_PKEY_CTRL_DH_PARAMGEN_GENERATOR     (EVP_PKEY_ALG_CTRL + 2)
@ -328,13 +77,255 @@ int DH_meth_set_generate_params(DH_METHOD *dhm,

 /* KDF types */
 # define EVP_PKEY_DH_KDF_NONE                            1
-# ifndef OPENSSL_NO_CMS
 # define EVP_PKEY_DH_KDF_X9_42                           2
+
+# ifndef OPENSSL_NO_STDIO
+#  include <stdio.h>
 # endif
-
-
-#  ifdef  __cplusplus
-}
+# ifndef OPENSSL_NO_DH
+#  include <openssl/e_os2.h>
+#  include <openssl/bio.h>
+#  include <openssl/asn1.h>
+#  ifndef OPENSSL_NO_DEPRECATED_1_1_0
+#   include <openssl/bn.h>
 #  endif
+#  include <openssl/dherr.h>
+
+#  ifndef OPENSSL_DH_MAX_MODULUS_BITS
+#   define OPENSSL_DH_MAX_MODULUS_BITS    10000
+#  endif
+
+#  define OPENSSL_DH_FIPS_MIN_MODULUS_BITS 1024
+
+#  define DH_FLAG_CACHE_MONT_P     0x01
+
+#  define DH_FLAG_TYPE_MASK             0xF000
+#  define DH_FLAG_TYPE_DH               0x0000
+#  define DH_FLAG_TYPE_DHX              0x1000
+
+#  ifndef OPENSSL_NO_DEPRECATED_1_1_0
+/*
+ * Does nothing. Previously this switched off constant time behaviour.
+ */
+#   define DH_FLAG_NO_EXP_CONSTTIME 0x00
+#  endif
+
+#  ifndef OPENSSL_NO_DEPRECATED_3_0
+/*
+ * If this flag is set the DH method is FIPS compliant and can be used in
+ * FIPS mode. This is set in the validated module method. If an application
+ * sets this flag in its own methods it is its responsibility to ensure the
+ * result is compliant.
+ */
+
+#   define DH_FLAG_FIPS_METHOD                     0x0400
+
+/*
+ * If this flag is set the operations normally disabled in FIPS mode are
+ * permitted it is then the applications responsibility to ensure that the
+ * usage is compliant.
+ */
+
+#   define DH_FLAG_NON_FIPS_ALLOW                  0x0400
+#  endif
+
+/* Already defined in ossl_typ.h */
+/* typedef struct dh_st DH; */
+/* typedef struct dh_method DH_METHOD; */
+
+DECLARE_ASN1_ITEM(DHparams)
+
+#  ifndef OPENSSL_NO_DEPRECATED_3_0
+#   define DH_GENERATOR_2          2
+#   define DH_GENERATOR_3          3
+#   define DH_GENERATOR_5          5
+
+/* DH_check error codes */
+/*
+ * NB: These values must align with the equivalently named macros in
+ * internal/ffc.h.
+ */
+#   define DH_CHECK_P_NOT_PRIME            0x01
+#   define DH_CHECK_P_NOT_SAFE_PRIME       0x02
+#   define DH_UNABLE_TO_CHECK_GENERATOR    0x04
+#   define DH_NOT_SUITABLE_GENERATOR       0x08
+#   define DH_CHECK_Q_NOT_PRIME            0x10
+#   define DH_CHECK_INVALID_Q_VALUE        0x20
+#   define DH_CHECK_INVALID_J_VALUE        0x40
+#   define DH_MODULUS_TOO_SMALL            0x80
+#   define DH_MODULUS_TOO_LARGE            0x100
+
+/* DH_check_pub_key error codes */
+#   define DH_CHECK_PUBKEY_TOO_SMALL       0x01
+#   define DH_CHECK_PUBKEY_TOO_LARGE       0x02
+#   define DH_CHECK_PUBKEY_INVALID         0x04
+
+/*
+ * primes p where (p-1)/2 is prime too are called "safe"; we define this for
+ * backward compatibility:
+ */
+#   define DH_CHECK_P_NOT_STRONG_PRIME     DH_CHECK_P_NOT_SAFE_PRIME
+
+#   define d2i_DHparams_fp(fp, x) \
+        (DH *)ASN1_d2i_fp((char *(*)())DH_new, \
+                          (char *(*)())d2i_DHparams, \
+                          (fp), \
+                          (unsigned char **)(x))
+#   define i2d_DHparams_fp(fp, x) \
+        ASN1_i2d_fp(i2d_DHparams,(fp), (unsigned char *)(x))
+#   define d2i_DHparams_bio(bp, x) \
+        ASN1_d2i_bio_of(DH, DH_new, d2i_DHparams, bp, x)
+#   define i2d_DHparams_bio(bp, x) \
+        ASN1_i2d_bio_of(DH, i2d_DHparams, bp, x)
+
+#   define d2i_DHxparams_fp(fp,x) \
+        (DH *)ASN1_d2i_fp((char *(*)())DH_new, \
+                          (char *(*)())d2i_DHxparams, \
+                          (fp), \
+                          (unsigned char **)(x))
+#   define i2d_DHxparams_fp(fp, x) \
+        ASN1_i2d_fp(i2d_DHxparams,(fp), (unsigned char *)(x))
+#   define d2i_DHxparams_bio(bp, x) \
+        ASN1_d2i_bio_of(DH, DH_new, d2i_DHxparams, bp, x)
+#   define i2d_DHxparams_bio(bp, x) \
+        ASN1_i2d_bio_of(DH, i2d_DHxparams, bp, x)
+
+DECLARE_ASN1_DUP_FUNCTION_name_attr(OSSL_DEPRECATEDIN_3_0, DH, DHparams)
+
+OSSL_DEPRECATEDIN_3_0 const DH_METHOD *DH_OpenSSL(void);
+
+OSSL_DEPRECATEDIN_3_0 void DH_set_default_method(const DH_METHOD *meth);
+OSSL_DEPRECATEDIN_3_0 const DH_METHOD *DH_get_default_method(void);
+OSSL_DEPRECATEDIN_3_0 int DH_set_method(DH *dh, const DH_METHOD *meth);
+OSSL_DEPRECATEDIN_3_0 DH *DH_new_method(ENGINE *engine);
+
+OSSL_DEPRECATEDIN_3_0 DH *DH_new(void);
+OSSL_DEPRECATEDIN_3_0 void DH_free(DH *dh);
+OSSL_DEPRECATEDIN_3_0 int DH_up_ref(DH *dh);
+OSSL_DEPRECATEDIN_3_0 int DH_bits(const DH *dh);
+OSSL_DEPRECATEDIN_3_0 int DH_size(const DH *dh);
+OSSL_DEPRECATEDIN_3_0 int DH_security_bits(const DH *dh);
+
+#   define DH_get_ex_new_index(l, p, newf, dupf, freef) \
+        CRYPTO_get_ex_new_index(CRYPTO_EX_INDEX_DH, l, p, newf, dupf, freef)
+
+OSSL_DEPRECATEDIN_3_0 int DH_set_ex_data(DH *d, int idx, void *arg);
+OSSL_DEPRECATEDIN_3_0 void *DH_get_ex_data(const DH *d, int idx);
+
+OSSL_DEPRECATEDIN_3_0 int DH_generate_parameters_ex(DH *dh, int prime_len,
+                                                    int generator,
+                                                    BN_GENCB *cb);
+
+OSSL_DEPRECATEDIN_3_0 int DH_check_params_ex(const DH *dh);
+OSSL_DEPRECATEDIN_3_0 int DH_check_ex(const DH *dh);
+OSSL_DEPRECATEDIN_3_0 int DH_check_pub_key_ex(const DH *dh, const BIGNUM *pub_key);
+OSSL_DEPRECATEDIN_3_0 int DH_check_params(const DH *dh, int *ret);
+OSSL_DEPRECATEDIN_3_0 int DH_check(const DH *dh, int *codes);
+OSSL_DEPRECATEDIN_3_0 int DH_check_pub_key(const DH *dh, const BIGNUM *pub_key,
+                                           int *codes);
+OSSL_DEPRECATEDIN_3_0 int DH_generate_key(DH *dh);
+OSSL_DEPRECATEDIN_3_0 int DH_compute_key(unsigned char *key,
+                                         const BIGNUM *pub_key, DH *dh);
+OSSL_DEPRECATEDIN_3_0 int DH_compute_key_padded(unsigned char *key,
+                                                const BIGNUM *pub_key, DH *dh);
+
+DECLARE_ASN1_ENCODE_FUNCTIONS_only_attr(OSSL_DEPRECATEDIN_3_0, DH, DHparams)
+DECLARE_ASN1_ENCODE_FUNCTIONS_only_attr(OSSL_DEPRECATEDIN_3_0, DH, DHxparams)
+
+#   ifndef OPENSSL_NO_STDIO
+OSSL_DEPRECATEDIN_3_0 int DHparams_print_fp(FILE *fp, const DH *x);
+#   endif
+OSSL_DEPRECATEDIN_3_0 int DHparams_print(BIO *bp, const DH *x);
+
+/* RFC 5114 parameters */
+OSSL_DEPRECATEDIN_3_0 DH *DH_get_1024_160(void);
+OSSL_DEPRECATEDIN_3_0 DH *DH_get_2048_224(void);
+OSSL_DEPRECATEDIN_3_0 DH *DH_get_2048_256(void);
+
+/* Named parameters, currently RFC7919 and RFC3526 */
+OSSL_DEPRECATEDIN_3_0 DH *DH_new_by_nid(int nid);
+OSSL_DEPRECATEDIN_3_0 int DH_get_nid(const DH *dh);
+
+/* RFC2631 KDF */
+OSSL_DEPRECATEDIN_3_0 int DH_KDF_X9_42(unsigned char *out, size_t outlen,
+                                       const unsigned char *Z, size_t Zlen,
+                                       ASN1_OBJECT *key_oid,
+                                       const unsigned char *ukm,
+                                       size_t ukmlen, const EVP_MD *md);
+
+OSSL_DEPRECATEDIN_3_0 void DH_get0_pqg(const DH *dh, const BIGNUM **p,
+                                       const BIGNUM **q, const BIGNUM **g);
+OSSL_DEPRECATEDIN_3_0 int DH_set0_pqg(DH *dh, BIGNUM *p, BIGNUM *q, BIGNUM *g);
+OSSL_DEPRECATEDIN_3_0 void DH_get0_key(const DH *dh, const BIGNUM **pub_key,
+                                       const BIGNUM **priv_key);
+OSSL_DEPRECATEDIN_3_0 int DH_set0_key(DH *dh, BIGNUM *pub_key, BIGNUM *priv_key);
+OSSL_DEPRECATEDIN_3_0 const BIGNUM *DH_get0_p(const DH *dh);
+OSSL_DEPRECATEDIN_3_0 const BIGNUM *DH_get0_q(const DH *dh);
+OSSL_DEPRECATEDIN_3_0 const BIGNUM *DH_get0_g(const DH *dh);
+OSSL_DEPRECATEDIN_3_0 const BIGNUM *DH_get0_priv_key(const DH *dh);
+OSSL_DEPRECATEDIN_3_0 const BIGNUM *DH_get0_pub_key(const DH *dh);
+OSSL_DEPRECATEDIN_3_0 void DH_clear_flags(DH *dh, int flags);
+OSSL_DEPRECATEDIN_3_0 int DH_test_flags(const DH *dh, int flags);
+OSSL_DEPRECATEDIN_3_0 void DH_set_flags(DH *dh, int flags);
+OSSL_DEPRECATEDIN_3_0 ENGINE *DH_get0_engine(DH *d);
+OSSL_DEPRECATEDIN_3_0 long DH_get_length(const DH *dh);
+OSSL_DEPRECATEDIN_3_0 int DH_set_length(DH *dh, long length);
+
+OSSL_DEPRECATEDIN_3_0 DH_METHOD *DH_meth_new(const char *name, int flags);
+OSSL_DEPRECATEDIN_3_0 void DH_meth_free(DH_METHOD *dhm);
+OSSL_DEPRECATEDIN_3_0 DH_METHOD *DH_meth_dup(const DH_METHOD *dhm);
+OSSL_DEPRECATEDIN_3_0 const char *DH_meth_get0_name(const DH_METHOD *dhm);
+OSSL_DEPRECATEDIN_3_0 int DH_meth_set1_name(DH_METHOD *dhm, const char *name);
+OSSL_DEPRECATEDIN_3_0 int DH_meth_get_flags(const DH_METHOD *dhm);
+OSSL_DEPRECATEDIN_3_0 int DH_meth_set_flags(DH_METHOD *dhm, int flags);
+OSSL_DEPRECATEDIN_3_0 void *DH_meth_get0_app_data(const DH_METHOD *dhm);
+OSSL_DEPRECATEDIN_3_0 int DH_meth_set0_app_data(DH_METHOD *dhm, void *app_data);
+OSSL_DEPRECATEDIN_3_0 int (*DH_meth_get_generate_key(const DH_METHOD *dhm)) (DH *);
+OSSL_DEPRECATEDIN_3_0 int DH_meth_set_generate_key(DH_METHOD *dhm,
+                                                   int (*generate_key) (DH *));
+OSSL_DEPRECATEDIN_3_0 int (*DH_meth_get_compute_key(const DH_METHOD *dhm))
+                                                   (unsigned char *key,
+                                                    const BIGNUM *pub_key,
+                                                    DH *dh);
+OSSL_DEPRECATEDIN_3_0 int DH_meth_set_compute_key(DH_METHOD *dhm,
+                                                  int (*compute_key)
+                                                  (unsigned char *key,
+                                                   const BIGNUM *pub_key,
+                                                   DH *dh));
+OSSL_DEPRECATEDIN_3_0 int (*DH_meth_get_bn_mod_exp(const DH_METHOD *dhm))
+                                                   (const DH *, BIGNUM *,
+                                                    const BIGNUM *,
+                                                    const BIGNUM *,
+                                                    const BIGNUM *, BN_CTX *,
+                                                    BN_MONT_CTX *);
+OSSL_DEPRECATEDIN_3_0 int DH_meth_set_bn_mod_exp(DH_METHOD *dhm,
+                                                 int (*bn_mod_exp)
+                                                 (const DH *, BIGNUM *,
+                                                  const BIGNUM *, const BIGNUM *,
+                                                  const BIGNUM *, BN_CTX *,
+                                                  BN_MONT_CTX *));
+OSSL_DEPRECATEDIN_3_0 int (*DH_meth_get_init(const DH_METHOD *dhm))(DH *);
+OSSL_DEPRECATEDIN_3_0 int DH_meth_set_init(DH_METHOD *dhm, int (*init)(DH *));
+OSSL_DEPRECATEDIN_3_0 int (*DH_meth_get_finish(const DH_METHOD *dhm)) (DH *);
+OSSL_DEPRECATEDIN_3_0 int DH_meth_set_finish(DH_METHOD *dhm, int (*finish) (DH *));
+OSSL_DEPRECATEDIN_3_0 int (*DH_meth_get_generate_params(const DH_METHOD *dhm))
+                                                        (DH *, int, int,
+                                                         BN_GENCB *);
+OSSL_DEPRECATEDIN_3_0 int DH_meth_set_generate_params(DH_METHOD *dhm,
+                                                      int (*generate_params)
+                                                      (DH *, int, int,
+                                                       BN_GENCB *));
+#  endif /* OPENSSL_NO_DEPRECATED_3_0 */
+
+#  ifndef OPENSSL_NO_DEPRECATED_0_9_8
+OSSL_DEPRECATEDIN_0_9_8 DH *DH_generate_parameters(int prime_len, int generator,
+                                                   void (*callback) (int, int,
+                                                                void *),
+                                                   void *cb_arg);
+#  endif
+
+# endif
+# ifdef  __cplusplus
+}
 # endif
 #endif
--- a/src/3rdparty/win32_include/openssl/dherr.h
+++ b/src/3rdparty/win32_include/openssl/dherr.h
@ -1,62 +1,29 @@
 /*
 * Generated by util/mkerr.pl DO NOT EDIT
- * Copyright 1995-2019 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 1995-2021 The OpenSSL Project Authors. All Rights Reserved.
 *
- * Licensed under the OpenSSL license (the "License").  You may not use
+ * Licensed under the Apache License 2.0 (the "License").  You may not use
 * this file except in compliance with the License.  You can obtain a copy
 * in the file LICENSE in the source distribution or at
 * https://www.openssl.org/source/license.html
 */

-#ifndef HEADER_DHERR_H
-# define HEADER_DHERR_H
-
-# ifndef HEADER_SYMHACKS_H
-#  include <openssl/symhacks.h>
-# endif
+#ifndef OPENSSL_DHERR_H
+# define OPENSSL_DHERR_H
+# pragma once

 # include <openssl/opensslconf.h>
+# include <openssl/symhacks.h>
+# include <openssl/cryptoerr_legacy.h>
+

 # ifndef OPENSSL_NO_DH

-#  ifdef  __cplusplus
-extern "C"
-#  endif
-int ERR_load_DH_strings(void);
-
-/*
- * DH function codes.
- */
-#  define DH_F_COMPUTE_KEY                                 102
-#  define DH_F_DHPARAMS_PRINT_FP                           101
-#  define DH_F_DH_BUILTIN_GENPARAMS                        106
-#  define DH_F_DH_CHECK_EX                                 121
-#  define DH_F_DH_CHECK_PARAMS_EX                          122
-#  define DH_F_DH_CHECK_PUB_KEY_EX                         123
-#  define DH_F_DH_CMS_DECRYPT                              114
-#  define DH_F_DH_CMS_SET_PEERKEY                          115
-#  define DH_F_DH_CMS_SET_SHARED_INFO                      116
-#  define DH_F_DH_METH_DUP                                 117
-#  define DH_F_DH_METH_NEW                                 118
-#  define DH_F_DH_METH_SET1_NAME                           119
-#  define DH_F_DH_NEW_BY_NID                               104
-#  define DH_F_DH_NEW_METHOD                               105
-#  define DH_F_DH_PARAM_DECODE                             107
-#  define DH_F_DH_PKEY_PUBLIC_CHECK                        124
-#  define DH_F_DH_PRIV_DECODE                              110
-#  define DH_F_DH_PRIV_ENCODE                              111
-#  define DH_F_DH_PUB_DECODE                               108
-#  define DH_F_DH_PUB_ENCODE                               109
-#  define DH_F_DO_DH_PRINT                                 100
-#  define DH_F_GENERATE_KEY                                103
-#  define DH_F_PKEY_DH_CTRL_STR                            120
-#  define DH_F_PKEY_DH_DERIVE                              112
-#  define DH_F_PKEY_DH_INIT                                125
-#  define DH_F_PKEY_DH_KEYGEN                              113

 /*
 * DH reason codes.
 */
+#  define DH_R_BAD_FFC_PARAMETERS                          127
 #  define DH_R_BAD_GENERATOR                               101
 #  define DH_R_BN_DECODE_ERROR                             109
 #  define DH_R_BN_ERROR                                    106
@ -72,10 +39,12 @@ int ERR_load_DH_strings(void);
 #  define DH_R_INVALID_PARAMETER_NAME                      110
 #  define DH_R_INVALID_PARAMETER_NID                       114
 #  define DH_R_INVALID_PUBKEY                              102
+#  define DH_R_INVALID_SECRET                              128
 #  define DH_R_KDF_PARAMETER_ERROR                         112
 #  define DH_R_KEYS_NOT_SET                                108
 #  define DH_R_MISSING_PUBKEY                              125
 #  define DH_R_MODULUS_TOO_LARGE                           103
+#  define DH_R_MODULUS_TOO_SMALL                           126
 #  define DH_R_NOT_SUITABLE_GENERATOR                      120
 #  define DH_R_NO_PARAMETERS_SET                           107
 #  define DH_R_NO_PRIVATE_VALUE                            100
--- a/src/3rdparty/win32_include/openssl/dsa.h
+++ b/src/3rdparty/win32_include/openssl/dsa.h
@ -1,44 +1,85 @@
 /*
- * Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 1995-2022 The OpenSSL Project Authors. All Rights Reserved.
 *
- * Licensed under the OpenSSL license (the "License").  You may not use
+ * Licensed under the Apache License 2.0 (the "License").  You may not use
 * this file except in compliance with the License.  You can obtain a copy
 * in the file LICENSE in the source distribution or at
 * https://www.openssl.org/source/license.html
 */

-#ifndef HEADER_DSA_H
-# define HEADER_DSA_H
+#ifndef OPENSSL_DSA_H
+# define OPENSSL_DSA_H
+# pragma once
+
+# include <openssl/macros.h>
+# ifndef OPENSSL_NO_DEPRECATED_3_0
+#  define HEADER_DSA_H
+# endif

 # include <openssl/opensslconf.h>
+# include <openssl/types.h>
+
+# include <stdlib.h>

 # ifndef OPENSSL_NO_DSA
+#  include <openssl/e_os2.h>
+#  include <openssl/asn1.h>
+#  include <openssl/bio.h>
+#  include <openssl/crypto.h>
+#  include <openssl/bn.h>
+#  ifndef OPENSSL_NO_DEPRECATED_1_1_0
+#   include <openssl/dh.h>
+#  endif
+#  include <openssl/dsaerr.h>
+#  ifndef OPENSSL_NO_STDIO
+#   include <stdio.h>
+#  endif
+# endif
+
 # ifdef  __cplusplus
 extern "C" {
 # endif
-# include <openssl/e_os2.h>
-# include <openssl/bio.h>
-# include <openssl/crypto.h>
-# include <openssl/ossl_typ.h>
-# include <openssl/bn.h>
-# if OPENSSL_API_COMPAT < 0x10100000L
-#  include <openssl/dh.h>
-# endif
-# include <openssl/dsaerr.h>

-# ifndef OPENSSL_DSA_MAX_MODULUS_BITS
-#  define OPENSSL_DSA_MAX_MODULUS_BITS   10000
-# endif
+int EVP_PKEY_CTX_set_dsa_paramgen_bits(EVP_PKEY_CTX *ctx, int nbits);
+int EVP_PKEY_CTX_set_dsa_paramgen_q_bits(EVP_PKEY_CTX *ctx, int qbits);
+int EVP_PKEY_CTX_set_dsa_paramgen_md_props(EVP_PKEY_CTX *ctx,
+                                           const char *md_name,
+                                           const char *md_properties);
+int EVP_PKEY_CTX_set_dsa_paramgen_gindex(EVP_PKEY_CTX *ctx, int gindex);
+int EVP_PKEY_CTX_set_dsa_paramgen_type(EVP_PKEY_CTX *ctx, const char *name);
+int EVP_PKEY_CTX_set_dsa_paramgen_seed(EVP_PKEY_CTX *ctx,
+                                       const unsigned char *seed,
+                                       size_t seedlen);
+int EVP_PKEY_CTX_set_dsa_paramgen_md(EVP_PKEY_CTX *ctx, const EVP_MD *md);

-# define OPENSSL_DSA_FIPS_MIN_MODULUS_BITS 1024
+# define EVP_PKEY_CTRL_DSA_PARAMGEN_BITS         (EVP_PKEY_ALG_CTRL + 1)
+# define EVP_PKEY_CTRL_DSA_PARAMGEN_Q_BITS       (EVP_PKEY_ALG_CTRL + 2)
+# define EVP_PKEY_CTRL_DSA_PARAMGEN_MD           (EVP_PKEY_ALG_CTRL + 3)

-# define DSA_FLAG_CACHE_MONT_P   0x01
-# if OPENSSL_API_COMPAT < 0x10100000L
+# ifndef OPENSSL_NO_DSA
+#  ifndef OPENSSL_DSA_MAX_MODULUS_BITS
+#   define OPENSSL_DSA_MAX_MODULUS_BITS   10000
+#  endif
+
+#  define OPENSSL_DSA_FIPS_MIN_MODULUS_BITS 1024
+
+typedef struct DSA_SIG_st DSA_SIG;
+DSA_SIG *DSA_SIG_new(void);
+void DSA_SIG_free(DSA_SIG *a);
+DECLARE_ASN1_ENCODE_FUNCTIONS_only(DSA_SIG, DSA_SIG)
+void DSA_SIG_get0(const DSA_SIG *sig, const BIGNUM **pr, const BIGNUM **ps);
+int DSA_SIG_set0(DSA_SIG *sig, BIGNUM *r, BIGNUM *s);
+
+
+#  ifndef OPENSSL_NO_DEPRECATED_1_1_0
 /*
 * Does nothing. Previously this switched off constant time behaviour.
 */
-#  define DSA_FLAG_NO_EXP_CONSTTIME       0x00
-# endif
+#   define DSA_FLAG_NO_EXP_CONSTTIME       0x00
+#  endif
+
+#  ifndef OPENSSL_NO_DEPRECATED_3_0
+#   define DSA_FLAG_CACHE_MONT_P   0x01

 /*
 * If this flag is set the DSA method is FIPS compliant and can be used in
@ -47,7 +88,7 @@ extern "C" {
 * result is compliant.
 */

-# define DSA_FLAG_FIPS_METHOD                    0x0400
+#   define DSA_FLAG_FIPS_METHOD                    0x0400

 /*
 * If this flag is set the operations normally disabled in FIPS mode are
@ -55,190 +96,185 @@ extern "C" {
 * usage is compliant.
 */

-# define DSA_FLAG_NON_FIPS_ALLOW                 0x0400
-# define DSA_FLAG_FIPS_CHECKED                   0x0800
+#   define DSA_FLAG_NON_FIPS_ALLOW                 0x0400
+#   define DSA_FLAG_FIPS_CHECKED                   0x0800

 /* Already defined in ossl_typ.h */
 /* typedef struct dsa_st DSA; */
 /* typedef struct dsa_method DSA_METHOD; */

-typedef struct DSA_SIG_st DSA_SIG;
+#   define d2i_DSAparams_fp(fp, x) \
+        (DSA *)ASN1_d2i_fp((char *(*)())DSA_new, \
+                           (char *(*)())d2i_DSAparams, (fp), \
+                           (unsigned char **)(x))
+#   define i2d_DSAparams_fp(fp, x) \
+        ASN1_i2d_fp(i2d_DSAparams, (fp), (unsigned char *)(x))
+#   define d2i_DSAparams_bio(bp, x) \
+        ASN1_d2i_bio_of(DSA, DSA_new, d2i_DSAparams, bp, x)
+#   define i2d_DSAparams_bio(bp, x) \
+        ASN1_i2d_bio_of(DSA, i2d_DSAparams, bp, x)

-# define d2i_DSAparams_fp(fp,x) (DSA *)ASN1_d2i_fp((char *(*)())DSA_new, \
-                (char *(*)())d2i_DSAparams,(fp),(unsigned char **)(x))
-# define i2d_DSAparams_fp(fp,x) ASN1_i2d_fp(i2d_DSAparams,(fp), \
-                (unsigned char *)(x))
-# define d2i_DSAparams_bio(bp,x) ASN1_d2i_bio_of(DSA,DSA_new,d2i_DSAparams,bp,x)
-# define i2d_DSAparams_bio(bp,x) ASN1_i2d_bio_of_const(DSA,i2d_DSAparams,bp,x)
+DECLARE_ASN1_DUP_FUNCTION_name_attr(OSSL_DEPRECATEDIN_3_0, DSA, DSAparams)
+OSSL_DEPRECATEDIN_3_0 DSA_SIG *DSA_do_sign(const unsigned char *dgst, int dlen,
+                                           DSA *dsa);
+OSSL_DEPRECATEDIN_3_0 int DSA_do_verify(const unsigned char *dgst, int dgst_len,
+                                        DSA_SIG *sig, DSA *dsa);

-DSA *DSAparams_dup(DSA *x);
-DSA_SIG *DSA_SIG_new(void);
-void DSA_SIG_free(DSA_SIG *a);
-int i2d_DSA_SIG(const DSA_SIG *a, unsigned char **pp);
-DSA_SIG *d2i_DSA_SIG(DSA_SIG **v, const unsigned char **pp, long length);
-void DSA_SIG_get0(const DSA_SIG *sig, const BIGNUM **pr, const BIGNUM **ps);
-int DSA_SIG_set0(DSA_SIG *sig, BIGNUM *r, BIGNUM *s);
+OSSL_DEPRECATEDIN_3_0 const DSA_METHOD *DSA_OpenSSL(void);

-DSA_SIG *DSA_do_sign(const unsigned char *dgst, int dlen, DSA *dsa);
-int DSA_do_verify(const unsigned char *dgst, int dgst_len,
-                  DSA_SIG *sig, DSA *dsa);
+OSSL_DEPRECATEDIN_3_0 void DSA_set_default_method(const DSA_METHOD *);
+OSSL_DEPRECATEDIN_3_0 const DSA_METHOD *DSA_get_default_method(void);
+OSSL_DEPRECATEDIN_3_0 int DSA_set_method(DSA *dsa, const DSA_METHOD *);
+OSSL_DEPRECATEDIN_3_0 const DSA_METHOD *DSA_get_method(DSA *d);

-const DSA_METHOD *DSA_OpenSSL(void);
-
-void DSA_set_default_method(const DSA_METHOD *);
-const DSA_METHOD *DSA_get_default_method(void);
-int DSA_set_method(DSA *dsa, const DSA_METHOD *);
-const DSA_METHOD *DSA_get_method(DSA *d);
-
-DSA *DSA_new(void);
-DSA *DSA_new_method(ENGINE *engine);
-void DSA_free(DSA *r);
+OSSL_DEPRECATEDIN_3_0 DSA *DSA_new(void);
+OSSL_DEPRECATEDIN_3_0 DSA *DSA_new_method(ENGINE *engine);
+OSSL_DEPRECATEDIN_3_0 void DSA_free(DSA *r);
 /* "up" the DSA object's reference count */
-int DSA_up_ref(DSA *r);
-int DSA_size(const DSA *);
-int DSA_bits(const DSA *d);
-int DSA_security_bits(const DSA *d);
+OSSL_DEPRECATEDIN_3_0 int DSA_up_ref(DSA *r);
+OSSL_DEPRECATEDIN_3_0 int DSA_size(const DSA *);
+OSSL_DEPRECATEDIN_3_0 int DSA_bits(const DSA *d);
+OSSL_DEPRECATEDIN_3_0 int DSA_security_bits(const DSA *d);
        /* next 4 return -1 on error */
-DEPRECATEDIN_1_2_0(int DSA_sign_setup(DSA *dsa, BN_CTX *ctx_in, BIGNUM **kinvp, BIGNUM **rp))
-int DSA_sign(int type, const unsigned char *dgst, int dlen,
-             unsigned char *sig, unsigned int *siglen, DSA *dsa);
-int DSA_verify(int type, const unsigned char *dgst, int dgst_len,
-               const unsigned char *sigbuf, int siglen, DSA *dsa);
-#define DSA_get_ex_new_index(l, p, newf, dupf, freef) \
-    CRYPTO_get_ex_new_index(CRYPTO_EX_INDEX_DSA, l, p, newf, dupf, freef)
-int DSA_set_ex_data(DSA *d, int idx, void *arg);
-void *DSA_get_ex_data(DSA *d, int idx);
+OSSL_DEPRECATEDIN_3_0 int DSA_sign_setup(DSA *dsa, BN_CTX *ctx_in,
+                                         BIGNUM **kinvp, BIGNUM **rp);
+OSSL_DEPRECATEDIN_3_0 int DSA_sign(int type, const unsigned char *dgst,
+                                   int dlen, unsigned char *sig,
+                                   unsigned int *siglen, DSA *dsa);
+OSSL_DEPRECATEDIN_3_0 int DSA_verify(int type, const unsigned char *dgst,
+                                     int dgst_len, const unsigned char *sigbuf,
+                                     int siglen, DSA *dsa);

-DSA *d2i_DSAPublicKey(DSA **a, const unsigned char **pp, long length);
-DSA *d2i_DSAPrivateKey(DSA **a, const unsigned char **pp, long length);
-DSA *d2i_DSAparams(DSA **a, const unsigned char **pp, long length);
+#   define DSA_get_ex_new_index(l, p, newf, dupf, freef) \
+        CRYPTO_get_ex_new_index(CRYPTO_EX_INDEX_DSA, l, p, newf, dupf, freef)
+OSSL_DEPRECATEDIN_3_0 int DSA_set_ex_data(DSA *d, int idx, void *arg);
+OSSL_DEPRECATEDIN_3_0 void *DSA_get_ex_data(const DSA *d, int idx);

+DECLARE_ASN1_ENCODE_FUNCTIONS_only_attr(OSSL_DEPRECATEDIN_3_0,
+                                        DSA, DSAPublicKey)
+DECLARE_ASN1_ENCODE_FUNCTIONS_only_attr(OSSL_DEPRECATEDIN_3_0,
+                                        DSA, DSAPrivateKey)
+DECLARE_ASN1_ENCODE_FUNCTIONS_only_attr(OSSL_DEPRECATEDIN_3_0,
+                                        DSA, DSAparams)
+#  endif
+
+#  ifndef OPENSSL_NO_DEPRECATED_0_9_8
 /* Deprecated version */
-DEPRECATEDIN_0_9_8(DSA *DSA_generate_parameters(int bits,
-                                                unsigned char *seed,
-                                                int seed_len,
-                                                int *counter_ret,
-                                                unsigned long *h_ret, void
-                                                 (*callback) (int, int,
-                                                              void *),
-                                                void *cb_arg))
+OSSL_DEPRECATEDIN_0_9_8
+DSA *DSA_generate_parameters(int bits, unsigned char *seed, int seed_len,
+                             int *counter_ret, unsigned long *h_ret,
+                             void (*callback) (int, int, void *),
+                             void *cb_arg);
+#  endif

+#  ifndef OPENSSL_NO_DEPRECATED_3_0
 /* New version */
-int DSA_generate_parameters_ex(DSA *dsa, int bits,
-                               const unsigned char *seed, int seed_len,
-                               int *counter_ret, unsigned long *h_ret,
-                               BN_GENCB *cb);
+OSSL_DEPRECATEDIN_3_0 int DSA_generate_parameters_ex(DSA *dsa, int bits,
+                                                     const unsigned char *seed,
+                                                     int seed_len,
+                                                     int *counter_ret,
+                                                     unsigned long *h_ret,
+                                                     BN_GENCB *cb);

-int DSA_generate_key(DSA *a);
-int i2d_DSAPublicKey(const DSA *a, unsigned char **pp);
-int i2d_DSAPrivateKey(const DSA *a, unsigned char **pp);
-int i2d_DSAparams(const DSA *a, unsigned char **pp);
+OSSL_DEPRECATEDIN_3_0 int DSA_generate_key(DSA *a);

-int DSAparams_print(BIO *bp, const DSA *x);
-int DSA_print(BIO *bp, const DSA *x, int off);
-# ifndef OPENSSL_NO_STDIO
-int DSAparams_print_fp(FILE *fp, const DSA *x);
-int DSA_print_fp(FILE *bp, const DSA *x, int off);
-# endif
+OSSL_DEPRECATEDIN_3_0 int DSAparams_print(BIO *bp, const DSA *x);
+OSSL_DEPRECATEDIN_3_0 int DSA_print(BIO *bp, const DSA *x, int off);
+#   ifndef OPENSSL_NO_STDIO
+OSSL_DEPRECATEDIN_3_0 int DSAparams_print_fp(FILE *fp, const DSA *x);
+OSSL_DEPRECATEDIN_3_0 int DSA_print_fp(FILE *bp, const DSA *x, int off);
+#   endif

-# define DSS_prime_checks 64
+#   define DSS_prime_checks 64
 /*
 * Primality test according to FIPS PUB 186-4, Appendix C.3. Since we only
 * have one value here we set the number of checks to 64 which is the 128 bit
 * security level that is the highest level and valid for creating a 3072 bit
 * DSA key.
 */
-# define DSA_is_prime(n, callback, cb_arg) \
-        BN_is_prime(n, DSS_prime_checks, callback, NULL, cb_arg)
+#   define DSA_is_prime(n, callback, cb_arg) \
+            BN_is_prime(n, DSS_prime_checks, callback, NULL, cb_arg)

-# ifndef OPENSSL_NO_DH
+#   ifndef OPENSSL_NO_DH
 /*
 * Convert DSA structure (key or just parameters) into DH structure (be
 * careful to avoid small subgroup attacks when using this!)
 */
-DH *DSA_dup_DH(const DSA *r);
-# endif
+OSSL_DEPRECATEDIN_3_0 DH *DSA_dup_DH(const DSA *r);
+#   endif

-# define EVP_PKEY_CTX_set_dsa_paramgen_bits(ctx, nbits) \
-        EVP_PKEY_CTX_ctrl(ctx, EVP_PKEY_DSA, EVP_PKEY_OP_PARAMGEN, \
-                                EVP_PKEY_CTRL_DSA_PARAMGEN_BITS, nbits, NULL)
-# define EVP_PKEY_CTX_set_dsa_paramgen_q_bits(ctx, qbits) \
-        EVP_PKEY_CTX_ctrl(ctx, EVP_PKEY_DSA, EVP_PKEY_OP_PARAMGEN, \
-                                EVP_PKEY_CTRL_DSA_PARAMGEN_Q_BITS, qbits, NULL)
-# define EVP_PKEY_CTX_set_dsa_paramgen_md(ctx, md) \
-        EVP_PKEY_CTX_ctrl(ctx, EVP_PKEY_DSA, EVP_PKEY_OP_PARAMGEN, \
-                                EVP_PKEY_CTRL_DSA_PARAMGEN_MD, 0, (void *)(md))
+OSSL_DEPRECATEDIN_3_0 void DSA_get0_pqg(const DSA *d, const BIGNUM **p,
+                                        const BIGNUM **q, const BIGNUM **g);
+OSSL_DEPRECATEDIN_3_0 int DSA_set0_pqg(DSA *d, BIGNUM *p, BIGNUM *q, BIGNUM *g);
+OSSL_DEPRECATEDIN_3_0 void DSA_get0_key(const DSA *d, const BIGNUM **pub_key,
+                                        const BIGNUM **priv_key);
+OSSL_DEPRECATEDIN_3_0 int DSA_set0_key(DSA *d, BIGNUM *pub_key,
+                                       BIGNUM *priv_key);
+OSSL_DEPRECATEDIN_3_0 const BIGNUM *DSA_get0_p(const DSA *d);
+OSSL_DEPRECATEDIN_3_0 const BIGNUM *DSA_get0_q(const DSA *d);
+OSSL_DEPRECATEDIN_3_0 const BIGNUM *DSA_get0_g(const DSA *d);
+OSSL_DEPRECATEDIN_3_0 const BIGNUM *DSA_get0_pub_key(const DSA *d);
+OSSL_DEPRECATEDIN_3_0 const BIGNUM *DSA_get0_priv_key(const DSA *d);
+OSSL_DEPRECATEDIN_3_0 void DSA_clear_flags(DSA *d, int flags);
+OSSL_DEPRECATEDIN_3_0 int DSA_test_flags(const DSA *d, int flags);
+OSSL_DEPRECATEDIN_3_0 void DSA_set_flags(DSA *d, int flags);
+OSSL_DEPRECATEDIN_3_0 ENGINE *DSA_get0_engine(DSA *d);

-# define EVP_PKEY_CTRL_DSA_PARAMGEN_BITS         (EVP_PKEY_ALG_CTRL + 1)
-# define EVP_PKEY_CTRL_DSA_PARAMGEN_Q_BITS       (EVP_PKEY_ALG_CTRL + 2)
-# define EVP_PKEY_CTRL_DSA_PARAMGEN_MD           (EVP_PKEY_ALG_CTRL + 3)
-
-void DSA_get0_pqg(const DSA *d,
-                  const BIGNUM **p, const BIGNUM **q, const BIGNUM **g);
-int DSA_set0_pqg(DSA *d, BIGNUM *p, BIGNUM *q, BIGNUM *g);
-void DSA_get0_key(const DSA *d,
-                  const BIGNUM **pub_key, const BIGNUM **priv_key);
-int DSA_set0_key(DSA *d, BIGNUM *pub_key, BIGNUM *priv_key);
-const BIGNUM *DSA_get0_p(const DSA *d);
-const BIGNUM *DSA_get0_q(const DSA *d);
-const BIGNUM *DSA_get0_g(const DSA *d);
-const BIGNUM *DSA_get0_pub_key(const DSA *d);
-const BIGNUM *DSA_get0_priv_key(const DSA *d);
-void DSA_clear_flags(DSA *d, int flags);
-int DSA_test_flags(const DSA *d, int flags);
-void DSA_set_flags(DSA *d, int flags);
-ENGINE *DSA_get0_engine(DSA *d);
-
-DSA_METHOD *DSA_meth_new(const char *name, int flags);
-void DSA_meth_free(DSA_METHOD *dsam);
-DSA_METHOD *DSA_meth_dup(const DSA_METHOD *dsam);
-const char *DSA_meth_get0_name(const DSA_METHOD *dsam);
-int DSA_meth_set1_name(DSA_METHOD *dsam, const char *name);
-int DSA_meth_get_flags(const DSA_METHOD *dsam);
-int DSA_meth_set_flags(DSA_METHOD *dsam, int flags);
-void *DSA_meth_get0_app_data(const DSA_METHOD *dsam);
-int DSA_meth_set0_app_data(DSA_METHOD *dsam, void *app_data);
-DSA_SIG *(*DSA_meth_get_sign(const DSA_METHOD *dsam))
+OSSL_DEPRECATEDIN_3_0 DSA_METHOD *DSA_meth_new(const char *name, int flags);
+OSSL_DEPRECATEDIN_3_0 void DSA_meth_free(DSA_METHOD *dsam);
+OSSL_DEPRECATEDIN_3_0 DSA_METHOD *DSA_meth_dup(const DSA_METHOD *dsam);
+OSSL_DEPRECATEDIN_3_0 const char *DSA_meth_get0_name(const DSA_METHOD *dsam);
+OSSL_DEPRECATEDIN_3_0 int DSA_meth_set1_name(DSA_METHOD *dsam,
+                                             const char *name);
+OSSL_DEPRECATEDIN_3_0 int DSA_meth_get_flags(const DSA_METHOD *dsam);
+OSSL_DEPRECATEDIN_3_0 int DSA_meth_set_flags(DSA_METHOD *dsam, int flags);
+OSSL_DEPRECATEDIN_3_0 void *DSA_meth_get0_app_data(const DSA_METHOD *dsam);
+OSSL_DEPRECATEDIN_3_0 int DSA_meth_set0_app_data(DSA_METHOD *dsam,
+                                                 void *app_data);
+OSSL_DEPRECATEDIN_3_0 DSA_SIG *(*DSA_meth_get_sign(const DSA_METHOD *dsam))
        (const unsigned char *, int, DSA *);
-int DSA_meth_set_sign(DSA_METHOD *dsam,
+OSSL_DEPRECATEDIN_3_0 int DSA_meth_set_sign(DSA_METHOD *dsam,
                       DSA_SIG *(*sign) (const unsigned char *, int, DSA *));
-int (*DSA_meth_get_sign_setup(const DSA_METHOD *dsam))
+OSSL_DEPRECATEDIN_3_0 int (*DSA_meth_get_sign_setup(const DSA_METHOD *dsam))
        (DSA *, BN_CTX *, BIGNUM **, BIGNUM **);
-int DSA_meth_set_sign_setup(DSA_METHOD *dsam,
+OSSL_DEPRECATEDIN_3_0 int DSA_meth_set_sign_setup(DSA_METHOD *dsam,
        int (*sign_setup) (DSA *, BN_CTX *, BIGNUM **, BIGNUM **));
-int (*DSA_meth_get_verify(const DSA_METHOD *dsam))
+OSSL_DEPRECATEDIN_3_0 int (*DSA_meth_get_verify(const DSA_METHOD *dsam))
        (const unsigned char *, int, DSA_SIG *, DSA *);
-int DSA_meth_set_verify(DSA_METHOD *dsam,
+OSSL_DEPRECATEDIN_3_0 int DSA_meth_set_verify(DSA_METHOD *dsam,
    int (*verify) (const unsigned char *, int, DSA_SIG *, DSA *));
-int (*DSA_meth_get_mod_exp(const DSA_METHOD *dsam))
+OSSL_DEPRECATEDIN_3_0 int (*DSA_meth_get_mod_exp(const DSA_METHOD *dsam))
        (DSA *, BIGNUM *, const BIGNUM *, const BIGNUM *, const BIGNUM *,
         const BIGNUM *, const BIGNUM *, BN_CTX *, BN_MONT_CTX *);
-int DSA_meth_set_mod_exp(DSA_METHOD *dsam,
+OSSL_DEPRECATEDIN_3_0 int DSA_meth_set_mod_exp(DSA_METHOD *dsam,
    int (*mod_exp) (DSA *, BIGNUM *, const BIGNUM *, const BIGNUM *,
                    const BIGNUM *, const BIGNUM *, const BIGNUM *, BN_CTX *,
                    BN_MONT_CTX *));
-int (*DSA_meth_get_bn_mod_exp(const DSA_METHOD *dsam))
+OSSL_DEPRECATEDIN_3_0 int (*DSA_meth_get_bn_mod_exp(const DSA_METHOD *dsam))
    (DSA *, BIGNUM *, const BIGNUM *, const BIGNUM *, const BIGNUM *,
     BN_CTX *, BN_MONT_CTX *);
-int DSA_meth_set_bn_mod_exp(DSA_METHOD *dsam,
+OSSL_DEPRECATEDIN_3_0 int DSA_meth_set_bn_mod_exp(DSA_METHOD *dsam,
    int (*bn_mod_exp) (DSA *, BIGNUM *, const BIGNUM *, const BIGNUM *,
                       const BIGNUM *, BN_CTX *, BN_MONT_CTX *));
-int (*DSA_meth_get_init(const DSA_METHOD *dsam))(DSA *);
-int DSA_meth_set_init(DSA_METHOD *dsam, int (*init)(DSA *));
-int (*DSA_meth_get_finish(const DSA_METHOD *dsam)) (DSA *);
-int DSA_meth_set_finish(DSA_METHOD *dsam, int (*finish) (DSA *));
-int (*DSA_meth_get_paramgen(const DSA_METHOD *dsam))
+OSSL_DEPRECATEDIN_3_0 int (*DSA_meth_get_init(const DSA_METHOD *dsam))(DSA *);
+OSSL_DEPRECATEDIN_3_0 int DSA_meth_set_init(DSA_METHOD *dsam,
+                                            int (*init)(DSA *));
+OSSL_DEPRECATEDIN_3_0 int (*DSA_meth_get_finish(const DSA_METHOD *dsam))(DSA *);
+OSSL_DEPRECATEDIN_3_0 int DSA_meth_set_finish(DSA_METHOD *dsam,
+                                              int (*finish)(DSA *));
+OSSL_DEPRECATEDIN_3_0 int (*DSA_meth_get_paramgen(const DSA_METHOD *dsam))
        (DSA *, int, const unsigned char *, int, int *, unsigned long *,
         BN_GENCB *);
-int DSA_meth_set_paramgen(DSA_METHOD *dsam,
+OSSL_DEPRECATEDIN_3_0 int DSA_meth_set_paramgen(DSA_METHOD *dsam,
        int (*paramgen) (DSA *, int, const unsigned char *, int, int *,
                         unsigned long *, BN_GENCB *));
-int (*DSA_meth_get_keygen(const DSA_METHOD *dsam)) (DSA *);
-int DSA_meth_set_keygen(DSA_METHOD *dsam, int (*keygen) (DSA *));
+OSSL_DEPRECATEDIN_3_0 int (*DSA_meth_get_keygen(const DSA_METHOD *dsam))(DSA *);
+OSSL_DEPRECATEDIN_3_0 int DSA_meth_set_keygen(DSA_METHOD *dsam,
+                                              int (*keygen) (DSA *));

-
-#  ifdef  __cplusplus
-}
 #  endif
 # endif
+# ifdef  __cplusplus
+}
+# endif
 #endif
--- a/src/3rdparty/win32_include/openssl/dsaerr.h
+++ b/src/3rdparty/win32_include/openssl/dsaerr.h
@ -1,59 +1,29 @@
 /*
 * Generated by util/mkerr.pl DO NOT EDIT
- * Copyright 1995-2019 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 1995-2023 The OpenSSL Project Authors. All Rights Reserved.
 *
- * Licensed under the OpenSSL license (the "License").  You may not use
+ * Licensed under the Apache License 2.0 (the "License").  You may not use
 * this file except in compliance with the License.  You can obtain a copy
 * in the file LICENSE in the source distribution or at
 * https://www.openssl.org/source/license.html
 */

-#ifndef HEADER_DSAERR_H
-# define HEADER_DSAERR_H
-
-# ifndef HEADER_SYMHACKS_H
-#  include <openssl/symhacks.h>
-# endif
+#ifndef OPENSSL_DSAERR_H
+# define OPENSSL_DSAERR_H
+# pragma once

 # include <openssl/opensslconf.h>
+# include <openssl/symhacks.h>
+# include <openssl/cryptoerr_legacy.h>
+

 # ifndef OPENSSL_NO_DSA

-#  ifdef  __cplusplus
-extern "C"
-#  endif
-int ERR_load_DSA_strings(void);
-
-/*
- * DSA function codes.
- */
-#  define DSA_F_DSAPARAMS_PRINT                            100
-#  define DSA_F_DSAPARAMS_PRINT_FP                         101
-#  define DSA_F_DSA_BUILTIN_PARAMGEN                       125
-#  define DSA_F_DSA_BUILTIN_PARAMGEN2                      126
-#  define DSA_F_DSA_DO_SIGN                                112
-#  define DSA_F_DSA_DO_VERIFY                              113
-#  define DSA_F_DSA_METH_DUP                               127
-#  define DSA_F_DSA_METH_NEW                               128
-#  define DSA_F_DSA_METH_SET1_NAME                         129
-#  define DSA_F_DSA_NEW_METHOD                             103
-#  define DSA_F_DSA_PARAM_DECODE                           119
-#  define DSA_F_DSA_PRINT_FP                               105
-#  define DSA_F_DSA_PRIV_DECODE                            115
-#  define DSA_F_DSA_PRIV_ENCODE                            116
-#  define DSA_F_DSA_PUB_DECODE                             117
-#  define DSA_F_DSA_PUB_ENCODE                             118
-#  define DSA_F_DSA_SIGN                                   106
-#  define DSA_F_DSA_SIGN_SETUP                             107
-#  define DSA_F_DSA_SIG_NEW                                102
-#  define DSA_F_OLD_DSA_PRIV_DECODE                        122
-#  define DSA_F_PKEY_DSA_CTRL                              120
-#  define DSA_F_PKEY_DSA_CTRL_STR                          104
-#  define DSA_F_PKEY_DSA_KEYGEN                            121

 /*
 * DSA reason codes.
 */
+#  define DSA_R_BAD_FFC_PARAMETERS                         114
 #  define DSA_R_BAD_Q_VALUE                                102
 #  define DSA_R_BN_DECODE_ERROR                            108
 #  define DSA_R_BN_ERROR                                   109
@ -65,8 +35,10 @@ int ERR_load_DSA_strings(void);
 #  define DSA_R_MODULUS_TOO_LARGE                          103
 #  define DSA_R_NO_PARAMETERS_SET                          107
 #  define DSA_R_PARAMETER_ENCODING_ERROR                   105
+#  define DSA_R_P_NOT_PRIME                                115
 #  define DSA_R_Q_NOT_PRIME                                113
 #  define DSA_R_SEED_LEN_SMALL                             110
+#  define DSA_R_TOO_MANY_RETRIES                           116

 # endif
 #endif
--- a/src/3rdparty/win32_include/openssl/dtls1.h
+++ b/src/3rdparty/win32_include/openssl/dtls1.h
@ -1,36 +1,42 @@
 /*
- * Copyright 2005-2018 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 2005-2021 The OpenSSL Project Authors. All Rights Reserved.
 *
- * Licensed under the OpenSSL license (the "License").  You may not use
+ * Licensed under the Apache License 2.0 (the "License").  You may not use
 * this file except in compliance with the License.  You can obtain a copy
 * in the file LICENSE in the source distribution or at
 * https://www.openssl.org/source/license.html
 */

-#ifndef HEADER_DTLS1_H
-# define HEADER_DTLS1_H
+#ifndef OPENSSL_DTLS1_H
+# define OPENSSL_DTLS1_H
+# pragma once
+
+# include <openssl/macros.h>
+# ifndef OPENSSL_NO_DEPRECATED_3_0
+#  define HEADER_DTLS1_H
+# endif
+
+# include <openssl/prov_ssl.h>

 #ifdef  __cplusplus
 extern "C" {
 #endif

-# define DTLS1_VERSION                   0xFEFF
-# define DTLS1_2_VERSION                 0xFEFD
-# define DTLS_MIN_VERSION                DTLS1_VERSION
-# define DTLS_MAX_VERSION                DTLS1_2_VERSION
-# define DTLS1_VERSION_MAJOR             0xFE
+#include <openssl/opensslconf.h>

-# define DTLS1_BAD_VER                   0x0100
+/* DTLS*_VERSION constants are defined in prov_ssl.h */
+# ifndef OPENSSL_NO_DEPRECATED_3_0
+#  define DTLS_MIN_VERSION                DTLS1_VERSION
+#  define DTLS_MAX_VERSION                DTLS1_2_VERSION
+# endif
+# define DTLS1_VERSION_MAJOR             0xFE

 /* Special value for method supporting multiple versions */
 # define DTLS_ANY_VERSION                0x1FFFF

 /* lengths of messages */
-/*
- * Actually the max cookie length in DTLS is 255. But we can't change this now
- * due to compatibility concerns.
- */
-# define DTLS1_COOKIE_LENGTH                     256
+
+# define DTLS1_COOKIE_LENGTH                     255

 # define DTLS1_RT_HEADER_LENGTH                  13

@ -43,10 +49,6 @@ extern "C" {

 # define DTLS1_AL_HEADER_LENGTH                   2

-/* Timeout multipliers */
-# define DTLS1_TMO_READ_COUNT                      2
-# define DTLS1_TMO_WRITE_COUNT                     2
-
 # define DTLS1_TMO_ALERT_COUNT                     12

 #ifdef  __cplusplus
--- a/src/3rdparty/win32_include/openssl/e_os2.h
+++ b/src/3rdparty/win32_include/openssl/e_os2.h
@ -1,14 +1,20 @@
 /*
- * Copyright 1995-2020 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 1995-2022 The OpenSSL Project Authors. All Rights Reserved.
 *
- * Licensed under the OpenSSL license (the "License").  You may not use
+ * Licensed under the Apache License 2.0 (the "License").  You may not use
 * this file except in compliance with the License.  You can obtain a copy
 * in the file LICENSE in the source distribution or at
 * https://www.openssl.org/source/license.html
 */

-#ifndef HEADER_E_OS2_H
-# define HEADER_E_OS2_H
+#ifndef OPENSSL_E_OS2_H
+# define OPENSSL_E_OS2_H
+# pragma once
+
+# include <openssl/macros.h>
+# ifndef OPENSSL_NO_DEPRECATED_3_0
+#  define HEADER_E_OS2_H
+# endif

 # include <openssl/opensslconf.h>

@ -96,11 +102,11 @@ extern "C" {
 # endif

 /* ------------------------------- OpenVMS -------------------------------- */
-# if defined(__VMS) || defined(VMS) || defined(OPENSSL_SYS_VMS)
+# if defined(__VMS) || defined(VMS)
 #  if !defined(OPENSSL_SYS_VMS)
 #   undef OPENSSL_SYS_UNIX
+#   define OPENSSL_SYS_VMS
 #  endif
-#  define OPENSSL_SYS_VMS
 #  if defined(__DECC)
 #   define OPENSSL_SYS_VMS_DECC
 #  elif defined(__DECCXX)
@ -132,19 +138,25 @@ extern "C" {
 #  endif
 # endif

+/* ---------------------------- HP NonStop -------------------------------- */
+# ifdef __TANDEM
+#  ifdef _STRING
+#   include <strings.h>
+#  endif
+# define OPENSSL_USE_BUILD_DATE
+# if defined(OPENSSL_THREADS) && defined(_SPT_MODEL_)
+#  define  SPT_THREAD_SIGNAL 1
+#  define  SPT_THREAD_AWARE 1
+#  include <spthread.h>
+# elif defined(OPENSSL_THREADS) && defined(_PUT_MODEL_)
+#  include <pthread.h>
+# endif
+# endif
+
 /**
 * That's it for OS-specific stuff
 *****************************************************************************/

-/* Specials for I/O an exit */
-# ifdef OPENSSL_SYS_MSDOS
-#  define OPENSSL_UNISTD_IO <io.h>
-#  define OPENSSL_DECLARE_EXIT extern void exit(int);
-# else
-#  define OPENSSL_UNISTD_IO OPENSSL_UNISTD
-#  define OPENSSL_DECLARE_EXIT  /* declared in unistd.h */
-# endif
-
 /*-
 * OPENSSL_EXTERN is normally used to declare a symbol with possible extra
 * attributes to handle its presence in a shared library.
@ -172,29 +184,6 @@ extern "C" {
 #  define OPENSSL_EXTERN extern
 # endif

-/*-
- * Macros to allow global variables to be reached through function calls when
- * required (if a shared library version requires it, for example.
- * The way it's done allows definitions like this:
- *
- *      // in foobar.c
- *      OPENSSL_IMPLEMENT_GLOBAL(int,foobar,0)
- *      // in foobar.h
- *      OPENSSL_DECLARE_GLOBAL(int,foobar);
- *      #define foobar OPENSSL_GLOBAL_REF(foobar)
- */
-# ifdef OPENSSL_EXPORT_VAR_AS_FUNCTION
-#  define OPENSSL_IMPLEMENT_GLOBAL(type,name,value)                      \
-        type *_shadow_##name(void)                                      \
-        { static type _hide_##name=value; return &_hide_##name; }
-#  define OPENSSL_DECLARE_GLOBAL(type,name) type *_shadow_##name(void)
-#  define OPENSSL_GLOBAL_REF(name) (*(_shadow_##name()))
-# else
-#  define OPENSSL_IMPLEMENT_GLOBAL(type,name,value) type _shadow_##name=value;
-#  define OPENSSL_DECLARE_GLOBAL(type,name) OPENSSL_EXPORT type _shadow_##name
-#  define OPENSSL_GLOBAL_REF(name) _shadow_##name
-# endif
-
 # ifdef _WIN32
 #  ifdef _WIN64
 #   define ossl_ssize_t __int64
@ -221,13 +210,15 @@ extern "C" {
 #  endif
 # endif

-# ifdef DEBUG_UNUSED
+# if defined(UNUSEDRESULT_DEBUG)
 #  define __owur __attribute__((__warn_unused_result__))
 # else
 #  define __owur
 # endif

 /* Standard integer types */
+# define OPENSSL_NO_INTTYPES_H
+# define OPENSSL_NO_STDINT_H
 # if defined(OPENSSL_SYS_UEFI)
 typedef INT8 int8_t;
 typedef UINT8 uint8_t;
@ -241,6 +232,9 @@ typedef UINT64 uint64_t;
     defined(__osf__) || defined(__sgi) || defined(__hpux) || \
     defined(OPENSSL_SYS_VMS) || defined (__OpenBSD__)
 #  include <inttypes.h>
+#  undef OPENSSL_NO_INTTYPES_H
+/* Because the specs say that inttypes.h includes stdint.h if present */
+#  undef OPENSSL_NO_STDINT_H
 # elif defined(_MSC_VER) && _MSC_VER<1600
 /*
 * minimally required typdefs for systems not supporting inttypes.h or
@ -254,8 +248,21 @@ typedef int int32_t;
 typedef unsigned int uint32_t;
 typedef __int64 int64_t;
 typedef unsigned __int64 uint64_t;
+# elif defined(OPENSSL_SYS_TANDEM)
+#  include <stdint.h>
+#  include <sys/types.h>
 # else
 #  include <stdint.h>
+#  undef OPENSSL_NO_STDINT_H
+# endif
+# if defined(__STDC_VERSION__) && __STDC_VERSION__ >= 199901L && \
+    defined(INTMAX_MAX) && defined(UINTMAX_MAX)
+typedef intmax_t ossl_intmax_t;
+typedef uintmax_t ossl_uintmax_t;
+# else
+/* Fall back to the largest we know we require and can handle */
+typedef int64_t ossl_intmax_t;
+typedef uint64_t ossl_uintmax_t;
 # endif

 /* ossl_inline: portable inline definition usable in public headers */
@ -279,7 +286,8 @@ typedef unsigned __int64 uint64_t;
 #  define ossl_inline inline
 # endif

-# if defined(__STDC_VERSION__) && __STDC_VERSION__ >= 201112L
+# if defined(__STDC_VERSION__) && __STDC_VERSION__ >= 201112L && \
+     !defined(__cplusplus) 
 #  define ossl_noreturn _Noreturn
 # elif defined(__GNUC__) && __GNUC__ >= 2
 #  define ossl_noreturn __attribute__((noreturn))
--- a/src/3rdparty/win32_include/openssl/ebcdic.h
+++ b/src/3rdparty/win32_include/openssl/ebcdic.h
@ -1,14 +1,20 @@
 /*
 * Copyright 1999-2016 The OpenSSL Project Authors. All Rights Reserved.
 *
- * Licensed under the OpenSSL license (the "License").  You may not use
+ * Licensed under the Apache License 2.0 (the "License").  You may not use
 * this file except in compliance with the License.  You can obtain a copy
 * in the file LICENSE in the source distribution or at
 * https://www.openssl.org/source/license.html
 */

-#ifndef HEADER_EBCDIC_H
-# define HEADER_EBCDIC_H
+#ifndef OPENSSL_EBCDIC_H
+# define OPENSSL_EBCDIC_H
+# pragma once
+
+# include <openssl/macros.h>
+# ifndef OPENSSL_NO_DEPRECATED_3_0
+#  define HEADER_EBCDIC_H
+# endif

 # include <stdlib.h>

--- a/src/3rdparty/win32_include/openssl/ec.h
+++ b/src/3rdparty/win32_include/openssl/ec.h
--- a/src/3rdparty/win32_include/openssl/ecdh.h
+++ b/src/3rdparty/win32_include/openssl/ecdh.h
@ -1,7 +1,7 @@
 /*
 * Copyright 2002-2016 The OpenSSL Project Authors. All Rights Reserved.
 *
- * Licensed under the OpenSSL license (the "License").  You may not use
+ * Licensed under the Apache License 2.0 (the "License").  You may not use
 * this file except in compliance with the License.  You can obtain a copy
 * in the file LICENSE in the source distribution or at
 * https://www.openssl.org/source/license.html
--- a/src/3rdparty/win32_include/openssl/ecdsa.h
+++ b/src/3rdparty/win32_include/openssl/ecdsa.h
@ -1,7 +1,7 @@
 /*
 * Copyright 2002-2016 The OpenSSL Project Authors. All Rights Reserved.
 *
- * Licensed under the OpenSSL license (the "License").  You may not use
+ * Licensed under the Apache License 2.0 (the "License").  You may not use
 * this file except in compliance with the License.  You can obtain a copy
 * in the file LICENSE in the source distribution or at
 * https://www.openssl.org/source/license.html
--- a/src/3rdparty/win32_include/openssl/ecerr.h
+++ b/src/3rdparty/win32_include/openssl/ecerr.h
@ -1,206 +1,24 @@
 /*
 * Generated by util/mkerr.pl DO NOT EDIT
- * Copyright 1995-2020 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 1995-2023 The OpenSSL Project Authors. All Rights Reserved.
 *
- * Licensed under the OpenSSL license (the "License").  You may not use
+ * Licensed under the Apache License 2.0 (the "License").  You may not use
 * this file except in compliance with the License.  You can obtain a copy
 * in the file LICENSE in the source distribution or at
 * https://www.openssl.org/source/license.html
 */

-#ifndef HEADER_ECERR_H
-# define HEADER_ECERR_H
-
-# ifndef HEADER_SYMHACKS_H
-#  include <openssl/symhacks.h>
-# endif
+#ifndef OPENSSL_ECERR_H
+# define OPENSSL_ECERR_H
+# pragma once

 # include <openssl/opensslconf.h>
+# include <openssl/symhacks.h>
+# include <openssl/cryptoerr_legacy.h>
+

 # ifndef OPENSSL_NO_EC

-#  ifdef  __cplusplus
-extern "C"
-#  endif
-int ERR_load_EC_strings(void);
-
-/*
- * EC function codes.
- */
-#  define EC_F_BN_TO_FELEM                                 224
-#  define EC_F_D2I_ECPARAMETERS                            144
-#  define EC_F_D2I_ECPKPARAMETERS                          145
-#  define EC_F_D2I_ECPRIVATEKEY                            146
-#  define EC_F_DO_EC_KEY_PRINT                             221
-#  define EC_F_ECDH_CMS_DECRYPT                            238
-#  define EC_F_ECDH_CMS_SET_SHARED_INFO                    239
-#  define EC_F_ECDH_COMPUTE_KEY                            246
-#  define EC_F_ECDH_SIMPLE_COMPUTE_KEY                     257
-#  define EC_F_ECDSA_DO_SIGN_EX                            251
-#  define EC_F_ECDSA_DO_VERIFY                             252
-#  define EC_F_ECDSA_SIGN_EX                               254
-#  define EC_F_ECDSA_SIGN_SETUP                            248
-#  define EC_F_ECDSA_SIG_NEW                               265
-#  define EC_F_ECDSA_VERIFY                                253
-#  define EC_F_ECD_ITEM_VERIFY                             270
-#  define EC_F_ECKEY_PARAM2TYPE                            223
-#  define EC_F_ECKEY_PARAM_DECODE                          212
-#  define EC_F_ECKEY_PRIV_DECODE                           213
-#  define EC_F_ECKEY_PRIV_ENCODE                           214
-#  define EC_F_ECKEY_PUB_DECODE                            215
-#  define EC_F_ECKEY_PUB_ENCODE                            216
-#  define EC_F_ECKEY_TYPE2PARAM                            220
-#  define EC_F_ECPARAMETERS_PRINT                          147
-#  define EC_F_ECPARAMETERS_PRINT_FP                       148
-#  define EC_F_ECPKPARAMETERS_PRINT                        149
-#  define EC_F_ECPKPARAMETERS_PRINT_FP                     150
-#  define EC_F_ECP_NISTZ256_GET_AFFINE                     240
-#  define EC_F_ECP_NISTZ256_INV_MOD_ORD                    275
-#  define EC_F_ECP_NISTZ256_MULT_PRECOMPUTE                243
-#  define EC_F_ECP_NISTZ256_POINTS_MUL                     241
-#  define EC_F_ECP_NISTZ256_PRE_COMP_NEW                   244
-#  define EC_F_ECP_NISTZ256_WINDOWED_MUL                   242
-#  define EC_F_ECX_KEY_OP                                  266
-#  define EC_F_ECX_PRIV_ENCODE                             267
-#  define EC_F_ECX_PUB_ENCODE                              268
-#  define EC_F_EC_ASN1_GROUP2CURVE                         153
-#  define EC_F_EC_ASN1_GROUP2FIELDID                       154
-#  define EC_F_EC_GF2M_MONTGOMERY_POINT_MULTIPLY           208
-#  define EC_F_EC_GF2M_SIMPLE_FIELD_INV                    296
-#  define EC_F_EC_GF2M_SIMPLE_GROUP_CHECK_DISCRIMINANT     159
-#  define EC_F_EC_GF2M_SIMPLE_GROUP_SET_CURVE              195
-#  define EC_F_EC_GF2M_SIMPLE_LADDER_POST                  285
-#  define EC_F_EC_GF2M_SIMPLE_LADDER_PRE                   288
-#  define EC_F_EC_GF2M_SIMPLE_OCT2POINT                    160
-#  define EC_F_EC_GF2M_SIMPLE_POINT2OCT                    161
-#  define EC_F_EC_GF2M_SIMPLE_POINTS_MUL                   289
-#  define EC_F_EC_GF2M_SIMPLE_POINT_GET_AFFINE_COORDINATES 162
-#  define EC_F_EC_GF2M_SIMPLE_POINT_SET_AFFINE_COORDINATES 163
-#  define EC_F_EC_GF2M_SIMPLE_SET_COMPRESSED_COORDINATES   164
-#  define EC_F_EC_GFP_MONT_FIELD_DECODE                    133
-#  define EC_F_EC_GFP_MONT_FIELD_ENCODE                    134
-#  define EC_F_EC_GFP_MONT_FIELD_INV                       297
-#  define EC_F_EC_GFP_MONT_FIELD_MUL                       131
-#  define EC_F_EC_GFP_MONT_FIELD_SET_TO_ONE                209
-#  define EC_F_EC_GFP_MONT_FIELD_SQR                       132
-#  define EC_F_EC_GFP_MONT_GROUP_SET_CURVE                 189
-#  define EC_F_EC_GFP_NISTP224_GROUP_SET_CURVE             225
-#  define EC_F_EC_GFP_NISTP224_POINTS_MUL                  228
-#  define EC_F_EC_GFP_NISTP224_POINT_GET_AFFINE_COORDINATES 226
-#  define EC_F_EC_GFP_NISTP256_GROUP_SET_CURVE             230
-#  define EC_F_EC_GFP_NISTP256_POINTS_MUL                  231
-#  define EC_F_EC_GFP_NISTP256_POINT_GET_AFFINE_COORDINATES 232
-#  define EC_F_EC_GFP_NISTP521_GROUP_SET_CURVE             233
-#  define EC_F_EC_GFP_NISTP521_POINTS_MUL                  234
-#  define EC_F_EC_GFP_NISTP521_POINT_GET_AFFINE_COORDINATES 235
-#  define EC_F_EC_GFP_NIST_FIELD_MUL                       200
-#  define EC_F_EC_GFP_NIST_FIELD_SQR                       201
-#  define EC_F_EC_GFP_NIST_GROUP_SET_CURVE                 202
-#  define EC_F_EC_GFP_SIMPLE_BLIND_COORDINATES             287
-#  define EC_F_EC_GFP_SIMPLE_FIELD_INV                     298
-#  define EC_F_EC_GFP_SIMPLE_GROUP_CHECK_DISCRIMINANT      165
-#  define EC_F_EC_GFP_SIMPLE_GROUP_SET_CURVE               166
-#  define EC_F_EC_GFP_SIMPLE_MAKE_AFFINE                   102
-#  define EC_F_EC_GFP_SIMPLE_OCT2POINT                     103
-#  define EC_F_EC_GFP_SIMPLE_POINT2OCT                     104
-#  define EC_F_EC_GFP_SIMPLE_POINTS_MAKE_AFFINE            137
-#  define EC_F_EC_GFP_SIMPLE_POINT_GET_AFFINE_COORDINATES  167
-#  define EC_F_EC_GFP_SIMPLE_POINT_SET_AFFINE_COORDINATES  168
-#  define EC_F_EC_GFP_SIMPLE_SET_COMPRESSED_COORDINATES    169
-#  define EC_F_EC_GROUP_CHECK                              170
-#  define EC_F_EC_GROUP_CHECK_DISCRIMINANT                 171
-#  define EC_F_EC_GROUP_COPY                               106
-#  define EC_F_EC_GROUP_GET_CURVE                          291
-#  define EC_F_EC_GROUP_GET_CURVE_GF2M                     172
-#  define EC_F_EC_GROUP_GET_CURVE_GFP                      130
-#  define EC_F_EC_GROUP_GET_DEGREE                         173
-#  define EC_F_EC_GROUP_GET_ECPARAMETERS                   261
-#  define EC_F_EC_GROUP_GET_ECPKPARAMETERS                 262
-#  define EC_F_EC_GROUP_GET_PENTANOMIAL_BASIS              193
-#  define EC_F_EC_GROUP_GET_TRINOMIAL_BASIS                194
-#  define EC_F_EC_GROUP_NEW                                108
-#  define EC_F_EC_GROUP_NEW_BY_CURVE_NAME                  174
-#  define EC_F_EC_GROUP_NEW_FROM_DATA                      175
-#  define EC_F_EC_GROUP_NEW_FROM_ECPARAMETERS              263
-#  define EC_F_EC_GROUP_NEW_FROM_ECPKPARAMETERS            264
-#  define EC_F_EC_GROUP_SET_CURVE                          292
-#  define EC_F_EC_GROUP_SET_CURVE_GF2M                     176
-#  define EC_F_EC_GROUP_SET_CURVE_GFP                      109
-#  define EC_F_EC_GROUP_SET_GENERATOR                      111
-#  define EC_F_EC_GROUP_SET_SEED                           286
-#  define EC_F_EC_KEY_CHECK_KEY                            177
-#  define EC_F_EC_KEY_COPY                                 178
-#  define EC_F_EC_KEY_GENERATE_KEY                         179
-#  define EC_F_EC_KEY_NEW                                  182
-#  define EC_F_EC_KEY_NEW_METHOD                           245
-#  define EC_F_EC_KEY_OCT2PRIV                             255
-#  define EC_F_EC_KEY_PRINT                                180
-#  define EC_F_EC_KEY_PRINT_FP                             181
-#  define EC_F_EC_KEY_PRIV2BUF                             279
-#  define EC_F_EC_KEY_PRIV2OCT                             256
-#  define EC_F_EC_KEY_SET_PUBLIC_KEY_AFFINE_COORDINATES    229
-#  define EC_F_EC_KEY_SIMPLE_CHECK_KEY                     258
-#  define EC_F_EC_KEY_SIMPLE_OCT2PRIV                      259
-#  define EC_F_EC_KEY_SIMPLE_PRIV2OCT                      260
-#  define EC_F_EC_PKEY_CHECK                               273
-#  define EC_F_EC_PKEY_PARAM_CHECK                         274
-#  define EC_F_EC_POINTS_MAKE_AFFINE                       136
-#  define EC_F_EC_POINTS_MUL                               290
-#  define EC_F_EC_POINT_ADD                                112
-#  define EC_F_EC_POINT_BN2POINT                           280
-#  define EC_F_EC_POINT_CMP                                113
-#  define EC_F_EC_POINT_COPY                               114
-#  define EC_F_EC_POINT_DBL                                115
-#  define EC_F_EC_POINT_GET_AFFINE_COORDINATES             293
-#  define EC_F_EC_POINT_GET_AFFINE_COORDINATES_GF2M        183
-#  define EC_F_EC_POINT_GET_AFFINE_COORDINATES_GFP         116
-#  define EC_F_EC_POINT_GET_JPROJECTIVE_COORDINATES_GFP    117
-#  define EC_F_EC_POINT_INVERT                             210
-#  define EC_F_EC_POINT_IS_AT_INFINITY                     118
-#  define EC_F_EC_POINT_IS_ON_CURVE                        119
-#  define EC_F_EC_POINT_MAKE_AFFINE                        120
-#  define EC_F_EC_POINT_NEW                                121
-#  define EC_F_EC_POINT_OCT2POINT                          122
-#  define EC_F_EC_POINT_POINT2BUF                          281
-#  define EC_F_EC_POINT_POINT2OCT                          123
-#  define EC_F_EC_POINT_SET_AFFINE_COORDINATES             294
-#  define EC_F_EC_POINT_SET_AFFINE_COORDINATES_GF2M        185
-#  define EC_F_EC_POINT_SET_AFFINE_COORDINATES_GFP         124
-#  define EC_F_EC_POINT_SET_COMPRESSED_COORDINATES         295
-#  define EC_F_EC_POINT_SET_COMPRESSED_COORDINATES_GF2M    186
-#  define EC_F_EC_POINT_SET_COMPRESSED_COORDINATES_GFP     125
-#  define EC_F_EC_POINT_SET_JPROJECTIVE_COORDINATES_GFP    126
-#  define EC_F_EC_POINT_SET_TO_INFINITY                    127
-#  define EC_F_EC_PRE_COMP_NEW                             196
-#  define EC_F_EC_SCALAR_MUL_LADDER                        284
-#  define EC_F_EC_WNAF_MUL                                 187
-#  define EC_F_EC_WNAF_PRECOMPUTE_MULT                     188
-#  define EC_F_I2D_ECPARAMETERS                            190
-#  define EC_F_I2D_ECPKPARAMETERS                          191
-#  define EC_F_I2D_ECPRIVATEKEY                            192
-#  define EC_F_I2O_ECPUBLICKEY                             151
-#  define EC_F_NISTP224_PRE_COMP_NEW                       227
-#  define EC_F_NISTP256_PRE_COMP_NEW                       236
-#  define EC_F_NISTP521_PRE_COMP_NEW                       237
-#  define EC_F_O2I_ECPUBLICKEY                             152
-#  define EC_F_OLD_EC_PRIV_DECODE                          222
-#  define EC_F_OSSL_ECDH_COMPUTE_KEY                       247
-#  define EC_F_OSSL_ECDSA_SIGN_SIG                         249
-#  define EC_F_OSSL_ECDSA_VERIFY_SIG                       250
-#  define EC_F_PKEY_ECD_CTRL                               271
-#  define EC_F_PKEY_ECD_DIGESTSIGN                         272
-#  define EC_F_PKEY_ECD_DIGESTSIGN25519                    276
-#  define EC_F_PKEY_ECD_DIGESTSIGN448                      277
-#  define EC_F_PKEY_ECX_DERIVE                             269
-#  define EC_F_PKEY_EC_CTRL                                197
-#  define EC_F_PKEY_EC_CTRL_STR                            198
-#  define EC_F_PKEY_EC_DERIVE                              217
-#  define EC_F_PKEY_EC_INIT                                282
-#  define EC_F_PKEY_EC_KDF_DERIVE                          283
-#  define EC_F_PKEY_EC_KEYGEN                              199
-#  define EC_F_PKEY_EC_PARAMGEN                            219
-#  define EC_F_PKEY_EC_SIGN                                218
-#  define EC_F_VALIDATE_ECX_DERIVE                         278

 /*
 * EC reason codes.
@ -212,17 +30,22 @@ int ERR_load_EC_strings(void);
 #  define EC_R_CANNOT_INVERT                               165
 #  define EC_R_COORDINATES_OUT_OF_RANGE                    146
 #  define EC_R_CURVE_DOES_NOT_SUPPORT_ECDH                 160
+#  define EC_R_CURVE_DOES_NOT_SUPPORT_ECDSA                170
 #  define EC_R_CURVE_DOES_NOT_SUPPORT_SIGNING              159
-#  define EC_R_D2I_ECPKPARAMETERS_FAILURE                  117
 #  define EC_R_DECODE_ERROR                                142
 #  define EC_R_DISCRIMINANT_IS_ZERO                        118
 #  define EC_R_EC_GROUP_NEW_BY_NAME_FAILURE                119
+#  define EC_R_EXPLICIT_PARAMS_NOT_SUPPORTED               127
+#  define EC_R_FAILED_MAKING_PUBLIC_KEY                    166
 #  define EC_R_FIELD_TOO_LARGE                             143
 #  define EC_R_GF2M_NOT_SUPPORTED                          147
 #  define EC_R_GROUP2PKPARAMETERS_FAILURE                  120
 #  define EC_R_I2D_ECPKPARAMETERS_FAILURE                  121
 #  define EC_R_INCOMPATIBLE_OBJECTS                        101
+#  define EC_R_INVALID_A                                   168
 #  define EC_R_INVALID_ARGUMENT                            112
+#  define EC_R_INVALID_B                                   169
+#  define EC_R_INVALID_COFACTOR                            171
 #  define EC_R_INVALID_COMPRESSED_POINT                    110
 #  define EC_R_INVALID_COMPRESSION_BIT                     109
 #  define EC_R_INVALID_CURVE                               141
@ -231,12 +54,17 @@ int ERR_load_EC_strings(void);
 #  define EC_R_INVALID_ENCODING                            102
 #  define EC_R_INVALID_FIELD                               103
 #  define EC_R_INVALID_FORM                                104
+#  define EC_R_INVALID_GENERATOR                           173
 #  define EC_R_INVALID_GROUP_ORDER                         122
 #  define EC_R_INVALID_KEY                                 116
+#  define EC_R_INVALID_LENGTH                              117
+#  define EC_R_INVALID_NAMED_GROUP_CONVERSION              174
 #  define EC_R_INVALID_OUTPUT_LENGTH                       161
+#  define EC_R_INVALID_P                                   172
 #  define EC_R_INVALID_PEER_KEY                            133
 #  define EC_R_INVALID_PENTANOMIAL_BASIS                   132
 #  define EC_R_INVALID_PRIVATE_KEY                         123
+#  define EC_R_INVALID_SEED                                175
 #  define EC_R_INVALID_TRINOMIAL_BASIS                     137
 #  define EC_R_KDF_PARAMETER_ERROR                         148
 #  define EC_R_KEYS_NOT_SET                                140
@ -255,7 +83,6 @@ int ERR_load_EC_strings(void);
 #  define EC_R_OPERATION_NOT_SUPPORTED                     152
 #  define EC_R_PASSED_NULL_PARAMETER                       134
 #  define EC_R_PEER_KEY_ERROR                              149
-#  define EC_R_PKPARAMETERS2GROUP_FAILURE                  127
 #  define EC_R_POINT_ARITHMETIC_FAILURE                    155
 #  define EC_R_POINT_AT_INFINITY                           106
 #  define EC_R_POINT_COORDINATES_BLIND_FAILURE             163
@ -263,6 +90,7 @@ int ERR_load_EC_strings(void);
 #  define EC_R_RANDOM_NUMBER_GENERATION_FAILED             158
 #  define EC_R_SHARED_INFO_ERROR                           150
 #  define EC_R_SLOT_FULL                                   108
+#  define EC_R_TOO_MANY_RETRIES                            176
 #  define EC_R_UNDEFINED_GENERATOR                         113
 #  define EC_R_UNDEFINED_ORDER                             128
 #  define EC_R_UNKNOWN_COFACTOR                            164
--- a/src/3rdparty/win32_include/openssl/encoder.h
+++ b/src/3rdparty/win32_include/openssl/encoder.h
@ -0,0 +1,124 @@
+/*
+ * Copyright 2019-2021 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the Apache License 2.0 (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#ifndef OPENSSL_ENCODER_H
+# define OPENSSL_ENCODER_H
+# pragma once
+
+# include <openssl/opensslconf.h>
+
+# ifndef OPENSSL_NO_STDIO
+#  include <stdio.h>
+# endif
+# include <stdarg.h>
+# include <stddef.h>
+# include <openssl/encodererr.h>
+# include <openssl/types.h>
+# include <openssl/core.h>
+
+# ifdef __cplusplus
+extern "C" {
+# endif
+
+OSSL_ENCODER *OSSL_ENCODER_fetch(OSSL_LIB_CTX *libctx, const char *name,
+                                 const char *properties);
+int OSSL_ENCODER_up_ref(OSSL_ENCODER *encoder);
+void OSSL_ENCODER_free(OSSL_ENCODER *encoder);
+
+const OSSL_PROVIDER *OSSL_ENCODER_get0_provider(const OSSL_ENCODER *encoder);
+const char *OSSL_ENCODER_get0_properties(const OSSL_ENCODER *encoder);
+const char *OSSL_ENCODER_get0_name(const OSSL_ENCODER *kdf);
+const char *OSSL_ENCODER_get0_description(const OSSL_ENCODER *kdf);
+int OSSL_ENCODER_is_a(const OSSL_ENCODER *encoder, const char *name);
+
+void OSSL_ENCODER_do_all_provided(OSSL_LIB_CTX *libctx,
+                                  void (*fn)(OSSL_ENCODER *encoder, void *arg),
+                                  void *arg);
+int OSSL_ENCODER_names_do_all(const OSSL_ENCODER *encoder,
+                              void (*fn)(const char *name, void *data),
+                              void *data);
+const OSSL_PARAM *OSSL_ENCODER_gettable_params(OSSL_ENCODER *encoder);
+int OSSL_ENCODER_get_params(OSSL_ENCODER *encoder, OSSL_PARAM params[]);
+
+const OSSL_PARAM *OSSL_ENCODER_settable_ctx_params(OSSL_ENCODER *encoder);
+OSSL_ENCODER_CTX *OSSL_ENCODER_CTX_new(void);
+int OSSL_ENCODER_CTX_set_params(OSSL_ENCODER_CTX *ctx,
+                                const OSSL_PARAM params[]);
+void OSSL_ENCODER_CTX_free(OSSL_ENCODER_CTX *ctx);
+
+/* Utilities that help set specific parameters */
+int OSSL_ENCODER_CTX_set_passphrase(OSSL_ENCODER_CTX *ctx,
+                                    const unsigned char *kstr, size_t klen);
+int OSSL_ENCODER_CTX_set_pem_password_cb(OSSL_ENCODER_CTX *ctx,
+                                         pem_password_cb *cb, void *cbarg);
+int OSSL_ENCODER_CTX_set_passphrase_cb(OSSL_ENCODER_CTX *ctx,
+                                       OSSL_PASSPHRASE_CALLBACK *cb,
+                                       void *cbarg);
+int OSSL_ENCODER_CTX_set_passphrase_ui(OSSL_ENCODER_CTX *ctx,
+                                       const UI_METHOD *ui_method,
+                                       void *ui_data);
+int OSSL_ENCODER_CTX_set_cipher(OSSL_ENCODER_CTX *ctx,
+                                const char *cipher_name,
+                                const char *propquery);
+int OSSL_ENCODER_CTX_set_selection(OSSL_ENCODER_CTX *ctx, int selection);
+int OSSL_ENCODER_CTX_set_output_type(OSSL_ENCODER_CTX *ctx,
+                                     const char *output_type);
+int OSSL_ENCODER_CTX_set_output_structure(OSSL_ENCODER_CTX *ctx,
+                                          const char *output_structure);
+
+/* Utilities to add encoders */
+int OSSL_ENCODER_CTX_add_encoder(OSSL_ENCODER_CTX *ctx, OSSL_ENCODER *encoder);
+int OSSL_ENCODER_CTX_add_extra(OSSL_ENCODER_CTX *ctx,
+                               OSSL_LIB_CTX *libctx, const char *propq);
+int OSSL_ENCODER_CTX_get_num_encoders(OSSL_ENCODER_CTX *ctx);
+
+typedef struct ossl_encoder_instance_st OSSL_ENCODER_INSTANCE;
+OSSL_ENCODER *
+OSSL_ENCODER_INSTANCE_get_encoder(OSSL_ENCODER_INSTANCE *encoder_inst);
+void *
+OSSL_ENCODER_INSTANCE_get_encoder_ctx(OSSL_ENCODER_INSTANCE *encoder_inst);
+const char *
+OSSL_ENCODER_INSTANCE_get_output_type(OSSL_ENCODER_INSTANCE *encoder_inst);
+const char *
+OSSL_ENCODER_INSTANCE_get_output_structure(OSSL_ENCODER_INSTANCE *encoder_inst);
+
+typedef const void *OSSL_ENCODER_CONSTRUCT(OSSL_ENCODER_INSTANCE *encoder_inst,
+                                           void *construct_data);
+typedef void OSSL_ENCODER_CLEANUP(void *construct_data);
+
+int OSSL_ENCODER_CTX_set_construct(OSSL_ENCODER_CTX *ctx,
+                                   OSSL_ENCODER_CONSTRUCT *construct);
+int OSSL_ENCODER_CTX_set_construct_data(OSSL_ENCODER_CTX *ctx,
+                                        void *construct_data);
+int OSSL_ENCODER_CTX_set_cleanup(OSSL_ENCODER_CTX *ctx,
+                                 OSSL_ENCODER_CLEANUP *cleanup);
+
+/* Utilities to output the object to encode */
+int OSSL_ENCODER_to_bio(OSSL_ENCODER_CTX *ctx, BIO *out);
+#ifndef OPENSSL_NO_STDIO
+int OSSL_ENCODER_to_fp(OSSL_ENCODER_CTX *ctx, FILE *fp);
+#endif
+int OSSL_ENCODER_to_data(OSSL_ENCODER_CTX *ctx, unsigned char **pdata,
+                         size_t *pdata_len);
+
+/*
+ * Create the OSSL_ENCODER_CTX with an associated type.  This will perform
+ * an implicit OSSL_ENCODER_fetch(), suitable for the object of that type.
+ * This is more useful than calling OSSL_ENCODER_CTX_new().
+ */
+OSSL_ENCODER_CTX *OSSL_ENCODER_CTX_new_for_pkey(const EVP_PKEY *pkey,
+                                                int selection,
+                                                const char *output_type,
+                                                const char *output_struct,
+                                                const char *propquery);
+
+# ifdef __cplusplus
+}
+# endif
+#endif
--- a/src/3rdparty/win32_include/openssl/encodererr.h
+++ b/src/3rdparty/win32_include/openssl/encodererr.h
@ -0,0 +1,28 @@
+/*
+ * Generated by util/mkerr.pl DO NOT EDIT
+ * Copyright 1995-2021 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the Apache License 2.0 (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#ifndef OPENSSL_ENCODERERR_H
+# define OPENSSL_ENCODERERR_H
+# pragma once
+
+# include <openssl/opensslconf.h>
+# include <openssl/symhacks.h>
+# include <openssl/cryptoerr_legacy.h>
+
+
+
+/*
+ * OSSL_ENCODER reason codes.
+ */
+# define OSSL_ENCODER_R_ENCODER_NOT_FOUND                 101
+# define OSSL_ENCODER_R_INCORRECT_PROPERTY_QUERY          100
+# define OSSL_ENCODER_R_MISSING_GET_PARAMS                102
+
+#endif
--- a/src/3rdparty/win32_include/openssl/engine.h
+++ b/src/3rdparty/win32_include/openssl/engine.h
@ -1,53 +1,59 @@
 /*
- * Copyright 2000-2018 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 2000-2022 The OpenSSL Project Authors. All Rights Reserved.
 * Copyright (c) 2002, Oracle and/or its affiliates. All rights reserved
 *
- * Licensed under the OpenSSL license (the "License").  You may not use
+ * Licensed under the Apache License 2.0 (the "License").  You may not use
 * this file except in compliance with the License.  You can obtain a copy
 * in the file LICENSE in the source distribution or at
 * https://www.openssl.org/source/license.html
 */

-#ifndef HEADER_ENGINE_H
-# define HEADER_ENGINE_H
+#ifndef OPENSSL_ENGINE_H
+# define OPENSSL_ENGINE_H
+# pragma once
+
+# include <openssl/macros.h>
+# ifndef OPENSSL_NO_DEPRECATED_3_0
+#  define HEADER_ENGINE_H
+# endif

 # include <openssl/opensslconf.h>

 # ifndef OPENSSL_NO_ENGINE
-# if OPENSSL_API_COMPAT < 0x10100000L
-#  include <openssl/bn.h>
-#  include <openssl/rsa.h>
-#  include <openssl/dsa.h>
-#  include <openssl/dh.h>
-#  include <openssl/ec.h>
-#  include <openssl/rand.h>
-#  include <openssl/ui.h>
-#  include <openssl/err.h>
-# endif
-# include <openssl/ossl_typ.h>
-# include <openssl/symhacks.h>
-# include <openssl/x509.h>
-# include <openssl/engineerr.h>
-# ifdef  __cplusplus
+#  ifndef OPENSSL_NO_DEPRECATED_1_1_0
+#   include <openssl/bn.h>
+#   include <openssl/rsa.h>
+#   include <openssl/dsa.h>
+#   include <openssl/dh.h>
+#   include <openssl/ec.h>
+#   include <openssl/rand.h>
+#   include <openssl/ui.h>
+#   include <openssl/err.h>
+#  endif
+#  include <openssl/types.h>
+#  include <openssl/symhacks.h>
+#  include <openssl/x509.h>
+#  include <openssl/engineerr.h>
+#  ifdef  __cplusplus
 extern "C" {
-# endif
+#  endif

 /*
 * These flags are used to control combinations of algorithm (methods) by
 * bitwise "OR"ing.
 */
-# define ENGINE_METHOD_RSA               (unsigned int)0x0001
-# define ENGINE_METHOD_DSA               (unsigned int)0x0002
-# define ENGINE_METHOD_DH                (unsigned int)0x0004
-# define ENGINE_METHOD_RAND              (unsigned int)0x0008
-# define ENGINE_METHOD_CIPHERS           (unsigned int)0x0040
-# define ENGINE_METHOD_DIGESTS           (unsigned int)0x0080
-# define ENGINE_METHOD_PKEY_METHS        (unsigned int)0x0200
-# define ENGINE_METHOD_PKEY_ASN1_METHS   (unsigned int)0x0400
-# define ENGINE_METHOD_EC                (unsigned int)0x0800
+#  define ENGINE_METHOD_RSA               (unsigned int)0x0001
+#  define ENGINE_METHOD_DSA               (unsigned int)0x0002
+#  define ENGINE_METHOD_DH                (unsigned int)0x0004
+#  define ENGINE_METHOD_RAND              (unsigned int)0x0008
+#  define ENGINE_METHOD_CIPHERS           (unsigned int)0x0040
+#  define ENGINE_METHOD_DIGESTS           (unsigned int)0x0080
+#  define ENGINE_METHOD_PKEY_METHS        (unsigned int)0x0200
+#  define ENGINE_METHOD_PKEY_ASN1_METHS   (unsigned int)0x0400
+#  define ENGINE_METHOD_EC                (unsigned int)0x0800
 /* Obvious all-or-nothing cases. */
-# define ENGINE_METHOD_ALL               (unsigned int)0xFFFF
-# define ENGINE_METHOD_NONE              (unsigned int)0x0000
+#  define ENGINE_METHOD_ALL               (unsigned int)0xFFFF
+#  define ENGINE_METHOD_NONE              (unsigned int)0x0000

 /*
 * This(ese) flag(s) controls behaviour of the ENGINE_TABLE mechanism used
@ -55,7 +61,7 @@ extern "C" {
 * set by ENGINE_set_table_flags(). The "NOINIT" flag prevents attempts to
 * initialise registered ENGINEs if they are not already initialised.
 */
-# define ENGINE_TABLE_FLAG_NOINIT        (unsigned int)0x0001
+#  define ENGINE_TABLE_FLAG_NOINIT        (unsigned int)0x0001

 /* ENGINE flags that can be set by ENGINE_set_flags(). */
 /* Not used */
@ -67,7 +73,7 @@ extern "C" {
 * these control commands on behalf of the ENGINE using their "cmd_defns"
 * data.
 */
-# define ENGINE_FLAGS_MANUAL_CMD_CTRL    (int)0x0002
+#  define ENGINE_FLAGS_MANUAL_CMD_CTRL    (int)0x0002

 /*
 * This flag is for ENGINEs who return new duplicate structures when found
@ -79,7 +85,7 @@ extern "C" {
 * ENGINE_by_id() just increments the existing ENGINE's structural reference
 * count.
 */
-# define ENGINE_FLAGS_BY_ID_COPY         (int)0x0004
+#  define ENGINE_FLAGS_BY_ID_COPY         (int)0x0004

 /*
 * This flag if for an ENGINE that does not want its methods registered as
@ -87,7 +93,7 @@ extern "C" {
 * usable as default methods.
 */

-# define ENGINE_FLAGS_NO_REGISTER_ALL    (int)0x0008
+#  define ENGINE_FLAGS_NO_REGISTER_ALL    (int)0x0008

 /*
 * ENGINEs can support their own command types, and these flags are used in
@ -102,23 +108,23 @@ extern "C" {
 */

 /* accepts a 'long' input value (3rd parameter to ENGINE_ctrl) */
-# define ENGINE_CMD_FLAG_NUMERIC         (unsigned int)0x0001
+#  define ENGINE_CMD_FLAG_NUMERIC         (unsigned int)0x0001
 /*
 * accepts string input (cast from 'void*' to 'const char *', 4th parameter
 * to ENGINE_ctrl)
 */
-# define ENGINE_CMD_FLAG_STRING          (unsigned int)0x0002
+#  define ENGINE_CMD_FLAG_STRING          (unsigned int)0x0002
 /*
 * Indicates that the control command takes *no* input. Ie. the control
 * command is unparameterised.
 */
-# define ENGINE_CMD_FLAG_NO_INPUT        (unsigned int)0x0004
+#  define ENGINE_CMD_FLAG_NO_INPUT        (unsigned int)0x0004
 /*
 * Indicates that the control command is internal. This control command won't
 * be shown in any output, and is only usable through the ENGINE_ctrl_cmd()
 * function.
 */
-# define ENGINE_CMD_FLAG_INTERNAL        (unsigned int)0x0008
+#  define ENGINE_CMD_FLAG_INTERNAL        (unsigned int)0x0008

 /*
 * NB: These 3 control commands are deprecated and should not be used.
@ -137,21 +143,21 @@ extern "C" {
 * sense to some engines.  In such a case, they do nothing but return the
 * error ENGINE_R_CTRL_COMMAND_NOT_IMPLEMENTED.
 */
-# define ENGINE_CTRL_SET_LOGSTREAM               1
-# define ENGINE_CTRL_SET_PASSWORD_CALLBACK       2
-# define ENGINE_CTRL_HUP                         3/* Close and reinitialise
+#  define ENGINE_CTRL_SET_LOGSTREAM               1
+#  define ENGINE_CTRL_SET_PASSWORD_CALLBACK       2
+#  define ENGINE_CTRL_HUP                         3/* Close and reinitialise
                                                   * any handles/connections
                                                   * etc. */
-# define ENGINE_CTRL_SET_USER_INTERFACE          4/* Alternative to callback */
-# define ENGINE_CTRL_SET_CALLBACK_DATA           5/* User-specific data, used
+#  define ENGINE_CTRL_SET_USER_INTERFACE          4/* Alternative to callback */
+#  define ENGINE_CTRL_SET_CALLBACK_DATA           5/* User-specific data, used
                                                   * when calling the password
                                                   * callback and the user
                                                   * interface */
-# define ENGINE_CTRL_LOAD_CONFIGURATION          6/* Load a configuration,
+#  define ENGINE_CTRL_LOAD_CONFIGURATION          6/* Load a configuration,
                                                   * given a string that
                                                   * represents a file name
                                                   * or so */
-# define ENGINE_CTRL_LOAD_SECTION                7/* Load data from a given
+#  define ENGINE_CTRL_LOAD_SECTION                7/* Load data from a given
                                                   * section in the already
                                                   * loaded configuration */

@ -175,22 +181,22 @@ extern "C" {
 * worth checking this first if the caller is trying to "discover" the
 * engine's capabilities and doesn't want errors generated unnecessarily.
 */
-# define ENGINE_CTRL_HAS_CTRL_FUNCTION           10
+#  define ENGINE_CTRL_HAS_CTRL_FUNCTION           10
 /*
 * Returns a positive command number for the first command supported by the
 * engine. Returns zero if no ctrl commands are supported.
 */
-# define ENGINE_CTRL_GET_FIRST_CMD_TYPE          11
+#  define ENGINE_CTRL_GET_FIRST_CMD_TYPE          11
 /*
 * The 'long' argument specifies a command implemented by the engine, and the
 * return value is the next command supported, or zero if there are no more.
 */
-# define ENGINE_CTRL_GET_NEXT_CMD_TYPE           12
+#  define ENGINE_CTRL_GET_NEXT_CMD_TYPE           12
 /*
 * The 'void*' argument is a command name (cast from 'const char *'), and the
 * return value is the command that corresponds to it.
 */
-# define ENGINE_CTRL_GET_CMD_FROM_NAME           13
+#  define ENGINE_CTRL_GET_CMD_FROM_NAME           13
 /*
 * The next two allow a command to be converted into its corresponding string
 * form. In each case, the 'long' argument supplies the command. In the
@ -199,23 +205,23 @@ extern "C" {
 * string buffer large enough, and it will be populated with the name of the
 * command (WITH a trailing EOL).
 */
-# define ENGINE_CTRL_GET_NAME_LEN_FROM_CMD       14
-# define ENGINE_CTRL_GET_NAME_FROM_CMD           15
+#  define ENGINE_CTRL_GET_NAME_LEN_FROM_CMD       14
+#  define ENGINE_CTRL_GET_NAME_FROM_CMD           15
 /* The next two are similar but give a "short description" of a command. */
-# define ENGINE_CTRL_GET_DESC_LEN_FROM_CMD       16
-# define ENGINE_CTRL_GET_DESC_FROM_CMD           17
+#  define ENGINE_CTRL_GET_DESC_LEN_FROM_CMD       16
+#  define ENGINE_CTRL_GET_DESC_FROM_CMD           17
 /*
 * With this command, the return value is the OR'd combination of
 * ENGINE_CMD_FLAG_*** values that indicate what kind of input a given
 * engine-specific ctrl command expects.
 */
-# define ENGINE_CTRL_GET_CMD_FLAGS               18
+#  define ENGINE_CTRL_GET_CMD_FLAGS               18

 /*
 * ENGINE implementations should start the numbering of their own control
 * commands from this value. (ie. ENGINE_CMD_BASE, ENGINE_CMD_BASE + 1, etc).
 */
-# define ENGINE_CMD_BASE                         200
+#  define ENGINE_CMD_BASE                         200

 /*
 * NB: These 2 nCipher "chil" control commands are deprecated, and their
@ -226,17 +232,17 @@ extern "C" {
 */

 /* Flags specific to the nCipher "chil" engine */
-# define ENGINE_CTRL_CHIL_SET_FORKCHECK          100
-        /*
-         * Depending on the value of the (long)i argument, this sets or
-         * unsets the SimpleForkCheck flag in the CHIL API to enable or
-         * disable checking and workarounds for applications that fork().
-         */
-# define ENGINE_CTRL_CHIL_NO_LOCKING             101
-        /*
-         * This prevents the initialisation function from providing mutex
-         * callbacks to the nCipher library.
-         */
+#  define ENGINE_CTRL_CHIL_SET_FORKCHECK          100
+         /*
+          * Depending on the value of the (long)i argument, this sets or
+          * unsets the SimpleForkCheck flag in the CHIL API to enable or
+          * disable checking and workarounds for applications that fork().
+          */
+#  define ENGINE_CTRL_CHIL_NO_LOCKING             101
+         /*
+          * This prevents the initialisation function from providing mutex
+          * callbacks to the nCipher library.
+          */

 /*
 * If an ENGINE supports its own specific control commands and wishes the
@ -308,44 +314,58 @@ typedef int (*ENGINE_PKEY_ASN1_METHS_PTR) (ENGINE *, EVP_PKEY_ASN1_METHOD **,
 */

 /* Get the first/last "ENGINE" type available. */
-ENGINE *ENGINE_get_first(void);
-ENGINE *ENGINE_get_last(void);
+#  ifndef OPENSSL_NO_DEPRECATED_3_0
+OSSL_DEPRECATEDIN_3_0 ENGINE *ENGINE_get_first(void);
+OSSL_DEPRECATEDIN_3_0 ENGINE *ENGINE_get_last(void);
+#  endif
 /* Iterate to the next/previous "ENGINE" type (NULL = end of the list). */
-ENGINE *ENGINE_get_next(ENGINE *e);
-ENGINE *ENGINE_get_prev(ENGINE *e);
+#  ifndef OPENSSL_NO_DEPRECATED_3_0
+OSSL_DEPRECATEDIN_3_0 ENGINE *ENGINE_get_next(ENGINE *e);
+OSSL_DEPRECATEDIN_3_0 ENGINE *ENGINE_get_prev(ENGINE *e);
+#  endif
 /* Add another "ENGINE" type into the array. */
-int ENGINE_add(ENGINE *e);
+#  ifndef OPENSSL_NO_DEPRECATED_3_0
+OSSL_DEPRECATEDIN_3_0 int ENGINE_add(ENGINE *e);
+#  endif
 /* Remove an existing "ENGINE" type from the array. */
-int ENGINE_remove(ENGINE *e);
+#  ifndef OPENSSL_NO_DEPRECATED_3_0
+OSSL_DEPRECATEDIN_3_0 int ENGINE_remove(ENGINE *e);
+#  endif
 /* Retrieve an engine from the list by its unique "id" value. */
-ENGINE *ENGINE_by_id(const char *id);
+#  ifndef OPENSSL_NO_DEPRECATED_3_0
+OSSL_DEPRECATEDIN_3_0 ENGINE *ENGINE_by_id(const char *id);
+#  endif

-#if OPENSSL_API_COMPAT < 0x10100000L
-# define ENGINE_load_openssl() \
-    OPENSSL_init_crypto(OPENSSL_INIT_ENGINE_OPENSSL, NULL)
-# define ENGINE_load_dynamic() \
-    OPENSSL_init_crypto(OPENSSL_INIT_ENGINE_DYNAMIC, NULL)
-# ifndef OPENSSL_NO_STATIC_ENGINE
-#  define ENGINE_load_padlock() \
-    OPENSSL_init_crypto(OPENSSL_INIT_ENGINE_PADLOCK, NULL)
-#  define ENGINE_load_capi() \
-    OPENSSL_init_crypto(OPENSSL_INIT_ENGINE_CAPI, NULL)
-#  define ENGINE_load_afalg() \
-    OPENSSL_init_crypto(OPENSSL_INIT_ENGINE_AFALG, NULL)
-# endif
-# define ENGINE_load_cryptodev() \
-    OPENSSL_init_crypto(OPENSSL_INIT_ENGINE_CRYPTODEV, NULL)
-# define ENGINE_load_rdrand() \
-    OPENSSL_init_crypto(OPENSSL_INIT_ENGINE_RDRAND, NULL)
-#endif
-void ENGINE_load_builtin_engines(void);
+#  ifndef OPENSSL_NO_DEPRECATED_1_1_0
+#   define ENGINE_load_openssl() \
+        OPENSSL_init_crypto(OPENSSL_INIT_ENGINE_OPENSSL, NULL)
+#   define ENGINE_load_dynamic() \
+        OPENSSL_init_crypto(OPENSSL_INIT_ENGINE_DYNAMIC, NULL)
+#   ifndef OPENSSL_NO_STATIC_ENGINE
+#    define ENGINE_load_padlock() \
+        OPENSSL_init_crypto(OPENSSL_INIT_ENGINE_PADLOCK, NULL)
+#    define ENGINE_load_capi() \
+        OPENSSL_init_crypto(OPENSSL_INIT_ENGINE_CAPI, NULL)
+#    define ENGINE_load_afalg() \
+        OPENSSL_init_crypto(OPENSSL_INIT_ENGINE_AFALG, NULL)
+#   endif
+#   define ENGINE_load_cryptodev() \
+        OPENSSL_init_crypto(OPENSSL_INIT_ENGINE_CRYPTODEV, NULL)
+#   define ENGINE_load_rdrand() \
+        OPENSSL_init_crypto(OPENSSL_INIT_ENGINE_RDRAND, NULL)
+#  endif
+#  ifndef OPENSSL_NO_DEPRECATED_3_0
+OSSL_DEPRECATEDIN_3_0 void ENGINE_load_builtin_engines(void);
+#  endif

 /*
 * Get and set global flags (ENGINE_TABLE_FLAG_***) for the implementation
 * "registry" handling.
 */
-unsigned int ENGINE_get_table_flags(void);
-void ENGINE_set_table_flags(unsigned int flags);
+#  ifndef OPENSSL_NO_DEPRECATED_3_0
+OSSL_DEPRECATEDIN_3_0 unsigned int ENGINE_get_table_flags(void);
+OSSL_DEPRECATEDIN_3_0 void ENGINE_set_table_flags(unsigned int flags);
+#  endif

 /*- Manage registration of ENGINEs per "table". For each type, there are 3
 * functions;
@ -354,42 +374,35 @@ void ENGINE_set_table_flags(unsigned int flags);
 *   ENGINE_register_all_***() - call ENGINE_register_***() for each 'e' in the list
 * Cleanup is automatically registered from each table when required.
 */
-
-int ENGINE_register_RSA(ENGINE *e);
-void ENGINE_unregister_RSA(ENGINE *e);
-void ENGINE_register_all_RSA(void);
-
-int ENGINE_register_DSA(ENGINE *e);
-void ENGINE_unregister_DSA(ENGINE *e);
-void ENGINE_register_all_DSA(void);
-
-int ENGINE_register_EC(ENGINE *e);
-void ENGINE_unregister_EC(ENGINE *e);
-void ENGINE_register_all_EC(void);
-
-int ENGINE_register_DH(ENGINE *e);
-void ENGINE_unregister_DH(ENGINE *e);
-void ENGINE_register_all_DH(void);
-
-int ENGINE_register_RAND(ENGINE *e);
-void ENGINE_unregister_RAND(ENGINE *e);
-void ENGINE_register_all_RAND(void);
-
-int ENGINE_register_ciphers(ENGINE *e);
-void ENGINE_unregister_ciphers(ENGINE *e);
-void ENGINE_register_all_ciphers(void);
-
-int ENGINE_register_digests(ENGINE *e);
-void ENGINE_unregister_digests(ENGINE *e);
-void ENGINE_register_all_digests(void);
-
-int ENGINE_register_pkey_meths(ENGINE *e);
-void ENGINE_unregister_pkey_meths(ENGINE *e);
-void ENGINE_register_all_pkey_meths(void);
-
-int ENGINE_register_pkey_asn1_meths(ENGINE *e);
-void ENGINE_unregister_pkey_asn1_meths(ENGINE *e);
-void ENGINE_register_all_pkey_asn1_meths(void);
+#  ifndef OPENSSL_NO_DEPRECATED_3_0
+OSSL_DEPRECATEDIN_3_0 int ENGINE_register_RSA(ENGINE *e);
+OSSL_DEPRECATEDIN_3_0 void ENGINE_unregister_RSA(ENGINE *e);
+OSSL_DEPRECATEDIN_3_0 void ENGINE_register_all_RSA(void);
+OSSL_DEPRECATEDIN_3_0 int ENGINE_register_DSA(ENGINE *e);
+OSSL_DEPRECATEDIN_3_0 void ENGINE_unregister_DSA(ENGINE *e);
+OSSL_DEPRECATEDIN_3_0 void ENGINE_register_all_DSA(void);
+OSSL_DEPRECATEDIN_3_0 int ENGINE_register_EC(ENGINE *e);
+OSSL_DEPRECATEDIN_3_0 void ENGINE_unregister_EC(ENGINE *e);
+OSSL_DEPRECATEDIN_3_0 void ENGINE_register_all_EC(void);
+OSSL_DEPRECATEDIN_3_0 int ENGINE_register_DH(ENGINE *e);
+OSSL_DEPRECATEDIN_3_0 void ENGINE_unregister_DH(ENGINE *e);
+OSSL_DEPRECATEDIN_3_0 void ENGINE_register_all_DH(void);
+OSSL_DEPRECATEDIN_3_0 int ENGINE_register_RAND(ENGINE *e);
+OSSL_DEPRECATEDIN_3_0 void ENGINE_unregister_RAND(ENGINE *e);
+OSSL_DEPRECATEDIN_3_0 void ENGINE_register_all_RAND(void);
+OSSL_DEPRECATEDIN_3_0 int ENGINE_register_ciphers(ENGINE *e);
+OSSL_DEPRECATEDIN_3_0 void ENGINE_unregister_ciphers(ENGINE *e);
+OSSL_DEPRECATEDIN_3_0 void ENGINE_register_all_ciphers(void);
+OSSL_DEPRECATEDIN_3_0 int ENGINE_register_digests(ENGINE *e);
+OSSL_DEPRECATEDIN_3_0 void ENGINE_unregister_digests(ENGINE *e);
+OSSL_DEPRECATEDIN_3_0 void ENGINE_register_all_digests(void);
+OSSL_DEPRECATEDIN_3_0 int ENGINE_register_pkey_meths(ENGINE *e);
+OSSL_DEPRECATEDIN_3_0 void ENGINE_unregister_pkey_meths(ENGINE *e);
+OSSL_DEPRECATEDIN_3_0 void ENGINE_register_all_pkey_meths(void);
+OSSL_DEPRECATEDIN_3_0 int ENGINE_register_pkey_asn1_meths(ENGINE *e);
+OSSL_DEPRECATEDIN_3_0 void ENGINE_unregister_pkey_asn1_meths(ENGINE *e);
+OSSL_DEPRECATEDIN_3_0 void ENGINE_register_all_pkey_asn1_meths(void);
+#  endif

 /*
 * These functions register all support from the above categories. Note, use
@ -397,8 +410,10 @@ void ENGINE_register_all_pkey_asn1_meths(void);
 * may not need. If you only need a subset of functionality, consider using
 * more selective initialisation.
 */
-int ENGINE_register_complete(ENGINE *e);
-int ENGINE_register_all_complete(void);
+#  ifndef OPENSSL_NO_DEPRECATED_3_0
+OSSL_DEPRECATEDIN_3_0 int ENGINE_register_complete(ENGINE *e);
+OSSL_DEPRECATEDIN_3_0 int ENGINE_register_all_complete(void);
+#  endif

 /*
 * Send parameterised control commands to the engine. The possibilities to
@ -410,7 +425,10 @@ int ENGINE_register_all_complete(void);
 * commands that require an operational ENGINE, and only use functional
 * references in such situations.
 */
-int ENGINE_ctrl(ENGINE *e, int cmd, long i, void *p, void (*f) (void));
+#  ifndef OPENSSL_NO_DEPRECATED_3_0
+OSSL_DEPRECATEDIN_3_0 int ENGINE_ctrl(ENGINE *e, int cmd, long i, void *p,
+                                      void (*f) (void));
+#  endif

 /*
 * This function tests if an ENGINE-specific command is usable as a
@ -418,7 +436,9 @@ int ENGINE_ctrl(ENGINE *e, int cmd, long i, void *p, void (*f) (void));
 * ENGINE_ctrl_cmd_string(). If this returns zero, it is not available to
 * ENGINE_ctrl_cmd_string(), only ENGINE_ctrl().
 */
-int ENGINE_cmd_is_executable(ENGINE *e, int cmd);
+#  ifndef OPENSSL_NO_DEPRECATED_3_0
+OSSL_DEPRECATEDIN_3_0 int ENGINE_cmd_is_executable(ENGINE *e, int cmd);
+#  endif

 /*
 * This function works like ENGINE_ctrl() with the exception of taking a
@ -426,8 +446,11 @@ int ENGINE_cmd_is_executable(ENGINE *e, int cmd);
 * commands. See the comment on ENGINE_ctrl_cmd_string() for an explanation
 * on how to use the cmd_name and cmd_optional.
 */
-int ENGINE_ctrl_cmd(ENGINE *e, const char *cmd_name,
-                    long i, void *p, void (*f) (void), int cmd_optional);
+#  ifndef OPENSSL_NO_DEPRECATED_3_0
+OSSL_DEPRECATEDIN_3_0 int ENGINE_ctrl_cmd(ENGINE *e, const char *cmd_name,
+                                          long i, void *p, void (*f) (void),
+                                          int cmd_optional);
+#  endif

 /*
 * This function passes a command-name and argument to an ENGINE. The
@ -451,8 +474,11 @@ int ENGINE_ctrl_cmd(ENGINE *e, const char *cmd_name,
 * applications can work consistently with the same configuration for the
 * same ENGINE-enabled devices, across applications.
 */
+#  ifndef OPENSSL_NO_DEPRECATED_3_0
+OSSL_DEPRECATEDIN_3_0
 int ENGINE_ctrl_cmd_string(ENGINE *e, const char *cmd_name, const char *arg,
                           int cmd_optional);
+#  endif

 /*
 * These functions are useful for manufacturing new ENGINE structures. They
@ -462,45 +488,59 @@ int ENGINE_ctrl_cmd_string(ENGINE *e, const char *cmd_name, const char *arg,
 * These are also here so that the ENGINE structure doesn't have to be
 * exposed and break binary compatibility!
 */
-ENGINE *ENGINE_new(void);
-int ENGINE_free(ENGINE *e);
-int ENGINE_up_ref(ENGINE *e);
-int ENGINE_set_id(ENGINE *e, const char *id);
-int ENGINE_set_name(ENGINE *e, const char *name);
-int ENGINE_set_RSA(ENGINE *e, const RSA_METHOD *rsa_meth);
-int ENGINE_set_DSA(ENGINE *e, const DSA_METHOD *dsa_meth);
-int ENGINE_set_EC(ENGINE *e, const EC_KEY_METHOD *ecdsa_meth);
-int ENGINE_set_DH(ENGINE *e, const DH_METHOD *dh_meth);
-int ENGINE_set_RAND(ENGINE *e, const RAND_METHOD *rand_meth);
-int ENGINE_set_destroy_function(ENGINE *e, ENGINE_GEN_INT_FUNC_PTR destroy_f);
+#  ifndef OPENSSL_NO_DEPRECATED_3_0
+OSSL_DEPRECATEDIN_3_0 ENGINE *ENGINE_new(void);
+OSSL_DEPRECATEDIN_3_0 int ENGINE_free(ENGINE *e);
+OSSL_DEPRECATEDIN_3_0 int ENGINE_up_ref(ENGINE *e);
+OSSL_DEPRECATEDIN_3_0 int ENGINE_set_id(ENGINE *e, const char *id);
+OSSL_DEPRECATEDIN_3_0 int ENGINE_set_name(ENGINE *e, const char *name);
+OSSL_DEPRECATEDIN_3_0 int ENGINE_set_RSA(ENGINE *e, const RSA_METHOD *rsa_meth);
+OSSL_DEPRECATEDIN_3_0 int ENGINE_set_DSA(ENGINE *e, const DSA_METHOD *dsa_meth);
+OSSL_DEPRECATEDIN_3_0 int ENGINE_set_EC(ENGINE *e, const EC_KEY_METHOD *ecdsa_meth);
+OSSL_DEPRECATEDIN_3_0 int ENGINE_set_DH(ENGINE *e, const DH_METHOD *dh_meth);
+OSSL_DEPRECATEDIN_3_0 int ENGINE_set_RAND(ENGINE *e, const RAND_METHOD *rand_meth);
+OSSL_DEPRECATEDIN_3_0
+int ENGINE_set_destroy_function(ENGINE *e,ENGINE_GEN_INT_FUNC_PTR destroy_f);
+OSSL_DEPRECATEDIN_3_0
 int ENGINE_set_init_function(ENGINE *e, ENGINE_GEN_INT_FUNC_PTR init_f);
+OSSL_DEPRECATEDIN_3_0
 int ENGINE_set_finish_function(ENGINE *e, ENGINE_GEN_INT_FUNC_PTR finish_f);
+OSSL_DEPRECATEDIN_3_0
 int ENGINE_set_ctrl_function(ENGINE *e, ENGINE_CTRL_FUNC_PTR ctrl_f);
-int ENGINE_set_load_privkey_function(ENGINE *e,
-                                     ENGINE_LOAD_KEY_PTR loadpriv_f);
+OSSL_DEPRECATEDIN_3_0
+int ENGINE_set_load_privkey_function(ENGINE *e, ENGINE_LOAD_KEY_PTR loadpriv_f);
+OSSL_DEPRECATEDIN_3_0
 int ENGINE_set_load_pubkey_function(ENGINE *e, ENGINE_LOAD_KEY_PTR loadpub_f);
+OSSL_DEPRECATEDIN_3_0
 int ENGINE_set_load_ssl_client_cert_function(ENGINE *e,
-                                             ENGINE_SSL_CLIENT_CERT_PTR
-                                             loadssl_f);
+                                             ENGINE_SSL_CLIENT_CERT_PTR loadssl_f);
+OSSL_DEPRECATEDIN_3_0
 int ENGINE_set_ciphers(ENGINE *e, ENGINE_CIPHERS_PTR f);
+OSSL_DEPRECATEDIN_3_0
 int ENGINE_set_digests(ENGINE *e, ENGINE_DIGESTS_PTR f);
+OSSL_DEPRECATEDIN_3_0
 int ENGINE_set_pkey_meths(ENGINE *e, ENGINE_PKEY_METHS_PTR f);
+OSSL_DEPRECATEDIN_3_0
 int ENGINE_set_pkey_asn1_meths(ENGINE *e, ENGINE_PKEY_ASN1_METHS_PTR f);
-int ENGINE_set_flags(ENGINE *e, int flags);
-int ENGINE_set_cmd_defns(ENGINE *e, const ENGINE_CMD_DEFN *defns);
+OSSL_DEPRECATEDIN_3_0 int ENGINE_set_flags(ENGINE *e, int flags);
+OSSL_DEPRECATEDIN_3_0 int ENGINE_set_cmd_defns(ENGINE *e,
+                                               const ENGINE_CMD_DEFN *defns);
+#  endif
 /* These functions allow control over any per-structure ENGINE data. */
-#define ENGINE_get_ex_new_index(l, p, newf, dupf, freef) \
+#  define ENGINE_get_ex_new_index(l, p, newf, dupf, freef) \
    CRYPTO_get_ex_new_index(CRYPTO_EX_INDEX_ENGINE, l, p, newf, dupf, freef)
-int ENGINE_set_ex_data(ENGINE *e, int idx, void *arg);
-void *ENGINE_get_ex_data(const ENGINE *e, int idx);
+# ifndef OPENSSL_NO_DEPRECATED_3_0
+OSSL_DEPRECATEDIN_3_0 int ENGINE_set_ex_data(ENGINE *e, int idx, void *arg);
+OSSL_DEPRECATEDIN_3_0 void *ENGINE_get_ex_data(const ENGINE *e, int idx);
+# endif

-#if OPENSSL_API_COMPAT < 0x10100000L
+#  ifndef OPENSSL_NO_DEPRECATED_1_1_0
 /*
 * This function previously cleaned up anything that needs it. Auto-deinit will
 * now take care of it so it is no longer required to call this function.
 */
-# define ENGINE_cleanup() while(0) continue
-#endif
+#   define ENGINE_cleanup() while(0) continue
+#  endif

 /*
 * These return values from within the ENGINE structure. These can be useful
@ -508,37 +548,55 @@ void *ENGINE_get_ex_data(const ENGINE *e, int idx);
 * which you obtained. Using the result for functional purposes if you only
 * obtained a structural reference may be problematic!
 */
-const char *ENGINE_get_id(const ENGINE *e);
-const char *ENGINE_get_name(const ENGINE *e);
-const RSA_METHOD *ENGINE_get_RSA(const ENGINE *e);
-const DSA_METHOD *ENGINE_get_DSA(const ENGINE *e);
-const EC_KEY_METHOD *ENGINE_get_EC(const ENGINE *e);
-const DH_METHOD *ENGINE_get_DH(const ENGINE *e);
-const RAND_METHOD *ENGINE_get_RAND(const ENGINE *e);
+#  ifndef OPENSSL_NO_DEPRECATED_3_0
+OSSL_DEPRECATEDIN_3_0 const char *ENGINE_get_id(const ENGINE *e);
+OSSL_DEPRECATEDIN_3_0 const char *ENGINE_get_name(const ENGINE *e);
+OSSL_DEPRECATEDIN_3_0 const RSA_METHOD *ENGINE_get_RSA(const ENGINE *e);
+OSSL_DEPRECATEDIN_3_0 const DSA_METHOD *ENGINE_get_DSA(const ENGINE *e);
+OSSL_DEPRECATEDIN_3_0 const EC_KEY_METHOD *ENGINE_get_EC(const ENGINE *e);
+OSSL_DEPRECATEDIN_3_0 const DH_METHOD *ENGINE_get_DH(const ENGINE *e);
+OSSL_DEPRECATEDIN_3_0 const RAND_METHOD *ENGINE_get_RAND(const ENGINE *e);
+OSSL_DEPRECATEDIN_3_0
 ENGINE_GEN_INT_FUNC_PTR ENGINE_get_destroy_function(const ENGINE *e);
+OSSL_DEPRECATEDIN_3_0
 ENGINE_GEN_INT_FUNC_PTR ENGINE_get_init_function(const ENGINE *e);
+OSSL_DEPRECATEDIN_3_0
 ENGINE_GEN_INT_FUNC_PTR ENGINE_get_finish_function(const ENGINE *e);
+OSSL_DEPRECATEDIN_3_0
 ENGINE_CTRL_FUNC_PTR ENGINE_get_ctrl_function(const ENGINE *e);
+OSSL_DEPRECATEDIN_3_0
 ENGINE_LOAD_KEY_PTR ENGINE_get_load_privkey_function(const ENGINE *e);
+OSSL_DEPRECATEDIN_3_0
 ENGINE_LOAD_KEY_PTR ENGINE_get_load_pubkey_function(const ENGINE *e);
-ENGINE_SSL_CLIENT_CERT_PTR ENGINE_get_ssl_client_cert_function(const ENGINE
-                                                               *e);
+OSSL_DEPRECATEDIN_3_0
+ENGINE_SSL_CLIENT_CERT_PTR ENGINE_get_ssl_client_cert_function(const ENGINE *e);
+OSSL_DEPRECATEDIN_3_0
 ENGINE_CIPHERS_PTR ENGINE_get_ciphers(const ENGINE *e);
+OSSL_DEPRECATEDIN_3_0
 ENGINE_DIGESTS_PTR ENGINE_get_digests(const ENGINE *e);
+OSSL_DEPRECATEDIN_3_0
 ENGINE_PKEY_METHS_PTR ENGINE_get_pkey_meths(const ENGINE *e);
+OSSL_DEPRECATEDIN_3_0
 ENGINE_PKEY_ASN1_METHS_PTR ENGINE_get_pkey_asn1_meths(const ENGINE *e);
+OSSL_DEPRECATEDIN_3_0
 const EVP_CIPHER *ENGINE_get_cipher(ENGINE *e, int nid);
+OSSL_DEPRECATEDIN_3_0
 const EVP_MD *ENGINE_get_digest(ENGINE *e, int nid);
+OSSL_DEPRECATEDIN_3_0
 const EVP_PKEY_METHOD *ENGINE_get_pkey_meth(ENGINE *e, int nid);
+OSSL_DEPRECATEDIN_3_0
 const EVP_PKEY_ASN1_METHOD *ENGINE_get_pkey_asn1_meth(ENGINE *e, int nid);
+OSSL_DEPRECATEDIN_3_0
 const EVP_PKEY_ASN1_METHOD *ENGINE_get_pkey_asn1_meth_str(ENGINE *e,
                                                          const char *str,
                                                          int len);
+OSSL_DEPRECATEDIN_3_0
 const EVP_PKEY_ASN1_METHOD *ENGINE_pkey_asn1_find_str(ENGINE **pe,
-                                                      const char *str,
-                                                      int len);
+                                                      const char *str, int len);
+OSSL_DEPRECATEDIN_3_0
 const ENGINE_CMD_DEFN *ENGINE_get_cmd_defns(const ENGINE *e);
-int ENGINE_get_flags(const ENGINE *e);
+OSSL_DEPRECATEDIN_3_0 int ENGINE_get_flags(const ENGINE *e);
+#  endif

 /*
 * FUNCTIONAL functions. These functions deal with ENGINE structures that
@ -554,31 +612,40 @@ int ENGINE_get_flags(const ENGINE *e);
 */

 /*
- * Initialise a engine type for use (or up its reference count if it's
+ * Initialise an engine type for use (or up its reference count if it's
 * already in use). This will fail if the engine is not currently operational
 * and cannot initialise.
 */
-int ENGINE_init(ENGINE *e);
+#  ifndef OPENSSL_NO_DEPRECATED_3_0
+OSSL_DEPRECATEDIN_3_0 int ENGINE_init(ENGINE *e);
+#  endif
 /*
- * Free a functional reference to a engine type. This does not require a
+ * Free a functional reference to an engine type. This does not require a
 * corresponding call to ENGINE_free as it also releases a structural
 * reference.
 */
-int ENGINE_finish(ENGINE *e);
+#  ifndef OPENSSL_NO_DEPRECATED_3_0
+OSSL_DEPRECATEDIN_3_0 int ENGINE_finish(ENGINE *e);
+#  endif

 /*
 * The following functions handle keys that are stored in some secondary
 * location, handled by the engine.  The storage may be on a card or
 * whatever.
 */
+#  ifndef OPENSSL_NO_DEPRECATED_3_0
+OSSL_DEPRECATEDIN_3_0
 EVP_PKEY *ENGINE_load_private_key(ENGINE *e, const char *key_id,
                                  UI_METHOD *ui_method, void *callback_data);
+OSSL_DEPRECATEDIN_3_0
 EVP_PKEY *ENGINE_load_public_key(ENGINE *e, const char *key_id,
                                 UI_METHOD *ui_method, void *callback_data);
-int ENGINE_load_ssl_client_cert(ENGINE *e, SSL *s,
-                                STACK_OF(X509_NAME) *ca_dn, X509 **pcert,
-                                EVP_PKEY **ppkey, STACK_OF(X509) **pother,
+OSSL_DEPRECATEDIN_3_0
+int ENGINE_load_ssl_client_cert(ENGINE *e, SSL *s, STACK_OF(X509_NAME) *ca_dn,
+                                X509 **pcert, EVP_PKEY **ppkey,
+                                STACK_OF(X509) **pother,
                                UI_METHOD *ui_method, void *callback_data);
+#  endif

 /*
 * This returns a pointer for the current ENGINE structure that is (by
@ -586,20 +653,26 @@ int ENGINE_load_ssl_client_cert(ENGINE *e, SSL *s,
 * incremented reference, so it should be free'd (ENGINE_finish) before it is
 * discarded.
 */
-ENGINE *ENGINE_get_default_RSA(void);
+#  ifndef OPENSSL_NO_DEPRECATED_3_0
+OSSL_DEPRECATEDIN_3_0 ENGINE *ENGINE_get_default_RSA(void);
+#  endif
 /* Same for the other "methods" */
-ENGINE *ENGINE_get_default_DSA(void);
-ENGINE *ENGINE_get_default_EC(void);
-ENGINE *ENGINE_get_default_DH(void);
-ENGINE *ENGINE_get_default_RAND(void);
+#  ifndef OPENSSL_NO_DEPRECATED_3_0
+OSSL_DEPRECATEDIN_3_0 ENGINE *ENGINE_get_default_DSA(void);
+OSSL_DEPRECATEDIN_3_0 ENGINE *ENGINE_get_default_EC(void);
+OSSL_DEPRECATEDIN_3_0 ENGINE *ENGINE_get_default_DH(void);
+OSSL_DEPRECATEDIN_3_0 ENGINE *ENGINE_get_default_RAND(void);
+#  endif
 /*
 * These functions can be used to get a functional reference to perform
 * ciphering or digesting corresponding to "nid".
 */
-ENGINE *ENGINE_get_cipher_engine(int nid);
-ENGINE *ENGINE_get_digest_engine(int nid);
-ENGINE *ENGINE_get_pkey_meth_engine(int nid);
-ENGINE *ENGINE_get_pkey_asn1_meth_engine(int nid);
+#  ifndef OPENSSL_NO_DEPRECATED_3_0
+OSSL_DEPRECATEDIN_3_0 ENGINE *ENGINE_get_cipher_engine(int nid);
+OSSL_DEPRECATEDIN_3_0 ENGINE *ENGINE_get_digest_engine(int nid);
+OSSL_DEPRECATEDIN_3_0 ENGINE *ENGINE_get_pkey_meth_engine(int nid);
+OSSL_DEPRECATEDIN_3_0 ENGINE *ENGINE_get_pkey_asn1_meth_engine(int nid);
+#  endif

 /*
 * This sets a new default ENGINE structure for performing RSA operations. If
@ -607,17 +680,22 @@ ENGINE *ENGINE_get_pkey_asn1_meth_engine(int nid);
 * its reference count up'd so the caller should still free their own
 * reference 'e'.
 */
-int ENGINE_set_default_RSA(ENGINE *e);
-int ENGINE_set_default_string(ENGINE *e, const char *def_list);
+#  ifndef OPENSSL_NO_DEPRECATED_3_0
+OSSL_DEPRECATEDIN_3_0 int ENGINE_set_default_RSA(ENGINE *e);
+OSSL_DEPRECATEDIN_3_0 int ENGINE_set_default_string(ENGINE *e,
+                                                    const char *def_list);
+#  endif
 /* Same for the other "methods" */
-int ENGINE_set_default_DSA(ENGINE *e);
-int ENGINE_set_default_EC(ENGINE *e);
-int ENGINE_set_default_DH(ENGINE *e);
-int ENGINE_set_default_RAND(ENGINE *e);
-int ENGINE_set_default_ciphers(ENGINE *e);
-int ENGINE_set_default_digests(ENGINE *e);
-int ENGINE_set_default_pkey_meths(ENGINE *e);
-int ENGINE_set_default_pkey_asn1_meths(ENGINE *e);
+#  ifndef OPENSSL_NO_DEPRECATED_3_0
+OSSL_DEPRECATEDIN_3_0 int ENGINE_set_default_DSA(ENGINE *e);
+OSSL_DEPRECATEDIN_3_0 int ENGINE_set_default_EC(ENGINE *e);
+OSSL_DEPRECATEDIN_3_0 int ENGINE_set_default_DH(ENGINE *e);
+OSSL_DEPRECATEDIN_3_0 int ENGINE_set_default_RAND(ENGINE *e);
+OSSL_DEPRECATEDIN_3_0 int ENGINE_set_default_ciphers(ENGINE *e);
+OSSL_DEPRECATEDIN_3_0 int ENGINE_set_default_digests(ENGINE *e);
+OSSL_DEPRECATEDIN_3_0 int ENGINE_set_default_pkey_meths(ENGINE *e);
+OSSL_DEPRECATEDIN_3_0 int ENGINE_set_default_pkey_asn1_meths(ENGINE *e);
+#  endif

 /*
 * The combination "set" - the flags are bitwise "OR"d from the
@ -626,9 +704,10 @@ int ENGINE_set_default_pkey_asn1_meths(ENGINE *e);
 * application requires only specific functionality, consider using more
 * selective functions.
 */
-int ENGINE_set_default(ENGINE *e, unsigned int flags);
-
-void ENGINE_add_conf_module(void);
+#  ifndef OPENSSL_NO_DEPRECATED_3_0
+OSSL_DEPRECATEDIN_3_0 int ENGINE_set_default(ENGINE *e, unsigned int flags);
+OSSL_DEPRECATEDIN_3_0 void ENGINE_add_conf_module(void);
+#  endif

 /* Deprecated functions ... */
 /* int ENGINE_clear_defaults(void); */
@ -638,12 +717,12 @@ void ENGINE_add_conf_module(void);
 /**************************/

 /* Binary/behaviour compatibility levels */
-# define OSSL_DYNAMIC_VERSION            (unsigned long)0x00030000
+#  define OSSL_DYNAMIC_VERSION            (unsigned long)0x00030000
 /*
 * Binary versions older than this are too old for us (whether we're a loader
 * or a loadee)
 */
-# define OSSL_DYNAMIC_OLDEST             (unsigned long)0x00030000
+#  define OSSL_DYNAMIC_OLDEST             (unsigned long)0x00030000

 /*
 * When compiling an ENGINE entirely as an external shared library, loadable
@ -687,7 +766,7 @@ typedef struct st_dynamic_fns {
 * IMPLEMENT_DYNAMIC_CHECK_FN().
 */
 typedef unsigned long (*dynamic_v_check_fn) (unsigned long ossl_version);
-# define IMPLEMENT_DYNAMIC_CHECK_FN() \
+#  define IMPLEMENT_DYNAMIC_CHECK_FN() \
        OPENSSL_EXPORT unsigned long v_check(unsigned long v); \
        OPENSSL_EXPORT unsigned long v_check(unsigned long v) { \
                if (v >= OSSL_DYNAMIC_OLDEST) return OSSL_DYNAMIC_VERSION; \
@ -713,7 +792,7 @@ typedef unsigned long (*dynamic_v_check_fn) (unsigned long ossl_version);
 */
 typedef int (*dynamic_bind_engine) (ENGINE *e, const char *id,
                                    const dynamic_fns *fns);
-# define IMPLEMENT_DYNAMIC_BIND_FN(fn) \
+#  define IMPLEMENT_DYNAMIC_BIND_FN(fn) \
        OPENSSL_EXPORT \
        int bind_engine(ENGINE *e, const char *id, const dynamic_fns *fns); \
        OPENSSL_EXPORT \
@ -722,6 +801,7 @@ typedef int (*dynamic_bind_engine) (ENGINE *e, const char *id,
            CRYPTO_set_mem_functions(fns->mem_fns.malloc_fn, \
                                     fns->mem_fns.realloc_fn, \
                                     fns->mem_fns.free_fn); \
+            OPENSSL_init_crypto(OPENSSL_INIT_NO_ATEXIT, NULL); \
        skip_cbs: \
            if (!fn(e, id)) return 0; \
            return 1; }
@ -739,13 +819,15 @@ typedef int (*dynamic_bind_engine) (ENGINE *e, const char *id,
 */
 void *ENGINE_get_static_state(void);

-# if defined(__OpenBSD__) || defined(__FreeBSD__) || defined(__DragonFly__)
-DEPRECATEDIN_1_1_0(void ENGINE_setup_bsd_cryptodev(void))
-# endif
+#  if defined(__OpenBSD__) || defined(__FreeBSD__) || defined(__DragonFly__)
+#   ifndef OPENSSL_NO_DEPRECATED_1_1_0
+OSSL_DEPRECATEDIN_1_1_0 void ENGINE_setup_bsd_cryptodev(void);
+#   endif
+#  endif


 #  ifdef  __cplusplus
 }
 #  endif
-# endif
-#endif
+# endif /* OPENSSL_NO_ENGINE */
+#endif  /* OPENSSL_ENGINE_H */
--- a/src/3rdparty/win32_include/openssl/engineerr.h
+++ b/src/3rdparty/win32_include/openssl/engineerr.h
@ -1,72 +1,24 @@
 /*
 * Generated by util/mkerr.pl DO NOT EDIT
- * Copyright 1995-2019 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 1995-2021 The OpenSSL Project Authors. All Rights Reserved.
 *
- * Licensed under the OpenSSL license (the "License").  You may not use
+ * Licensed under the Apache License 2.0 (the "License").  You may not use
 * this file except in compliance with the License.  You can obtain a copy
 * in the file LICENSE in the source distribution or at
 * https://www.openssl.org/source/license.html
 */

-#ifndef HEADER_ENGINEERR_H
-# define HEADER_ENGINEERR_H
-
-# ifndef HEADER_SYMHACKS_H
-#  include <openssl/symhacks.h>
-# endif
+#ifndef OPENSSL_ENGINEERR_H
+# define OPENSSL_ENGINEERR_H
+# pragma once

 # include <openssl/opensslconf.h>
+# include <openssl/symhacks.h>
+# include <openssl/cryptoerr_legacy.h>
+

 # ifndef OPENSSL_NO_ENGINE

-#  ifdef  __cplusplus
-extern "C"
-#  endif
-int ERR_load_ENGINE_strings(void);
-
-/*
- * ENGINE function codes.
- */
-#  define ENGINE_F_DIGEST_UPDATE                           198
-#  define ENGINE_F_DYNAMIC_CTRL                            180
-#  define ENGINE_F_DYNAMIC_GET_DATA_CTX                    181
-#  define ENGINE_F_DYNAMIC_LOAD                            182
-#  define ENGINE_F_DYNAMIC_SET_DATA_CTX                    183
-#  define ENGINE_F_ENGINE_ADD                              105
-#  define ENGINE_F_ENGINE_BY_ID                            106
-#  define ENGINE_F_ENGINE_CMD_IS_EXECUTABLE                170
-#  define ENGINE_F_ENGINE_CTRL                             142
-#  define ENGINE_F_ENGINE_CTRL_CMD                         178
-#  define ENGINE_F_ENGINE_CTRL_CMD_STRING                  171
-#  define ENGINE_F_ENGINE_FINISH                           107
-#  define ENGINE_F_ENGINE_GET_CIPHER                       185
-#  define ENGINE_F_ENGINE_GET_DIGEST                       186
-#  define ENGINE_F_ENGINE_GET_FIRST                        195
-#  define ENGINE_F_ENGINE_GET_LAST                         196
-#  define ENGINE_F_ENGINE_GET_NEXT                         115
-#  define ENGINE_F_ENGINE_GET_PKEY_ASN1_METH               193
-#  define ENGINE_F_ENGINE_GET_PKEY_METH                    192
-#  define ENGINE_F_ENGINE_GET_PREV                         116
-#  define ENGINE_F_ENGINE_INIT                             119
-#  define ENGINE_F_ENGINE_LIST_ADD                         120
-#  define ENGINE_F_ENGINE_LIST_REMOVE                      121
-#  define ENGINE_F_ENGINE_LOAD_PRIVATE_KEY                 150
-#  define ENGINE_F_ENGINE_LOAD_PUBLIC_KEY                  151
-#  define ENGINE_F_ENGINE_LOAD_SSL_CLIENT_CERT             194
-#  define ENGINE_F_ENGINE_NEW                              122
-#  define ENGINE_F_ENGINE_PKEY_ASN1_FIND_STR               197
-#  define ENGINE_F_ENGINE_REMOVE                           123
-#  define ENGINE_F_ENGINE_SET_DEFAULT_STRING               189
-#  define ENGINE_F_ENGINE_SET_ID                           129
-#  define ENGINE_F_ENGINE_SET_NAME                         130
-#  define ENGINE_F_ENGINE_TABLE_REGISTER                   184
-#  define ENGINE_F_ENGINE_UNLOCKED_FINISH                  191
-#  define ENGINE_F_ENGINE_UP_REF                           190
-#  define ENGINE_F_INT_CLEANUP_ITEM                        199
-#  define ENGINE_F_INT_CTRL_HELPER                         172
-#  define ENGINE_F_INT_ENGINE_CONFIGURE                    188
-#  define ENGINE_F_INT_ENGINE_MODULE_INIT                  187
-#  define ENGINE_F_OSSL_HMAC_INIT                          200

 /*
 * ENGINE reason codes.
--- a/src/3rdparty/win32_include/openssl/err.h
+++ b/src/3rdparty/win32_include/openssl/err.h
@ -1,14 +1,22 @@
 /*
- * Copyright 1995-2019 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 1995-2022 The OpenSSL Project Authors. All Rights Reserved.
 *
- * Licensed under the OpenSSL license (the "License").  You may not use
+ * Licensed under the Apache License 2.0 (the "License").  You may not use
 * this file except in compliance with the License.  You can obtain a copy
 * in the file LICENSE in the source distribution or at
 * https://www.openssl.org/source/license.html
 */

-#ifndef HEADER_ERR_H
-# define HEADER_ERR_H
+
+
+#ifndef OPENSSL_ERR_H
+# define OPENSSL_ERR_H
+# pragma once
+
+# include <openssl/macros.h>
+# ifndef OPENSSL_NO_DEPRECATED_3_0
+#  define HEADER_ERR_H
+# endif

 # include <openssl/e_os2.h>

@ -17,38 +25,47 @@
 #  include <stdlib.h>
 # endif

-# include <openssl/ossl_typ.h>
+# include <openssl/types.h>
 # include <openssl/bio.h>
 # include <openssl/lhash.h>
+# include <openssl/cryptoerr_legacy.h>

 #ifdef  __cplusplus
 extern "C" {
 #endif

-# ifndef OPENSSL_NO_ERR
-#  define ERR_PUT_error(a,b,c,d,e)        ERR_put_error(a,b,c,d,e)
-# else
-#  define ERR_PUT_error(a,b,c,d,e)        ERR_put_error(a,b,c,NULL,0)
+# ifndef OPENSSL_NO_DEPRECATED_3_0
+#  ifndef OPENSSL_NO_FILENAMES
+#   define ERR_PUT_error(l,f,r,fn,ln)      ERR_put_error(l,f,r,fn,ln)
+#  else
+#   define ERR_PUT_error(l,f,r,fn,ln)      ERR_put_error(l,f,r,NULL,0)
+#  endif
 # endif

+# include <limits.h>
 # include <errno.h>

 # define ERR_TXT_MALLOCED        0x01
 # define ERR_TXT_STRING          0x02

-# define ERR_FLAG_MARK           0x01
-# define ERR_FLAG_CLEAR          0x02
+# if !defined(OPENSSL_NO_DEPRECATED_3_0) || defined(OSSL_FORCE_ERR_STATE)
+#  define ERR_FLAG_MARK           0x01
+#  define ERR_FLAG_CLEAR          0x02

-# define ERR_NUM_ERRORS  16
-typedef struct err_state_st {
+#  define ERR_NUM_ERRORS  16
+struct err_state_st {
    int err_flags[ERR_NUM_ERRORS];
+    int err_marks[ERR_NUM_ERRORS];
    unsigned long err_buffer[ERR_NUM_ERRORS];
    char *err_data[ERR_NUM_ERRORS];
+    size_t err_data_size[ERR_NUM_ERRORS];
    int err_data_flags[ERR_NUM_ERRORS];
-    const char *err_file[ERR_NUM_ERRORS];
+    char *err_file[ERR_NUM_ERRORS];
    int err_line[ERR_NUM_ERRORS];
+    char *err_func[ERR_NUM_ERRORS];
    int top, bottom;
-} ERR_STATE;
+};
+# endif

 /* library */
 # define ERR_LIB_NONE            1
@ -95,171 +112,384 @@ typedef struct err_state_st {
 # define ERR_LIB_ASYNC           51
 # define ERR_LIB_KDF             52
 # define ERR_LIB_SM2             53
+# define ERR_LIB_ESS             54
+# define ERR_LIB_PROP            55
+# define ERR_LIB_CRMF            56
+# define ERR_LIB_PROV            57
+# define ERR_LIB_CMP             58
+# define ERR_LIB_OSSL_ENCODER    59
+# define ERR_LIB_OSSL_DECODER    60
+# define ERR_LIB_HTTP            61

 # define ERR_LIB_USER            128

-# define SYSerr(f,r)  ERR_PUT_error(ERR_LIB_SYS,(f),(r),OPENSSL_FILE,OPENSSL_LINE)
-# define BNerr(f,r)   ERR_PUT_error(ERR_LIB_BN,(f),(r),OPENSSL_FILE,OPENSSL_LINE)
-# define RSAerr(f,r)  ERR_PUT_error(ERR_LIB_RSA,(f),(r),OPENSSL_FILE,OPENSSL_LINE)
-# define DHerr(f,r)   ERR_PUT_error(ERR_LIB_DH,(f),(r),OPENSSL_FILE,OPENSSL_LINE)
-# define EVPerr(f,r)  ERR_PUT_error(ERR_LIB_EVP,(f),(r),OPENSSL_FILE,OPENSSL_LINE)
-# define BUFerr(f,r)  ERR_PUT_error(ERR_LIB_BUF,(f),(r),OPENSSL_FILE,OPENSSL_LINE)
-# define OBJerr(f,r)  ERR_PUT_error(ERR_LIB_OBJ,(f),(r),OPENSSL_FILE,OPENSSL_LINE)
-# define PEMerr(f,r)  ERR_PUT_error(ERR_LIB_PEM,(f),(r),OPENSSL_FILE,OPENSSL_LINE)
-# define DSAerr(f,r)  ERR_PUT_error(ERR_LIB_DSA,(f),(r),OPENSSL_FILE,OPENSSL_LINE)
-# define X509err(f,r) ERR_PUT_error(ERR_LIB_X509,(f),(r),OPENSSL_FILE,OPENSSL_LINE)
-# define ASN1err(f,r) ERR_PUT_error(ERR_LIB_ASN1,(f),(r),OPENSSL_FILE,OPENSSL_LINE)
-# define CONFerr(f,r) ERR_PUT_error(ERR_LIB_CONF,(f),(r),OPENSSL_FILE,OPENSSL_LINE)
-# define CRYPTOerr(f,r) ERR_PUT_error(ERR_LIB_CRYPTO,(f),(r),OPENSSL_FILE,OPENSSL_LINE)
-# define ECerr(f,r)   ERR_PUT_error(ERR_LIB_EC,(f),(r),OPENSSL_FILE,OPENSSL_LINE)
-# define SSLerr(f,r)  ERR_PUT_error(ERR_LIB_SSL,(f),(r),OPENSSL_FILE,OPENSSL_LINE)
-# define BIOerr(f,r)  ERR_PUT_error(ERR_LIB_BIO,(f),(r),OPENSSL_FILE,OPENSSL_LINE)
-# define PKCS7err(f,r) ERR_PUT_error(ERR_LIB_PKCS7,(f),(r),OPENSSL_FILE,OPENSSL_LINE)
-# define X509V3err(f,r) ERR_PUT_error(ERR_LIB_X509V3,(f),(r),OPENSSL_FILE,OPENSSL_LINE)
-# define PKCS12err(f,r) ERR_PUT_error(ERR_LIB_PKCS12,(f),(r),OPENSSL_FILE,OPENSSL_LINE)
-# define RANDerr(f,r) ERR_PUT_error(ERR_LIB_RAND,(f),(r),OPENSSL_FILE,OPENSSL_LINE)
-# define DSOerr(f,r) ERR_PUT_error(ERR_LIB_DSO,(f),(r),OPENSSL_FILE,OPENSSL_LINE)
-# define ENGINEerr(f,r) ERR_PUT_error(ERR_LIB_ENGINE,(f),(r),OPENSSL_FILE,OPENSSL_LINE)
-# define OCSPerr(f,r) ERR_PUT_error(ERR_LIB_OCSP,(f),(r),OPENSSL_FILE,OPENSSL_LINE)
-# define UIerr(f,r) ERR_PUT_error(ERR_LIB_UI,(f),(r),OPENSSL_FILE,OPENSSL_LINE)
-# define COMPerr(f,r) ERR_PUT_error(ERR_LIB_COMP,(f),(r),OPENSSL_FILE,OPENSSL_LINE)
-# define ECDSAerr(f,r)  ERR_PUT_error(ERR_LIB_ECDSA,(f),(r),OPENSSL_FILE,OPENSSL_LINE)
-# define ECDHerr(f,r)  ERR_PUT_error(ERR_LIB_ECDH,(f),(r),OPENSSL_FILE,OPENSSL_LINE)
-# define OSSL_STOREerr(f,r) ERR_PUT_error(ERR_LIB_OSSL_STORE,(f),(r),OPENSSL_FILE,OPENSSL_LINE)
-# define FIPSerr(f,r) ERR_PUT_error(ERR_LIB_FIPS,(f),(r),OPENSSL_FILE,OPENSSL_LINE)
-# define CMSerr(f,r) ERR_PUT_error(ERR_LIB_CMS,(f),(r),OPENSSL_FILE,OPENSSL_LINE)
-# define TSerr(f,r) ERR_PUT_error(ERR_LIB_TS,(f),(r),OPENSSL_FILE,OPENSSL_LINE)
-# define HMACerr(f,r) ERR_PUT_error(ERR_LIB_HMAC,(f),(r),OPENSSL_FILE,OPENSSL_LINE)
-# define CTerr(f,r) ERR_PUT_error(ERR_LIB_CT,(f),(r),OPENSSL_FILE,OPENSSL_LINE)
-# define ASYNCerr(f,r) ERR_PUT_error(ERR_LIB_ASYNC,(f),(r),OPENSSL_FILE,OPENSSL_LINE)
-# define KDFerr(f,r) ERR_PUT_error(ERR_LIB_KDF,(f),(r),OPENSSL_FILE,OPENSSL_LINE)
-# define SM2err(f,r) ERR_PUT_error(ERR_LIB_SM2,(f),(r),OPENSSL_FILE,OPENSSL_LINE)
+# ifndef OPENSSL_NO_DEPRECATED_3_0
+#  define ASN1err(f, r) ERR_raise_data(ERR_LIB_ASN1, (r), NULL)
+#  define ASYNCerr(f, r) ERR_raise_data(ERR_LIB_ASYNC, (r), NULL)
+#  define BIOerr(f, r) ERR_raise_data(ERR_LIB_BIO, (r), NULL)
+#  define BNerr(f, r)  ERR_raise_data(ERR_LIB_BN, (r), NULL)
+#  define BUFerr(f, r) ERR_raise_data(ERR_LIB_BUF, (r), NULL)
+#  define CMPerr(f, r) ERR_raise_data(ERR_LIB_CMP, (r), NULL)
+#  define CMSerr(f, r) ERR_raise_data(ERR_LIB_CMS, (r), NULL)
+#  define COMPerr(f, r) ERR_raise_data(ERR_LIB_COMP, (r), NULL)
+#  define CONFerr(f, r) ERR_raise_data(ERR_LIB_CONF, (r), NULL)
+#  define CRMFerr(f, r) ERR_raise_data(ERR_LIB_CRMF, (r), NULL)
+#  define CRYPTOerr(f, r) ERR_raise_data(ERR_LIB_CRYPTO, (r), NULL)
+#  define CTerr(f, r) ERR_raise_data(ERR_LIB_CT, (r), NULL)
+#  define DHerr(f, r)  ERR_raise_data(ERR_LIB_DH, (r), NULL)
+#  define DSAerr(f, r) ERR_raise_data(ERR_LIB_DSA, (r), NULL)
+#  define DSOerr(f, r) ERR_raise_data(ERR_LIB_DSO, (r), NULL)
+#  define ECDHerr(f, r) ERR_raise_data(ERR_LIB_ECDH, (r), NULL)
+#  define ECDSAerr(f, r) ERR_raise_data(ERR_LIB_ECDSA, (r), NULL)
+#  define ECerr(f, r)  ERR_raise_data(ERR_LIB_EC, (r), NULL)
+#  define ENGINEerr(f, r) ERR_raise_data(ERR_LIB_ENGINE, (r), NULL)
+#  define ESSerr(f, r) ERR_raise_data(ERR_LIB_ESS, (r), NULL)
+#  define EVPerr(f, r) ERR_raise_data(ERR_LIB_EVP, (r), NULL)
+#  define FIPSerr(f, r) ERR_raise_data(ERR_LIB_FIPS, (r), NULL)
+#  define HMACerr(f, r) ERR_raise_data(ERR_LIB_HMAC, (r), NULL)
+#  define HTTPerr(f, r) ERR_raise_data(ERR_LIB_HTTP, (r), NULL)
+#  define KDFerr(f, r) ERR_raise_data(ERR_LIB_KDF, (r), NULL)
+#  define OBJerr(f, r) ERR_raise_data(ERR_LIB_OBJ, (r), NULL)
+#  define OCSPerr(f, r) ERR_raise_data(ERR_LIB_OCSP, (r), NULL)
+#  define OSSL_STOREerr(f, r) ERR_raise_data(ERR_LIB_OSSL_STORE, (r), NULL)
+#  define PEMerr(f, r) ERR_raise_data(ERR_LIB_PEM, (r), NULL)
+#  define PKCS12err(f, r) ERR_raise_data(ERR_LIB_PKCS12, (r), NULL)
+#  define PKCS7err(f, r) ERR_raise_data(ERR_LIB_PKCS7, (r), NULL)
+#  define PROPerr(f, r) ERR_raise_data(ERR_LIB_PROP, (r), NULL)
+#  define PROVerr(f, r) ERR_raise_data(ERR_LIB_PROV, (r), NULL)
+#  define RANDerr(f, r) ERR_raise_data(ERR_LIB_RAND, (r), NULL)
+#  define RSAerr(f, r) ERR_raise_data(ERR_LIB_RSA, (r), NULL)
+#  define KDFerr(f, r) ERR_raise_data(ERR_LIB_KDF, (r), NULL)
+#  define SM2err(f, r) ERR_raise_data(ERR_LIB_SM2, (r), NULL)
+#  define SSLerr(f, r) ERR_raise_data(ERR_LIB_SSL, (r), NULL)
+#  define SYSerr(f, r) ERR_raise_data(ERR_LIB_SYS, (r), NULL)
+#  define TSerr(f, r) ERR_raise_data(ERR_LIB_TS, (r), NULL)
+#  define UIerr(f, r) ERR_raise_data(ERR_LIB_UI, (r), NULL)
+#  define X509V3err(f, r) ERR_raise_data(ERR_LIB_X509V3, (r), NULL)
+#  define X509err(f, r) ERR_raise_data(ERR_LIB_X509, (r), NULL)
+# endif

-# define ERR_PACK(l,f,r) ( \
-        (((unsigned int)(l) & 0x0FF) << 24L) | \
-        (((unsigned int)(f) & 0xFFF) << 12L) | \
-        (((unsigned int)(r) & 0xFFF)       ) )
-# define ERR_GET_LIB(l)          (int)(((l) >> 24L) & 0x0FFL)
-# define ERR_GET_FUNC(l)         (int)(((l) >> 12L) & 0xFFFL)
-# define ERR_GET_REASON(l)       (int)( (l)         & 0xFFFL)
-# define ERR_FATAL_ERROR(l)      (int)( (l)         & ERR_R_FATAL)
+/*-
+ * The error code packs differently depending on if it records a system
+ * error or an OpenSSL error.
+ *
+ * A system error packs like this (we follow POSIX and only allow positive
+ * numbers that fit in an |int|):
+ *
+ * +-+-------------------------------------------------------------+
+ * |1|                     system error number                     |
+ * +-+-------------------------------------------------------------+
+ *
+ * An OpenSSL error packs like this:
+ *
+ * <---------------------------- 32 bits -------------------------->
+ *    <--- 8 bits ---><------------------ 23 bits ----------------->
+ * +-+---------------+---------------------------------------------+
+ * |0|    library    |                    reason                   |
+ * +-+---------------+---------------------------------------------+
+ *
+ * A few of the reason bits are reserved as flags with special meaning:
+ *
+ *                    <5 bits-<>--------- 19 bits ----------------->
+ *                   +-------+-+-----------------------------------+
+ *                   | rflags| |          reason                   |
+ *                   +-------+-+-----------------------------------+
+ *                            ^
+ *                            |
+ *                           ERR_RFLAG_FATAL = ERR_R_FATAL
+ *
+ * The reason flags are part of the overall reason code for practical
+ * reasons, as they provide an easy way to place different types of
+ * reason codes in different numeric ranges.
+ *
+ * The currently known reason flags are:
+ *
+ * ERR_RFLAG_FATAL      Flags that the reason code is considered fatal.
+ *                      For backward compatibility reasons, this flag
+ *                      is also the code for ERR_R_FATAL (that reason
+ *                      code served the dual purpose of flag and reason
+ *                      code in one in pre-3.0 OpenSSL).
+ * ERR_RFLAG_COMMON     Flags that the reason code is common to all
+ *                      libraries.  All ERR_R_ macros must use this flag,
+ *                      and no other _R_ macro is allowed to use it.
+ */

-/* OS functions */
-# define SYS_F_FOPEN             1
-# define SYS_F_CONNECT           2
-# define SYS_F_GETSERVBYNAME     3
-# define SYS_F_SOCKET            4
-# define SYS_F_IOCTLSOCKET       5
-# define SYS_F_BIND              6
-# define SYS_F_LISTEN            7
-# define SYS_F_ACCEPT            8
-# define SYS_F_WSASTARTUP        9/* Winsock stuff */
-# define SYS_F_OPENDIR           10
-# define SYS_F_FREAD             11
-# define SYS_F_GETADDRINFO       12
-# define SYS_F_GETNAMEINFO       13
-# define SYS_F_SETSOCKOPT        14
-# define SYS_F_GETSOCKOPT        15
-# define SYS_F_GETSOCKNAME       16
-# define SYS_F_GETHOSTBYNAME     17
-# define SYS_F_FFLUSH            18
-# define SYS_F_OPEN              19
-# define SYS_F_CLOSE             20
-# define SYS_F_IOCTL             21
-# define SYS_F_STAT              22
-# define SYS_F_FCNTL             23
-# define SYS_F_FSTAT             24
-
-/* reasons */
-# define ERR_R_SYS_LIB   ERR_LIB_SYS/* 2 */
-# define ERR_R_BN_LIB    ERR_LIB_BN/* 3 */
-# define ERR_R_RSA_LIB   ERR_LIB_RSA/* 4 */
-# define ERR_R_DH_LIB    ERR_LIB_DH/* 5 */
-# define ERR_R_EVP_LIB   ERR_LIB_EVP/* 6 */
-# define ERR_R_BUF_LIB   ERR_LIB_BUF/* 7 */
-# define ERR_R_OBJ_LIB   ERR_LIB_OBJ/* 8 */
-# define ERR_R_PEM_LIB   ERR_LIB_PEM/* 9 */
-# define ERR_R_DSA_LIB   ERR_LIB_DSA/* 10 */
-# define ERR_R_X509_LIB  ERR_LIB_X509/* 11 */
-# define ERR_R_ASN1_LIB  ERR_LIB_ASN1/* 13 */
-# define ERR_R_EC_LIB    ERR_LIB_EC/* 16 */
-# define ERR_R_BIO_LIB   ERR_LIB_BIO/* 32 */
-# define ERR_R_PKCS7_LIB ERR_LIB_PKCS7/* 33 */
-# define ERR_R_X509V3_LIB ERR_LIB_X509V3/* 34 */
-# define ERR_R_ENGINE_LIB ERR_LIB_ENGINE/* 38 */
-# define ERR_R_UI_LIB    ERR_LIB_UI/* 40 */
-# define ERR_R_ECDSA_LIB ERR_LIB_ECDSA/* 42 */
-# define ERR_R_OSSL_STORE_LIB ERR_LIB_OSSL_STORE/* 44 */
-
-# define ERR_R_NESTED_ASN1_ERROR                 58
-# define ERR_R_MISSING_ASN1_EOS                  63
-
-/* fatal error */
-# define ERR_R_FATAL                             64
-# define ERR_R_MALLOC_FAILURE                    (1|ERR_R_FATAL)
-# define ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED       (2|ERR_R_FATAL)
-# define ERR_R_PASSED_NULL_PARAMETER             (3|ERR_R_FATAL)
-# define ERR_R_INTERNAL_ERROR                    (4|ERR_R_FATAL)
-# define ERR_R_DISABLED                          (5|ERR_R_FATAL)
-# define ERR_R_INIT_FAIL                         (6|ERR_R_FATAL)
-# define ERR_R_PASSED_INVALID_ARGUMENT           (7)
-# define ERR_R_OPERATION_FAIL                    (8|ERR_R_FATAL)
+/* Macros to help decode recorded system errors */
+# define ERR_SYSTEM_FLAG                ((unsigned int)INT_MAX + 1)
+# define ERR_SYSTEM_MASK                ((unsigned int)INT_MAX)

 /*
- * 99 is the maximum possible ERR_R_... code, higher values are reserved for
- * the individual libraries
+ * Macros to help decode recorded OpenSSL errors
+ * As expressed above, RFLAGS and REASON overlap by one bit to allow
+ * ERR_R_FATAL to use ERR_RFLAG_FATAL as its reason code.
 */
+# define ERR_LIB_OFFSET                 23L
+# define ERR_LIB_MASK                   0xFF
+# define ERR_RFLAGS_OFFSET              18L
+# define ERR_RFLAGS_MASK                0x1F
+# define ERR_REASON_MASK                0X7FFFFF
+
+/*
+ * Reason flags are defined pre-shifted to easily combine with the reason
+ * number.
+ */
+# define ERR_RFLAG_FATAL                (0x1 << ERR_RFLAGS_OFFSET)
+# define ERR_RFLAG_COMMON               (0x2 << ERR_RFLAGS_OFFSET)
+
+# define ERR_SYSTEM_ERROR(errcode)      (((errcode) & ERR_SYSTEM_FLAG) != 0)
+
+static ossl_unused ossl_inline int ERR_GET_LIB(unsigned long errcode)
+{
+    if (ERR_SYSTEM_ERROR(errcode))
+        return ERR_LIB_SYS;
+    return (errcode >> ERR_LIB_OFFSET) & ERR_LIB_MASK;
+}
+
+static ossl_unused ossl_inline int ERR_GET_RFLAGS(unsigned long errcode)
+{
+    if (ERR_SYSTEM_ERROR(errcode))
+        return 0;
+    return errcode & (ERR_RFLAGS_MASK << ERR_RFLAGS_OFFSET);
+}
+
+static ossl_unused ossl_inline int ERR_GET_REASON(unsigned long errcode)
+{
+    if (ERR_SYSTEM_ERROR(errcode))
+        return errcode & ERR_SYSTEM_MASK;
+    return errcode & ERR_REASON_MASK;
+}
+
+static ossl_unused ossl_inline int ERR_FATAL_ERROR(unsigned long errcode)
+{
+    return (ERR_GET_RFLAGS(errcode) & ERR_RFLAG_FATAL) != 0;
+}
+
+static ossl_unused ossl_inline int ERR_COMMON_ERROR(unsigned long errcode)
+{
+    return (ERR_GET_RFLAGS(errcode) & ERR_RFLAG_COMMON) != 0;
+}
+
+/*
+ * ERR_PACK is a helper macro to properly pack OpenSSL error codes and may
+ * only be used for that purpose.  System errors are packed internally.
+ * ERR_PACK takes reason flags and reason code combined in |reason|.
+ * ERR_PACK ignores |func|, that parameter is just legacy from pre-3.0 OpenSSL.
+ */
+# define ERR_PACK(lib,func,reason)                                      \
+    ( (((unsigned long)(lib)    & ERR_LIB_MASK   ) << ERR_LIB_OFFSET) | \
+      (((unsigned long)(reason) & ERR_REASON_MASK)) )
+
+# ifndef OPENSSL_NO_DEPRECATED_3_0
+#  define SYS_F_FOPEN             0
+#  define SYS_F_CONNECT           0
+#  define SYS_F_GETSERVBYNAME     0
+#  define SYS_F_SOCKET            0
+#  define SYS_F_IOCTLSOCKET       0
+#  define SYS_F_BIND              0
+#  define SYS_F_LISTEN            0
+#  define SYS_F_ACCEPT            0
+#  define SYS_F_WSASTARTUP        0
+#  define SYS_F_OPENDIR           0
+#  define SYS_F_FREAD             0
+#  define SYS_F_GETADDRINFO       0
+#  define SYS_F_GETNAMEINFO       0
+#  define SYS_F_SETSOCKOPT        0
+#  define SYS_F_GETSOCKOPT        0
+#  define SYS_F_GETSOCKNAME       0
+#  define SYS_F_GETHOSTBYNAME     0
+#  define SYS_F_FFLUSH            0
+#  define SYS_F_OPEN              0
+#  define SYS_F_CLOSE             0
+#  define SYS_F_IOCTL             0
+#  define SYS_F_STAT              0
+#  define SYS_F_FCNTL             0
+#  define SYS_F_FSTAT             0
+#  define SYS_F_SENDFILE          0
+# endif
+
+/*
+ * All ERR_R_ codes must be combined with ERR_RFLAG_COMMON.
+ */
+
+/* "we came from here" global reason codes, range 1..255 */
+# define ERR_R_SYS_LIB          (ERR_LIB_SYS/* 2 */ | ERR_RFLAG_COMMON)
+# define ERR_R_BN_LIB           (ERR_LIB_BN/* 3 */ | ERR_RFLAG_COMMON)
+# define ERR_R_RSA_LIB          (ERR_LIB_RSA/* 4 */ | ERR_RFLAG_COMMON)
+# define ERR_R_DH_LIB           (ERR_LIB_DH/* 5 */ | ERR_RFLAG_COMMON)
+# define ERR_R_EVP_LIB          (ERR_LIB_EVP/* 6 */ | ERR_RFLAG_COMMON)
+# define ERR_R_BUF_LIB          (ERR_LIB_BUF/* 7 */ | ERR_RFLAG_COMMON)
+# define ERR_R_OBJ_LIB          (ERR_LIB_OBJ/* 8 */ | ERR_RFLAG_COMMON)
+# define ERR_R_PEM_LIB          (ERR_LIB_PEM/* 9 */ | ERR_RFLAG_COMMON)
+# define ERR_R_DSA_LIB          (ERR_LIB_DSA/* 10 */ | ERR_RFLAG_COMMON)
+# define ERR_R_X509_LIB         (ERR_LIB_X509/* 11 */ | ERR_RFLAG_COMMON)
+# define ERR_R_ASN1_LIB         (ERR_LIB_ASN1/* 13 */ | ERR_RFLAG_COMMON)
+# define ERR_R_CONF_LIB         (ERR_LIB_CONF/* 14 */ | ERR_RFLAG_COMMON)
+# define ERR_R_CRYPTO_LIB       (ERR_LIB_CRYPTO/* 15 */ | ERR_RFLAG_COMMON)
+# define ERR_R_EC_LIB           (ERR_LIB_EC/* 16 */ | ERR_RFLAG_COMMON)
+# define ERR_R_SSL_LIB          (ERR_LIB_SSL/* 20 */ | ERR_RFLAG_COMMON)
+# define ERR_R_BIO_LIB          (ERR_LIB_BIO/* 32 */ | ERR_RFLAG_COMMON)
+# define ERR_R_PKCS7_LIB        (ERR_LIB_PKCS7/* 33 */ | ERR_RFLAG_COMMON)
+# define ERR_R_X509V3_LIB       (ERR_LIB_X509V3/* 34 */ | ERR_RFLAG_COMMON)
+# define ERR_R_PKCS12_LIB       (ERR_LIB_PKCS12/* 35 */ | ERR_RFLAG_COMMON)
+# define ERR_R_RAND_LIB         (ERR_LIB_RAND/* 36 */ | ERR_RFLAG_COMMON)
+# define ERR_R_DSO_LIB          (ERR_LIB_DSO/* 37 */ | ERR_RFLAG_COMMON)
+# define ERR_R_ENGINE_LIB       (ERR_LIB_ENGINE/* 38 */ | ERR_RFLAG_COMMON)
+# define ERR_R_UI_LIB           (ERR_LIB_UI/* 40 */ | ERR_RFLAG_COMMON)
+# define ERR_R_ECDSA_LIB        (ERR_LIB_ECDSA/* 42 */ | ERR_RFLAG_COMMON)
+# define ERR_R_OSSL_STORE_LIB   (ERR_LIB_OSSL_STORE/* 44 */ | ERR_RFLAG_COMMON)
+# define ERR_R_CMS_LIB          (ERR_LIB_CMS/* 46 */ | ERR_RFLAG_COMMON)
+# define ERR_R_TS_LIB           (ERR_LIB_TS/* 47 */ | ERR_RFLAG_COMMON)
+# define ERR_R_CT_LIB           (ERR_LIB_CT/* 50 */ | ERR_RFLAG_COMMON)
+# define ERR_R_PROV_LIB         (ERR_LIB_PROV/* 57 */ | ERR_RFLAG_COMMON)
+# define ERR_R_ESS_LIB          (ERR_LIB_ESS/* 54 */ | ERR_RFLAG_COMMON)
+# define ERR_R_CMP_LIB          (ERR_LIB_CMP/* 58 */ | ERR_RFLAG_COMMON)
+# define ERR_R_OSSL_ENCODER_LIB (ERR_LIB_OSSL_ENCODER/* 59 */ | ERR_RFLAG_COMMON)
+# define ERR_R_OSSL_DECODER_LIB (ERR_LIB_OSSL_DECODER/* 60 */ | ERR_RFLAG_COMMON)
+
+/* Other common error codes, range 256..2^ERR_RFLAGS_OFFSET-1 */
+# define ERR_R_FATAL                             (ERR_RFLAG_FATAL|ERR_RFLAG_COMMON)
+# define ERR_R_MALLOC_FAILURE                    (256|ERR_R_FATAL)
+# define ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED       (257|ERR_R_FATAL)
+# define ERR_R_PASSED_NULL_PARAMETER             (258|ERR_R_FATAL)
+# define ERR_R_INTERNAL_ERROR                    (259|ERR_R_FATAL)
+# define ERR_R_DISABLED                          (260|ERR_R_FATAL)
+# define ERR_R_INIT_FAIL                         (261|ERR_R_FATAL)
+# define ERR_R_PASSED_INVALID_ARGUMENT           (262|ERR_RFLAG_COMMON)
+# define ERR_R_OPERATION_FAIL                    (263|ERR_R_FATAL)
+# define ERR_R_INVALID_PROVIDER_FUNCTIONS        (264|ERR_R_FATAL)
+# define ERR_R_INTERRUPTED_OR_CANCELLED          (265|ERR_RFLAG_COMMON)
+# define ERR_R_NESTED_ASN1_ERROR                 (266|ERR_RFLAG_COMMON)
+# define ERR_R_MISSING_ASN1_EOS                  (267|ERR_RFLAG_COMMON)
+# define ERR_R_UNSUPPORTED                       (268|ERR_RFLAG_COMMON)
+# define ERR_R_FETCH_FAILED                      (269|ERR_RFLAG_COMMON)
+# define ERR_R_INVALID_PROPERTY_DEFINITION       (270|ERR_RFLAG_COMMON)
+# define ERR_R_UNABLE_TO_GET_READ_LOCK           (271|ERR_R_FATAL)
+# define ERR_R_UNABLE_TO_GET_WRITE_LOCK          (272|ERR_R_FATAL)

 typedef struct ERR_string_data_st {
    unsigned long error;
    const char *string;
 } ERR_STRING_DATA;

-DEFINE_LHASH_OF(ERR_STRING_DATA);
+DEFINE_LHASH_OF_INTERNAL(ERR_STRING_DATA);
+#define lh_ERR_STRING_DATA_new(hfn, cmp) ((LHASH_OF(ERR_STRING_DATA) *)OPENSSL_LH_new(ossl_check_ERR_STRING_DATA_lh_hashfunc_type(hfn), ossl_check_ERR_STRING_DATA_lh_compfunc_type(cmp)))
+#define lh_ERR_STRING_DATA_free(lh) OPENSSL_LH_free(ossl_check_ERR_STRING_DATA_lh_type(lh))
+#define lh_ERR_STRING_DATA_flush(lh) OPENSSL_LH_flush(ossl_check_ERR_STRING_DATA_lh_type(lh))
+#define lh_ERR_STRING_DATA_insert(lh, ptr) ((ERR_STRING_DATA *)OPENSSL_LH_insert(ossl_check_ERR_STRING_DATA_lh_type(lh), ossl_check_ERR_STRING_DATA_lh_plain_type(ptr)))
+#define lh_ERR_STRING_DATA_delete(lh, ptr) ((ERR_STRING_DATA *)OPENSSL_LH_delete(ossl_check_ERR_STRING_DATA_lh_type(lh), ossl_check_const_ERR_STRING_DATA_lh_plain_type(ptr)))
+#define lh_ERR_STRING_DATA_retrieve(lh, ptr) ((ERR_STRING_DATA *)OPENSSL_LH_retrieve(ossl_check_ERR_STRING_DATA_lh_type(lh), ossl_check_const_ERR_STRING_DATA_lh_plain_type(ptr)))
+#define lh_ERR_STRING_DATA_error(lh) OPENSSL_LH_error(ossl_check_ERR_STRING_DATA_lh_type(lh))
+#define lh_ERR_STRING_DATA_num_items(lh) OPENSSL_LH_num_items(ossl_check_ERR_STRING_DATA_lh_type(lh))
+#define lh_ERR_STRING_DATA_node_stats_bio(lh, out) OPENSSL_LH_node_stats_bio(ossl_check_const_ERR_STRING_DATA_lh_type(lh), out)
+#define lh_ERR_STRING_DATA_node_usage_stats_bio(lh, out) OPENSSL_LH_node_usage_stats_bio(ossl_check_const_ERR_STRING_DATA_lh_type(lh), out)
+#define lh_ERR_STRING_DATA_stats_bio(lh, out) OPENSSL_LH_stats_bio(ossl_check_const_ERR_STRING_DATA_lh_type(lh), out)
+#define lh_ERR_STRING_DATA_get_down_load(lh) OPENSSL_LH_get_down_load(ossl_check_ERR_STRING_DATA_lh_type(lh))
+#define lh_ERR_STRING_DATA_set_down_load(lh, dl) OPENSSL_LH_set_down_load(ossl_check_ERR_STRING_DATA_lh_type(lh), dl)
+#define lh_ERR_STRING_DATA_doall(lh, dfn) OPENSSL_LH_doall(ossl_check_ERR_STRING_DATA_lh_type(lh), ossl_check_ERR_STRING_DATA_lh_doallfunc_type(dfn))
+
+
+/* 12 lines and some on an 80 column terminal */
+#define ERR_MAX_DATA_SIZE       1024
+
+/* Building blocks */
+void ERR_new(void);
+void ERR_set_debug(const char *file, int line, const char *func);
+void ERR_set_error(int lib, int reason, const char *fmt, ...);
+void ERR_vset_error(int lib, int reason, const char *fmt, va_list args);
+
+/* Main error raising functions */
+# define ERR_raise(lib, reason) ERR_raise_data((lib),(reason),NULL)
+# define ERR_raise_data                                         \
+    (ERR_new(),                                                 \
+     ERR_set_debug(OPENSSL_FILE,OPENSSL_LINE,OPENSSL_FUNC),     \
+     ERR_set_error)
+
+# ifndef OPENSSL_NO_DEPRECATED_3_0
+/* Backward compatibility */
+#  define ERR_put_error(lib, func, reason, file, line)          \
+    (ERR_new(),                                                 \
+     ERR_set_debug((file), (line), OPENSSL_FUNC),               \
+     ERR_set_error((lib), (reason), NULL))
+# endif

-void ERR_put_error(int lib, int func, int reason, const char *file, int line);
 void ERR_set_error_data(char *data, int flags);

 unsigned long ERR_get_error(void);
+unsigned long ERR_get_error_all(const char **file, int *line,
+                                const char **func,
+                                const char **data, int *flags);
+# ifndef OPENSSL_NO_DEPRECATED_3_0
+OSSL_DEPRECATEDIN_3_0
 unsigned long ERR_get_error_line(const char **file, int *line);
+OSSL_DEPRECATEDIN_3_0
 unsigned long ERR_get_error_line_data(const char **file, int *line,
                                      const char **data, int *flags);
+#endif
 unsigned long ERR_peek_error(void);
 unsigned long ERR_peek_error_line(const char **file, int *line);
+unsigned long ERR_peek_error_func(const char **func);
+unsigned long ERR_peek_error_data(const char **data, int *flags);
+unsigned long ERR_peek_error_all(const char **file, int *line,
+                                 const char **func,
+                                 const char **data, int *flags);
+# ifndef OPENSSL_NO_DEPRECATED_3_0
+OSSL_DEPRECATEDIN_3_0
 unsigned long ERR_peek_error_line_data(const char **file, int *line,
                                       const char **data, int *flags);
+# endif
 unsigned long ERR_peek_last_error(void);
 unsigned long ERR_peek_last_error_line(const char **file, int *line);
+unsigned long ERR_peek_last_error_func(const char **func);
+unsigned long ERR_peek_last_error_data(const char **data, int *flags);
+unsigned long ERR_peek_last_error_all(const char **file, int *line,
+                                      const char **func,
+                                      const char **data, int *flags);
+# ifndef OPENSSL_NO_DEPRECATED_3_0
+OSSL_DEPRECATEDIN_3_0
 unsigned long ERR_peek_last_error_line_data(const char **file, int *line,
                                            const char **data, int *flags);
+# endif
+
 void ERR_clear_error(void);
+
 char *ERR_error_string(unsigned long e, char *buf);
 void ERR_error_string_n(unsigned long e, char *buf, size_t len);
 const char *ERR_lib_error_string(unsigned long e);
-const char *ERR_func_error_string(unsigned long e);
+# ifndef OPENSSL_NO_DEPRECATED_3_0
+OSSL_DEPRECATEDIN_3_0 const char *ERR_func_error_string(unsigned long e);
+# endif
 const char *ERR_reason_error_string(unsigned long e);
+
 void ERR_print_errors_cb(int (*cb) (const char *str, size_t len, void *u),
                         void *u);
 # ifndef OPENSSL_NO_STDIO
 void ERR_print_errors_fp(FILE *fp);
 # endif
 void ERR_print_errors(BIO *bp);
+
 void ERR_add_error_data(int num, ...);
 void ERR_add_error_vdata(int num, va_list args);
+void ERR_add_error_txt(const char *sepr, const char *txt);
+void ERR_add_error_mem_bio(const char *sep, BIO *bio);
+
 int ERR_load_strings(int lib, ERR_STRING_DATA *str);
 int ERR_load_strings_const(const ERR_STRING_DATA *str);
 int ERR_unload_strings(int lib, ERR_STRING_DATA *str);
-int ERR_load_ERR_strings(void);

-#if OPENSSL_API_COMPAT < 0x10100000L
+#ifndef OPENSSL_NO_DEPRECATED_1_1_0
 # define ERR_load_crypto_strings() \
    OPENSSL_init_crypto(OPENSSL_INIT_LOAD_CRYPTO_STRINGS, NULL)
 # define ERR_free_strings() while(0) continue
 #endif
-
-DEPRECATEDIN_1_1_0(void ERR_remove_thread_state(void *))
-DEPRECATEDIN_1_0_0(void ERR_remove_state(unsigned long pid))
-ERR_STATE *ERR_get_state(void);
+#ifndef OPENSSL_NO_DEPRECATED_1_1_0
+OSSL_DEPRECATEDIN_1_1_0 void ERR_remove_thread_state(void *);
+#endif
+#ifndef OPENSSL_NO_DEPRECATED_1_0_0
+OSSL_DEPRECATEDIN_1_0_0 void ERR_remove_state(unsigned long pid);
+#endif
+#ifndef OPENSSL_NO_DEPRECATED_3_0
+OSSL_DEPRECATEDIN_3_0 ERR_STATE *ERR_get_state(void);
+#endif

 int ERR_get_next_error_library(void);

--- a/src/3rdparty/win32_include/openssl/ess.h
+++ b/src/3rdparty/win32_include/openssl/ess.h
@ -0,0 +1,128 @@
+/*
+ * WARNING: do not edit!
+ * Generated by makefile from include\openssl\ess.h.in
+ *
+ * Copyright 2019-2021 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the Apache License 2.0 (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+
+
+#ifndef OPENSSL_ESS_H
+# define OPENSSL_ESS_H
+# pragma once
+
+# include <openssl/opensslconf.h>
+
+# include <openssl/safestack.h>
+# include <openssl/x509.h>
+# include <openssl/esserr.h>
+
+# ifdef  __cplusplus
+extern "C" {
+# endif
+
+
+typedef struct ESS_issuer_serial ESS_ISSUER_SERIAL;
+typedef struct ESS_cert_id ESS_CERT_ID;
+typedef struct ESS_signing_cert ESS_SIGNING_CERT;
+
+SKM_DEFINE_STACK_OF_INTERNAL(ESS_CERT_ID, ESS_CERT_ID, ESS_CERT_ID)
+#define sk_ESS_CERT_ID_num(sk) OPENSSL_sk_num(ossl_check_const_ESS_CERT_ID_sk_type(sk))
+#define sk_ESS_CERT_ID_value(sk, idx) ((ESS_CERT_ID *)OPENSSL_sk_value(ossl_check_const_ESS_CERT_ID_sk_type(sk), (idx)))
+#define sk_ESS_CERT_ID_new(cmp) ((STACK_OF(ESS_CERT_ID) *)OPENSSL_sk_new(ossl_check_ESS_CERT_ID_compfunc_type(cmp)))
+#define sk_ESS_CERT_ID_new_null() ((STACK_OF(ESS_CERT_ID) *)OPENSSL_sk_new_null())
+#define sk_ESS_CERT_ID_new_reserve(cmp, n) ((STACK_OF(ESS_CERT_ID) *)OPENSSL_sk_new_reserve(ossl_check_ESS_CERT_ID_compfunc_type(cmp), (n)))
+#define sk_ESS_CERT_ID_reserve(sk, n) OPENSSL_sk_reserve(ossl_check_ESS_CERT_ID_sk_type(sk), (n))
+#define sk_ESS_CERT_ID_free(sk) OPENSSL_sk_free(ossl_check_ESS_CERT_ID_sk_type(sk))
+#define sk_ESS_CERT_ID_zero(sk) OPENSSL_sk_zero(ossl_check_ESS_CERT_ID_sk_type(sk))
+#define sk_ESS_CERT_ID_delete(sk, i) ((ESS_CERT_ID *)OPENSSL_sk_delete(ossl_check_ESS_CERT_ID_sk_type(sk), (i)))
+#define sk_ESS_CERT_ID_delete_ptr(sk, ptr) ((ESS_CERT_ID *)OPENSSL_sk_delete_ptr(ossl_check_ESS_CERT_ID_sk_type(sk), ossl_check_ESS_CERT_ID_type(ptr)))
+#define sk_ESS_CERT_ID_push(sk, ptr) OPENSSL_sk_push(ossl_check_ESS_CERT_ID_sk_type(sk), ossl_check_ESS_CERT_ID_type(ptr))
+#define sk_ESS_CERT_ID_unshift(sk, ptr) OPENSSL_sk_unshift(ossl_check_ESS_CERT_ID_sk_type(sk), ossl_check_ESS_CERT_ID_type(ptr))
+#define sk_ESS_CERT_ID_pop(sk) ((ESS_CERT_ID *)OPENSSL_sk_pop(ossl_check_ESS_CERT_ID_sk_type(sk)))
+#define sk_ESS_CERT_ID_shift(sk) ((ESS_CERT_ID *)OPENSSL_sk_shift(ossl_check_ESS_CERT_ID_sk_type(sk)))
+#define sk_ESS_CERT_ID_pop_free(sk, freefunc) OPENSSL_sk_pop_free(ossl_check_ESS_CERT_ID_sk_type(sk),ossl_check_ESS_CERT_ID_freefunc_type(freefunc))
+#define sk_ESS_CERT_ID_insert(sk, ptr, idx) OPENSSL_sk_insert(ossl_check_ESS_CERT_ID_sk_type(sk), ossl_check_ESS_CERT_ID_type(ptr), (idx))
+#define sk_ESS_CERT_ID_set(sk, idx, ptr) ((ESS_CERT_ID *)OPENSSL_sk_set(ossl_check_ESS_CERT_ID_sk_type(sk), (idx), ossl_check_ESS_CERT_ID_type(ptr)))
+#define sk_ESS_CERT_ID_find(sk, ptr) OPENSSL_sk_find(ossl_check_ESS_CERT_ID_sk_type(sk), ossl_check_ESS_CERT_ID_type(ptr))
+#define sk_ESS_CERT_ID_find_ex(sk, ptr) OPENSSL_sk_find_ex(ossl_check_ESS_CERT_ID_sk_type(sk), ossl_check_ESS_CERT_ID_type(ptr))
+#define sk_ESS_CERT_ID_find_all(sk, ptr, pnum) OPENSSL_sk_find_all(ossl_check_ESS_CERT_ID_sk_type(sk), ossl_check_ESS_CERT_ID_type(ptr), pnum)
+#define sk_ESS_CERT_ID_sort(sk) OPENSSL_sk_sort(ossl_check_ESS_CERT_ID_sk_type(sk))
+#define sk_ESS_CERT_ID_is_sorted(sk) OPENSSL_sk_is_sorted(ossl_check_const_ESS_CERT_ID_sk_type(sk))
+#define sk_ESS_CERT_ID_dup(sk) ((STACK_OF(ESS_CERT_ID) *)OPENSSL_sk_dup(ossl_check_const_ESS_CERT_ID_sk_type(sk)))
+#define sk_ESS_CERT_ID_deep_copy(sk, copyfunc, freefunc) ((STACK_OF(ESS_CERT_ID) *)OPENSSL_sk_deep_copy(ossl_check_const_ESS_CERT_ID_sk_type(sk), ossl_check_ESS_CERT_ID_copyfunc_type(copyfunc), ossl_check_ESS_CERT_ID_freefunc_type(freefunc)))
+#define sk_ESS_CERT_ID_set_cmp_func(sk, cmp) ((sk_ESS_CERT_ID_compfunc)OPENSSL_sk_set_cmp_func(ossl_check_ESS_CERT_ID_sk_type(sk), ossl_check_ESS_CERT_ID_compfunc_type(cmp)))
+
+
+
+typedef struct ESS_signing_cert_v2_st ESS_SIGNING_CERT_V2;
+typedef struct ESS_cert_id_v2_st ESS_CERT_ID_V2;
+
+SKM_DEFINE_STACK_OF_INTERNAL(ESS_CERT_ID_V2, ESS_CERT_ID_V2, ESS_CERT_ID_V2)
+#define sk_ESS_CERT_ID_V2_num(sk) OPENSSL_sk_num(ossl_check_const_ESS_CERT_ID_V2_sk_type(sk))
+#define sk_ESS_CERT_ID_V2_value(sk, idx) ((ESS_CERT_ID_V2 *)OPENSSL_sk_value(ossl_check_const_ESS_CERT_ID_V2_sk_type(sk), (idx)))
+#define sk_ESS_CERT_ID_V2_new(cmp) ((STACK_OF(ESS_CERT_ID_V2) *)OPENSSL_sk_new(ossl_check_ESS_CERT_ID_V2_compfunc_type(cmp)))
+#define sk_ESS_CERT_ID_V2_new_null() ((STACK_OF(ESS_CERT_ID_V2) *)OPENSSL_sk_new_null())
+#define sk_ESS_CERT_ID_V2_new_reserve(cmp, n) ((STACK_OF(ESS_CERT_ID_V2) *)OPENSSL_sk_new_reserve(ossl_check_ESS_CERT_ID_V2_compfunc_type(cmp), (n)))
+#define sk_ESS_CERT_ID_V2_reserve(sk, n) OPENSSL_sk_reserve(ossl_check_ESS_CERT_ID_V2_sk_type(sk), (n))
+#define sk_ESS_CERT_ID_V2_free(sk) OPENSSL_sk_free(ossl_check_ESS_CERT_ID_V2_sk_type(sk))
+#define sk_ESS_CERT_ID_V2_zero(sk) OPENSSL_sk_zero(ossl_check_ESS_CERT_ID_V2_sk_type(sk))
+#define sk_ESS_CERT_ID_V2_delete(sk, i) ((ESS_CERT_ID_V2 *)OPENSSL_sk_delete(ossl_check_ESS_CERT_ID_V2_sk_type(sk), (i)))
+#define sk_ESS_CERT_ID_V2_delete_ptr(sk, ptr) ((ESS_CERT_ID_V2 *)OPENSSL_sk_delete_ptr(ossl_check_ESS_CERT_ID_V2_sk_type(sk), ossl_check_ESS_CERT_ID_V2_type(ptr)))
+#define sk_ESS_CERT_ID_V2_push(sk, ptr) OPENSSL_sk_push(ossl_check_ESS_CERT_ID_V2_sk_type(sk), ossl_check_ESS_CERT_ID_V2_type(ptr))
+#define sk_ESS_CERT_ID_V2_unshift(sk, ptr) OPENSSL_sk_unshift(ossl_check_ESS_CERT_ID_V2_sk_type(sk), ossl_check_ESS_CERT_ID_V2_type(ptr))
+#define sk_ESS_CERT_ID_V2_pop(sk) ((ESS_CERT_ID_V2 *)OPENSSL_sk_pop(ossl_check_ESS_CERT_ID_V2_sk_type(sk)))
+#define sk_ESS_CERT_ID_V2_shift(sk) ((ESS_CERT_ID_V2 *)OPENSSL_sk_shift(ossl_check_ESS_CERT_ID_V2_sk_type(sk)))
+#define sk_ESS_CERT_ID_V2_pop_free(sk, freefunc) OPENSSL_sk_pop_free(ossl_check_ESS_CERT_ID_V2_sk_type(sk),ossl_check_ESS_CERT_ID_V2_freefunc_type(freefunc))
+#define sk_ESS_CERT_ID_V2_insert(sk, ptr, idx) OPENSSL_sk_insert(ossl_check_ESS_CERT_ID_V2_sk_type(sk), ossl_check_ESS_CERT_ID_V2_type(ptr), (idx))
+#define sk_ESS_CERT_ID_V2_set(sk, idx, ptr) ((ESS_CERT_ID_V2 *)OPENSSL_sk_set(ossl_check_ESS_CERT_ID_V2_sk_type(sk), (idx), ossl_check_ESS_CERT_ID_V2_type(ptr)))
+#define sk_ESS_CERT_ID_V2_find(sk, ptr) OPENSSL_sk_find(ossl_check_ESS_CERT_ID_V2_sk_type(sk), ossl_check_ESS_CERT_ID_V2_type(ptr))
+#define sk_ESS_CERT_ID_V2_find_ex(sk, ptr) OPENSSL_sk_find_ex(ossl_check_ESS_CERT_ID_V2_sk_type(sk), ossl_check_ESS_CERT_ID_V2_type(ptr))
+#define sk_ESS_CERT_ID_V2_find_all(sk, ptr, pnum) OPENSSL_sk_find_all(ossl_check_ESS_CERT_ID_V2_sk_type(sk), ossl_check_ESS_CERT_ID_V2_type(ptr), pnum)
+#define sk_ESS_CERT_ID_V2_sort(sk) OPENSSL_sk_sort(ossl_check_ESS_CERT_ID_V2_sk_type(sk))
+#define sk_ESS_CERT_ID_V2_is_sorted(sk) OPENSSL_sk_is_sorted(ossl_check_const_ESS_CERT_ID_V2_sk_type(sk))
+#define sk_ESS_CERT_ID_V2_dup(sk) ((STACK_OF(ESS_CERT_ID_V2) *)OPENSSL_sk_dup(ossl_check_const_ESS_CERT_ID_V2_sk_type(sk)))
+#define sk_ESS_CERT_ID_V2_deep_copy(sk, copyfunc, freefunc) ((STACK_OF(ESS_CERT_ID_V2) *)OPENSSL_sk_deep_copy(ossl_check_const_ESS_CERT_ID_V2_sk_type(sk), ossl_check_ESS_CERT_ID_V2_copyfunc_type(copyfunc), ossl_check_ESS_CERT_ID_V2_freefunc_type(freefunc)))
+#define sk_ESS_CERT_ID_V2_set_cmp_func(sk, cmp) ((sk_ESS_CERT_ID_V2_compfunc)OPENSSL_sk_set_cmp_func(ossl_check_ESS_CERT_ID_V2_sk_type(sk), ossl_check_ESS_CERT_ID_V2_compfunc_type(cmp)))
+
+
+DECLARE_ASN1_ALLOC_FUNCTIONS(ESS_ISSUER_SERIAL)
+DECLARE_ASN1_ENCODE_FUNCTIONS_only(ESS_ISSUER_SERIAL, ESS_ISSUER_SERIAL)
+DECLARE_ASN1_DUP_FUNCTION(ESS_ISSUER_SERIAL)
+
+DECLARE_ASN1_ALLOC_FUNCTIONS(ESS_CERT_ID)
+DECLARE_ASN1_ENCODE_FUNCTIONS_only(ESS_CERT_ID, ESS_CERT_ID)
+DECLARE_ASN1_DUP_FUNCTION(ESS_CERT_ID)
+
+DECLARE_ASN1_FUNCTIONS(ESS_SIGNING_CERT)
+DECLARE_ASN1_DUP_FUNCTION(ESS_SIGNING_CERT)
+
+DECLARE_ASN1_ALLOC_FUNCTIONS(ESS_CERT_ID_V2)
+DECLARE_ASN1_ENCODE_FUNCTIONS_only(ESS_CERT_ID_V2, ESS_CERT_ID_V2)
+DECLARE_ASN1_DUP_FUNCTION(ESS_CERT_ID_V2)
+
+DECLARE_ASN1_FUNCTIONS(ESS_SIGNING_CERT_V2)
+DECLARE_ASN1_DUP_FUNCTION(ESS_SIGNING_CERT_V2)
+
+ESS_SIGNING_CERT *OSSL_ESS_signing_cert_new_init(const X509 *signcert,
+                                                 const STACK_OF(X509) *certs,
+                                                 int set_issuer_serial);
+ESS_SIGNING_CERT_V2 *OSSL_ESS_signing_cert_v2_new_init(const EVP_MD *hash_alg,
+                                                       const X509 *signcert,
+                                                       const
+                                                       STACK_OF(X509) *certs,
+                                                       int set_issuer_serial);
+int OSSL_ESS_check_signing_certs(const ESS_SIGNING_CERT *ss,
+                                 const ESS_SIGNING_CERT_V2 *ssv2,
+                                 const STACK_OF(X509) *chain,
+                                 int require_signing_cert);
+
+# ifdef  __cplusplus
+}
+# endif
+#endif
--- a/src/3rdparty/win32_include/openssl/esserr.h
+++ b/src/3rdparty/win32_include/openssl/esserr.h
@ -0,0 +1,32 @@
+/*
+ * Generated by util/mkerr.pl DO NOT EDIT
+ * Copyright 1995-2021 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the Apache License 2.0 (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#ifndef OPENSSL_ESSERR_H
+# define OPENSSL_ESSERR_H
+# pragma once
+
+# include <openssl/opensslconf.h>
+# include <openssl/symhacks.h>
+# include <openssl/cryptoerr_legacy.h>
+
+/*
+ * ESS reason codes.
+ */
+# define ESS_R_EMPTY_ESS_CERT_ID_LIST                     107
+# define ESS_R_ESS_CERT_DIGEST_ERROR                      103
+# define ESS_R_ESS_CERT_ID_NOT_FOUND                      104
+# define ESS_R_ESS_CERT_ID_WRONG_ORDER                    105
+# define ESS_R_ESS_DIGEST_ALG_UNKNOWN                     106
+# define ESS_R_ESS_SIGNING_CERTIFICATE_ERROR              102
+# define ESS_R_ESS_SIGNING_CERT_ADD_ERROR                 100
+# define ESS_R_ESS_SIGNING_CERT_V2_ADD_ERROR              101
+# define ESS_R_MISSING_SIGNING_CERTIFICATE_ATTRIBUTE      108
+
+#endif
--- a/src/3rdparty/win32_include/openssl/evp.h
+++ b/src/3rdparty/win32_include/openssl/evp.h
--- a/src/3rdparty/win32_include/openssl/evperr.h
+++ b/src/3rdparty/win32_include/openssl/evperr.h
@ -1,192 +1,118 @@
 /*
 * Generated by util/mkerr.pl DO NOT EDIT
- * Copyright 1995-2020 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 1995-2021 The OpenSSL Project Authors. All Rights Reserved.
 *
- * Licensed under the OpenSSL license (the "License").  You may not use
+ * Licensed under the Apache License 2.0 (the "License").  You may not use
 * this file except in compliance with the License.  You can obtain a copy
 * in the file LICENSE in the source distribution or at
 * https://www.openssl.org/source/license.html
 */

-#ifndef HEADER_EVPERR_H
-# define HEADER_EVPERR_H
+#ifndef OPENSSL_EVPERR_H
+# define OPENSSL_EVPERR_H
+# pragma once

-# ifndef HEADER_SYMHACKS_H
-#  include <openssl/symhacks.h>
-# endif
+# include <openssl/opensslconf.h>
+# include <openssl/symhacks.h>
+# include <openssl/cryptoerr_legacy.h>

-# ifdef  __cplusplus
-extern "C"
-# endif
-int ERR_load_EVP_strings(void);

-/*
- * EVP function codes.
- */
-# define EVP_F_AESNI_INIT_KEY                             165
-# define EVP_F_AESNI_XTS_INIT_KEY                         207
-# define EVP_F_AES_GCM_CTRL                               196
-# define EVP_F_AES_INIT_KEY                               133
-# define EVP_F_AES_OCB_CIPHER                             169
-# define EVP_F_AES_T4_INIT_KEY                            178
-# define EVP_F_AES_T4_XTS_INIT_KEY                        208
-# define EVP_F_AES_WRAP_CIPHER                            170
-# define EVP_F_AES_XTS_INIT_KEY                           209
-# define EVP_F_ALG_MODULE_INIT                            177
-# define EVP_F_ARIA_CCM_INIT_KEY                          175
-# define EVP_F_ARIA_GCM_CTRL                              197
-# define EVP_F_ARIA_GCM_INIT_KEY                          176
-# define EVP_F_ARIA_INIT_KEY                              185
-# define EVP_F_B64_NEW                                    198
-# define EVP_F_CAMELLIA_INIT_KEY                          159
-# define EVP_F_CHACHA20_POLY1305_CTRL                     182
-# define EVP_F_CMLL_T4_INIT_KEY                           179
-# define EVP_F_DES_EDE3_WRAP_CIPHER                       171
-# define EVP_F_DO_SIGVER_INIT                             161
-# define EVP_F_ENC_NEW                                    199
-# define EVP_F_EVP_CIPHERINIT_EX                          123
-# define EVP_F_EVP_CIPHER_ASN1_TO_PARAM                   204
-# define EVP_F_EVP_CIPHER_CTX_COPY                        163
-# define EVP_F_EVP_CIPHER_CTX_CTRL                        124
-# define EVP_F_EVP_CIPHER_CTX_SET_KEY_LENGTH              122
-# define EVP_F_EVP_CIPHER_PARAM_TO_ASN1                   205
-# define EVP_F_EVP_DECRYPTFINAL_EX                        101
-# define EVP_F_EVP_DECRYPTUPDATE                          166
-# define EVP_F_EVP_DIGESTFINALXOF                         174
-# define EVP_F_EVP_DIGESTINIT_EX                          128
-# define EVP_F_EVP_ENCRYPTDECRYPTUPDATE                   219
-# define EVP_F_EVP_ENCRYPTFINAL_EX                        127
-# define EVP_F_EVP_ENCRYPTUPDATE                          167
-# define EVP_F_EVP_MD_CTX_COPY_EX                         110
-# define EVP_F_EVP_MD_SIZE                                162
-# define EVP_F_EVP_OPENINIT                               102
-# define EVP_F_EVP_PBE_ALG_ADD                            115
-# define EVP_F_EVP_PBE_ALG_ADD_TYPE                       160
-# define EVP_F_EVP_PBE_CIPHERINIT                         116
-# define EVP_F_EVP_PBE_SCRYPT                             181
-# define EVP_F_EVP_PKCS82PKEY                             111
-# define EVP_F_EVP_PKEY2PKCS8                             113
-# define EVP_F_EVP_PKEY_ASN1_ADD0                         188
-# define EVP_F_EVP_PKEY_CHECK                             186
-# define EVP_F_EVP_PKEY_COPY_PARAMETERS                   103
-# define EVP_F_EVP_PKEY_CTX_CTRL                          137
-# define EVP_F_EVP_PKEY_CTX_CTRL_STR                      150
-# define EVP_F_EVP_PKEY_CTX_DUP                           156
-# define EVP_F_EVP_PKEY_CTX_MD                            168
-# define EVP_F_EVP_PKEY_DECRYPT                           104
-# define EVP_F_EVP_PKEY_DECRYPT_INIT                      138
-# define EVP_F_EVP_PKEY_DECRYPT_OLD                       151
-# define EVP_F_EVP_PKEY_DERIVE                            153
-# define EVP_F_EVP_PKEY_DERIVE_INIT                       154
-# define EVP_F_EVP_PKEY_DERIVE_SET_PEER                   155
-# define EVP_F_EVP_PKEY_ENCRYPT                           105
-# define EVP_F_EVP_PKEY_ENCRYPT_INIT                      139
-# define EVP_F_EVP_PKEY_ENCRYPT_OLD                       152
-# define EVP_F_EVP_PKEY_GET0_DH                           119
-# define EVP_F_EVP_PKEY_GET0_DSA                          120
-# define EVP_F_EVP_PKEY_GET0_EC_KEY                       131
-# define EVP_F_EVP_PKEY_GET0_HMAC                         183
-# define EVP_F_EVP_PKEY_GET0_POLY1305                     184
-# define EVP_F_EVP_PKEY_GET0_RSA                          121
-# define EVP_F_EVP_PKEY_GET0_SIPHASH                      172
-# define EVP_F_EVP_PKEY_GET_RAW_PRIVATE_KEY               202
-# define EVP_F_EVP_PKEY_GET_RAW_PUBLIC_KEY                203
-# define EVP_F_EVP_PKEY_KEYGEN                            146
-# define EVP_F_EVP_PKEY_KEYGEN_INIT                       147
-# define EVP_F_EVP_PKEY_METH_ADD0                         194
-# define EVP_F_EVP_PKEY_METH_NEW                          195
-# define EVP_F_EVP_PKEY_NEW                               106
-# define EVP_F_EVP_PKEY_NEW_CMAC_KEY                      193
-# define EVP_F_EVP_PKEY_NEW_RAW_PRIVATE_KEY               191
-# define EVP_F_EVP_PKEY_NEW_RAW_PUBLIC_KEY                192
-# define EVP_F_EVP_PKEY_PARAMGEN                          148
-# define EVP_F_EVP_PKEY_PARAMGEN_INIT                     149
-# define EVP_F_EVP_PKEY_PARAM_CHECK                       189
-# define EVP_F_EVP_PKEY_PUBLIC_CHECK                      190
-# define EVP_F_EVP_PKEY_SET1_ENGINE                       187
-# define EVP_F_EVP_PKEY_SET_ALIAS_TYPE                    206
-# define EVP_F_EVP_PKEY_SIGN                              140
-# define EVP_F_EVP_PKEY_SIGN_INIT                         141
-# define EVP_F_EVP_PKEY_VERIFY                            142
-# define EVP_F_EVP_PKEY_VERIFY_INIT                       143
-# define EVP_F_EVP_PKEY_VERIFY_RECOVER                    144
-# define EVP_F_EVP_PKEY_VERIFY_RECOVER_INIT               145
-# define EVP_F_EVP_SIGNFINAL                              107
-# define EVP_F_EVP_VERIFYFINAL                            108
-# define EVP_F_INT_CTX_NEW                                157
-# define EVP_F_OK_NEW                                     200
-# define EVP_F_PKCS5_PBE_KEYIVGEN                         117
-# define EVP_F_PKCS5_V2_PBE_KEYIVGEN                      118
-# define EVP_F_PKCS5_V2_PBKDF2_KEYIVGEN                   164
-# define EVP_F_PKCS5_V2_SCRYPT_KEYIVGEN                   180
-# define EVP_F_PKEY_SET_TYPE                              158
-# define EVP_F_RC2_MAGIC_TO_METH                          109
-# define EVP_F_RC5_CTRL                                   125
-# define EVP_F_R_32_12_16_INIT_KEY                        242
-# define EVP_F_S390X_AES_GCM_CTRL                         201
-# define EVP_F_UPDATE                                     173

 /*
 * EVP reason codes.
 */
 # define EVP_R_AES_KEY_SETUP_FAILED                       143
 # define EVP_R_ARIA_KEY_SETUP_FAILED                      176
+# define EVP_R_BAD_ALGORITHM_NAME                         200
 # define EVP_R_BAD_DECRYPT                                100
 # define EVP_R_BAD_KEY_LENGTH                             195
 # define EVP_R_BUFFER_TOO_SMALL                           155
+# define EVP_R_CACHE_CONSTANTS_FAILED                     225
 # define EVP_R_CAMELLIA_KEY_SETUP_FAILED                  157
+# define EVP_R_CANNOT_GET_PARAMETERS                      197
+# define EVP_R_CANNOT_SET_PARAMETERS                      198
+# define EVP_R_CIPHER_NOT_GCM_MODE                        184
 # define EVP_R_CIPHER_PARAMETER_ERROR                     122
 # define EVP_R_COMMAND_NOT_SUPPORTED                      147
+# define EVP_R_CONFLICTING_ALGORITHM_NAME                 201
 # define EVP_R_COPY_ERROR                                 173
 # define EVP_R_CTRL_NOT_IMPLEMENTED                       132
 # define EVP_R_CTRL_OPERATION_NOT_IMPLEMENTED             133
 # define EVP_R_DATA_NOT_MULTIPLE_OF_BLOCK_LENGTH          138
 # define EVP_R_DECODE_ERROR                               114
+# define EVP_R_DEFAULT_QUERY_PARSE_ERROR                  210
 # define EVP_R_DIFFERENT_KEY_TYPES                        101
 # define EVP_R_DIFFERENT_PARAMETERS                       153
 # define EVP_R_ERROR_LOADING_SECTION                      165
-# define EVP_R_ERROR_SETTING_FIPS_MODE                    166
 # define EVP_R_EXPECTING_AN_HMAC_KEY                      174
 # define EVP_R_EXPECTING_AN_RSA_KEY                       127
 # define EVP_R_EXPECTING_A_DH_KEY                         128
 # define EVP_R_EXPECTING_A_DSA_KEY                        129
+# define EVP_R_EXPECTING_A_ECX_KEY                        219
 # define EVP_R_EXPECTING_A_EC_KEY                         142
 # define EVP_R_EXPECTING_A_POLY1305_KEY                   164
 # define EVP_R_EXPECTING_A_SIPHASH_KEY                    175
-# define EVP_R_FIPS_MODE_NOT_SUPPORTED                    167
+# define EVP_R_FINAL_ERROR                                188
+# define EVP_R_GENERATE_ERROR                             214
 # define EVP_R_GET_RAW_KEY_FAILED                         182
 # define EVP_R_ILLEGAL_SCRYPT_PARAMETERS                  171
+# define EVP_R_INACCESSIBLE_DOMAIN_PARAMETERS             204
+# define EVP_R_INACCESSIBLE_KEY                           203
 # define EVP_R_INITIALIZATION_ERROR                       134
 # define EVP_R_INPUT_NOT_INITIALIZED                      111
+# define EVP_R_INVALID_CUSTOM_LENGTH                      185
 # define EVP_R_INVALID_DIGEST                             152
-# define EVP_R_INVALID_FIPS_MODE                          168
 # define EVP_R_INVALID_IV_LENGTH                          194
 # define EVP_R_INVALID_KEY                                163
 # define EVP_R_INVALID_KEY_LENGTH                         130
+# define EVP_R_INVALID_LENGTH                             221
+# define EVP_R_INVALID_NULL_ALGORITHM                     218
 # define EVP_R_INVALID_OPERATION                          148
-# define EVP_R_KEYGEN_FAILURE                             120
+# define EVP_R_INVALID_PROVIDER_FUNCTIONS                 193
+# define EVP_R_INVALID_SALT_LENGTH                        186
+# define EVP_R_INVALID_SECRET_LENGTH                      223
+# define EVP_R_INVALID_SEED_LENGTH                        220
+# define EVP_R_INVALID_VALUE                              222
+# define EVP_R_KEYMGMT_EXPORT_FAILURE                     205
 # define EVP_R_KEY_SETUP_FAILED                           180
+# define EVP_R_LOCKING_NOT_SUPPORTED                      213
 # define EVP_R_MEMORY_LIMIT_EXCEEDED                      172
 # define EVP_R_MESSAGE_DIGEST_IS_NULL                     159
 # define EVP_R_METHOD_NOT_SUPPORTED                       144
 # define EVP_R_MISSING_PARAMETERS                         103
+# define EVP_R_NOT_ABLE_TO_COPY_CTX                       190
 # define EVP_R_NOT_XOF_OR_INVALID_LENGTH                  178
 # define EVP_R_NO_CIPHER_SET                              131
 # define EVP_R_NO_DEFAULT_DIGEST                          158
 # define EVP_R_NO_DIGEST_SET                              139
+# define EVP_R_NO_IMPORT_FUNCTION                         206
+# define EVP_R_NO_KEYMGMT_AVAILABLE                       199
+# define EVP_R_NO_KEYMGMT_PRESENT                         196
 # define EVP_R_NO_KEY_SET                                 154
 # define EVP_R_NO_OPERATION_SET                           149
+# define EVP_R_NULL_MAC_PKEY_CTX                          208
 # define EVP_R_ONLY_ONESHOT_SUPPORTED                     177
+# define EVP_R_OPERATION_NOT_INITIALIZED                  151
 # define EVP_R_OPERATION_NOT_SUPPORTED_FOR_THIS_KEYTYPE   150
-# define EVP_R_OPERATON_NOT_INITIALIZED                   151
+# define EVP_R_OUTPUT_WOULD_OVERFLOW                      202
+# define EVP_R_PARAMETER_TOO_LARGE                        187
 # define EVP_R_PARTIALLY_OVERLAPPING                      162
 # define EVP_R_PBKDF2_ERROR                               181
 # define EVP_R_PKEY_APPLICATION_ASN1_METHOD_ALREADY_REGISTERED 179
 # define EVP_R_PRIVATE_KEY_DECODE_ERROR                   145
 # define EVP_R_PRIVATE_KEY_ENCODE_ERROR                   146
 # define EVP_R_PUBLIC_KEY_NOT_RSA                         106
+# define EVP_R_SETTING_XOF_FAILED                         227
+# define EVP_R_SET_DEFAULT_PROPERTY_FAILURE               209
+# define EVP_R_TOO_MANY_RECORDS                           183
+# define EVP_R_UNABLE_TO_ENABLE_LOCKING                   212
+# define EVP_R_UNABLE_TO_GET_MAXIMUM_REQUEST_SIZE         215
+# define EVP_R_UNABLE_TO_GET_RANDOM_STRENGTH              216
+# define EVP_R_UNABLE_TO_LOCK_CONTEXT                     211
+# define EVP_R_UNABLE_TO_SET_CALLBACKS                    217
 # define EVP_R_UNKNOWN_CIPHER                             160
 # define EVP_R_UNKNOWN_DIGEST                             161
+# define EVP_R_UNKNOWN_KEY_TYPE                           207
 # define EVP_R_UNKNOWN_OPTION                             169
 # define EVP_R_UNKNOWN_PBE_ALGORITHM                      121
 # define EVP_R_UNSUPPORTED_ALGORITHM                      156
@ -194,12 +120,15 @@ int ERR_load_EVP_strings(void);
 # define EVP_R_UNSUPPORTED_KEYLENGTH                      123
 # define EVP_R_UNSUPPORTED_KEY_DERIVATION_FUNCTION        124
 # define EVP_R_UNSUPPORTED_KEY_SIZE                       108
+# define EVP_R_UNSUPPORTED_KEY_TYPE                       224
 # define EVP_R_UNSUPPORTED_NUMBER_OF_ROUNDS               135
 # define EVP_R_UNSUPPORTED_PRF                            125
 # define EVP_R_UNSUPPORTED_PRIVATE_KEY_ALGORITHM          118
 # define EVP_R_UNSUPPORTED_SALT_TYPE                      126
+# define EVP_R_UPDATE_ERROR                               189
 # define EVP_R_WRAP_MODE_NOT_ALLOWED                      170
 # define EVP_R_WRONG_FINAL_BLOCK_LENGTH                   109
-# define EVP_R_XTS_DUPLICATED_KEYS                        183
+# define EVP_R_XTS_DATA_UNIT_IS_TOO_LARGE                 191
+# define EVP_R_XTS_DUPLICATED_KEYS                        192

 #endif
--- a/src/3rdparty/win32_include/openssl/fips_names.h
+++ b/src/3rdparty/win32_include/openssl/fips_names.h
@ -0,0 +1,68 @@
+/*
+ * Copyright 2019-2023 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the Apache License 2.0 (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#ifndef OPENSSL_FIPS_NAMES_H
+# define OPENSSL_FIPS_NAMES_H
+# pragma once
+
+# ifdef __cplusplus
+extern "C" {
+# endif
+
+/*
+ * Parameter names that the FIPS Provider defines
+ */
+
+/*
+ * The calculated MAC of the module file (Used for FIPS Self Testing)
+ * Type: OSSL_PARAM_UTF8_STRING
+ */
+# define OSSL_PROV_FIPS_PARAM_MODULE_MAC      "module-mac"
+/*
+ * A version number for the fips install process (Used for FIPS Self Testing)
+ * Type: OSSL_PARAM_UTF8_STRING
+ */
+# define OSSL_PROV_FIPS_PARAM_INSTALL_VERSION "install-version"
+/*
+ * The calculated MAC of the install status indicator (Used for FIPS Self Testing)
+ * Type: OSSL_PARAM_UTF8_STRING
+ */
+# define OSSL_PROV_FIPS_PARAM_INSTALL_MAC     "install-mac"
+/*
+ * The install status indicator (Used for FIPS Self Testing)
+ * Type: OSSL_PARAM_UTF8_STRING
+ */
+# define OSSL_PROV_FIPS_PARAM_INSTALL_STATUS  "install-status"
+
+/*
+ * A boolean that determines if the FIPS conditional test errors result in
+ * the module entering an error state.
+ * Type: OSSL_PARAM_UTF8_STRING
+ */
+# define OSSL_PROV_FIPS_PARAM_CONDITIONAL_ERRORS "conditional-errors"
+
+/*
+ * A boolean that determines if the runtime FIPS security checks are performed.
+ * Type: OSSL_PARAM_UTF8_STRING
+ */
+# define OSSL_PROV_FIPS_PARAM_SECURITY_CHECKS "security-checks"
+
+/*
+ * A boolean that determines if the runtime FIPS check for TLS1_PRF EMS is performed.
+ * This is disabled by default.
+ *
+ * Type: OSSL_PARAM_UTF8_STRING
+ */
+# define OSSL_PROV_FIPS_PARAM_TLS1_PRF_EMS_CHECK "tls1-prf-ems-check"
+
+# ifdef __cplusplus
+}
+# endif
+
+#endif /* OPENSSL_FIPS_NAMES_H */
--- a/src/3rdparty/win32_include/openssl/fipskey.h
+++ b/src/3rdparty/win32_include/openssl/fipskey.h
@ -0,0 +1,36 @@
+/*
+ * WARNING: do not edit!
+ * Generated by makefile from include\openssl\fipskey.h.in
+ *
+ * Copyright 2020-2021 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the Apache License 2.0 (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#ifndef OPENSSL_FIPSKEY_H
+# define OPENSSL_FIPSKEY_H
+# pragma once
+
+# ifdef  __cplusplus
+extern "C" {
+# endif
+
+/*
+ * The FIPS validation HMAC key, usable as an array initializer.
+ */
+#define FIPS_KEY_ELEMENTS \
+    0xf4, 0x55, 0x66, 0x50, 0xac, 0x31, 0xd3, 0x54, 0x61, 0x61, 0x0b, 0xac, 0x4e, 0xd8, 0x1b, 0x1a, 0x18, 0x1b, 0x2d, 0x8a, 0x43, 0xea, 0x28, 0x54, 0xcb, 0xae, 0x22, 0xca, 0x74, 0x56, 0x08, 0x13
+
+/*
+ * The FIPS validation key, as a string.
+ */
+#define FIPS_KEY_STRING "f4556650ac31d35461610bac4ed81b1a181b2d8a43ea2854cbae22ca74560813"
+
+# ifdef  __cplusplus
+}
+# endif
+
+#endif
--- a/src/3rdparty/win32_include/openssl/hmac.h
+++ b/src/3rdparty/win32_include/openssl/hmac.h
@ -1,51 +1,62 @@
 /*
- * Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 1995-2021 The OpenSSL Project Authors. All Rights Reserved.
 *
- * Licensed under the OpenSSL license (the "License").  You may not use
+ * Licensed under the Apache License 2.0 (the "License").  You may not use
 * this file except in compliance with the License.  You can obtain a copy
 * in the file LICENSE in the source distribution or at
 * https://www.openssl.org/source/license.html
 */

-#ifndef HEADER_HMAC_H
-# define HEADER_HMAC_H
+#ifndef OPENSSL_HMAC_H
+# define OPENSSL_HMAC_H
+# pragma once
+
+# include <openssl/macros.h>
+# ifndef OPENSSL_NO_DEPRECATED_3_0
+#  define HEADER_HMAC_H
+# endif

 # include <openssl/opensslconf.h>

 # include <openssl/evp.h>

-# if OPENSSL_API_COMPAT < 0x10200000L
-#  define HMAC_MAX_MD_CBLOCK      128    /* Deprecated */
+# ifndef OPENSSL_NO_DEPRECATED_3_0
+#  define HMAC_MAX_MD_CBLOCK      200    /* Deprecated */
 # endif

-#ifdef  __cplusplus
+# ifdef  __cplusplus
 extern "C" {
-#endif
+# endif

-size_t HMAC_size(const HMAC_CTX *e);
-HMAC_CTX *HMAC_CTX_new(void);
-int HMAC_CTX_reset(HMAC_CTX *ctx);
-void HMAC_CTX_free(HMAC_CTX *ctx);
+# ifndef OPENSSL_NO_DEPRECATED_3_0
+OSSL_DEPRECATEDIN_3_0 size_t HMAC_size(const HMAC_CTX *e);
+OSSL_DEPRECATEDIN_3_0 HMAC_CTX *HMAC_CTX_new(void);
+OSSL_DEPRECATEDIN_3_0 int HMAC_CTX_reset(HMAC_CTX *ctx);
+OSSL_DEPRECATEDIN_3_0 void HMAC_CTX_free(HMAC_CTX *ctx);
+# endif
+# ifndef OPENSSL_NO_DEPRECATED_1_1_0
+OSSL_DEPRECATEDIN_1_1_0 __owur int HMAC_Init(HMAC_CTX *ctx,
+                                             const void *key, int len,
+                                             const EVP_MD *md);
+# endif
+# ifndef OPENSSL_NO_DEPRECATED_3_0
+OSSL_DEPRECATEDIN_3_0 int HMAC_Init_ex(HMAC_CTX *ctx, const void *key, int len,
+                                       const EVP_MD *md, ENGINE *impl);
+OSSL_DEPRECATEDIN_3_0 int HMAC_Update(HMAC_CTX *ctx, const unsigned char *data,
+                                      size_t len);
+OSSL_DEPRECATEDIN_3_0 int HMAC_Final(HMAC_CTX *ctx, unsigned char *md,
+                                     unsigned int *len);
+OSSL_DEPRECATEDIN_3_0 __owur int HMAC_CTX_copy(HMAC_CTX *dctx, HMAC_CTX *sctx);
+OSSL_DEPRECATEDIN_3_0 void HMAC_CTX_set_flags(HMAC_CTX *ctx, unsigned long flags);
+OSSL_DEPRECATEDIN_3_0 const EVP_MD *HMAC_CTX_get_md(const HMAC_CTX *ctx);
+# endif

-DEPRECATEDIN_1_1_0(__owur int HMAC_Init(HMAC_CTX *ctx, const void *key, int len,
-                     const EVP_MD *md))
-
-/*__owur*/ int HMAC_Init_ex(HMAC_CTX *ctx, const void *key, int len,
-                            const EVP_MD *md, ENGINE *impl);
-/*__owur*/ int HMAC_Update(HMAC_CTX *ctx, const unsigned char *data,
-                           size_t len);
-/*__owur*/ int HMAC_Final(HMAC_CTX *ctx, unsigned char *md,
-                          unsigned int *len);
 unsigned char *HMAC(const EVP_MD *evp_md, const void *key, int key_len,
-                    const unsigned char *d, size_t n, unsigned char *md,
-                    unsigned int *md_len);
-__owur int HMAC_CTX_copy(HMAC_CTX *dctx, HMAC_CTX *sctx);
+                    const unsigned char *data, size_t data_len,
+                    unsigned char *md, unsigned int *md_len);

-void HMAC_CTX_set_flags(HMAC_CTX *ctx, unsigned long flags);
-const EVP_MD *HMAC_CTX_get_md(const HMAC_CTX *ctx);
-
-#ifdef  __cplusplus
+# ifdef  __cplusplus
 }
-#endif
+# endif

 #endif
--- a/src/3rdparty/win32_include/openssl/http.h
+++ b/src/3rdparty/win32_include/openssl/http.h
@ -0,0 +1,109 @@
+/*
+ * Copyright 2000-2021 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright Siemens AG 2018-2020
+ *
+ * Licensed under the Apache License 2.0 (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#ifndef OPENSSL_HTTP_H
+# define OPENSSL_HTTP_H
+# pragma once
+
+# include <openssl/opensslconf.h>
+
+# include <openssl/bio.h>
+# include <openssl/asn1.h>
+# include <openssl/conf.h>
+
+
+# ifdef __cplusplus
+extern "C" {
+# endif
+
+# define OSSL_HTTP_NAME "http"
+# define OSSL_HTTPS_NAME "https"
+# define OSSL_HTTP_PREFIX OSSL_HTTP_NAME"://"
+# define OSSL_HTTPS_PREFIX OSSL_HTTPS_NAME"://"
+# define OSSL_HTTP_PORT "80"
+# define OSSL_HTTPS_PORT "443"
+# define OPENSSL_NO_PROXY "NO_PROXY"
+# define OPENSSL_HTTP_PROXY "HTTP_PROXY"
+# define OPENSSL_HTTPS_PROXY "HTTPS_PROXY"
+
+#define OSSL_HTTP_DEFAULT_MAX_LINE_LEN (4 * 1024)
+#define OSSL_HTTP_DEFAULT_MAX_RESP_LEN (100 * 1024)
+
+/* Low-level HTTP API */
+OSSL_HTTP_REQ_CTX *OSSL_HTTP_REQ_CTX_new(BIO *wbio, BIO *rbio, int buf_size);
+void OSSL_HTTP_REQ_CTX_free(OSSL_HTTP_REQ_CTX *rctx);
+int OSSL_HTTP_REQ_CTX_set_request_line(OSSL_HTTP_REQ_CTX *rctx, int method_POST,
+                                       const char *server, const char *port,
+                                       const char *path);
+int OSSL_HTTP_REQ_CTX_add1_header(OSSL_HTTP_REQ_CTX *rctx,
+                                  const char *name, const char *value);
+int OSSL_HTTP_REQ_CTX_set_expected(OSSL_HTTP_REQ_CTX *rctx,
+                                   const char *content_type, int asn1,
+                                   int timeout, int keep_alive);
+int OSSL_HTTP_REQ_CTX_set1_req(OSSL_HTTP_REQ_CTX *rctx, const char *content_type,
+                               const ASN1_ITEM *it, const ASN1_VALUE *req);
+int OSSL_HTTP_REQ_CTX_nbio(OSSL_HTTP_REQ_CTX *rctx);
+int OSSL_HTTP_REQ_CTX_nbio_d2i(OSSL_HTTP_REQ_CTX *rctx,
+                               ASN1_VALUE **pval, const ASN1_ITEM *it);
+BIO *OSSL_HTTP_REQ_CTX_exchange(OSSL_HTTP_REQ_CTX *rctx);
+BIO *OSSL_HTTP_REQ_CTX_get0_mem_bio(const OSSL_HTTP_REQ_CTX *rctx);
+size_t OSSL_HTTP_REQ_CTX_get_resp_len(const OSSL_HTTP_REQ_CTX *rctx);
+void OSSL_HTTP_REQ_CTX_set_max_response_length(OSSL_HTTP_REQ_CTX *rctx,
+                                               unsigned long len);
+int OSSL_HTTP_is_alive(const OSSL_HTTP_REQ_CTX *rctx);
+
+/* High-level HTTP API */
+typedef BIO *(*OSSL_HTTP_bio_cb_t)(BIO *bio, void *arg, int connect, int detail);
+OSSL_HTTP_REQ_CTX *OSSL_HTTP_open(const char *server, const char *port,
+                                  const char *proxy, const char *no_proxy,
+                                  int use_ssl, BIO *bio, BIO *rbio,
+                                  OSSL_HTTP_bio_cb_t bio_update_fn, void *arg,
+                                  int buf_size, int overall_timeout);
+int OSSL_HTTP_proxy_connect(BIO *bio, const char *server, const char *port,
+                            const char *proxyuser, const char *proxypass,
+                            int timeout, BIO *bio_err, const char *prog);
+int OSSL_HTTP_set1_request(OSSL_HTTP_REQ_CTX *rctx, const char *path,
+                           const STACK_OF(CONF_VALUE) *headers,
+                           const char *content_type, BIO *req,
+                           const char *expected_content_type, int expect_asn1,
+                           size_t max_resp_len, int timeout, int keep_alive);
+BIO *OSSL_HTTP_exchange(OSSL_HTTP_REQ_CTX *rctx, char **redirection_url);
+BIO *OSSL_HTTP_get(const char *url, const char *proxy, const char *no_proxy,
+                   BIO *bio, BIO *rbio,
+                   OSSL_HTTP_bio_cb_t bio_update_fn, void *arg,
+                   int buf_size, const STACK_OF(CONF_VALUE) *headers,
+                   const char *expected_content_type, int expect_asn1,
+                   size_t max_resp_len, int timeout);
+BIO *OSSL_HTTP_transfer(OSSL_HTTP_REQ_CTX **prctx,
+                        const char *server, const char *port,
+                        const char *path, int use_ssl,
+                        const char *proxy, const char *no_proxy,
+                        BIO *bio, BIO *rbio,
+                        OSSL_HTTP_bio_cb_t bio_update_fn, void *arg,
+                        int buf_size, const STACK_OF(CONF_VALUE) *headers,
+                        const char *content_type, BIO *req,
+                        const char *expected_content_type, int expect_asn1,
+                        size_t max_resp_len, int timeout, int keep_alive);
+int OSSL_HTTP_close(OSSL_HTTP_REQ_CTX *rctx, int ok);
+
+/* Auxiliary functions */
+int OSSL_parse_url(const char *url, char **pscheme, char **puser, char **phost,
+                   char **pport, int *pport_num,
+                   char **ppath, char **pquery, char **pfrag);
+int OSSL_HTTP_parse_url(const char *url, int *pssl, char **puser, char **phost,
+                        char **pport, int *pport_num,
+                        char **ppath, char **pquery, char **pfrag);
+const char *OSSL_HTTP_adapt_proxy(const char *proxy, const char *no_proxy,
+                                  const char *server, int use_ssl);
+
+# ifdef  __cplusplus
+}
+# endif
+#endif /* !defined(OPENSSL_HTTP_H) */
--- a/src/3rdparty/win32_include/openssl/httperr.h
+++ b/src/3rdparty/win32_include/openssl/httperr.h
@ -0,0 +1,55 @@
+/*
+ * Generated by util/mkerr.pl DO NOT EDIT
+ * Copyright 1995-2021 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the Apache License 2.0 (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#ifndef OPENSSL_HTTPERR_H
+# define OPENSSL_HTTPERR_H
+# pragma once
+
+# include <openssl/opensslconf.h>
+# include <openssl/symhacks.h>
+# include <openssl/cryptoerr_legacy.h>
+
+
+
+/*
+ * HTTP reason codes.
+ */
+# define HTTP_R_ASN1_LEN_EXCEEDS_MAX_RESP_LEN             108
+# define HTTP_R_CONNECT_FAILURE                           100
+# define HTTP_R_ERROR_PARSING_ASN1_LENGTH                 109
+# define HTTP_R_ERROR_PARSING_CONTENT_LENGTH              119
+# define HTTP_R_ERROR_PARSING_URL                         101
+# define HTTP_R_ERROR_RECEIVING                           103
+# define HTTP_R_ERROR_SENDING                             102
+# define HTTP_R_FAILED_READING_DATA                       128
+# define HTTP_R_HEADER_PARSE_ERROR                        126
+# define HTTP_R_INCONSISTENT_CONTENT_LENGTH               120
+# define HTTP_R_INVALID_PORT_NUMBER                       123
+# define HTTP_R_INVALID_URL_PATH                          125
+# define HTTP_R_INVALID_URL_SCHEME                        124
+# define HTTP_R_MAX_RESP_LEN_EXCEEDED                     117
+# define HTTP_R_MISSING_ASN1_ENCODING                     110
+# define HTTP_R_MISSING_CONTENT_TYPE                      121
+# define HTTP_R_MISSING_REDIRECT_LOCATION                 111
+# define HTTP_R_RECEIVED_ERROR                            105
+# define HTTP_R_RECEIVED_WRONG_HTTP_VERSION               106
+# define HTTP_R_REDIRECTION_FROM_HTTPS_TO_HTTP            112
+# define HTTP_R_REDIRECTION_NOT_ENABLED                   116
+# define HTTP_R_RESPONSE_LINE_TOO_LONG                    113
+# define HTTP_R_RESPONSE_PARSE_ERROR                      104
+# define HTTP_R_RETRY_TIMEOUT                             129
+# define HTTP_R_SERVER_CANCELED_CONNECTION                127
+# define HTTP_R_SOCK_NOT_SUPPORTED                        122
+# define HTTP_R_STATUS_CODE_UNSUPPORTED                   114
+# define HTTP_R_TLS_NOT_ENABLED                           107
+# define HTTP_R_TOO_MANY_REDIRECTIONS                     115
+# define HTTP_R_UNEXPECTED_CONTENT_TYPE                   118
+
+#endif
--- a/src/3rdparty/win32_include/openssl/idea.h
+++ b/src/3rdparty/win32_include/openssl/idea.h
@ -1,64 +1,82 @@
 /*
- * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 1995-2020 The OpenSSL Project Authors. All Rights Reserved.
 *
- * Licensed under the OpenSSL license (the "License").  You may not use
+ * Licensed under the Apache License 2.0 (the "License").  You may not use
 * this file except in compliance with the License.  You can obtain a copy
 * in the file LICENSE in the source distribution or at
 * https://www.openssl.org/source/license.html
 */

-#ifndef HEADER_IDEA_H
-# define HEADER_IDEA_H
+#ifndef OPENSSL_IDEA_H
+# define OPENSSL_IDEA_H
+# pragma once
+
+# include <openssl/macros.h>
+# ifndef OPENSSL_NO_DEPRECATED_3_0
+#  define HEADER_IDEA_H
+# endif

 # include <openssl/opensslconf.h>

 # ifndef OPENSSL_NO_IDEA
-# ifdef  __cplusplus
+#  ifdef  __cplusplus
 extern "C" {
-# endif
+#  endif
+
+#  define IDEA_BLOCK      8
+#  define IDEA_KEY_LENGTH 16
+
+#  ifndef OPENSSL_NO_DEPRECATED_3_0

 typedef unsigned int IDEA_INT;

-# define IDEA_ENCRYPT    1
-# define IDEA_DECRYPT    0
-
-# define IDEA_BLOCK      8
-# define IDEA_KEY_LENGTH 16
+#   define IDEA_ENCRYPT    1
+#   define IDEA_DECRYPT    0

 typedef struct idea_key_st {
    IDEA_INT data[9][6];
 } IDEA_KEY_SCHEDULE;
+#endif
+#ifndef OPENSSL_NO_DEPRECATED_3_0
+OSSL_DEPRECATEDIN_3_0 const char *IDEA_options(void);
+OSSL_DEPRECATEDIN_3_0 void IDEA_ecb_encrypt(const unsigned char *in,
+                                            unsigned char *out,
+                                            IDEA_KEY_SCHEDULE *ks);
+OSSL_DEPRECATEDIN_3_0 void IDEA_set_encrypt_key(const unsigned char *key,
+                                                IDEA_KEY_SCHEDULE *ks);
+OSSL_DEPRECATEDIN_3_0 void IDEA_set_decrypt_key(IDEA_KEY_SCHEDULE *ek,
+                                                IDEA_KEY_SCHEDULE *dk);
+OSSL_DEPRECATEDIN_3_0 void IDEA_cbc_encrypt(const unsigned char *in,
+                                            unsigned char *out, long length,
+                                            IDEA_KEY_SCHEDULE *ks,
+                                            unsigned char *iv, int enc);
+OSSL_DEPRECATEDIN_3_0 void IDEA_cfb64_encrypt(const unsigned char *in,
+                                              unsigned char *out, long length,
+                                              IDEA_KEY_SCHEDULE *ks,
+                                              unsigned char *iv, int *num,
+                                              int enc);
+OSSL_DEPRECATEDIN_3_0 void IDEA_ofb64_encrypt(const unsigned char *in,
+                                              unsigned char *out, long length,
+                                              IDEA_KEY_SCHEDULE *ks,
+                                              unsigned char *iv, int *num);
+OSSL_DEPRECATEDIN_3_0 void IDEA_encrypt(unsigned long *in,
+                                        IDEA_KEY_SCHEDULE *ks);
+#endif

-const char *IDEA_options(void);
-void IDEA_ecb_encrypt(const unsigned char *in, unsigned char *out,
-                      IDEA_KEY_SCHEDULE *ks);
-void IDEA_set_encrypt_key(const unsigned char *key, IDEA_KEY_SCHEDULE *ks);
-void IDEA_set_decrypt_key(IDEA_KEY_SCHEDULE *ek, IDEA_KEY_SCHEDULE *dk);
-void IDEA_cbc_encrypt(const unsigned char *in, unsigned char *out,
-                      long length, IDEA_KEY_SCHEDULE *ks, unsigned char *iv,
-                      int enc);
-void IDEA_cfb64_encrypt(const unsigned char *in, unsigned char *out,
-                        long length, IDEA_KEY_SCHEDULE *ks, unsigned char *iv,
-                        int *num, int enc);
-void IDEA_ofb64_encrypt(const unsigned char *in, unsigned char *out,
-                        long length, IDEA_KEY_SCHEDULE *ks, unsigned char *iv,
-                        int *num);
-void IDEA_encrypt(unsigned long *in, IDEA_KEY_SCHEDULE *ks);
+#  ifndef OPENSSL_NO_DEPRECATED_1_1_0
+#   define idea_options          IDEA_options
+#   define idea_ecb_encrypt      IDEA_ecb_encrypt
+#   define idea_set_encrypt_key  IDEA_set_encrypt_key
+#   define idea_set_decrypt_key  IDEA_set_decrypt_key
+#   define idea_cbc_encrypt      IDEA_cbc_encrypt
+#   define idea_cfb64_encrypt    IDEA_cfb64_encrypt
+#   define idea_ofb64_encrypt    IDEA_ofb64_encrypt
+#   define idea_encrypt          IDEA_encrypt
+#  endif

-# if OPENSSL_API_COMPAT < 0x10100000L
-#  define idea_options          IDEA_options
-#  define idea_ecb_encrypt      IDEA_ecb_encrypt
-#  define idea_set_encrypt_key  IDEA_set_encrypt_key
-#  define idea_set_decrypt_key  IDEA_set_decrypt_key
-#  define idea_cbc_encrypt      IDEA_cbc_encrypt
-#  define idea_cfb64_encrypt    IDEA_cfb64_encrypt
-#  define idea_ofb64_encrypt    IDEA_ofb64_encrypt
-#  define idea_encrypt          IDEA_encrypt
-# endif
-
-# ifdef  __cplusplus
+#  ifdef  __cplusplus
 }
-# endif
+#  endif
 # endif

 #endif
--- a/src/3rdparty/win32_include/openssl/kdf.h
+++ b/src/3rdparty/win32_include/openssl/kdf.h
@ -1,19 +1,76 @@
 /*
- * Copyright 2016-2018 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 2016-2021 The OpenSSL Project Authors. All Rights Reserved.
 *
- * Licensed under the OpenSSL license (the "License").  You may not use
+ * Licensed under the Apache License 2.0 (the "License").  You may not use
 * this file except in compliance with the License.  You can obtain a copy
 * in the file LICENSE in the source distribution or at
 * https://www.openssl.org/source/license.html
 */

-#ifndef HEADER_KDF_H
-# define HEADER_KDF_H
+#ifndef OPENSSL_KDF_H
+# define OPENSSL_KDF_H
+# pragma once

-# include <openssl/kdferr.h>
-#ifdef __cplusplus
+# include <openssl/macros.h>
+# ifndef OPENSSL_NO_DEPRECATED_3_0
+#  define HEADER_KDF_H
+# endif
+
+# include <stdarg.h>
+# include <stddef.h>
+# include <openssl/types.h>
+# include <openssl/core.h>
+
+# ifdef __cplusplus
 extern "C" {
-#endif
+# endif
+
+int EVP_KDF_up_ref(EVP_KDF *kdf);
+void EVP_KDF_free(EVP_KDF *kdf);
+EVP_KDF *EVP_KDF_fetch(OSSL_LIB_CTX *libctx, const char *algorithm,
+                       const char *properties);
+
+EVP_KDF_CTX *EVP_KDF_CTX_new(EVP_KDF *kdf);
+void EVP_KDF_CTX_free(EVP_KDF_CTX *ctx);
+EVP_KDF_CTX *EVP_KDF_CTX_dup(const EVP_KDF_CTX *src);
+const char *EVP_KDF_get0_description(const EVP_KDF *kdf);
+int EVP_KDF_is_a(const EVP_KDF *kdf, const char *name);
+const char *EVP_KDF_get0_name(const EVP_KDF *kdf);
+const OSSL_PROVIDER *EVP_KDF_get0_provider(const EVP_KDF *kdf);
+const EVP_KDF *EVP_KDF_CTX_kdf(EVP_KDF_CTX *ctx);
+
+void EVP_KDF_CTX_reset(EVP_KDF_CTX *ctx);
+size_t EVP_KDF_CTX_get_kdf_size(EVP_KDF_CTX *ctx);
+int EVP_KDF_derive(EVP_KDF_CTX *ctx, unsigned char *key, size_t keylen,
+                   const OSSL_PARAM params[]);
+int EVP_KDF_get_params(EVP_KDF *kdf, OSSL_PARAM params[]);
+int EVP_KDF_CTX_get_params(EVP_KDF_CTX *ctx, OSSL_PARAM params[]);
+int EVP_KDF_CTX_set_params(EVP_KDF_CTX *ctx, const OSSL_PARAM params[]);
+const OSSL_PARAM *EVP_KDF_gettable_params(const EVP_KDF *kdf);
+const OSSL_PARAM *EVP_KDF_gettable_ctx_params(const EVP_KDF *kdf);
+const OSSL_PARAM *EVP_KDF_settable_ctx_params(const EVP_KDF *kdf);
+const OSSL_PARAM *EVP_KDF_CTX_gettable_params(EVP_KDF_CTX *ctx);
+const OSSL_PARAM *EVP_KDF_CTX_settable_params(EVP_KDF_CTX *ctx);
+
+void EVP_KDF_do_all_provided(OSSL_LIB_CTX *libctx,
+                             void (*fn)(EVP_KDF *kdf, void *arg),
+                             void *arg);
+int EVP_KDF_names_do_all(const EVP_KDF *kdf,
+                         void (*fn)(const char *name, void *data),
+                         void *data);
+
+# define EVP_KDF_HKDF_MODE_EXTRACT_AND_EXPAND  0
+# define EVP_KDF_HKDF_MODE_EXTRACT_ONLY        1
+# define EVP_KDF_HKDF_MODE_EXPAND_ONLY         2
+
+#define EVP_KDF_SSHKDF_TYPE_INITIAL_IV_CLI_TO_SRV     65
+#define EVP_KDF_SSHKDF_TYPE_INITIAL_IV_SRV_TO_CLI     66
+#define EVP_KDF_SSHKDF_TYPE_ENCRYPTION_KEY_CLI_TO_SRV 67
+#define EVP_KDF_SSHKDF_TYPE_ENCRYPTION_KEY_SRV_TO_CLI 68
+#define EVP_KDF_SSHKDF_TYPE_INTEGRITY_KEY_CLI_TO_SRV  69
+#define EVP_KDF_SSHKDF_TYPE_INTEGRITY_KEY_SRV_TO_CLI  70
+
+/**** The legacy PKEY-based KDF API follows. ****/

 # define EVP_PKEY_CTRL_TLS_MD                   (EVP_PKEY_ALG_CTRL)
 # define EVP_PKEY_CTRL_TLS_SECRET               (EVP_PKEY_ALG_CTRL + 1)
@ -30,68 +87,52 @@ extern "C" {
 # define EVP_PKEY_CTRL_SCRYPT_P                 (EVP_PKEY_ALG_CTRL + 12)
 # define EVP_PKEY_CTRL_SCRYPT_MAXMEM_BYTES      (EVP_PKEY_ALG_CTRL + 13)

-# define EVP_PKEY_HKDEF_MODE_EXTRACT_AND_EXPAND 0
-# define EVP_PKEY_HKDEF_MODE_EXTRACT_ONLY       1
-# define EVP_PKEY_HKDEF_MODE_EXPAND_ONLY        2
+# define EVP_PKEY_HKDEF_MODE_EXTRACT_AND_EXPAND \
+            EVP_KDF_HKDF_MODE_EXTRACT_AND_EXPAND
+# define EVP_PKEY_HKDEF_MODE_EXTRACT_ONLY       \
+            EVP_KDF_HKDF_MODE_EXTRACT_ONLY
+# define EVP_PKEY_HKDEF_MODE_EXPAND_ONLY        \
+            EVP_KDF_HKDF_MODE_EXPAND_ONLY

-# define EVP_PKEY_CTX_set_tls1_prf_md(pctx, md) \
-            EVP_PKEY_CTX_ctrl(pctx, -1, EVP_PKEY_OP_DERIVE, \
-                              EVP_PKEY_CTRL_TLS_MD, 0, (void *)(md))
+int EVP_PKEY_CTX_set_tls1_prf_md(EVP_PKEY_CTX *ctx, const EVP_MD *md);

-# define EVP_PKEY_CTX_set1_tls1_prf_secret(pctx, sec, seclen) \
-            EVP_PKEY_CTX_ctrl(pctx, -1, EVP_PKEY_OP_DERIVE, \
-                              EVP_PKEY_CTRL_TLS_SECRET, seclen, (void *)(sec))
+int EVP_PKEY_CTX_set1_tls1_prf_secret(EVP_PKEY_CTX *pctx,
+                                      const unsigned char *sec, int seclen);

-# define EVP_PKEY_CTX_add1_tls1_prf_seed(pctx, seed, seedlen) \
-            EVP_PKEY_CTX_ctrl(pctx, -1, EVP_PKEY_OP_DERIVE, \
-                              EVP_PKEY_CTRL_TLS_SEED, seedlen, (void *)(seed))
+int EVP_PKEY_CTX_add1_tls1_prf_seed(EVP_PKEY_CTX *pctx,
+                                    const unsigned char *seed, int seedlen);

-# define EVP_PKEY_CTX_set_hkdf_md(pctx, md) \
-            EVP_PKEY_CTX_ctrl(pctx, -1, EVP_PKEY_OP_DERIVE, \
-                              EVP_PKEY_CTRL_HKDF_MD, 0, (void *)(md))
+int EVP_PKEY_CTX_set_hkdf_md(EVP_PKEY_CTX *ctx, const EVP_MD *md);

-# define EVP_PKEY_CTX_set1_hkdf_salt(pctx, salt, saltlen) \
-            EVP_PKEY_CTX_ctrl(pctx, -1, EVP_PKEY_OP_DERIVE, \
-                              EVP_PKEY_CTRL_HKDF_SALT, saltlen, (void *)(salt))
+int EVP_PKEY_CTX_set1_hkdf_salt(EVP_PKEY_CTX *ctx,
+                                const unsigned char *salt, int saltlen);

-# define EVP_PKEY_CTX_set1_hkdf_key(pctx, key, keylen) \
-            EVP_PKEY_CTX_ctrl(pctx, -1, EVP_PKEY_OP_DERIVE, \
-                              EVP_PKEY_CTRL_HKDF_KEY, keylen, (void *)(key))
+int EVP_PKEY_CTX_set1_hkdf_key(EVP_PKEY_CTX *ctx,
+                               const unsigned char *key, int keylen);

-# define EVP_PKEY_CTX_add1_hkdf_info(pctx, info, infolen) \
-            EVP_PKEY_CTX_ctrl(pctx, -1, EVP_PKEY_OP_DERIVE, \
-                              EVP_PKEY_CTRL_HKDF_INFO, infolen, (void *)(info))
+int EVP_PKEY_CTX_add1_hkdf_info(EVP_PKEY_CTX *ctx,
+                                const unsigned char *info, int infolen);

-# define EVP_PKEY_CTX_hkdf_mode(pctx, mode) \
-            EVP_PKEY_CTX_ctrl(pctx, -1, EVP_PKEY_OP_DERIVE, \
-                              EVP_PKEY_CTRL_HKDF_MODE, mode, NULL)
+int EVP_PKEY_CTX_set_hkdf_mode(EVP_PKEY_CTX *ctx, int mode);
+# define EVP_PKEY_CTX_hkdf_mode EVP_PKEY_CTX_set_hkdf_mode

-# define EVP_PKEY_CTX_set1_pbe_pass(pctx, pass, passlen) \
-            EVP_PKEY_CTX_ctrl(pctx, -1, EVP_PKEY_OP_DERIVE, \
-                            EVP_PKEY_CTRL_PASS, passlen, (void *)(pass))
+int EVP_PKEY_CTX_set1_pbe_pass(EVP_PKEY_CTX *ctx, const char *pass,
+                               int passlen);

-# define EVP_PKEY_CTX_set1_scrypt_salt(pctx, salt, saltlen) \
-            EVP_PKEY_CTX_ctrl(pctx, -1, EVP_PKEY_OP_DERIVE, \
-                            EVP_PKEY_CTRL_SCRYPT_SALT, saltlen, (void *)(salt))
+int EVP_PKEY_CTX_set1_scrypt_salt(EVP_PKEY_CTX *ctx,
+                                  const unsigned char *salt, int saltlen);

-# define EVP_PKEY_CTX_set_scrypt_N(pctx, n) \
-            EVP_PKEY_CTX_ctrl_uint64(pctx, -1, EVP_PKEY_OP_DERIVE, \
-                            EVP_PKEY_CTRL_SCRYPT_N, n)
+int EVP_PKEY_CTX_set_scrypt_N(EVP_PKEY_CTX *ctx, uint64_t n);

-# define EVP_PKEY_CTX_set_scrypt_r(pctx, r) \
-            EVP_PKEY_CTX_ctrl_uint64(pctx, -1, EVP_PKEY_OP_DERIVE, \
-                            EVP_PKEY_CTRL_SCRYPT_R, r)
+int EVP_PKEY_CTX_set_scrypt_r(EVP_PKEY_CTX *ctx, uint64_t r);

-# define EVP_PKEY_CTX_set_scrypt_p(pctx, p) \
-            EVP_PKEY_CTX_ctrl_uint64(pctx, -1, EVP_PKEY_OP_DERIVE, \
-                            EVP_PKEY_CTRL_SCRYPT_P, p)
+int EVP_PKEY_CTX_set_scrypt_p(EVP_PKEY_CTX *ctx, uint64_t p);

-# define EVP_PKEY_CTX_set_scrypt_maxmem_bytes(pctx, maxmem_bytes) \
-            EVP_PKEY_CTX_ctrl_uint64(pctx, -1, EVP_PKEY_OP_DERIVE, \
-                            EVP_PKEY_CTRL_SCRYPT_MAXMEM_BYTES, maxmem_bytes)
+int EVP_PKEY_CTX_set_scrypt_maxmem_bytes(EVP_PKEY_CTX *ctx,
+                                         uint64_t maxmem_bytes);


-# ifdef  __cplusplus
+# ifdef __cplusplus
 }
 # endif
 #endif
--- a/src/3rdparty/win32_include/openssl/kdferr.h
+++ b/src/3rdparty/win32_include/openssl/kdferr.h
@ -1,55 +1,16 @@
 /*
- * Generated by util/mkerr.pl DO NOT EDIT
- * Copyright 1995-2019 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 2020-2021 The OpenSSL Project Authors. All Rights Reserved.
 *
- * Licensed under the OpenSSL license (the "License").  You may not use
+ * Licensed under the Apache License 2.0 (the "License").  You may not use
 * this file except in compliance with the License.  You can obtain a copy
 * in the file LICENSE in the source distribution or at
 * https://www.openssl.org/source/license.html
 */

-#ifndef HEADER_KDFERR_H
-# define HEADER_KDFERR_H
+#ifndef OPENSSL_KDFERR_H
+# define OPENSSL_KDFERR_H
+# pragma once

-# ifndef HEADER_SYMHACKS_H
-#  include <openssl/symhacks.h>
-# endif
+#include <openssl/cryptoerr_legacy.h>

-# ifdef  __cplusplus
-extern "C"
-# endif
-int ERR_load_KDF_strings(void);
-
-/*
- * KDF function codes.
- */
-# define KDF_F_PKEY_HKDF_CTRL_STR                         103
-# define KDF_F_PKEY_HKDF_DERIVE                           102
-# define KDF_F_PKEY_HKDF_INIT                             108
-# define KDF_F_PKEY_SCRYPT_CTRL_STR                       104
-# define KDF_F_PKEY_SCRYPT_CTRL_UINT64                    105
-# define KDF_F_PKEY_SCRYPT_DERIVE                         109
-# define KDF_F_PKEY_SCRYPT_INIT                           106
-# define KDF_F_PKEY_SCRYPT_SET_MEMBUF                     107
-# define KDF_F_PKEY_TLS1_PRF_CTRL_STR                     100
-# define KDF_F_PKEY_TLS1_PRF_DERIVE                       101
-# define KDF_F_PKEY_TLS1_PRF_INIT                         110
-# define KDF_F_TLS1_PRF_ALG                               111
-
-/*
- * KDF reason codes.
- */
-# define KDF_R_INVALID_DIGEST                             100
-# define KDF_R_MISSING_ITERATION_COUNT                    109
-# define KDF_R_MISSING_KEY                                104
-# define KDF_R_MISSING_MESSAGE_DIGEST                     105
-# define KDF_R_MISSING_PARAMETER                          101
-# define KDF_R_MISSING_PASS                               110
-# define KDF_R_MISSING_SALT                               111
-# define KDF_R_MISSING_SECRET                             107
-# define KDF_R_MISSING_SEED                               106
-# define KDF_R_UNKNOWN_PARAMETER_TYPE                     103
-# define KDF_R_VALUE_ERROR                                108
-# define KDF_R_VALUE_MISSING                              102
-
-#endif
+#endif /* !defined(OPENSSL_KDFERR_H) */
--- a/src/3rdparty/win32_include/openssl/lhash.h
+++ b/src/3rdparty/win32_include/openssl/lhash.h
@ -1,21 +1,32 @@
 /*
- * Copyright 1995-2020 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 1995-2022 The OpenSSL Project Authors. All Rights Reserved.
 *
- * Licensed under the OpenSSL license (the "License").  You may not use
+ * Licensed under the Apache License 2.0 (the "License").  You may not use
 * this file except in compliance with the License.  You can obtain a copy
 * in the file LICENSE in the source distribution or at
 * https://www.openssl.org/source/license.html
 */

+
+
 /*
 * Header for dynamic hash table routines Author - Eric Young
 */

-#ifndef HEADER_LHASH_H
-# define HEADER_LHASH_H
+#ifndef OPENSSL_LHASH_H
+# define OPENSSL_LHASH_H
+# pragma once
+
+# include <openssl/macros.h>
+# ifndef OPENSSL_NO_DEPRECATED_3_0
+#  define HEADER_LHASH_H
+# endif

 # include <openssl/e_os2.h>
 # include <openssl/bio.h>
+# ifndef OPENSSL_NO_STDIO
+#  include <stdio.h>
+# endif

 #ifdef  __cplusplus
 extern "C" {
@ -72,6 +83,7 @@ typedef struct lhash_st OPENSSL_LHASH;
 int OPENSSL_LH_error(OPENSSL_LHASH *lh);
 OPENSSL_LHASH *OPENSSL_LH_new(OPENSSL_LH_HASHFUNC h, OPENSSL_LH_COMPFUNC c);
 void OPENSSL_LH_free(OPENSSL_LHASH *lh);
+void OPENSSL_LH_flush(OPENSSL_LHASH *lh);
 void *OPENSSL_LH_insert(OPENSSL_LHASH *lh, void *data);
 void *OPENSSL_LH_delete(OPENSSL_LHASH *lh, const void *data);
 void *OPENSSL_LH_retrieve(OPENSSL_LHASH *lh, const void *data);
@ -83,15 +95,19 @@ unsigned long OPENSSL_LH_get_down_load(const OPENSSL_LHASH *lh);
 void OPENSSL_LH_set_down_load(OPENSSL_LHASH *lh, unsigned long down_load);

 # ifndef OPENSSL_NO_STDIO
-void OPENSSL_LH_stats(const OPENSSL_LHASH *lh, FILE *fp);
-void OPENSSL_LH_node_stats(const OPENSSL_LHASH *lh, FILE *fp);
-void OPENSSL_LH_node_usage_stats(const OPENSSL_LHASH *lh, FILE *fp);
+#  ifndef OPENSSL_NO_DEPRECATED_3_1
+OSSL_DEPRECATEDIN_3_1 void OPENSSL_LH_stats(const OPENSSL_LHASH *lh, FILE *fp);
+OSSL_DEPRECATEDIN_3_1 void OPENSSL_LH_node_stats(const OPENSSL_LHASH *lh, FILE *fp);
+OSSL_DEPRECATEDIN_3_1 void OPENSSL_LH_node_usage_stats(const OPENSSL_LHASH *lh, FILE *fp);
+#  endif
+# endif
+# ifndef OPENSSL_NO_DEPRECATED_3_1
+OSSL_DEPRECATEDIN_3_1 void OPENSSL_LH_stats_bio(const OPENSSL_LHASH *lh, BIO *out);
+OSSL_DEPRECATEDIN_3_1 void OPENSSL_LH_node_stats_bio(const OPENSSL_LHASH *lh, BIO *out);
+OSSL_DEPRECATEDIN_3_1 void OPENSSL_LH_node_usage_stats_bio(const OPENSSL_LHASH *lh, BIO *out);
 # endif
-void OPENSSL_LH_stats_bio(const OPENSSL_LHASH *lh, BIO *out);
-void OPENSSL_LH_node_stats_bio(const OPENSSL_LHASH *lh, BIO *out);
-void OPENSSL_LH_node_usage_stats_bio(const OPENSSL_LHASH *lh, BIO *out);

-# if OPENSSL_API_COMPAT < 0x10100000L
+# ifndef OPENSSL_NO_DEPRECATED_1_1_0
 #  define _LHASH OPENSSL_LHASH
 #  define LHASH_NODE OPENSSL_LH_NODE
 #  define lh_error OPENSSL_LH_error
@ -118,63 +134,145 @@ void OPENSSL_LH_node_usage_stats_bio(const OPENSSL_LHASH *lh, BIO *out);

 # define LHASH_OF(type) struct lhash_st_##type

-# define DEFINE_LHASH_OF(type) \
-    LHASH_OF(type) { union lh_##type##_dummy { void* d1; unsigned long d2; int d3; } dummy; }; \
-    static ossl_unused ossl_inline LHASH_OF(type) *lh_##type##_new(unsigned long (*hfn)(const type *), \
-                                                                   int (*cfn)(const type *, const type *)) \
+/* Helper macro for internal use */
+# define DEFINE_LHASH_OF_INTERNAL(type) \
+    LHASH_OF(type) { \
+        union lh_##type##_dummy { void* d1; unsigned long d2; int d3; } dummy; \
+    }; \
+    typedef int (*lh_##type##_compfunc)(const type *a, const type *b); \
+    typedef unsigned long (*lh_##type##_hashfunc)(const type *a); \
+    typedef void (*lh_##type##_doallfunc)(type *a); \
+    static ossl_unused ossl_inline type *\
+    ossl_check_##type##_lh_plain_type(type *ptr) \
+    { \
+        return ptr; \
+    } \
+    static ossl_unused ossl_inline const type * \
+    ossl_check_const_##type##_lh_plain_type(const type *ptr) \
+    { \
+        return ptr; \
+    } \
+    static ossl_unused ossl_inline const OPENSSL_LHASH * \
+    ossl_check_const_##type##_lh_type(const LHASH_OF(type) *lh) \
+    { \
+        return (const OPENSSL_LHASH *)lh; \
+    } \
+    static ossl_unused ossl_inline OPENSSL_LHASH * \
+    ossl_check_##type##_lh_type(LHASH_OF(type) *lh) \
+    { \
+        return (OPENSSL_LHASH *)lh; \
+    } \
+    static ossl_unused ossl_inline OPENSSL_LH_COMPFUNC \
+    ossl_check_##type##_lh_compfunc_type(lh_##type##_compfunc cmp) \
+    { \
+        return (OPENSSL_LH_COMPFUNC)cmp; \
+    } \
+    static ossl_unused ossl_inline OPENSSL_LH_HASHFUNC \
+    ossl_check_##type##_lh_hashfunc_type(lh_##type##_hashfunc hfn) \
+    { \
+        return (OPENSSL_LH_HASHFUNC)hfn; \
+    } \
+    static ossl_unused ossl_inline OPENSSL_LH_DOALL_FUNC \
+    ossl_check_##type##_lh_doallfunc_type(lh_##type##_doallfunc dfn) \
+    { \
+        return (OPENSSL_LH_DOALL_FUNC)dfn; \
+    } \
+    LHASH_OF(type)
+
+# ifndef OPENSSL_NO_DEPRECATED_3_1
+#  define DEFINE_LHASH_OF_DEPRECATED(type) \
+    static ossl_unused ossl_inline void \
+    lh_##type##_node_stats_bio(const LHASH_OF(type) *lh, BIO *out) \
+    { \
+        OPENSSL_LH_node_stats_bio((const OPENSSL_LHASH *)lh, out); \
+    } \
+    static ossl_unused ossl_inline void \
+    lh_##type##_node_usage_stats_bio(const LHASH_OF(type) *lh, BIO *out) \
+    { \
+        OPENSSL_LH_node_usage_stats_bio((const OPENSSL_LHASH *)lh, out); \
+    } \
+    static ossl_unused ossl_inline void \
+    lh_##type##_stats_bio(const LHASH_OF(type) *lh, BIO *out) \
+    { \
+        OPENSSL_LH_stats_bio((const OPENSSL_LHASH *)lh, out); \
+    }
+# else
+#  define DEFINE_LHASH_OF_DEPRECATED(type)
+# endif
+
+# define DEFINE_LHASH_OF_EX(type) \
+    LHASH_OF(type) { \
+        union lh_##type##_dummy { void* d1; unsigned long d2; int d3; } dummy; \
+    }; \
+    static ossl_unused ossl_inline LHASH_OF(type) * \
+    lh_##type##_new(unsigned long (*hfn)(const type *), \
+                    int (*cfn)(const type *, const type *)) \
    { \
        return (LHASH_OF(type) *) \
            OPENSSL_LH_new((OPENSSL_LH_HASHFUNC)hfn, (OPENSSL_LH_COMPFUNC)cfn); \
    } \
-    static ossl_unused ossl_inline void lh_##type##_free(LHASH_OF(type) *lh) \
+    static ossl_unused ossl_inline void \
+    lh_##type##_free(LHASH_OF(type) *lh) \
    { \
        OPENSSL_LH_free((OPENSSL_LHASH *)lh); \
    } \
-    static ossl_unused ossl_inline type *lh_##type##_insert(LHASH_OF(type) *lh, type *d) \
+    static ossl_unused ossl_inline void \
+    lh_##type##_flush(LHASH_OF(type) *lh) \
+    { \
+        OPENSSL_LH_flush((OPENSSL_LHASH *)lh); \
+    } \
+    static ossl_unused ossl_inline type * \
+    lh_##type##_insert(LHASH_OF(type) *lh, type *d) \
    { \
        return (type *)OPENSSL_LH_insert((OPENSSL_LHASH *)lh, d); \
    } \
-    static ossl_unused ossl_inline type *lh_##type##_delete(LHASH_OF(type) *lh, const type *d) \
+    static ossl_unused ossl_inline type * \
+    lh_##type##_delete(LHASH_OF(type) *lh, const type *d) \
    { \
        return (type *)OPENSSL_LH_delete((OPENSSL_LHASH *)lh, d); \
    } \
-    static ossl_unused ossl_inline type *lh_##type##_retrieve(LHASH_OF(type) *lh, const type *d) \
+    static ossl_unused ossl_inline type * \
+    lh_##type##_retrieve(LHASH_OF(type) *lh, const type *d) \
    { \
        return (type *)OPENSSL_LH_retrieve((OPENSSL_LHASH *)lh, d); \
    } \
-    static ossl_unused ossl_inline int lh_##type##_error(LHASH_OF(type) *lh) \
+    static ossl_unused ossl_inline int \
+    lh_##type##_error(LHASH_OF(type) *lh) \
    { \
        return OPENSSL_LH_error((OPENSSL_LHASH *)lh); \
    } \
-    static ossl_unused ossl_inline unsigned long lh_##type##_num_items(LHASH_OF(type) *lh) \
+    static ossl_unused ossl_inline unsigned long \
+    lh_##type##_num_items(LHASH_OF(type) *lh) \
    { \
        return OPENSSL_LH_num_items((OPENSSL_LHASH *)lh); \
    } \
-    static ossl_unused ossl_inline void lh_##type##_node_stats_bio(const LHASH_OF(type) *lh, BIO *out) \
-    { \
-        OPENSSL_LH_node_stats_bio((const OPENSSL_LHASH *)lh, out); \
-    } \
-    static ossl_unused ossl_inline void lh_##type##_node_usage_stats_bio(const LHASH_OF(type) *lh, BIO *out) \
-    { \
-        OPENSSL_LH_node_usage_stats_bio((const OPENSSL_LHASH *)lh, out); \
-    } \
-    static ossl_unused ossl_inline void lh_##type##_stats_bio(const LHASH_OF(type) *lh, BIO *out) \
-    { \
-        OPENSSL_LH_stats_bio((const OPENSSL_LHASH *)lh, out); \
-    } \
-    static ossl_unused ossl_inline unsigned long lh_##type##_get_down_load(LHASH_OF(type) *lh) \
+    static ossl_unused ossl_inline unsigned long \
+    lh_##type##_get_down_load(LHASH_OF(type) *lh) \
    { \
        return OPENSSL_LH_get_down_load((OPENSSL_LHASH *)lh); \
    } \
-    static ossl_unused ossl_inline void lh_##type##_set_down_load(LHASH_OF(type) *lh, unsigned long dl) \
+    static ossl_unused ossl_inline void \
+    lh_##type##_set_down_load(LHASH_OF(type) *lh, unsigned long dl) \
    { \
        OPENSSL_LH_set_down_load((OPENSSL_LHASH *)lh, dl); \
    } \
-    static ossl_unused ossl_inline void lh_##type##_doall(LHASH_OF(type) *lh, \
-                                                          void (*doall)(type *)) \
+    static ossl_unused ossl_inline void \
+    lh_##type##_doall(LHASH_OF(type) *lh, void (*doall)(type *)) \
    { \
        OPENSSL_LH_doall((OPENSSL_LHASH *)lh, (OPENSSL_LH_DOALL_FUNC)doall); \
    } \
+    static ossl_unused ossl_inline void \
+    lh_##type##_doall_arg(LHASH_OF(type) *lh, \
+                          void (*doallarg)(type *, void *), void *arg) \
+    { \
+        OPENSSL_LH_doall_arg((OPENSSL_LHASH *)lh, \
+                             (OPENSSL_LH_DOALL_FUNCARG)doallarg, arg); \
+    } \
+    LHASH_OF(type)
+
+# define DEFINE_LHASH_OF(type) \
+    DEFINE_LHASH_OF_EX(type); \
+    DEFINE_LHASH_OF_DEPRECATED(type) \
    LHASH_OF(type)

 #define IMPLEMENT_LHASH_DOALL_ARG_CONST(type, argtype) \
@ -189,50 +287,42 @@ void OPENSSL_LH_node_usage_stats_bio(const OPENSSL_LHASH *lh, BIO *out);
                                   void (*fn)(cbargtype *, argtype *), \
                                   argtype *arg) \
    { \
-        OPENSSL_LH_doall_arg((OPENSSL_LHASH *)lh, (OPENSSL_LH_DOALL_FUNCARG)fn, (void *)arg); \
+        OPENSSL_LH_doall_arg((OPENSSL_LHASH *)lh, \
+                             (OPENSSL_LH_DOALL_FUNCARG)fn, (void *)arg); \
    } \
    LHASH_OF(type)

-DEFINE_LHASH_OF(OPENSSL_STRING);
-# ifdef _MSC_VER
-/*
- * push and pop this warning:
- *   warning C4090: 'function': different 'const' qualifiers
- */
-#  pragma warning (push)
-#  pragma warning (disable: 4090)
-# endif
+DEFINE_LHASH_OF_INTERNAL(OPENSSL_STRING);
+#define lh_OPENSSL_STRING_new(hfn, cmp) ((LHASH_OF(OPENSSL_STRING) *)OPENSSL_LH_new(ossl_check_OPENSSL_STRING_lh_hashfunc_type(hfn), ossl_check_OPENSSL_STRING_lh_compfunc_type(cmp)))
+#define lh_OPENSSL_STRING_free(lh) OPENSSL_LH_free(ossl_check_OPENSSL_STRING_lh_type(lh))
+#define lh_OPENSSL_STRING_flush(lh) OPENSSL_LH_flush(ossl_check_OPENSSL_STRING_lh_type(lh))
+#define lh_OPENSSL_STRING_insert(lh, ptr) ((OPENSSL_STRING *)OPENSSL_LH_insert(ossl_check_OPENSSL_STRING_lh_type(lh), ossl_check_OPENSSL_STRING_lh_plain_type(ptr)))
+#define lh_OPENSSL_STRING_delete(lh, ptr) ((OPENSSL_STRING *)OPENSSL_LH_delete(ossl_check_OPENSSL_STRING_lh_type(lh), ossl_check_const_OPENSSL_STRING_lh_plain_type(ptr)))
+#define lh_OPENSSL_STRING_retrieve(lh, ptr) ((OPENSSL_STRING *)OPENSSL_LH_retrieve(ossl_check_OPENSSL_STRING_lh_type(lh), ossl_check_const_OPENSSL_STRING_lh_plain_type(ptr)))
+#define lh_OPENSSL_STRING_error(lh) OPENSSL_LH_error(ossl_check_OPENSSL_STRING_lh_type(lh))
+#define lh_OPENSSL_STRING_num_items(lh) OPENSSL_LH_num_items(ossl_check_OPENSSL_STRING_lh_type(lh))
+#define lh_OPENSSL_STRING_node_stats_bio(lh, out) OPENSSL_LH_node_stats_bio(ossl_check_const_OPENSSL_STRING_lh_type(lh), out)
+#define lh_OPENSSL_STRING_node_usage_stats_bio(lh, out) OPENSSL_LH_node_usage_stats_bio(ossl_check_const_OPENSSL_STRING_lh_type(lh), out)
+#define lh_OPENSSL_STRING_stats_bio(lh, out) OPENSSL_LH_stats_bio(ossl_check_const_OPENSSL_STRING_lh_type(lh), out)
+#define lh_OPENSSL_STRING_get_down_load(lh) OPENSSL_LH_get_down_load(ossl_check_OPENSSL_STRING_lh_type(lh))
+#define lh_OPENSSL_STRING_set_down_load(lh, dl) OPENSSL_LH_set_down_load(ossl_check_OPENSSL_STRING_lh_type(lh), dl)
+#define lh_OPENSSL_STRING_doall(lh, dfn) OPENSSL_LH_doall(ossl_check_OPENSSL_STRING_lh_type(lh), ossl_check_OPENSSL_STRING_lh_doallfunc_type(dfn))
+DEFINE_LHASH_OF_INTERNAL(OPENSSL_CSTRING);
+#define lh_OPENSSL_CSTRING_new(hfn, cmp) ((LHASH_OF(OPENSSL_CSTRING) *)OPENSSL_LH_new(ossl_check_OPENSSL_CSTRING_lh_hashfunc_type(hfn), ossl_check_OPENSSL_CSTRING_lh_compfunc_type(cmp)))
+#define lh_OPENSSL_CSTRING_free(lh) OPENSSL_LH_free(ossl_check_OPENSSL_CSTRING_lh_type(lh))
+#define lh_OPENSSL_CSTRING_flush(lh) OPENSSL_LH_flush(ossl_check_OPENSSL_CSTRING_lh_type(lh))
+#define lh_OPENSSL_CSTRING_insert(lh, ptr) ((OPENSSL_CSTRING *)OPENSSL_LH_insert(ossl_check_OPENSSL_CSTRING_lh_type(lh), ossl_check_OPENSSL_CSTRING_lh_plain_type(ptr)))
+#define lh_OPENSSL_CSTRING_delete(lh, ptr) ((OPENSSL_CSTRING *)OPENSSL_LH_delete(ossl_check_OPENSSL_CSTRING_lh_type(lh), ossl_check_const_OPENSSL_CSTRING_lh_plain_type(ptr)))
+#define lh_OPENSSL_CSTRING_retrieve(lh, ptr) ((OPENSSL_CSTRING *)OPENSSL_LH_retrieve(ossl_check_OPENSSL_CSTRING_lh_type(lh), ossl_check_const_OPENSSL_CSTRING_lh_plain_type(ptr)))
+#define lh_OPENSSL_CSTRING_error(lh) OPENSSL_LH_error(ossl_check_OPENSSL_CSTRING_lh_type(lh))
+#define lh_OPENSSL_CSTRING_num_items(lh) OPENSSL_LH_num_items(ossl_check_OPENSSL_CSTRING_lh_type(lh))
+#define lh_OPENSSL_CSTRING_node_stats_bio(lh, out) OPENSSL_LH_node_stats_bio(ossl_check_const_OPENSSL_CSTRING_lh_type(lh), out)
+#define lh_OPENSSL_CSTRING_node_usage_stats_bio(lh, out) OPENSSL_LH_node_usage_stats_bio(ossl_check_const_OPENSSL_CSTRING_lh_type(lh), out)
+#define lh_OPENSSL_CSTRING_stats_bio(lh, out) OPENSSL_LH_stats_bio(ossl_check_const_OPENSSL_CSTRING_lh_type(lh), out)
+#define lh_OPENSSL_CSTRING_get_down_load(lh) OPENSSL_LH_get_down_load(ossl_check_OPENSSL_CSTRING_lh_type(lh))
+#define lh_OPENSSL_CSTRING_set_down_load(lh, dl) OPENSSL_LH_set_down_load(ossl_check_OPENSSL_CSTRING_lh_type(lh), dl)
+#define lh_OPENSSL_CSTRING_doall(lh, dfn) OPENSSL_LH_doall(ossl_check_OPENSSL_CSTRING_lh_type(lh), ossl_check_OPENSSL_CSTRING_lh_doallfunc_type(dfn))

-DEFINE_LHASH_OF(OPENSSL_CSTRING);
-
-# ifdef _MSC_VER
-#  pragma warning (pop)
-# endif
-
-/*
- * If called without higher optimization (min. -xO3) the Oracle Developer
- * Studio compiler generates code for the defined (static inline) functions
- * above.
- * This would later lead to the linker complaining about missing symbols when
- * this header file is included but the resulting object is not linked against
- * the Crypto library (openssl#6912).
- */
-# ifdef __SUNPRO_C
-#  pragma weak OPENSSL_LH_new
-#  pragma weak OPENSSL_LH_free
-#  pragma weak OPENSSL_LH_insert
-#  pragma weak OPENSSL_LH_delete
-#  pragma weak OPENSSL_LH_retrieve
-#  pragma weak OPENSSL_LH_error
-#  pragma weak OPENSSL_LH_num_items
-#  pragma weak OPENSSL_LH_node_stats_bio
-#  pragma weak OPENSSL_LH_node_usage_stats_bio
-#  pragma weak OPENSSL_LH_stats_bio
-#  pragma weak OPENSSL_LH_get_down_load
-#  pragma weak OPENSSL_LH_set_down_load
-#  pragma weak OPENSSL_LH_doall
-#  pragma weak OPENSSL_LH_doall_arg
-# endif /* __SUNPRO_C */

 #ifdef  __cplusplus
 }
--- a/src/3rdparty/win32_include/openssl/macros.h
+++ b/src/3rdparty/win32_include/openssl/macros.h
@ -0,0 +1,325 @@
+/*
+ * Copyright 2019-2022 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the Apache License 2.0 (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#ifndef OPENSSL_MACROS_H
+# define OPENSSL_MACROS_H
+# pragma once
+
+#include <openssl/opensslconf.h>
+#include <openssl/opensslv.h>
+
+
+/* Helper macros for CPP string composition */
+# define OPENSSL_MSTR_HELPER(x) #x
+# define OPENSSL_MSTR(x) OPENSSL_MSTR_HELPER(x)
+
+/*
+ * Sometimes OPENSSL_NO_xxx ends up with an empty file and some compilers
+ * don't like that.  This will hopefully silence them.
+ */
+# define NON_EMPTY_TRANSLATION_UNIT static void *dummy = &dummy;
+
+/*
+ * Generic deprecation macro
+ *
+ * If OPENSSL_SUPPRESS_DEPRECATED is defined, then OSSL_DEPRECATED and
+ * OSSL_DEPRECATED_FOR become no-ops
+ */
+# ifndef OSSL_DEPRECATED
+#  undef OSSL_DEPRECATED_FOR
+#  ifndef OPENSSL_SUPPRESS_DEPRECATED
+#   if defined(_MSC_VER)
+     /*
+      * MSVC supports __declspec(deprecated) since MSVC 2003 (13.10),
+      * and __declspec(deprecated(message)) since MSVC 2005 (14.00)
+      */
+#    if _MSC_VER >= 1400
+#     define OSSL_DEPRECATED(since) \
+          __declspec(deprecated("Since OpenSSL " # since))
+#     define OSSL_DEPRECATED_FOR(since, message) \
+          __declspec(deprecated("Since OpenSSL " # since ";" message))
+#    elif _MSC_VER >= 1310
+#     define OSSL_DEPRECATED(since) __declspec(deprecated)
+#     define OSSL_DEPRECATED_FOR(since, message) __declspec(deprecated)
+#    endif
+#   elif defined(__GNUC__)
+     /*
+      * According to GCC documentation, deprecations with message appeared in
+      * GCC 4.5.0
+      */
+#    if __GNUC__ > 4 || (__GNUC__ == 4 && __GNUC_MINOR__ >= 5)
+#     define OSSL_DEPRECATED(since) \
+          __attribute__((deprecated("Since OpenSSL " # since)))
+#     define OSSL_DEPRECATED_FOR(since, message) \
+          __attribute__((deprecated("Since OpenSSL " # since ";" message)))
+#    elif __GNUC__ > 3 || (__GNUC__ == 3 && __GNUC_MINOR__ > 0)
+#     define OSSL_DEPRECATED(since) __attribute__((deprecated))
+#     define OSSL_DEPRECATED_FOR(since, message) __attribute__((deprecated))
+#    endif
+#   elif defined(__SUNPRO_C)
+#    if (__SUNPRO_C >= 0x5130)
+#     define OSSL_DEPRECATED(since) __attribute__ ((deprecated))
+#     define OSSL_DEPRECATED_FOR(since, message) __attribute__ ((deprecated))
+#    endif
+#   endif
+#  endif
+# endif
+
+/*
+ * Still not defined?  Then define no-op macros. This means these macros
+ * are unsuitable for use in a typedef.
+ */
+# ifndef OSSL_DEPRECATED
+#  define OSSL_DEPRECATED(since)                extern
+#  define OSSL_DEPRECATED_FOR(since, message)   extern
+# endif
+
+/*
+ * Applications should use -DOPENSSL_API_COMPAT=<version> to suppress the
+ * declarations of functions deprecated in or before <version>.  If this is
+ * undefined, the value of the macro OPENSSL_CONFIGURED_API (defined in
+ * <openssl/opensslconf.h>) is the default.
+ *
+ * For any version number up until version 1.1.x, <version> is expected to be
+ * the calculated version number 0xMNNFFPPSL.
+ * For version numbers 3.0 and on, <version> is expected to be a computation
+ * of the major and minor numbers in decimal using this formula:
+ *
+ *     MAJOR * 10000 + MINOR * 100
+ *
+ * So version 3.0 becomes 30000, version 3.2 becomes 30200, etc.
+ */
+
+/*
+ * We use the OPENSSL_API_COMPAT value to define API level macros.  These
+ * macros are used to enable or disable features at that API version boundary.
+ */
+
+# ifdef OPENSSL_API_LEVEL
+#  error "OPENSSL_API_LEVEL must not be defined by application"
+# endif
+
+/*
+ * We figure out what API level was intended by simple numeric comparison.
+ * The lowest old style number we recognise is 0x00908000L, so we take some
+ * safety margin and assume that anything below 0x00900000L is a new style
+ * number.  This allows new versions up to and including v943.71.83.
+ */
+# ifdef OPENSSL_API_COMPAT
+#  if OPENSSL_API_COMPAT < 0x900000L
+#   define OPENSSL_API_LEVEL (OPENSSL_API_COMPAT)
+#  else
+#   define OPENSSL_API_LEVEL                            \
+           (((OPENSSL_API_COMPAT >> 28) & 0xF) * 10000  \
+            + ((OPENSSL_API_COMPAT >> 20) & 0xFF) * 100 \
+            + ((OPENSSL_API_COMPAT >> 12) & 0xFF))
+#  endif
+# endif
+
+/*
+ * If OPENSSL_API_COMPAT wasn't given, we use default numbers to set
+ * the API compatibility level.
+ */
+# ifndef OPENSSL_API_LEVEL
+#  if OPENSSL_CONFIGURED_API > 0
+#   define OPENSSL_API_LEVEL (OPENSSL_CONFIGURED_API)
+#  else
+#   define OPENSSL_API_LEVEL \
+           (OPENSSL_VERSION_MAJOR * 10000 + OPENSSL_VERSION_MINOR * 100)
+#  endif
+# endif
+
+# if OPENSSL_API_LEVEL > OPENSSL_CONFIGURED_API
+#  error "The requested API level higher than the configured API compatibility level"
+# endif
+
+/*
+ * Check of sane values.
+ */
+/* Can't go higher than the current version. */
+# if OPENSSL_API_LEVEL > (OPENSSL_VERSION_MAJOR * 10000 + OPENSSL_VERSION_MINOR * 100)
+#  error "OPENSSL_API_COMPAT expresses an impossible API compatibility level"
+# endif
+/* OpenSSL will have no version 2.y.z */
+# if OPENSSL_API_LEVEL < 30000 && OPENSSL_API_LEVEL >= 20000
+#  error "OPENSSL_API_COMPAT expresses an impossible API compatibility level"
+# endif
+/* Below 0.9.8 is unacceptably low */
+# if OPENSSL_API_LEVEL < 908
+#  error "OPENSSL_API_COMPAT expresses an impossible API compatibility level"
+# endif
+
+/*
+ * Define macros for deprecation and simulated removal purposes.
+ *
+ * The macros OSSL_DEPRECATED_{major}_{minor} are always defined for
+ * all OpenSSL versions we care for.  They can be used as attributes
+ * in function declarations where appropriate.
+ *
+ * The macros OPENSSL_NO_DEPRECATED_{major}_{minor} are defined for
+ * all OpenSSL versions up to or equal to the version given with
+ * OPENSSL_API_COMPAT.  They are used as guards around anything that's
+ * deprecated up to that version, as an effect of the developer option
+ * 'no-deprecated'.
+ */
+
+# undef OPENSSL_NO_DEPRECATED_3_0
+# undef OPENSSL_NO_DEPRECATED_1_1_1
+# undef OPENSSL_NO_DEPRECATED_1_1_0
+# undef OPENSSL_NO_DEPRECATED_1_0_2
+# undef OPENSSL_NO_DEPRECATED_1_0_1
+# undef OPENSSL_NO_DEPRECATED_1_0_0
+# undef OPENSSL_NO_DEPRECATED_0_9_8
+
+# if OPENSSL_API_LEVEL >= 30100
+#  ifndef OPENSSL_NO_DEPRECATED
+#   define OSSL_DEPRECATEDIN_3_1                OSSL_DEPRECATED(3.1)
+#   define OSSL_DEPRECATEDIN_3_1_FOR(msg)       OSSL_DEPRECATED_FOR(3.1, msg)
+#  else
+#   define OPENSSL_NO_DEPRECATED_3_1
+#  endif
+# else
+#  define OSSL_DEPRECATEDIN_3_1
+#  define OSSL_DEPRECATEDIN_3_1_FOR(msg)
+# endif
+# if OPENSSL_API_LEVEL >= 30000
+#  ifndef OPENSSL_NO_DEPRECATED
+#   define OSSL_DEPRECATEDIN_3_0                OSSL_DEPRECATED(3.0)
+#   define OSSL_DEPRECATEDIN_3_0_FOR(msg)       OSSL_DEPRECATED_FOR(3.0, msg)
+#  else
+#   define OPENSSL_NO_DEPRECATED_3_0
+#  endif
+# else
+#  define OSSL_DEPRECATEDIN_3_0
+#  define OSSL_DEPRECATEDIN_3_0_FOR(msg)
+# endif
+# if OPENSSL_API_LEVEL >= 10101
+#  ifndef OPENSSL_NO_DEPRECATED
+#   define OSSL_DEPRECATEDIN_1_1_1              OSSL_DEPRECATED(1.1.1)
+#   define OSSL_DEPRECATEDIN_1_1_1_FOR(msg)     OSSL_DEPRECATED_FOR(1.1.1, msg)
+#  else
+#   define OPENSSL_NO_DEPRECATED_1_1_1
+#  endif
+# else
+#  define OSSL_DEPRECATEDIN_1_1_1
+#  define OSSL_DEPRECATEDIN_1_1_1_FOR(msg)
+# endif
+# if OPENSSL_API_LEVEL >= 10100
+#  ifndef OPENSSL_NO_DEPRECATED
+#   define OSSL_DEPRECATEDIN_1_1_0              OSSL_DEPRECATED(1.1.0)
+#   define OSSL_DEPRECATEDIN_1_1_0_FOR(msg)     OSSL_DEPRECATED_FOR(1.1.0, msg)
+#  else
+#   define OPENSSL_NO_DEPRECATED_1_1_0
+#  endif
+# else
+#  define OSSL_DEPRECATEDIN_1_1_0
+#  define OSSL_DEPRECATEDIN_1_1_0_FOR(msg)
+# endif
+# if OPENSSL_API_LEVEL >= 10002
+#  ifndef OPENSSL_NO_DEPRECATED
+#   define OSSL_DEPRECATEDIN_1_0_2              OSSL_DEPRECATED(1.0.2)
+#   define OSSL_DEPRECATEDIN_1_0_2_FOR(msg)     OSSL_DEPRECATED_FOR(1.0.2, msg)
+#  else
+#   define OPENSSL_NO_DEPRECATED_1_0_2
+#  endif
+# else
+#  define OSSL_DEPRECATEDIN_1_0_2
+#  define OSSL_DEPRECATEDIN_1_0_2_FOR(msg)
+# endif
+# if OPENSSL_API_LEVEL >= 10001
+#  ifndef OPENSSL_NO_DEPRECATED
+#   define OSSL_DEPRECATEDIN_1_0_1              OSSL_DEPRECATED(1.0.1)
+#   define OSSL_DEPRECATEDIN_1_0_1_FOR(msg)     OSSL_DEPRECATED_FOR(1.0.1, msg)
+#  else
+#   define OPENSSL_NO_DEPRECATED_1_0_1
+#  endif
+# else
+#  define OSSL_DEPRECATEDIN_1_0_1
+#  define OSSL_DEPRECATEDIN_1_0_1_FOR(msg)
+# endif
+# if OPENSSL_API_LEVEL >= 10000
+#  ifndef OPENSSL_NO_DEPRECATED
+#   define OSSL_DEPRECATEDIN_1_0_0              OSSL_DEPRECATED(1.0.0)
+#   define OSSL_DEPRECATEDIN_1_0_0_FOR(msg)     OSSL_DEPRECATED_FOR(1.0.0, msg)
+#  else
+#   define OPENSSL_NO_DEPRECATED_1_0_0
+#  endif
+# else
+#  define OSSL_DEPRECATEDIN_1_0_0
+#  define OSSL_DEPRECATEDIN_1_0_0_FOR(msg)
+# endif
+# if OPENSSL_API_LEVEL >= 908
+#  ifndef OPENSSL_NO_DEPRECATED
+#   define OSSL_DEPRECATEDIN_0_9_8              OSSL_DEPRECATED(0.9.8)
+#   define OSSL_DEPRECATEDIN_0_9_8_FOR(msg)     OSSL_DEPRECATED_FOR(0.9.8, msg)
+#  else
+#   define OPENSSL_NO_DEPRECATED_0_9_8
+#  endif
+# else
+#  define OSSL_DEPRECATEDIN_0_9_8
+#  define OSSL_DEPRECATEDIN_0_9_8_FOR(msg)
+# endif
+
+/*
+ * Make our own variants of __FILE__ and __LINE__, depending on configuration
+ */
+
+# ifndef OPENSSL_FILE
+#  ifdef OPENSSL_NO_FILENAMES
+#   define OPENSSL_FILE ""
+#   define OPENSSL_LINE 0
+#  else
+#   define OPENSSL_FILE __FILE__
+#   define OPENSSL_LINE __LINE__
+#  endif
+# endif
+
+/*
+ * __func__ was standardized in C99, so for any compiler that claims
+ * to implement that language level or newer, we assume we can safely
+ * use that symbol.
+ *
+ * GNU C also provides __FUNCTION__ since version 2, which predates
+ * C99.  We can, however, only use this if __STDC_VERSION__ exists,
+ * as it's otherwise not allowed according to ISO C standards (C90).
+ * (compiling with GNU C's -pedantic tells us so)
+ *
+ * If none of the above applies, we check if the compiler is MSVC,
+ * and use __FUNCTION__ if that's the case.
+ */
+# ifndef OPENSSL_FUNC
+#  if defined(__STDC_VERSION__)
+#   if __STDC_VERSION__ >= 199901L
+#    define OPENSSL_FUNC __func__
+#   elif defined(__GNUC__) && __GNUC__ >= 2
+#    define OPENSSL_FUNC __FUNCTION__
+#   endif
+#  elif defined(_MSC_VER)
+#    define OPENSSL_FUNC __FUNCTION__
+#  endif
+/*
+ * If all these possibilities are exhausted, we give up and use a
+ * static string.
+ */
+#  ifndef OPENSSL_FUNC
+#   define OPENSSL_FUNC "(unknown function)"
+#  endif
+# endif
+
+# ifndef OSSL_CRYPTO_ALLOC
+#  if defined(__GNUC__)
+#   define OSSL_CRYPTO_ALLOC __attribute__((malloc))
+#  elif defined(_MSC_VER)
+#   define OSSL_CRYPTO_ALLOC __declspec(restrict)
+#  else
+#   define OSSL_CRYPTO_ALLOC
+#  endif
+# endif
+
+#endif  /* OPENSSL_MACROS_H */
--- a/src/3rdparty/win32_include/openssl/md2.h
+++ b/src/3rdparty/win32_include/openssl/md2.h
@ -1,27 +1,36 @@
 /*
- * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 1995-2020 The OpenSSL Project Authors. All Rights Reserved.
 *
- * Licensed under the OpenSSL license (the "License").  You may not use
+ * Licensed under the Apache License 2.0 (the "License").  You may not use
 * this file except in compliance with the License.  You can obtain a copy
 * in the file LICENSE in the source distribution or at
 * https://www.openssl.org/source/license.html
 */

-#ifndef HEADER_MD2_H
-# define HEADER_MD2_H
+#ifndef OPENSSL_MD2_H
+# define OPENSSL_MD2_H
+# pragma once
+
+# include <openssl/macros.h>
+# ifndef OPENSSL_NO_DEPRECATED_3_0
+#  define HEADER_MD2_H
+# endif

 # include <openssl/opensslconf.h>

 # ifndef OPENSSL_NO_MD2
-# include <stddef.h>
-# ifdef  __cplusplus
+#  include <stddef.h>
+#  ifdef  __cplusplus
 extern "C" {
-# endif
+#  endif
+
+#  define MD2_DIGEST_LENGTH       16
+
+#  if !defined(OPENSSL_NO_DEPRECATED_3_0)

 typedef unsigned char MD2_INT;

-# define MD2_DIGEST_LENGTH       16
-# define MD2_BLOCK               16
+#   define MD2_BLOCK               16

 typedef struct MD2state_st {
    unsigned int num;
@ -29,16 +38,19 @@ typedef struct MD2state_st {
    MD2_INT cksm[MD2_BLOCK];
    MD2_INT state[MD2_BLOCK];
 } MD2_CTX;
+#  endif
+#  ifndef OPENSSL_NO_DEPRECATED_3_0
+OSSL_DEPRECATEDIN_3_0 const char *MD2_options(void);
+OSSL_DEPRECATEDIN_3_0 int MD2_Init(MD2_CTX *c);
+OSSL_DEPRECATEDIN_3_0 int MD2_Update(MD2_CTX *c, const unsigned char *data,
+                                     size_t len);
+OSSL_DEPRECATEDIN_3_0 int MD2_Final(unsigned char *md, MD2_CTX *c);
+OSSL_DEPRECATEDIN_3_0 unsigned char *MD2(const unsigned char *d, size_t n,
+                                         unsigned char *md);
+#  endif

-const char *MD2_options(void);
-int MD2_Init(MD2_CTX *c);
-int MD2_Update(MD2_CTX *c, const unsigned char *data, size_t len);
-int MD2_Final(unsigned char *md, MD2_CTX *c);
-unsigned char *MD2(const unsigned char *d, size_t n, unsigned char *md);
-
-# ifdef  __cplusplus
+#  ifdef  __cplusplus
 }
+#  endif
 # endif
-# endif
-
 #endif
--- a/src/3rdparty/win32_include/openssl/md4.h
+++ b/src/3rdparty/win32_include/openssl/md4.h
@ -1,34 +1,43 @@
 /*
- * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 1995-2020 The OpenSSL Project Authors. All Rights Reserved.
 *
- * Licensed under the OpenSSL license (the "License").  You may not use
+ * Licensed under the Apache License 2.0 (the "License").  You may not use
 * this file except in compliance with the License.  You can obtain a copy
 * in the file LICENSE in the source distribution or at
 * https://www.openssl.org/source/license.html
 */

-#ifndef HEADER_MD4_H
-# define HEADER_MD4_H
+#ifndef OPENSSL_MD4_H
+# define OPENSSL_MD4_H
+# pragma once
+
+# include <openssl/macros.h>
+# ifndef OPENSSL_NO_DEPRECATED_3_0
+#  define HEADER_MD4_H
+# endif

 # include <openssl/opensslconf.h>

 # ifndef OPENSSL_NO_MD4
-# include <openssl/e_os2.h>
-# include <stddef.h>
-# ifdef  __cplusplus
+#  include <openssl/e_os2.h>
+#  include <stddef.h>
+#  ifdef  __cplusplus
 extern "C" {
-# endif
+#   endif
+
+#  define MD4_DIGEST_LENGTH 16
+
+#  if !defined(OPENSSL_NO_DEPRECATED_3_0)

 /*-
 * !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
 * ! MD4_LONG has to be at least 32 bits wide.                     !
 * !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
 */
-# define MD4_LONG unsigned int
+#   define MD4_LONG unsigned int

-# define MD4_CBLOCK      64
-# define MD4_LBLOCK      (MD4_CBLOCK/4)
-# define MD4_DIGEST_LENGTH 16
+#   define MD4_CBLOCK      64
+#   define MD4_LBLOCK      (MD4_CBLOCK/4)

 typedef struct MD4state_st {
    MD4_LONG A, B, C, D;
@ -36,16 +45,19 @@ typedef struct MD4state_st {
    MD4_LONG data[MD4_LBLOCK];
    unsigned int num;
 } MD4_CTX;
+#  endif
+#  ifndef OPENSSL_NO_DEPRECATED_3_0
+OSSL_DEPRECATEDIN_3_0 int MD4_Init(MD4_CTX *c);
+OSSL_DEPRECATEDIN_3_0 int MD4_Update(MD4_CTX *c, const void *data, size_t len);
+OSSL_DEPRECATEDIN_3_0 int MD4_Final(unsigned char *md, MD4_CTX *c);
+OSSL_DEPRECATEDIN_3_0 unsigned char *MD4(const unsigned char *d, size_t n,
+                                         unsigned char *md);
+OSSL_DEPRECATEDIN_3_0 void MD4_Transform(MD4_CTX *c, const unsigned char *b);
+#  endif

-int MD4_Init(MD4_CTX *c);
-int MD4_Update(MD4_CTX *c, const void *data, size_t len);
-int MD4_Final(unsigned char *md, MD4_CTX *c);
-unsigned char *MD4(const unsigned char *d, size_t n, unsigned char *md);
-void MD4_Transform(MD4_CTX *c, const unsigned char *b);
-
-# ifdef  __cplusplus
+#  ifdef  __cplusplus
 }
-# endif
+#  endif
 # endif

 #endif
--- a/src/3rdparty/win32_include/openssl/md5.h
+++ b/src/3rdparty/win32_include/openssl/md5.h
@ -1,34 +1,42 @@
 /*
- * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 1995-2020 The OpenSSL Project Authors. All Rights Reserved.
 *
- * Licensed under the OpenSSL license (the "License").  You may not use
+ * Licensed under the Apache License 2.0 (the "License").  You may not use
 * this file except in compliance with the License.  You can obtain a copy
 * in the file LICENSE in the source distribution or at
 * https://www.openssl.org/source/license.html
 */

-#ifndef HEADER_MD5_H
-# define HEADER_MD5_H
+#ifndef OPENSSL_MD5_H
+# define OPENSSL_MD5_H
+# pragma once
+
+# include <openssl/macros.h>
+# ifndef OPENSSL_NO_DEPRECATED_3_0
+#  define HEADER_MD5_H
+# endif

 # include <openssl/opensslconf.h>

 # ifndef OPENSSL_NO_MD5
-# include <openssl/e_os2.h>
-# include <stddef.h>
-# ifdef  __cplusplus
+#  include <openssl/e_os2.h>
+#  include <stddef.h>
+#  ifdef  __cplusplus
 extern "C" {
-# endif
+#  endif

+#  define MD5_DIGEST_LENGTH 16
+
+#  if !defined(OPENSSL_NO_DEPRECATED_3_0)
 /*
 * !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
 * ! MD5_LONG has to be at least 32 bits wide.                     !
 * !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
 */
-# define MD5_LONG unsigned int
+#   define MD5_LONG unsigned int

-# define MD5_CBLOCK      64
-# define MD5_LBLOCK      (MD5_CBLOCK/4)
-# define MD5_DIGEST_LENGTH 16
+#   define MD5_CBLOCK      64
+#   define MD5_LBLOCK      (MD5_CBLOCK/4)

 typedef struct MD5state_st {
    MD5_LONG A, B, C, D;
@ -36,15 +44,19 @@ typedef struct MD5state_st {
    MD5_LONG data[MD5_LBLOCK];
    unsigned int num;
 } MD5_CTX;
+#  endif
+#  ifndef OPENSSL_NO_DEPRECATED_3_0
+OSSL_DEPRECATEDIN_3_0 int MD5_Init(MD5_CTX *c);
+OSSL_DEPRECATEDIN_3_0 int MD5_Update(MD5_CTX *c, const void *data, size_t len);
+OSSL_DEPRECATEDIN_3_0 int MD5_Final(unsigned char *md, MD5_CTX *c);
+OSSL_DEPRECATEDIN_3_0 unsigned char *MD5(const unsigned char *d, size_t n,
+                                         unsigned char *md);
+OSSL_DEPRECATEDIN_3_0 void MD5_Transform(MD5_CTX *c, const unsigned char *b);
+#  endif

-int MD5_Init(MD5_CTX *c);
-int MD5_Update(MD5_CTX *c, const void *data, size_t len);
-int MD5_Final(unsigned char *md, MD5_CTX *c);
-unsigned char *MD5(const unsigned char *d, size_t n, unsigned char *md);
-void MD5_Transform(MD5_CTX *c, const unsigned char *b);
-# ifdef  __cplusplus
+#  ifdef  __cplusplus
 }
-# endif
+#  endif
 # endif

 #endif
--- a/src/3rdparty/win32_include/openssl/mdc2.h
+++ b/src/3rdparty/win32_include/openssl/mdc2.h
@ -1,42 +1,55 @@
 /*
- * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 1995-2020 The OpenSSL Project Authors. All Rights Reserved.
 *
- * Licensed under the OpenSSL license (the "License").  You may not use
+ * Licensed under the Apache License 2.0 (the "License").  You may not use
 * this file except in compliance with the License.  You can obtain a copy
 * in the file LICENSE in the source distribution or at
 * https://www.openssl.org/source/license.html
 */

-#ifndef HEADER_MDC2_H
-# define HEADER_MDC2_H
+#ifndef OPENSSL_MDC2_H
+# define OPENSSL_MDC2_H
+# pragma once
+
+# include <openssl/macros.h>
+# ifndef OPENSSL_NO_DEPRECATED_3_0
+#  define HEADER_MDC2_H
+# endif

 # include <openssl/opensslconf.h>

-#ifndef OPENSSL_NO_MDC2
-# include <stdlib.h>
-# include <openssl/des.h>
-# ifdef  __cplusplus
+# ifndef OPENSSL_NO_MDC2
+#  include <stdlib.h>
+#  include <openssl/des.h>
+#  ifdef  __cplusplus
 extern "C" {
-# endif
+#  endif

-# define MDC2_BLOCK              8
-# define MDC2_DIGEST_LENGTH      16
+#  define MDC2_DIGEST_LENGTH      16
+
+#  if !defined(OPENSSL_NO_DEPRECATED_3_0)
+
+#   define MDC2_BLOCK              8

 typedef struct mdc2_ctx_st {
    unsigned int num;
    unsigned char data[MDC2_BLOCK];
    DES_cblock h, hh;
-    int pad_type;               /* either 1 or 2, default 1 */
+    unsigned int pad_type;   /* either 1 or 2, default 1 */
 } MDC2_CTX;
+#  endif
+#  ifndef OPENSSL_NO_DEPRECATED_3_0
+OSSL_DEPRECATEDIN_3_0 int MDC2_Init(MDC2_CTX *c);
+OSSL_DEPRECATEDIN_3_0 int MDC2_Update(MDC2_CTX *c, const unsigned char *data,
+                                      size_t len);
+OSSL_DEPRECATEDIN_3_0 int MDC2_Final(unsigned char *md, MDC2_CTX *c);
+OSSL_DEPRECATEDIN_3_0 unsigned char *MDC2(const unsigned char *d, size_t n,
+                                          unsigned char *md);
+#  endif

-int MDC2_Init(MDC2_CTX *c);
-int MDC2_Update(MDC2_CTX *c, const unsigned char *data, size_t len);
-int MDC2_Final(unsigned char *md, MDC2_CTX *c);
-unsigned char *MDC2(const unsigned char *d, size_t n, unsigned char *md);
-
-# ifdef  __cplusplus
+#  ifdef  __cplusplus
 }
-# endif
+#  endif
 # endif

 #endif
--- a/src/3rdparty/win32_include/openssl/modes.h
+++ b/src/3rdparty/win32_include/openssl/modes.h
@ -1,16 +1,23 @@
 /*
 * Copyright 2008-2016 The OpenSSL Project Authors. All Rights Reserved.
 *
- * Licensed under the OpenSSL license (the "License").  You may not use
+ * Licensed under the Apache License 2.0 (the "License").  You may not use
 * this file except in compliance with the License.  You can obtain a copy
 * in the file LICENSE in the source distribution or at
 * https://www.openssl.org/source/license.html
 */

-#ifndef HEADER_MODES_H
-# define HEADER_MODES_H
+#ifndef OPENSSL_MODES_H
+# define OPENSSL_MODES_H
+# pragma once
+
+# include <openssl/macros.h>
+# ifndef OPENSSL_NO_DEPRECATED_3_0
+#  define HEADER_MODES_H
+# endif

 # include <stddef.h>
+# include <openssl/types.h>

 # ifdef  __cplusplus
 extern "C" {
@ -22,6 +29,10 @@ typedef void (*cbc128_f) (const unsigned char *in, unsigned char *out,
                          size_t len, const void *key,
                          unsigned char ivec[16], int enc);

+typedef void (*ecb128_f) (const unsigned char *in, unsigned char *out,
+                          size_t len, const void *key,
+                          int enc);
+
 typedef void (*ctr128_f) (const unsigned char *in, unsigned char *out,
                          size_t blocks, const void *key,
                          const unsigned char ivec[16]);
--- a/src/3rdparty/win32_include/openssl/obj_mac.h
+++ b/src/3rdparty/win32_include/openssl/obj_mac.h
@ -2,13 +2,17 @@
 * WARNING: do not edit!
 * Generated by crypto/objects/objects.pl
 *
- * Copyright 2000-2020 The OpenSSL Project Authors. All Rights Reserved.
- * Licensed under the OpenSSL license (the "License").  You may not use
+ * Copyright 2000-2021 The OpenSSL Project Authors. All Rights Reserved.
+ * Licensed under the Apache License 2.0 (the "License").  You may not use
 * this file except in compliance with the License.  You can obtain a copy
 * in the file LICENSE in the source distribution or at
 * https://www.openssl.org/source/license.html
 */

+#ifndef OPENSSL_OBJ_MAC_H
+# define OPENSSL_OBJ_MAC_H
+# pragma once
+
 #define SN_undef                        "UNDEF"
 #define LN_undef                        "undefined"
 #define NID_undef                       0
@ -44,6 +48,11 @@
 #define NID_identified_organization             676
 #define OBJ_identified_organization             OBJ_iso,3L

+#define SN_gmac         "GMAC"
+#define LN_gmac         "gmac"
+#define NID_gmac                1195
+#define OBJ_gmac                OBJ_iso,0L,9797L,3L,4L
+
 #define SN_hmac_md5             "HMAC-MD5"
 #define LN_hmac_md5             "hmac-md5"
 #define NID_hmac_md5            780
@ -845,6 +854,14 @@
 #define NID_id_smime_ct_authEnvelopedData               1059
 #define OBJ_id_smime_ct_authEnvelopedData               OBJ_id_smime_ct,23L

+#define SN_id_ct_routeOriginAuthz               "id-ct-routeOriginAuthz"
+#define NID_id_ct_routeOriginAuthz              1234
+#define OBJ_id_ct_routeOriginAuthz              OBJ_id_smime_ct,24L
+
+#define SN_id_ct_rpkiManifest           "id-ct-rpkiManifest"
+#define NID_id_ct_rpkiManifest          1235
+#define OBJ_id_ct_rpkiManifest          OBJ_id_smime_ct,26L
+
 #define SN_id_ct_asciiTextWithCRLF              "id-ct-asciiTextWithCRLF"
 #define NID_id_ct_asciiTextWithCRLF             787
 #define OBJ_id_ct_asciiTextWithCRLF             OBJ_id_smime_ct,27L
@ -853,6 +870,22 @@
 #define NID_id_ct_xml           1060
 #define OBJ_id_ct_xml           OBJ_id_smime_ct,28L

+#define SN_id_ct_rpkiGhostbusters               "id-ct-rpkiGhostbusters"
+#define NID_id_ct_rpkiGhostbusters              1236
+#define OBJ_id_ct_rpkiGhostbusters              OBJ_id_smime_ct,35L
+
+#define SN_id_ct_resourceTaggedAttest           "id-ct-resourceTaggedAttest"
+#define NID_id_ct_resourceTaggedAttest          1237
+#define OBJ_id_ct_resourceTaggedAttest          OBJ_id_smime_ct,36L
+
+#define SN_id_ct_geofeedCSVwithCRLF             "id-ct-geofeedCSVwithCRLF"
+#define NID_id_ct_geofeedCSVwithCRLF            1246
+#define OBJ_id_ct_geofeedCSVwithCRLF            OBJ_id_smime_ct,47L
+
+#define SN_id_ct_signedChecklist                "id-ct-signedChecklist"
+#define NID_id_ct_signedChecklist               1247
+#define OBJ_id_ct_signedChecklist               OBJ_id_smime_ct,48L
+
 #define SN_id_smime_aa_receiptRequest           "id-smime-aa-receiptRequest"
 #define NID_id_smime_aa_receiptRequest          212
 #define OBJ_id_smime_aa_receiptRequest          OBJ_id_smime_aa,1L
@ -1179,6 +1212,11 @@
 #define NID_sm3WithRSAEncryption                1144
 #define OBJ_sm3WithRSAEncryption                OBJ_sm_scheme,504L

+#define SN_SM2_with_SM3         "SM2-SM3"
+#define LN_SM2_with_SM3         "SM2-with-SM3"
+#define NID_SM2_with_SM3                1204
+#define OBJ_SM2_with_SM3                OBJ_sm_scheme,501L
+
 #define LN_hmacWithSHA224               "hmacWithSHA224"
 #define NID_hmacWithSHA224              798
 #define OBJ_hmacWithSHA224              OBJ_rsadsi,2L,8L
@ -1385,6 +1423,10 @@
 #define NID_id_qcs              267
 #define OBJ_id_qcs              OBJ_id_pkix,11L

+#define SN_id_cp                "id-cp"
+#define NID_id_cp               1238
+#define OBJ_id_cp               OBJ_id_pkix,14L
+
 #define SN_id_cct               "id-cct"
 #define NID_id_cct              268
 #define OBJ_id_cct              OBJ_id_pkix,12L
@ -1518,6 +1560,14 @@
 #define NID_tlsfeature          1020
 #define OBJ_tlsfeature          OBJ_id_pe,24L

+#define SN_sbgp_ipAddrBlockv2           "sbgp-ipAddrBlockv2"
+#define NID_sbgp_ipAddrBlockv2          1239
+#define OBJ_sbgp_ipAddrBlockv2          OBJ_id_pe,28L
+
+#define SN_sbgp_autonomousSysNumv2              "sbgp-autonomousSysNumv2"
+#define NID_sbgp_autonomousSysNumv2             1240
+#define OBJ_sbgp_autonomousSysNumv2             OBJ_id_pe,29L
+
 #define SN_id_qt_cps            "id-qt-cps"
 #define LN_id_qt_cps            "Policy Qualifier CPS"
 #define NID_id_qt_cps           164
@ -1637,6 +1687,26 @@
 #define NID_cmcRA               1132
 #define OBJ_cmcRA               OBJ_id_kp,28L

+#define SN_cmcArchive           "cmcArchive"
+#define LN_cmcArchive           "CMC Archive Server"
+#define NID_cmcArchive          1219
+#define OBJ_cmcArchive          OBJ_id_kp,29L
+
+#define SN_id_kp_bgpsec_router          "id-kp-bgpsec-router"
+#define LN_id_kp_bgpsec_router          "BGPsec Router"
+#define NID_id_kp_bgpsec_router         1220
+#define OBJ_id_kp_bgpsec_router         OBJ_id_kp,30L
+
+#define SN_id_kp_BrandIndicatorforMessageIdentification         "id-kp-BrandIndicatorforMessageIdentification"
+#define LN_id_kp_BrandIndicatorforMessageIdentification         "Brand Indicator for Message Identification"
+#define NID_id_kp_BrandIndicatorforMessageIdentification                1221
+#define OBJ_id_kp_BrandIndicatorforMessageIdentification                OBJ_id_kp,31L
+
+#define SN_cmKGA                "cmKGA"
+#define LN_cmKGA                "Certificate Management Key Generation Authority"
+#define NID_cmKGA               1222
+#define OBJ_cmKGA               OBJ_id_kp,32L
+
 #define SN_id_it_caProtEncCert          "id-it-caProtEncCert"
 #define NID_id_it_caProtEncCert         298
 #define OBJ_id_it_caProtEncCert         OBJ_id_it,1L
@ -1701,6 +1771,18 @@
 #define NID_id_it_suppLangTags          784
 #define OBJ_id_it_suppLangTags          OBJ_id_it,16L

+#define SN_id_it_caCerts                "id-it-caCerts"
+#define NID_id_it_caCerts               1223
+#define OBJ_id_it_caCerts               OBJ_id_it,17L
+
+#define SN_id_it_rootCaKeyUpdate                "id-it-rootCaKeyUpdate"
+#define NID_id_it_rootCaKeyUpdate               1224
+#define OBJ_id_it_rootCaKeyUpdate               OBJ_id_it,18L
+
+#define SN_id_it_certReqTemplate                "id-it-certReqTemplate"
+#define NID_id_it_certReqTemplate               1225
+#define OBJ_id_it_certReqTemplate               OBJ_id_it,19L
+
 #define SN_id_regCtrl           "id-regCtrl"
 #define NID_id_regCtrl          313
 #define OBJ_id_regCtrl          OBJ_id_pkip,1L
@ -1846,6 +1928,26 @@
 #define NID_id_on_permanentIdentifier           858
 #define OBJ_id_on_permanentIdentifier           OBJ_id_on,3L

+#define SN_XmppAddr             "id-on-xmppAddr"
+#define LN_XmppAddr             "XmppAddr"
+#define NID_XmppAddr            1209
+#define OBJ_XmppAddr            OBJ_id_on,5L
+
+#define SN_SRVName              "id-on-dnsSRV"
+#define LN_SRVName              "SRVName"
+#define NID_SRVName             1210
+#define OBJ_SRVName             OBJ_id_on,7L
+
+#define SN_NAIRealm             "id-on-NAIRealm"
+#define LN_NAIRealm             "NAIRealm"
+#define NID_NAIRealm            1211
+#define OBJ_NAIRealm            OBJ_id_on,8L
+
+#define SN_id_on_SmtpUTF8Mailbox                "id-on-SmtpUTF8Mailbox"
+#define LN_id_on_SmtpUTF8Mailbox                "Smtp UTF8 Mailbox"
+#define NID_id_on_SmtpUTF8Mailbox               1208
+#define OBJ_id_on_SmtpUTF8Mailbox               OBJ_id_on,9L
+
 #define SN_id_pda_dateOfBirth           "id-pda-dateOfBirth"
 #define NID_id_pda_dateOfBirth          348
 #define OBJ_id_pda_dateOfBirth          OBJ_id_pda,1L
@ -1894,6 +1996,14 @@
 #define NID_id_qcs_pkixQCSyntax_v1              359
 #define OBJ_id_qcs_pkixQCSyntax_v1              OBJ_id_qcs,1L

+#define SN_ipAddr_asNumber              "ipAddr-asNumber"
+#define NID_ipAddr_asNumber             1241
+#define OBJ_ipAddr_asNumber             OBJ_id_cp,2L
+
+#define SN_ipAddr_asNumberv2            "ipAddr-asNumberv2"
+#define NID_ipAddr_asNumberv2           1242
+#define OBJ_ipAddr_asNumberv2           OBJ_id_cp,3L
+
 #define SN_id_cct_crs           "id-cct-crs"
 #define NID_id_cct_crs          360
 #define OBJ_id_cct_crs          OBJ_id_cct,1L
@ -1946,6 +2056,21 @@
 #define NID_caRepository                785
 #define OBJ_caRepository                OBJ_id_ad,5L

+#define SN_rpkiManifest         "rpkiManifest"
+#define LN_rpkiManifest         "RPKI Manifest"
+#define NID_rpkiManifest                1243
+#define OBJ_rpkiManifest                OBJ_id_ad,10L
+
+#define SN_signedObject         "signedObject"
+#define LN_signedObject         "Signed Object"
+#define NID_signedObject                1244
+#define OBJ_signedObject                OBJ_id_ad,11L
+
+#define SN_rpkiNotify           "rpkiNotify"
+#define LN_rpkiNotify           "RPKI Notify"
+#define NID_rpkiNotify          1245
+#define OBJ_rpkiNotify          OBJ_id_ad,13L
+
 #define OBJ_id_pkix_OCSP                OBJ_ad_OCSP

 #define SN_id_pkix_OCSP_basic           "basicOCSPResponse"
@ -2113,15 +2238,25 @@
 #define NID_ripemd160WithRSA            119
 #define OBJ_ripemd160WithRSA            1L,3L,36L,3L,3L,1L,2L

+#define SN_blake2bmac           "BLAKE2BMAC"
+#define LN_blake2bmac           "blake2bmac"
+#define NID_blake2bmac          1201
+#define OBJ_blake2bmac          1L,3L,6L,1L,4L,1L,1722L,12L,2L,1L
+
+#define SN_blake2smac           "BLAKE2SMAC"
+#define LN_blake2smac           "blake2smac"
+#define NID_blake2smac          1202
+#define OBJ_blake2smac          1L,3L,6L,1L,4L,1L,1722L,12L,2L,2L
+
 #define SN_blake2b512           "BLAKE2b512"
 #define LN_blake2b512           "blake2b512"
 #define NID_blake2b512          1056
-#define OBJ_blake2b512          1L,3L,6L,1L,4L,1L,1722L,12L,2L,1L,16L
+#define OBJ_blake2b512          OBJ_blake2bmac,16L

 #define SN_blake2s256           "BLAKE2s256"
 #define LN_blake2s256           "blake2s256"
 #define NID_blake2s256          1057
-#define OBJ_blake2s256          1L,3L,6L,1L,4L,1L,1722L,12L,2L,2L,8L
+#define OBJ_blake2s256          OBJ_blake2smac,8L

 #define SN_sxnet                "SXNetID"
 #define LN_sxnet                "Strong Extranet ID"
@ -2971,6 +3106,16 @@
 #define NID_hmac_sha3_512               1105
 #define OBJ_hmac_sha3_512               OBJ_nist_hashalgs,16L

+#define SN_kmac128              "KMAC128"
+#define LN_kmac128              "kmac128"
+#define NID_kmac128             1196
+#define OBJ_kmac128             OBJ_nist_hashalgs,19L
+
+#define SN_kmac256              "KMAC256"
+#define LN_kmac256              "kmac256"
+#define NID_kmac256             1197
+#define OBJ_kmac256             OBJ_nist_hashalgs,20L
+
 #define OBJ_dsa_with_sha2               OBJ_nistAlgorithms,3L

 #define SN_dsa_with_SHA224              "dsa_with_SHA224"
@ -4230,25 +4375,25 @@
 #define NID_id_tc26_cipher_gostr3412_2015_magma         1173
 #define OBJ_id_tc26_cipher_gostr3412_2015_magma         OBJ_id_tc26_cipher,1L

-#define SN_id_tc26_cipher_gostr3412_2015_magma_ctracpkm         "id-tc26-cipher-gostr3412-2015-magma-ctracpkm"
-#define NID_id_tc26_cipher_gostr3412_2015_magma_ctracpkm                1174
-#define OBJ_id_tc26_cipher_gostr3412_2015_magma_ctracpkm                OBJ_id_tc26_cipher_gostr3412_2015_magma,1L
+#define SN_magma_ctr_acpkm              "magma-ctr-acpkm"
+#define NID_magma_ctr_acpkm             1174
+#define OBJ_magma_ctr_acpkm             OBJ_id_tc26_cipher_gostr3412_2015_magma,1L

-#define SN_id_tc26_cipher_gostr3412_2015_magma_ctracpkm_omac            "id-tc26-cipher-gostr3412-2015-magma-ctracpkm-omac"
-#define NID_id_tc26_cipher_gostr3412_2015_magma_ctracpkm_omac           1175
-#define OBJ_id_tc26_cipher_gostr3412_2015_magma_ctracpkm_omac           OBJ_id_tc26_cipher_gostr3412_2015_magma,2L
+#define SN_magma_ctr_acpkm_omac         "magma-ctr-acpkm-omac"
+#define NID_magma_ctr_acpkm_omac                1175
+#define OBJ_magma_ctr_acpkm_omac                OBJ_id_tc26_cipher_gostr3412_2015_magma,2L

 #define SN_id_tc26_cipher_gostr3412_2015_kuznyechik             "id-tc26-cipher-gostr3412-2015-kuznyechik"
 #define NID_id_tc26_cipher_gostr3412_2015_kuznyechik            1176
 #define OBJ_id_tc26_cipher_gostr3412_2015_kuznyechik            OBJ_id_tc26_cipher,2L

-#define SN_id_tc26_cipher_gostr3412_2015_kuznyechik_ctracpkm            "id-tc26-cipher-gostr3412-2015-kuznyechik-ctracpkm"
-#define NID_id_tc26_cipher_gostr3412_2015_kuznyechik_ctracpkm           1177
-#define OBJ_id_tc26_cipher_gostr3412_2015_kuznyechik_ctracpkm           OBJ_id_tc26_cipher_gostr3412_2015_kuznyechik,1L
+#define SN_kuznyechik_ctr_acpkm         "kuznyechik-ctr-acpkm"
+#define NID_kuznyechik_ctr_acpkm                1177
+#define OBJ_kuznyechik_ctr_acpkm                OBJ_id_tc26_cipher_gostr3412_2015_kuznyechik,1L

-#define SN_id_tc26_cipher_gostr3412_2015_kuznyechik_ctracpkm_omac               "id-tc26-cipher-gostr3412-2015-kuznyechik-ctracpkm-omac"
-#define NID_id_tc26_cipher_gostr3412_2015_kuznyechik_ctracpkm_omac              1178
-#define OBJ_id_tc26_cipher_gostr3412_2015_kuznyechik_ctracpkm_omac              OBJ_id_tc26_cipher_gostr3412_2015_kuznyechik,2L
+#define SN_kuznyechik_ctr_acpkm_omac            "kuznyechik-ctr-acpkm-omac"
+#define NID_kuznyechik_ctr_acpkm_omac           1178
+#define OBJ_kuznyechik_ctr_acpkm_omac           OBJ_id_tc26_cipher_gostr3412_2015_kuznyechik,2L

 #define SN_id_tc26_agreement            "id-tc26-agreement"
 #define NID_id_tc26_agreement           991
@ -4270,17 +4415,17 @@
 #define NID_id_tc26_wrap_gostr3412_2015_magma           1180
 #define OBJ_id_tc26_wrap_gostr3412_2015_magma           OBJ_id_tc26_wrap,1L

-#define SN_id_tc26_wrap_gostr3412_2015_magma_kexp15             "id-tc26-wrap-gostr3412-2015-magma-kexp15"
-#define NID_id_tc26_wrap_gostr3412_2015_magma_kexp15            1181
-#define OBJ_id_tc26_wrap_gostr3412_2015_magma_kexp15            OBJ_id_tc26_wrap_gostr3412_2015_magma,1L
+#define SN_magma_kexp15         "magma-kexp15"
+#define NID_magma_kexp15                1181
+#define OBJ_magma_kexp15                OBJ_id_tc26_wrap_gostr3412_2015_magma,1L

 #define SN_id_tc26_wrap_gostr3412_2015_kuznyechik               "id-tc26-wrap-gostr3412-2015-kuznyechik"
 #define NID_id_tc26_wrap_gostr3412_2015_kuznyechik              1182
 #define OBJ_id_tc26_wrap_gostr3412_2015_kuznyechik              OBJ_id_tc26_wrap,2L

-#define SN_id_tc26_wrap_gostr3412_2015_kuznyechik_kexp15                "id-tc26-wrap-gostr3412-2015-kuznyechik-kexp15"
-#define NID_id_tc26_wrap_gostr3412_2015_kuznyechik_kexp15               1183
-#define OBJ_id_tc26_wrap_gostr3412_2015_kuznyechik_kexp15               OBJ_id_tc26_wrap_gostr3412_2015_kuznyechik,1L
+#define SN_kuznyechik_kexp15            "kuznyechik-kexp15"
+#define NID_kuznyechik_kexp15           1183
+#define OBJ_kuznyechik_kexp15           OBJ_id_tc26_wrap_gostr3412_2015_kuznyechik,1L

 #define SN_id_tc26_constants            "id-tc26-constants"
 #define NID_id_tc26_constants           994
@ -4370,6 +4515,11 @@
 #define NID_SNILS               1006
 #define OBJ_SNILS               OBJ_member_body,643L,100L,3L

+#define SN_OGRNIP               "OGRNIP"
+#define LN_OGRNIP               "OGRNIP"
+#define NID_OGRNIP              1226
+#define OBJ_OGRNIP              OBJ_member_body,643L,100L,5L
+
 #define SN_subjectSignTool              "subjectSignTool"
 #define LN_subjectSignTool              "Signing Tool of Subject"
 #define NID_subjectSignTool             1007
@ -4380,23 +4530,58 @@
 #define NID_issuerSignTool              1008
 #define OBJ_issuerSignTool              OBJ_member_body,643L,100L,112L

-#define SN_grasshopper_ecb              "grasshopper-ecb"
-#define NID_grasshopper_ecb             1012
+#define SN_classSignTool                "classSignTool"
+#define LN_classSignTool                "Class of Signing Tool"
+#define NID_classSignTool               1227
+#define OBJ_classSignTool               OBJ_member_body,643L,100L,113L

-#define SN_grasshopper_ctr              "grasshopper-ctr"
-#define NID_grasshopper_ctr             1013
+#define SN_classSignToolKC1             "classSignToolKC1"
+#define LN_classSignToolKC1             "Class of Signing Tool KC1"
+#define NID_classSignToolKC1            1228
+#define OBJ_classSignToolKC1            OBJ_member_body,643L,100L,113L,1L

-#define SN_grasshopper_ofb              "grasshopper-ofb"
-#define NID_grasshopper_ofb             1014
+#define SN_classSignToolKC2             "classSignToolKC2"
+#define LN_classSignToolKC2             "Class of Signing Tool KC2"
+#define NID_classSignToolKC2            1229
+#define OBJ_classSignToolKC2            OBJ_member_body,643L,100L,113L,2L

-#define SN_grasshopper_cbc              "grasshopper-cbc"
-#define NID_grasshopper_cbc             1015
+#define SN_classSignToolKC3             "classSignToolKC3"
+#define LN_classSignToolKC3             "Class of Signing Tool KC3"
+#define NID_classSignToolKC3            1230
+#define OBJ_classSignToolKC3            OBJ_member_body,643L,100L,113L,3L

-#define SN_grasshopper_cfb              "grasshopper-cfb"
-#define NID_grasshopper_cfb             1016
+#define SN_classSignToolKB1             "classSignToolKB1"
+#define LN_classSignToolKB1             "Class of Signing Tool KB1"
+#define NID_classSignToolKB1            1231
+#define OBJ_classSignToolKB1            OBJ_member_body,643L,100L,113L,4L

-#define SN_grasshopper_mac              "grasshopper-mac"
-#define NID_grasshopper_mac             1017
+#define SN_classSignToolKB2             "classSignToolKB2"
+#define LN_classSignToolKB2             "Class of Signing Tool KB2"
+#define NID_classSignToolKB2            1232
+#define OBJ_classSignToolKB2            OBJ_member_body,643L,100L,113L,5L
+
+#define SN_classSignToolKA1             "classSignToolKA1"
+#define LN_classSignToolKA1             "Class of Signing Tool KA1"
+#define NID_classSignToolKA1            1233
+#define OBJ_classSignToolKA1            OBJ_member_body,643L,100L,113L,6L
+
+#define SN_kuznyechik_ecb               "kuznyechik-ecb"
+#define NID_kuznyechik_ecb              1012
+
+#define SN_kuznyechik_ctr               "kuznyechik-ctr"
+#define NID_kuznyechik_ctr              1013
+
+#define SN_kuznyechik_ofb               "kuznyechik-ofb"
+#define NID_kuznyechik_ofb              1014
+
+#define SN_kuznyechik_cbc               "kuznyechik-cbc"
+#define NID_kuznyechik_cbc              1015
+
+#define SN_kuznyechik_cfb               "kuznyechik-cfb"
+#define NID_kuznyechik_cfb              1016
+
+#define SN_kuznyechik_mac               "kuznyechik-mac"
+#define NID_kuznyechik_mac              1017

 #define SN_magma_ecb            "magma-ecb"
 #define NID_magma_ecb           1187
@ -4970,6 +5155,22 @@
 #define LN_hkdf         "hkdf"
 #define NID_hkdf                1036

+#define SN_sshkdf               "SSHKDF"
+#define LN_sshkdf               "sshkdf"
+#define NID_sshkdf              1203
+
+#define SN_sskdf                "SSKDF"
+#define LN_sskdf                "sskdf"
+#define NID_sskdf               1205
+
+#define SN_x942kdf              "X942KDF"
+#define LN_x942kdf              "x942kdf"
+#define NID_x942kdf             1207
+
+#define SN_x963kdf              "X963KDF"
+#define LN_x963kdf              "x963kdf"
+#define NID_x963kdf             1206
+
 #define SN_id_pkinit            "id-pkinit"
 #define NID_id_pkinit           1031
 #define OBJ_id_pkinit           1L,3L,6L,1L,5L,2L,3L
@ -5036,6 +5237,10 @@
 #define LN_kx_gost              "kx-gost"
 #define NID_kx_gost             1045

+#define SN_kx_gost18            "KxGOST18"
+#define LN_kx_gost18            "kx-gost18"
+#define NID_kx_gost18           1218
+
 #define SN_kx_any               "KxANY"
 #define LN_kx_any               "kx-any"
 #define NID_kx_any              1063
@ -5099,6 +5304,24 @@
 #define SN_ffdhe8192            "ffdhe8192"
 #define NID_ffdhe8192           1130

+#define SN_modp_1536            "modp_1536"
+#define NID_modp_1536           1212
+
+#define SN_modp_2048            "modp_2048"
+#define NID_modp_2048           1213
+
+#define SN_modp_3072            "modp_3072"
+#define NID_modp_3072           1214
+
+#define SN_modp_4096            "modp_4096"
+#define NID_modp_4096           1215
+
+#define SN_modp_6144            "modp_6144"
+#define NID_modp_6144           1216
+
+#define SN_modp_8192            "modp_8192"
+#define NID_modp_8192           1217
+
 #define SN_ISO_UA               "ISO-UA"
 #define NID_ISO_UA              1150
 #define OBJ_ISO_UA              OBJ_member_body,804L
@ -5196,3 +5419,63 @@
 #define LN_uacurve9             "DSTU curve 9"
 #define NID_uacurve9            1169
 #define OBJ_uacurve9            OBJ_dstu4145le,2L,9L
+
+#define SN_aes_128_siv          "AES-128-SIV"
+#define LN_aes_128_siv          "aes-128-siv"
+#define NID_aes_128_siv         1198
+
+#define SN_aes_192_siv          "AES-192-SIV"
+#define LN_aes_192_siv          "aes-192-siv"
+#define NID_aes_192_siv         1199
+
+#define SN_aes_256_siv          "AES-256-SIV"
+#define LN_aes_256_siv          "aes-256-siv"
+#define NID_aes_256_siv         1200
+
+#endif /* OPENSSL_OBJ_MAC_H */
+
+#ifndef OPENSSL_NO_DEPRECATED_3_0
+
+#define SN_id_tc26_cipher_gostr3412_2015_magma_ctracpkm                 SN_magma_ctr_acpkm
+#define NID_id_tc26_cipher_gostr3412_2015_magma_ctracpkm                NID_magma_ctr_acpkm
+#define OBJ_id_tc26_cipher_gostr3412_2015_magma_ctracpkm                OBJ_magma_ctr_acpkm
+
+#define SN_id_tc26_cipher_gostr3412_2015_magma_ctracpkm_omac            SN_magma_ctr_acpkm_omac
+#define NID_id_tc26_cipher_gostr3412_2015_magma_ctracpkm_omac           NID_magma_ctr_acpkm_omac
+#define OBJ_id_tc26_cipher_gostr3412_2015_magma_ctracpkm_omac           OBJ_magma_ctr_acpkm_omac
+
+#define SN_id_tc26_cipher_gostr3412_2015_kuznyechik_ctracpkm            SN_kuznyechik_ctr_acpkm
+#define NID_id_tc26_cipher_gostr3412_2015_kuznyechik_ctracpkm           NID_kuznyechik_ctr_acpkm
+#define OBJ_id_tc26_cipher_gostr3412_2015_kuznyechik_ctracpkm           OBJ_kuznyechik_ctr_acpkm
+
+#define SN_id_tc26_cipher_gostr3412_2015_kuznyechik_ctracpkm_omac               SN_kuznyechik_ctr_acpkm_omac
+#define NID_id_tc26_cipher_gostr3412_2015_kuznyechik_ctracpkm_omac              NID_kuznyechik_ctr_acpkm_omac
+#define OBJ_id_tc26_cipher_gostr3412_2015_kuznyechik_ctracpkm_omac              OBJ_kuznyechik_ctr_acpkm_omac
+
+#define SN_id_tc26_wrap_gostr3412_2015_magma_kexp15             SN_magma_kexp15
+#define NID_id_tc26_wrap_gostr3412_2015_magma_kexp15            NID_magma_kexp15
+#define OBJ_id_tc26_wrap_gostr3412_2015_magma_kexp15            OBJ_magma_kexp15
+
+#define SN_id_tc26_wrap_gostr3412_2015_kuznyechik_kexp15                SN_kuznyechik_kexp15
+#define NID_id_tc26_wrap_gostr3412_2015_kuznyechik_kexp15               NID_kuznyechik_kexp15
+#define OBJ_id_tc26_wrap_gostr3412_2015_kuznyechik_kexp15               OBJ_kuznyechik_kexp15
+
+#define SN_grasshopper_ecb              SN_kuznyechik_ecb
+#define NID_grasshopper_ecb             NID_kuznyechik_ecb
+
+#define SN_grasshopper_ctr              SN_kuznyechik_ctr
+#define NID_grasshopper_ctr             NID_kuznyechik_ctr
+
+#define SN_grasshopper_ofb              SN_kuznyechik_ofb
+#define NID_grasshopper_ofb             NID_kuznyechik_ofb
+
+#define SN_grasshopper_cbc              SN_kuznyechik_cbc
+#define NID_grasshopper_cbc             NID_kuznyechik_cbc
+
+#define SN_grasshopper_cfb              SN_kuznyechik_cfb
+#define NID_grasshopper_cfb             NID_kuznyechik_cfb
+
+#define SN_grasshopper_mac              SN_kuznyechik_mac
+#define NID_grasshopper_mac             NID_kuznyechik_mac
+
+#endif  /* OPENSSL_NO_DEPRECATED_3_0 */
--- a/src/3rdparty/win32_include/openssl/objects.h
+++ b/src/3rdparty/win32_include/openssl/objects.h
@ -1,14 +1,20 @@
 /*
- * Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 1995-2019 The OpenSSL Project Authors. All Rights Reserved.
 *
- * Licensed under the OpenSSL license (the "License").  You may not use
+ * Licensed under the Apache License 2.0 (the "License").  You may not use
 * this file except in compliance with the License.  You can obtain a copy
 * in the file LICENSE in the source distribution or at
 * https://www.openssl.org/source/license.html
 */

-#ifndef HEADER_OBJECTS_H
-# define HEADER_OBJECTS_H
+#ifndef OPENSSL_OBJECTS_H
+# define OPENSSL_OBJECTS_H
+# pragma once
+
+# include <openssl/macros.h>
+# ifndef OPENSSL_NO_DEPRECATED_3_0
+#  define HEADER_OBJECTS_H
+# endif

 # include <openssl/obj_mac.h>
 # include <openssl/bio.h>
@ -20,7 +26,9 @@
 # define OBJ_NAME_TYPE_CIPHER_METH       0x02
 # define OBJ_NAME_TYPE_PKEY_METH         0x03
 # define OBJ_NAME_TYPE_COMP_METH         0x04
-# define OBJ_NAME_TYPE_NUM               0x05
+# define OBJ_NAME_TYPE_MAC_METH          0x05
+# define OBJ_NAME_TYPE_KDF_METH          0x06
+# define OBJ_NAME_TYPE_NUM               0x07

 # define OBJ_NAME_ALIAS                  0x8000

@ -55,7 +63,7 @@ void OBJ_NAME_do_all_sorted(int type,
                            void (*fn) (const OBJ_NAME *, void *arg),
                            void *arg);

-ASN1_OBJECT *OBJ_dup(const ASN1_OBJECT *o);
+DECLARE_ASN1_DUP_FUNCTION_name(ASN1_OBJECT, OBJ)
 ASN1_OBJECT *OBJ_nid2obj(int n);
 const char *OBJ_nid2ln(int n);
 const char *OBJ_nid2sn(int n);
@ -155,7 +163,7 @@ const void *OBJ_bsearch_ex_(const void *key, const void *base, int num,
 int OBJ_new_nid(int num);
 int OBJ_add_object(const ASN1_OBJECT *obj);
 int OBJ_create(const char *oid, const char *sn, const char *ln);
-#if OPENSSL_API_COMPAT < 0x10100000L
+#ifndef OPENSSL_NO_DEPRECATED_1_1_0
 # define OBJ_cleanup() while(0) continue
 #endif
 int OBJ_create_objects(BIO *in);
--- a/src/3rdparty/win32_include/openssl/objectserr.h
+++ b/src/3rdparty/win32_include/openssl/objectserr.h
@ -1,42 +1,28 @@
 /*
 * Generated by util/mkerr.pl DO NOT EDIT
- * Copyright 1995-2019 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 1995-2021 The OpenSSL Project Authors. All Rights Reserved.
 *
- * Licensed under the OpenSSL license (the "License").  You may not use
+ * Licensed under the Apache License 2.0 (the "License").  You may not use
 * this file except in compliance with the License.  You can obtain a copy
 * in the file LICENSE in the source distribution or at
 * https://www.openssl.org/source/license.html
 */

-#ifndef HEADER_OBJERR_H
-# define HEADER_OBJERR_H
+#ifndef OPENSSL_OBJECTSERR_H
+# define OPENSSL_OBJECTSERR_H
+# pragma once

-# ifndef HEADER_SYMHACKS_H
-#  include <openssl/symhacks.h>
-# endif
+# include <openssl/opensslconf.h>
+# include <openssl/symhacks.h>
+# include <openssl/cryptoerr_legacy.h>

-# ifdef  __cplusplus
-extern "C"
-# endif
-int ERR_load_OBJ_strings(void);

-/*
- * OBJ function codes.
- */
-# define OBJ_F_OBJ_ADD_OBJECT                             105
-# define OBJ_F_OBJ_ADD_SIGID                              107
-# define OBJ_F_OBJ_CREATE                                 100
-# define OBJ_F_OBJ_DUP                                    101
-# define OBJ_F_OBJ_NAME_NEW_INDEX                         106
-# define OBJ_F_OBJ_NID2LN                                 102
-# define OBJ_F_OBJ_NID2OBJ                                103
-# define OBJ_F_OBJ_NID2SN                                 104
-# define OBJ_F_OBJ_TXT2OBJ                                108

 /*
 * OBJ reason codes.
 */
 # define OBJ_R_OID_EXISTS                                 102
 # define OBJ_R_UNKNOWN_NID                                101
+# define OBJ_R_UNKNOWN_OBJECT_NAME                        103

 #endif
--- a/src/3rdparty/win32_include/openssl/ocsp.h
+++ b/src/3rdparty/win32_include/openssl/ocsp.h
@ -1,16 +1,29 @@
 /*
- * Copyright 2000-2019 The OpenSSL Project Authors. All Rights Reserved.
+ * WARNING: do not edit!
+ * Generated by makefile from include\openssl\ocsp.h.in
 *
- * Licensed under the OpenSSL license (the "License").  You may not use
+ * Copyright 2000-2021 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the Apache License 2.0 (the "License").  You may not use
 * this file except in compliance with the License.  You can obtain a copy
 * in the file LICENSE in the source distribution or at
 * https://www.openssl.org/source/license.html
 */

-#ifndef HEADER_OCSP_H
-# define HEADER_OCSP_H

-#include <openssl/opensslconf.h>
+
+#ifndef OPENSSL_OCSP_H
+# define OPENSSL_OCSP_H
+# pragma once
+
+# include <openssl/macros.h>
+# ifndef OPENSSL_NO_DEPRECATED_3_0
+#  define HEADER_OCSP_H
+# endif
+
+# include <openssl/opensslconf.h>
+# include <openssl/http.h>
+# include <openssl/asn1.h>

 /*
 * These definitions are outside the OPENSSL_NO_OCSP guard because although for
@ -26,30 +39,34 @@
 *        superseded              (4),
 *        cessationOfOperation    (5),
 *        certificateHold         (6),
- *        removeFromCRL           (8) }
+ *        -- value 7 is not used
+ *        removeFromCRL           (8),
+ *        privilegeWithdrawn      (9),
+ *        aACompromise           (10) }
 */
-#  define OCSP_REVOKED_STATUS_NOSTATUS               -1
-#  define OCSP_REVOKED_STATUS_UNSPECIFIED             0
-#  define OCSP_REVOKED_STATUS_KEYCOMPROMISE           1
-#  define OCSP_REVOKED_STATUS_CACOMPROMISE            2
-#  define OCSP_REVOKED_STATUS_AFFILIATIONCHANGED      3
-#  define OCSP_REVOKED_STATUS_SUPERSEDED              4
-#  define OCSP_REVOKED_STATUS_CESSATIONOFOPERATION    5
-#  define OCSP_REVOKED_STATUS_CERTIFICATEHOLD         6
-#  define OCSP_REVOKED_STATUS_REMOVEFROMCRL           8
+# define OCSP_REVOKED_STATUS_NOSTATUS                -1
+# define OCSP_REVOKED_STATUS_UNSPECIFIED             0
+# define OCSP_REVOKED_STATUS_KEYCOMPROMISE           1
+# define OCSP_REVOKED_STATUS_CACOMPROMISE            2
+# define OCSP_REVOKED_STATUS_AFFILIATIONCHANGED      3
+# define OCSP_REVOKED_STATUS_SUPERSEDED              4
+# define OCSP_REVOKED_STATUS_CESSATIONOFOPERATION    5
+# define OCSP_REVOKED_STATUS_CERTIFICATEHOLD         6
+# define OCSP_REVOKED_STATUS_REMOVEFROMCRL           8
+# define OCSP_REVOKED_STATUS_PRIVILEGEWITHDRAWN      9
+# define OCSP_REVOKED_STATUS_AACOMPROMISE            10


 # ifndef OPENSSL_NO_OCSP

-#  include <openssl/ossl_typ.h>
 #  include <openssl/x509.h>
 #  include <openssl/x509v3.h>
 #  include <openssl/safestack.h>
 #  include <openssl/ocsperr.h>

-#ifdef  __cplusplus
+#  ifdef __cplusplus
 extern "C" {
-#endif
+#  endif

 /* Various flags and values */

@ -67,19 +84,68 @@ extern "C" {
 #  define OCSP_TRUSTOTHER                 0x200
 #  define OCSP_RESPID_KEY                 0x400
 #  define OCSP_NOTIME                     0x800
+#  define OCSP_PARTIAL_CHAIN              0x1000

 typedef struct ocsp_cert_id_st OCSP_CERTID;
-
-DEFINE_STACK_OF(OCSP_CERTID)
-
 typedef struct ocsp_one_request_st OCSP_ONEREQ;
-
-DEFINE_STACK_OF(OCSP_ONEREQ)
-
 typedef struct ocsp_req_info_st OCSP_REQINFO;
 typedef struct ocsp_signature_st OCSP_SIGNATURE;
 typedef struct ocsp_request_st OCSP_REQUEST;

+SKM_DEFINE_STACK_OF_INTERNAL(OCSP_CERTID, OCSP_CERTID, OCSP_CERTID)
+#define sk_OCSP_CERTID_num(sk) OPENSSL_sk_num(ossl_check_const_OCSP_CERTID_sk_type(sk))
+#define sk_OCSP_CERTID_value(sk, idx) ((OCSP_CERTID *)OPENSSL_sk_value(ossl_check_const_OCSP_CERTID_sk_type(sk), (idx)))
+#define sk_OCSP_CERTID_new(cmp) ((STACK_OF(OCSP_CERTID) *)OPENSSL_sk_new(ossl_check_OCSP_CERTID_compfunc_type(cmp)))
+#define sk_OCSP_CERTID_new_null() ((STACK_OF(OCSP_CERTID) *)OPENSSL_sk_new_null())
+#define sk_OCSP_CERTID_new_reserve(cmp, n) ((STACK_OF(OCSP_CERTID) *)OPENSSL_sk_new_reserve(ossl_check_OCSP_CERTID_compfunc_type(cmp), (n)))
+#define sk_OCSP_CERTID_reserve(sk, n) OPENSSL_sk_reserve(ossl_check_OCSP_CERTID_sk_type(sk), (n))
+#define sk_OCSP_CERTID_free(sk) OPENSSL_sk_free(ossl_check_OCSP_CERTID_sk_type(sk))
+#define sk_OCSP_CERTID_zero(sk) OPENSSL_sk_zero(ossl_check_OCSP_CERTID_sk_type(sk))
+#define sk_OCSP_CERTID_delete(sk, i) ((OCSP_CERTID *)OPENSSL_sk_delete(ossl_check_OCSP_CERTID_sk_type(sk), (i)))
+#define sk_OCSP_CERTID_delete_ptr(sk, ptr) ((OCSP_CERTID *)OPENSSL_sk_delete_ptr(ossl_check_OCSP_CERTID_sk_type(sk), ossl_check_OCSP_CERTID_type(ptr)))
+#define sk_OCSP_CERTID_push(sk, ptr) OPENSSL_sk_push(ossl_check_OCSP_CERTID_sk_type(sk), ossl_check_OCSP_CERTID_type(ptr))
+#define sk_OCSP_CERTID_unshift(sk, ptr) OPENSSL_sk_unshift(ossl_check_OCSP_CERTID_sk_type(sk), ossl_check_OCSP_CERTID_type(ptr))
+#define sk_OCSP_CERTID_pop(sk) ((OCSP_CERTID *)OPENSSL_sk_pop(ossl_check_OCSP_CERTID_sk_type(sk)))
+#define sk_OCSP_CERTID_shift(sk) ((OCSP_CERTID *)OPENSSL_sk_shift(ossl_check_OCSP_CERTID_sk_type(sk)))
+#define sk_OCSP_CERTID_pop_free(sk, freefunc) OPENSSL_sk_pop_free(ossl_check_OCSP_CERTID_sk_type(sk),ossl_check_OCSP_CERTID_freefunc_type(freefunc))
+#define sk_OCSP_CERTID_insert(sk, ptr, idx) OPENSSL_sk_insert(ossl_check_OCSP_CERTID_sk_type(sk), ossl_check_OCSP_CERTID_type(ptr), (idx))
+#define sk_OCSP_CERTID_set(sk, idx, ptr) ((OCSP_CERTID *)OPENSSL_sk_set(ossl_check_OCSP_CERTID_sk_type(sk), (idx), ossl_check_OCSP_CERTID_type(ptr)))
+#define sk_OCSP_CERTID_find(sk, ptr) OPENSSL_sk_find(ossl_check_OCSP_CERTID_sk_type(sk), ossl_check_OCSP_CERTID_type(ptr))
+#define sk_OCSP_CERTID_find_ex(sk, ptr) OPENSSL_sk_find_ex(ossl_check_OCSP_CERTID_sk_type(sk), ossl_check_OCSP_CERTID_type(ptr))
+#define sk_OCSP_CERTID_find_all(sk, ptr, pnum) OPENSSL_sk_find_all(ossl_check_OCSP_CERTID_sk_type(sk), ossl_check_OCSP_CERTID_type(ptr), pnum)
+#define sk_OCSP_CERTID_sort(sk) OPENSSL_sk_sort(ossl_check_OCSP_CERTID_sk_type(sk))
+#define sk_OCSP_CERTID_is_sorted(sk) OPENSSL_sk_is_sorted(ossl_check_const_OCSP_CERTID_sk_type(sk))
+#define sk_OCSP_CERTID_dup(sk) ((STACK_OF(OCSP_CERTID) *)OPENSSL_sk_dup(ossl_check_const_OCSP_CERTID_sk_type(sk)))
+#define sk_OCSP_CERTID_deep_copy(sk, copyfunc, freefunc) ((STACK_OF(OCSP_CERTID) *)OPENSSL_sk_deep_copy(ossl_check_const_OCSP_CERTID_sk_type(sk), ossl_check_OCSP_CERTID_copyfunc_type(copyfunc), ossl_check_OCSP_CERTID_freefunc_type(freefunc)))
+#define sk_OCSP_CERTID_set_cmp_func(sk, cmp) ((sk_OCSP_CERTID_compfunc)OPENSSL_sk_set_cmp_func(ossl_check_OCSP_CERTID_sk_type(sk), ossl_check_OCSP_CERTID_compfunc_type(cmp)))
+SKM_DEFINE_STACK_OF_INTERNAL(OCSP_ONEREQ, OCSP_ONEREQ, OCSP_ONEREQ)
+#define sk_OCSP_ONEREQ_num(sk) OPENSSL_sk_num(ossl_check_const_OCSP_ONEREQ_sk_type(sk))
+#define sk_OCSP_ONEREQ_value(sk, idx) ((OCSP_ONEREQ *)OPENSSL_sk_value(ossl_check_const_OCSP_ONEREQ_sk_type(sk), (idx)))
+#define sk_OCSP_ONEREQ_new(cmp) ((STACK_OF(OCSP_ONEREQ) *)OPENSSL_sk_new(ossl_check_OCSP_ONEREQ_compfunc_type(cmp)))
+#define sk_OCSP_ONEREQ_new_null() ((STACK_OF(OCSP_ONEREQ) *)OPENSSL_sk_new_null())
+#define sk_OCSP_ONEREQ_new_reserve(cmp, n) ((STACK_OF(OCSP_ONEREQ) *)OPENSSL_sk_new_reserve(ossl_check_OCSP_ONEREQ_compfunc_type(cmp), (n)))
+#define sk_OCSP_ONEREQ_reserve(sk, n) OPENSSL_sk_reserve(ossl_check_OCSP_ONEREQ_sk_type(sk), (n))
+#define sk_OCSP_ONEREQ_free(sk) OPENSSL_sk_free(ossl_check_OCSP_ONEREQ_sk_type(sk))
+#define sk_OCSP_ONEREQ_zero(sk) OPENSSL_sk_zero(ossl_check_OCSP_ONEREQ_sk_type(sk))
+#define sk_OCSP_ONEREQ_delete(sk, i) ((OCSP_ONEREQ *)OPENSSL_sk_delete(ossl_check_OCSP_ONEREQ_sk_type(sk), (i)))
+#define sk_OCSP_ONEREQ_delete_ptr(sk, ptr) ((OCSP_ONEREQ *)OPENSSL_sk_delete_ptr(ossl_check_OCSP_ONEREQ_sk_type(sk), ossl_check_OCSP_ONEREQ_type(ptr)))
+#define sk_OCSP_ONEREQ_push(sk, ptr) OPENSSL_sk_push(ossl_check_OCSP_ONEREQ_sk_type(sk), ossl_check_OCSP_ONEREQ_type(ptr))
+#define sk_OCSP_ONEREQ_unshift(sk, ptr) OPENSSL_sk_unshift(ossl_check_OCSP_ONEREQ_sk_type(sk), ossl_check_OCSP_ONEREQ_type(ptr))
+#define sk_OCSP_ONEREQ_pop(sk) ((OCSP_ONEREQ *)OPENSSL_sk_pop(ossl_check_OCSP_ONEREQ_sk_type(sk)))
+#define sk_OCSP_ONEREQ_shift(sk) ((OCSP_ONEREQ *)OPENSSL_sk_shift(ossl_check_OCSP_ONEREQ_sk_type(sk)))
+#define sk_OCSP_ONEREQ_pop_free(sk, freefunc) OPENSSL_sk_pop_free(ossl_check_OCSP_ONEREQ_sk_type(sk),ossl_check_OCSP_ONEREQ_freefunc_type(freefunc))
+#define sk_OCSP_ONEREQ_insert(sk, ptr, idx) OPENSSL_sk_insert(ossl_check_OCSP_ONEREQ_sk_type(sk), ossl_check_OCSP_ONEREQ_type(ptr), (idx))
+#define sk_OCSP_ONEREQ_set(sk, idx, ptr) ((OCSP_ONEREQ *)OPENSSL_sk_set(ossl_check_OCSP_ONEREQ_sk_type(sk), (idx), ossl_check_OCSP_ONEREQ_type(ptr)))
+#define sk_OCSP_ONEREQ_find(sk, ptr) OPENSSL_sk_find(ossl_check_OCSP_ONEREQ_sk_type(sk), ossl_check_OCSP_ONEREQ_type(ptr))
+#define sk_OCSP_ONEREQ_find_ex(sk, ptr) OPENSSL_sk_find_ex(ossl_check_OCSP_ONEREQ_sk_type(sk), ossl_check_OCSP_ONEREQ_type(ptr))
+#define sk_OCSP_ONEREQ_find_all(sk, ptr, pnum) OPENSSL_sk_find_all(ossl_check_OCSP_ONEREQ_sk_type(sk), ossl_check_OCSP_ONEREQ_type(ptr), pnum)
+#define sk_OCSP_ONEREQ_sort(sk) OPENSSL_sk_sort(ossl_check_OCSP_ONEREQ_sk_type(sk))
+#define sk_OCSP_ONEREQ_is_sorted(sk) OPENSSL_sk_is_sorted(ossl_check_const_OCSP_ONEREQ_sk_type(sk))
+#define sk_OCSP_ONEREQ_dup(sk) ((STACK_OF(OCSP_ONEREQ) *)OPENSSL_sk_dup(ossl_check_const_OCSP_ONEREQ_sk_type(sk)))
+#define sk_OCSP_ONEREQ_deep_copy(sk, copyfunc, freefunc) ((STACK_OF(OCSP_ONEREQ) *)OPENSSL_sk_deep_copy(ossl_check_const_OCSP_ONEREQ_sk_type(sk), ossl_check_OCSP_ONEREQ_copyfunc_type(copyfunc), ossl_check_OCSP_ONEREQ_freefunc_type(freefunc)))
+#define sk_OCSP_ONEREQ_set_cmp_func(sk, cmp) ((sk_OCSP_ONEREQ_compfunc)OPENSSL_sk_set_cmp_func(ossl_check_OCSP_ONEREQ_sk_type(sk), ossl_check_OCSP_ONEREQ_compfunc_type(cmp)))
+
+
 #  define OCSP_RESPONSE_STATUS_SUCCESSFUL           0
 #  define OCSP_RESPONSE_STATUS_MALFORMEDREQUEST     1
 #  define OCSP_RESPONSE_STATUS_INTERNALERROR        2
@ -92,7 +158,33 @@ typedef struct ocsp_resp_bytes_st OCSP_RESPBYTES;
 #  define V_OCSP_RESPID_NAME 0
 #  define V_OCSP_RESPID_KEY  1

-DEFINE_STACK_OF(OCSP_RESPID)
+SKM_DEFINE_STACK_OF_INTERNAL(OCSP_RESPID, OCSP_RESPID, OCSP_RESPID)
+#define sk_OCSP_RESPID_num(sk) OPENSSL_sk_num(ossl_check_const_OCSP_RESPID_sk_type(sk))
+#define sk_OCSP_RESPID_value(sk, idx) ((OCSP_RESPID *)OPENSSL_sk_value(ossl_check_const_OCSP_RESPID_sk_type(sk), (idx)))
+#define sk_OCSP_RESPID_new(cmp) ((STACK_OF(OCSP_RESPID) *)OPENSSL_sk_new(ossl_check_OCSP_RESPID_compfunc_type(cmp)))
+#define sk_OCSP_RESPID_new_null() ((STACK_OF(OCSP_RESPID) *)OPENSSL_sk_new_null())
+#define sk_OCSP_RESPID_new_reserve(cmp, n) ((STACK_OF(OCSP_RESPID) *)OPENSSL_sk_new_reserve(ossl_check_OCSP_RESPID_compfunc_type(cmp), (n)))
+#define sk_OCSP_RESPID_reserve(sk, n) OPENSSL_sk_reserve(ossl_check_OCSP_RESPID_sk_type(sk), (n))
+#define sk_OCSP_RESPID_free(sk) OPENSSL_sk_free(ossl_check_OCSP_RESPID_sk_type(sk))
+#define sk_OCSP_RESPID_zero(sk) OPENSSL_sk_zero(ossl_check_OCSP_RESPID_sk_type(sk))
+#define sk_OCSP_RESPID_delete(sk, i) ((OCSP_RESPID *)OPENSSL_sk_delete(ossl_check_OCSP_RESPID_sk_type(sk), (i)))
+#define sk_OCSP_RESPID_delete_ptr(sk, ptr) ((OCSP_RESPID *)OPENSSL_sk_delete_ptr(ossl_check_OCSP_RESPID_sk_type(sk), ossl_check_OCSP_RESPID_type(ptr)))
+#define sk_OCSP_RESPID_push(sk, ptr) OPENSSL_sk_push(ossl_check_OCSP_RESPID_sk_type(sk), ossl_check_OCSP_RESPID_type(ptr))
+#define sk_OCSP_RESPID_unshift(sk, ptr) OPENSSL_sk_unshift(ossl_check_OCSP_RESPID_sk_type(sk), ossl_check_OCSP_RESPID_type(ptr))
+#define sk_OCSP_RESPID_pop(sk) ((OCSP_RESPID *)OPENSSL_sk_pop(ossl_check_OCSP_RESPID_sk_type(sk)))
+#define sk_OCSP_RESPID_shift(sk) ((OCSP_RESPID *)OPENSSL_sk_shift(ossl_check_OCSP_RESPID_sk_type(sk)))
+#define sk_OCSP_RESPID_pop_free(sk, freefunc) OPENSSL_sk_pop_free(ossl_check_OCSP_RESPID_sk_type(sk),ossl_check_OCSP_RESPID_freefunc_type(freefunc))
+#define sk_OCSP_RESPID_insert(sk, ptr, idx) OPENSSL_sk_insert(ossl_check_OCSP_RESPID_sk_type(sk), ossl_check_OCSP_RESPID_type(ptr), (idx))
+#define sk_OCSP_RESPID_set(sk, idx, ptr) ((OCSP_RESPID *)OPENSSL_sk_set(ossl_check_OCSP_RESPID_sk_type(sk), (idx), ossl_check_OCSP_RESPID_type(ptr)))
+#define sk_OCSP_RESPID_find(sk, ptr) OPENSSL_sk_find(ossl_check_OCSP_RESPID_sk_type(sk), ossl_check_OCSP_RESPID_type(ptr))
+#define sk_OCSP_RESPID_find_ex(sk, ptr) OPENSSL_sk_find_ex(ossl_check_OCSP_RESPID_sk_type(sk), ossl_check_OCSP_RESPID_type(ptr))
+#define sk_OCSP_RESPID_find_all(sk, ptr, pnum) OPENSSL_sk_find_all(ossl_check_OCSP_RESPID_sk_type(sk), ossl_check_OCSP_RESPID_type(ptr), pnum)
+#define sk_OCSP_RESPID_sort(sk) OPENSSL_sk_sort(ossl_check_OCSP_RESPID_sk_type(sk))
+#define sk_OCSP_RESPID_is_sorted(sk) OPENSSL_sk_is_sorted(ossl_check_const_OCSP_RESPID_sk_type(sk))
+#define sk_OCSP_RESPID_dup(sk) ((STACK_OF(OCSP_RESPID) *)OPENSSL_sk_dup(ossl_check_const_OCSP_RESPID_sk_type(sk)))
+#define sk_OCSP_RESPID_deep_copy(sk, copyfunc, freefunc) ((STACK_OF(OCSP_RESPID) *)OPENSSL_sk_deep_copy(ossl_check_const_OCSP_RESPID_sk_type(sk), ossl_check_OCSP_RESPID_copyfunc_type(copyfunc), ossl_check_OCSP_RESPID_freefunc_type(freefunc)))
+#define sk_OCSP_RESPID_set_cmp_func(sk, cmp) ((sk_OCSP_RESPID_compfunc)OPENSSL_sk_set_cmp_func(ossl_check_OCSP_RESPID_sk_type(sk), ossl_check_OCSP_RESPID_compfunc_type(cmp)))
+

 typedef struct ocsp_revoked_info_st OCSP_REVOKEDINFO;

@ -103,7 +195,33 @@ typedef struct ocsp_revoked_info_st OCSP_REVOKEDINFO;
 typedef struct ocsp_cert_status_st OCSP_CERTSTATUS;
 typedef struct ocsp_single_response_st OCSP_SINGLERESP;

-DEFINE_STACK_OF(OCSP_SINGLERESP)
+SKM_DEFINE_STACK_OF_INTERNAL(OCSP_SINGLERESP, OCSP_SINGLERESP, OCSP_SINGLERESP)
+#define sk_OCSP_SINGLERESP_num(sk) OPENSSL_sk_num(ossl_check_const_OCSP_SINGLERESP_sk_type(sk))
+#define sk_OCSP_SINGLERESP_value(sk, idx) ((OCSP_SINGLERESP *)OPENSSL_sk_value(ossl_check_const_OCSP_SINGLERESP_sk_type(sk), (idx)))
+#define sk_OCSP_SINGLERESP_new(cmp) ((STACK_OF(OCSP_SINGLERESP) *)OPENSSL_sk_new(ossl_check_OCSP_SINGLERESP_compfunc_type(cmp)))
+#define sk_OCSP_SINGLERESP_new_null() ((STACK_OF(OCSP_SINGLERESP) *)OPENSSL_sk_new_null())
+#define sk_OCSP_SINGLERESP_new_reserve(cmp, n) ((STACK_OF(OCSP_SINGLERESP) *)OPENSSL_sk_new_reserve(ossl_check_OCSP_SINGLERESP_compfunc_type(cmp), (n)))
+#define sk_OCSP_SINGLERESP_reserve(sk, n) OPENSSL_sk_reserve(ossl_check_OCSP_SINGLERESP_sk_type(sk), (n))
+#define sk_OCSP_SINGLERESP_free(sk) OPENSSL_sk_free(ossl_check_OCSP_SINGLERESP_sk_type(sk))
+#define sk_OCSP_SINGLERESP_zero(sk) OPENSSL_sk_zero(ossl_check_OCSP_SINGLERESP_sk_type(sk))
+#define sk_OCSP_SINGLERESP_delete(sk, i) ((OCSP_SINGLERESP *)OPENSSL_sk_delete(ossl_check_OCSP_SINGLERESP_sk_type(sk), (i)))
+#define sk_OCSP_SINGLERESP_delete_ptr(sk, ptr) ((OCSP_SINGLERESP *)OPENSSL_sk_delete_ptr(ossl_check_OCSP_SINGLERESP_sk_type(sk), ossl_check_OCSP_SINGLERESP_type(ptr)))
+#define sk_OCSP_SINGLERESP_push(sk, ptr) OPENSSL_sk_push(ossl_check_OCSP_SINGLERESP_sk_type(sk), ossl_check_OCSP_SINGLERESP_type(ptr))
+#define sk_OCSP_SINGLERESP_unshift(sk, ptr) OPENSSL_sk_unshift(ossl_check_OCSP_SINGLERESP_sk_type(sk), ossl_check_OCSP_SINGLERESP_type(ptr))
+#define sk_OCSP_SINGLERESP_pop(sk) ((OCSP_SINGLERESP *)OPENSSL_sk_pop(ossl_check_OCSP_SINGLERESP_sk_type(sk)))
+#define sk_OCSP_SINGLERESP_shift(sk) ((OCSP_SINGLERESP *)OPENSSL_sk_shift(ossl_check_OCSP_SINGLERESP_sk_type(sk)))
+#define sk_OCSP_SINGLERESP_pop_free(sk, freefunc) OPENSSL_sk_pop_free(ossl_check_OCSP_SINGLERESP_sk_type(sk),ossl_check_OCSP_SINGLERESP_freefunc_type(freefunc))
+#define sk_OCSP_SINGLERESP_insert(sk, ptr, idx) OPENSSL_sk_insert(ossl_check_OCSP_SINGLERESP_sk_type(sk), ossl_check_OCSP_SINGLERESP_type(ptr), (idx))
+#define sk_OCSP_SINGLERESP_set(sk, idx, ptr) ((OCSP_SINGLERESP *)OPENSSL_sk_set(ossl_check_OCSP_SINGLERESP_sk_type(sk), (idx), ossl_check_OCSP_SINGLERESP_type(ptr)))
+#define sk_OCSP_SINGLERESP_find(sk, ptr) OPENSSL_sk_find(ossl_check_OCSP_SINGLERESP_sk_type(sk), ossl_check_OCSP_SINGLERESP_type(ptr))
+#define sk_OCSP_SINGLERESP_find_ex(sk, ptr) OPENSSL_sk_find_ex(ossl_check_OCSP_SINGLERESP_sk_type(sk), ossl_check_OCSP_SINGLERESP_type(ptr))
+#define sk_OCSP_SINGLERESP_find_all(sk, ptr, pnum) OPENSSL_sk_find_all(ossl_check_OCSP_SINGLERESP_sk_type(sk), ossl_check_OCSP_SINGLERESP_type(ptr), pnum)
+#define sk_OCSP_SINGLERESP_sort(sk) OPENSSL_sk_sort(ossl_check_OCSP_SINGLERESP_sk_type(sk))
+#define sk_OCSP_SINGLERESP_is_sorted(sk) OPENSSL_sk_is_sorted(ossl_check_const_OCSP_SINGLERESP_sk_type(sk))
+#define sk_OCSP_SINGLERESP_dup(sk) ((STACK_OF(OCSP_SINGLERESP) *)OPENSSL_sk_dup(ossl_check_const_OCSP_SINGLERESP_sk_type(sk)))
+#define sk_OCSP_SINGLERESP_deep_copy(sk, copyfunc, freefunc) ((STACK_OF(OCSP_SINGLERESP) *)OPENSSL_sk_deep_copy(ossl_check_const_OCSP_SINGLERESP_sk_type(sk), ossl_check_OCSP_SINGLERESP_copyfunc_type(copyfunc), ossl_check_OCSP_SINGLERESP_freefunc_type(freefunc)))
+#define sk_OCSP_SINGLERESP_set_cmp_func(sk, cmp) ((sk_OCSP_SINGLERESP_compfunc)OPENSSL_sk_set_cmp_func(ossl_check_OCSP_SINGLERESP_sk_type(sk), ossl_check_OCSP_SINGLERESP_compfunc_type(cmp)))
+

 typedef struct ocsp_response_data_st OCSP_RESPDATA;

@ -143,28 +261,37 @@ typedef struct ocsp_service_locator_st OCSP_SERVICELOC;
        ASN1_item_digest(ASN1_ITEM_rptr(ASN1_BIT_STRING),type,data,md,len)

 #  define OCSP_CERTSTATUS_dup(cs)\
-                (OCSP_CERTSTATUS*)ASN1_dup((int(*)())i2d_OCSP_CERTSTATUS,\
-                (char *(*)())d2i_OCSP_CERTSTATUS,(char *)(cs))
+                (OCSP_CERTSTATUS*)ASN1_dup((i2d_of_void *)i2d_OCSP_CERTSTATUS,\
+                (d2i_of_void *)d2i_OCSP_CERTSTATUS,(char *)(cs))

-OCSP_CERTID *OCSP_CERTID_dup(OCSP_CERTID *id);
+DECLARE_ASN1_DUP_FUNCTION(OCSP_CERTID)

+OSSL_HTTP_REQ_CTX *OCSP_sendreq_new(BIO *io, const char *path,
+                                    const OCSP_REQUEST *req, int buf_size);
 OCSP_RESPONSE *OCSP_sendreq_bio(BIO *b, const char *path, OCSP_REQUEST *req);
-OCSP_REQ_CTX *OCSP_sendreq_new(BIO *io, const char *path, OCSP_REQUEST *req,
-                               int maxline);
-int OCSP_REQ_CTX_nbio(OCSP_REQ_CTX *rctx);
-int OCSP_sendreq_nbio(OCSP_RESPONSE **presp, OCSP_REQ_CTX *rctx);
-OCSP_REQ_CTX *OCSP_REQ_CTX_new(BIO *io, int maxline);
-void OCSP_REQ_CTX_free(OCSP_REQ_CTX *rctx);
-void OCSP_set_max_response_length(OCSP_REQ_CTX *rctx, unsigned long len);
-int OCSP_REQ_CTX_i2d(OCSP_REQ_CTX *rctx, const ASN1_ITEM *it,
-                     ASN1_VALUE *val);
-int OCSP_REQ_CTX_nbio_d2i(OCSP_REQ_CTX *rctx, ASN1_VALUE **pval,
-                          const ASN1_ITEM *it);
-BIO *OCSP_REQ_CTX_get0_mem_bio(OCSP_REQ_CTX *rctx);
-int OCSP_REQ_CTX_http(OCSP_REQ_CTX *rctx, const char *op, const char *path);
-int OCSP_REQ_CTX_set1_req(OCSP_REQ_CTX *rctx, OCSP_REQUEST *req);
-int OCSP_REQ_CTX_add1_header(OCSP_REQ_CTX *rctx,
-                             const char *name, const char *value);
+
+#  ifndef OPENSSL_NO_DEPRECATED_3_0
+typedef OSSL_HTTP_REQ_CTX OCSP_REQ_CTX;
+#   define OCSP_REQ_CTX_new(io, buf_size) \
+        OSSL_HTTP_REQ_CTX_new(io, io, buf_size)
+#   define OCSP_REQ_CTX_free OSSL_HTTP_REQ_CTX_free
+#   define OCSP_REQ_CTX_http(rctx, op, path) \
+        (OSSL_HTTP_REQ_CTX_set_expected(rctx, NULL, 1 /* asn1 */, 0, 0) && \
+         OSSL_HTTP_REQ_CTX_set_request_line(rctx, strcmp(op, "POST") == 0, \
+                                            NULL, NULL, path))
+#   define OCSP_REQ_CTX_add1_header OSSL_HTTP_REQ_CTX_add1_header
+#   define OCSP_REQ_CTX_i2d(r, it, req) \
+        OSSL_HTTP_REQ_CTX_set1_req(r, "application/ocsp-request", it, req)
+#   define OCSP_REQ_CTX_set1_req(r, req) \
+        OCSP_REQ_CTX_i2d(r, ASN1_ITEM_rptr(OCSP_REQUEST), (ASN1_VALUE *)(req))
+#   define OCSP_REQ_CTX_nbio OSSL_HTTP_REQ_CTX_nbio
+#   define OCSP_REQ_CTX_nbio_d2i OSSL_HTTP_REQ_CTX_nbio_d2i
+#   define OCSP_sendreq_nbio(p, r) \
+        OSSL_HTTP_REQ_CTX_nbio_d2i(r, (ASN1_VALUE **)(p), \
+                                   ASN1_ITEM_rptr(OCSP_RESPONSE))
+#   define OCSP_REQ_CTX_get0_mem_bio OSSL_HTTP_REQ_CTX_get0_mem_bio
+#   define OCSP_set_max_response_length OSSL_HTTP_REQ_CTX_set_max_response_length
+#  endif

 OCSP_CERTID *OCSP_cert_to_id(const EVP_MD *dgst, const X509 *subject,
                             const X509 *issuer);
@ -181,7 +308,7 @@ int OCSP_basic_add1_nonce(OCSP_BASICRESP *resp, unsigned char *val, int len);
 int OCSP_check_nonce(OCSP_REQUEST *req, OCSP_BASICRESP *bs);
 int OCSP_copy_nonce(OCSP_BASICRESP *resp, OCSP_REQUEST *req);

-int OCSP_request_set1_name(OCSP_REQUEST *req, X509_NAME *nm);
+int OCSP_request_set1_name(OCSP_REQUEST *req, const X509_NAME *nm);
 int OCSP_request_add1_cert(OCSP_REQUEST *req, X509 *cert);

 int OCSP_request_sign(OCSP_REQUEST *req,
@ -226,8 +353,8 @@ int OCSP_check_validity(ASN1_GENERALIZEDTIME *thisupd,
 int OCSP_request_verify(OCSP_REQUEST *req, STACK_OF(X509) *certs,
                        X509_STORE *store, unsigned long flags);

-int OCSP_parse_url(const char *url, char **phost, char **pport, char **ppath,
-                   int *pssl);
+#  define OCSP_parse_url(url, host, port, path, ssl) \
+    OSSL_HTTP_parse_url(url, ssl, NULL, host, port, NULL, path, NULL, NULL)

 int OCSP_id_issuer_cmp(const OCSP_CERTID *a, const OCSP_CERTID *b);
 int OCSP_id_cmp(const OCSP_CERTID *a, const OCSP_CERTID *b);
@ -254,7 +381,11 @@ int OCSP_basic_sign_ctx(OCSP_BASICRESP *brsp,
                        X509 *signer, EVP_MD_CTX *ctx,
                        STACK_OF(X509) *certs, unsigned long flags);
 int OCSP_RESPID_set_by_name(OCSP_RESPID *respid, X509 *cert);
+int OCSP_RESPID_set_by_key_ex(OCSP_RESPID *respid, X509 *cert,
+                              OSSL_LIB_CTX *libctx, const char *propq);
 int OCSP_RESPID_set_by_key(OCSP_RESPID *respid, X509 *cert);
+int OCSP_RESPID_match_ex(OCSP_RESPID *respid, X509 *cert, OSSL_LIB_CTX *libctx,
+                         const char *propq);
 int OCSP_RESPID_match(OCSP_RESPID *respid, X509 *cert);

 X509_EXTENSION *OCSP_crlID_new(const char *url, long *n, char *tim);
@ -263,7 +394,7 @@ X509_EXTENSION *OCSP_accept_responses_new(char **oids);

 X509_EXTENSION *OCSP_archive_cutoff_new(char *tim);

-X509_EXTENSION *OCSP_url_svcloc_new(X509_NAME *issuer, const char **urls);
+X509_EXTENSION *OCSP_url_svcloc_new(const X509_NAME *issuer, const char **urls);

 int OCSP_REQUEST_get_ext_count(OCSP_REQUEST *x);
 int OCSP_REQUEST_get_ext_by_NID(OCSP_REQUEST *x, int nid, int lastpos);
@ -348,5 +479,5 @@ int OCSP_basic_verify(OCSP_BASICRESP *bs, STACK_OF(X509) *certs,
 #  ifdef  __cplusplus
 }
 #  endif
-# endif
+# endif /* !defined(OPENSSL_NO_OCSP) */
 #endif
--- a/src/3rdparty/win32_include/openssl/ocsperr.h
+++ b/src/3rdparty/win32_include/openssl/ocsperr.h
@ -1,57 +1,34 @@
 /*
 * Generated by util/mkerr.pl DO NOT EDIT
- * Copyright 1995-2019 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 1995-2021 The OpenSSL Project Authors. All Rights Reserved.
 *
- * Licensed under the OpenSSL license (the "License").  You may not use
+ * Licensed under the Apache License 2.0 (the "License").  You may not use
 * this file except in compliance with the License.  You can obtain a copy
 * in the file LICENSE in the source distribution or at
 * https://www.openssl.org/source/license.html
 */

-#ifndef HEADER_OCSPERR_H
-# define HEADER_OCSPERR_H
-
-# ifndef HEADER_SYMHACKS_H
-#  include <openssl/symhacks.h>
-# endif
+#ifndef OPENSSL_OCSPERR_H
+# define OPENSSL_OCSPERR_H
+# pragma once

 # include <openssl/opensslconf.h>
+# include <openssl/symhacks.h>
+# include <openssl/cryptoerr_legacy.h>
+

 # ifndef OPENSSL_NO_OCSP

-#  ifdef  __cplusplus
-extern "C"
-#  endif
-int ERR_load_OCSP_strings(void);
-
-/*
- * OCSP function codes.
- */
-#  define OCSP_F_D2I_OCSP_NONCE                            102
-#  define OCSP_F_OCSP_BASIC_ADD1_STATUS                    103
-#  define OCSP_F_OCSP_BASIC_SIGN                           104
-#  define OCSP_F_OCSP_BASIC_SIGN_CTX                       119
-#  define OCSP_F_OCSP_BASIC_VERIFY                         105
-#  define OCSP_F_OCSP_CERT_ID_NEW                          101
-#  define OCSP_F_OCSP_CHECK_DELEGATED                      106
-#  define OCSP_F_OCSP_CHECK_IDS                            107
-#  define OCSP_F_OCSP_CHECK_ISSUER                         108
-#  define OCSP_F_OCSP_CHECK_VALIDITY                       115
-#  define OCSP_F_OCSP_MATCH_ISSUERID                       109
-#  define OCSP_F_OCSP_PARSE_URL                            114
-#  define OCSP_F_OCSP_REQUEST_SIGN                         110
-#  define OCSP_F_OCSP_REQUEST_VERIFY                       116
-#  define OCSP_F_OCSP_RESPONSE_GET1_BASIC                  111
-#  define OCSP_F_PARSE_HTTP_LINE1                          118

 /*
 * OCSP reason codes.
 */
 #  define OCSP_R_CERTIFICATE_VERIFY_ERROR                  101
 #  define OCSP_R_DIGEST_ERR                                102
+#  define OCSP_R_DIGEST_NAME_ERR                           106
+#  define OCSP_R_DIGEST_SIZE_ERR                           107
 #  define OCSP_R_ERROR_IN_NEXTUPDATE_FIELD                 122
 #  define OCSP_R_ERROR_IN_THISUPDATE_FIELD                 123
-#  define OCSP_R_ERROR_PARSING_URL                         121
 #  define OCSP_R_MISSING_OCSPSIGNING_USAGE                 103
 #  define OCSP_R_NEXTUPDATE_BEFORE_THISUPDATE              124
 #  define OCSP_R_NOT_BASIC_RESPONSE                        104
@ -63,8 +40,6 @@ int ERR_load_OCSP_strings(void);
 #  define OCSP_R_REQUEST_NOT_SIGNED                        128
 #  define OCSP_R_RESPONSE_CONTAINS_NO_REVOCATION_DATA      111
 #  define OCSP_R_ROOT_CA_NOT_TRUSTED                       112
-#  define OCSP_R_SERVER_RESPONSE_ERROR                     114
-#  define OCSP_R_SERVER_RESPONSE_PARSE_ERROR               115
 #  define OCSP_R_SIGNATURE_FAILURE                         117
 #  define OCSP_R_SIGNER_CERTIFICATE_NOT_FOUND              118
 #  define OCSP_R_STATUS_EXPIRED                            125
--- a/src/3rdparty/win32_include/openssl/opensslconf.h
+++ b/src/3rdparty/win32_include/openssl/opensslconf.h
@ -1,213 +1,17 @@
 /*
- * WARNING: do not edit!
- * Generated by makefile from ..\include\openssl\opensslconf.h.in
+ * Copyright 2019-2021 The OpenSSL Project Authors. All Rights Reserved.
 *
- * Copyright 2016-2020 The OpenSSL Project Authors. All Rights Reserved.
- *
- * Licensed under the OpenSSL license (the "License").  You may not use
+ * Licensed under the Apache License 2.0 (the "License").  You may not use
 * this file except in compliance with the License.  You can obtain a copy
 * in the file LICENSE in the source distribution or at
 * https://www.openssl.org/source/license.html
 */

-#include <openssl/opensslv.h>
+#ifndef OPENSSL_OPENSSLCONF_H
+# define OPENSSL_OPENSSLCONF_H
+# pragma once

-#ifdef  __cplusplus
-extern "C" {
-#endif
+# include <openssl/configuration.h>
+# include <openssl/macros.h>

-#ifdef OPENSSL_ALGORITHM_DEFINES
-# error OPENSSL_ALGORITHM_DEFINES no longer supported
-#endif
-
-/*
- * OpenSSL was configured with the following options:
- */
-
-#ifndef OPENSSL_SYS_WIN64A
-# define OPENSSL_SYS_WIN64A 1
-#endif
-#define OPENSSL_MIN_API 0x10100000L
-#ifndef OPENSSL_NO_COMP
-# define OPENSSL_NO_COMP
-#endif
-#ifndef OPENSSL_NO_MD2
-# define OPENSSL_NO_MD2
-#endif
-#ifndef OPENSSL_NO_RC5
-# define OPENSSL_NO_RC5
-#endif
-#ifndef OPENSSL_THREADS
-# define OPENSSL_THREADS
-#endif
-#ifndef OPENSSL_RAND_SEED_OS
-# define OPENSSL_RAND_SEED_OS
-#endif
-#ifndef OPENSSL_NO_AFALGENG
-# define OPENSSL_NO_AFALGENG
-#endif
-#ifndef OPENSSL_NO_ASAN
-# define OPENSSL_NO_ASAN
-#endif
-#ifndef OPENSSL_NO_ASM
-# define OPENSSL_NO_ASM
-#endif
-#ifndef OPENSSL_NO_CRYPTO_MDEBUG
-# define OPENSSL_NO_CRYPTO_MDEBUG
-#endif
-#ifndef OPENSSL_NO_CRYPTO_MDEBUG_BACKTRACE
-# define OPENSSL_NO_CRYPTO_MDEBUG_BACKTRACE
-#endif
-#ifndef OPENSSL_NO_DEVCRYPTOENG
-# define OPENSSL_NO_DEVCRYPTOENG
-#endif
-#ifndef OPENSSL_NO_EC_NISTP_64_GCC_128
-# define OPENSSL_NO_EC_NISTP_64_GCC_128
-#endif
-#ifndef OPENSSL_NO_EGD
-# define OPENSSL_NO_EGD
-#endif
-#ifndef OPENSSL_NO_EXTERNAL_TESTS
-# define OPENSSL_NO_EXTERNAL_TESTS
-#endif
-#ifndef OPENSSL_NO_FUZZ_AFL
-# define OPENSSL_NO_FUZZ_AFL
-#endif
-#ifndef OPENSSL_NO_FUZZ_LIBFUZZER
-# define OPENSSL_NO_FUZZ_LIBFUZZER
-#endif
-#ifndef OPENSSL_NO_HEARTBEATS
-# define OPENSSL_NO_HEARTBEATS
-#endif
-#ifndef OPENSSL_NO_MSAN
-# define OPENSSL_NO_MSAN
-#endif
-#ifndef OPENSSL_NO_SCTP
-# define OPENSSL_NO_SCTP
-#endif
-#ifndef OPENSSL_NO_SSL_TRACE
-# define OPENSSL_NO_SSL_TRACE
-#endif
-#ifndef OPENSSL_NO_SSL3
-# define OPENSSL_NO_SSL3
-#endif
-#ifndef OPENSSL_NO_SSL3_METHOD
-# define OPENSSL_NO_SSL3_METHOD
-#endif
-#ifndef OPENSSL_NO_UBSAN
-# define OPENSSL_NO_UBSAN
-#endif
-#ifndef OPENSSL_NO_UI_CONSOLE
-# define OPENSSL_NO_UI_CONSOLE
-#endif
-#ifndef OPENSSL_NO_UNIT_TEST
-# define OPENSSL_NO_UNIT_TEST
-#endif
-#ifndef OPENSSL_NO_WEAK_SSL_CIPHERS
-# define OPENSSL_NO_WEAK_SSL_CIPHERS
-#endif
-#ifndef OPENSSL_NO_STATIC_ENGINE
-# define OPENSSL_NO_STATIC_ENGINE
-#endif
-
-
-/*
- * Sometimes OPENSSSL_NO_xxx ends up with an empty file and some compilers
- * don't like that.  This will hopefully silence them.
- */
-#define NON_EMPTY_TRANSLATION_UNIT static void *dummy = &dummy;
-
-/*
- * Applications should use -DOPENSSL_API_COMPAT=<version> to suppress the
- * declarations of functions deprecated in or before <version>. Otherwise, they
- * still won't see them if the library has been built to disable deprecated
- * functions.
- */
-#ifndef DECLARE_DEPRECATED
-# define DECLARE_DEPRECATED(f)   f;
-# ifdef __GNUC__
-#  if __GNUC__ > 3 || (__GNUC__ == 3 && __GNUC_MINOR__ > 0)
-#   undef DECLARE_DEPRECATED
-#   define DECLARE_DEPRECATED(f)    f __attribute__ ((deprecated));
-#  endif
-# elif defined(__SUNPRO_C)
-#  if (__SUNPRO_C >= 0x5130)
-#   undef DECLARE_DEPRECATED
-#   define DECLARE_DEPRECATED(f)    f __attribute__ ((deprecated));
-#  endif
-# endif
-#endif
-
-#ifndef OPENSSL_FILE
-# ifdef OPENSSL_NO_FILENAMES
-#  define OPENSSL_FILE ""
-#  define OPENSSL_LINE 0
-# else
-#  define OPENSSL_FILE __FILE__
-#  define OPENSSL_LINE __LINE__
-# endif
-#endif
-
-#ifndef OPENSSL_MIN_API
-# define OPENSSL_MIN_API 0
-#endif
-
-#if !defined(OPENSSL_API_COMPAT) || OPENSSL_API_COMPAT < OPENSSL_MIN_API
-# undef OPENSSL_API_COMPAT
-# define OPENSSL_API_COMPAT OPENSSL_MIN_API
-#endif
-
-/*
- * Do not deprecate things to be deprecated in version 1.2.0 before the
- * OpenSSL version number matches.
- */
-#if OPENSSL_VERSION_NUMBER < 0x10200000L
-# define DEPRECATEDIN_1_2_0(f)   f;
-#elif OPENSSL_API_COMPAT < 0x10200000L
-# define DEPRECATEDIN_1_2_0(f)   DECLARE_DEPRECATED(f)
-#else
-# define DEPRECATEDIN_1_2_0(f)
-#endif
-
-#if OPENSSL_API_COMPAT < 0x10100000L
-# define DEPRECATEDIN_1_1_0(f)   DECLARE_DEPRECATED(f)
-#else
-# define DEPRECATEDIN_1_1_0(f)
-#endif
-
-#if OPENSSL_API_COMPAT < 0x10000000L
-# define DEPRECATEDIN_1_0_0(f)   DECLARE_DEPRECATED(f)
-#else
-# define DEPRECATEDIN_1_0_0(f)
-#endif
-
-#if OPENSSL_API_COMPAT < 0x00908000L
-# define DEPRECATEDIN_0_9_8(f)   DECLARE_DEPRECATED(f)
-#else
-# define DEPRECATEDIN_0_9_8(f)
-#endif
-
-/* Generate 80386 code? */
-#undef I386_ONLY
-
-#undef OPENSSL_UNISTD
-#define OPENSSL_UNISTD <unistd.h>
-
-#define OPENSSL_EXPORT_VAR_AS_FUNCTION
-
-/*
- * The following are cipher-specific, but are part of the public API.
- */
-#if !defined(OPENSSL_SYS_UEFI)
-# undef BN_LLONG
-/* Only one for the following should be defined */
-# undef SIXTY_FOUR_BIT_LONG
-# define SIXTY_FOUR_BIT
-# undef THIRTY_TWO_BIT
-#endif
-
-#define RC4_INT unsigned int
-
-#ifdef  __cplusplus
-}
-#endif
+#endif  /* OPENSSL_OPENSSLCONF_H */
--- a/Show More
+++ b/Show More